Instead of updating the post in question (again), I figured I’ll post all the new info here and call this a wrap. So, we all know about the security scammer now, and the different ways he is working to defraud innocent users and steal their data and money. It has been quite an experience tracking [...]
Posts Tagged ‘technical’
How [not to] scam security people
An analysis of a rogue security tool that tries to steal passwords and scam people out of their paypal money and accounts.
DefCon 17 talk video available!
DefCon 17 talk video of my talk
Blocking legitimate sites in real-time
I Ran into this on Slashdot: http://tech.slashdot.org/tech/08/09/21/1827209.shtml. It seems like the Google filter for malicious sites was blocking a whole domain name – including all sub-domains, which happened to be a dynamic DNS provider. A Big false positive, and a big problem to all the legitimate sites that were hosted using this domain. Disclosure – [...]
Malicious code, exploit vectors or top-programmer job?
What would you say if you saw one of these code snippets in a website you browse to: dim tass Set tass = CreateObject(“CnsHelper.CH”) If IsObject(tass) then HasCns = true else HasCns = false end if or: function winIE5upPlyrDetect(){ var playerAxObj; var iectlAxObj; try{ iectlAxObj = new ActiveXObject(“Shell.Explorer”); } catch(e){ } try{ or: var fs [...]