I was looking at some ASSP logs after receiving some feeback from users about some phish emails they were getting
The phish was related to the Italian "Intesa SanPaolo" bank I grepped the logs, extracted the relevant informations and found that the messages were passing through since they were coming from IPs belonging to a whitelisted organization... "Amazon.com" !! The IP range from which those messages were (and are, but now they are blocked :D) coming was 174.129.0.0/16 and looking at the WHOIS record for the IP range I found a reference to this URL http://ec2.amazonaws.com/ Surprise, surprise <g> !! The netblock is allocated to the Amazon EC2 environment, so that phish is coming from "the cloud" :-P now I don't know if those virtual machines have been hacked or if they have been "rent" by the phishers in either case, it turns out that the so rewarded Amazon "Elastic Cloud" is a real can of worms, and it can be confirmed by the fact that the IP blocks assigned to the EC2 systems are included into the zen.spamhaus.org DNSBL :P (just in case 174.129.0.0/17 174.129.128.0/18) the spam (or better said, phish) I saw got past the filter since the amazon was whitelisted... now it isn't anymore <g> What to say, this is the perfect demonstration of what I have been thinking for some time now about the fact that, while the "cloud computing" idea is cool, it's also totally UNSECURE, since, aside from all the sales hype, there's currently NO *real* security "on the cloud" :P Bottom line, if your senderbase whitelist includes amazon.com ... remove it, they aren't worth that trust :) ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
