I asked a friend who has been in the business of email administration for large corporations for quite a while how to test your mail system for a man-in-the-middle attack.
His answer was another catch 22 for these problems which leaves you stranded and once again proves why they are so successful - and could be happening on your mail or web system right now.
Basically, to find a man-in-the-middle attack you have to try out the hack on the server you are trying to test. The caveat is, if your server is already hacked the test might NOT work...
And basically he summed it up saying that's why there's so many security folks out there that help people test for this kind of thing.
I still don't know exactly how to test this on a mail system...have to keep researching...
Trends from the trenches of Internet traffic. Hackers, spammers and Internet abuse. IP address database. DNS sightings. Views and opinions expressed are my own. ~ Teri Radichel @teriradichel
Wednesday, January 30, 2008
Tuesday, January 29, 2008
Spam Images Bypassing Outlook Image Blocker
Some of the recent spam mentioned is getting past Microsoft's image blocker in Outlook. It is coming out of rush as the 70% spam post I just posted.
Monday, January 28, 2008
Report Cyber Crimes To FBI
I reported on this article before but reading it again I would like to highlight a different part - the FBI would like IT executives to report crimes to them to help fight crime. If large vendors would analyze their firewalls and network logs and report thing such as the spam I found spewing out of my server and research problems with had with their Email systems instead of kicking us off their systems, maybe we could uncover crimes and help the whole country, in fact the world, in addition to their individual businesses and customers:
FBI can Help You Fight Cyber Crime
O'Brien wound up his presentation with a plea for IT executives to work with the FBI to nail cybercriminals, including those who operate outside the United States.
"Compared to when I started doing computer crimes four or five years ago the bureau today is very well positioned to run an investigation that involves botnets and foreign nexus. We have agents in over 50 embassies now around the world from countries as diverse as the United Kingdom and Yemen...[Our agents] work with foreign law enforcement."
IT executives can help the FBI crack cases by reporting incidents as soon as possible and by sharing network and other logs, as well as IP addresses involved, O'Brien says.
FBI can Help You Fight Cyber Crime
O'Brien wound up his presentation with a plea for IT executives to work with the FBI to nail cybercriminals, including those who operate outside the United States.
"Compared to when I started doing computer crimes four or five years ago the bureau today is very well positioned to run an investigation that involves botnets and foreign nexus. We have agents in over 50 embassies now around the world from countries as diverse as the United Kingdom and Yemen...[Our agents] work with foreign law enforcement."
IT executives can help the FBI crack cases by reporting incidents as soon as possible and by sharing network and other logs, as well as IP addresses involved, O'Brien says.
Sunday, January 27, 2008
Is your home router hacked?
An example of an attacked home router is described in this article:
http://www.networkworld.com/news/2008/012208-drive-by-pharming.html
So if this is "on the rise" as the article points out, what can be done to stop it?
http://www.networkworld.com/news/2008/012208-drive-by-pharming.html
So if this is "on the rise" as the article points out, what can be done to stop it?
Phishing the Phishers
Here's a site with code to phish - but if you try to use it, ends up sending the info back to the people who wrote the code, not you:
http://news.netcraft.com/archives/2008/01/22/mrbrain_stealing_phish_from_fraudsters.html
So what is our government doing about this type of thing?
http://news.netcraft.com/archives/2008/01/22/mrbrain_stealing_phish_from_fraudsters.html
So what is our government doing about this type of thing?
The infamous check cashing scam - again
Header followed by message text - this message is coming from Turkey, posing as a job for a company which entails cashing checks. Sound familiar?? Who hasn't heard of this one yet....
Return-Path:
X-Original-To: job@hunter.com
Delivered-To: job@hunter.com
Received: from dsl.static.85-105-31885.ttnet.net.tr (unknown [85.105.124.141])
by mail14.intermedia.net (Postfix) with ESMTP id 1B465439B1
for; Fri, 25 Jan 2008 08:13:59 -0800 (PST)
Received: from [85.105.124.141] by edge2-3.sne1.net; Fri, 25 Jan 2008 18:38:55 +0200
From: "Gary Cramer"
To:
Subject: Job Center BOGATTO Company
Date: Fri, 25 Jan 2008 18:38:55 +0200
Message-ID: <01c85f81$89f4c980$8d7c6955@oxpogsog>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.2300
Importance: Normal
The Bogatto Company has a current offering of part-time positions. Even if you are presently employed, this opportunity can add additional earnings to your Family budget!!! Here is a little information about our company:
Bogatto co-operates with more than 90 countries in Europe, North and South America, the Near East and Asia. Our company was founded 15 years ago. Today Bogatto has built up an excellent reputation based on stability and reliability. Activities for our company are various. We find firms or people and negotiate contracts with them. Bogatto is the guarantor between the employer and the employee, vendor and vendee, etc.
