Slashdot Mirror

← Back to Stories (view on slashdot.org)

Journalists' Yahoo E-Mail Accounts Compromised In China

Posted by timothy on from the perhaps-it-was-smersh dept.

andy1307 writes "According to this article in the New York Times, 'In what appears to be a coordinated assault, the e-mail accounts of at least a dozen rights activists, academics and journalists who cover China have been compromised by unknown intruders. The infiltrations, which involved Yahoo e-mail accounts, appeared to be aimed at people who write about China and Taiwan, rendering their accounts inaccessible, according to those who were affected. In the case of this reporter, hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address. ... The victims of the most recent intrusions included a law professor in the United States, an analyst who writes about China's security apparatus and several print journalists based in Beijing and Taipei, the capital of Taiwan."

4 of 130 comments (clear)

  1. Yahoo, MS is poison by AHuxley · · Score: 3, Informative

    With reports like "Yahoo 'helped jail China writer'" in 2005 ... would most people with any public or private interest in China stay with Yahoo's products in any form after its "complicity" over the past years?
    http://news.bbc.co.uk/2/hi/4221538.stm

    --
    Domestic spying is now "Benign Information Gathering"
  2. Re:This is why you don't do business with China by Ash+Vince · · Score: 2, Informative

    To add insult to injury, in EU, chinese imports SIMPLY PAY NO TAXES, sinking the local producers in the process.

    What utter rubbish. Here is the site on the eu website that will allow you to calculate the duty:

    http://ec.europa.eu/taxation_customs/dds/cgi-bin/tarchap?Lang=EN

    It takes a while to figure out how it works, but I just searched for a DVD Recorder (TARIC CODE = 8521900090) and the import duty was 13.9%. Here is the result for non-magnetic tape video recording apparatus:

    http://ec.europa.eu/taxation_customs/dds/cgi-bin/tarduty?Taric=8521900090&SimDate=20100331&Action=1&ProdLine=80&Country=CN/0720&Type=0&Action=1&YesNo=1&Indent=-1&Flag=1&Test=tarduty&Periodic=0&Download=0&Lang=EN&Description=yes

    I am sure there is the odd product that is not covered by duty, but you seem to think everything imported to the EU from China pays no duty, that is plainly not true.

    --
    I dont read /. to RTFA, I read /. to offend people in ignorance.
  3. Re:Damn Chinese! by tlhIngan · · Score: 2, Informative

    Out of curiosity, could someone actually provide a concrete example of a MITM attack ever being successfully carried out? Bonus points for anyone who can further provide reasons for why this means Firefox no longer likes self signed certs.

    Well, there's SSLSniff that was used to demonstrate faking Paypal certificates (via NULL attacks in browsers). There's also the neat SSLStrip that transforms a HTTPS transaction down to an HTTP one.

    They work by ARP spoofing right now, and if you combine with the IE WPAD (web proxy auto-discovery) mechanism, you could put together a pretty nice MITM attack unit.

    And wasn't there reports of a box sold to governments that was designed to do this MITM stuff? Like this appliance? This one's better than SSLSniff as it uses subverted CAs.

    More info - http://arstechnica.com/security/news/2010/03/govts-certificate-authorities-conspire-to-spy-on-ssl-users.ars

  4. Re:Damn Chinese! by EXrider · · Score: 2, Informative

    And it's not just Yahoo. None of them (Yahoo, Hotmail, Google) allowed you to use https for the entire email session, including Gmail, until the recent Google hack incident.

    Gmail has offered the option to use HTTPS for your entire session for several years now, I remember discovering it back in '05 while perusing the preferences. It just wasn't the default.

    --
    grep -iw skynet /etc/services