I have actually had a rash (4 - 5) of break ins that were due to social
engineering and phishing attacks. I now have a script that scans the
mail logs and locks a user/puts outgoing emails on hold if they send
more than Y messages of more than X recipients in T time. This has
worked well to trap and stop a few outbreaks. As a side effect it has
also identified my users who send to large mailing lists.
cheers,
ski
On 11/08/2011 11:41 AM, Benjamin Krueger wrote:
That's also possible, though the attacker would have had to correlate
those credentials with her email address. These botnet systems are
generally pretty well automated and correlation isn't trivial, so I
suspect that vector is less likely.
On Nov 8, 2011, at 11:28 AM, Paul Heinlein wrote:
On Tue, 8 Nov 2011, Benjamin Krueger wrote:
You may have assumed too early, and without enough evidence.
There are lots of ways somebody could have gotten Alice's
credentials. FWIW, probably the most likely method is that Alice
was phished and gave her credentials willingly. She probably
doesn't remember or realize, and even if she does remember she
may lie about it.
Or she re-uses passwords and a completely different source of her
credentials was compromised.
-- Paul Heinlein<> [email protected]<> http://www.madboa.com/
_______________________________________________ Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list
provided by the League of Professional System Administrators
http://lopsa.org/
--
"When we try to pick out anything by itself, we find it
connected to the entire universe" John Muir
Chris "Ski" Kacoroski, Director of LOPSA
206-501-9803, ski98033 on IRC and most IM services
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
