On Mon, Mar 1, 2010 at 3:02 PM, Andrew Daviel wrote:
>
> OK, not really a dictionary attack in the normal sense - the attackers knew
> the
> usernames.
>
> We just had an incident where someone tried guessing (I presume)
> username=password against about 150 accounts via Squirrelmail over HTTP/SS
OK, not really a dictionary attack in the normal sense - the attackers knew the
usernames.
We just had an incident where someone tried guessing (I presume)
username=password against about 150 accounts via Squirrelmail over HTTP/SSL.
It so happened that someone had set up a couple of multi-user
