Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: SMTP attacks, anyone ?
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 11 Oct 2012 09:14:38 -0400

On Wed, 10 Oct 2012 16:23:24 -0700, Mike Iglesias said:

They may have had outdated software on a system they used (like Flash, Java,
Adobe Reader) that was leveraged by a web site to gain control of the system,
install a keylogger, and had their password(s) captured.  This doesn't
necessarily need "risky network behavior" to happen - it could be an ad server
that has been compromised and is distributing attack code with the ads it is
serving, or something along those lines.

A useful Firefox add-on:

https://addons.mozilla.org/en-US/firefox/addon/ipvfox/

Running that and NoScript, and you will be *astounded* at how many different
sites and domains you're downloading from to get a web page displayed (I think
at one point I caught www.cnn.com sourcing Javascript from well over a dozen
servers, and content from 2 dozen).  And compromise of *any* of them can lead
to a drive-by fruiting.

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]