The fundamental nature of your job will primarily consist of the following:
We send you a check that you cash utilizing a check cashing service
You take the money from this check and send it to our agent (If our partner is in the USA, you send the money to him through Travel Express)
If our partner is not in the USA, it is necessary for you to use Western Union
Your salary will be 10% from the sum of every check.
The more checks you receive - the more money you earn. Moreover, if you collaborate with us successfully during your first month, you will get an increase in pay.
After 2 months of successful employment you will get bumped up to 20% from the sum of every check.
Many of our clients conduct business via checks. But financial institutions in other countries are either not always equipped and/or charge huge fees when transferring funds.
That's why Bogatto is in need of people who can help us solve this problem and while doing so, earn a decent salary! This creates a nice win-win situation for us both.
If you are interested in our offer or have any questions about this offer, please complete the following information attentively and in block letters:
Full name:
Address:
City:
State:
Zip:
Phone:
E-mail:
Please send your information via e-mail to: bogatto.information@gmail.com
Please, write your data correctly! The checks of our clients will be sent to your name and your address. If it is required we'll call you. If you agree, you will receive further instructions.
Thanks for your attention and best regards,
The Bogatto Company
Frequently Asked Questions
#1 Who will I get checks from?
You will receive checks from our clients who cannot send funds to another country but can only transfer funds by check within that country.
#2 How much will the wages compile?
Your wages will equal 10 percent from the sum of the check. In the other words you get the check, take 10 percent from the sum of the check and the remainder of the check is sent to our clients(ex: the sum of the check is 4,000 USD, you get 400 USD) you get the money this way from every check.
#3 Where is, the check cashed ?
Charges on cashing the check can be taken from this check. It would be better if you could cash the check on the day you receive it. To cash check fast you can use the offices "Check cashing service" "Check Cash Express" and others.
#4 Can cashing services be paid?
Yes, they can; Cashing services can be paid. In this case these services can be paid from the sum of the check.
#5 How is the money transferred by Western Union?
Information about the person who you need to send the money to will be highlighted in an e-mail sent to you. After you have transferred money by Western Union you will be given a MTCN (Money Control Transfer Number). It consist of 10 digits. Then you need to send this number to our e-mail on the same day.
#6 Where should the money be taken from to pay the Western Union fees?
The Western Union fees should be taken from the sum of the check.
#7 The Western Union system doesn't allow more than 3000 USD to be sent at at time?
If the sum of the transfer is more than 3000 USD then you must divide the sum into smaller transfers (it is obligatory) under the 3000 USD Limit. And as it was said above you need to tell us the MTCN s of the transfers.
#8 Can money be sent by another system?
No, it can't. Transfer can be done only by Western Union.
#9 Who will pay tax?
Sums of our checks are not more than 5000 USD. Reports are not sent to the IRS. Don't worry, you won't have to pay taxes on these sums of money.
#10 How many checks a month can you send and what sum of money?
We can send checks at a rate of 50,000 USD, and the quantity of the checks depends on their sum.
#11 Will the person have to go anywhere?
Your job won't be difficult, you won't have to go anywhere, you can do most everything from home and you don't need to invest money.
#12 Are the operation of the company legal?
All the operations of the company are legal and subject to International Judicial System, what is proved by appropriate documents.
#13 What is approximate wages?
Approximate wages a month is between 4000-5000 USD, with a minimum of time and effort.
#14 Who is responsible if the clients are not satisfied?
Our company is.
#15 Should we provide you with information about our bank account?
We don't need any information about your bank account..
