Tag Archives: Social Engineering

Phishing for HTML 5…

The blog, Feross.org, posted a good article on using HTML5 for phishing on Oct 8th. Now, to most security professionals, this type of attack will be easily bypassed, but this type of attack is meant for the same group fo people who help feed the African Prince that is trying to pay you by transferring his money through your bank account. In addition, this also targets those people who do not validate the websites they go to or allow scripting on all sites.

This article could be used to help educate, although in a highly technical way, users in how to look for and prevent the success of this type of attack. It is important that all the technical defenses applied to a network or system can be circumvented by uneducated or unaware users that do not practice proper security principles.

Tagged , , , , , , , , , , , , , , , , ,

Hakin9 is a security magazine that calls itself “the biggest IT security magazine in the world” and has been published for over 10 years. It is a magazine that is rather pricing, but occasionally provides free articles that in most cases are relatively good. In the recent issue, some security professionals became very upset with the magazine and decided to make a stand. Some within ApplyLogic occasionally read the articles and did this particular article (Nmap: The Internet Considered Harmful – DARPA Inference Cheking Kludge Scanning). After reading it, it was interesting but seemed to good to be true…and in fact it was. It was nothing more than a bunch of hokum or in the articles own words, it was D.I.C.K.S. The Register has a good article covering the issue. According to the article:

“Maybe they were sick of Hakin9’s constant please-write-an-unpaid-article-for-us spam and decided to submit some well-crafted gibberish in response,” security researcher Gordon Lyon (Fyodor) wrote in a post to the popular seclists mailing list last week. “They clearly chose that title so just so they could refer to it as DICKS throughout the paper. There is even an ASCII penis in the ‘sample output’ section, but apparently none of this raised any flags from Hakin9’s ‘review board’.”

Ultimately this brings other articles into question and the accuracy of what they publish. Another measure twice, cut once example… Here is the hakin9-nmap-ebook-ch1 if it is no longer available.

Tagged , , , , , , , ,
%d bloggers like this: