Report Phishing Instantly with gmail

As I was hitting the “Show Original Message” link on my gmail account, I noticed that there is a “Report Phishing” link on my gmail account. 

Very cool.. Anyway here is the latest phishing attempt I got hit with.

This one is supposedly from ebay.  It is saying that some has added a seller to my account.  The only thing is that I don't have an ebay account attached to this email. 

So view the source of an email from your gmail account click “Show Options” Then “Show Original Message.”  Most email software have this feature:

                                                                                                                                                                                                                                                         
X-Gmail-Received: 330662dcee7d7f96e1a81e48ae9c33265fe033b5
Delivered-To: elamb.security@gmail.com
Received: by 10.36.71.17 with SMTP id t17cs20860nza;
        Wed, 11 May 2005 14:15:24 -0700 (PDT)
Received: by 10.36.147.8 with SMTP id u8mr396722nzd;
        Wed, 11 May 2005 14:15:24 -0700 (PDT)
Return-Path: <root@localhost.localdomain>
Received: from localhost.localdomain (cam-in1.ztv.ad.jp [210.236.168.2])
        by mx.gmail.com with ESMTP id 15si749916nzn.2005.05.11.14.15.23;
        Wed, 11 May 2005 14:15:24 -0700 (PDT)
Received-SPF: neutral (gmail.com: 210.236.168.2 is neither permitted nor denied by domain of root@localhost.localdomain)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
 by localhost.localdomain (8.13.1/8.13.1) with ESMTP id j4BLAxdC009474
 for <elamb.security@gmail.com>; Thu, 12 May 2005 06:10:59 +0900
Received: (from root@localhost)
 by localhost.localdomain (8.13.1/8.13.1/Submit) id j4BLAxA5009473
 for elamb.security@gmail.com; Thu, 12 May 2005 06:10:59 +0900
Date: Thu, 12 May 2005 06:10:59 +0900
To: elamb.security@gmail.com
Subject: You have successfully added a new email address
Message-ID: <1115845859.27531.qmail@paypal.com>
From: “eBay” <accounts@eBay.com>
Content-Type: text/html

<DIV><DIV id=message><TT style=”FONT-SIZE: x-small;
FONT-FAMILY:'couriernew',monospace”>You have added <A href=”
http://210.255.65.234/secure/login.html
target=_blank>phoneseller@yahoo.com </A>as a new email address for your
eBay account.<BR><BR>If you did not authorize this change or if you need
assistance with your account, please contact eBay customer service
at:&nbsp;</TT> <P><TT style=”FONT-SIZE: x-small; FONT-FAMILY:
'couriernew',monospace”><A
href=”http://210.255.65.234/secure/login.html
target=_blank>http://scgi.ebay.com/verify_id=ebay</A><BR><BR><BR>Thank
you for using eBay!<BR>The PayPal Team<BR><BR><BR>Please do not reply to
this e-mail. Mail sent to this address cannot be answered. For
assistance, log in to your eBay account and choose the<BR>”Help” link in
the header of any
page.<BR><BR>—————————————————————-<BR>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
PROTECT YOUR PASSWORD<BR><BR>&nbsp;&nbsp; NEVER give your password to
anyone and ONLY log in at <A
href=”http://210.255.65.234/secure/login.html
target=_blank>http://scgi.ebay.com/verify_id=ebay.</A&gt; Protect yourself
against fraudulent websites by opening a new web browser (e.g. Internet
Explorer or Netscape) and typing in the eBay URL every time you log in
to your account.<BR><BR><BR>
—————————————————————&nbsp;&nbsp;&nbsp;&nbsp;
<BR><BR><BR></B>eBay Email ID PP007</TT></P></DIV></DIV>

 

Knoppix STD

If you are a Geek, a computer loving freak, a security professional or
just tech-curious, you should check out Knoppix STD.  And NO, the
“STD” doesn't stand for Sexually Transmitted Disease, it stands for
Security Tools Distribution.

So what is Knoppix?  It is an operating system that runs from a
CD!! I learned about this a few years ago and I'm still blown
away.  It is the perfect tool for Security Professionals and
Hackers because it allows you to boot directly from the Disk and use
all the resources of the comptuer. 

The computer has to be set to boot from a disk of course, but that is
as hitting the F12 key (or whatever key it is.. don't recall.. F8.. no
thats SAFE MODE).  Some laptops are tricky as well.. may take some
tinkering with the different modes.

This sucker has all kinds of hacker, security, and even FORENSICS TOOLS built in it! 

Go out there and down load it.. its free.

MORE ON KNOPPIX STD
EVEN MORE


I got Hacked: phishing, hacking, social engineering, INFOSEC

As a tribute to hacking, white hat and black hat (both the Dark Side and Light Side of the Force) I've put together a page called “I Got Hacked.” 

In it I talk about how I was almost a victim of phishing while on ebay in December 04. I'll also talk more on how I wiped   “trojan-spy.html.smithfraud” from my friends system, since that seems to be popular. 

I'm still working on getting some more content that is more fitting to home computer security made easy, so relax folx.  If you want some basics on how to get some security on your broadband dsl/cable device go my “Broadband Internet Security” page. 

