BLOG

Tag: compromise

Arrests in ESP data breach

The FBI announced today arrests of three people in the ESP data breaches from the compromises of various ESPs a few years ago. Krebs on Security: Feds Indict Three in 2011 Epsilon Hack Department of Justice: Three Defendants Charged with One of the Largest Reported Data Breaches in U.S. History After stealing over a billion […]

1 Comment

Dealing with compromised user accounts

M3AAWG is on a roll lately with published documents. They recently released the Compromised User ID Best Practices (pdf link).

No Comments

AOL compromise

Lots of reports today of a security problem at AOL where accounts are sending spam, or are being spoofed in spam runs or something. Details are hazy, but there seems to be quite a bit of noise surrounding this incident. AOL hasn’t provided any information as of yet as to what is going on.

4 Comments

People are your weakest link

Social engineering is a long standing way to compromise security. Chunkhost reports today that they discovered accounts being compromised through social engineering of Sendgrid support. While the compromise did not work it was a close call. The only thing that saved the targeted customers was their implementation of 2 factor authentication. We know many of […]

No Comments

Target breach started from email

According to Brian Krebs the compromise of Target’s POS system probably originated with a phishing attack against one of Target’s vendors. This attack compromised credentials of the HVAC vendor and possibly allowed the hackers entrance into Target’s systems. Interestingly, Brian mentions Ariba, a company I’ve been forced to deal by a large customer of ours. […]

No Comments

Michele Bachmann Announces She’s Done

U.S. Representative Michele Bachmann (R-Minnesota) announced today that she’s not going to seek re-election in 2014. Last time around, the race between her and Minnesota businessman Jim Graves was very close. Mr. Graves lost by a very narrow margin. Graves had already announced his intention to take on Ms. Bachmann again next year. As the news […]

2 Comments

Password security

Many of us have lots of accounts on various networking sites, but how much attention do we pay to password security? If you haven’t heard, someone managed to compromise the Associated Press’ twitter account today. Not only was the account compromised, but they put out a fake tweet claiming that there were explosions at the […]

4 Comments

Services, abuse and bears

A couple weeks ago I wrote a post about handling abuse complaints. As a bit of a throwaway I mentioned that new companies don’t always think about how their service can be abused before releasing it on the unsuspecting internet. Today’s blog post by Margot Romary at the Return Path In the Know blog reminds […]

No Comments

Get a helmet

There’s been a lot of interesting reaction to Steve’s security post yesterday. A lot of people seem upset that we have pointed out one of the ways that ESPs may be getting compromised. Complaints range from the message being overly simplistic, through to complaints that we just don’t understand how much of an issue security […]

3 Comments

I know your customers’ passwords

Go to your ESP customer login page and use “View Source” to look at the HTML (under “Page” on Internet Explorer, “Tools->Web Developer” on Firefox, and “View” on Safari). Go on, I’ll wait. Search for the word autocomplete. If it says something like autocomplete=”off” then your web developers have already thought about this security issue. […]

7 Comments

Archives