InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘clickjacking’

GMA Fake Site and Tricks Scammers Use

Posted by Jaime Raphael Licauco, CISSP, GSEC on February 25, 2009

GMA News warned the public last week regarding a fake site that reports fake news, which has fortunately been taken down as of press time. This reminds me of the recent fake news item about Megan Fox being a man. If anyone actually checked that site’s menu, they’d see links to a “Mutants” section and an “Aliens” section, which should readily warn anyone about the veracity of news on that site. Unfortunately some educated people believed that piece of news, which is really quite sad.

CSOOnline came out with an article detailing the Dirty Tricks: Social Engineers’ Favorite Pick-Up Lines, which are divided as Social Networking Scams, Office Offenses and Phishing Lures:

    Social Networking Scams
    “I’m traveling in London and I’ve lost my wallet. Can you wire some money?”
    “Someone has a secret crush on you! Download this application to find who it is!”
    “Did you see this video of you? Check out this link!”
    Office Offenses
    “Hi, I’m from the rep from Cisco and I’m here to see Nancy.”
    “This is Chris from tech services. I’ve been notified of an infection on your computer.”
    “Can you hold the door for me? I don’t have my key/access card on me.”
    Phishing Lures
    “You have not paid for the item you recently won on eBay. Please click here to pay.”
    “You’ve been let go. Click here to register for severance pay. “

Check out the site link above for more details.

The same author, Joan Goodchild, also wrote about Social Engineering:8 Common Tactics, and 3 Ways a Twitter Hack can Hurt You, which might interest you if you want to learn more about Social Engineering.


Tips
If in case you aren’t using encryption yet and want an easy and free encryption solution, you may want to check out TrueCrypt. Tom’s Hardware has published a how to and review to start you out.


Auditing
A consortium of US agencies and organizations released a draft of the Consensus Audit Guidelines that define the 20 most critical security controls to protect federal and contractor information systems.
The press release states that: “The CAG initiative is part of a larger effort housed at the Center for Strategic and International Studies in Washington DC to advance key recommendations from the CSIS Commission report on Cybersecurity for the 44th Presidency.”


Other Security News
(The Register) New OS X research warns of stealthier Mac attacks
(The Register) Banking app vuln surfaces 18 months after discovery
(The Register) Hacker pokes new hole in secure sockets layer
(PCWorld) New Attacks Target IE7 Flaw
(PCWorld) IE8 Focuses on Improved Security and Privacy
(PCWorld) Microsoft Adds Clickjacking Protection to IE8 RC1
(PCWorld) Downloads for Hard Economic Times

Advertisements

Posted in Awareness, News, Philippines, social engineering, Social Networking | Tagged: , , , , , , , | Leave a Comment »

Hack in The Box Conference 2008 Materials

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 1, 2008


Amitpal Dhillon – Addressing Identity Management.pdf
3.7M


Dino Dai Zovi – Mac OS Xploitation.pdf
623K


Ero Carrera – Analysis and Visualization of Common Packers.pdf
3.7M

Hernan Ochoa – Pass-The-Hash Toolkit for Windows.pdf 535K


Jim Geovedi – Hacking a Bird in the Sky 2.0.pdf
3.1M


Julian Ho – Moocherhunter.pdf
124K


Peter Silberman – Full Process Reconstitution from Memory.pdf
144K


Alexander Tereshkin – Bluepilling the Xen Hypervisor.pdf
8.3M


Alexander Tereshkin – Bluepilling the Xen Hypervisor Demo (Large File)
142M


Eric Lawrence – IE 8 – Engineering a Trustworthy Browser.pdf
13M


Jonathan Squire – A Fox in the Hen House.pdf
3.5M


Paul Craig – Hacking Internet Kiosks.pdf
1.2M


Roberto Preatoni – Time for a Free Hardware Foundation.pdf
11M


Saumil Shah – Browser Exploits – A New Model for Browser Security.pdf
2.1M


The Grugq – How the Leopard Hides His Spots.pdf
01-Nov-2008 12:39 128K


Mel Mudin and Lee – Advanced Network Forensics Lab Demo (Large File)
29M


Charlie Miller – iPwning the iPhone.pdf
9.8M


Charl van Der Walt – Pushing the Camel Through the Eye of a Needle.pdf
23M


Ilfak Guilfanov – Decompilers and Beyond.pdf
418K


Kris Kaspersky – Remote Code Execution Through Intel CPU Bugs.pdf
1.3M


Petko D Petkov – Client Side Security.pdf
1.0M


AR Samhuri – Next Generation Reverse Shell.pdf
7.7M


Adrian Pastor – Cracking into Embedded Devices and Beyond.pdf
889K


Mary Yeoh – Security Penetration Testing at RTL Level.pdf
4.4M


Matthew Geiger – How to Build Your Own Password Cracker and Disassembler.pdf
471K


Shreeraj Shah – Top 10 Web 2.0 Attacks.pdf
1.1M


Advanced Wireless Lab (Very Large File)
1.2G


Ching Tim Meng – Detecting and Removing Malware without Antivirus Software.pdf
321K


KEYNOTE 1 – Jeremiah Grossman – The Art of Click-Jacking.pdf
2.5M


KEYNOTE 2 – Marcus Ranum – Cyberwar is Bullshit.pdf
54K


KEYNOTE 3 + 4 – The Pirate Bay Dissolving a Billion Dollar Industry as a Hobby.zip
38M

Posted in conferences, News, Whitepapers | Tagged: , , , , , , , , , , , , , | Leave a Comment »