I'm sure hackers are attempting to access Google accounts all the time. I don't think your situation is special. Prior to linking KDE Messenger to your Google account, had you configured your (Google) account to contact you in any way when login attempts were made?

Well i am mostly just worried.. that it's a specific hack or exploit that stem's from KDE messenger.. I love my KDE (especially that it has a messenger program built in).. and have since Ubuntu abandoned unity.. Switched all my computers over to KDE.. My problem is.. I have had 2 times.. my google account has been accessed and it was not by some random person seemingly.. It was some one that had my account and my password .. and both i think exploits of KDE messenger or the permissions involved happened after i used it both times...

hard to explain i am a student of internet securities.. and i run wireshark on my network all the time and can tell you it did not happen through my network its.. like some one got my account and password through the air... and could.. though i would be reluctant to... give you 2 days of logs.. that show that my network was not where the breach happened... how do i black out all the local IP addresses.. so no one hacks me etc.. yay mac addresses..

i am just positive this happened to me.. and i was at dinner with my two kids and wife and had to run off and address this issue.. if you would message me i could tell you my actual thoughts on it.. If you happened to dev this so i could give you some quick feed back i would appreciate it more though..

Hi
I assume that by KDE messenger you are referring to Telepathy.

Telepathy should not be the problem.

It is almost certainly the Google account itself.

You do not indicate whether you have an external Google Hangouts account; that, in and of itself, can be a problem in terms of being exploited.

https://productforums.google.com/for...Q/J9yYGAOzFgAJ

http://www.adamguerbuez.com/i-just-s...ngout-feature/

The above are just a few of the many posts about what happened when Google got "away from the core feature" of "email" in an attempt to control the world like Microshaft.

The simple fix might be to delete any and all contacts which you do not PERSONALLY know, just send them an e-mail telling them that you are going to delete the contact because of the possible exploit and if the person really wants to be in your circle to then try to reconnect with verifiable information about who she or he is.

Second, change the password for your Google / Hangouts account ( s)

Third change all passwords on your physical machine and router.

It is quite possible that these were "drive by" in terms of mass attempts to get into ANY account using the power of the server farms in various "unnamed" countries. There is so much excess server space and cloud space that the exploits are literally sent out randomly by the millions and cost the the exploiter chump change. The exploit is not looking "for you" it is looking for ANY kind of contact point to exploit and if it happens to be a "valuable target" then so much more the better.

If it is, indeed, not a problem with Telepathy but with Google itself in terms of the contacts, it could be a Steganographic exploit in which a sniffer was in the image of the contact and when one clicks the image, which is what one does to use the app, the sniffer is activated. When the sniffer gets into your system it then messages the origin of the exploit which then starts using your system.

At this stage the situation is evolving and it SEEMS to be mostly "testing the technique" to see if it can be used on something more important, like a bank or a power grid.

Another example is the billions of randomly generated calls to any and all cell phones. The "do not call list" is absolutely worthless nowadays except for a real, verifiable, physical, business that is merely trying to get you to talk so you can be talked into buying something or answering a survey.

On my test phone I have a phone number which has called the phone 232 times. ( I do not answer the call and no message is ever left) The calls occur at, generally, four or so in the afternoon local time and there are always two calls spaced 7 minutes apart. I know where the origin of the call is and the local police know. It is in an empty rental house which has a "cable and inter-net" hookup hooked into a laptop which is sitting there busily churning out calls to all local numbers that have the same area code and prefix as the phone account on the computer.

I won't get into which President sat back and watched this happen but it that to which the Trumpman refers when he is talking about Chinese and Russian cyberwarfare and the multitude of other bad actors around the world who have literally set up their own clouds to do this.

My first message to people is very simple: A) don't click anything that came from someone you do not know personally and b) don't go where your mother would not want you to go.

My second message is do not worry about how complex a password is, just change them regularly, as in every month.

OH NO...I can't remember all those passwords! people complain.

Right, I get that, so use this: wooDsmoke01, Woodsmoke02, WooDsmoke03,

The hacking is not done by a person, it is done by an algorithm and the algorithm will only attempt to crack the password for a certain amount of time because of the diminishing return on investment of time which translates to money. You are not a high value target. But a bank is.

And when "they" finally get the system to "work" whatever it is ...is when you can expect to wake up late for work because the electrical grid is down.

