Re: PSA: change your fedex.com account logins

2019-06-02 Thread Ben Cannon 
You’d be surprised how often nation-states use essentially phishing scams.

-Ben Cannon
CEO 6x7 Networks & 6x7 Telecom, LLC 
b...@6by7.net 




> On May 31, 2019, at 5:04 AM, Jason Kuehl  wrote:
> 
> Is it possible, yes. I've seen it several times now at my place of work. 
> Targeted attacks are a thing.
> 
> On Fri, May 31, 2019 at 2:53 AM Mike Hale  > wrote:
> Oh for fucks sake.
> 
> Really?
> 
> You two are questioning someone who subscribes to Nanog over Fedex?
> You really think it's more likely that someone is targeting Dan Hollis
> (whoever he is) instead of Fedex leaving something else exposed?
> 
> On Thu, May 30, 2019 at 11:39 PM Scott Christopher  > wrote:
> >
> > Dan Hollis wrote:
> >
> > Phishing scheme didn't happen.
> >
> > fedex has had a number of major compromises so it's not a stretch that
> > their user database was stolen and sold to spammers.
> >
> >
> > The other possibility is that your one-off email scheme is predictable, and 
> > someone knows you use FedEx, and that someone is targeting specifically 
> > you, and this obvious phishing email is a red herring for the exploit you 
> > didn't see.
> >
> > Be concerned.
> >
> > -- S.C.
> 
> 
> 
> -- 
> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
> 
> 
> -- 
> Sincerely,
>  
> Jason W Kuehl
> Cell 920-419-8983
> jason.w.ku...@gmail.com

Re: PSA: change your fedex.com account logins

2019-06-01 Thread Mark Rousell 
On 31/05/2019 16:02, Niels Bakker wrote:
> * r...@gsp.org (Rich Kulawiec) [Fri 31 May 2019, 16:18 CEST]:
> [...]
>> This is hardly surprising: many of them are spammers-for-hire, many of
>> them use invasive tracking/spyware, and none of them actually care in
>> the slightest about privacy or security -- after all, it's not *their*
>> data, why should they?
>
> Which is why we now have GDPR.  Care, or get fined.

Not quite so simple, though, is it. If you want to make a complaint then
you have to get your EU national data protection regulator interested.
Even the worst-leaking ESPs are unlikely to generate many complaints, I
suspect. And if they are located outside the EU with no direct business
presence within the EU then it requires the regulator to make approaches
to foreign governments who might or might not be willing to cooperate.

In the UK the data protection regulator is the ICO  and,
whilst it is perhaps one of the better UK regulatory agencies, I still
wouldn't hold out much hope of getting them to do anything like this
(where multiple levels of evidence would need to be collected) in
individual cases.

> Unfortunately it's not that easy; the few large remaining mail hosters
> at best have opaque procedures when it comes to accepting mail.

Sadly so but I think that if you have a decent and consistent volume
(and follow all the usual good hygiene requirements) then it should be
possible to get on their automated radar in a positive way. It seems to
me that it's small volume senders who have the real deliverability problems.

-- 
Mark Rousell

Re: PSA: change your fedex.com account logins

2019-05-31 Thread Dan Hollis 
The one-off email scheme is not predictable. It is randomly generated 
string of characters.


$ ./randgen
jvtMDluV0lwnlY5O

So you can totally eliminate that possibility entirely.

-Dan

On Fri, 31 May 2019, Jason Kuehl wrote:


Is it possible, yes. I've seen it several times now at my place of work.
Targeted attacks are a thing.

On Fri, May 31, 2019 at 2:53 AM Mike Hale  wrote:


Oh for fucks sake.

Really?

You two are questioning someone who subscribes to Nanog over Fedex?
You really think it's more likely that someone is targeting Dan Hollis
(whoever he is) instead of Fedex leaving something else exposed?

On Thu, May 30, 2019 at 11:39 PM Scott Christopher  wrote:


Dan Hollis wrote:

Phishing scheme didn't happen.

fedex has had a number of major compromises so it's not a stretch that
their user database was stolen and sold to spammers.


The other possibility is that your one-off email scheme is predictable,

and someone knows you use FedEx, and that someone is targeting specifically
you, and this obvious phishing email is a red herring for the exploit you
didn't see.


Be concerned.

-- S.C.




