Thursday, March 22, 2007

Full headers of the phishing email ...

X-Apparently-To: @yahoo.com via 209.191.87.92; Thu, 22 Mar 2007 01:38:34 -0700
X-YahooFilteredBulk: 64.151.53.220
X-Originating-IP: [64.151.53.220]
Return-Path:
Authentication-Results: mta222.mail.re3.yahoo.com from=paypal.com; domainkeys=neutral (no sig)
Received: from 64.151.53.220 (HELO 192.168.1.252) (64.151.53.220) by mta222.mail.re3.yahoo.com with SMTP; Thu, 22 Mar 2007 01:38:34 -0700
Received: from 60.76.174.246 by ; Thu, 22 Mar 2007 04:35:46 -0500
Message-ID:
From: "service@paypal.com"
Reply-to: "service@paypal.com"
To: @yahoo.com
Subject: Compromised PayPal Account
Date: Thu, 22 Mar 2007 13:35:46 +0400
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--202896902971285"
X-Priority: 1
X-MSMail-Priority: High
Content-Length: 1308




This is a very bad way to send "scam" emails. Honestly no "smart" phisher would send his emails from AOL.com and using Outlook express... Why do all people want Paypal... ??

LOL !

How does this work ?
The phisher redirects the user to his host pointed with the arrow, rather than paypal, and collects data for his "own profit"

Reported to a APWG & F-Secure.

What can you do ? Don't click on the link blindly, take a minute to check the status bar, and copy/paste links on your browser, if you're suspicious of the person who sent this, then send it to reportphishing >at< antiphishing >dot< org

/Quit

Saturday, March 10, 2007

Update from jf -at- danglingpointers -dot- net.

Seems the variable name was googled a bit, and apparently it was a considered a vulnerability, not just a bug... if the wiki was embedded in another frame, the by injecting javascript the attack can occur.So that's what was shown below in the code(see previous blog post).The Authors have anyhow disabled it by default in newer versions of the wiki software.

My bit, is that I have just been digging code decently.We will conclude that I found a bug in OWASP website.(which was considered a vulnerability in the past)

Cheers :)
Kish
Is OWASP vulnerable ?



Check this out, the code shown above has the variable wgBreakFrames as undefined.

I expect some feedback on the same... Posted to full disclosure list.

The wgBreakFrames variable is vulnerable to injection...
It is confirmed just as a bug, with minimal impact,not a vulnerability.
There could probably be attacks if we could inject javascript in the window.

I would like to thank, jf -at- danglingpointers -dot- net & andfarm -at- gmail -dot- com, for the assistance provided through the Full-disclosure list :)

Full-Disclosure - We believe in it !

Cheers :)
Kish

Sunday, March 04, 2007

Site: www.techworks.in
Multiple XSS bugs
Risk: Medium-High



They're ""Official EC-Council distributor, India""



Full-Disclosure - We believe in it ;)

/Quit

Thursday, March 01, 2007

Originally posted on the 14th of Feb, Yeah, Iam sorry, late by 2 weeks. Still worth a laugh.

Acunetix survey says : 70% of websites, out of it's 3200 scanned ones were vulnerable to attacks.

Then, Network world and it's "go-to-guy" Joel Snyder, a.k.a Security expert, replies back

Thomas Ptacek, a guru at Matasano, gives his take on the issue.

Acunetix gives back some statistics and it's report...

I learnt to laugh like an Italian friend of mine, UAUAUAUAUAUAUAUAUAUAUAUAUA !!
You must try it too ... it's fun to laugh, it's the best way to forget all your worries...

Jokes apart, the truth is conveyed here humorously... You must note that somewhere in the context is mentioned, Acunetix's numbers are low ...

/Ale vide