Archive

Archive for the ‘Computer Security’ Category

How your Maybank2u account might get hacked

August 14th, 2009

Truth be told first, this is not a hacking guide but a reveal of a phishing scam targeted to Maybank2u users.

To many, phishing or the act of cheating you to handover your login particulars to another person might constitute the name of a ‘hack’ although it actually is not.

I will not go into details of naming this tactic, but see for yourself.

*Do note that I think this way of phishing would not be working anymore and in fact I think it doesn’t work at all. Please leave your comment if you think otherwise. 🙂

1) It would start off with an email of warning that you need to login to your account and usually come with a link for you to click. Although this is not new but I bet users who are new to Internet or new to online banking might fall for it.
Why it’s fake : Look out for the content in the email, usually it is not correct at all. Technically there is no such IP address as 767.998.x.x and also bank will not send out email with ‘conforming verifying’ without proof reading.

phishing_email

2) The link will send you to a login page, but of course it is not the real Maybank2u.com website. Even the screen is old, which is why I think this scam is old and might not be working at all.
Why it’s fake : It is not the real website and there is no SSL (the lock icon on your browser) saying it’s a secure site. Try login with a fake id and any password, most likely you’re able to see the next page.

phishing

3) After submission of your login and password then you see a TAC screen?
Why it’s fake : You have not even requested for TAC and it’s asking you for TAC.

phishing2

4) All of a sudden you are logged out after TAC submission. Well, some smart guy will ask you not to login to your account for a few hours.
Why it’s fake : Even way before here I guess it looks fishy right? And now the process shows this author could just be a script kiddie.
phishing3

5) If you go to the main site, of course it is not to be the bank’s website.
Why it’s fake : It’s a personal website! Most likely the website was hacked and the scripts are planted there to act as middleman to send over the login information so that the real Slim Shady behind the job cannot be located.

phishing4

6) Try to do some tracing from the URL path and it lists the files in the webserver.
Why it’s fake : Looks like it’s a dormant site. Most files are updated in 2007 and the phishing files are updated lately.

phishing5

7) Trace deeper down the road.
Why it’s fake : Files are copied from somewhere else as this bankofamerica thing reveals that the same script could have been used for other banks too.

phishing6

8 ) View the source file and see where the data is posted.
Why it’s fake : It’s posting to another website, so this personal website is only a layer of deceit.

phishing7

9) Now visit the second website and leads to a website of manufacturing company?
Why it’s fake : You don’t need to tell this website doesn’t deal with money but with machines only. So it’s another website with planted scripts.
phishing8

10) Trace the script and then the game is revealed. The username and password is emailed to the hacker.
Why it’s fake : Need to say more?

phishing9

I’m not good in PHP, but could someone see if the TAC is sent to the recipient hacker?

From my observation, the hacker probably might not be able to actually hack into the account and do anything damaging without the TAC but he/she has got passwords to two webservers/websites so that scripts are planted there. The scripts probably could have been copied elsewhere too.

While this is not something new, but if the script works, real damage could be done, maybe not to you but to others.
Please beware and warn others that you think they will fall for such traps. (Like your dad or mum or grandpa or grandma?) 🙂

One last thing, if you’re the owner of the two websites that got hacked, please remove the files and change your password.

Computer Security, Good To Know, Gossips, Hardware, Internet, Malaysia , , , ,

How dependant are you to Internet?

July 16th, 2009

I was particularly interested with some headlines today.

Twitter’s @Ev Confirms Hacker Targeted Personal Accounts; Attack Was “Highly Distressing.”TechCrunch

Twitter Gets Hacked, BadlyTechCrunch (January 2009)

In Our Inbox: Hundreds Of Confidential Twitter DocumentsTechCrunch

Our Reaction To Your Reactions To the Twitter Confidential Documents PostTechCrunch

Final Tweet: The Twitter Reality TV Show Pitch TechCrunch

Twitter’s Financial Forecast Shows First Revenue In Q3, 1 billion users in 2013TechCrunch

Hackers embarrass Twitter yet againTheStar

Twitter, Even More Open Than We WantedTwitter Blog

Long story short, a hacker by the name of Hacker Croll was able to compromise the Twitter accounts of founder Evan Williams, his wife, and several employees. The hacker who claims to have accessed hundreds of confidential corporate and personal documents of Twitter and Twitter employees, is releasing those documents publicly and sent them to some French forum and TechCrunch.

twitter-confidential

For TechCrunch, it is of valuable material as they claimed that “We don’t sit around and republish press releases, we break big stories.”. The level of ethics depends on the acceptance of individual or industry where in the case of TechCrunch, they have selected and published documents that do not refer to individuals (that could mean disaster to their career), but chose to only publish leaked documents representing Twitter as an organization.

