I have an email address that I ONLY use with ice tv. I only entered it once when I registered and have never used it again. This email address has started getting a LOT of spam. Has ICE TVs email list somehow been obtained by scammers?
For anyone who is skeptical, I have what is called a catch all account. it means that any email address at my domain goes to me. eg, I use microsoft@mydomain.com for MS, I use facebook@mydomain.com, icetv@mydomain.com etc. These all come in as if they were sent to me. (mydomain is not my actual domain name). Anyone else started getting lots of emails recently? Especially ones about facebook.
No, can't say that I have.
Not here.
It is possible that they are just using common names to invent email addresses. I guess the only way to tell would be if I used a fairly unique email address of some sort.
Nope.
I believe IceTV's email list has been obtained by spammers.
I have received spam addressed to an email account that was created just for receiving IceTV messages.
I have not given that address to any individual or company apart from IceTV.
How many characters were in the username component?
Nine characters.
I just had a look in the cesspit my spam gets diverted to, and I don't seem to have anything from anyone but my regulars :)
Quote from: IcedSpam on July 12, 2012, 05:10:48 PM
Nine characters.
Could you please provide the email you received, and the email address, to my first name at icetv.com.au
Quote from: Luke at IceTV on July 12, 2012, 05:46:02 PM
Quote from: IcedSpam on July 12, 2012, 05:10:48 PM
Nine characters.
Could you please provide the email you received, and the email address, to my first name at icetv.com.au
Done.
Is this spam by any chance emails with titles like "blah blah BLEW YOU A KISS" and "Dear blah, how about an ENCOUNTER WITHOUT OBLIGATIONS?" "blah SENT YOU A FRIEND REQUEST" etc etc (I get 5 or 6 of these damn things a day now, nearly all of them with the last few words in uppercase, with links to an image which, if you even open the email, will download the image and let the spam mongrels know you are real, the stat server is a different URL in most of these emails, but when you traceroute/ping, nearly all go to the same server. It is driving me insane, and it is an email address I tend to only sign up to trustworthy things with!
I also am getting various spam using my dedicated icetv email address. Lots of it. I opened a ticket with IceTV and they denied any possibility of a leak and tied to suggest it was my fault.
Just clicked here to say that I am in exactly the same boat. Have a dedicated e-mail (icetv@<mydomainname>.com) and received one e-mail addressed to icetv@<mydomainname>.com and another to icetv2@<mydomainname>.com.
We have not found any such evidence of a hack. Even so, we have taken additional measures to increase security.
If you are using a dedicated email for IceTV, I would suggest using something obscure, not just icetv@<domain>. It's easy to construct email addresses from permutations of random words, numbers and domain names. Yes, the permutations are huge, but so are the botnets which carry out the division of work.
You guys realise that there are many more attack vectors on an individual PC vs. the IceTV servers. If a rouge application accesses your browser history or contacts it would quite easily obtain this information. A rogue application could be just a webpage that you visited, a java applet, a flash app, an infected PNG or video, something else you downloaded, a Facebook app, rooted phone, the list goes on.
If you believe that your icetv email address has been compromised, change it, and send the details of the incident to abuse@icetv.com.au .
I've been getting fake Facebook updates (I'm not on Facebook) to the IceTV address that I supplied only to IceTV (interactive and the forum) since July. The username is 13 characters long and contains a hyphen. Really, that's not guessable. If spammers were guessing users at my domain I'd be seeing a lot more other spam to the same domain, and the IceTV address accounts for about a tenth of the spam at my domain, which is a pretty high proportion for a 13-character username guessed randomly.
Interesting that these all started at about the same time. That's not consistent with an exploit that attacks individuals, such as a JavaScript virus scraping history. I'd also be seeing spam to some of the other four or five dozen custom email addresses that I've logged in with (Amazon, PayPal, Google, little tiny stores you've never heard of), and I'm not.
I'll change my IceTV username to something totally random. Luke, how many bits of entropy would convince you that a future breach is legitimate?
What I'd like to know is: what else was on that server? Real names? Billing addresses? Whether you think you've been hacked or not, how much could an intruder have learned?
Edit: I suppose I'm saying that lobbing accusation-hand-grenades at 50 feet about each others' respective computer hygiene isn't productive. The addresses are out there, one way or another, and hence are scorched earth. What I'd like to do is cooperate with IceTV and create an experiment that can help to identify the weak spot, whosever it is. Take as many variables out of the equation. With any luck, this experiment will never produce results, and I don't ever get further spam. But if I do get spam again, at least it will provide useful data.
futzle, I like your last edit, and we're happy to assist in anyway. PM what you have in mind.
http://en.wikipedia.org/wiki/Password_strength contains useful information to answer your question on entropy.
One way to generate strong pseudo-random strings is to take some longish piece of text, preferably not from a book or similar, and run it through a strong cryptographic hash like MD5. Use the hexadecimal result as your random string. Truncate it or add characters as necessary to make it valid for the given purpose.
The MD5 hash for the above text (with a terminating newline), for example, is cf22e290808a0b13f4ea508bc275ce13.
Quote from: futzle on September 13, 2012, 08:17:59 PM
I've been getting fake Facebook updates (I'm not on Facebook) to the IceTV address that I supplied only to IceTV (interactive and the forum) since July. The username is 13 characters long and contains a hyphen. Really, that's not guessable
Have to jump in here. The spammers aren't 'guessing', they're using botnets to generate email addresses using random names/letters/numbers/characters.
100,000 infected machines (a small botnet) generating 10 emails a second is a lot of emails per day (1,440,000,000). The vast majority of those are junk. A small proportion end up as valid and in all probability, that's what you're seeing.
Real world example. One spam forwarded to me recently (I'm in the IT security investigations group in a large IT company) was addressed to this list of email addresses:
jonathan_stern@___.com jonbrown@___.com jonesseanj@___.com jovannybisel@___.com jreqbhrpsz@___.com jstern@___.com justin_hildebrandt@___.com karen_taylor@___.com karlicoyan@___.com katbrown@___.com katieg@___.com kaylahbadman@___.com kentbekent@___.com
Four of those are legitimate and the legitimate ones aren't the ones you'd expect!
So personally, I don't believe there has been any compromise of IceTV.
Quote from: peterdeg on October 25, 2012, 12:37:14 PM
The spammers aren't 'guessing', they're using botnets to generate email addresses [...] A small proportion end up as valid and in all probability, that's what you're seeing.
I failed to mention (sorry) that I own my own domain, and I have a catchall account that collects all email sent to futzle.com, even for nonexistent mailboxes. From the perspective of a spammer,
all messages sent to futzle.com are valid. Try it, make up a username and send me an email. I'll let you know what I get.
That's what I based my assertion that the ones sent to my IceTV-registered address were arriving out of all proportion to its guessability.
I'd buy your argument if I was using GMail or something, yes.
Edit, obTopic: I haven't received a new spam at that address for a number of weeks now. That's the usual pattern.