Re: Phishing Attempt

On 02 Oct 2007, in the Usenet newsgroup comp.os.linux.security, in article
<4702af38$0$26431$88260bb3@xxxxxxxxxxxxxxxxx>, CWO4 Dave Mann wrote:

This guy is probably unaware and his box has been hacked to be a relay:

Hard to say. He reported that his ISP (presumably optus.com.au, as they
didn't bother to SWIP the address space to another, and the rDNS comes
up with a generic optus.com.au hostname) notified him early enough.
The address hasn't shown up on the news.admin.net-abuse.* radar. That
may actually be good news, because chunks of Optus land got into
blocklists here for a total lack of response from abuse.optusnet.com.au
(other than a auto-responder). As for being unaware - if you knew
where to look (and that's not relevant or appropriate here), he seems
to have some knowledge. Setting up an account 'test' with a password
of 'testing' really does sound like the actions of a brane-ded student,
but if you look at the 'deloader' worm that went through the windoze
world back in March 2003...

[snippity]
Deloder is a network worm infecting Windows machines which have set a
weak password to the "Administrator" account. It also installs remote
access tool VNC, opening the computer to the world.
[/snippity]

and I'll bet you'd never guess some of the 87 passwords it used to
gain access. But your favorite search engine would find them. ;-)

Weak passwords have been a problem centuries before computers
existed. There is a fine line between a strong enough password
that the lusers can remember, and the one that ends up on a
post-it note stuck on the monitor. Require mixed case (guess how
many times the upper case letter will be found in predictable
places), numbers (invariably either l33t-speak, or the digit '1'
tacked on to the end of a dictionary word), or punctuation (most
often a '!' at the end)... please remember that the skills of the
common user are really stretched remembering the license plate on
their vehicle.

Old guy
.

Relevant Pages

  • Re: pwdump - john and l0pht and cain
    ... >account that I created with a weak password and I am using it to ... >password is in) and the dump with just my account line in it. ... Sounds like you are using the *original* pwdump. ...
    (alt.computer.security)
  • Re: Email account spam/hijacking
    ... including all those untrusted sites where you ... used this account, already know your username to your account since it ... Weak password is a possibility - its only strength was that it wasn't a real ... you'll have to contact Hotmail support to get your password reset. ...
    (microsoft.public.internet.mail)
  • Re: (no subject)
    ... needed to test whether an account has a strong or weak password. ... package, although I do not know if this particular tool was used. ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". ...
    (Debian-User)