Re: Possible Intrusion Attempt?

Matt LaFelero wrote:
>
> I'm hoping someone here might be able to shed some light on this

I'd be interested in seeing the source of the mail message to see if it contains script or a link to an image or other material on a protected web server page. One could follow that link, view source, and/or capture traffic and see what is happening.

Internet Explorer will offer its local authentication credentials (Windows or domain login) to web sites under some circumstances. Internet Explorer's default security setting for login in the Internet zone says IE will only automatically try to login in the local Intranet zone. So unless they are exploiting a defect in the zone boundaries, of which there have been quite a few, they wouldn't seem to be able to collect credentials from an Internet site.

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe


----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------