Phishing

Over a month ago, I received a creative phishing attempt. We use a relatively popular service which is mimicked fairly well. I typically receive notification emails from it by an administrative assistant. This came from another name. That was my only real clue that made me look closer. Since, I have received almost a dozen,… Continue reading Phishing

Email Changes

Ran across a site where if one changes the email address associated with the account, it sends the confirmation email to the new address. Say, I am a Blackhat and used a phishing attack to get the password for¬†the account. Having legitimately logged in, I then change the email address associated with it from victim@outlook.com… Continue reading Email Changes

Phishy Corporate Communications

Received an email that looked phishy: Greetings, Please read this important e-mail carefully. Recently you registered, transferred or modified the contact information for the following domain name: ezrasf.com In order to ensure your domain name remain active, you must now click the following link and follow the instructions provided. http://verify.domain.com/registrant/?verification_id=999999&key=BFrrpxGDbb&rid=999999 Sincerely, Domain Registrar The web… Continue reading Phishy Corporate Communications

Security Inside Out #USGRockEagle13

Eddie Carter and Orrin Char, Oracle Identity management and security and access management. Eddie wore a UGA shirt. Guy in front of me made fun of him obviously not wanting to sell to Georgia Tech. Turns out he’s from ¬†Kennesaw. The GT-UGA rivalry knows no bounds. Love it! Handout: Database firewall more auditing and ACLs… Continue reading Security Inside Out #USGRockEagle13