Re: Password trading problem

[pingywon MCSE <pingywon () gmail com>]

It is my experience that most of these "groups" do not operate off of
websites. That is way too static a media for them. Most of the operate
off off IRC. Now tracking them down and locating what sites they have
is another story.

Finally I also know that some of these groups dont have "lists" at all
but rather work strickly off of "requests" by thier users.

Good Luck 

~pingywon MCSE, CIWA, DCSE

On Tue, 3 Aug 2004 15:50:19 -0400 , Jason Humes <jhumes () acs on ca> wrote:
> Hi
> I've got a client who has an adult themed, password protected, web site and
> I'm in charge of doing a security review of it.  This was brought about by
> the admin noticing a huge amount of logins from a single account across many
> different IP addresses.  I imagine that this is the result of password
> trading online and as part of my security audit I would like to develop a
> list of these sites which offer message forums for password 'testing', adult
> 'testing', web 'testing' etc...meaning password cracking, and scan for my
> clients site within their lists to make sure no passwords/accounts have been
> cracked and being shared.  Does anyone have any ideas?  Thanks.
>
> --
>
> Jason D. Humes
>
> Applied Computer Solutions Inc.
> 3020 St. Etienne Blvd.
> Windsor, Ontario
> Phone: (519) 944-4300 x211
> Fax    : (519) 944-4247
> Email : jhumes () acs on ca
>
> **********************************************************************
>
> Confidentiality Notice:
>
> The information contained in this e-mail and any attachments may be legally
> privileged and confidential. If you are not an intended recipient, you are
> hereby notified that any dissemination, distribution or copying of this
> e-mail and any attachments is strictly prohibited. If you received this
> e-mail in error, please notify the sender and permanently delete the e-mail
> and any attachments immediately. You should not retain, copy or use this
> e-mail or any attachment for any purpose, nor disclose all or any part of
> the contents to any other person.
>
> Thank you.
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------


-- 


~pingywon MCSE 
http://www.pingywon.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------