If you're aware, recently a big ISP have been shut down because it allowed its user to send spam. Because of the closing, spam been have dropped about 40~70% all around the world. But, if you aware, google also been hack recently and there are increased number of spams going in from my personal mail hosted in GMail (well, it's a mailling list anyway). There's something going on to Yahoo! as well and I think they want to attack Yahoo! also.
The mailserver also been flooded with attacks recently from outside, this taught me a valuable lesson:
There are three technique that exist:
#1 Great Pretender
Pretending as your administrator and sending email notification to ask password. FYI, we, admins, doesn't need your password to access any application that we administer. So, we will never ask any of your confidential including password.
The other reason why we will never ask you password is because we don't need any to access nor modify your personal information. But, we will never do that! we have ethics, fyi.
#2 Fishing Your Password
Using viruses, malwares, etc to setup a website that related to well-known/target services. Take a look at [WARNING: THIS IS A PASSWORD FISHING SITE, NEVER ENTER ANY CONFIDENTIAL NOR ACCESS THE SITE IF USING WINDOZE.] http://holiday-picz.com [/END OF BAD SITE]. The site also viable with yahoo login name subdomain. The look is very like real site, but the site host is not. Watch out for that. If it's HTTPS, read the SSL/TLS certificate.
Impersonating also comes with different model, such as cracking legitimate sites and using XSS to hijack the site.
#3 Social Engineering
Cool? Well, that's the idea, pretend as someone else and persuade user to provide confidential information.
That's for common folks. For admins, watch your HTTP server's access.log, error.log, warn.log. Watch for suspicious request. I assume that you already have iptables handles zero packets and overwhelming connection, no? The bucket thingie, you activate that, don't you?
Watch out your sendmail/postfix/MTA and applications that using it. As I said earlier, SASL is not that save. It only guarantee a legit user that access the email. But, it can't guarantee that the email sent is not spam that have a FROM header not from your domain. So, check your SMTPs and never let them becoming open relays. One note, it's a good practice to have different incoming and outgoing server. It save the regex. Oh, do you have that good ol' SA?
The last thing, take a deep breath. Every user can have the potential to become an ^a*hole$. But, hey, that's life. They want comfort and we want security. Just... hang in there. -_-'
Oh, btw, captcha sucks. Don't you know that it is prone lately? Google for the article.
The mailserver also been flooded with attacks recently from outside, this taught me a valuable lesson:
SASL is not that save!Just like China's Great Wall, crumbled because of the bad management of the user. You can build a Citadel in your mail appliance, but it still not safe if your user not that precautious. In fact, transparent to user is no longer true to the email safety. Security is not that comfortable! They must know how to secure their login. Now, they need to know that many spammers want to fish their login and password.
There are three technique that exist:
#1 Great Pretender
Pretending as your administrator and sending email notification to ask password. FYI, we, admins, doesn't need your password to access any application that we administer. So, we will never ask any of your confidential including password.
The other reason why we will never ask you password is because we don't need any to access nor modify your personal information. But, we will never do that! we have ethics, fyi.
#2 Fishing Your Password
Using viruses, malwares, etc to setup a website that related to well-known/target services. Take a look at [WARNING: THIS IS A PASSWORD FISHING SITE, NEVER ENTER ANY CONFIDENTIAL NOR ACCESS THE SITE IF USING WINDOZE.] http://holiday-picz.com [/END OF BAD SITE]. The site also viable with yahoo login name subdomain. The look is very like real site, but the site host is not. Watch out for that. If it's HTTPS, read the SSL/TLS certificate.
Impersonating also comes with different model, such as cracking legitimate sites and using XSS to hijack the site.
#3 Social Engineering
Cool? Well, that's the idea, pretend as someone else and persuade user to provide confidential information.
That's for common folks. For admins, watch your HTTP server's access.log, error.log, warn.log. Watch for suspicious request. I assume that you already have iptables handles zero packets and overwhelming connection, no? The bucket thingie, you activate that, don't you?
Watch out your sendmail/postfix/MTA and applications that using it. As I said earlier, SASL is not that save. It only guarantee a legit user that access the email. But, it can't guarantee that the email sent is not spam that have a FROM header not from your domain. So, check your SMTPs and never let them becoming open relays. One note, it's a good practice to have different incoming and outgoing server. It save the regex. Oh, do you have that good ol' SA?
The last thing, take a deep breath. Every user can have the potential to become an ^a*hole$. But, hey, that's life. They want comfort and we want security. Just... hang in there. -_-'
Oh, btw, captcha sucks. Don't you know that it is prone lately? Google for the article.
eh phising apa fishing, jep?
ReplyDeletesitus phising fishing2 (baca: mancing2) orang tuk masuking password =D
ReplyDelete