White HatCategory

Airport Security hole

http://www.washingtonpost.com/national/experts-warn-about-security-flaws-in-airline-boarding-passes/2012/10/23/ed408c80-1d3c-11e2-b647-bb1668e64058_story.html The last time we flew home, I got the “random selection” to be extra screened which was very annoying. It started when I went through the security theatre, the agent pointed out that I had a “DDD” printed on my boarding card, which means that I was subjected to additional security checks. This required… Continue Reading Airport Security hole

Why you should always know your email address

Mis-addressed emails is a common occurrence, particularly with one of my first accounts. On any given day I receive two or three emails intended for someone else. Most commonly, I receive welcome emails from mailing lists. But once in a while I get something more interesting. This one, at first glance, seemed like all the… Continue Reading Why you should always know your email address

Using google to track phishing attacks

I received a message from (not) my bank “Bank of America” about some recent account activity in (not) my account. The link leads here: http://nycompsonline.com/_vti_logs/_vti_logs/onlineest/onlineest/bankofamerica/onlinebankingsitekey/ which lead me to this search, which reveals all sites compromised by this toolkit: http://www.google.ca/search?q=%22Please+complete+all+of+the+information%22+%22(it+is+the+last+3+or+4+digits+AFTER+the+credit+card+number+in+the+signature+area+of+the+card+)%22&hl=en&client=firefox-a&rls=org.mozilla:en-GB:official&hs=i43&filter=0

Telnet to https

This nifty little trick allows you to manually enter http requests over https: openssl s_client -connect www.pcfinancial.ca:443 -state This command takes place of telnet “www.google.ca 80” in that openssl negotiates all the key junk for you, and allow you to hack test https webservers.