Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Password trading problem

From: "Hamish Stanaway" <koremeltdown () hotmail com>
Date: Wed, 04 Aug 2004 22:59:49 +0000
Hi there Jason,

One idea is that you could develop this list, and either:
Sell it to adult sites so that they can block these referrers, monitor advsertised logins on these sites and close them, or 

Send it to all the adult sites you can find for free.



Kindest of regards,

Hamish Stanaway, CEO

Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
Auckland, New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com






From: Jason Humes <jhumes () acs on ca>
To: "'security-basics () securityfocus com'" <security-basics () securityfocus com> 
Subject: Password trading problem
Date: Tue, 3 Aug 2004 15:50:19 -0400 MIME-Version: 1.0
Received: from outgoing3.securityfocus.com ([205.206.231.27]) by mc2-f25.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 4 Aug 2004 10:16:33 -0700 Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 85C0F2370BC; Wed, 4 Aug 2004 10:26:35 -0600 (MDT) 
Received: (qmail 27936 invoked from network); 3 Aug 2004 13:23:34 -0000
X-Message-Info: JGTYoYF78jEe0kYrkzgXl0Vb/JRNjO/b
Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:security-basics () securityfocus com>
List-Help: <mailto:security-basics-help () securityfocus com>
List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
Delivered-To: mailing list security-basics () securityfocus com
Delivered-To: moderator for security-basics () securityfocus com
Message-ID: <43DFCFBAFD93D411B3F7000629A8748FD42179 () memnoch acs uucp>
X-Mailer: Internet Mail Service (5.5.2653.19)
Return-Path: security-basics-return-29558-koremeltdown=hotmail.com () securityfocus com X-OriginalArrivalTime: 04 Aug 2004 17:16:33.0607 (UTC) FILETIME=[CA734D70:01C47A46] 

Hi
I've got a client who has an adult themed, password protected, web site and
I'm in charge of doing a security review of it.  This was brought about by
the admin noticing a huge amount of logins from a single account across many 
different IP addresses.  I imagine that this is the result of password
trading online and as part of my security audit I would like to develop a
list of these sites which offer message forums for password 'testing', adult 
'testing', web 'testing' etc...meaning password cracking, and scan for my
clients site within their lists to make sure no passwords/accounts have been 
cracked and being shared.  Does anyone have any ideas?  Thanks.

--

Jason D. Humes

Applied Computer Solutions Inc.
3020 St. Etienne Blvd.
Windsor, Ontario
Phone: (519) 944-4300 x211
Fax    : (519) 944-4247
Email : jhumes () acs on ca



**********************************************************************

Confidentiality Notice:

The information contained in this e-mail and any attachments may be legally
privileged and confidential. If you are not an intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
e-mail and any attachments is strictly prohibited. If you received this
e-mail in error, please notify the sender and permanently delete the e-mail
and any attachments immediately. You should not retain, copy or use this
e-mail or any attachment for any purpose, nor disclose all or any part of
the contents to any other person.

Thank you.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



_________________________________________________________________
Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ 


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: