FOIA Fun - Or - How Phishers Hacked Into Indiana University

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

An interesting read.

Christopher Soghoian:

[snip]

This post should probably be called Indiana Public Records Act Fun - but
that doesn't quite roll off the tongue.

I signed up for an Indiana University email account in March or so of 2006.
Between signing up and the start of school in September, I'd never used the
email address for anything, and a Google query at the time for the address
came back negative.

In mid June of 2006, I received a phishing email claiming to be from the IU
credit union. The Indiana Daily Student later covered this incident. The
article merely mentioned that phishing emails targetting the credit union
had been sent out, and that a bunch of students had typed in their info.
The article didn't explain how the phishers had learned the email addresses
of the students, nor who had launched the attack.

[snip]

More:
http://paranoia.dubfire.net/2007/04/foia-fun-or-how-phishers-hacked-into-iu
.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.1 (Build 1012)

wj8DBQFGJTGPq1pz9mNUZTMRAnNBAKC4jAIS9GFP2+ZZFK6u3nZ+KIXEQgCgnjzj
P7aazPIyoixL589deNpOLJI=
=ddy6
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.