
On Tue, 29 Sep 2015 at 16:36 David Tulloh <david@tulloh.id.au> wrote:
As an immediate solution I suggest switching to an online email system such as GMail. This can be done easily by redirecting the account or using gmail fetcher to check the external server, outgoing emails can be sent with the existing from address so there is visible change.
How does BigPond work? I assumed it would be an web based online system, maybe that is a bad assumption my part. In which case, if it is something like outlook on his computer talking SMTP/POP/IMAP need to make sure it is secure, like other people have mentioned. It is is a desktop computer, would be surprised if it is using WIFI, but something I should check. Are compromised routers common? There a number of possibilities here. I don't like to suggest random changes unless I can get some proof that the change addresses the actual attack vector. e.g. changing to a gmail account would not help if there is some sort of hidden keyboard logger on the computer. Apparently it is a bluetooth keyboad, how secure are bluetooth keyboards? Or if my relative changed an obvious password to another easy to guess password.

Hello Brian, On Tue, 2015-09-29 at 07:06 +0000, Brian May wrote:
On Tue, 29 Sep 2015 at 16:36 David Tulloh <david@tulloh.id.au> wrote: As an immediate solution I suggest switching to an online email system such as GMail. This can be done easily by redirecting the account or using gmail fetcher to check the external server, outgoing emails can be sent with the existing from address so there is visible change.
How does BigPond work? I assumed it would be an web based online system, maybe that is a bad assumption my part.
BigPond has mail servers that provides POP3 (from personal experience) and it can be forwarded. All my email there is forwarded to my gmail account and I now use IMAP. There are issues of storage quota involved. There is also a web interface, but quite a while since I used.
In which case, if it is something like outlook on his computer talking SMTP/POP/IMAP need to make sure it is secure, like other people have mentioned.
He needs to learn, deeply, that security is a process, not a product. Even the best software can be used insecurely, that "inconvenience" can be the difference between the single invoice to his customers and the scam forged duplicates. If he wants to continue to be successful, a gmail account would be a start, else some other email, and to comprehend what is secure behaviour.
It is is a desktop computer, would be surprised if it is using WIFI, but something I should check.
You might still be able to find reference to "firesheep" and show him. WiFi can be secure, but trusting an open public connection with unencrypted content is a good way to be compromised.
Are compromised routers common?
There a number of possibilities here. I don't like to suggest random changes unless I can get some proof that the change addresses the actual attack vector. e.g. changing to a gmail account would not help if there is some sort of hidden keyboard logger on the computer. Apparently it is a bluetooth keyboad, how secure are bluetooth keyboards? Or if my relative changed an obvious password to another easy to guess password.
He has a problem. It will be good to find quite where the trouble arises. Solving the problem can be a different matter. Bluetooth is short range, so taking advantage would require a close presence, check wikipedia for details. Suitable passwords are a help if other settings are appropriate, but do explain reverse searches with an encrypted dictionary. Using a phrase of personal meaning, with personal reasons for selecting the elements to create the password, can be easy to remember, but difficult to guess or otherwise crack. Do not discount that if someone can compromise his PC, they can probably recover even a random character password. Regards, Mark Trickett
participants (2)
-
Brian May
-
Mark Trickett