Why Poste Italiane is one of the most Fishing-friendly Websites

poste-italiane-fishing-friendly
poste-italiane-fishing-friendly

Right after just a couple of days since my post about the security of Poste Italiane home banking website, some things have happened, some other which were expected to do, didn’t.

Within the thing which have happened, for instance, Google and Firefox identified the website i’ve wrote about as a fishing websites, warning visitors about the evil content hosted on those pages. What i signaled was the ease with which these identity stealers can make a perfect copy of the home page of the mentioned service. Continue reading “Why Poste Italiane is one of the most Fishing-friendly Websites”

Poste Italiane Home Banking security? Ridiculous.

fake-poste-italiane-fishing

 

Yes, i can’t resist and i want to study every single scam attempt i detect.
This one was quiet easy, a fishing email, nothing special: it was already in the junk mail.
This email contains a link to a fake home page for postepay.it (http://m779.iuser.my/poste/), normal for a fishing email.
What was unexpectedly interesting was seeing the html of this fake page: it contains references to resources that are actually hosted on the real server of posteitaliane!

Continue reading “Poste Italiane Home Banking security? Ridiculous.”

Incoming search terms:

  • mail rstnc com (62)

Spam counterproductivity as lack of Netiquette signal for companies

Homo_erectus_newHow to fight against spammers.

What some people continue to ignore is the couterproductivity of unwanted advertising email. I will explain here how to turn their childish behavior against themselves. You just follow this post. Continue reading “Spam counterproductivity as lack of Netiquette signal for companies”

Constantly Under attack, inquiring discovered huge URSS dns poison

russian dns poison attackWell it turned out it was a mobile application “classmates” produced and distribuited for free by mail.ru the reason for the unusual considereable amount of traffic on one if my ip addresses

what? Continue reading “Constantly Under attack, inquiring discovered huge URSS dns poison”

Domain Names Registrars:Internetbs.net VS Misterdomain.eu.

icann-logoLet’s review two of the Domain Name Registrars i’v used so far:
Internetbs.net VS Misterdomain.eu: How do they do?

Why this post:
( I have to wait because the dns record of one of the sites I’m working on (http://diydrones.giuseppeurso.net) has not been propagated yet. I use two registrars for domain names (actualy i use two of them because i’m switching on the second…): Misterdomain.eu and Internetbs.net. Continue reading “Domain Names Registrars:Internetbs.net VS Misterdomain.eu.”

Incoming search terms:

  • as4hv (1)
  • volumebw6 (1)
  • swimmingsnd (1)
  • stringlhr (1)
  • somehowyj2 (1)
  • linehco (1)
  • gotkcp (1)
  • drivenruu (1)
  • cabinju1 (1)
  • boardhqi (1)

Web developers should turn off Firefox DNS Caching

Firefox Browser
Firefox Browser

In some cases, when you normally use /etc/hosts to check if a new created website is working as expected, it can be useful to disable the browser dns records caching (yes, on the client side), especially when you are about to move a site and you cannot afford to stay offline.
Thus you will be able to check the fresh uploaded website against a new IP address.
Continue reading “Web developers should turn off Firefox DNS Caching”

Incoming search terms:

  • arduino gy-80 (55)
  • firefox отключить кэш dns (1)

Client side Html Injection with firebug

As described in another article, you can use Client side html injection techniques basically for two reasons:

  • cheat on your friends
  • send variables

In this example we will send some vars to a php page predisposed in order to show all POST vars, then we will apply this technique to the ebay homepage to apply a filter to the search form.
Continue reading “Client side Html Injection with firebug”

Incoming search terms:

  • psquiza o feihebuger (10)

How to Enable real Bridge mode for UPC Cisco EPC-3925 with HTML Injection

A.K.A. Public (and probably static) IP address for residential UPC customers.

I have a huge bandwidth internet connection, so why don’t let my friends download or upload files to my house, it makes feel us closer, it’s funny to share things, it can be actually useful in some cases.

I live in the Netherlands and here are several companies which offer different internet connections, but the common element is that houses are built with fiber channel in mind, differently from Italy, that’s why we have actually 50Mbit in download and 4Mbit in upload. For this reason I want to try to discover, for example, whether the ip address is a static one (still the same in two months) and other funny things.
So the first thing to do is to check if the router distributed by UPC can actually act as a bridge so I can manage myself all incoming connections having a public ip address. Also I have a spare Cisco E2000 with dd-wrt that eventually can assume the public ip while the cisco turns in a simple bridge. Continue reading “How to Enable real Bridge mode for UPC Cisco EPC-3925 with HTML Injection”

Incoming search terms:

  • cisco epc3925 (449)
  • cisco epc3925 bridge mode (164)
  • epc3925 (94)
  • cisco epc 3925 (50)
  • cisco epc3925 bridge (48)
  • cisco epc3925 firmware (47)
  • epc3925 firmware (36)
  • cisco 3925 bridge mode (28)
  • EPC 3925 (26)
  • epc3925 bridge (25)

Auto Interview about social privacy – Socratic method

AKA Matrix Training, first grade. Continue reading “Auto Interview about social privacy – Socratic method”