2016 Nov 28, 10:07
2012 Oct 1, 6:33
According to the links within this article, although the root URI of the router requires authentication, the /password.cgi URI doesn’t and the resulting returned HTML contains (but does not
display) the plaintext of the password, as well as an HTML FORM to modify the password that is exploitable by CSRF.
The attack… infected more than 4.5 million DSL modems… The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log
in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to
booby-trapped imposter sites.
technical security html router web dns csrf 2011 Apr 4, 11:18Two eBook frauds involving the automated creation and publishing of books in order to make money off the long tail. The spam of books.
ebook fraud bruce-schneier security amazon copyright publishing 2009 Jun 19, 3:27You must wonder if Bruce Schneier is having trouble selling his laptop just because he's Bruce Schneier and he announced his sale on his blog. I thought his description was funny though: "But I still
want to sell the computer, and I am pissed off at what is essentially a denial-of-service attack." A scam or attack to you or me is at worst a DoS to Bruce Schneier.
bruce-schneier ebay fraud security dos 2009 Jun 10, 12:17"Bruce pointed out in his return email that while the fraud pattern was a good match for escrow, the transaction size wasn't: since the item exchanged in the eBay transaction he highlighted was sold
for only $500, the price of an escrow agent would have been hard to justify. He's right."
blog security economics article bruce-schneier Bob-Blakley ebay 2008 Nov 5, 9:43Proposed new arbitrary TLDs are super expensive. As it turns out large companies have to buy their name on every new TLD to avoid potential fraud.
dns tld domain economics security iana ietf 2008 Jun 18, 12:44Bruce Schneier writes about LifeLock for which you've probably seen the comercials of the CEO parading around his SSN. I was wondering what LifeLock actually did.
bruce-schneier identity fraud credit article wired security privacy lifelock 2008 May 19, 12:28"Were he alive, Konrad Kujau, the man who forged...countless paintings, would no doubt feel a tingle of pride for his great-niece...being prosecuted for forging his signature on hundreds of cheap,
Asian-made copies of works such as the Mona Lisa..."
art history fraud 2008 May 19, 11:54Forged fake art: "After being released from prison in 1988, Kujau opened a gallery in Stuttgart where he sold 'authentic fakes'... In fact, his work became so popular that other forgers began to
create forged copies of Kujau's forgeries."
art fraud history via:boingboing.comments konrad-kujau 2008 May 19, 11:46Museum of fraudulent art. "Instead of being destroyed, as they were in the past, the fraudulent pieces will live to see another day in the Museum of Fakes, established in 1991 as part of the
University of Salerno's Center for the Study of Forgery."
art museum fraud via:boingboing 2008 Jan 24, 8:55A software kit for phishers that, unknown to the phisher, messages any stolen info back to the originators of the kit.
fraud article phishing 2007 Mar 1, 1:01Wired reported pays a service to make his fake blog popular on Digg.com
article digg fraud bribe 2007 Feb 20, 10:29"The recordings of a British concert pianist who found fame in the last years of her life have been exposed as hoaxes by Apple's iTunes music player."
itunes apple music fraud hash classical article 2004 Aug 19, 2:52I received an email from verification@citibank.com the other day with the subject "Fraud Check Verification". Or at least that's what someone at the jumphk2.net domain would have me believe. The
whole official looking email was very convincing at first glance. There's the Citibank logo image up in the left corner, the reassuring TrustE image in the opposite corner, and just the right amount
of legal-ese on the bottom. The text requested me to follow a link in the email to update and verify my information. At closer examination however it becomes apparent that this is a scam. Little
things start to catch your eye. The TrustE image is hosted on ebay and the Citibank logo is hosted at 65.108.92.50. Both images one might expect to be hosted on Citibank's site. The link in the email
looks like its taking you to https://www.citibank.com/saw-cgi/citibankISAPI.dll?PlaceCCInfo but in fact its taking you to a page hosted at 65.108.92.50 again. The following sentence appears in the
email:
If your account information is not updated within 48 hours then your ability to sell or bid on Citibank will become restricted.
Oh shit! My bid on Citibank might not go through! Seriously, they might have gone to a little more effort than just copying and pasting a scam letter meant for EBay. And the number one fact
revealing the email for what it is -- I don't have a Citibank account. I had received an email exactly like this several months ago and just deleted it, but for some reason, perhaps I was in a foul
mood, I decided to do something this time around. I emailed abuse at my domain, the ISP controlling their IP address, and Citibank. My domain told me there was nothing they could do. Citibank has yet
to respond. As for their ISP, the following day I received an email from Leon at Alabanza's Abuse department informing me:
This account has been locked down and is now on schedule for deletion. If we can further assist you please let us know.
Fuck yeah! This was a lot better than anything I had expected. I anticipated no response from any of the letters I sent. The page is gone now. Leon rocks!
Some rights reserved