| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1140443588.8055.9.camel@localhost.localdomain> Date: Mon Feb 20 13:53:17 2006 From: barrie at reboot-robot.net (Barrie Dempster) Subject: How we caught an Identity Thief >From the article linked: > 1. The domain name > 2. Who registered it > 3. Who was serving DNS for it > 4. The IP address of the web site > 5. The Service Provider for the IP address > 6. The OS of the host > 7. The Web Server > 8. Some general information about the application the site was using > > Within hours we had collected all of the above information. It was my recommendation to > the client that we contact the FBI at this point. It took you "hours" to run nmap/dig/whois ? Not a very good advertisement of your talents, which the post seemed to be attempting. Even giving you the benefit of the doubt and assuming the phishers employed basic obfuscation of the host (Which I would doubt as usually it's someone else machine anyway) hours is a seriously long time to run a few basic commands. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 1859 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060220/39ccb96a/smime.bin
Powered by blists - more mailing lists