The ludicrosity of this whole thing is sometimes mindboggling. My college disallowed a very complex password but allowed Balugacaviar01.

woodsmoke

Your Gmail account password wasn't revealed using KDE Connect.

https://www.identityforce.com/blog/2017-data-breaches

Well i just got to say.. last year.. I tried to use this messenger and this happened .. and i was ok.. it will get patched out its just a temp issue.. and will be resolved.. and then.. this year..I got my wife a phone so it became viable.. to use hangouts to communicate and it happens again.. I would tell you I have been the victim of large scale fraud..

and multiple times.. It is actually why i switched from trusting any windows OS or even OSX to Linux (least targeted OS) .. and I know more then i would let on about it.. I use multiple browsers tor.. etc to keep my computer secure.. wireshark is usually always logging my network.. and I have not had any issues on any Linux OS.. other than KDE.. for some reason.. if i log into KDE messenger..

on any computer.. I end up with a compromised account not instantly but within a day or two.. this time once the guy hit authenticator.. i got a random phone call within 3 mins .. i have yet to glance at the source code as i really have no time to work on it.. I have had no zero security issues with my google account.. other than these 2 times logging into KDE messenger(even on windows).. I have done this on entirely different computers.. and It's not a hardware exploit.. like brand new system76 or old lenovo..

Some how this software is the problem.. I would mention that my data all gets routed through likely the best place in the country for internet securities students to go (like they have linux in the curriculum there).. so there might likely be some one who knows the data i send is crackable.. and has an automated way of looking for it.. any way this sort of thing is exactly why i am getting into internet securities in the first place.. like fraud happens.. you eventually get your money back.. but do you know anything happens after.. like who is tracking the people that are attacking like a hard working dad with 2 kids that actually needs that money... it seems to just be a thing where they attack any one..

or anything..

Pardon my ignorance but exactly which program are you referring to when you say KDE Messenger?

When you scroll over the messenger program in KDE.. it says KDE messenger.. if you search in the start menu.. type messenger.. it shows up as KDE messenger... though it is actually Telepathy.. would at this point be the name of the project.. less the name of the app... I am also going to mention.. I did not get to research much today..

today i hung with my kids.. But.. for some reason Ubuntu.. like up stream (generic Ubuntu).. included a messenger program for forever.. but all of a sudden.. i think 14.04 had stopped supporting it.. thinking they had security issues with it.. after doing more reading.. today though..

i would not tell you not to use it.. just don't do it with your primary email account.. if you have a facebook or other account go with that.. if you have an ICQ or AOL or other account that's not compromising there seems to be no threat.. It is just apparently when you log into an account that could.. lead to some one having full control.. and seems to be about privileges or it being very easy for.. some one with knowledge to escalate the privileges given to your browser.. by KDE messenger.. to actual account access..

Its a working theory.. i still think i'm right.. I did trust the people on here like Telepathy seems to be secure.. on its own.. its all about the interaction with the web browser.. and might just end up being the interaction with chromium and not chrome..

Any one else under stand how you could be a douche and a total genius at the same time... my question would be like why is life like that.. and why would you " have to " do things this way especially with the way things go... I am going to not care about people that run KDE Messenger... that don't Log their net traffic... I am going to worry at this point at the random user that brings business over from wondows.. I would love to not have issues with those not getting paid specifically from open source software.. to not do something like this.. but it seems entirely like some components are being built in to larger projects with free dev's being random etc Kde unfortunately ends up being the example of this.. Kubutu is not the issue just the compilation and the hugeness of KDE development..

has ended up being like things like KDE wallet.. and KDE messenger.. and there are obvious things indicating security problems with these programs.. and usage of has been a problem randomly for years... that's it.. Up to every one to do something.. research.. points.. if you damn well just google it.. to two componets of KDE being compromised and how bad they are..

i hate to point fingers.. but i as a man have been like I would donate to any distro.. that could keep my interest for over a year.. and there have been none.. though kubutu was the closest.. ( I have come to the random conclusion that when corporate interests are not completely involved at this point in Linux development .. This is as bad as Linux get's people that need to get paid no money.. ETC... KDE is the closest.. and a random entirely to best version of Linux..

And I am going to stand by that everything is configurable the best.. but the need to worry about security with a project that big.. over shadows.. the success... the big thing is working on it has entire security.. and every one on the project is not trying to benefit individually and part of the whole.. love you guys ttyls

LOL
THIS IS JUST HILARIOUS!!

When I installed skype for linux, guess what! :0
The "KDE Messenger" that had been sitting patiently in the panel, not working popped up and ...it WORKS!! :0

the thread

woodsurprisedsmoke

I am going to say your right actually.. I loved that KDE messenger worked.. I am going to do some back round right.. I have been struggling with a serious illness. Like when i started this post,, I was well meaning.. and trying to be constructive.. but i am severely ill no matter what i do.. and when i said Genius i have all of a sudden figured out.. I am gluten intolerant after 31 years of life I may likely have cealiac disease( knocked out gluten feel brilliant).. inherited from my father..

though the essence of what i was trying to say,, i would appreciate it.. if it lived on... Like we need proper developers and Kubuntu at it's core is proper.. like everything is proper... though i worry about monstrosity projects like this (KDE in general Huge project).. like I will tell you guys i am sorry i said this last night i am seriously ill.. but i would tell you.. that Projects like this ( when compared to other open source projects..) where there are just a few devs.. that are predictable.. that KDE..

