PSA: change your fedex.com account logins
Dan Hollis
goemon at sasami.anime.net
Fri May 31 19:58:42 UTC 2019
The one-off email scheme is not predictable. It is randomly generated
string of characters.
$ ./randgen
jvtMDluV0lwnlY5O
So you can totally eliminate that possibility entirely.
-Dan
On Fri, 31 May 2019, Jason Kuehl wrote:
> Is it possible, yes. I've seen it several times now at my place of work.
> Targeted attacks are a thing.
>
> On Fri, May 31, 2019 at 2:53 AM Mike Hale <eyeronic.design at gmail.com> wrote:
>
>> Oh for fucks sake.
>>
>> Really?
>>
>> You two are questioning someone who subscribes to Nanog over Fedex?
>> You really think it's more likely that someone is targeting Dan Hollis
>> (whoever he is) instead of Fedex leaving something else exposed?
>>
>> On Thu, May 30, 2019 at 11:39 PM Scott Christopher <sc at ottie.org> wrote:
>>>
>>> Dan Hollis wrote:
>>>
>>> Phishing scheme didn't happen.
>>>
>>> fedex has had a number of major compromises so it's not a stretch that
>>> their user database was stolen and sold to spammers.
>>>
>>>
>>> The other possibility is that your one-off email scheme is predictable,
>> and someone knows you use FedEx, and that someone is targeting specifically
>> you, and this obvious phishing email is a red herring for the exploit you
>> didn't see.
>>>
>>> Be concerned.
>>>
>>> -- S.C.
>>
>>
>>
>> --
>> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
>>
>
>
> --
> Sincerely,
>
> Jason W Kuehl
> Cell 920-419-8983
> jason.w.kuehl at gmail.com
>
More information about the NANOG
mailing list