Home page logo

educause logo Educause Security Discussion mailing list archives

Re: SMTP attacks, anyone ?
From: Mike Iglesias <iglesias () UCI EDU>
Date: Wed, 10 Oct 2012 16:23:24 -0700

On 10/10/2012 03:03 PM, Andrew Daviel wrote:
Both the users in question deny "risky network behaviour" and are fairly
clueful - would not fall for phishing, do not frequent cybercafes etc.
Their passwords (now changed of course) were robust enough not to fall to a
few hours of "John the Ripper" so I doubt they were trivially guessed.

They may have had outdated software on a system they used (like Flash, Java,
Adobe Reader) that was leveraged by a web site to gain control of the system,
install a keylogger, and had their password(s) captured.  This doesn't
necessarily need "risky network behavior" to happen - it could be an ad server
that has been compromised and is distributing attack code with the ads it is
serving, or something along those lines.

Mike Iglesias                          Email:       iglesias () uci edu
University of California, Irvine       phone:       949-824-6926
Office of Information Technology       FAX:         949-824-2270

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]