Exploring Historical & Emerging Phishing Techniques

Exploring Historical & Emerging Phishing Techniques
No Comments

International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.4, July 2013
DOI : 10.5121/ijnsa.2013.5402 23

Marc A. Rader1 and Syed (Shawon) M. Rahman2, *
1CapellaUniversity, Minneapolis, MN, USA and Associate Faculty, Cochise CollegeAZ, USA
Mrader3@CapellaUniversity.edu
Associate Professor of Computer Science at the University of Hawaii-Hilo, Hawaii,
USA and Part-time Faculty at Capella University, Minneapolis, USA
*SRahman@hawaii.edu
ABSTRACT
Organizations invest heavily in technical controls for their Information Assurance (IA) infrastructure.
These technical controls mitigate and reduce the risk of damage caused by outsider attacks. Most
organizations rely on training to mitigate and reduce risk of non-technical attacks such as social
engineering. Organizations lump IA training into small modules that personnel typically rush through
because the training programs lack enough depth and creativity to keep a trainee engaged. The key to
retaining knowledge is making the information memorable. This paper describes common and emerging
attack vectors and how to lower and mitigate the associated risks.
KEY WORDS
Security Risks, Phishing, Social Engineering, Cross Site Scripting, Emerging Attack Vectors, DNS poising.
1. INTRODUCTION
Phishing is a social engineering technique that is used to bypass technical controls implemented
to mitigate security risks in information systems. People are the weakest link in any security
program. Phishing capitalizes on this weakness and exploits human nature in order to gain access
to a system or to defraud a person of their assets.

Adrian Lamo

Adrian Lamo
No Comments

img-article-shenon-adrian-lamo_075825934724-300x199

Inverview taken on: 1/12/01

What are your current AIM screen names? Line Trace
What is your e-mail address? adrian@adrian.org
Do you have a web site? inside-aol.com, terrorists.net, securid.org
What is your real name? Adrian Lamo. . if you want to be technical, its the Doctor Reverend Adrian A. Lamo, Ph.D . . Doctor of Divinity and minister through the Universal Life Church, the grandma of all diploma mills everywhere. . .i don’t take those seriously, and don’t expect anyone else to, but i put them on my resume and my business cards to make a point of my disdain for the certification and educational process.
Where do you live? i move around alot .. i like to travel, and have lived on both coasts, and spent a couple years in south america. . i’m in transit right now. . but am based out of San Francisco.
How old are you? 19
What are your hobbies? i like to break and explore. breaking things is integral to the progression of technology. . people accuse me of being directionless, but i think its important to drop dynamite into the pond sometimes, to see what floats up. in my copious free time, i like to explore abandoned buildings and sewer systems, as well as exploring occupied buildings – its amazing how many security guards will escort you up to the roof of a skyscraper if you only ask, or won’t even stop you if you look like you know where you’re going. . urban exploration is definitely a big passtime. one of the reasons i like to travel, too., i used to be involved in local activism and whatnot. . worked with the city government, stuff like that. . i’m massively disinterested in politics now though.
How would you describe your physical appearance? scrawny geek ; )
What do you hope to do as a profession? same as i do now. . short term, interesting contracts for worthwhile places. i’ve been working since i was 16, and have run through a pretty big variety of jobs and contracts. . most of them designed to be short term .. i did a 3 month security audit for a fortune 500 company once, that was probably the most interesting. . but i’ve worked for everything from nonprofits to law firms to private investigation firms. . i set up a Netzero account for one of kevin mitnick’s former attorneys at one of them, of all the ironic things. . thats the sort of thing i want to keep doing. i don’t want to be stuck behind the same desk all my life, working at the same place until i have too much invested in what i’m doing to be able to do anything to risk it.
How long have you been on AOL? used the service briefly when i was younger, when it was known as Quantum Link, and i was playing around with my commodore 64. . but i didn’t start to really use it til the mid-90’s. . i used AOL 1.6 for DOS/GeoWorks for the longest time, and actively resisted going over to the Windows version until they started disabling features one by one. .they eventually sunsetted it altogether in June of 1999. So. .something like 7 or 8 years now.
How much time do you think you spend online each day? it varies. . .depending on where i am and what i’m doing. sometimes, if i’m interested in something, i’ll spend days online nonstop. . sometimes i’ll spend days without touching a computer. on a really average day, anywhere between 4 and 12 hours ;x
What programming languages are you familiar with? i don’t really program. the only languages i’ve worked with are x86 assembler and OPL for the EPOC16 palmtop OS.
What do you spend most of your time online doing? breaking and exploring -=)
Who are your good friends online? They know who they are.

Comcast.net Hijacker Gets 4 Months

Comcast.net Hijacker Gets 4 Months
No Comments

A former member of the hacker gang Kryogeniks was sentenced to four months in prison Monday for his role in a 2008 stunt that replaced Comcast’s homepage with a shout-out to other hackers.

James Robert Black Jr., 21,was known as “Defiant” when he and two other hackers hijacked Comcast’s domain name in May of 2008 — a prank that took down the cable giant’s homepage and webmail service for more than five hours, and allegedly cost the company over $128,000.

Visitors to Comcast.net had been redirected to a simple page reading “KRYOGENIKS EBK and DEFIANT RoXed COMCAST sHouTz To VIRUS Warlock elul21 coll1er seven.”

“Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos,” Assistant United States Attorney Kathryn Warma told the court, according to a press release. “The callous disregard of the dangers posed to others, as well as the arrogance and recklessness displayed by these, and other hackers in committing such crimes should be considered by the Court as a factor that weighs in favor of a significant prison sentence.”

Secret-Spilling Sources at Risk Following Cryptome Breach

Secret-Spilling Sources at Risk Following Cryptome Breach
No Comments

Ruxpin-Vanity-Page-660x244

Secret-spilling site Cryptome was hacked over the weekend, possibly exposing the identities of whistleblowers and other confidential sources, according to a hacker who contacted Wired.com and claimed responsibility for the breach.

The hacker said two intruders from the group Kryogeniks breached the long-running site, where they gained access to a repository of secret files and correspondence. Among them, the hacker claimed, were the records of self-proclaimed WikiLeaks insiders who have been the source of several unconfirmed tips supposedly detailing internal WikiLeaks matters.

Adrian Lamo and FBI Cyber Squad computer scientist Russell Handorf

Adrian Lamo and FBI Cyber Squad computer scientist Russell Handorf
No Comments

10/18/12 Update: 2006 posting at forum - where Russell Handorf still contributes using his "grey hat hacker" handle "satanklawz" - suggests he has been working for FBI three years earlier than his resume claims; Adrian Lamo admits being "friends" with Handorf but still won't answer any real questions; Chet Uber offers to have Lamo "interview" me - Neal Rauhauser, who claims he has nothing to.....

‘Kryogeniks’ hacker sentenced for Comcast hacking

No Comments

No PII involved in this one, but since many may remember the case, I thought I’d post the follow-up. James Robert Black, Jr., a.k.a. “Defiant,” was sentenced yesterday in U.S. District Court in Tacoma to four months in prison, four months of electronic home monitoring, 150 hours of community service, three years of supervised release and $128,557 in restitution for conspiring to damage a protected.....

AOL IP Addresses

AOL IP Addresses
No Comments

IP stands for Internet Protocol address. Internet Sites and people who connect online have an IP address. An Internet Protocol address indentifies your online connection. There are two types of IP addresses: dynamic and static. Static IP addresses are alyways the same. People who do not sign on through the phone line and are alyways connected have a static IP. If you connect via a.....

AOL TOS Violations

No Comments

TOS E-mail 1 Since this letter has been sent to each of the sub-screen names on your account, you may already have read it. If so, please disregard this copy. America Online has a Terms of Service agreement which provides community guidelines for online conduct. This letter is to inform you that we received a report regarding a violation of those guidelines. In keeping with.....

AIM Clone [Read Me]

No Comments

***PUT ON WORD WRAP IF NOT ON!*** Anyway, thanks for downloading yet another annoying version of the 'cloned' AIM. This is for the new Beta AIM version 2.01.1056 with file transfer capabilities. It will allow you to run a total of five AIM clients (exe's) at once. That means five names. That means being really annoying if you want to. Ah well...I made it again.....

America Online Steps Up Spam Fight By Launching Litigation Offensive Against Spammers

No Comments

Company Sues Spammers in Series of Lawsuits Spurred by Member-Reported Junk Email
AOL Alleges Defendants Named in Lawsuits Are Responsible for Sending AOL Members One Billion Spam Emails, Resulting in Over 8 Million Member Spam Complaints

Dulles, VA – April 15, 2003 – America Online, Inc. (NYSE: AOL), as part of its ongoing, comprehensive battle against spammers, today announced a sweeping series of lawsuits against individuals and companies that it alleges have repeatedly sent members high volumes of unwanted junk emails using a variety of evasive means to circumvent AOL’s spam filters.

AOL is filing five separate lawsuits against over a dozen companies and individuals, who the Company alleges are together responsible for sending an estimated one billion spam emails to AOL members and generating over 8 million individual spam complaints from members. The latest lawsuits filed by AOL are the first to leverage the complaints received by AOL from its members who are using the popular “Report Spam” button in AOL 8.0.

The defendants named in these lawsuits are alleged to have sent a variety of offensive and unwanted spam emails including: pornography; male organ growth/enlargement products; mortgage and home refinancing offers; college degrees; steroids; cable TV descrambler products; and software products. The kinds of spammers and the type of spamming named in these lawsuits are exactly representative of what AOL members face on a daily basis.

The methods alleged to have been used by the named defendants in these cases to send spam to AOL members include many of the egregious and fraudulent methods used today by spammers, such as: falsification of email addresses; purposefully and systematically evading spam filters set up by AOL and its members; and pursuing other means of spamming members that are prohibited by AOL’s published “Unsolicited Bulk Email Policy” (see www.aol.com).

Because AOL’s proprietary email network is located in Virginia, these lawsuits were filed in the U.S. District Court for the Eastern District of Virginia in Alexandria.

KoA.bas

KoA.bas
No Comments

'Sup? This .bas was made by KoA. 'This .bas is my first .bas, KoA.bas, combined with 'Cryofade.bas. Don't give me any credit for the fader 'part. Thanks Cryo! 'You can e-mail me at: koa@programmingworld.com 'You can visit my site at: http://www.programmingworld.com 'Copyright ©1998 Programming World™
Load More