Lightweight Facebook social engineering scam
We've gotten reports (thanks to Steve who first reported it) of Facebook users receiving messages indicating that their photos have been stolen and posted to a different site (blinksnap.com and cheepfry.com). When you go to the sites, they request name, email and a password and then show you a picture of a monkey as a joke. However, if you enter your facebook account info, all your friends are sent the following message:
"Have been uploading your pics on blinksnap-com-go there
Has anyone informed you your photos are on cheepfry-com-go there"
This doesn't have to be a huge threat. It's only an issue if you are silly enough to provide it with meaningful credentials if you reply at all. Please folk, remember to use unique credentials and don't give away your username/password.
UPDATE: Jeff pointed out that many/most of the sites that are connected to this scam seem to be using an IFRAME pointing at rotating-destination.com/taf/taf.html and most of the sites are resolving to a single IP address - 208.78.242.184
Next Bad Thing(tm) to be announced at CCC
There's currently a lot of discussion on a couple different forums about Alex Sotirov's and Jake Appelbaum's talk scheduled for Tuesday at the CCC. While their description (http://events.ccc.de/congress/2008/Fahrplan/events/3023.en.html) leaves something to be desired, you can find additional discussion on the BreakingPoint Systems' blog: http://www.breakingpointsystems.com/community/blog/Attacking-Critical-Internet-Infrastructure
A quote from HD's blog entry:
"First things first; the reason for secrecy. Their research combined a known weakness in one area with a massive resource investment in another to show that a third party was vulnerable to a practical attack that affects the security of all Internet users. Security researchers often release code and technical documentation to demonstrate a flaw, but in this case, they went a step further and used the attack in the real world to obtain proof that it works. This process required interaction with a third party that will likely do whatever they can to save face once the details become public."
There is a lot of speculation but I'm inclined to just say we're all looking forward to hearing the details and when we have more verified information we'll post it and let y'all know.
CCC video streams available
For those of us who were not able to make it to Berlin for the Chaos Communications Congress this year, it is now possible to get streaming audio and video of the talks here: http://events.ccc.de/congress/2008/wiki/Streaming
They have a wide variety of formats including multicast options and some audio only.
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago