When two-factor authentication is not enough

FastMail Blog

TL;DR: This is the story of a failed attempt to steal FastMail’s domains.

We don’t publish all attempts on our security, but this one stands out for how much effort was put into the attack, and how far it went.

We’ve had a handful of minor attack attempts recently. Targetted phishing emails to staff trying to steal credentials. An NTP-based DDOS which was quickly mitigated by NYI, our excellent hosting service.

These sorts of attacks are the “background radiation” of the internet. Along with port scans and entries in the web server logs from malware trying us out to see if we’re vulnerable to old PHP bugs (hint, we’re not). It’s the reality of being on the internet.

This blog post was first drafted before the Heartbleed fiasco. Sometimes, no matter how careful you are, you get a nasty surprise. We responded very quickly, as always. Anyway, on…

View original post 1,798 more words

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s