Sunday, May 06, 2007

Sayonara

Well tomorrow's the day! Tomorrow we leave for adventure and enlightenment in a foreign land. Tomorrow we leave for Japan! I don't know if I'll be blogging while I'm over there, but stay tuned! I just might post a few updates :-) If not, be sure that I'll have a ton of stuff to say once we get back.

Posted by Mike at 10:38 PM 1 comments

Labels: ,

Saturday, May 05, 2007

Phucking Phishers

It seems I just got a very convincing phishing e-mail trying to get me to give away my Paypal information. The e-mail itself was not that convincing, but the link to the "Paypal site" was very well done, and the site itself was an almost perfect forgery.

This is what it looked like:

As part of our security measures, we regularly screen activity in the
PayPal system. We recently contacted you after noticing an issue on your
account.We requested information from you for the following reason:

Our system requires further account verification.

Case ID Number: PP-140-076-751

Please confirm your Paypal account,click the URL below:

https://www.paypal.com/cgi-bin/webscr?cmd=_login-submit

This is a second reminder to log in to PayPal as soon as possible. Once
you log in, you will be provided with steps to restore your account
access.

Once you log in, you will be provided with steps to
restore your account access. We appreciate your understanding as we work to
ensure account safety.

In accordance with PayPal's User Agreement, your account access will
remain limited until the issue has been resolved. Unfortunately, if
access to your account remains limited for an extended period of time, it
may result in further limitations or eventual account closure. We
encourage you to log in to your PayPal account as soon as possible to help
avoid this.

To review your account and some or all of the information that PayPal
used to make its decision to limit your account access, please visit the
Resolution Center. If, after reviewing your account information, you
seek further clarification regarding your account access, please contact
PayPal by visiting the Help Center and clicking "Contact Us".

We thank you for your prompt attention to this matter. Please
understand that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.

Sincerely,
PayPal Account Review Department

PayPal Email ID PP638

But if look at the email in raw HTTP, you see that the actual site the link directs you too is this:

http://maxipriest.com/loggin/

Yeah, not exactly confidence inspiring. See, they spoof the URL to appear to be the Paypal site in your address bar. This is fairly simple. And if you click the link (I wouldn't recommend it), it takes you to a page that looks EXACTLY like the Paypal page. Here's a comparison:

Left, the real Paypal page; on the right, the fake.













Well done, eh? If you didn't know what to look for, you'd never be able to tell. And that could be disastrous. So how can you tell? It's all in the URL. Take a look at the real page URL here:


If the login page doesn't match what I have here, don't put any login info in. Now the fake page has the wrong URL, but it still looks like it could be legitimate. Ah! But if you view the page source, you see it's actually a frame (sort of a Web page within a Web page). And the page that is being displayed? Well, take a look:


So the address on the left is what the spoofer wants you to see. Notice no "https." On the right, is the actual URL of the spoofed site. And if you put in your login and password? Well, you are definitely SOL then. The wost part of this spoof? The links from the page are the actual links to Paypal stuff! They are essentially copying the PayPal page, and just running their own login script to grab your ID rather than the Paypal system. Insidious, no?

So here's a few simple rules that you can follow that, if you follow them, will give you 100% protection against phishing attacks.
  1. First, most legitimate companies will NEVER ask you to update account information by posting a direct link to their site in the e-mail, so become immediately suspicious if they do.
  2. If an e-mail gives you a link to take regarding your account information, check the URL by copying it (right-click and then choose Copy Link) and pasting it in Notepad or some other text editor. This will give you the real URL that you will be following. If it doesn't match, don't follow it.
  3. Legitimate sites will always use secure "https" pages for logins. Phishers will almost never bother with attempting to use secure connections.
  4. Never, ever, EVER put any login or personal information directly into any text fields in an e-mail! No one will ever ask for info this way as there is no way to make this secure.
  5. If you use Gmail, they have a "Report phishing email" option just like spam reporting. Use it. Even if you think it's real, let the ubbersmart guys at Google take a look just to make sure.
  6. If you are even a little bit suspicious about an e-mail, report it and then trash it. If you want to make sure your account is OK, go to the site directly (don't use any links) and login, or even contact customer service and ask if there is anything wrong.
Well that's about it. Just thought everyone should be aware of things like this.

Posted by Mike at 12:51 PM 0 comments

Labels:

Wednesday, May 02, 2007

Digg This: 09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0

Looks like Kevin Rose got his priorities straight:

"But now, after seeing hundreds of stories and reading thousands of comments, you’ve made it clear. You’d rather see Digg go down fighting than bow down to a bigger company. We hear you, and effective immediately we won’t delete stories or comments containing the code and will deal with whatever the consequences might be."



read more | digg story

Posted by Mike at 9:12 AM 0 comments

Tuesday, May 01, 2007

A day that will live in hilarity


Wow. I've never seen anything like this before. Digg
, (yes that Digg) was HIJACKED! Not by malicious hackers, not by lame-ass script kiddies; no. It was hacked by it's own users. Yes, the very people who make Digg what is it, a user-driven news site, rose up and revolted against the Digg bourgise.

What happened? Well, in the last week or so several stories popped up on Digg about the HD DVD decryption key that has been wandering about the interweb. They were posting the key to protest the force-feeding of DRM-infested media to the public. I've never seen a more twisted relationship between an industry and it's customers that that between the RIAA/MPAA and John Q. Public. They seem to both love and despise, distrust and adore us all at the same time. It's really pathetic.

So what does this have to do with Digg? Well, apparently at the behest of the HD DVD group, all stories showing the decryption key were mysteriously removed from Digg. You can read about it here. As a result, the Digg community revolted and began flooding the Digg servers with hundreds of stories that included the decryption key. And to get them on the front page, the rabid hordes began digging up EVERY HD DVD STORY! So that before long, all the stories on the front page of Digg were, in some form or another, about HD DVD and the key. As you can see, I took a screen shot just to prove how hilarious and awesome this was.

Some of the stories were just commenting on the situation, but others were downright ridiculous. Here are a couple of my favorites:


Yeah, that's right.

Hell, even Wikipedia has an article about this. They are calling it "HDDVD Night". Of course, it's been deleted and then protected to prevent recreation, so that's no good. Nothing like a good old fashioned Wikipedia burning.

Maybe we should call this HDDVDnacht.

Brilliant.

By the way, 09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0. VIVA LA RÉSISTANCE!!!

Posted by Mike at 8:43 PM 0 comments

Subscribe to: Posts (Atom)