July 2004 Archives
For all of you cat lovers out there...
Newly available on Nasa's web site is a series of photographs from the Apollo 11 landing.
Check out: 1, 2, 3.
My words cannot describe how breathtaking the images are.
In today's world electronic warfare is becoming a larger and larger component of a military's arsenal. This in turn equates directly into corporate espionage and sabotage. As organizations become more and more dependant on their technology to function and operate disruptions to these technologies and communications become catastrophic to the organization.
When I was starting my career in networking one of my certification instructors described a basic hack. The attacker on a network would simply sit down at the victim's computer and repeatedly attempt to log in until the password lock was enabled. When the victim attempted to log in they would not be able to authenticate and would be forced to contact the internal IT helpdesk to have their password reset. Depending on the organization this could take a prolonged amount of time, rendering the victim unproductive for the duration of the lock out. If they were working on a deadline, presentation, etc... this would be a severe disruption.
With the current state of spam blocking, one of the most prevalent systems available are the DNSBLs (DNS blacklists). DNSBLs function with different strategies, but a very common one is a spamtrap. Simply put, a phony email address is published in a hidden way to various web pages, and imbedded into emails sent to mailing lists and newsgroups. Automated email harvester tools used to build spam databases would inadvertently pick up the spamtrap address. Upon emailing the spamtrap the sender and sending server is immediately placed into a block list and future spam is discarded.
And now for the simple hack. The first trick is to identify the spamtrap email addresses for different DNSBLs. Once the spamtraps are identified the attacker would craft an email to an address on the victim's server that would bounce/reply to the spamtrap address. And bingo, the victim has now inadvertently added themselves to a DNSBL.
Interesting...
