Archive | July, 2008

Google Calendar a New Target for Phishing

Outsmart Malicious Hackers

It seems like the Phishing crews at trying to get some new ideas on how to con people into giving away their credentials and leaking info.

The latest target appears to be Google Calendar.

As always be on your guard as these scams are coming from all directions.

A few months ago, spam came to Google Calendar. Now phishing has arrived.

Intrepid Google watcher Philipp Lenssen wrote late last week about being the target of a phishing attempt via Google Calendar.

He received an e-mail to his Gmail account with a reference to a legitimate event from his calendar. The sender was listed as “customer care,” and it asked him to verify his account by supplying his username and password.

It seems to the same old style as normal e-mail phishing but utilising the Google Calendar interface. It comes bundled with the usual spelling and grammatical errors that plague phishing e-mails.

I wonder how many people are falling for this one? If generic phishing ploys are anything to go by…it will be quite a lot.

On May 28, a Google Talk Guide addressed the issue in a Google Groups thread, urging users to click the “Report Phishing” link if they receive suspicious e-mails and not to click on links within the e-mails or open attachments.

Late on Monday, a Google representative e-mailed this statement: “Spam is an issue for all Internet users, and we work very hard to fight it. Using Google Calendar, or any Google product, to send spam is a violation of our product policies. We are actively identifying Calendar accounts that send spam and disabling them.”

Perhaps drop a note to any non-tech friends using Google Calendar just to warn them that this is happening.

You might save someone a lot of trouble.

Source: Cnet (Thanks to Navin)

Posted in: Privacy, Social Engineering, Spammers & Scammers

Tags: , , , , , , ,

Posted in: Privacy, Social Engineering, Spammers & Scammers | Add a Comment
Recent in Privacy:
- snitch – Information Gathering Tool Via Dorks
- credmap – The Credential Mapper
- OneLogin Hack – Encrypted Data Compromised

Related Posts:

Most Read in Privacy:
- Browse Anonymously at Work or School – Bypass Firewall & Proxy - 181,152 views
- Hacking Still Can’t Outdo Stupidity for Data Leaks - 125,543 views
- Anonymous Connections Over the Internet – Using Socks Chains Proxy Proxies - 123,371 views

PAW/PAWS – Python Advanced Wardialing System

Keep on Guard!

Now this is an oldskool topic, wardialling! Some people still ask me about wardialling tools though, so here’s one I found recently written in Python.

PAW / PAWS is a wardialing software in python. It is designed to scan for ISDN (PAWS only) and “modern” analog modems (running at 9.6kbit/s or higher). Wardialing tools are – despite their martialic naming – used to find nonauthorized modems so one can disable those and as result make access to the internal network harder.

For PAW list all numbers you want to be dialed into the (text) file “dial.lst”, one in each line – numbers only, no spaces, plus signs, dashes or slashes please.

For PAWS the numbers are accompanied by the ISDN modes to be tested in the (text) file “dial.lst” in the exact format you find in the example file (you can delete individual ISDN types, though), one in each line – numbers only, no spaces, plus signs, dashes or slashes please. A syntax check of any kind is effectively non-existant, so be careful.

Make sure the device your modem is attached to is set correctly in in the variable “tty” at the top of the file.

Then simply call “./” or “./” and watch – a verbatim full log will be written into paw_dialing.log where CR, LF and TAB will be translated into readable equivalents. For PAW an additional summary will be written as CSV file in paw_dialing.csv

You can download PAW/PAWS here:

paw.tar.gz (analog wardialer only)

paws.tar.gz (ISDN & analog wardialing)

Or read more here.

Posted in: Hacking Tools, Hardware Hacking, Network Hacking

Tags: , , , , , , , ,

Posted in: Hacking Tools, Hardware Hacking, Network Hacking | Add a Comment
Recent in Hacking Tools:
- Bluto – DNS Recon, Zone Transfer & Brute Forcer
- dork-cli – Command-line Google Dork Tool
- T50 – The Fastest Mixed Packet Injector Tool

Related Posts:

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 2,024,632 views
- Brutus Password Cracker – Download AET2 - 1,610,628 views
- wwwhack 1.9 – Download Web Hacking Tool - 707,843 views