[nsp-sec] Question about potentially compromised email credentials
Gabriel Iovino
giovino at ren-isac.net
Fri Sep 18 10:40:01 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A list of *potentially* compromised email credentials was harvested from
the following server/(HTML Phishing form) over the last few days.
> [URL ]hxxp://www.losnaranjos23.com/phpformgenerator/use/oncedial/form1.html
> [Status] Offline
I have already reached out to eight .edu's and am trying to decide what
to do with the remaining 55.
It would be trivial for me to post a file with the following:
> Email Address | Username | Password | Confirm Password
but this community usually does not exchange datasets without AS
numbers. It would probably take me an hour or so to hack together a perl
script to resolve the MX record > hostname > IP > ASN which would allow
me to put it in a format that is typical for this community.
My question is, are *potentially* compromised email accounts as a result
of credential dropboxes something this community is interested in?
Thanks
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkqzm8EACgkQwqygxIz+pTuwxQCfeAnEsyh//Gi1QeIFyWzgPUZa
5a4An0HaL94Ri9LLpBzvhi0MrXGc//g1
=lOjF
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list