Chattanooga
Unix
Gnu
Android
Linux
Users
Group

 

Hot Topics:

Sponsoring:

Fwd:

From: Preston Smith 
------------------------------------------------------
http://www.prinzicase.com/qnyigp.php?s=ot


=============================================================== From: Dave Brockman ------------------------------------------------------ http://grandkobayashi.sakura.ne.jp/5bxcuo.php

=============================================================== From: David White ------------------------------------------------------ Proof that it happens to the best of us.

=============================================================== From: Phil Sieg ------------------------------------------------------ Dave! You are the very LAST person I expected to have their email = hacked.... Tut-tut. Phil Sieg President SeniorTech LLC / snapf=C5=8Dn=C2=AE www.snapfon.com phil.sieg@seniortechllc.com Phone: 423.535.9968 Fax: 423.265.9820 Mobile: 423.331.0725 "The computer is the most remarkable tool that we've ever come up with. = It's the equivalent of a bicycle for our minds." Steve Jobs, 1955-2011

=============================================================== From: Aaron Welch ------------------------------------------------------ Prolly just spoofed. -AW .. Tut-tut. 's the equivalent of a bicycle for our minds."

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I piss off a lot of people.... and I play with dangerous toys at times... I'm not that surprised. The contact list itself that was used is interesting however.... Regards, dtb P.S. Those on this list who received an email, please delete and let me know if it re-occurs. I will be sending out a mass email once I compile the list of everyone who was sent to through my server. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRiXIRAAoJEMP+wtEOVbcdxNQIALIjkxRXaqM6QqyKWnoXT7G1 qmjJl7MQos4ZwSp1OGEqIWKPGwkKb+64a5fqWJ88ibLteOEzBk8XzM4rlj/p0OVY GIEU2SKjGpdRvHQ1tUmI2sf8ABCAn82BWXaVauNxDbFkWcipGL7XWovDcJ/gbsPF 2bgruDMs8zxS+3/JvL/Qk4Ur5POfN61ddEjl+Ku3jTSKKnPMYexbTQS7/w/Z2MD6 VO1lAkW/x6OZjdVKq+TB4n3vaQEPvUYhIU4Al8Z0oJN4KH98ncAOtX/WO5lxd5oJ 3eXO6eQm11Bi6+qxIz8jmSzyr6lXBk9dVly3TO6feAIBHg1FWcxeNHggtO6q4Mg= =JYdb -----END PGP SIGNATURE-----

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ironically/Oddly enough, the ba$tards had a three minute free for all blasting addresses from my sent box with my own server. What remains to be determined is how that password was compromised in the first place. Admittedly it was not my usual 30 char minimum, but you only get three auth failures in an hour before you visit the bit bucket for 365 days. My apologies to those of you who were on the receiving end of that. Pls do let me know if it repeats. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRidNBAAoJEMP+wtEOVbcdCA0IAJXomk1HheKjZbi7DgWIMe9X hbRCFEH3R70+rqsRDzlreVRekdiBK1TBo3ntsGH+014f7XDSNfq181kabHyhodus kGtzxpuyOitGnms17hfFG08f59fFKG4/WRJfBBsxKOzs7K0Y0yb3Lb1djcF3Ppdq ZfIcx72a5kFZBhJJv+ohktRnwwhU/tn3fMfVQw1Dkpbf18c14mFMJihC/EHzWlRR DqdQVcrk9X3x+hZIQgqCmaYFKHoDweRnkGUGxhLW9jm10nTQXcVqG7Vyw6gIOpJ/ m3jPxPsgptNZJZI8I/JLLy6Iv9unalP69YycKtisr44PdQ3Eorwwa5TIb6RmupM= =OnR9 -----END PGP SIGNATURE-----

=============================================================== From: Stephen Haywood ------------------------------------------------------ You running Exim and Dovecot? If so, there was a recent code execution vulnerability that could explain it. -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP W: www.averagesecurityguy.info T: @averagesecguy

=============================================================== From: Stephen Haywood ------------------------------------------------------ It's Exim + Dovecot and it's a misconfiguration issue. Look at https://www.redteam-pentesting.de/de/advisories/rt-sa-2013-001/-exim-with-dovecot-typical-misconfiguration-leads-to-remote-command-executionfor details. -- Stephen Haywood Owner, ASG Consulting CISSP, GSEC, OSCP W: www.averagesecurityguy.info T: @averagesecguy s/Postfix + Exim/Postfix + Dovecot/

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exim - No, Dovecot - Yes. I only access over explicit SSL or TLS connections. No web interface. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRilAjAAoJEMP+wtEOVbcd6wQH/2KraBq4b6Etv9QPgP2uMEFe YH+n2m+UiC2bp2c3Qq3fDVdNOAcF+WzGKyN75fY3aoouxlwdFd1Fb7BLkbIg4kRH APhU5uiqz6gOqyq6evSaRhau3Qmap19D+H6V0CAm648LFoSc2yh0qsdEWKpqwNA/ iJy2io96MhJ3M71dLqXFCfrqnVArdsSIlXaJ8UQ32avWIOLRTD+mAqK35uupZp5Z li+7YWSGK5I1RcrO+q9ZTs+uja/Ks0vcPRd8bXE2d2nO/GK7rnBH/2ZlCe7pZFQp sfY3+fFIQEQ+2tK4NTkkrDLneYViBICmBacTJT5iE3cYu/8xgXsmEhyEPK2i3cc= =rU4C -----END PGP SIGNATURE-----

=============================================================== From: Dave Brockman ------------------------------------------------------ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 for details. It has potential to affect other combinations, it is a directive in Dovecot's LDA configuration to allow access to the shell. It is not active on any mail server I control with Dovecot installed. David: Worth the read. Regards, dtb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRilQTAAoJEMP+wtEOVbcdi3EH/15r8oxYno6nU3kvShh0r5m/ X1qZjVeZnuNy4is/X0HhM/pOnH6TlS/vkdrr1dTBznkJG+X0EKruTQGMB+cbRwLL 6tXp/e2dOg5SufFJoI5UTnhTvJwdE2NlW3dtJRBcJgflHpok7Ba8vyhhJJUTnRM1 HRQvvsisH3CJug9H5lSwj9iNpaZSQjrZwm7rA2NBXbSfy8r2HY9Mk3Oo1NnemZpN XpYj5dEQOMIZTb3+yjdbAMqyJd54Ss56wCUWRDvRcGNb7vvldc9UCvwmu+oROXfo tdse2xdTOC969dJOxSK59BfSZhLR/3GARvTBsna0dwLRLxRvFTRZdxghOhqFP9Q= =LDx5 -----END PGP SIGNATURE-----

=============================================================== From: David White ------------------------------------------------------ You're right, that IS an interesting read. You're also right that I see the potential for it to not be limited to just Exim. I don't use Exim at all, and don't use Dovecot's LDA, so I think I'm good on this one too. :)

=============================================================== From: Mike Harrison ------------------------------------------------------ Ouch, yeah. in the past few years I've seen 3 Linux servers used for spamming via Exim.