Educause Security Discussion mailing list archives
Re: SMTP attacks, anyone ?
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 11 Oct 2012 09:14:38 -0400
On Wed, 10 Oct 2012 16:23:24 -0700, Mike Iglesias said:
They may have had outdated software on a system they used (like Flash, Java, Adobe Reader) that was leveraged by a web site to gain control of the system, install a keylogger, and had their password(s) captured. This doesn't necessarily need "risky network behavior" to happen - it could be an ad server that has been compromised and is distributing attack code with the ads it is serving, or something along those lines.
A useful Firefox add-on: https://addons.mozilla.org/en-US/firefox/addon/ipvfox/ Running that and NoScript, and you will be *astounded* at how many different sites and domains you're downloading from to get a web page displayed (I think at one point I caught www.cnn.com sourcing Javascript from well over a dozen servers, and content from 2 dozen). And compromise of *any* of them can lead to a drive-by fruiting.
Attachment:
_bin
Description:
Current thread:
- SMTP attacks, anyone ? Andrew Daviel (Oct 10)
- Re: SMTP attacks, anyone ? Tonkin, Derek K (Oct 10)
- Re: SMTP attacks, anyone ? Steven Alexander (Oct 10)
- Re: SMTP attacks, anyone ? Mike Iglesias (Oct 10)
- Re: SMTP attacks, anyone ? Valdis Kletnieks (Oct 11)