[Web4lib] Phishing exploits in emails

Thomas Edelblute TEdelblute at anaheim.net
Thu Feb 8 15:20:01 EST 2007


Here is the US-CERT document that identifies some specific
vulnerabilities that can be exploited in a web server.  I am sure there
are others out there as well.

 http://www.us-cert.gov/reading_room/phishing_trends0511.pdf


Thomas Edelblute, Public Access Systems Coordinator
Anaheim Public Library

-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Micah Stevens
Sent: Wednesday, February 07, 2007 3:28 PM
To: Drew, Bill
Cc: Web4lib at webjunction.org
Subject: Re: [Web4lib] Phishing exploits in emails

I agree. This is neighborly and helpful. I have had exploits happen
unnoticed on systems I am responsible for and didn't notice for several
days, and I pride myself on being fairly aware of things. I've had some
rude responses as a result, but rude or not, they did help me become
aware and fix the problem.

-Micah

On 02/07/2007 03:19 PM, Drew, Bill wrote:
>  I am beginning to wonder if we as possibly more sophisticated web 
> users and managers need to make an effort to notify the owners of 
> websites about such exploits originating from their webserver?  I 
> think I will do that when I can.
>
> Bill Drew
> drewwe at morrisville.edu
>
> -----Original Message-----
> From: Micah Stevens [mailto:micah at raincross-tech.com]
> Sent: Wednesday, February 07, 2007 6:06 PM
> To: Drew, Bill
> Cc: Web4lib at webjunction.org
> Subject: Re: [Web4lib] Phishing exploits in emails
>
> Sounds like their webserver was just hacked and that sub-folder was 
> used
>
> to hold an add. This has happened to a couple of my clients from time 
> to
>
> time. I'm always amazed how people insist on using logins like 'web' 
> with a password of 'web' for their site FTP. One time I was called 
> because a client had found some really offensive porn on their site 
> and couldn't understand how it got there.
>
> If admins don't keep track of their site and don't use secure password

> techniques, this type of thing will remain prevalent.
>
> -Micah
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>   
_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/

THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL, AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAWS. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, forwarding, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail or telephone, and delete the original message immediately. Thank you.



More information about the Web4lib mailing list