Posts Tagged ‘Web’
Counter-Phish, The Anti-Phishing Strategy Game
Wednesday, September 10th, 2008
Apparently, sometimes corporate Risk Bulletins are useful!
Tips to protect yourself from phishing schemes:
- Never provide your personal information when responding to an unsolicited email request, no matter how legitimate the communication may look. Whether by phone, email or internet site, data created by phishers may look like the real thing. If you didn’t initiate the communication, you shouldn’t provide any information.
- Never provide a password over the telephone in response to an unsolicited request. Financial institutions should never ask you to verify your account information online.
- Contact the financial institution yourself, if you believe the contact may be legitimate. Phone number and websites can be found on your monthly statements from your financial institutions. You can also look up companies on the internet or in phone books.
- Regularly review your account statements to confirm there are no fraudulent charges. If your account statement is ever late, immediately contact the financial institution to determine why.
- Visit the anti-phishing working group website to obtain a list of the most recent incidents of phishing and find the latest news in the fight against phishing, www.antiphishing.orgBecoming Proactive
When you encounter a potential fraud, especially if you believe you’ve lost money, act immediately:
- If you receive phishing emails, you can report the fraud to the FBI’s Internet Fraud Complaint Center at www.ic3.gov, and forward the email to enforcement@sec.gov, to pass the tip to the SEC’s Enforcement Division.
- If you think your personal information has been compromised, visit the Identity Theft Resource Center of the Federal Trade Commission for more information on how to proceed with protecting yourself and minimizing the damage.
Apparently, sometimes corporate Risk Bulletins are useful!
Tips to protect yourself from phishing schemes:
- Never provide your personal information when responding to an unsolicited email request, no matter how legitimate the communication may look. Whether by phone, email or internet site, data created by phishers may look like the real thing. If you didn’t initiate the communication, you shouldn’t provide any information.
- Never provide a password over the telephone in response to an unsolicited request. Financial institutions should never ask you to verify your account information online.
- Contact the financial institution yourself, if you believe the contact may be legitimate. Phone number and websites can be found on your monthly statements from your financial institutions. You can also look up companies on the internet or in phone books.
- Regularly review your account statements to confirm there are no fraudulent charges. If your account statement is ever late, immediately contact the financial institution to determine why.
- Visit the anti-phishing working group website to obtain a list of the most recent incidents of phishing and find the latest news in the fight against phishing, www.antiphishing.orgBecoming Proactive
When you encounter a potential fraud, especially if you believe you’ve lost money, act immediately:
- If you receive phishing emails, you can report the fraud to the FBI’s Internet Fraud Complaint Center at www.ic3.gov, and forward the email to enforcement@sec.gov, to pass the tip to the SEC’s Enforcement Division.
- If you think your personal information has been compromised, visit the Identity Theft Resource Center of the Federal Trade Commission for more information on how to proceed with protecting yourself and minimizing the damage.
What is a blog?
Friday, January 25th, 2008
I ran across this presentation today and thought it was a great explanation for those people that have asked me (and there are a few of you), “what is a blog?”
I ran across this presentation today and thought it was a great explanation for those people that have asked me (and there are a few of you), “what is a blog?”
Skowronek.org Facelift
Sunday, January 6th, 2008
It’s been a couple of weeks since I finished the final design, and now, after a day or so of coding and fussing with WordPress, it is finally done. Completely rebuilt with widgets (I’ll post my twitter and other such widgets later perhaps) and dynamic everything. Now time for bed.
It’s been a couple of weeks since I finished the final design, and now, after a day or so of coding and fussing with WordPress, it is finally done. Completely rebuilt with widgets (I’ll post my twitter and other such widgets later perhaps) and dynamic everything. Now time for bed.
Silverlight Live Streaming
Friday, December 14th, 2007
While reading another Silverlight development articles, I ran across a new service/feature Microsoft is offering for Silverlight developers/practioners. They claim to offer 4GB streaming services for free. I’m not sure all the stipulations and/or limitations, but hey, it’s not YouTube!
While reading another Silverlight development articles, I ran across a new service/feature Microsoft is offering for Silverlight developers/practioners. They claim to offer 4GB streaming services for free. I’m not sure all the stipulations and/or limitations, but hey, it’s not YouTube!
Microsoft Downloads moving to Silverlight
Wednesday, December 12th, 2007
I ran across the new Microsoft downloads web site last night. Apparently, they have decided to program the entire site in Silverlight. First impression, nice work. Then came the questions: why did they do the entire page in Slight? Are they really expecting this sort of page load time for every Slight application? In spite of it’s snazzy new interface, I’m not sure I’m buying this move. It is reminiscent of the old Java applet days.
I ran across the new Microsoft downloads web site last night. Apparently, they have decided to program the entire site in Silverlight. First impression, nice work. Then came the questions: why did they do the entire page in Slight? Are they really expecting this sort of page load time for every Slight application? In spite of it’s snazzy new interface, I’m not sure I’m buying this move. It is reminiscent of the old Java applet days.
