lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 27 Apr 2008 15:46:22 -0400
From: Ureleet <ureleet@...il.com>
To: "Razi Shaban" <razishaban@...il.com>
Cc: n3td3v <n3td3v@...glegroups.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Its time to take rick rolling seriously

i actually agree with this thread.  but its not just rick rolling.
its any link that anayone sends.

On Sat, Apr 26, 2008 at 4:02 PM, Razi Shaban <razishaban@...il.com> wrote:
> Actually, yes.
>
>  I made a video about something similar the other day, you can find it at:
>
>  http://www.youtube.com/watch?v=Yu_moia-oVI
>
>  It elaborates on a few of your ideas, but refutes some others.
>
>  --
>  Razi
>
>
>
>  On 4/26/08, n3td3v <xploitable@...il.com> wrote:
>  > ---------- Forwarded message ----------
>  >  From: n3td3v <xploitable@...il.com>
>  >  Date: Sat, Apr 5, 2008 at 2:17 AM
>  >  Subject: Its time to take rick rolling seriously
>  >  To: n3td3v <n3td3v@...glegroups.com>
>  >
>  >
>  >  We need a big list of all the rick roll URL's, so we can protect the
>  >   public against it.
>  >
>  >   Network operators need a list of rick roll URL's to add to the block list.
>  >
>  >   Can someone harvest all the rick roll URL's and post them as one list
>  >   for folks to copy&paste into their block lists?
>  >
>  >   Some of the rick rolls don't go to Youtube, some of them are
>  >   sophisticated javascript that we need to clampdown on, so not to waste
>  >   productivity and resources on these sites getting executed
>  >   accidentally.
>  >
>  >   If you don't think this is a security issue, its time to wake up.
>  >
>  >   RICK ROLLING HIGHLIGHTS THE EASE OF PHISHING ATTACKS
>  >
>  >   If you look at how many hits the Youtube rick roll got alone, then
>  >   that goes someway in showing your average joe how easy it is to
>  >   compromise folks through phishing.
>  >
>  >   Sure, it looks harmless enough, but the bottom like is, the Youtube
>  >   link (don't click) http://youtube.com/watch?v=eBGIQ7ZuuiU has
>  >   generated upto  9,290,352 views in only a few months since the craze
>  >   took off via mostly social bookmarking sites such as Digg, Reddit.
>  >
>  >   Those could easily equal into 9,290,352 malicious phishes, 9,290,352
>  >   credit cards and 9,290,352 identity frauds.
>  >
>  >   Now, what happens if the cyber criminals catch onto the rick roll and
>  >   start "cyber rolling" everyone with malicious code or links to a
>  >   forged banking site, then that's really going to be bad.
>  >
>  >   So who is keeping track of rick rolling, so it doesn't turn into a
>  >   "cyber roll" where folks get compromised?
>  >
>  >   The media and others should use the rick rolling as a wake up call as
>  >   to how easy it is for folks to be fooled, and if its just rick ashley
>  >   this time, it might be more than "never gonna give you up" next time,
>  >   because it could be your cyber security and bank info you're giving up
>  >   in the future, so i'm calling on network security professionals and
>  >   the media to use rick rolling as a highlight case of the dangers posed
>  >   by social engineering and phishing by hackers, which can ultimately
>  >   lead to data loss and disaster. rick rolling should be used to
>  >   highlight awareness of the threat posed by link-based-phishing towards
>  >   your everyday average single mom, retired couple or the 9,290,352
>  >   folks who have to date been "rick rolled", who are the next
>  >   potentially phished.
>  >
>  >   And, not all, rick rolling could be used be an attacker to see how
>  >   gullible his target is to links, before carrying out a full on
>  >   phishing attack, so there are many issues here with rick rolling which
>  >   the security community may not have grasped up till now.
>  >
>  >   If you think its stupid, 9,290,352 were and thats alarming says n3td3v.
>  >
>  >   There are stupid people out there and rick rolling could be an easy
>  >   way to find the stupid people before your ultimate attack.
>  >
>  >   Carry on the uses of rick rolling below this e-mail by cyber attackers
>  >   and the indications its giving out to folks on how easy phishing and
>  >   socialing engineering really is on the internet today.
>  >
>  >   I see a new craze of "cyber rolling" coming which hackers can exploit
>  >   and i'm not sure if I like it very much, its fun and games at the
>  >   moment, but just wait to the hackers catch on and things develop with
>  >   the rick roll trend.
>  >
>  >   I'm worried, are you?
>  >
>  >   All the best,
>  >
>  >   n3td3v
>  >
>  >  _______________________________________________
>  >  Full-Disclosure - We believe in it.
>  >  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  >  Hosted and sponsored by Secunia - http://secunia.com/
>  >
>
>  _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