tag:blogger.com,1999:blog-7885177434994542510.post2264574133307781367..comments2024-02-18T03:42:38.869-05:00Comments on contagio: Targeted attacks against personal accounts of military, government employees and associatesMilahttp://www.blogger.com/profile/09472209631979859691noreply@blogger.comBlogger10125tag:blogger.com,1999:blog-7885177434994542510.post-82907511533076477272011-06-23T20:42:08.020-04:002011-06-23T20:42:08.020-04:00thanks for taking the time to post this valuable i...thanks for taking the time to post this valuable information.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-24696659487991643312011-06-15T03:31:56.239-04:002011-06-15T03:31:56.239-04:00Excellent article Mil!
I have had the very same ...Excellent article Mil!<br /><br /><br />I have had the very same problem with targeted attacks against my gmail account. Probably because I used to do work about free China.<br /><br />I mean, free internet China.nobodyhttps://www.blogger.com/profile/02058722343381406390noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-70805393236390454562011-06-03T20:17:03.242-04:002011-06-03T20:17:03.242-04:00Anonymous said...
This gives too much emphasi...Anonymous said...<br /><br /> This gives too much emphasis on insignificant visual clues that the attacker can easily resolve. Unless your trying to embarrass the attackers with their shoddy work.<br /><br /> An attacker could easily create a perfect and upto date visual clone with correct page name and links. The only significant information here for end users is that the domain name is wrong and ssl is not used and they could even of done a better job of that. Perhaps using a phishing address such as goog1e.com and enabling ssl.<br /><br /> The best advice for high profile targets, is to understand howto verify the site certificate is the correct one for google. The browsers could do more here.<br /><br /> I'm also very found of the two stage authentication mechanism from Google, that makes this type of attacker very difficult.<br /><br /> - Matt<br /> [ Not available for designing scams :-) ]<br /><br />-- The visial clues are not advice and things to watch for the future but explanation for the past event. I am sure the next one will be better done and perhaps very different.Milahttps://www.blogger.com/profile/09472209631979859691noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-1231338454836352272011-06-03T20:14:39.437-04:002011-06-03T20:14:39.437-04:00Anonymous said...
So, how do the photo attach...Anonymous said...<br /><br /> So, how do the photo attachments lead to a problem? Or is the photo not valid so it might get opened up with something that can read more than just images?<br /> June 1, 2011 7:21 PM <br /><br />-- this is not a photo and not a doc, and not a pdf. All links for View Download are just URLs leading directly to a fake, credential harvesting gmail pageMilahttps://www.blogger.com/profile/09472209631979859691noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-72333857885204184312011-06-03T06:10:39.863-04:002011-06-03T06:10:39.863-04:00This is incredible information about this widely r...This is incredible information about this widely reported Gmail attack. Thank you for the very informative info!Garyhttps://www.blogger.com/profile/10729324607178015221noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-45969481528823411192011-06-01T19:34:14.572-04:002011-06-01T19:34:14.572-04:00This gives too much emphasis on insignificant visu...This gives too much emphasis on insignificant visual clues that the attacker can easily resolve. Unless your trying to embarrass the attackers with their shoddy work.<br /><br />An attacker could easily create a perfect and upto date visual clone with correct page name and links. The only significant information here for end users is that the domain name is wrong and ssl is not used and they could even of done a better job of that. Perhaps using a phishing address such as goog1e.com and enabling ssl.<br /><br />The best advice for high profile targets, is to understand howto verify the site certificate is the correct one for google. The browsers could do more here.<br /><br />I'm also very found of the two stage authentication mechanism from Google, that makes this type of attacker very difficult.<br /><br />- Matt<br />[ Not available for designing scams :-) ]Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-65420271748509377772011-06-01T19:21:28.183-04:002011-06-01T19:21:28.183-04:00So, how do the photo attachments lead to a problem...So, how do the photo attachments lead to a problem? Or is the photo not valid so it might get opened up with something that can read more than just images?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-57007828925909483802011-02-25T11:03:53.792-05:002011-02-25T11:03:53.792-05:00It looks it is not working. Never mind. If I find ...It looks it is not working. Never mind. If I find a working version I will let you know.<br /><br />Thanks,<br /><br />[!v@n][!v@n]http://nebezpecne.info/blognoreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-78906565003520243482011-02-18T11:41:12.539-05:002011-02-18T11:41:12.539-05:00Right, it works on IE6 only. I don't read Chin...Right, it works on IE6 only. I don't read Chinese but sounds like they may have a POC for IE7/8 - not sure. http://www.hackline.net/a/school/bdzs/fmuma/2010/0602/4175.htmlMilahttps://www.blogger.com/profile/09472209631979859691noreply@blogger.comtag:blogger.com,1999:blog-7885177434994542510.post-76104663669804251142011-02-18T10:11:30.937-05:002011-02-18T10:11:30.937-05:00Hi Mila,
res protocol has been disabled for Inter...Hi Mila,<br /><br />res protocol has been disabled for Internet Zone since IE6 SP1. Do you know how to achieve the same without res and without malicious zone escalation on the client site please?<br /><br />Thanks,<br /><br />[!v@n][!v@n]http://nebezpecne.info/blognoreply@blogger.com