Hackers vs. gray matter

[crabby3]

Hackers or the ones that use the stolen info seem to lack the basics when using what they have.

i.e. This Postal Notification I got today from FedEx...   


Ever since the Avast Forum was hacked I've been getting some really comical stuff.   

[Stoic Joker]

Right, because even though the shipping company couldn't find your house...they magically managed to find your Email address ... Not!

Even money says the "label" is a Trojan.

[crabby3]

Even money says the "label" is a Trojan.

-Stoic Joker (September 06, 2014, 10:27 PM)

Seems like way too much trouble, making a Trojan email, just to infect someone.      Weren't the first viruses sent via email?

Don't most folks have spam/virus filters?  Pretty weak scheme.  I'm disappointed. 

[4wd]

I would have thought that if you click on the "Get Shipment Label" you'd more than likely confirm your email address as a potential spam recipient as well as get taken to a site that possibly adds all kinds of tracking cookies and whatnot.

I've been getting these for months, yet another reason why any email that contains HTML goes straight to the bin.

[MilesAhead]

Hmmm, the one that annoyed me was the old "Your IP Address is xxx.xxx.xxx.xxx" in a forum sig graphic.  Some forums when I complained they didn't even understand why I objected to the guy with the sig having my IP.  It's weird when you have to explain why they should not allow the graphical sig to be hosted on a 3rd party site that isn't one of the known image hosting ones.

[crabby3]

I've been getting these for months, yet another reason why any email that contains HTML goes straight to the bin.

-4wd (September 07, 2014, 10:37 AM)

I suppose you have an idea of how your info was compromised.

But... I don't understand the hacking concept.  Sure... they get email addresses and passwords but... then what?

Bogus emails aren't gonna work. 

Maybe just making a name for themselves in the Hacking Community is enough?  Bragging rights?  Whoopee...   

[crabby3]

Hmmm, the one that annoyed me was the old "Your IP Address is xxx.xxx.xxx.xxx" in a forum sig graphic.  Some forums when I complained they didn't even understand why I objected to the guy with the sig having my IP.  It's weird when you have to explain why they should not allow the graphical sig to be hosted on a 3rd party site that isn't one of the known image hosting ones.

-MilesAhead (September 07, 2014, 01:33 PM)

Your reply reminds me of the early days of computer generated shopping receipts.  Listing your entire Credit Card number.

Not being a litterbug saved my bacon...   

[MilesAhead]

Hmmm, the one that annoyed me was the old "Your IP Address is xxx.xxx.xxx.xxx" in a forum sig graphic.  Some forums when I complained they didn't even understand why I objected to the guy with the sig having my IP.  It's weird when you have to explain why they should not allow the graphical sig to be hosted on a 3rd party site that isn't one of the known image hosting ones.

-MilesAhead (September 07, 2014, 01:33 PM)

Your reply reminds me of the early days of computer generated shopping receipts.  Listing your entire Credit Card number.

Not being a litterbug saved my bacon...  

-crabby3 (September 08, 2014, 08:43 AM)

Heh.  I worked at gas stations back in the day of the manual roller that printed the credit card number using carbon paper.  (Probably some readers looking in Wiki to find out what carbon paper is.  Maybe it has to do with archeology?)  

[crabby3]

Hmmm, the one that annoyed me was the old "Your IP Address is xxx.xxx.xxx.xxx" in a forum sig graphic.  Some forums when I complained they didn't even understand why I objected to the guy with the sig having my IP.  It's weird when you have to explain why they should not allow the graphical sig to be hosted on a 3rd party site that isn't one of the known image hosting ones.

-MilesAhead (September 07, 2014, 01:33 PM)

Your reply reminds me of the early days of computer generated shopping receipts.  Listing your entire Credit Card number.

Not being a litterbug saved my bacon...   

-crabby3 (September 08, 2014, 08:43 AM)

Heh.  I worked at gas stations back in the day of the manual roller that printed the credit card number using carbon paper.  (Probably some readers looking in Wiki to find out what carbon paper is.  Maybe it has to do with archeology?) 

-MilesAhead (September 08, 2014, 10:23 AM)

I recall those gas station-carbon paper days as well... when unleaded was called white gas.

FWIW  Office Depot still sells *typewriter carbon paper* http://www.officedep...arbon-Paper-Black-8/ along with Wite-Out.    Some things never die.