--
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0




--
Sincerely,

Jason W Kuehl
Cell 920-419-8983
jason.w.ku...@gmail.com

Re: PSA: change your fedex.com account logins

2019-05-31 Thread Niels Bakker 

* r...@gsp.org (Rich Kulawiec) [Fri 31 May 2019, 16:18 CEST]:
[...]

This is hardly surprising: many of them are spammers-for-hire, many of
them use invasive tracking/spyware, and none of them actually care in
the slightest about privacy or security -- after all, it's not *their*
data, why should they?


Which is why we now have GDPR.  Care, or get fined.



Which are some of the many reasons that outsourcing your mailing lists
is a terrible idea, doubly so when it's quite easy to run your own with
Mailman (or equivalent).


Unfortunately it's not that easy; the few large remaining mail hosters 
at best have opaque procedures when it comes to accepting mail.



-- Niels.

Re: PSA: change your fedex.com account logins

2019-05-31 Thread Rich Kulawiec 
On Fri, May 31, 2019 at 01:17:19PM +, Richard wrote:
> When I have looked into this type of issue for my unique addressing
> some did trace back to back-end db hacks (e.g., adobe), but I found
> that the most likely culprit was the 3rd-party bulk mailer that
> handled the organization's marketing mail. It could be a non-zeroed
> disk thrown into the trash or an inside job, but it almost always
> traced back to one or two bulk mailing companies. 


FYI, I've been running numerous experiments in this area for many years
using unique non-guessable non-typo'able addresses.  Explaining the
results in full would take many pages, so let me summarize: 3rd party
bulk mailers leak like sieves.  "How?" remains an open question: could be
that they're selling, could be that they have security issues, could be
that insiders are selling on their own, could be any number of things:
it's really not possible to say.  But they are unquestionably leaking.
This is hardly surprising: many of them are spammers-for-hire, many of
them use invasive tracking/spyware, and none of them actually care in
the slightest about privacy or security -- after all, it's not *their*
data, why should they?

Which are some of the many reasons that outsourcing your mailing lists
is a terrible idea, doubly so when it's quite easy to run your own with
Mailman (or equivalent).

---rsk

Re: PSA: change your fedex.com account logins

2019-05-31 Thread Steve Atkins 



> On May 31, 2019, at 2:17 PM, Richard  
> wrote:
> 
> 
> 
>> Date: Friday, May 31, 2019 08:04:13 -0400
>> From: Jason Kuehl > 
>> Is it possible, yes. I've seen it several times now at my place of
>> work. Targeted attacks are a thing.
>> 
 
 Dan Hollis wrote:
 
 Phishing scheme didn't happen.
 
 fedex has had a number of major compromises so it's not a
 stretch that their user database was stolen and sold to spammers.
 
> 
> When I have looked into this type of issue for my unique addressing
> some did trace back to back-end db hacks (e.g., adobe), but I found
> that the most likely culprit was the 3rd-party bulk mailer that
> handled the organization's marketing mail. It could be a non-zeroed
> disk thrown into the trash or an inside job, but it almost always
> traced back to one or two bulk mailing companies. 

The most common issue for quite a while was malware on the windows
desktops of employees with access to the companies ESP account.

The web browser saves username and password to autofill the ESPs
web interface in a very predictable place. Malware exfiltrates that. Bad
guys compromise ESP account, download all the lists they can find
(and then start spamming on the company dime).

That's why ESPs pushed quite so hard to get multifactor authentication
of some sort adopted by their customers. But a lot of them didn't do
that (partly, I suspect, because the ESP account was accessed by
multiple employees) and even if they did that didn't stop the lists
that had already been downloaded.

Actual compromises of the ESP, or bad behaviour of it's employees,
seem to be rather rare but customer account compromise is
everywhere.

Cheers,
  Steve

Re: PSA: change your fedex.com account logins

2019-05-31 Thread Richard 



> Date: Friday, May 31, 2019 08:04:13 -0400
> From: Jason Kuehl 
> Is it possible, yes. I've seen it several times now at my place of
> work. Targeted attacks are a thing.
> 
>> > 
>> > Dan Hollis wrote:
>> > 
>> > Phishing scheme didn't happen.
>> > 
>> > fedex has had a number of major compromises so it's not a
>> > stretch that their user database was stolen and sold to spammers.
>> > 

When I have looked into this type of issue for my unique addressing
some did trace back to back-end db hacks (e.g., adobe), but I found
that the most likely culprit was the 3rd-party bulk mailer that
handled the organization's marketing mail. It could be a non-zeroed
disk thrown into the trash or an inside job, but it almost always
traced back to one or two bulk mailing companies.

