Category: Phishing

Secure websites are not so secure

Recently researches were able to find a loop hole in SSL certificate implementation which could could make any secure website (relying on md5 hashing of CA certificates) vulnerable to nearly undetectable phishing attack.

To brief the attack:

Read more »

categories Cryptography, Cybercrime, Information Security, Network Security, Phishing | w0lf | January 1, 2009 | comments Comments (2)

categories , , , , , ,

Hacking Yahoo, Gmail or any Bank accounts.

Well Here I will not be providing some PoC to hack into these mailing accounts. I will be telling you the methodology that can be used to hack into any of these mailing accounts. The real effort will be yours. :)

Lets start without any more disclaimer speech and sort.

Read more »

categories Information Security, Phishing, Web Application Security | w0lf | October 9, 2008 | comments Comments (10)

categories , , , , , , , , , ,

Phishing attack takes a twist – Beware backtalkers :)

Frustrated with phishing attack, we may try bursting back at phisher on the fake login page by inputting bad words in the input fields. (And I guess we have already done it many times :P ) This has now hurt the emotions of attackers (after all they are also humans ). Now a new twist in phishing trend is that they use Neosploit to attack those user’s unpatched systems who swear back at them or if few other conditions are met. But they will not attack if we fill all the details honestly.

Details can be found here

categories Phishing | w0lf | September 15, 2008 | comments Comments (0)

categories

Phishing or pissing

To set up phishing sites it hardly requires an exploit to hack into the web application (Jhoomla, phpBB etc..) and upload the copied target site onto it. And booom..phishing site is up…in less than a couple of minutes.
But for an nfomation Security officer of that targetted organization, it takes much more than that to bring the attack and after effects under control. For them its sounds like a pissing attack. They get really pissed off. These pissing affect remains even after the phishing site has been brought down. They need to check if the phisher has compromised any customer’s user credentials. This requires continuous monitoring and thorough forensics. In the end both the organization and the end customers suffer.

Most important and effective thing the organization should always do to bring down the damages incurred due to phishing is PROPER customer training. This is what every organization knows and this is what most of them don’t do completely or in an improper way.

Read more »

categories Phishing | w0lf | | comments Comments (0)