OK, not really a dictionary attack in the normal sense - the attackers knew the usernames. We just had an incident where someone tried guessing (I presume) username=password against about 150 accounts via Squirrelmail over HTTP/SSL. It so happened that someone had set up a couple of multi-user role accounts with, yes, username=password, so that the attacker was able to send a bunch of spam out on the weekend before we noticed. In previous Squirrelmail attacks it seemed a user had fallen for a phish and sent them a password, which the attackers leveraged to send more phish messages. This time it looks like guessing. A run of John the Ripper found a couple more u=p accounts which we disabled. Carelessness on my part, I guess, and not thinking users could be so daft. (well, OK, some years back we did have a public workstation with guest=guest and remote login enabled) -- Andrew Daviel, TRIUMF, Canada Tel. +1 (604) 222-7376 (Pacific Time) Network Security Manager ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
