lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <3a166c090704090918l5c93dffdu5ff95fd45085c426@mail.gmail.com>
Date: Mon, 9 Apr 2007 17:18:33 +0100
From: n3td3v <n3td3v@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: threat to corporate security

---------- Forwarded message ----------
From: n3td3v <n3td3v@...il.com>
Date: Apr 9, 2007 4:44 AM
Subject: threat to corporate security
To: Yahoo Security Contact <security@...oo-inc.com>, paranoids@...oo-inc.com


the conspiracy is a lot of spam actually belongs to hackers. hackers
are increasingly using fake penis enlargement e-mail to probe the out
of office auto responders of large corporations. its amazing how much
information is left on auto responders, espeically at popular vaction
times like easter and xmas. individual employees un firmilar with
security issues are increasingly throwing inetrnal operational
information for co-workers to pick up, n3td3v said. the problem is its
more than co-workers who are picking up this information and using it
for hacking large corporations like yahoo. you can't rely on your
employees anymore, corporations have got to start probing inboxes,
because the bad guys are, n3td3v said. corporations have got to get
tough on thsi n3td3v said. you got to harden your defenses on this
front and strenghen your security policya t the same time to reassure
security teams that employees are still aware of the threat of
internet facing corporate mail boxes spewing out all kinds of
information which is ultimately damaging for the company and its long
term ecnomic interests. large corporations don't want to get hacked by
simple yet effective attack vectors like this, n3td3v said, corporate
security teams have really got to take this seriously and do something
about it. just when you thought all that spam thats being sent aroudn
the internet clogging up mail servers only have a commercial purpose,
no, hackers are starting to to hitch a free ride on spam trends and
are increasingly dressing up mail box probes as popular spam to
effectively ping the inboxes of large multinationals to harvest out of
office responder data, n3td3v finished saying in a statement sent
early monday.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