Monthly Archives: October 2009

Oct 26

Awesome Phishing Spam

Posted on by

Below is the awesome phishing spam I got today, sent to my work email address. Apparently I was the only actual user account to get this email. The actual email addresses/domains have been redacted. However, just imagine if you had received this email in YOUR work inbox? The .exe payload was a virus.


From: "System" <redacted@redacted>
To: <redacted@redacted>
Subject: Attention - Mail system upgrade
Date: Mon, 26 Oct 2009 19:47:54 +0530

Attention!

On October 30, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.

http://updates.redacted.com.secure.s-data1.net/mail/id=7254828-redacted@redacted.com-patch5370226.exe

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

Oct 04

Pincushion

Posted on by

Hey, I made “something”.

pincushion top

pincushion top

pincushion bottom

pincushion bottom

Its totally crooked and wonky, but its TINY at appx 3″ by 3″, which is why I included the ruler in the pics. I still need some stuffing and a hand-sewing needle to finish it off.

Oct 02

What Firewalls Won’t Do

Posted on by

I had a customer ask me in a ticket today, “why isn’t my hardware firewall protecting my server against this brute-force [login] attack?”

My answer was “a hardware firewall will not protect your server against a brute-force attack.”

Why? because its not designed to do that. A hardware firewall is simply a traffic filter. It allows, disallows, or in some cases, routes traffic based on rules you set. It doesn’t know that Joe User’s account shouldn’t be logged into repeatedly from a Ukranian IP unless you tell it to only allow certain IPs through for that protocol.

That’s why we have scripts like BFD (http://www.rfxn.com/projects/brute-force-detection/).

Its also a good idea to move services like SSH to a random non-default port, disable direct root logins, and of course, only allow certain IPs to access services like SSH.