Have you ever receive an email that told you that you won a lottery or any grand prizes of a lucky draw, but you have never been participating in any lucky draws or buy lottery? Beware, this may be a phising scheme.
To protect yourself againts them, there are several things you need to do.
First, Never ever give your personal information to anyone or any website, even if they claim that they are from your paypal, gmail or what ever.
Create a secondary email account, and use it as a subscriber email account for a new site that you are visiting.
Continue reading »
Hello list,
A small contribution to the current “hacking the intranet with
JavaScript” meme (also posted to my blog at
http://shampoo.antville.org/stories/1451301/).
== Introduction =
J. Grossman, RSnake, SPI Dynamics, pdp and others have demonstrated
lately that it is possible for a malicious JavaScript
a) to obtain the (internal) IP address of the hosting web browser,
b) to portscan the lan to locate intranet http servers,
c) to fingerprint these http servers using well known URLs
d) and (sometimes) to exploiting them via CSRF.
During my research on that topic I discovered, that with some Continue reading »
tweaking, it is also possible for the script to obtain read access,
allowing the leakage of internal information and more precise
fingerprinting.
Some of you may have heard about Experts Exchange.
Their website appears a lot of times when I’m searching for stuff with Google.
They have a very large collection of answered technical questions.
I used to find those answers very useful in my work. This used to work until a few weeks/months ago.
Lately, when you want are going to their website you will find the answers censored, something like this:
Continue reading »
If you want to see the clear text answers you need to register to their website and pay a monthly fee.
Actually, it’s not exactly like that 
Recent Comments