lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 26 Apr 2008 23:02:22 +0300
From: "Razi Shaban" <razishaban@...il.com>
To: n3td3v <xploitable@...il.com>
Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Its time to take rick rolling seriously

Actually, yes.

I made a video about something similar the other day, you can find it at:

http://www.youtube.com/watch?v=Yu_moia-oVI

It elaborates on a few of your ideas, but refutes some others.

--
Razi

On 4/26/08, n3td3v <xploitable@...il.com> wrote:
> ---------- Forwarded message ----------
>  From: n3td3v <xploitable@...il.com>
>  Date: Sat, Apr 5, 2008 at 2:17 AM
>  Subject: Its time to take rick rolling seriously
>  To: n3td3v <n3td3v@...glegroups.com>
>
>
>  We need a big list of all the rick roll URL's, so we can protect the
>   public against it.
>
>   Network operators need a list of rick roll URL's to add to the block list.
>
>   Can someone harvest all the rick roll URL's and post them as one list
>   for folks to copy&paste into their block lists?
>
>   Some of the rick rolls don't go to Youtube, some of them are
>   sophisticated javascript that we need to clampdown on, so not to waste
>   productivity and resources on these sites getting executed
>   accidentally.
>
>   If you don't think this is a security issue, its time to wake up.
>
>   RICK ROLLING HIGHLIGHTS THE EASE OF PHISHING ATTACKS
>
>   If you look at how many hits the Youtube rick roll got alone, then
>   that goes someway in showing your average joe how easy it is to
>   compromise folks through phishing.
>
>   Sure, it looks harmless enough, but the bottom like is, the Youtube
>   link (don't click) http://youtube.com/watch?v=eBGIQ7ZuuiU has
>   generated upto  9,290,352 views in only a few months since the craze
>   took off via mostly social bookmarking sites such as Digg, Reddit.
>
>   Those could easily equal into 9,290,352 malicious phishes, 9,290,352
>   credit cards and 9,290,352 identity frauds.
>
>   Now, what happens if the cyber criminals catch onto the rick roll and
>   start "cyber rolling" everyone with malicious code or links to a
>   forged banking site, then that's really going to be bad.
>
>   So who is keeping track of rick rolling, so it doesn't turn into a
>   "cyber roll" where folks get compromised?
>
>   The media and others should use the rick rolling as a wake up call as
>   to how easy it is for folks to be fooled, and if its just rick ashley
>   this time, it might be more than "never gonna give you up" next time,
>   because it could be your cyber security and bank info you're giving up
>   in the future, so i'm calling on network security professionals and
>   the media to use rick rolling as a highlight case of the dangers posed
>   by social engineering and phishing by hackers, which can ultimately
>   lead to data loss and disaster. rick rolling should be used to
>   highlight awareness of the threat posed by link-based-phishing towards
>   your everyday average single mom, retired couple or the 9,290,352
>   folks who have to date been "rick rolled", who are the next
>   potentially phished.
>
>   And, not all, rick rolling could be used be an attacker to see how
>   gullible his target is to links, before carrying out a full on
>   phishing attack, so there are many issues here with rick rolling which
>   the security community may not have grasped up till now.
>
>   If you think its stupid, 9,290,352 were and thats alarming says n3td3v.
>
>   There are stupid people out there and rick rolling could be an easy
>   way to find the stupid people before your ultimate attack.
>
>   Carry on the uses of rick rolling below this e-mail by cyber attackers
>   and the indications its giving out to folks on how easy phishing and
>   socialing engineering really is on the internet today.
>
>   I see a new craze of "cyber rolling" coming which hackers can exploit
>   and i'm not sure if I like it very much, its fun and games at the
>   moment, but just wait to the hackers catch on and things develop with
>   the rick roll trend.
>
>   I'm worried, are you?
>
>   All the best,
>
>   n3td3v
>
>  _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