Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: Testing the user community
.

  • To: "Nicolás F. Iglesias" <[EMAIL PROTECTED]>
  • Subject: Re: Testing the user community
  • From: "Lee Lawson" <[EMAIL PROTECTED]>
  • Date: Fri, 2 Feb 2007 09:43:20 +0000
  • Cc: [EMAIL PROTECTED]
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
.
 
Have you just admitted to committing a crime?  I don't see how you
could have obtained prior written permission from all of Dr X's
contacts before you started the 'test'.

I don't think anyone on the mailing list would condone that sort of
action.  Please stay legal  or you will ruin it for the rest of us!





On 2/2/07, Nicolás F.  Iglesias <[EMAIL PROTECTED]> wrote:

Once, i did a personalized phisymail from a personal PC, catched through
Netbios. The intrusion was as follow:

- I found a Winbox on internet, from Dr. X (i don't remember his real name).
He has the netbios opened, so it was easy to broke his lan.
- I learned, from DOCs, LOGs, websites visited and all data i found on his
HD, who was and what kind of person he was.
- I wrote an email, using a language according to his "personality"
(university phd and so on...) and i "invited" his contacts to test a
financial software (he and his contacts, all working on economy and
finances).
- The fake soft has a keylogger on it. The logs was sent to my free
emailaddress.
- In a few days, i was able to see all data from his friends and very
interesting people (one working at my country's defense agency as an IT
consultant), bank accounts, credit cards,etc. But it just was a nice
experience and i didn't stole a penny.

What i'm trying to expose is that, on phishing, you have to develop social
engineering.

NiCo


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------





--
Lee J Lawson
[EMAIL PROTECTED]
[EMAIL PROTECTED]

"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."

"Quidquid latine dictum sit, altum sonatur."

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.