Thursday, April 1, 2010

Who is the Real Facebook Admin !?


Hi everyone, the Hawaiian Chicken & Gilled Salmon and at Penang Hardrock Cafe are disasters.

Anyway, today we'll talk a little bit about the email from Facebook Administrator. First, I would like to thank Li Ling for bringing this up.

As the Facebook users, we are receiving a lot of notifications from Facebook to your mailbox. These are including the 'message replies', 'your friends tagged you', 'game notifications'', etc... So you have your fun with your friends, owning the mailbox to keep track of every new reply and update, blah blah blah...

Real Case Scenario:

One day...you received a email from the Facebook Team.

And the message is:

Now, if you're a naive user with the brain of a 12 y.o, you might be redirected to malicious site, phishing site or even accidentally download the malicious scripts to your computer just by clicking 'Here'. Before we proceed any action, we have to make sure that the sender is the exact sender.

How do I know the real Facebook administrator?

As long as you're the email user, you're always given the features to check the origins of the email. Here's the example for the Gmail user:

1) Click on the drop-down box beside the 'Reply' button, choose on the option 'Show Original".

2) A new page will be open and you'll be seeing this:

3) In the original message, check for the "Return-Path" and "Received", you'll noticed it's from a mail server
 which is hosted by Pakistan~!!!! It even show you the server IP: 67.159.60.54.
4) Therefore, you're now able to identify which is the real message sent by Facebook Team :-)
 
I'm the Hotmail user, am I able to do so?



Yes honey, you are able to perform the similar checking. 


1) Right click on the selected email, and click "View Message Source".


2) You'll be redirected to a opened new page, check for "Receive"
3) And you'll see it's another phishing mail from a China mail server: mail.haicheiung.com

Final Reminder
Facebook is a fun social network, however it's so popular that the hackers always come out with a lot of creative ideas just to compromised your account, steal your account credentials or even exploit them. Therefore, when you're enjoying all the fun with your friends, keep your mind sharp as well.

Wednesday, March 24, 2010

Weakspot in the Company Servers


Before we get started, let me conceptualize the following:
There are always 2 distinguish types of people in your company: Management or Technical

Ok, now let us proceed to the next thing, the network architecture.



For example, this is the network architecture for a company:


















As you can see, the network environment is divided into the internal network for the company, the external network for their clients and the De-militarize Zone (DMZ). The DMZ are usually protected by a lots of firewalls and Intrusion Detection System (IDS) . Let's say the interaction between the clients to proxy server and to application server are using the SSL 2 and TTLS (Oh yeah, it's a standard secured and properly tunneled system), and everything seems so secure, as the Technical told to the Management :) Management would definitely satisfied, as it's all covered up by the expected budget.



Now here's a thing, most of the companies, does NOT have the secured internal network. Especially when the application servers are interacting to other servers, are not encrypted. The data (eg. username and password) are transmitted in clear plain-text. It's because the server to server encryptions and secured communications required additional financial and human resource, thus increases the project budget and eventually leads to a bad project.



From the management P.O.V, it's unnecessary and can be labelled as the managed risk. Yes, they don't believe in James Bond :-) Now, if you refer back to the network architecture, you'll notice that there's an Lightweight Directory Access Protocal (LDAP) server. Now you might think, all the usernames and passwords are nicely encrypted, and you're right~!!! It's ONLY nicely encrypted when the LDAP server response to the Application server, but when the Application server response to the LDAP server, usually and mostly it's NOT even encrypted. In fact, poorly configured Web Application server will also triggered the LDAP server to dump a lot of sensitive data back to the Web App server in plain text. With a simple sniffer and with the condition you're taping to the selected web app server, your job can be done easily :-) (You're Micheal Western ^^)

Therefore, next time when you're looking for a leak, this might be one of the possible weakspots.

Monday, March 15, 2010

Is Your Email being Watched?


Most of the time, we as the email service users are worried if the emails are being read by someone else. When the email itself contains the confidential data or attached documentations, we might start wondering if there's other more secured email service provider available.


General Facts:
Yes, it's possible that your emails can be read by system administrator at the company which is hosting your email.

Odd of occurrence:
Nearly impossible. Apparently the emails are routed on the servers which are owned by many government and private sector organizations. The numbers can be thousands or more. Let's say if a system administrator would like to capture a particular email and read it. Consider more than 2 million emails are sent every second, and thousands of paths available for email to move through randomly, it could be difficult and unpredictable.

What if someone hit the Jackpot:
Yes, no matter how low the chances, there's always 0.000000001% (amazing or wonderful occurrence) a.k.a Miracle.


Here's the good practices:
If you're sending highly confidential data via emails, make sure your attachments are encrypted. So does your message bodies. And try not to be explicit on your email title, as long as the sender and the receiver understand each other.
If it's for the company or bank or government, the best practice is to use their provided online email or forms. It's because the message is encrypted between your machine and their server through the internet (Make sure it's a https://)

Everyone keep on saying encryption, how to do that:
Please visit the following link: http://www.truecrypt.org/

It is a free encryption software, and certainly reliable (So far). You can perform self-encryption and only the receiver that has the your password is able to decrypt the encrypted documents.











Last Word

Be extremely cautious in the cyber world, things might get really HOT if you lost your focus.
 

Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com Free Blogger Templates: BIG THANKS FROM SPICY VIRUS