[nsp-sec] psst hey buddy want a list of compromised popmail accounts:)
Smith, Donald
Donald.Smith at qwest.com
Thu Mar 27 18:06:54 EDT 2008
There are abuse accounts with the password abuse.
Those guys REALLY should know better!!!!
RM=for(1)
{manage_risk(identify_risk(product[i++]) &&
(identify_threat[product[i++]))}
Donald.Smith at qwest.com giac
> -----Original Message-----
> From: Joel Rosenblatt [mailto:joel at columbia.edu]
> Sent: Thursday, March 27, 2008 4:06 PM
> To: Smith, Donald
> Cc: nsp-security at puck.nether.net
> Subject: Re: [nsp-sec] psst hey buddy want a list of
> compromised popmail accounts:)
>
> What's amazing to me is that
>
> 320 of the 850 have password as the password
> 242 of the 850 have info as the password
> 77 of the 850 have 123456 as the password
> 58 of the 850 have abuse as the password
> 46 of the 850 have sales as the password
>
> No wonder computer security is an uphill battle :-)
>
> My 2 cents.
>
> Joel Rosenblatt
>
> It may be 849 - I think I counted the first line in that :-)
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
>
>
>
>
> --On Thursday, March 27, 2008 3:53 PM -0600 "Smith, Donald"
> <Donald.Smith at qwest.com> wrote:
>
> > ----------- nsp-security Confidential --------
> >
> > https://asn.cymru.com/nsp-sec/upload/1206654205.whois.txt
> >
> > Here are the popmail accounts that were compromised to send
> SMTP spam to
> > the SMTP -> sms gateways.
> > I don't have time stamps but you probably won't need them
> as the vast
> > majority of these will not be dynamic IP addresses.
> > Format is as follows:
> > AS|IP|accountname password|ip owner.
> >
> > When contacted please only tell them the account name and that that
> > account has been compromised and is being used to send
> spam. I wouldn't
> > mention the sms side of this.
> >
> > If you want to share the password with them as proof I have
> no problem
> > with that they are mostly "joe" accounts.
> >
> > H8Hz
> > Donald.Smith at qwest.com giac
> >
> >
> > This communication is the property of Qwest and may contain
> confidential or
> > privileged information. Unauthorized use of this
> communication is strictly
> > prohibited and may be unlawful. If you have received this
> communication
> > in error, please immediately notify the sender by reply
> e-mail and destroy
> > all copies of the communication and any attachments.
> >
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of
> the nsp-security
> > community. Confidentiality is essential for effective
> Internet security counter-measures.
> > _______________________________________________
>
>
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
>
More information about the nsp-security
mailing list