[Mimedefang] OT: Email web form exploits

John Nemeth jnemeth at victoria.tc.ca
Tue Sep 6 01:23:08 EDT 2005

On Jan 26,  5:16pm, John wrote:
} I am a System Administrator in Billings, MT.  I am having the same issue, 
} however I do not feel this is to be taken lightly.  Mine started with IP's 
} in Egypt & Iran.  I have attempted to contact the FBI & Dept. of Homeland 
} Security.  Also have alerted AOL's Fraud Dept. as that's where the test 
} emails were sent originally while testing.
} I attempted Federal contact Saturday when I realized what was 
} transpiring.  Unfortunately, they are an 8-5 system unless someone's life 
} is at stake.

     Contacted them for what purpose?  To tell them that you're a lousy
programmer?  Or perhaps to tell them that you stick random unverified
code on your system (i.e. you're a lousy sysadmin)?

} This has been a continuous, saturated attack, not at all like a simple 
} spammer or script kiddy.  Think about what would happen if a subversive 
} group like, and including, Bin Laden's boys found open mail forms that 
} could be used to send coded messages in plain text with impunity and being 
} relatively anonymous.

     The people running insecure web sites should be nailed.  There is
a ton of information out there on how to write secure forms!  This is
not a new attack.  This is old stuff.

} I want some answers from the Feds on this issue and I can assure you I will 
} be on the phone at 8:00 in the morning...

     If I was the Feds I would simply tell you to go away and secure
your system.  And, if you are working for an organisation where your
systems must be secure by law, I would sic the appropriate agency on

}-- End of excerpt from John

More information about the MIMEDefang mailing list