Showing posts with label user education. Show all posts
Showing posts with label user education. Show all posts

Wednesday, March 25, 2009

Wireless service "steals" and proxies emails

Wireless (swisscom) at hotel steals my email messages and relays through a proxy rather than my MTA! WTF!!

Even "experts" can be fooled.

I automatically clicked "YES" on accepting the SSL certificate, I'm ashamed!

I know it is self-signed and therefore gives an error (I installed a new mail client).
Regardless of it being the first time, I would have liked the violations (self-signed and unknown) to be written in red, on separate lines. Make it a bit more user friendly so that at least folks who care about security are not tempted to act as lusers and click "yesyesyes".

No wonder a friend bounced my emails, they were being relayed from a non-authoritative MTA for linuxbox.org.
: host mx01.speakeasy.net[69.17.117.60] said: 554 5.7.1
: Client host rejected:
Access denied (in reply to RCPT TO command)

linuxbox's log file:
Mar 25 ... linuxbox ...
A53E6.2070502@linuxbox.org>, proto=ESMTP, daemon=MTA, relay=mail-out-01.swisscom-eurospot.com [83.97.120.90]

WTF?!

Worse still, this is the first time in ages I use a GUI client, so my mistake was installing it for the first time on a wireless hotel network.

Well, we learn.

Update:
These are called "transparent proxies" and apparently "everyone" does that. It helps, among other things, control outgoing spam from users.

One suggestion was to use submission on port 587 with STARTTLS

Update #2:
So I didn't click "yesyesyes" after all, I configured it wrong.
In Thunderbird I needed to set up encryption for SMTP regardless of what I set for the account. I was set to "tls, if available" so I was never alerted.

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron
Posted by at No comments:
Labels: , , , , , , , , , ,

Phishing attacks against ISPs (also with Google translations)

In this email message I'd like to discuss two subjects:
a. Phishing against ISPs.
b. Phishing in different languages against ISPs as soon as Google adds a new translation module.

[My apologies to those who receive this email more than once.]

In the past few weeks there has been an increasing number of phishing attacks against clients of Israeli ISPs. I've only seen a few of these, but the local ISPs confirm it's happening across the board.

In all these cases, the phishing email is in Hebrew.

While we have seen ISP phishing and Hebrew phishing before, these attacks started when Google added translation into Hebrew.

Is this a trend? Have other countries (or populations) been targeted when Google added a translation module for more languages?

Notes:
a. Some Israeli ISPs emailed their clients warning against such attacks. Saying they'd never ask for their password, etc.

b. While I was certainly heavily involved with phishing originally and even started the first coordination group to deal with the issue, I am somewhat removed from it now, dealing more with phishing/banking Trojan horses.
Can anyone educate me as to how often ISPs get phished, if at all?

c. If you get phished, what strategies if any have you taken to prevent the attacks/respond to them/educate your clients? What worked?

d. I wonder if these translation misuses could eventually translate into some intelligence we will see in Google security reports, such as on malware.

Gadi Evron,
ge@linuxbox.org.

Follow me on twitter! http://twitter.com/gadievron
Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)