Mailing List CGatePro@mail.stalker.com Message #92572
From: John Rudd <jrudd@ucsc.edu>
Subject: Re: Speaking of CGP and Spam....
Date: Tue, 11 Sep 2007 14:25:01 -0700
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Stefan Seiz wrote:
On 11.09.2007 19:28 Uhr, John Rudd <jrudd@ucsc.edu> wrote:

In the last month or two we've had 3 cases of independent sites in
Africa compromising 3 different accounts (3 total, not 9 total ... 1 per
site) and using them to send spam.  All of the reported messages came
through webmail, but I'm sure if I just limited their webmail access
they'd start using SMTP-Auth.

I'd guess if you don't require Webmailsessions to come from the SAME IP,
then it might be not too hard to hijack a webmail-session and thus maybe
effectively take ofer an account...

That is a general problem with session ids in URLs or even cookies...


Actually, in all 3 cases, it stopped as soon as the password for the account was changed.  So I think it's simple password cracking.  For the first one, it was a french professor who had a simple french word as his password (likely to be in a french dictionary file).  And the African country that cracked it was ... primarily french speaking.

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster