Instead of updating the post in question (again), I figured I’ll post all the new info here and call this a wrap. So, we all know about the security scammer now, and the different ways he is working to defraud innocent users and steal their data and money. It has been quite an experience tracking [...]
Posts Tagged ‘Attack Vector’
The Turkish hack and another case for IL-CERT
You have been living under a rock if you haven’t heard of the Turkish hack a couple of days ago. Basically – a Turkish hacker forum that bolsters a strong anti-Israeli attitude has been practicing hacking and mostly defacing Israeli sites for the past few months (years). Now, this is nothing new, and as I [...]
How [not to] scam security people
An analysis of a rogue security tool that tries to steal passwords and scam people out of their paypal money and accounts.
The China/Google thing, accountants and other miscreants
Aha! Can’t believe I managed to avoid the unbelievable hype flood that swept across the interwebs in the last month. And to think that the last post (long overdue, I know… had REALLY good reasons for not being able to post anything) was somewhat oracleish in predicting that this would be the focus of this [...]
Malicious ads circa 2007
Malicious ads are plaguing the web? Not unless it’s news from 2007…
Botnet communications moving to Web2.0
Botnets moving to web2.0 communication utilizing twitter (and web services in the future) to communicate.
Are you Conficker-proof? Do you really need to be?
What a great way to sum up my last couple of posts – the Conficker media frenzy, and social aspects of web attacks. You can’t come up with these things anymore… Seems (for now) that the only real thing that came out of the Conficker issue is the fact that INFECTED machines started to look [...]
Social networking threats – the “hacker” story
As the social networking threats angle is picking up a lot of traction lately <pat_on_own_back>, the folks at Netragard have posted a great write-up on using social networks as an attack tool – involving both social engineering as well as technical exploits. The post can be found here, and I just want to quote a couple of [...]
Fighting an infection vector with new standards – ClickJacking
If you haven’t heard yet, the newest version of Microsoft’s Internet Explorer 8 (RC1) have been endowed with support for “Anti-Clickjacking” (for more background on clickjacking, check out: http://ha.ckers.org/blog/20080915/clickjacking/). This new feature is basically an implementation for a new header (X-FRAME-OPTIONS) that is returned from a server which defines the scope of “netsing” that is [...]
Malicious code, exploit vectors or top-programmer job?
What would you say if you saw one of these code snippets in a website you browse to: dim tass Set tass = CreateObject(“CnsHelper.CH”) If IsObject(tass) then HasCns = true else HasCns = false end if or: function winIE5upPlyrDetect(){ var playerAxObj; var iectlAxObj; try{ iectlAxObj = new ActiveXObject(“Shell.Explorer”); } catch(e){ } try{ or: var fs [...]