lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mr.bill.bilano at email.server.unix.bill.bilano.biz (Billy B. Bilano)
Subject: Possible First Crypto Virus Definitely Discovered!

Kenneth,

These are insidious hackers!

I did what you said and I am getting an exact duplicate of our web site!
They have probably infiltrated the system and are using this to capture our
customers' login information and passing it back to them encrypted! I can't
believe this!

I've already called a local consulting firm and they will be doing an eval
this Thursday of our security measures that we've taken. Then, I am going to
call the webmaster I just fired over this back in and have him sit in front
of their report and see if he has anything to say for himself. Hah!

Also, right before I wrote this message I blocked port 443 in and out on our
firewall at the bank! I will be going over these servers very carefully
tonight to look for anything wacky or goofy.

--------
Mr. Billy B. Bilano, MSCE, CCNA
<http://www.bilano.biz/>
Expert Sysadmin Since 2003!
'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL'  -- RMS



----- Original Message ----- 
From: "Ng, Kenneth (US)" <kenng@...g.com>
To: "'Billy B. Bilano'" <mr.bill.bilano@...il.server.unix.bill.bilano.biz>;
<full-disclosure@...ts.netsys.com>
Sent: Tuesday, June 08, 2004 1:51 PM
Subject: RE: [Full-Disclosure] Possible First Crypto Virus Definitely
Discovered!


> Question is, are you supposed to have a SSL server on that box?  If so,
> that's what it is.  If not, then you definitely have a problem.  Try
> connecting to that box with the URL you normally use, just use "https"
> instead of "http".  If you get the "normal" page, then someone turned on
> https without realizing it.  If you get something different, then you
> investigate.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