[Mimedefang] OT: Email web form exploits
John Nemeth
jnemeth at victoria.tc.ca
Tue Sep 6 01:23:08 EDT 2005
On Jan 26, 5:16pm, John wrote:
}
} I am a System Administrator in Billings, MT. I am having the same issue,
} however I do not feel this is to be taken lightly. Mine started with IP's
} in Egypt & Iran. I have attempted to contact the FBI & Dept. of Homeland
} Security. Also have alerted AOL's Fraud Dept. as that's where the test
} emails were sent originally while testing.
}
} I attempted Federal contact Saturday when I realized what was
} transpiring. Unfortunately, they are an 8-5 system unless someone's life
} is at stake.
Contacted them for what purpose? To tell them that you're a lousy
programmer? Or perhaps to tell them that you stick random unverified
code on your system (i.e. you're a lousy sysadmin)?
} This has been a continuous, saturated attack, not at all like a simple
} spammer or script kiddy. Think about what would happen if a subversive
} group like, and including, Bin Laden's boys found open mail forms that
} could be used to send coded messages in plain text with impunity and being
} relatively anonymous.
The people running insecure web sites should be nailed. There is
a ton of information out there on how to write secure forms! This is
not a new attack. This is old stuff.
} I want some answers from the Feds on this issue and I can assure you I will
} be on the phone at 8:00 in the morning...
If I was the Feds I would simply tell you to go away and secure
your system. And, if you are working for an organisation where your
systems must be secure by law, I would sic the appropriate agency on
you.
}-- End of excerpt from John
More information about the MIMEDefang
mailing list