Sponsorised links
This year
Webmails : un chercheur en sécurité réfute la thèse de l'attaque par phishing - Actualités - ZDNet.fr
by srcmax
(via)
Alors que Google et Microsoft assurent que ces données ont été obtenues via une vaste opération de phishing, un chercheur en sécurité affirme que la méthode est tout autre et bien plus inquiétante. D'après Mary Landesman de chez ScanSafe, les données ont été collectées par des botnets qui sont allés se servir dans des PC infectés par un cheval de Troie ou un enregistreur de frappe (keylogger).
20,000+ Gmail, Yahoo, AOL Accounts Compromised [ALERT]
by srcmax
Unfortunately, Hotmail was only the beginning. Google (Google) has now confirmed that thousands of Gmail (Gmail) accounts were compromised by an “industry-wide phishing scheme.” According to the BBC, the login data of over 30,000 Hotmail, Gmail, Yahoo, AOL, Comcast, and Earthlink accounts have been posted online.
1Password
by rmaltete
Password Manager Automatic Form Filler for Mac OS X
Too Many Passwords to Remember?
1Password takes care of all your online passwords so you can use strong and unique passwords for every site and never forget any of them! Here are just a few of the unique features of 1Password:
Enters online usernames and passwords so that you don't have to remember them. details...
Strong Password Generator automatically creates and fills passwords. details...
Built-in Anti-Phishing and Keylogger Protection provides security and peace of mind. details...
Take your information anywhere on your iPhone/iPod touch or Palm. details...
Goes far beyond Safari's AutoFill. details...
Sponsorised links
2008
MD5 considered harmful today
by karlcow
This successful proof of concept shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites. Banking and e-commerce sites are particularly at risk because of the high value of the information secured with HTTPS on those sites. With a rogue CA certificate, attackers would be able to execute practically undetectable phishing attacks against such sites.
suite: les impayées, le Maroc, le phishing et les proxy
by night.kame
Si vous avez un proxy, un TOR sur votre serveur que vous proposez sur votre serveur nous vous invitons de le fermer. Dans le cas contraire, nous allons suspendre le serveur (voir tous les serveurs que vous avez chez Ovh) et suspendre le contrat. Ce genre de service sont un danger et une insécurité pour notre réseau et, en respectant notre contrat, nous allons prendre les mesures nécessaire pour sécuriser au maximum notre réseau à ce niveau là aussi.
Chez OVH, on vous fait bien comprendre que vous n'êtes que locataire.
Logmonster FAQ - The Network People, Inc.
by camel
Typical Scenario: You have a web server that serves your domain. You write a simple script to restart apache each night and pipe the logs off to your analyzer. It works.
ISP/Hosting Scenario: Each server hosts many domains. You may also have load balanced servers (multiple machines) serving each domain. A tool like this is necessary to:
1. collect all the log files from each server
2. split the logs based on the virtual host(s)
3. discard invalid entries (phishing, referrer spam, etc)
4. sort them into chronological order
5. feed logs into analyzer
6. do something with the raw logs (compress, save to vhost dir, etc)
[edit]
disambiguity - » Design Ethics - Encouraging responsible behaviour (en)
by CharlesNepote
Leisa Rechelt appelle les réseaux sociaux à plus des responsabilité dans leurs pratiques d'interopérabilité. Sous prétexte de commodité (souvent découvrir de nouveaux amis), certains réseaux sociaux nous demandent nos identifiants et mot de passe de certains de nos comptes (gmail, hotmail, twitter, etc.). Dans la réalité, cette pratique représente un gros problème car elle crée un (amical) précédent qui ouvre grand la porte au phishing.
A-I3.org - Home
by pooky_a
Nachdem zu Beginn der Tätigkeit von a-i3 der Fokus auf die Problematik des Phishing gerichtet war, hat sich das Themenspektrum in der folgenden Zeit stark erweitert. Heute umfasst der für a-i3 relevante Themenbereich das gesamte Gebiet des Schutzes von Identitäten und Identifizierungsdaten im Internet. ai3 hat es sich zur Aufgabe gemacht, den Schutz der Internet-Nutzer gegen alle Formen des Identitätsmissbrauchs zu verbessern. Um dieses Ziel zu erreichen informiert a-i3 über Identitätsdiebstahl, erforscht diese Problematik und sucht nach technischen und rechtlichen Lösungen (z.B. technische Schutzmöglichkeiten; Rechte und Pflichten im Umgang mit Identitätsdiebstahl).
Secuser.com - Sécurité informatique et protection de la vie privée
by chawouine
& 7 others
Tout savoir sur les derniers virus,hoax,phishing,spam,et meme sur les failles de sécurité...
2007
Category:OWASP Guide Project - OWASP
by cascamorto
* 1 Frontispiece
* 2 About The Open Web Application Security Project
* 3 Introduction
* 4 What are web applications?
* 5 Policy Frameworks
* 6 Secure Coding Principles
* 7 Threat Risk Modeling
* 8 Handling E-Commerce Payments
* 9 Phishing
* 10 Web Services
* 11 Ajax and Other "Rich" Interface Technologies
* 12 Guide to Authentication
* 13 Guide to Authorization
* 14 Session Management
* 15 Data Validation
* 16 Interpreter Injection
* 17 Canonicalization, locale and Unicode
* 18 Error Handling, Auditing and Logging
* 19 File System
* 20 Distributed Computing
* 21 Buffer Overflows
* 22 Administrative Interface
* 23 Guide to Cryptography
* 24 Configuration
* 25 Software Quality Assurance
* 26 Deployment
* 27 Maintenance
* 28 GNU Free Documentation License
* 29 Reference
Melissa la stripeuse rend les humains aussi dociles que des robots
by kasi77
Dans les (gué)guerres informatiques, ce qui fait en général la différence c’est le social engineering (ou “ingénierie sociale”), qui consiste en gros à travailler l’humain plutôt que la machine. Par exemple, pourquoi passer des heures à essayer toutes les combinaisons d’un mot de passe, alors qu’il est si facile d’appeler son propriétaire en se faisant passer pour le support technique, et le lui demander directement par téléphone. Forcément, en général c’est plus compliqué, mais en fait pas tant que ça, comme le prouve les nombreux emails de phishing (ou “hameçonnage“) à la mode en ce moment.
PhOff Home
by CharlesNepote
& 2 others
" Welcome to the home of the
Anti-Phishing, Anti-Pharming, Anti-SpooPhing
FireFox Extention
Ph-Off "
The Undevelopment Blog » Identity Manager: A Browser-Based Solution to OpenID Phishing
by CharlesNepote
"It seems like the OpenID community is currently bothered with the following two questions:
1. OpenID facilitates phishing. What can be done about this?
2. FireFox 3.0 will have CardSpace and OpenID support. What does that mean?"
Free Internet Security Software Suite | Award Winning Protection removes adware, phishing, spam, spyware and virus threats
by cascamorto
(via)
CyberDefenderFREE 2.0 - The All-Free Internet Security Suite
CyberDefenderFREE will protect you against spyware, viruses, malware, adware, phishing scams and dangerous spam.This inclusive Internet security software suite is completely free and is supported by safe and discreet advertising.
Beginner's guide to OpenID phishing
by philippej
& 2 others
(via)
« ... how to do a very simple phishing attack that already works for most OpenID providers. »
Active Wall Free Edition
by lsjames
Active Wall Free Edition is the professional and free gateway filtering software. The main functions are url wildcard filter, web content filter, post keyword filter, upload file wildcard filter, traffic monitor. It installed in gateway server and provides continuous enterprise-wide protection against the full range of Internet threats, from viruses and phishing attacks to inappropriate use of system resources to regulatory non-compliance.
Active Wall Free Edition includes the following plugins: Show Flux,HTTP Filter. 10 License only, free forever.
http://download.lanctrl.com/en/awallfree.msi
Beginner's guide to OpenID phishing
by mbertier
& 2 others
(via)
OpenID is a web-based, distributed authentication protocol set to become a standard way of signing in to websites. OpenID enables you to keep control over your own identity by separating identity 'providers' and 'consumers'. You register your 'identity' or 'account' at a single OpenID provider and then you have instant access to a vast array of service providers that are OpenID consumers. However, with great power comes great responsibility. OpenID is highly susceptible to phishing attacks unless proper counter-measures are taken by the providers. We will demonstrate how to do a very simple phishing attack that already works for most OpenID providers. We will also give some possible (non-)solutions to the problem.
