Educause Security Discussion mailing list archives
Re: Interesting auth attempts with unusual user agent string
From: "Snook, Allen" <asnook () MESSIAH EDU>
Date: Mon, 6 Apr 2020 19:43:19 +0000
We are also seeing this same spike, we have had several accounts compromised because of it. Office 365 has the strangest of way of locking an account for bad passwords and some times an attacker can try hundreds of thousands of failed passwords before an account will get locked if at all. Regards, Allen A. Snook - CISSP Director of Information Security CCNP [cid:part2.C84B68C8.50548032@messiah.edu] From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Jim A. Bole Sent: Saturday, April 4, 2020 8:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Interesting auth attempts with unusual user agent string [[***CAUTION*** This email originated from outside of Messiah College]] I'm seeing a spike in some interesting auth failures to O365 with the user agent string "Outlook-iOS/723.4027091.prod.iphone (4.28.0)" These attempts are similar to the now steady stream of IMAP4 failures. Anyone have any info on this, especially the user agent string. It appears to be a developer API. This activity started Friday and is ongoing. Thanks. Jim Bole Director of Information Security Stevenson University 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu<mailto:jbole () stevenson edu> | O: 443-334-2696 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://www.educause.edu/community> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Interesting auth attempts with unusual user agent string Jim A. Bole (Apr 04)
- Re: Interesting auth attempts with unusual user agent string Snook, Allen (Apr 06)
- Re: Interesting auth attempts with unusual user agent string Jim A. Bole (Apr 06)
- Re: Interesting auth attempts with unusual user agent string Snook, Allen (Apr 06)
- Re: Interesting auth attempts with unusual user agent string Frank Barton (Apr 06)
- Re: Interesting auth attempts with unusual user agent string Blake Brown (Apr 06)
- Re: Interesting auth attempts with unusual user agent string Frank Barton (Apr 06)
- Re: Interesting auth attempts with unusual user agent string Blake Brown (Apr 06)
- Re: Interesting auth attempts with unusual user agent string Jim A. Bole (Apr 06)
- Re: Interesting auth attempts with unusual user agent string Snook, Allen (Apr 06)