phishing - Dave's Blog

Search
My timeline on Mastodon

Retweet of PuN1sh_3r

2015 Feb 18, 6:40
PowerShell: Better phishing for all! http://d.uijn.nl/?p=116 
PermalinkComments

HD DVD / Randomness... : Why not use hashes for the Anti-Phishing Filter?

2009 Sep 30, 4:07The hashing part makes sense, but not the 'why no URL query' bit: "But because victim=12345 has already been visited they satisfy condition 2 and they get the 404 page fooling them into thinking the site has already been taken down. So query strings don't really work." You could implement the same thing in the path and even were that not the case there's no telling that removing the query would get you the same page. What's described here is a general method to circumvent the AP filter not an explaination as to why it avoids the query portion of the URL.PermalinkCommentsphishing technical web browser http url hash

IE8 Beta2 Shipped

2008 Aug 27, 11:36

Internet Explorer 8 Beta 2 is now available! Some of the new features from this release that I really enjoy are Tab Grouping, the new address-bar, and InPrivate Subscriptions.

Tab Grouping groups tabs that are opened from the same page. For example, on a Google search results page if you open the first two links the two new tabs will be grouped with the Google search results page. If you close one of the tabs in that group focus goes to another tab in that group. Its small, but I really enjoy this feature and without knowing exactly what I wanted while using IE7 and FF2 I knew I wanted something like this. Plus the colors for the tab groups are pretty!

The new address bar and search box makes life much easier by searching through my browsing history for whatever I'm typing in. Other things are searched besides history but since I ignore favorites and use Delicious I mostly care about history. At any rate its one of the things that makes it impossible for me to go machines running IE7.

InPrivate Subscriptions allows you to subscribe to a feed of URLs from which IE should not download content. This is intended for avoiding sites that track you across websites and could sell or share your personal information, but this feature could be used for anything where the goal is to avoid a set of URLs. For example, phishing, malware sites, ad blocking, etc. etc. I think there's some interesting uses for this feature that we have yet to see.

Anyway, we're another release closer to the final IE8 and I can relax a little more.

PermalinkCommentsmicrosoft browser technical ie8 ie

Phishing coders hook clueless crooks | The Register

2008 Jan 24, 8:55A software kit for phishers that, unknown to the phisher, messages any stolen info back to the originators of the kit.PermalinkCommentsfraud article phishing

Unspun IE List

2007 Jun 21, 2:38Unspun is a social list creation website from Amazon. For instance, you could create a list named 'Most Desired Features for Next Version of Internet Explorer' and users of Unspun fill in and rank the answers. There's a mix of serious answers that are excellent suggestions, fan-boy answers that are lame, uninformed answers that are already implemented, and hilarious answers that are awesome. The following is the very short unsorted list of the awesome suggestions.
Innovative Anti-Phreaking Technology
Given the work done in IE7 on anti-phishing, subsequent work on anti-phreaking just makes sense.
AXELROD 2.8 Acceleration with XML Bindings
I'm not sure what AXELROD 2.8 is but accelerating it sounds good. Also I enjoy binding things to XML so...
Larger Buttons for My Mighty Fingers
For maximum humor this should be read by Richard Horvitz as Zim of Invader Zim. This one makes me laugh every time I read it.
PermalinkCommentsamazon personal ie humor nontechnical

An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks

2007 Jan 26, 6:43Usability study of phishing attacks and browser antiphishing defensesPermalinkCommentssecurity browser phishing paper ie7

Why Phishing Works

2006 Apr 5, 1:45PermalinkCommentssecurity phishing reference research software web

Phishing

2004 Aug 19, 2:52I received an email from verification@citibank.com the other day with the subject "Fraud Check Verification". Or at least that's what someone at the jumphk2.net domain would have me believe. The whole official looking email was very convincing at first glance. There's the Citibank logo image up in the left corner, the reassuring TrustE image in the opposite corner, and just the right amount of legal-ese on the bottom. The text requested me to follow a link in the email to update and verify my information. At closer examination however it becomes apparent that this is a scam. Little things start to catch your eye. The TrustE image is hosted on ebay and the Citibank logo is hosted at 65.108.92.50. Both images one might expect to be hosted on Citibank's site. The link in the email looks like its taking you to https://www.citibank.com/saw-cgi/citibankISAPI.dll?PlaceCCInfo but in fact its taking you to a page hosted at 65.108.92.50 again. The following sentence appears in the email:

If your account information is not updated within 48 hours then your ability to sell or bid on Citibank will become restricted.

Oh shit! My bid on Citibank might not go through! Seriously, they might have gone to a little more effort than just copying and pasting a scam letter meant for EBay. And the number one fact revealing the email for what it is -- I don't have a Citibank account. I had received an email exactly like this several months ago and just deleted it, but for some reason, perhaps I was in a foul mood, I decided to do something this time around. I emailed abuse at my domain, the ISP controlling their IP address, and Citibank. My domain told me there was nothing they could do. Citibank has yet to respond. As for their ISP, the following day I received an email from Leon at Alabanza's Abuse department informing me:

This account has been locked down and is now on schedule for deletion. If we can further assist you please let us know.

Fuck yeah! This was a lot better than anything I had expected. I anticipated no response from any of the letters I sent. The page is gone now. Leon rocks!PermalinkComments
Older Entries Creative Commons License Some rights reserved.