Missing dots from email addresses opens 20GB data leak !!!

Discussion in 'Security and Viruses' started by INDRANIL, Sep 12, 2011.

  1. INDRANIL
    Offline

    INDRANIL Distinguished Member

    Joined:
    May 10, 2010
    Messages:
    5,157
    Trophy Points:
    268
    Ratings:
    +12 / 0 / -0
    Security researchers have captured 120,000 emails intended for Fortune 500 companies by exploiting a basic typo. The emails included trade secrets, business invoices, personal information about employees, network diagrams and passwords.

    Researchers Peter Kim and Garrett Gee did this by buying 30 internet domains they thought people would send emails to by accident (a practice known as typosquatting).

    The domain names they chose were all identical to subdomains used by Fortune 500 companies save for a missing dot.

    Having purchased the domains they simply sat back and watched as users mistakenly sent them over 120,000 emails in six months.

    Kim and Garrett have not identified their targets but have revealed that they were chosen from a list of 151 Fortune 500 companies they regarded as vulnerable to their variation of typosquatting. The list is jam-packed with household names like Dell, Microsoft, Halliburton, PepsiCo and Nike.

    The emails they collected included some worryingly sensitive corporate information, including:

    Passwords for an IT firm's external Cisco routers
    Precise details of the contents of a large oil company's oil tankers
    VPN details and passwords for a system managing road tollways

    The researchers also warn of how easy it would have been to turn their passive typosquatting into an even more dangerous man-in-the-middle attack. Such an attack would have allowed them to capture entire email conversations rather than just individual stray emails.

    To perform a man-in-the-middle attack an attacker would simply forward copies of any emails they receive to the addresses they were supposed to go to in the first place. The forwarded emails would be modified to contain a bogus return addresses owned by the attacker.

    So always pay attention when sending mail to some or opening an attachment :p. Stay safe & have a nice time ;).


    More & Source
    :p.
  2. Guest Ads
    Online

    Google King of the Internet

  3. Student26
    Offline

    Student26 Notable Member

    Joined:
    Jul 10, 2010
    Messages:
    857
    Trophy Points:
    66
    Ratings:
    +0 / 0 / -0
    And these are companies run by smart people :p

    Well teh best of use make mistakes, who hasn't.
  4. INDRANIL
    Offline

    INDRANIL Distinguished Member

    Joined:
    May 10, 2010
    Messages:
    5,157
    Trophy Points:
    268
    Ratings:
    +12 / 0 / -0
    Yes I doubt how much smart they are :p. Regards.