Dear hackers: If you try to pwn a website for phishing, make sure it's not the personal domain of a senior Akamai security researcher Think you have bad luck? Imagine being the script kiddie who inadvertently tried and failed to pwn an Akamai security pro. Larry Cashdollar, a senior security response engineer at the US-based global web giant, told us late last week he just recently noticed something peculiar in the logs on his personal website. Further …
I was looking for something more than "Cashdollar was also able to extract the criminal's email address and their preferred language". That may lead authorities to the people committing the attacks, but probably not. As far as the perps are concerned, his was just another of a list of sites that couldn't be pwned using this method. They only care about those they can get into, so they just moved on after trying and failing.
That may lead authorities to the people committing the attacks, but probably not.
Probably not. I work at a large portuguese-speaking country, and some years ago used to waste my time tracking some very lame phishing attempts (we be your email provider, you be over quota, send your password to us). When I was able to identify an e-mail account associated with the phishing pages I alerted the postmaster of the email domain. Never got a reply, and the phishers just moved e-mails or targets. I am quite sure the authorities would not be able to do anything about this either.
Afterburner was a Transformer and not real. No idea what you are on about.
One of my clients was receiving a shed load of phishing emails from a legit email account that had obviously been compromised (rather than a spoof).
Notified the IT Department (of the really big university where the emails were coming from) and got a "oh yeah, we'll notify the user..." response. That' (IMO) is even worse than no response.
That reminds me of when I tried to report a compromised NHS email account that was being used to send out phishing messages. The headers showed quite clearly that it was being sent via internal Exchange servers at what turned out to be my local hospital (the amount of detail it revealed about their AD server architecture was quite interesting...), so maybe the user's PC had been pwned so, naturally, I did my civic duty and, after some headscratching, managed to find a suitable contact email for the IT support team. (Couldn't find any kind of dedicated "report a security issue" address.)
The next working day (after the weekend), I got back a polite but obviously-canned response giving instructions on how to raise a support ticket via the form on the intranet. Of course, that was of no use whatsoever as I can't log into their intranet, nor was the internal telephone extension number I was directed to ring if the problem prevented me getting onto the intranet.
I've had all of the common vulnerability scan HTTP paths hooked up to a large garbage stream for about 18 years. It used to kill the scanners but now most disconnect after a few MB and continue.
I've been thinking of sending badly behaved anti-piracy bots files tuned specifically to crash them but it's not a high priority. My connection is flat-rate so letting them repeatedly download terabytes of unspectacular personal photos and videos sounds like it's already punishment.
Millions of years ago me and my brother as kids (off of the UK), found ourselves in a place called Bethlehem with a (very small) fist full of US dollars as pocket money. Despite being Brits living in Cyprus and holidaying in Israel, it was easier to go in with USD because the shekel was a bit volatile in 1985.
The local kids wanted dollars but had all these dodgy pound coins that they had scrounged or stolen off British tourists. We traded one for one and everyone was happy.
Hhmmm... surfed to the link given (https://blogs.akamai.com/sitr/2019/07/criminals-using-targeted-remote-file-inclusion-attacks-in-phishing-campaigns.html) and rewarded with:
Access Denied
You don't have permission to access "http://blogs.akamai.com/sitr/2019/07/criminals-using-targeted-remote-file-inclusion-attacks-in-phishing-campaigns.html" on this server.
Reference #18.8f2bf648.1564405881.2828abd2
Same here with a slightly different ref.
Access Denied
You don't have permission to access "http://blogs.akamai.com/sitr/2019/07/criminals-using-targeted-remote-file-inclusion-attacks-in-phishing-campaigns.html" on this server.
Reference #18.b6cd417.1564406891.12d47b72
Seems to be working for me from the UK.
But while we're on the subject does anyone else have problems with Linux Today. Almost inevitably I get a message such as:
An error occurred while processing your request.
Reference #97.d481655f.1564419041.399b3e2a
with changing references. That's been going on for weeks.
Many thanks!
I've almost never read "Linux today" (in fact I had to parse your post several times trying to work out what issue you were experiencing while using your Linux computer on this particular day - then remembered that "Linux Today" is a site :)
But while we're on the subject does anyone else have problems with Linux Today.
I didn't. I did have to turn on JS for LT, WP and clodfool - the latter necessary before I could see any content. I tried a few random articles before seeing anything.
But I owe you many thanks for inadvertently teaching me something quite useful that I had not previously come across in all my years of using bash :
https://www.linuxlinks.com/excellent-utilities-mcfly-navigate-shell-history/
Using ^R on the command line brings up a search system where you can type part of the command and it does the rest. There are some partly-remembered commands with odd formatting that I'd love to be able to remember, which I use sparingly enough that they get pushed way back in the history. Being able to get them up with "^Rsc" or "^R48" - 3 keystrokes and a long command back.
So much thanks Doc, you've improved my mental health some - completely by accident! :)
(Speaking of command histories.. El Reg - that box we used to have that gave us threads we'd posted to which had new posts - can we get that back????)
Does it also tell you how to turn it off?
I'm guessing "rm ~/.bash_history" would do the trick fairly well, at least temporarily.
But I only read enough to learn the basics of a new toy. Once I get that far I don't bother looking further.
Hell, I only learned sudo -k a couple of weeks back ("reattaching" tmux sessions was kinda scary as it might've been a week or more back since I did the sudo command before dropping the session, and if someone managed to get on to that (though if they get that far they probably have my password anyway).
I'm very seldom paid to do computer stuff, and have more important stuff to focus on much of the time, so I do the least possible to meet my needs :)
Yes, great name. Is there a way to generate a hacker name like there is for your porn star name - name of your first pet + mother's maiden name? Of course that one gives away two questions on any list of those tedious "security" questions some companies think necessary in order for you to login.
So basically "SQL injection" or XSS or similar types vulnerabilities, except you are taking user-supplied input and downloading the URL and executing it on your server? How common is this?
Next you'll be telling me that there are people who append user supplied input to a shell command and execute it as root....
Theres nothing to say these have to be the actual names Shirley its more secure to make them up i.e. Rhaegal+Dhampir .Though I can never get round why email addresses are used as part of a two part log in system on some sites.
Damn my securitys blown now!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
