Thursday, September 18, 2008

Russion Job Seeker Hackers

Another attack from Russia (or at least a computer in Russia) on job seekers - in a section of business week targeting job related section of the site.

I would put the article link here but when I go to the page Norton says it's blocking a virus, so will refrain.

HTTP Adobe SWF Remote Code Execution

Apparently an attack was blocked on my computer:

Http Adobe SWF Remote Code Execution
Risk: High
remote machine: ad101com-images.adbeareau.net (96.17.108.107)

Site I was visiting: http://adtmag.com/article.aspx?id=23284
(the ads may rotate)

Network:
OrgName: Akamai Technologies
OrgID: AKAMAI
Address: 8 Cambridge Center
City: Cambridge
StateProv: MA
PostalCode: 02142
Country: US

NetRange: 96.16.0.0 - 96.17.255.255

I just realized that the email came from: AppTrendsNL@1105service.com
http://whois.domaintools.com/1105service.com


Coincidentally, I was just reading about a click attack that Adobe was asking some hackers not to report.

Wednesday, September 10, 2008

Latest hack - Code tacked onto URL

There seems to be a new hack on the loose. Well it's not that new because I noticed before but didn't have time to blog it. Seems that someone is attempting to include some code at the end of a URL as shown in this image (click on the image to see a larger size image showing the code that is tacked onto the end of a url like:

http://www.somesite.com/?DECLARE....



This particular traffic comes from:

142.167.53.105 9/10/2008

OrgName: Stentor National Integrated Communications Network
OrgID: SNI1
Address: One Brunswick Square
City: Saint John
StateProv: NB
PostalCode: E2L-4K2
Country: CA

NetRange: 142.167.0.0 - 142.167.255.255

Monday, September 08, 2008

Encrypted Email

I understand that you can encrypt email and someone cannot read the contents (assuming they cannot hack your encryption technology) but what I want to know is this - you have to include in your email the destination and is the email address itself readable? In that case what prevents the hackers from replacing encrypted email contents with a spam message and changing the from email address? Just wondering.