IS AWESOME.. but has a multitude.. of people supporting this but who are they.. I am not going to do this wrong no.. I am sick.. and its a random condition.. i am not going to say the validity of this argument is wrong.. look at KDE development.. you don't have to worry about just the KDE dev's you have to worry about the wigit dev's the distro dev's the etc.. dev's..

I would say I appreciate you all though.. i would also say.. this is the only Linux distro that has led to some one trying to access my windows pass word.. and i am again.. going to apologize for being sick.. like i suffered an anemia in February... at the very end.. and almost died from blood loss.. It is important to me.. That this all just works it's self out..

It is important enough to me.. that I get you guys to understand... that there are ultimately vulnerabilities in this crap.. and it is important in a project like this.. Report the crap... the DEV's are good.. as long as this KDE community continues to just ride a long these dev's do nothing... it is customize able it is perfectly linux... but please report your bugs.. this is ultimately the one if wondows.

goes under... like since i was kid every one said i was going to would catch the most people... I actually really hope it happens... but as i said the project is a monstrosity from the aspect of those that understand..

Hi
I'm sorry to hear of your physical situation.
Since I teach Biology I actually teach about your condition, I'm the only one, the colleges in general have dropped any "useful" information in the 'mass courses for the useful idiots" to toe the line on the latest problem du jour for the people in Washington.

To me the situation with all of the IM clients in Linux is, and it is just my opinion, that "the world has moved on".

The vast majority "of people" are just not using "a computer" for a lot of things that they did previously. I don't rant and rave at the students about "WHAT ARE YOU DOING ON THAT COMPUTER...LISTEN TO ME!" like most professors do,

I have always said to use a lappy, and then later a tablet.

I now have students who are interacting with my class materials in the colleges Insturctional Management System using the large format smart phones for "quick work in the classroom, even to taking notes, they can type on the things with amazing speed.

The problem with that is that, as opposed to "taking notes on paper" is that it requires a TOTAL concentration on the phone or tablet whereas with paper and pencil the student could "scribble and listen" at the same time. So, while they are concentrating on typing they really can't even "hear" what is being said in class.

And, that is why I moved BACK to the Socratic method a few years ago. I always used it when I taught High School.

This way they can kind of..."listen in snippets".

So the computer or laptop is now being used for "work" like wordprocessing etc, by the new generation.

And there is also the whole thing about the various companies wanting to keep all the people using their app and only their app.

At first Linux was able to get things like Kopete or Pigin etc. to interact with "most" of the apps but Yahoo messenger has always been a problem and when it was bought by Verizon, the shell company is "Oath", then the handwriting was on the wall, Verizon was going to move to a phone app and they announced just a while ago that Yahoo Messenger "for the computer" is now, officially, going to be dropped.

The only IM for Linux that even has a menu item for it is KDE messenger and when you click it the app posts a notice that it is looking for "haze". Well, one can install haze, but it doesn't help because why would a developer want to work on a part of an app that is being completely dropped?

Facebook Messenger dropped supprt for XMPP, and why is an external developer going to develop a complete replacement for that for an already dwindling user base.

So, I feel your pain, I used Kopete like...FOREVER... because I didn't have that many people that I IM'd with any way and they were almost all on Yahoo, but ...even they have drifted away from the computer app to "chatting" using the Facebook app on the cell phone.

It is the passing of an era methinks.

woodagain,issorryaboutyourconditionsmoke

I am going to apologize.. one more time.. I am sick not like kid sick... but like entirely sick.. and i have within the last few weeks likely almost died.. likely anemic.. and i really don't want to trouble people with the detail's.. but Though I have seemingly been hacked due to this distribution of Linux... I would recommend it .. Like I would not attack the project as a whole..

and I would attack security... but in reality.. this is the best Linux as far as being like customize able perfect.. .. it reflects the proper attitude of Linux.. that there is no limitations.. it is perfect.. .. like you can customize this and that.. I am going to give you some depth i am A securities student and it requires learning..

but it is not a bad thing.. every one has to distinguish .. I actually love this distro it is just I actually attacked a dristro that seems to be developed by a Russian named guy any way... Just don't use the messenger program... Kubuntu is good linux.. it is just a monstrosity of a project.. is my determination on it..

well my man, I assume! lol ...you really are welcome here!

We have had a few other long time friends who really were sick as in almost dying and we all try to support each other.

So, anyway...this distro really is bread and jam... and it doesn't stick to the roof of your mouth! lol

woodlikesgrapejamsmoke