Security Basics mailing list archives
Determining who gave passwords to bogus site
From: Bert Knabe <bert.knabe () lubbockonline com>
Date: Thu, 19 Aug 2010 13:15:54 -0500
I¹m on the incident response team for our company (I¹m am the incident response team on-site) and we just did a skills drill where we were given the nature of the incident a bogus email with a bogus link and had to determine what type of attack it was, etc. I returned my answers, and I did ok, but I was only partially right on one of the answers. The attack was a XSS attack. The user clicked on a link in the email which called up a page that injected a script into the actual login page and redirected to a bogus login page before anything was actually entered into the real login page. The question I only partially answered was, ³How would you determine which users gave away their passwords?² I answered that since the user was redirected before entering anything on the real¹ page you couldn¹t really tell who gave away their password, but logs would tell you who had clicked on the link in the email. I was told that there are two good ways to tell who gave up their passwords, one was logs and the other is network based. Any way I can think of involves logs. Is there a network based way to tell who gave up their passwords that doesn¹t involve logs? Bert Knabe Technician Lubbock Avalanche-Journal 806-766-2158 Freedom is never more than one generation away from extinction. We didn't pass it to our children in the bloodstream. It must be fought for, protected, and handed on for them to do the same. Ronald Reagan ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Determining who gave passwords to bogus site Bert Knabe (Aug 20)
- Re: Determining who gave passwords to bogus site Paul Johnston (Aug 23)