[Ansteorra] URGENT WARNING - Possible hacking or abuse of acceps contact emails

[mikea]

On Tue, Aug 02, 2011 at 06:28:01PM -0500, Haraldr Bassi wrote:
> It is indeed possible that the address was harvested outside of the acceps 
> system, but the only place that address, which has acceps as part of the 
> email address, was ever used was in acceps and it would only have been 
> emailed inside of a spreadsheet to event stewards or exchequers. Not as 
> likely to have been harvested from a spreadsheet as from a Database 
> compromise or some other place. Don't know that I've ever emailed anyone 
> from that address, but it is possible that it ended up in someone's email 
> address book to be harvested.

The most probable scenario that I see, Haraldr, is that somehow you wound
up with something running on your system which dumped your addressbook or
your sent mail to an external machine not controlled by you. 

These Things Happen; and we can't always find out how. On one of the
lists I subscribe to, various folks with immense security expertise
(heads of mail and security for Fortune 100 corporations) have voiced
identical concerns about some of their own 1-purpose-only addresses. 

Yes, I work with this sort of thing for a living. 

-- 
Mike Andrews        /   Michael Fenwick    Barony of Namron, Ansteorra
mikea at mikea.ath.cx  /   Amateur Extra radio operator W5EGO
Tired old music Laurel; Chirurgeon; SCAdian since AS XI
Listowner, SCA-Laurels