[15824] in cryptography@c2.net mail archive
Re: E-commerce attack imminent; Sudden increase in port scanning for
daemon@ATHENA.MIT.EDU (Matt Crawford)
Fri Jul 23 13:26:08 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 23 Jul 2004 12:09:30 -0500
From: Matt Crawford <crawdad@fnal.gov>
In-reply-to: <1090595072.9420.28.camel@lhwlinux>
To: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: cryptography@metzdowd.com
> E-commerce attack imminent; Sudden increase in port scanning for SSL
> doesn't look good.
> http://www.techworld.com/security/news/index.cfm?NewsID=1975
>
> ... aka not necessarily an attack on SSL itself ... but identifying
> end-points with open SSL ports as attack targets i.e. end-points with
> open SSL ports are likely to be somewhat higher value targets than
> machines w/o SSL ports .... since the operators possibly feel they have
> something to protect.
I can't see any reasonable way to derive your conclusion from the cited
article.
"The surge began on 15 July, the day before the public disclosure
of a critical flaw in a server module called mod_ssl.
"The last time Netcraft observed similar activity was in April,
shortly before a wave of attacks on SSL servers that included the
compromise of some major e-commerce sites. Attackers used a flaw
in Microsoft's implementation of SSL to install malicious code..."
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
