SEARCH RESULTS
 
Showing 1-10 of 78 records
 
Expand article

Phish Page Steals Your Details, Then Logs You In

The Article has images
2008-08-22 14:15:31 by Christopher Boyd in SpywareGuide Greynets Blog
...login details) they see something like this or like this Generally, when net-savvy users get phished, they're alert enough to know that messages such as the ones above are a clue that they might have stumbled onto a Phishing page (assuming they're 100% sure they entered their details correctly, of course). This "break" in the login...
 
Tags: phish, phish page steals, phish page, visit phish page, page, phish page takes, details, login details, login
 
 
 
 
Expand article

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit
 
...login to WordPress with your username and password, and then the login page issues you a cookie such as the one below Set-Cookie: wordpress 52440d615a927011d57374216b3ff789= admin%7C1209329209%7C7d5e9e67d8f74a2b657b2e63437a1241; path=/blog As expected, the cookie contains the username, expiration in epoch time, and an MD5 hash (the %7Cs are...
 
Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness
 
 
 
 
Expand article

MySpace Phishers Now Targeting Facebook

The Article has images
2008-01-07 19:20:52 by HASH0x898bea0 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...login details and passwords. Some Facebook users checking their accounts Wednesday found odd postings of messages on their "wall" from one of their friends, saying: "lol i can't believe these pics got posted.... it's going to be BADDDD when her boyfriend sees these," followed by what looks like a genuine Facebook link. But the link leads to a...
 
Tags: facebook, site facebook, facebook users, genuine facebook link, login details, login, myspace, facebook-login, malware
 
 
 
 
Expand article

Phishing Tactics Evolving

The Article has images
2008-04-21 11:18:17 by HASH0x85bed5c in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...login.controller user-142o3ds.cable.mindspring.com /halifax-online.co.uk/ mem bin/halifax LogIn/formslogin.aspsource=halifaxcouk stolnick-8marta-8b-r1-c1-45.ekb.unitline.ru /halifax-online.co.uk/ mem bin zux006-052-125.adsl.green.c h/onlineid/cgi-bin/onlineid.bankofamerica/sso.login.controller rrcs-74-218-5-6.central.biz.rr.com...
 
Tags: halifax-online, halifax, mem binformslogin, user, user-142o3ds, web application vulnerabilities, mem binhalifax loginformslogin, vulnerable sites, turkish defacement
 
 
 
 
Expand article

Anton Security Tip of the Day #16: Virtually There - Journey Into VMWare ESX Log Analysis

2008-08-25 12:11:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...logins to the ESX platform and identify logs that indicate a successful and failed attempts to log in. Here are a few useful examples to analyze Successful logins May 30 09:20:42 esx2 su(pam unix)[9405]: session opened for user root by jhonny(uid=1626 This is a classic Linux root login message; you can watch for these by searching VMWare ESX...
 
Tags: vmware, vmware esx, analyze vmware logs, analyze, vmware esx logs, esx, security tip, anton security tip, user
 
 
 
 
Expand article

Its not just about a strong password any more

2008-11-28 16:30:52 by Doug Woodall in The Spyware Biz Blog
 
...login name clipped from www.pcworld.com Logins Are Half Your Access Thieves need the login and password to access your accounts, so make the login difficult to guess, too. Avoid a simple, name-based method; add extra numbers, letters, or an ID thats entirely different. Ideally, use unique logins (and passwords) for each service to...
 
Tags: login difficult, logins, login, unique logins, password, customer service representative, service, accounts, sensitive accounts
 
 
 
 
Expand article

New Year's Resolutions for choosing online retailers

2007-12-20 09:31:28 by Andras Cser in Security & Risk Management
 
...login Vendors: ActivIdentity, Entrust, CRYPTOcard, Secure Computing Safeword, RSA Security, VASCO Data Security One time password software (costly, medium level of security, medium user inconvenience User has a portable device (cell phone) with software that generates OTP Vendors: ActivIdentity, Entrust, CRYPTOcard, PortWise, RSA Security,...
 
Tags: user inconvenience, low user inconvenience, users desktop, users desktop software, software, medium user inconvenience, low, imagic software, user
 
 
 
 
Expand article

Identity Framework Probable Feature List

The Article has images
2007-12-16 06:42:00 by Keith Brown in Security Briefs
...login controls (three right now FederatedPassiveSignIn (I'm guessing this is for doing traditional ADFS v1 style logons InformationCard (login control that accepts information cards SignInStatus (probably similar features to ASP.NET's LoginStatus Fx helps you build relying parties InformationCard login control You can specify whether you want...
 
Tags: informationcard login control, login control, information card serializer, information, control, user authentication methods, user, custom sts, card
 
 
 
 
Expand article

Update on the MySpace Phishing Campaign

The Article has images
2007-12-10 21:50:56 by HASH0x899feb4 in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...login redirector from 319303.cn/login.php to z8atr.cn/login.php , and the attached z8atr.cn's fast-flux can be greatly compared to that of Storm Worm's fast-flux networks in terms of its size. The updated campaign is also taking advantage of the following DNS servers Name Server: ns1.4980603.com Name Server: ns2.4980603.com Name Server:...
 
Tags: myspace, fast-flux networks, fast-flux, attack vectors include, campaign, server, attack, exploit content results, primary infection vectors