-
December 16th, 2004, 10:40 PM
#11
I got an interesting one today frowarded by me CEO, (Yes, they're getting it finally...), purporting to be from Smith Barney. When I clicked the link I guess it was intercepted by the offending IP's ISP because it popped up a cute little window that simply stated "For security reasons this port is unavailable". A very elegant way of blocking the problem while they fix the cause.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
December 16th, 2004, 11:04 PM
#12
We have a new one here in Canada as I was warned by this email from CIRA
CIRA Warns Dot-ca Domain Name Holders of Misleading Verification Notices Protect your domain name. Do not share your CIRA User Account Number or Password with anyone!
Ottawa, December 13, 2004 - The Canadian Internet Registration Authority
(CIRA) is advising dot-ca domain registrants (holders of dot-ca domain
names) NOT TO RESPOND OR REPLY TO ANY EMAILS requesting verification of CIRA User Account Numbers and Passwords.
CIRA has learned that an unknown party is attempting to obtain CIRA User Account Numbers and Passwords from dot-ca registrants by sending MISLEADING EMAIL NOTICES that appear to originate from CIRA. These misleading emails request that CIRA User Account Numbers and Passwords be provided to validate registrant information and prevent domain name suspension (inactivation).
The emails originate from COMPLIANCE@CIRA.CC. CIRA's compliance email address is COMPLIANCE@CIRA.CA
If you have replied to an email requesting your CIRA User Account Number and Password, and have included your CIRA User Account Number and Password in your reply, PLEASE CONTACT YOUR REGISTRAR IMMEDIATELY to request a new CIRA User Account Number and Password. If you do not know the name of your registrar, you may obtain it by entering your dot-ca domain name in the WHOIS field at http://whois.cira.ca/public
For additional information: http://www.cira.ca/news-releases/139.html
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
December 17th, 2004, 02:50 PM
#13
Ms Mittens, on your second point:
Checking creditcard validity is relatively easy:
Here's a little pascal that will do the job:
Code:
// Perform LUHN check on a credit card number
function CCLUHNCheck(CardNumber: string): Boolean;
var
Pos, Total, Temp: Integer;
Double: Boolean;
begin
Double := False;
Total := 0;
for Pos := Length(CardNumber) downto 1 do
begin
if Double then
begin
Temp := 2 * StrToInt(MidStr(CardNumber, Pos, 1));
if Temp < 10 then
Total := Total + Temp
else
Total := Total + (Temp - 9); // (Equivalent to adding two digits together)
end
else
Total := Total + StrToInt(MidStr(CardNumber, Pos, 1));
Double := not Double;
end;
if Total mod 10 = 0 then
Result := True
else
Result := False;
end;
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
December 17th, 2004, 02:54 PM
#14
Oh.. it may be easy but I've rarely seen it actually used. Many of the phishings I've seen prior to this don't take the time/effort to do that.
-
December 17th, 2004, 02:58 PM
#15
A more intelligent phisher...
Didn't want to go to the trouble of filtering out the garbage or to make the phish look more real? I wonder what the real motive was..
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
December 17th, 2004, 05:25 PM
#16
There's to the best of knowledge a new IE security flaw that allows a phisher to show a legitimate web address for example paypal.com but redirect the unsuspecting to a different site. A test can be found on http://secunia.com/internet_explorer...rability_test/ this is an IE only bug. I did a search and could not find an announcement of the bug (if I missed it PM me and I'll delete this post)
Regrads,
-D
If you spend more on coffee than on IT security, you will be hacked. What\'s more, you deserve to be hacked.
-- former White House cybersecurity adviser Richard Clarke
-
December 18th, 2004, 09:34 PM
#17
Actualy I don't think the site verified whether the credit card was real or not..Only that the details entered matched the format of a credit card.
I'm only just learning javaScript but that is the impression i got looking at the sites sourse.................On the original site the script was not visible. The fake just looked like it was a course grab, with some bs javascipt added..............................Im not sure but i think submitted information would have been forwarded to another site hosted localy and not in the public domain.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|