Twitter eventually had a blog post that concluded the event as The ‘Underwear Drawer’ Analogy. Obviously, these docs are not polished or ready for prime time and they’re certainly not revealing some big, secret plan for taking over the world. As Peter Kafka put it, this is “akin to having your underwear drawer rifled: Embarrassing, but no one’s really going to be surprised about what’s in there.” That is an apt analogy.

What I’m trying to highlight in this post is that Twitter being hacked is beside the point.
That’s why this title is not Twitter got Hacked, again! 🙂
Any popular website would’ve had been hacked once a while, there are hackers who hack to prove they are great, there are those who hack to raise awareness and get people involved to upgrade their system’s security.

The point here is, how dependant are we to the Internet? Not as in people getting addicted or hooked to Internet for games or chat.

The victims of hacking got their online account compromised, and documents including salary, credit card details, photos, plans, confidential documents, and most importantly passwords to other online services. (Think : Underwear type of items). You get embarrassed when they are shown to the public.
Note: Most people have the same password for all online websites/service.

So when the hacker got the Twitter account, he/she got their Google Apps account and also credit card, eBay, PayPal, etc. So what do you have in your emails?

I bet those emails contain loads of useful information to other prying eyes as well, don’t you think?

However, we have reached the era where we are too dependant to Internet. You have online banking, online photo sharing, online mail service, online social service etc.
What if one fine day you have your account suspended and you have no way to recover your data?
What if you have all your photos in Flickr, Picasa or Facebook removed.
What if all your emails are non-accessible?
What if you have trouble remembering all your accounts (id or passwords)?

Do you have a backup of our online data offline?
The world has shifted from paper to paperless to desktop computing to cloud computing.

Yes, you might argue that you choose to use sizable companies like Google. I’d still say the risk is there, and we are depending on them more and more.

How independent are we or how dependant are you to Marvellous Internet?

Computer Security, Good To Know, Gossips, Internet, Technology , , , ,

Green indicator for Extended Validation SSL Certificates

March 4th, 2009

If you’re using Firefox 3 or IE 7, chances are you might notice that the fav icon (Firefox) and url bar (IE) sometimes turn green.

It is one of the security features from the new browsers, to indicate that the communication between you and those websites are highly secured.

Mozilla has explained it in the Firefox 3 Release notes:

More Secure

* One-click site info: Click the site favicon in the location bar to see who owns the site and to check if your connection is protected from eavesdropping. Identity verification is prominently displayed and easier to understand. When a site uses Extended Validation (EV) SSL certificates, the site favicon button will turn green and show the name of the company you’re connected to.

If you’re using Firefox3, try these sites and see the differences:
https://www.godaddy.com/
https://www.paypal.com
https://www.maybank2u.com.my/mbb/m2u/common/M2ULogin.do?action=Login

GoDaddy

PayPal

Maybank2u

Those having EV certs has owner identity vetted by the CA authorities, while typical SSL certs only performs a validation against the domain name. Please do not get confused that typical certs are not secured. All SSL secured sites encrypts data, but those with EV certs has higher trust as their identify has been “verified”.

So in case you’re wondering how you could change your fav icon for Firefox to be so cool, you’d need to buy an Extended Validation SSL for that to happen.

Extended Validation Certificates (EV) are a special type of X.509 certificate which requires more extensive investigation of the requesting entity by the Certificate Authority before being issued. Source : Wikipedia

For IE Users, details here:
http://blogs.msdn.com/ie/archive/2005/11/21/495507.aspx

Computer Security, Internet, Technology , , , , , , , , , ,