Educause Security Discussion mailing list archives
Re: SMTP attacks, anyone ?
From: Mike Iglesias <iglesias () UCI EDU>
Date: Wed, 10 Oct 2012 16:23:24 -0700
On 10/10/2012 03:03 PM, Andrew Daviel wrote:
Both the users in question deny "risky network behaviour" and are fairly clueful - would not fall for phishing, do not frequent cybercafes etc. Their passwords (now changed of course) were robust enough not to fall to a few hours of "John the Ripper" so I doubt they were trivially guessed.
They may have had outdated software on a system they used (like Flash, Java, Adobe Reader) that was leveraged by a web site to gain control of the system, install a keylogger, and had their password(s) captured. This doesn't necessarily need "risky network behavior" to happen - it could be an ad server that has been compromised and is distributing attack code with the ads it is serving, or something along those lines. -- Mike Iglesias Email: iglesias () uci edu University of California, Irvine phone: 949-824-6926 Office of Information Technology FAX: 949-824-2270
Current thread:
- SMTP attacks, anyone ? Andrew Daviel (Oct 10)
- Re: SMTP attacks, anyone ? Tonkin, Derek K (Oct 10)
- Re: SMTP attacks, anyone ? Steven Alexander (Oct 10)
- Re: SMTP attacks, anyone ? Mike Iglesias (Oct 10)
- Re: SMTP attacks, anyone ? Valdis Kletnieks (Oct 11)