Index of /wp-content/uploads
Friday, December 7th, 2007
Tonight, whilst experimenting with the various advanced Google search techniques (hacks) to locate web content, I had an epiphany. Any web directory/folder that has indexes enabled (show an index of the contents of the folder of no directory index file exists) will list the contents of said directory with the phrase “Index of” followed by the actual root-relative path to available list of assets. This is due to the fact that the directory/folder does not have an index document/file present, so the web server spits out the entire list of the folder’s content. But I digress.
I have been using WordPress as my blogging platform for a few years now. Before that was a hybrid of PHPBB and custom PHP application I wrote. WordPress works great and has robust features that make blogging a snap for the more technical (such as myself, ehem) and also for the less technical netizens out there. Now, one of these great features is the ability to upload pictures and files (content) through a web interface. What a great concept (this is where the epiphany came in) except if you weren’t planning on listing up the contents of your entire uploads folder to the world. which happens to be the case with some (okay a lot of) default installations of WordPress.
Lets say you “Google” the “Index of” any WordPress uploads folders (/wp-content/uploads). You don’t have to be a rock scientist (yes, that was a joke) to realize the possible implications. Let me give you an idea of the figure as of tonight: 4,143,000 indexes. That’s 4,143,000 WordPress installations that have directory indexes enabled and are completely wide open to crawlers and spiders that can pilfer (argh) their content.
Try it yourself: http://www.google.com/search?q=Index+of+%2Fwp-content
Tonight, whilst experimenting with the various advanced Google search techniques (hacks) to locate web content, I had an epiphany. Any web directory/folder that has indexes enabled (show an index of the contents of the folder of no directory index file exists) will list the contents of said directory with the phrase “Index of” followed by the actual root-relative path to available list of assets. This is due to the fact that the directory/folder does not have an index document/file present, so the web server spits out the entire list of the folder’s content. But I digress.
I have been using WordPress as my blogging platform for a few years now. Before that was a hybrid of PHPBB and custom PHP application I wrote. WordPress works great and has robust features that make blogging a snap for the more technical (such as myself, ehem) and also for the less technical netizens out there. Now, one of these great features is the ability to upload pictures and files (content) through a web interface. What a great concept (this is where the epiphany came in) except if you weren’t planning on listing up the contents of your entire uploads folder to the world. which happens to be the case with some (okay a lot of) default installations of WordPress.
Lets say you “Google” the “Index of” any WordPress uploads folders (/wp-content/uploads). You don’t have to be a rock scientist (yes, that was a joke) to realize the possible implications. Let me give you an idea of the figure as of tonight: 4,143,000 indexes. That’s 4,143,000 WordPress installations that have directory indexes enabled and are completely wide open to crawlers and spiders that can pilfer (argh) their content.
Try it yourself: http://www.google.com/search?q=Index+of+%2Fwp-content
Encoding and Downloading FLV Media
Monday, December 3rd, 2007
One of the greatest features of Flash is the ability to encode video for online playback. For those that have not done this, the quick notes version:
- Create a blank Flash movie (somewhere near the dimensions of the source video)
- File | Import | Import to library…
- Select Windows | Library OR CTRL + L for those key-jockeys out there
- Select the imported movie from the library
- Right-click | Properties
- In the Embedded Video Properties dialog box, click Export.
- Save the movie for later use
Now, what if we want to be able to download an FLV movie from somewhere on the web. Lately I have been researching ways to leverage various online social media provider’s technologies (and uhm, assets.) In doing so, I rely heavily on Fiddler, an HTTP debugging proxy which logs all HTTP traffic between your computer and the Internet (that is all IE traffic.) By listening to the HTTP requests being sent from any embedded Flash application from your local computer, FLV assets from YouTube, Brightcove and others are easily retrievable. Although there are freely available plug-ins for Firefox and Internet Explorer that occasionally work, oftentimes it becomes necessary to dig in and get your hands dirty. Let’s dirty up…
One of the greatest features of Flash is the ability to encode video for online playback. For those that have not done this, the quick notes version:
- Create a blank Flash movie (somewhere near the dimensions of the source video)
- File | Import | Import to library…
- Select Windows | Library OR CTRL + L for those key-jockeys out there
- Select the imported movie from the library
- Right-click | Properties
- In the Embedded Video Properties dialog box, click Export.
- Save the movie for later use
Now, what if we want to be able to download an FLV movie from somewhere on the web. Lately I have been researching ways to leverage various online social media provider’s technologies (and uhm, assets.) In doing so, I rely heavily on Fiddler, an HTTP debugging proxy which logs all HTTP traffic between your computer and the Internet (that is all IE traffic.) By listening to the HTTP requests being sent from any embedded Flash application from your local computer, FLV assets from YouTube, Brightcove and others are easily retrievable. Although there are freely available plug-ins for Firefox and Internet Explorer that occasionally work, oftentimes it becomes necessary to dig in and get your hands dirty. Let’s dirty up…