July 2004 Archives

Pinky the Cat

|
For all of you cat lovers out there... Pinky

Apollo 11 Photographs

|
Newly available on Nasa's web site is a series of photographs from the Apollo 11 landing. Check out: 1, 2, 3. My words cannot describe how breathtaking the images are.

Email Warfare

|
In today's world electronic warfare is becoming a larger and larger component of a military's arsenal. This in turn equates directly into corporate espionage and sabotage. As organizations become more and more dependant on their technology to function and operate disruptions to these technologies and communications become catastrophic to the organization. When I was starting my career in networking one of my certification instructors described a basic hack. The attacker on a network would simply sit down at the victim's computer and repeatedly attempt to log in until the password lock was enabled. When the victim attempted to log in they would not be able to authenticate and would be forced to contact the internal IT helpdesk to have their password reset. Depending on the organization this could take a prolonged amount of time, rendering the victim unproductive for the duration of the lock out. If they were working on a deadline, presentation, etc... this would be a severe disruption. With the current state of spam blocking, one of the most prevalent systems available are the DNSBLs (DNS blacklists). DNSBLs function with different strategies, but a very common one is a spamtrap. Simply put, a phony email address is published in a hidden way to various web pages, and imbedded into emails sent to mailing lists and newsgroups. Automated email harvester tools used to build spam databases would inadvertently pick up the spamtrap address. Upon emailing the spamtrap the sender and sending server is immediately placed into a block list and future spam is discarded. And now for the simple hack. The first trick is to identify the spamtrap email addresses for different DNSBLs. Once the spamtraps are identified the attacker would craft an email to an address on the victim's server that would bounce/reply to the spamtrap address. And bingo, the victim has now inadvertently added themselves to a DNSBL. Interesting...

About this Archive

This page is an archive of entries from July 2004 listed from newest to oldest.

June 2004 is the previous archive.

September 2004 is the next archive.

Find recent content on the main index or look in the archives to find all content.

View Max Clark's profile on LinkedIn
Powered by Movable Type 4.1