Re: Password trading problem

From: Tomek Perlak (t.perlak_at_wp.pl)
Date: 08/05/04

  • Next message: William Barrett: "Logging utility"
    To: <security-basics@securityfocus.com>
    Date: Wed, 4 Aug 2004 20:16:03 -0400
    
    

    Hello,

    You might want to start with a Google search for the address of your
    website;

    ----- Original Message -----
    From: "Jason Humes" <jhumes@acs.on.ca>
    To: <security-basics@securityfocus.com>
    Sent: Tuesday, August 03, 2004 3:50 PM
    Subject: Password trading problem

    > Hi
    > I've got a client who has an adult themed, password protected, web site
    and
    > I'm in charge of doing a security review of it. This was brought about by
    > the admin noticing a huge amount of logins from a single account across
    many
    > different IP addresses. I imagine that this is the result of password
    > trading online and as part of my security audit I would like to develop a
    > list of these sites which offer message forums for password 'testing',
    adult
    > 'testing', web 'testing' etc...meaning password cracking, and scan for my
    > clients site within their lists to make sure no passwords/accounts have
    been
    > cracked and being shared. Does anyone have any ideas? Thanks.
    >
    > --
    >
    > Jason D. Humes
    >
    > Applied Computer Solutions Inc.
    > 3020 St. Etienne Blvd.
    > Windsor, Ontario
    > Phone: (519) 944-4300 x211
    > Fax : (519) 944-4247
    > Email : jhumes@acs.on.ca
    >
    >
    >
    > **********************************************************************
    >
    > Confidentiality Notice:
    >
    > The information contained in this e-mail and any attachments may be
    legally
    > privileged and confidential. If you are not an intended recipient, you are
    > hereby notified that any dissemination, distribution or copying of this
    > e-mail and any attachments is strictly prohibited. If you received this
    > e-mail in error, please notify the sender and permanently delete the
    e-mail
    > and any attachments immediately. You should not retain, copy or use this
    > e-mail or any attachment for any purpose, nor disclose all or any part of
    > the contents to any other person.
    >
    > Thank you.
    >
    >
    > --------------------------------------------------------------------------
    -
    > Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    > any course! All of our class sizes are guaranteed to be 10 students or
    less
    > to facilitate one-on-one interaction with one of our expert instructors.
    > Attend a course taught by an expert instructor with years of in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    skills
    > of an Ethical Hacker to better assess the security of your organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > --------------------------------------------------------------------------

    --
    >
    >
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: William Barrett: "Logging utility"

    Relevant Pages

    • RE: PacketShaper
      ... we're deploying these along with firewalls in our managed security ... >>Ethical Hacking at the InfoSec Institute. ... >>Attend a course taught by an expert instructor with years of ... >>pen testing experience in our state of the art hacking lab. ...
      (Pen-Test)
    • RE: securing password list
      ... What security methods do you use to secure a list such as this? ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Online Universities with Information Security Programs
      ... Online Universitties with Information Security Programs ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Comparison of Yahoo v. MSN Messenger from security standpoint
      ... Onderwerp: RE: Comparison of Yahoo v. MSN Messenger from security standpoint ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: Security issues in publishing content of /etc ?
      ... just check permisions... ... > I believe the security issue here is that there will be no secrets for anyone who wants ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)