Seems the more aware of information security I become the more hacks I am able to reckognize and get rid of  and the more weakness' and risks I see in other peoples systems, software and social practices. 

I like security and hacking because it can be used to strengthens existing structures be they legal or technological.  And the irony of it all is that all structures must eventually be destroyed for even galaxies die.

There can not be birth without death, light without shadow or security without hacker exploits.

 

Google Web Accelerator – Broadband Internet Security

Google has launched a web accelerator for broadband users.  And security has become an issue.   Some users are conscerned with cokies being copied and/or shared since the Google Web accelerator caches sites on computer systems to make downloads faster.

Web accelerator concerns on digg.com

by: n-g-k (0) on 10:34 AM 5/05/05 | Score:

This is the antithesis of the anonymous proxy, you're giving up privacy for a couple more seconds of speed here and there? Google is going to log everything, find out who goes from what site to whatever other site, datamine, look for patterns, find out all kinds of things about people and society for what purpose? To help them sell more advertising and make more money? Well, that's just the primary reason, who knows what other nefarious motivations there could be. Imagine yourself owning google with all of that supercomputing power, others have said it above, google is the ultimate hacker. You can have your GWA, I say “No thanks!”

Better solution: use Firefox, hold down CTRL when you click, any links you click on will open in a new tab and begin downloading. Using this method you can click a bunch of links you will want to see, then by the time you get to the tabs they are already opened. Use CTRL-W to close the tab when you are done reading it and the next tab will be up.

by: n-g-k (0) on 02:23 PM 5/05/05 | Score:

Here is a very good article that goes along with what I wrote above:

http://www.somethingawful.com/articles.php?a=2858

Broadband Internet Security

In light of the growing amount of broadband users, I've decided to make a page about broadband Internet security

Security seems to be the last thing people think about when it should be the first.  It takes a sluggished compromised system for most users to considered examining their system. 

There are plenty of broadband pages out there but I wanted mine to be a simple walk through for the average compuer user.

Broadband a security issue

Removing TROJAN-SPY.HTML.SMITFRAUD Trojan

My friend around the corner calls me about once a month to clean up his computer.  Usually, its just a simple matter of running
Adaware or HiJackThis.  But this time was different. 

I
was helping my partner clean a trojan off of his Dell the other
day.  And to my surprise Adaware did not remove it.  It also
removed the ability to get to the Task Manager in order to view the
processes and added a link to the desktop. 

I found out it was called TROJANSPY.HTML.SMITFRAUD.  It took more effort than usual to remove, but I did manage to get rid of it with the help of a the Geekstogo! Malware removal forum.  I've found forums to be VERY helpful in getting help cleaing up and securing my home computer with ease.  Here is how I got rid of the Smithfraud.

 http://elamb.blogharbor.com/hacked/removesmitfraud.htm

Why Information System Security Professionals Should Join the ISSA

I’ve finally stopped procrastinating and joined my local Information System Security Association, Colorado Springs Chapter (ISSA-COS).  A few of my co-workers have been encouraging me to join since last year.

 

Over the past year many of the benefits that they’ve enjoyed as member of the ISSA have spilled over on to me.  I
encourage all serious Information security professional to join because
the ISSA has their fingers on the pulse on all information security
events, jobs and seminars at discount prices.  

ISSA members are always up on the latest security events and seminars in town.  Just two months ago, an ISSA member invited me to attend an Certified Ethical Hacking course.  I actually had no idea that there was a “hacking certification” prior to her email.  I attended a free seminar with mile2 and loved it so much I decided to attend the whole course.  I was able to attend an Ethical Hacking Course which my company paid for.  I’ll be going for that cert. soon.

As an ISSA member you will have access to many information security jobs in the area and around the world.  Recently, one of my former co-workers (ISSA member) sent me information on an information security job in Baghdad.  For fear of being apart of a hostage reality show on Al Jazeera TV, I declined.  Would you decline a 300K/year job?  I must admit I think about it every now and then.  My co-worker actually took the job and is much braver than I am.

Discounts on events, seminars and training is another benefit of an ISSA member.  For
example, we are having a local Security+ training that will be held
this Saturday at Colorado Technical University and in May there will is
the SANS Rocky Mountain 2005 – Immersion Training which gives a price cut to all members. 

In my opinion, the best thing about the ISSA is the ability to network with like minded Information Security professionals.  In the local ISSA Chapter there is a meeting once a month with seminars and meetings that include speakers like Phil Zimmerman, creator of PGP and representatives from companies like 3Com’s, TippingPoint.

 

            If you are an information security professional, you should definitely sign up.  Membership is free for 90 days to give you feel for the association (attend a meeting with your 90-day membership).  It
is $99.00 a year for ISSA membership and an additional $25.00 for the
Colorado Springs ISSA division (each local chapter has its own annual
fee).  Don’t be like me and wait a year to join.  The networking is worth your weight in gold or at least 300K/year in an exotic location.

 

Join at http://www.ISSA.org

Building a Network:
Seth Godin has a good post about building a network.

1 169 170 171 172