| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dnv0fr$4ti$1@sea.gmane.org>
Date: Fri Dec 16 18:41:25 2005
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: Amazon Phishing Scam - Tech Details
DAN MORRILL wrote in news:BAY115-F1445950D27D49C91C2F875C03A0@....gbl
> Ran across a very nice phishing scam from amazon this morning. Technical
> details follow as suggested black list for this domain. It was really
> nice, very authentic looking, and would suck in a lot of folks because it
> really looked very good. It has been reported to Amazon, but thought I
> would include the technical details to this group.
> Received: (from apache@...alhost)by thebe.jtan.com (8.13.3/8.13.3/Submit)
> id jBFKYkhi014107;Thu, 15 Dec 2005 15:34:46 -0500
> Return-Path: apache@...be.jtan.com
> With an eventual owner here (Suspected hacked site http://thebe.jtan.com/)
Yeesh!
http://www.google.co.uk/search?q=site%3Athebe.jtan.com&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-GB:official
Including the _very_ informative http://thebe.jtan.com/phptest.php
[ And fascinatingly enough, it seems to host a site related to some grade
school in Salem. In light of the recent news articles about privacy breach
of a school psychiatrist's report on a pupil there, I wonder if we may have
stumbled across the host in question.
http://news.google.co.uk/news?hl=en&hs=0Yb&client=firefox-a&rls=org.mozilla%3Aen-GB%3Aofficial&spell=1&tab=wn&ie=ISO-8859-1&q=salem+school+public+web+site+privacy&btnG=Search+News
]
cheers,
DaveK
--
Can't think of a witty .sigline today....
Powered by blists - more mailing lists