Monthly Archives: September 2014

I am phished!

11 September 2014

During my vacation I got some well made phishing mails. Since an iPad is not the best device for analyzing phishing mails I filed them for further processing at home.

Hotmail Phishing Mail

Hotmail Phishing Mail

It is obvious that this is a phishing email:

  1. The Hotmail Team would never use an email address like someone@fastmail.fm to communicate with customers.
  2. The support team would never notify 113 recipients with a single mail due to privacy reasons.

Normally I drop such mails immediately but sometimes I do some further analysis to keep awareness high.

Thus I clicked the URL and got a very puzzling dialog box in Internet Explorer:

Verify Your Account Dialog

Verify Your Account Dialog

This dialog tells us that phishing will start soon! By now, it should be clear that something is wrong because Outlook will never display a message like this.

Finally, a faked Outlook login page is displayed:

Outlook Login Phishing Site

Outlook Login Phishing Site

Again, it is obvious that this is really well made fake:

  1. The site address is not Outlook.com.
  2. Site access is not secured. The http protocol is used instead of the https protocol.
  3. A Validate button is displayed instead of a Sign in button.

It is this Validate button that sends your login credentials to the phishing site:

form name=”f1″ action=”http://johnbomb.altervista.org/fi.php” method=”POST” novalidate …

For more details activate menu ‘Developer Tools’ or hit ‘F12’ and use the Inspect function from the context menu.

What do we learn from this?

Phishing mails and sites are easy to recognize. Just be aware of the danger!

Greetings from Delfzijl, The Netherlands

4 August 2014
Pino Tandem

Pino Tandem

We are on a cycling trip through North Germany and the Netherlands.

Most of the time we use well marked long-distance cycling trails, very often along local roads. In particular in The Netherlands these routes are easy to ride.

But when we enter into towns it becomes chaotic. To avoid well-paved bike trails or sometimes short road sections without bike trails along frequently used roads, the route designers guide us across the city, which results very often in long deviations.

But this detours are in general not safer because we have to cross lots of junctions and driveways. In addition, this secondary roads are frequently used by the townsfolk.

If route designers would be familiar with the concept of attack surfaces they would never design cycling trails this way.

It is time that we start transferring concepts developed in computer science to other disciplines like roadway design or urban development to make the world a safer place.

Delfzijl, The Netherlands

Delfzijl, The Netherlands