[Mimedefang] OT: Email web form exploits
John
john at jjgb.com
Tue Sep 6 08:45:20 EDT 2005
At 11:23 PM 9/5/2005, you wrote:
>On Jan 26, 5:16pm, John wrote:
>}
>} I am a System Administrator in Billings, MT. I am having the same issue,
>} however I do not feel this is to be taken lightly. Mine started with IP's
>} in Egypt & Iran. I have attempted to contact the FBI & Dept. of Homeland
>} Security. Also have alerted AOL's Fraud Dept. as that's where the test
>} emails were sent originally while testing.
>}
>} I attempted Federal contact Saturday when I realized what was
>} transpiring. Unfortunately, they are an 8-5 system unless someone's life
>} is at stake.
>
> Contacted them for what purpose? To tell them that you're a lousy
>programmer? Or perhaps to tell them that you stick random unverified
>code on your system (i.e. you're a lousy sysadmin)?
We also, are an ISP. We, as a company, do not control content. We should,
I agree, but company policy says "Not"...
>} This has been a continuous, saturated attack, not at all like a simple
>} spammer or script kiddy. Think about what would happen if a subversive
>} group like, and including, Bin Laden's boys found open mail forms that
>} could be used to send coded messages in plain text with impunity and being
>} relatively anonymous.
>
> The people running insecure web sites should be nailed.
I agree 100%. However, in the real world, when you have hundreds of sites
and may be 75-80 developers, that's what happens.
> There is
>a ton of information out there on how to write secure forms! This is
>not a new attack.
Not like this one has been.
> This is old stuff.
>
>} I want some answers from the Feds on this issue and I can assure you I will
>} be on the phone at 8:00 in the morning...
>
> If I was the Feds I would simply tell you to go away and secure
>your system. And, if you are working for an organisation where your
>systems must be secure by law, I would sic the appropriate agency on
>you.
And, you already sound like a government worker. Totally bad attitude. I
expect to speak to someone like you today. I am sure I will find a way
around the front guard, then maybe not. There are plenty of folks like you
in the government.
John Jaeger - Billings, Montana
EMail To : <mailto:john at jjgb.com>
Home Page : <http://www.jjgb.com>
PGP:
RSA Key ID: 0xAAEC7751 <http://www.jjgb.com/public_files/RSA_Key.zip>
"Our liberty is protected by four boxes...
The ballot box, the jury box, the soap box, and the cartridge box."
- Anonymous
More information about the MIMEDefang
mailing list