Mobile Web 2.0: Discover the future of mobile applications
Add Mobile Web 2.0 to any feed reader

Tuesday, July 25, 2006

Question of the day

Nokia 6280Why would you ever put "Delete" as the first option for installed Java applications on a phone?

I just had the opportunity to play with a Nokia 6280 the other day. The only thing that really surprised me was the fact that "Delete" was the first option for installed Java applications. Why would Nokia do that? Was I just using a phone with a crappy firmware? I really hope so...

Wednesday, July 19, 2006

PayPal Phishing

You thought phishing attacks were losing ground? Not at all! I've just received a phishing message, so I thought I'd check it out.


  1. The message pointed me to the following URL (I intentionally split it here):

    http://rds.yahoo.com/_ylt=A0LaSV66fNtDg.kAUoJXNyoA;
    _ylu=X3oDMTE2ZHVuZ3E3BGNvbG8DdwRsA1dTMQRwb3MDMw
    RzZWMDc3IEdnRpZANGNjU1Xzc1/SIG=148vsd1jp/EXP=113854
    4186/**http%3a//r-h-enterprises.com/.confirm/index.
    php?MfcISAPICommand=SignInFPP

    So much for trusting Yahoo, this looks like an open redirect.

  2. The landing page looks like a "standard" phishing page, imitating Paypal pages by including logos and links. A bit of background check (whois) on r-h-enterprises.com shows nothing suspicious, so the server was probably hacked and a hacker installed the phishing scripts.

  3. And now for the funny part... you can get a listing of the /.confirm directory on the site (there's no index file), and thus you can easily gain access to the "bag of phish" containing email addresses, passwords (are they the passwords for the email accounts? or for paypal? who knows...), and of course card numbers, pins, cvv codes, and the rest of the goodies. The card list is here: (again, a space was added)

    http://r-h-enterprises.com/.con firm/cards.txt

    So the phisher didn't bother to keep it private, they shared it to the entire world.

Conclusions:


  • NEVER enter your card number, PIN, or other sensitive information on any non-SSL enabled site. ALWAYS check the "lock" icon to make sure the SSL certificate is valid.

  • ALWAYS check the URL in the address bar to make sure you are visiting the right website.

  • ALWAYS use Firefox for browsing the web. It is less vulnerable to address bar hijacking attacks, and shows the address on a yellow background whenever you are visiting a secure site.

Tuesday, July 11, 2006

Google Maps added smooth zooming

Google MapsFinally! Google Maps has added smooth zooming features. The zoom is not "quite" smooth yet, still it's better than nothing. Check it out.