Re: CRIME AOL Backdoor?

From: brvarin@private
Date: Mon Jun 24 2002 - 18:01:27 PDT

Next message: Crispin Cowan: "Re: CRIME AOL Backdoor?"

Previous message: Tom Tintera: "RE: CRIME EarthLink Password Security Story"
Maybe in reply to: Jeffrey_Korte/Security/FCNB/Spgla@private: "CRIME AOL Backdoor?"
Next in thread: Crispin Cowan: "Re: CRIME AOL Backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It doesn't look like a backdoor. The URL in question redirects you
http://www.aol.com. As long as you have aol blocked, it shouldn't work.
Another intersting feature of this URL is it also has the same IP as
ads.web.aol.com. The whole Class C is AOL's  You're probably getting a lot
of users hitting web ads from AOL.. The webmail services are getting quite
creative in the number of IP's and hostnames they use. They are actively
looking to circumvent your firewall. Same goes for IM services. Remember,
they are in business to enable their users to get to their page, they could
care less about your security.

ar.atwola.com resolves to 64.12.184.25 64.12.184.89 64.12.184.121
64.12.174.153 64.12.174.185 152.163.226.25 152.163.226.89 152.163.226.57
152.163.226.121 152.163.226.153 152.163.226.185 205.188.165.57
205.188.165.121 205.188.165.185 205.188.165.249 64.12.184.57
Block 'em all!




From: Jeffrey_Korte/Security/FCNB/Spgla@privateat_private on 06/24/2002
      12:30 PM

Sent by:  owner-crime@private



To:   crime@private
cc:
bcc:


Subject:  CRIME AOL Backdoor?


Information Classification: Public.

I  have  recently  come across a scenario that I've not been able to find a
satisfactory answer to and I hope someone can assist me.

Due  to  security/virus  concerns,  several  months  ago I killed access to
Internet  based E-mail services at our Bank. (Yahoo, MSN, AOL, etc.)  After
monitoring several Internet usage reports, I found traffic in the thousands
to:  http://ar.atwola.com.   Once  you visit the sight it immediately takes
you  to  the  "AOL  Anywhere"  portal.   I have also found numerous hits to
http://toolbar.aol.com.

Can  anyone  in the group confirm for me whether or not a backdoor into AOL
exists  allowing  a  user  to  by-pass  Firewall  restrictions  in order to
retrieve their E-mails?

Regards,

Jeffrey B. Korte,
Corporate Security Manager
First Consumers National Bank
Voice: 503.520.8398

The  information  contained  in this E-mail message and its attachments, if
any,  may  be privileged, confidential and protected from disclosure.  This
information  is  the property of First Consumers National Bank.  If you are
not the intended recipient, any disclosure, copying, distribution, reading,
or  the  taking  of  any  action  in  reliance  on  or  in response to this
information  (except  as specifically permitted in this notice) is strictly
prohibited.  If you have received this transmission and you are not a named
recipient  or a person authorized to receive email and email attachments on
behalf  of a named recipient, or if you think you have received this E-mail
message in error, please E-mail the sender at jeffrey_korte@private

Next message: Crispin Cowan: "Re: CRIME AOL Backdoor?"
Previous message: Tom Tintera: "RE: CRIME EarthLink Password Security Story"
Maybe in reply to: Jeffrey_Korte/Security/FCNB/Spgla@private: "CRIME AOL Backdoor?"
Next in thread: Crispin Cowan: "Re: CRIME AOL Backdoor?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jun 24 2002 - 19:09:31 PDT