Today I read that people in Finland are massively buying toilet paper because paper mills are shut down due to a lockout of workers in the paper industry. This could mean that F-Secure will be in deep shit. Imagine the poor researchers having to resort to contract their sphincter all day or use a buttplug while dissecting the latest variant of Sober.XYZ. This seriously will affect the quality of the research and the product line of F-Secure. We cannot allow this to happen!
To ensure that F-Secure won't buckle under severe internal pressure, we have to act now!
Send your (used) toilet paper to:
F-Secure Corporation
Tammasaarenkatu 7
PL 24
00181 Helsinki
Finland
Friday, May 27, 2005
Tuesday, May 10, 2005
A practical look at buffer overflows
If you ever wondered how buffer overflows work, here is a very nice documented example of a buffer overflow and how to exploit it. If you know a bit of assembler, C and how to use a debugger it is a very interesting read.
Tuesday, May 03, 2005
Phising for dummies
So you want to become a phiser?
First, to know what a phiser does look at the term phising on WikiPedia. In short, a phiser is someone who tries to fool somebody to fill in private/sensitive information on a website that is believed to be an official website the scam has been created for. Usually these requests come by email, give a link to a website where you should fill in the information and try to disguise it as a legit site.
How to spread emails to people and harvest email addresses to send to?
Thanks to F-Secure I found the source of MyDoom virus. Just change it a little to suit your needs. How I obtained this source is in an older entry on my weblog in case you want to look it up... Just make it a phising scam and worm in one so that you can reach a big audience...
What site to imitate?
Don't worry if you know only the online banking site you use yourself. F-Secure gladly provides you with a HUGE list of banks to impersonate (right-click, save to file). Pick one at random, look at the site, rip the layout and use that in your email you will sent to all the intended victims. Mind you that you use the same language and way of writing as the host of the site does. Spelling errors are a big no-no here, a scam should look perfect!
Examples... or not?
Take a look here, it's a test which checks wether you can be baited for a phising scam. Look at the examples and learn from them. Try your best to imitate the site you intend to copy.
How to save the data?
Goddammit, I'm not going to explain you how to program, use PHP or Perl to save the form data... Use The Fucking Search, Noob! (grin)
What to do with the data you collected?
Go shopping on the internet or something, I don't care about that... I just feel bothered by the fact that F-Secure yet again gives away information it really doesn't need to and just giving the wrong people the wrong ideas.
First, to know what a phiser does look at the term phising on WikiPedia. In short, a phiser is someone who tries to fool somebody to fill in private/sensitive information on a website that is believed to be an official website the scam has been created for. Usually these requests come by email, give a link to a website where you should fill in the information and try to disguise it as a legit site.
How to spread emails to people and harvest email addresses to send to?
Thanks to F-Secure I found the source of MyDoom virus. Just change it a little to suit your needs. How I obtained this source is in an older entry on my weblog in case you want to look it up... Just make it a phising scam and worm in one so that you can reach a big audience...
What site to imitate?
Don't worry if you know only the online banking site you use yourself. F-Secure gladly provides you with a HUGE list of banks to impersonate (right-click, save to file). Pick one at random, look at the site, rip the layout and use that in your email you will sent to all the intended victims. Mind you that you use the same language and way of writing as the host of the site does. Spelling errors are a big no-no here, a scam should look perfect!
Examples... or not?
Take a look here, it's a test which checks wether you can be baited for a phising scam. Look at the examples and learn from them. Try your best to imitate the site you intend to copy.
How to save the data?
Goddammit, I'm not going to explain you how to program, use PHP or Perl to save the form data... Use The Fucking Search, Noob! (grin)
What to do with the data you collected?
Go shopping on the internet or something, I don't care about that... I just feel bothered by the fact that F-Secure yet again gives away information it really doesn't need to and just giving the wrong people the wrong ideas.
Thank you, Symantec!
Today one of the workstations at my work got infected with Sober.P. Of course the end user should have known better than opening an email in the english language (not our native language), opening the zip file and running the executable inside it.
But on the other hand, this threat was found yesterday and (for once I have to agree with F-Secure) by the time European workers get back to their offices tomorrow morning, all antivirus programs should already stop it.
We use Symantec Antivirus for Exchange as well as a version running on the workstation, which are up to date and didn't detect it. I am no system administrator and it is not my job to prevent/repair shit like this, but I felt sorry for the person and used HouseCall to remove the infection.
So... thank you Symantec...
But on the other hand, this threat was found yesterday and (for once I have to agree with F-Secure) by the time European workers get back to their offices tomorrow morning, all antivirus programs should already stop it.
We use Symantec Antivirus for Exchange as well as a version running on the workstation, which are up to date and didn't detect it. I am no system administrator and it is not my job to prevent/repair shit like this, but I felt sorry for the person and used HouseCall to remove the infection.
So... thank you Symantec...
NOT!
Subscribe to:
Posts (Atom)