[Stoic Joker]

Even money says the "label" is a Trojan.

-Stoic Joker (September 06, 2014, 10:27 PM)

Seems like way too much trouble, making a Trojan email, just to infect someone.      Weren't the first viruses sent via email?

Don't most folks have spam/virus filters?  Pretty weak scheme.  I'm disappointed. 

-crabby3 (September 07, 2014, 10:21 AM)

Quite to the contrary, this technique - which is a variant on hacking the user - cleanly circumvents all of the security software on the users machine by peaking their curiosity to the point where they simply just shut it off.

You see the modern operating systems and software have become secure enough that direct attacks are too costly (in time) to perform in bulk. You can't just attach a naughty file and have it guarantee-ably go boom when it hits someone's inbox ... So other methods have to be used. These methods focus on the weakest link in the chain, and the weakest link is the user.

Banks, mortgage companies, tax records, shipments, money transfers ... These are all common hot topic items that are likely to cause someone to rush through resolving a seemingly really important "problem". However if the resolution actually just leaves you filling out a fake form, that then makes a fake problem go away ... The fact that you just gave all of your personal information to some hacking group in a foreign country will most likely go completely unnoticed until one of your - hundred or so - alter ego's defaults on a loan...

Many of these type of soft target attacks also leave you with a bonus key logger (and etc...) as a totally free "parting gift" to see what else you might be inclined to share.

You see the whole point of the exercise is to be obvious as hell so people get cocky and say "Ha! that was stupid" ...Because that way their confidence will ultimately work against them when the one that isn't quite so obvious (because you really were waiting on an X...) shows up and bites them in the ass.



Security is a practice that must be adhered to at all times ... It is not something you install and then blindly trust to just work.

[wraith808]

Security is a practice that must be adhered to at all times ... It is not something you install and then blindly trust to just work.

-Stoic Joker (September 08, 2014, 11:50 AM)

+1000!

[MilesAhead]

Banks, mortgage companies, tax records, shipments, money transfers ... These are all common hot topic items that are likely to cause someone to rush through resolving a seemingly really important "problem".

If you use a web based email account it can be useful to have an additional "dummy" account.  When you get some notice that some online account needs to be verified/updated it may hit a nerve.  But if you switch to the dummy account and check your mail it makes it more obvious it's a "fishing expedition" (as President Nixon used to bitch about frequently) since the dummy has no account at xyzcorp etc..

[SeraphimLabs]

Hmmm, the one that annoyed me was the old "Your IP Address is xxx.xxx.xxx.xxx" in a forum sig graphic.  Some forums when I complained they didn't even understand why I objected to the guy with the sig having my IP.  It's weird when you have to explain why they should not allow the graphical sig to be hosted on a 3rd party site that isn't one of the known image hosting ones.

-MilesAhead (September 07, 2014, 01:33 PM)

Its like 10 lines of code to do this, this particular one is actually powered by my own server if you want to play with it on your devices. The server has to know an IP to send information back to, and that information is available to scripts running on that server if you know what variables it is kept in.

One of those where the paranoid will get jumpy on seeing how easily that information is made visible, but in practice its trivial to get and of trivial usefulness outside of possibly tracking who is accessing what.

Though it is worth noting, the script that makes this work will not operate correctly on one of the standard image hosting services. It is in fact a PHP script that forces its output header type to be a png image, which allows the PHP script to execute and generate a png image. The filename of that image is in fact a folder on my server, and the actual code is contained in the index.php of said folder.



These days most 'hacking' going on is done by either phishing or SQL injection type exploits to retrieve poorly stored username/password combinations. Actual 'hard' hacking using exploits that are not easily blocked or are even completely unknown is done too in some situations, but nowhere near as often as there are people getting their accounts broken into.

SQL injection in particular is rather commonplace. All it takes is one unsanitized data input to do a lot of damage to a database system, ranging from account theft to completely erasing a database. If this happens, they will with certainty obtain username/email mappings, but any passwords that are stored unsalted will be compromised.

[MilesAhead]

The server has to know an IP to send information back to, and that information is available to scripts running on that server if you know what variables it is kept in.

I know how it works.  The point is forums should not allow diversion of this information to 3rd party servers willy nilly.  I think I remember a few members being kicked off forums since they refused to abandon such sig image tricks.

I compare it to the single pixel image trick in html emails.  Now the email sender knows the IP of your machine rather than that of your pop3 server.