Dan Q

Tag: hacking

A Demonstration Of The Next Generation Of ‘Phishing’ Attacks

[this post has been partially damaged during a server failure on Sunday 11th July 2004, and it has been possible to recover only a part of it]

[further content was recovered on 13 October 2018]

If you’ve been on the internet for any length of time at all, you’ll probably have come across the concept of a phishing [wikipedia] attack, or even been the target of one. The idea is that Joe Naughty sends you an e-mail, pretending to be your bank, credit card company, or whatever, and when you click the link in the e-mail it takes you to your bank’s web site. Or that’s what you think, anyway. Actually, you’re at Joe Naughty’s web site, and it just looks like your bank’s web site. And so he tries to trick you into giving him your bank details, so he can rob you blind.

I was recently the target of such an attack (one related to the CitiBank browser-bar scam [bbc news]). In this particular attack, the fake site tries to trick you into thinking it is the real site by making your Internet Explorer address bar ‘disappear’, and then replaces it with a picture of an Internet Explorer browser bar saying that you’re on the real site.

I decided that this was a particularly crude hack, and that I could do better. And …

Article posted at UTC on .

No comments

Royal Welsh Show

I’m writing this from the (badly-protected: just had to go to a page with a particularly funky JavaScript to break out of their front-end browser) BBC Wales bus at the Royal Welsh Show, where Alex and I are working on behalf of SmartData.

Suppose I’d better get back to work and let these kiddies have the ‘net connection back…

Note posted at UTC on .

1 comment

Claire’s Back

=o)

Last night was fun. After spending most of a day hacking into the BBC’s weather centre (I wanted a weather forecast XML stream, but couldn’t find a free one, so with Kit’s help I stole one instead), he, Claire (recently returned) and I went down to the beach after midnight with a bottle of Caern O’Moor Bramble Wine and enjoyed the first cool air the town has seen in most of a week.

I had a weird dream last night. Apparently, so did Kit. Must’ve been something in the wine.

Article posted at UTC on .

No comments

Cool Thing Of The Day

Cool And Interesting Thing Of The Day To Do At The University Of Wales, Aberystwyth, #41:

Discover a major security flaw in the university network, that provides any user with half a brain, a computer in their room, some practice, and a lot of patience, the means to get the password of anybody else on your local workgroup, leaving them exposed to malicious attacks, e-mail theft, use of their print quota, and all kinds of other problems. It’s such a serious problem that I’m not going to go into further detail here, in case this e-mail gets into the hands of somebody on the network. Later, discover that this loophole has already been discovered and is abused by at least one third year student. I’ve arranged for John (who aided me in discovering the problem) and I to meet with network services management to inform them of the problem – simply because we feel threatened by it

The ‘cool and interesting things’ were originally published to a location at which my “friends back home” could read them, during the first few months of my time at the University of Wales, Aberystwyth, which I started in September 1999. It proved to be particularly popular, and so now it is immortalised through the medium of my weblog.

Article posted at UTC on .

No comments