-- Bogatto Company -- Contacts: 1-800-516-3170
support@bogatto.com
Return-Path:
X-Original-To: job@hunter.com
Delivered-To: job@hunter.com
Received: from dsl.static.85-105-31885.ttnet.net.tr (unknown [85.105.124.141])
by mail14.intermedia.net (Postfix) with ESMTP id 1B465439B1
for
Received: from [85.105.124.141] by edge2-3.sne1.net; Fri, 25 Jan 2008 18:38:55 +0200
From: "Gary Cramer"
To:
Subject: Job Center BOGATTO Company
Date: Fri, 25 Jan 2008 18:38:55 +0200
Message-ID: <01c85f81$89f4c980$8d7c6955@oxpogsog>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.2300
Importance: Normal
The Bogatto Company has a current offering of part-time positions. Even if you are presently employed, this opportunity can add additional earnings to your Family budget!!! Here is a little information about our company:
Bogatto co-operates with more than 90 countries in Europe, North and South America, the Near East and Asia. Our company was founded 15 years ago. Today Bogatto has built up an excellent reputation based on stability and reliability. Activities for our company are various. We find firms or people and negotiate contracts with them. Bogatto is the guarantor between the employer and the employee, vendor and vendee, etc.
The fundamental nature of your job will primarily consist of the following:
We send you a check that you cash utilizing a check cashing service
You take the money from this check and send it to our agent (If our partner is in the USA, you send the money to him through Travel Express)
If our partner is not in the USA, it is necessary for you to use Western Union
Your salary will be 10% from the sum of every check.
The more checks you receive - the more money you earn. Moreover, if you collaborate with us successfully during your first month, you will get an increase in pay.
After 2 months of successful employment you will get bumped up to 20% from the sum of every check.
Many of our clients conduct business via checks. But financial institutions in other countries are either not always equipped and/or charge huge fees when transferring funds.
That's why Bogatto is in need of people who can help us solve this problem and while doing so, earn a decent salary! This creates a nice win-win situation for us both.
If you are interested in our offer or have any questions about this offer, please complete the following information attentively and in block letters:
Full name:
Address:
City:
State:
Zip:
Phone:
E-mail:
Please send your information via e-mail to: bogatto.information@gmail.com
Please, write your data correctly! The checks of our clients will be sent to your name and your address. If it is required we'll call you. If you agree, you will receive further instructions.
Thanks for your attention and best regards,
The Bogatto Company
Frequently Asked Questions
#1 Who will I get checks from?
You will receive checks from our clients who cannot send funds to another country but can only transfer funds by check within that country.
#2 How much will the wages compile?
Your wages will equal 10 percent from the sum of the check. In the other words you get the check, take 10 percent from the sum of the check and the remainder of the check is sent to our clients(ex: the sum of the check is 4,000 USD, you get 400 USD) you get the money this way from every check.
#3 Where is, the check cashed ?
Charges on cashing the check can be taken from this check. It would be better if you could cash the check on the day you receive it. To cash check fast you can use the offices "Check cashing service" "Check Cash Express" and others.
#4 Can cashing services be paid?
Yes, they can; Cashing services can be paid. In this case these services can be paid from the sum of the check.
#5 How is the money transferred by Western Union?
Information about the person who you need to send the money to will be highlighted in an e-mail sent to you. After you have transferred money by Western Union you will be given a MTCN (Money Control Transfer Number). It consist of 10 digits. Then you need to send this number to our e-mail on the same day.
#6 Where should the money be taken from to pay the Western Union fees?
The Western Union fees should be taken from the sum of the check.
#7 The Western Union system doesn't allow more than 3000 USD to be sent at at time?
If the sum of the transfer is more than 3000 USD then you must divide the sum into smaller transfers (it is obligatory) under the 3000 USD Limit. And as it was said above you need to tell us the MTCN s of the transfers.
#8 Can money be sent by another system?
No, it can't. Transfer can be done only by Western Union.
#9 Who will pay tax?
Sums of our checks are not more than 5000 USD. Reports are not sent to the IRS. Don't worry, you won't have to pay taxes on these sums of money.
#10 How many checks a month can you send and what sum of money?
We can send checks at a rate of 50,000 USD, and the quantity of the checks depends on their sum.
#11 Will the person have to go anywhere?
Your job won't be difficult, you won't have to go anywhere, you can do most everything from home and you don't need to invest money.
#12 Are the operation of the company legal?
All the operations of the company are legal and subject to International Judicial System, what is proved by appropriate documents.
#13 What is approximate wages?
Approximate wages a month is between 4000-5000 USD, with a minimum of time and effort.
#14 Who is responsible if the clients are not satisfied?
Our company is.
#15 Should we provide you with information about our bank account?
We don't need any information about your bank account..
-- Bogatto Company -- Contacts: 1-800-516-3170
support@bogatto.com
Wednesday, January 23, 2008
SSL and Man-In-The-Middle Attacks
Here is a lot of information on man in the middle attacks.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
I just wish I understood it better...and that more people would pay attention to and help stop this type of attack.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
I just wish I understood it better...and that more people would pay attention to and help stop this type of attack.
