[nsp-sec] psst hey buddy want a list of compromised popmail accounts:)

John Fraizer john at op-sec.us
Thu Mar 27 18:16:00 EDT 2008 

it is directly below 'changeme'. :(

John Fraizer
Senior Internetworking Engineer
NOC Engineering
NuVox Communications, Inc
(864)331-7575 work
-Sent from my Treo SmartPhone
-----Original Message-----
From: Ryan Pavely <paradox at nac.net>
Date: Thursday, Mar 27, 2008 6:14 pm
Subject: Re: [nsp-sec] psst hey buddy want a list of 	compromised	popmail	accounts:)
To: nsp-security at puck.nether.net

----------- nsp-security Confidential --------
>
>I wonder how 'ChangeMe' ranks...
>
>
>
>Joel Rosenblatt wrote:
> ----------- nsp-security Confidential --------
>
>> What's amazing to me is that
>
>> 320 of the 850 have password as the password
> 242 of the 850 have info     as the password
>  77 of the 850 have 123456   as the password
>  58 of the 850 have abuse    as the password
>  46 of the 850 have sales    as the password
>
>> No wonder computer security is an uphill battle :-)
>
>> My 2 cents.
>
>> Joel Rosenblatt
>
>> It may be 849 - I think I counted the first line in that :-)
>
>> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
>
>>
>
>>
>
>> --On Thursday, March 27, 2008 3:53 PM -0600 "Smith, Donald" <Donald.Smith at qwest.com> wrote:
>
>>   
>> ----------- nsp-security Confidential --------
>>
>> https://asn.cymru.com/nsp-sec/upload/1206654205.whois.txt
>>
>> Here are the popmail accounts that were compromised to send SMTP spam to
>> the SMTP -> sms gateways.
>> I don't have time stamps but you probably won't need them as the vast
>> majority of these will not be dynamic IP addresses.
>> Format is as follows:
>> AS|IP|accountname password|ip owner.
>>
>> When contacted please only tell them the account name and that that
>> account has been compromised and is being used to send spam. I wouldn't
>> mention the sms side of this.
>>
>> If you want to share the password with them as proof I have no problem
>> with that they are mostly "joe" accounts.
>>
>> H8Hz
>> Donald.Smith at qwest.com giac
>>
>>
>> This communication is the property of Qwest and may contain confidential or
>> privileged information. Unauthorized use of this communication is strictly
>> prohibited and may be unlawful.  If you have received this communication
>> in error, please immediately notify the sender by reply e-mail and destroy
>> all copies of the communication and any attachments.
>>
>>
>> _______________________________________________
>> nsp-security mailing list
>> nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
>> community. Confidentiality is essential for effective Internet security counter-measures.
>> __________________________________________

More information about the nsp-security mailing list