Blog’s 1st year – Over 5000 visits
Dear readers,
It's with great pleasure I announce that this blog has come to its 1st year 
During this year we've covered several important issues, and we've also experienced periods without any posts (for instance, this blog doesn't know what July was )
The level of visits started slowly, with just a few at the beginning, but in the last few months the daily average raised significantly.
Just by chance, on the day of its birthday the blog passed the 5000 visits, reaching the total number of 5078 since August 18th 2009, the day I installed the ClusterMaps service.
I leave here as a remembering the map of this year's visits, just before it was reset:
I wish we can still cover important issues next year, even more than during this year.
I hope you can understand that the writer is a fan of his job, and has always several projects to attend simultaneously so there may be a few days from post to post.
I thank you all for your visits, your support and your words. Do not hesitate to contact me if you need anything.
My deepest regards, here's for a fruitful next period.
Home-made phishing attack
I thought about seeing how far I could get when trying to assemble a phishing site.
First, I chose a provider, in this case Gmail. Then, I downloaded the original login site and did the following adjustments:
- I cut all communications the site did to Google
- I changed the user and password information destination
- I manually added a Favicon from the provider's official icon repository
- I created a new script that receives the information sent from the login site and shows it on-screen
The finished product turned out to be a Gmail home site, dangerously similar to the original, with a behaviour dangerously different.
In order to really know how easy is to make this part of the attack, I can tell you that it took me approximately half an hour of a very relaxed work.
For this to be a full Phishing attack, the next step would be to deceive the user into entering the address where the site is being hosted, believing he's entering Gmail's real site.
I will clearly NOT ease that task for you, but I will leave you with the login site, that independently is harmless.
I invite you to test the site (by entering fake credentials, obviously).
Next provider, Facebook
Link: http://www.matiaskatz.com/gmail/
Ticket drawing: 1st Communication and Mobile Solutions Security Conference
Sorry, this post is about a conference given in Buenos Aires, Argentina.
In Fraganti – Case #3, center-location company, City of Buenos Aires
Today I was walking by the street ...I better not tell..., and I stumbled upon a discovery, both beautiful and terrible at the same time.
A working post with its BACK to the street. Yes, as you read it, a fully functional working booth, with drawers and papers and A PC, installed in a way that the operator stays with his back to the street, and having the PC screen and the papers at plain sight from the street, since this company is in the ground floor and the front is made of glass and without curtains.
I leave you with a picture so you can laugh of the situation:
By the time I took the picture the booth had been occupied, but when I first noted the violation there was nobody sitting. In the PC screen you could see the inbox of a corporate mail account. Then, when the operator sat down and the other lady came to ask for something, the inbox was minimized letting a beautiful CRM with the company's content come to focus.
When I got to take the second picture from the far, a security guard had already appeared on the window (as you can see circled in red in the picture), who was making me a negative sign with his finger, letting me know that I wasn't allowed to take pictures... To which I politely answered "I'm on the public street" while comfortably taking the picture, ignoring his incoherent prohibition.
Needless to say, this is a SERIOUS security fault, caused by a LACK of logic from whoever takes the decisions about the subject at this company.
It's such an incredible situation, and it's such an obvious opinion the one any security professional may have about this, that there's no sense in writing anything else about the issue.
I'll simply leave you with the pictures so you can stare with your mouths open, and shaking your heads from left to right trying to understand how this kind of things keep happening.
Computer law E-Magazine #4
The fourth edition of the Computer Law E-Magazine has been published, in which there's an article written by me about Law & IT.
You can download the magazine from this link (Spanish): http://www.asegurarte.com.ar/Revista_Elderechoinformatico_N4.zip
Link to the full article (Spanish): http://www.elderechoinformatico.com/index.php?option=com_content&view=article&id=321:-revista-electronica-el-derecho-informatico-no-4-junio-2010&catid=82:revista-electronica&Itemid=111
I will publish the article here in 2 weeks.
Tags
Recent Posts
- Blog’s 1st year – Over 5000 visits
- Home-made phishing attack
- Ticket drawing: 1st Communication and Mobile Solutions Security Conference
- In Fraganti – Case #3, center-location company, City of Buenos Aires
- Computer law E-Magazine #4
Archives
- August 2010 (3)
- June 2010 (4)
- May 2010 (3)
- April 2010 (3)
- March 2010 (2)
- February 2010 (6)
- January 2010 (16)
- December 2009 (6)
- November 2009 (2)
- October 2009 (7)
- September 2009 (12)
- August 2009 (4)
- July 2009 (4)
- June 2009 (4)
- May 2009 (4)