Re: PSA: change your fedex.com account logins

2019-05-31 Thread Jason Kuehl 
Is it possible, yes. I've seen it several times now at my place of work.
Targeted attacks are a thing.

On Fri, May 31, 2019 at 2:53 AM Mike Hale  wrote:

> Oh for fucks sake.
>
> Really?
>
> You two are questioning someone who subscribes to Nanog over Fedex?
> You really think it's more likely that someone is targeting Dan Hollis
> (whoever he is) instead of Fedex leaving something else exposed?
>
> On Thu, May 30, 2019 at 11:39 PM Scott Christopher  wrote:
> >
> > Dan Hollis wrote:
> >
> > Phishing scheme didn't happen.
> >
> > fedex has had a number of major compromises so it's not a stretch that
> > their user database was stolen and sold to spammers.
> >
> >
> > The other possibility is that your one-off email scheme is predictable,
> and someone knows you use FedEx, and that someone is targeting specifically
> you, and this obvious phishing email is a red herring for the exploit you
> didn't see.
> >
> > Be concerned.
> >
> > -- S.C.
>
>
>
> --
> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>


-- 
Sincerely,

Jason W Kuehl
Cell 920-419-8983
jason.w.ku...@gmail.com

Re: PSA: change your fedex.com account logins

2019-05-31 Thread Mike Hale 
Oh for fucks sake.

Really?

You two are questioning someone who subscribes to Nanog over Fedex?
You really think it's more likely that someone is targeting Dan Hollis
(whoever he is) instead of Fedex leaving something else exposed?

On Thu, May 30, 2019 at 11:39 PM Scott Christopher  wrote:
>
> Dan Hollis wrote:
>
> Phishing scheme didn't happen.
>
> fedex has had a number of major compromises so it's not a stretch that
> their user database was stolen and sold to spammers.
>
>
> The other possibility is that your one-off email scheme is predictable, and 
> someone knows you use FedEx, and that someone is targeting specifically you, 
> and this obvious phishing email is a red herring for the exploit you didn't 
> see.
>
> Be concerned.
>
> -- S.C.



-- 
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: PSA: change your fedex.com account logins

2019-05-31 Thread Scott Christopher 
Dan Hollis wrote: 

> Phishing scheme didn't happen.
> 
> fedex has had a number of major compromises so it's not a stretch that 
> their user database was stolen and sold to spammers.

The other possibility is that your one-off email scheme is predictable, and 
someone knows you use FedEx, and that someone is targeting specifically you, 
and this obvious phishing email is a red herring for the exploit you didn't see.

Be concerned.

-- S.C.

Re: PSA: change your fedex.com account logins

2019-05-30 Thread Dan Hollis 

Phishing scheme didn't happen.

fedex has had a number of major compromises so it's not a stretch that 
their user database was stolen and sold to spammers.


-Dan

On Thu, 30 May 2019, Matt Hoppes wrote:


Possibly. The other possibility I can think of is that you succumbed to a 
phishing scheme where are you entered the login information for your Fed ex 
account.


On May 30, 2019, at 4:12 PM, Dan Hollis  wrote:

I received a credit card scam addressed to my one-off unique address registered 
to fedex.com.

So it seems fedex.com user database has been compromised. Change your logins 
asap.

-Dan

Re: PSA: change your fedex.com account logins

2019-05-30 Thread Matt Hoppes 
Possibly. The other possibility I can think of is that you succumbed to a 
phishing scheme where are you entered the login information for your Fed ex 
account.

> On May 30, 2019, at 4:12 PM, Dan Hollis  wrote:
> 
> I received a credit card scam addressed to my one-off unique address 
> registered to fedex.com.
> 
> So it seems fedex.com user database has been compromised. Change your logins 
> asap.
> 
> -Dan

PSA: change your fedex.com account logins

2019-05-30 Thread Dan Hollis 
I received a credit card scam addressed to my one-off unique address 
registered to fedex.com.


So it seems fedex.com user database has been compromised. Change your 
logins asap.


-Dan