Beware of Phishing Attacks

Dismas · 04-21-2016, 12:52 AM

(04-21-2016, 12:23 AM)Shadow.walker Wrote: I've didn't get it! ..isn't this attack progressed by someone who is already at your own wife Network or maybe your own ISP which trying to Sniff/inject Your Browser Cookies with old Fake phishing kiddy script!?
I just didn't get what's this had to do with us or sinister site!!?...it's all progressed by your own network if you have seen this script running!.

I'd just like to confirm that this person has no clue what they are talking about.

(04-20-2016, 11:45 PM)MLP Wrote: He is basically saying that by using a HTPASSWD (http://www.colostate.edu/~ric/htpass.html)
the guy was able to lock down his image with a valid .png so therefore it bypassed the image filters,
But due to the bypass working he could throw a custom message in attempt to gain failed HTACCESS attempts storing user creds,
Its quit a smart attack actually but poorly managed and I assume not very organised by not even using a domain.

Basically.

Wildfire · 04-21-2016, 01:52 AM

(04-21-2016, 12:23 AM)Shadow.walker Wrote: I've didn't get it! ..isn't this attack progressed by someone who is already at your own wife Network or maybe your own ISP which trying to Sniff/inject Your Browser Cookies with old Fake phishing kiddy script!?
I just didn't get what's this had to do with us or sinister site!!?...it's all progressed by your own network if you have seen this script running!.

No... It's not any vulnerability, or any intrusion at all. Someone just password protected an image and added it to their signature, prompting a popup box by your browser. Simple.

(04-21-2016, 12:16 AM)PLX-2M Wrote: ...or run NoScript plugin

NoScript would not have prevented an htpasswd dialog from appearing. Nice try, though :p

PLX-2M · 04-21-2016, 02:54 AM

(04-21-2016, 01:52 AM)Axarious Wrote: NoScript would not have prevented an htpasswd dialog from appearing. Nice try, though :p

Ah, I thought maybe it was an XSS that someone embedded.

mothered · 04-21-2016, 02:25 PM

(04-20-2016, 11:16 PM)Oni Wrote: But yeah, don't be a dumbass and enter your info.

Exactly this.

It doesn't seem authentic by any means (you're still logged In when the popup executes) but that said, any users who are not security-minded, can easily fall victim.
Thanks for the heads up @"Skullmeat".

Skullmeat · 04-21-2016, 03:45 PM

Oni and I found the user in question, (No I won't name drop) but I'm more concerned if it was just someone being dishonest, or someone targeting SL in particular.

Wildfire · 04-21-2016, 03:54 PM

(04-21-2016, 02:25 PM)mothered Wrote: Exactly this.

It doesn't seem authentic by any means (you're still logged In when the popup executes) but that said, any users who are not security-minded, can easily fall victim.
Thanks for the heads up @"Skullmeat".

It would be a big shame if a security-minded forum had lots of users fall victim to such a simple attack though... especially when it says "The page at h__p://77.81.xxx.xxx says..."

The amount of warning flags and shit you'd have to ignore is just really high.

Skullmeat · 04-21-2016, 11:54 PM

(04-21-2016, 12:52 AM)Oni Wrote: I'd just like to confirm that this person has no clue what they are talking about.

This... the ignorance, I even explained it.

mothered · 04-22-2016, 04:44 AM

(04-21-2016, 03:54 PM)Axarious Wrote: It would be a big shame if a security-minded forum had lots of users fall victim to such a simple attack though... especially when it says "The page at h__p://77.81.xxx.xxx says..."

The amount of warning flags and shit you'd have to ignore is just really high.

Precisely, I definitely agree.

Apart from stating the obvious (like both you and I have done), attacks of this nature should easily be Identified.

Beware of Phishing Attacks
Author Message