Archive for the 'Uncategorized' Category

Thursday, March 6th, 2008

IE 8 Beta is Out!

The IE8 Beta is out.  You can grab beta 1 here.  I’m not going to comment on my thoughts on IE8 as I’m biased, but I’ve been playing around with some of the features and it’s actually pretty cool.  

    

Probably one of the most interesting/most talked about features is the webslices and activities.  It’s a little difficult to explain, but I think the video here does a pretty good job.

    

Happy Hunting!

Posted by xssniper | Filed in Uncategorized | 1 Comment »

 

Monday, January 28th, 2008

Bad Sushi: Beating Phishers at their own Game

A colleague (Nitesh Dhanjani) and I were recently accepted to speak at Black Hat Federal in Washington DC.  What basically started as a few laughs over a phishing site, eventually turned into months of serious investigation into the entire ecosystem that supports the phishing effort. 

   
Nitesh and I basically infiltrated a few phishing forums, tracking a phisher from compromised webservers, to phishing forums, to carderz sites.  We managed to get a hold of about 100 different phishing kits, various tools used by phishers, and gained some insight as to how phishers do their business.  I was STAGGERED by the amount of PII (full names, DOBs, credit card numbers, SSNs, addresses, phone numbers…) that is placed on public web servers by phishers, hidden only by obscurity.  Once this obscurity is broken, even a simple query in a search engine will reveal a significant amount of stolen identity related information including names, credit card numbers, SSN, DOBs…

   
I was also FLOORED by the number of phishing and credit card fraud related forums.

     

carderz.jpg

   

Nitesh and I basically stopped our research because the number of sites and the staggering amount of exposed PII was simply too much.  There literally is an entire ecosystem devoted to supporting the phishing effort that plagues modern day financial institutions, one that simply cannot be viewed by two Security Researchers alone.  If you’re in the DC area, stop by for Black Hat and we’ll show you some of the things we saw.  We give a brief description of some of the things we saw during an interview for Help Net Security.  For those of you who are curious, due to the ENORMOUS amount of PII we came across, we’ve contacted the FBI and we’ll be sharing some things with them that WILL NOT be in the talk or any interviews!
  

Posted by xssniper | Filed in Uncategorized | 13 Comments »

 

Monday, November 26th, 2007

Turkey, Beer, Football, and a new MacBook

Hello and Happy Thanksgiving!

  

Hopefully your holiday was as good as mine. This year I was fortunate enough to get an early Christmas present in the form of a new MacBook to continue our research. I’m happy to say that URI issues do exist on Mac’s! More importantly I’m really close to releasing DUH4Mac. It’d be done by now, but a deadly combination of turkey, beer, and great football games all weekend have slowed my progress and nearly put me into a coma.

  

Also, for those who haven’t read it yet, Billy and I were asked to write a guest editorial for Ryan Naraine’s Zero Day Blog. Go read it if you get a chance! I’d like to thank Ryan for supporting and publicizing our research and asking Billy and I to pull together a guest editorial for his site, it was a huge honor.

Posted by xssniper | Filed in Uncategorized | Comment now »

 
« Previous Page | Next Page »

free themes for a free world by tequilo.de and wp.org