Top
Search n00bz.net
  • South Florida Security Resources
    • HackMiami.org
      HackMiami is made up of information security professionals, hardware engineers, network administrators, students, and those who simply enjoy technology.
    • South Florida ISSA
      The Information Systems Security Association is, "the pre-eminent trusted global information security community".
  • PenTest Solutions
    • Rapid7 Metasploit Express
      Metasploit Express is an affordable, easy-to-use penetration testing solution that provides full network penetration testing capabilities, backed by the world’s largest, fully tested and integrated public database of exploits.
    • Core Impact PRO
      Core Impact is designed to evaluate the whole of the security in an office ecosystem. It allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications.
Sunday
Apr182010

Lazy Phishing

DateSunday, April 18, 2010 at 9:45AM

No backstory, no secret bank account discovered. This is just you won.

Should we write back?

Microsoft Award Notification (You've won £500,000.00) send info Names,Address,Age,Phone,Via email:terrymartin@admin.in.th

Authorn00bz Network | CommentPost a Comment |
in
Saturday
Apr172010

OWASP Top 10 for 2010

DateSaturday, April 17, 2010 at 7:57PM


The Open Web Application Security Project (OWASP) is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies.

The Top 10 is a list of top 10 security risks that web developers need to be aware of such as SQL injection.

The 2010 OWASP Top 10 is being officially released on Monday, April 19.

http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Authorn00bz Network | CommentPost a Comment |
tagged in
Friday
Apr162010

SET

DateFriday, April 16, 2010 at 1:35PM

The new version of Social Engineering Toolkit is available tonight.

Remember don't open attachements or click on links in email if you don't know the person or are not expecting the email.

Authorn00bz Network | CommentPost a Comment | Reference4 References |
in ,
Tuesday
Apr132010

Virus is brought to you by Farm Town

DateTuesday, April 13, 2010 at 4:53PM

A Facebook game with more than 9 million users has been caught serving ads that try to trick viewers into installing malware.

Hundreds of users of Farm Town have reported seeing the ads, which falsely claim the user's PC is infected and can only be fixed by buying and running the anti-virus software being advertised, according to this forum. Farm Town developer SlashKey warned users to ignore the ads but failed to suspend third-party adverts, much to the anger of security experts.

"It may not be Farm Town's fault that a third-party advertising network is serving up malicious ads, but doing anything less is surely showing a careless disregard for the safety of its players," wrote Graham Cluley, a senior technology consultant at Sophos. "Until the makers of Farm Town resolve the problem of malicious adverts, my advice to its fans would be to stop playing the game and ensure that their computer is properly defended with up-to-date security software."

Rogue AV software like that advertised to Farm Town players has proved to be a bane to computer users. Such titles generate billions of dollars per year in revenue to fraudsters, while stealing credit card data and often planting backdoors on end-user's machines.

Over the years, The New York Times, MySpace, and scores of other sites have been caught serving ads that try to trick viewers into believing their machines are infected, often by displaying mock hard drive scans with a list of malicious files detected. The ads are usually the work of fly-by-night advertisers who trick advertising networks into distributing the sham banner ads.

 

http://www.theregister.co.uk/2010/04/12/farm_town_malicious_ads/

 

Authorn00bz Network | CommentPost a Comment |
tagged in
Monday
Apr122010

Clever phishing attempt

DateMonday, April 12, 2010 at 1:30PM

This content originally posted on HiR Information Report. Copyright © 1997-2010, HiR

 

My phone just rang. It was a call from +1-817-688-7853. The other end was an Interactive Voice Response script.

Me: "Hello?"

IVR: "Hello. For security purposes, your Visa debit card has been deactivated for debit and ATM use..."

First reaction on my end was "oh, great. Somewhere, someone got my details..."

I listened through the prompts and there was no option to speak to a real human. I tried "0" "*" and "#" multiple times, to no avail. It just kept playing the short prompt menu over and over again. I chose option 1, to "re-activate" my card, suspecting a ruse. On cue, it asked me for my 16-digit card number, followed by #. I entered "00#" figuring it would error out. But it asked me if that was correct. It prompted me for my expiration date (0000) and CVV code (000) as well. Then, it came back:

IVR: "Thank you. Your Visa card has been re-activated. Goodbye."

Me: "F*** you." *click*

Calling the number back got me some boilerplate error message.

Be careful out there, folks. Banks will de-activate your card if they suspect it has been compromised, but they will never give you the option to re-activate it over the phone like this, especially with an automated IVR system. Typically, they issue you a new card, sometimes with the exact same account number and expiration date, but with a different CVV code.

 

This content originally posted on HiR Information Report. Copyright © 1997-2010, HiR

Authorn00bz Network | CommentPost a Comment |
tagged in
Page 1 ... 46 47 48 49 50 ... 54 Next 5 Entries »