Before you buy that software...
Before you buy software check Secunia to see if there are any advisories on that software and how quickly they were fixed:
http://secunia.com/
Also check the true roots of the software maker and other products developed by that same company or a previous company with the same owner.
Check for third party, credible reviews of the software but also, don't believe everything you read. Do your homework and find out what other companies are using the software and who the reviewer is - related to the company? And is the reviewer technical enough to offer true advice on the software?
Make sure that reviews are not just of the features, but also of the underlying security of the product as well. A piece of software may look cool and have nifty features but also have a back door into your trusted environment.
http://secunia.com/
Also check the true roots of the software maker and other products developed by that same company or a previous company with the same owner.
Check for third party, credible reviews of the software but also, don't believe everything you read. Do your homework and find out what other companies are using the software and who the reviewer is - related to the company? And is the reviewer technical enough to offer true advice on the software?
Make sure that reviews are not just of the features, but also of the underlying security of the product as well. A piece of software may look cool and have nifty features but also have a back door into your trusted environment.
Tuesday, January 22, 2008
Domain Registry of America - Shady Tactics
Domain Registry of America sends out letters to people long before their domains are up for renewal and tries to trick them into paying a "bill" which would actually transfer the domain to a new vendor. This needs to stop.
Sunday, January 20, 2008
Recent Spammer
Got an interesting email from this spammer IP recently: 83.98.156.20
I have a feeling this particular email is more than meets the eye.
I have a feeling this particular email is more than meets the eye.
Search Engine Spam - Report It
Have you been searching in Google and found garage looking web pages that all look the same and are what I would call "search engine spam"? There is obviously some company or set of companies that have purchased countless numbers of domain names that are not being really used other than to spit out a bunch of useless content and links on pages that all look basically the same and link back to other sites they are probably providing SEO service to...these sites are a waste of everyone's time and money. They are garbage sites full of links probably set up to help their customers improve seo rankings artificially, because obviously these sites are not very useful.
Examples:
http://artmam.net
http://dania.com
Next time you are searching in Google and come across a garbage site, make sure you report it. There is a link at the bottom of the list that says "disatisfied with results?" Click it and report these search engine spammer sites so they can get kicked out of the rankings.
Examples:
http://artmam.net
http://dania.com
Next time you are searching in Google and come across a garbage site, make sure you report it. There is a link at the bottom of the list that says "disatisfied with results?" Click it and report these search engine spammer sites so they can get kicked out of the rankings.
Sunday, January 13, 2008
Login forms should be on HTTPS urls
This article is interesting - I especially like the part about why login pages should be https urls, not just the form you're submitting the login to...
http://blogs.msdn.com/ie/archive/2005/04/20/tls-and-ssl-in-the-real-world.aspx
http://blogs.msdn.com/ie/archive/2005/04/20/tls-and-ssl-in-the-real-world.aspx
Thursday, January 10, 2008
Horde Security Flaw
I've been noting problems with various webmail systems.
Here are some posts to backup what may be causing some of these problems, as I have noted most of the mail systems I've used are horde or php. These advisories came from Secunia today:
Horde:
http://secunia.com/advisories/28020/
PHP:
http://secunia.com/advisories/28393/
Now...will someone please look into these AJAX systems as well? Something seems a little fishy with some of those.
Here are some posts to backup what may be causing some of these problems, as I have noted most of the mail systems I've used are horde or php. These advisories came from Secunia today:
Horde:
http://secunia.com/advisories/28020/
PHP:
http://secunia.com/advisories/28393/
Now...will someone please look into these AJAX systems as well? Something seems a little fishy with some of those.
Saturday, January 05, 2008
Be Honest. Get Customers. What a Concept.
In light of all the things I have been writing here, about companies accepting responsibility for things going wrong and fixing them instead of sweeping them under the carpet, I find this to be an inspiring article for those companies still not convinced it is the best thing to do. I mean if you can't do it because it is the right thing to do, maybe you'll do it because you'll get more customers:
http://www.wired.com/wired/archive/15.04/wired40_ceo.html
http://www.wired.com/wired/archive/15.04/wired40_ceo.html
Manta.com publishing inaccurate information
Manta.com is publishing completely bogus information about companies - information they have no way of knowing. Take a look at your company profile on Manta and in you find something that is inaccurate, report it to the search engines, the company and post it on your blog so this misuse of the web can be stopped.
Subscribe to:
Posts (Atom)