State of ART Phishing Attack Stealing 50K Credit Cards Revealed

“State of ART Phishing Attack Stealing 50K Credit Cards Revealed”

Incident 50K Credit Cards

(This is real incident with real samples and real data)
As usually we detect a clone using the referrer logs. The client is a it’s a very profitable target for the attackers because of the online transactions. The clone was created using the original content from the original web site with live links to the real page, which is target for phishing attack. In this kind of attacks using referrer, it’s easy to detect just analyzing a web server logs.

Continue reading “State of ART Phishing Attack Stealing 50K Credit Cards Revealed”

Advertisements

HeartBleed luck or hack?

Yesterday i decided to test the “HeartBleed”  attack against my personal web page hosted on shared host. I grab the POC script from https://github.com/musalbas/heartbleed-masstest/blob/master/ssltest.py and started to play. After a 10-15 tries i got the BINGO the COOKIE of a web site hosted on same web server. The web site is famous online news portal and the COOKIE is from the administrator. So i was lucky because you can try for a lot of time and you will not receive a confidential data.

Screen Shot of the retrieved data containing the confidential information.

Screen Shot 2014-04-10 at 23.41.50

Here is the whole COOKIE retrieved them the web server affected with HeartBleed flaw.

Screen Shot 2014-04-10 at 23.46.01

 

So with a luck and simple script you can retrieve a sensitive data needed to perform illegal hacks.

Source : http://heartbleed.com

 

Create a free website or blog at WordPress.com.

Up ↑