How Hackers Identify Their Targets

narramissic writes "In a recent article, security guru Brent Huston writes about research he did to get inside the minds of spammers and expose some of the processes they use to identify potential targets. Huston says that among the four common ways that spam is spread, the most common method that spammers use is via open relays. Huston's research also revealed that 'they were doing much more server analysis' than he had expected and that they take a multi-step approach: 'They scan the server for proper RFC compliance, and then they send a test message to a disposable address. Only after these are complete did they adopt the tool to dump their spam.'"

How Hackers Identify Their Targets:

1) Look for SSID "Linksys"

2) Connect
3) ????
4)> Profit!

hacker /= spammer

[enlefo]

The title to the story says how hackers identify there targets but the story is about spammer. They are different.

Hackers != Spammers

[NaNO2x]

This is the type of negative image that hackers need to stop. I had a long conversation with someone on the differences between hackers and crackers and I can understand the confusion, but spammers and hackers, this is taking it a bit to far.

Re:My favorite tool...

[Tackhead]

> ...for getting into the minds of spammers is a couple rounds of semi-jacketed .357 hollow-points.

*BLAM!*

You have received this delivery of copper and lead because you or a friend subscribed you to the "Bullet of the Week" list.

To opt out of "Bullet of the Week", please have each spammer in your MLM's downline submit the following form in triplicate, including at least one of their own fingerprints, as well as one of your fingerprints, dipped in the bloody goo from your still-steaming remains.

Your security and privacy are important to us, so please allow 6-8 weeks for us to conduct the proper forensic analysis to verify the identity of your downline member before we can remove you from our "Bullet of the Week" list.

NOTE TO DOWNLINE MEMBERS: Pay no attention to the fact that the middle of the three forms includes the verbiage "By placing my bloody fingerprint on this form, I hereby opt in to the Bullet of the Week mailing list".

Re:Duh... It's so obvious...

[daeg]

It doesn't take a security vulnerability to make sendmail vulnerable... all it takes is a rookie Linux administrator configuring it and setting it up incorrectly.

Many times I imagine that rookie administrators are trying to get sendmail just to work right so they enable something they shouldn't. It works... and they never bother to address their issue correctly, or even know that they addressed it incorrectly.

Re:Duh... It's so obvious...

[whoever57]

I really get sick of this sendmail bashing. There are problems with sendmail and they are trying to rewrite sendmail to solve them. There is no such thing as perfectly secure software.

Perfectly secure: no. But look at Secunia's reports:

Postfix 1.x:

Affected By 1 Secunia advisories

Unpatched 0% (0 of 1 Secunia advisories)

Postfix 2.x:

Affected By 0 Secunia advisories

in contrast, look at Sendmail 8:

Affected By 10 Secunia advisories

Unpatched 10% (1 of 10 Secunia advisories)

So, given that there are unpatched vulnerabilities in Sendmail, why should you wait for the team to finish re-writing the code? Now, it is possible that Sendmail has some advantages in very high volume situations (although there are some older benchmarks that show Postfix was faster), but why would you want to use an MTA that is more difficult to configure and has known vulnerabilities?

I believe the main reason that people use Sendmail is that, having gone to the trouble to learn how to configure it, they don't want to waste that effort (as well as it being the default MTA in many distributions).