Andreas Baumhof » phishing http://www.tidos-group.com/blog malware research, IT Security and life in general :-) Mon, 16 Nov 2020 18:25:55 +0000 en-US hourly 1 https://wordpress.org/?v=3.9.40 Protection vs Censorship http://www.tidos-group.com/blog/2013/09/27/protection-vs-censorship/ http://www.tidos-group.com/blog/2013/09/27/protection-vs-censorship/#comments Fri, 27 Sep 2013 17:26:04 +0000 http://www.tidos-group.com/blog/?p=502 The title might sound a bit harsh, but with all these “good” people trying to protect you, where is the line between protection and censorship?

Byron Acohido (@byronacohido) just posted this tweet

tweetI personally hate these short URLs, but I thought this sounds interesting. The reason I hate these short URLs is that you don’t know where they take you (this one takes you from bit.ly/1eUu9e2 to t.co/yzm89jFvxS ;-) In this case it leads you to this:

pic1Wow… That’s what I preach almost daily… Watch out what you click on!!! And now I have to be saved by twitter??? Let’s have a look what this page really is all about:

pic2I can confirm that this is neither a “web forgery” or a “phishing site”. It’s also not a “site that downloads malicious software onto your computer”, nor is it a “spam site that requests personal information”. There is no iframe, not even javascript on this page. Only a couple of external references (e.g. youtube)..

Now I don’t care too much about whether TouchID has been hacked yet, but this almost crosses the line for me where twitter’s security team has been a bit too “motivated” to block content that is definitely not malicious.

What’s next? What other pages will be blocked in the name of security?

]]> http://www.tidos-group.com/blog/2013/09/27/protection-vs-censorship/feed/ 0 Search Engine Poisoning (malicious ad) http://www.tidos-group.com/blog/2013/09/19/search-engine-poisoning-malicious-ad/ http://www.tidos-group.com/blog/2013/09/19/search-engine-poisoning-malicious-ad/#comments Thu, 19 Sep 2013 06:44:08 +0000 http://www.tidos-group.com/blog/?p=487 A very valid question that comes up all the time is “how do people get infected with malware” or “how do people lost personal information?” and there are so many ways that people are blown away by some of the examples I show them.

Today I came across one nice one again… Malicious Ad’s or Search Engine Poisoning… I used coinbase for some bitcoin activities and I wanted to transfer some bitcoins. So I typed in “bitcoin” into google and this is what came up coinbase1

So far so good and everything looks great. I now just click on the first link as this is an ad where someone pays Google money and Google not being evil, must mean that this is good, right? wrong.

All visual signs suggest that this is legitimate and the URL goes to google.com, but that should be ok as well, right? A look at the source reveals that this goes to google before it goes to one URL shortener to another URL shortener and then to the final destination!)

coinbase5

 

after the first URL shortener, we’ll see this!coinbase2

oops…

Luckily it was already known that this site is up to no good, as this server did hold a number of “nice” phishing pages designed to steal your bitcoin wallet information. With the current price of over 120 USD for one bit coin, that could be a very lucrative business

Some examples are:

coinbase3 coinbase4

 

Approximately 1h after notifying google, the malicious ad was gone, but please make sure you double-check where you click on.

 

]]> http://www.tidos-group.com/blog/2013/09/19/search-engine-poisoning-malicious-ad/feed/ 0