lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 27 Apr 2005 21:01:27 -0400 (EDT)
From: "J. Oquendo" <root@...lrouted.us>
To: incidents@...urityfocus.com, bugtraq@...urityfocus.com
Subject: Re: Re: Discovering and Stopping Phishing/Scam Attacks



I sent a rant on about this same sort of topic revolving an incident with
Hushmail where they MISLEAD their users. Thought the list would find some
humor/insight in it.

Original email from Hush can be seen at:
http://lists.jammed.com/ISN/2005/04/0103.html

---------- Forwarded message ----------

On Tue, 26 Apr 2005, xxxxxxxxxxxxxxxxxxxxxxx wrote:

> There was no unauthorized access to any of the Hush servers.  Data
> managed by Hush was not compromised.  During this period, however,
> some users were unable to log in to their email accounts, and email
> sent to Hushmail Business domains may not have been delivered.

Such a misleading statement from Hushmail when all one has to do is
consider the following... Attacker redirects users to a complete mimic of
the Hushmail website. All that would be necessary to compromise Hushmail
users' information would be a form that would take a username and password
and store it to file for later use. Talk about phishing!

Imagine the scenario of someone mimicking let's say Citibank to the wire.
Attacker redirects users for say 4 hours. That's a hell of a lot of time
to capture data for later use wouldn't you think.

I sometimes ponder how long would it be before lets say a rogue company
pops up out of the blue, performs an attack like this let's say once per
month for about an hour. Takes a year to capture data, then say files for
bankruptcy because they managed to get enough information to do whatever
they'd like to with that information.

SCENARIO: SampleSales.com which is a small ISP pops up and for one hour
per month for one year captures data for sites like say, Amazon, Ebay,
Citigroup, etc.. SampleSales.com closes shop never to be heard of again...
One year later, based on the traffic going to these sites, SampleSales.com
was able to phish out about 100,000 records. What could they do with this?
Well, they could card their sleazy little lives away to oblivion ordering
things to resell on Ebay, they could sell information on the people ala
identity theft, they could blackmail cheating scumbag spouses who say
called escort agencies and things of that sleazy nature... Hell the
possibilities are endless.

For Hushmail to mislead their users by saying nothing was compromised is
rather misleading considering Hushmail has no idea of what exactly
happened other than DNS poisoning. For them to make a public statement
showing the IP addresses of their machines as if it makes a difference, as
if people are actually going to say, "Gee Mable, is this really Hushmail,
let me do an nslookup first Ma!" is bananas.

Even if someone did, imagine that DNS poison combined with some silly
little worm that did some moronic:

Ala Wintrash
echo "HUSHMAILS.IP.ADDRESS	BOGUS.ADDRESS.COM" >>
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

Ala Pwnix
echo "GOOD.IP	BAD.IP" >> /etc/hosts




=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x0D99C05C
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0D99C05C

sil @ infiltrated . net http://www.infiltrated.net

"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------



Powered by blists - more mailing lists