That's also possible, though the attacker would have had to correlate those credentials with her email address. These botnet systems are generally pretty well automated and correlation isn't trivial, so I suspect that vector is less likely.
On Nov 8, 2011, at 11:28 AM, Paul Heinlein wrote: > On Tue, 8 Nov 2011, Benjamin Krueger wrote: > >> You may have assumed too early, and without enough evidence. There are lots >> of ways somebody could have gotten Alice's credentials. FWIW, probably the >> most likely method is that Alice was phished and gave her credentials >> willingly. She probably doesn't remember or realize, and even if she does >> remember she may lie about it. > > Or she re-uses passwords and a completely different source of her credentials > was compromised. > > -- > Paul Heinlein <> [email protected] <> http://www.madboa.com/ _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
