239 stories
·
0 followers

El Chapo went down because his sysadmin sold him out

1 Share

Here's something to remember come the next Sysadmin Appreciation Day: Mexican drug lord El Chapo was only caught because his systems administrator flipped and started working for the feds, backdooring El Chapo's comms infrastructure and providing the cops with the decryption keys needed to eavesdrop on El Chapo's operations.

Former narcomorlock Jorge Cifuentes never really seemed to have his heart in the job: at one point, he failed to renew a license for some critical piece of secure communications software (I'm betting it's some kind of SIPP/VoIP server), forcing the narcos to use cleartext, unsecured voice channels (we know this because the feds made recordings of El Chapo screaming furious, terrifying abuse at Cifuentes over one of those insecure channels).

But it wasn't absentmindedness that brought down El Chapo, it was collusion, which started after the FBI tricked Cifuentes into meeting with them in 2010, flipped him and gained access to about 1500 phone calls.

These recordings are now being played in court, and they're pretty chilling and extremely damning.

Other parts of the calls Times reporter Alan Feuer detailed on Twitter included recordings of Guzmán discussing how a subordinate could avoid murdering “innocent people,” ordering around an allegedly bribed Federal Ministerial Police commander, and referring to other government officials under his influence including an unknown “governor.” (Feuer added that Rodriguez is expected to testify at the trial, with court docs describing a witness matching his description who suffered “a nervous breakdown” from stress.)

The Feds Cracked El Chapo's Encrypted Comms Network by Flipping His System Admin [Tom McKay/Gizmodo] Read the rest

Read the whole story
alexanglin
12 days ago
reply
Ottawa, Ontario
Share this story
Delete

1px-wide font

1 Share

Millitext is a "font" whose glyphs are just one pixel wide. But it's really a clever exploitation of how subpixels -- the individual red, green and blue lights of an LCD display -- are triggered by pixels of certain colors. For example, a magenta pixel triggers the red and blue subpixels, leaving the green one dark between them.

The result is as embedded above. Below is how the bitmap image would look like scaled up, on the wrong sort of screen—or simply as seen from a normal distance where the subpixels, as intended, appear to merge together.

Read the whole story
alexanglin
26 days ago
reply
Ottawa, Ontario
Share this story
Delete

Half of all Phishing Sites Now Have the Padlock

1 Share

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.

A live Paypal phishing site that uses https:// (has the green padlock).

Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. That’s up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018.

This alarming shift is notable because a majority of Internet users have taken the age-old “look for the lock” advice to heart, and still associate the lock icon with legitimate sites. A PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe.

In reality, the https:// part of the address (also called “Secure Sockets Layer” or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and can’t be read by third parties. The presence of the padlock does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers.

A live Facebook phish that uses SSL (has the green padlock).

Most of the battle to combat cybercrime involves defenders responding to offensive moves made by attackers. But the rapidly increasing adoption of SSL by phishers is a good example in which fraudsters are taking their cue from legitimate sites.

“PhishLabs believes that this can be attributed to both the continued use of SSL certificates by phishers who register their own domain names and create certificates for them, as well as a general increase in SSL due to the Google Chrome browser now displaying ‘Not secure’ for web sites that do not use SSL,” said John LaCour, chief technology officer for the company. “The bottom line is that the presence or lack of SSL doesn’t tell you anything about a site’s legitimacy.”

The major Web browser makers work with a number of security organizations to index and block new phishing sites, often serving bright red warning pages that flag the page of a phishing scam and seek to discourage people from visiting the sites. But not all phishing scams get flagged so quickly.

I spent a few minutes browsing phishtank.com for phishing sites that use SSL, and found this cleverly crafted page that attempts to phish credentials from users of Bibox, a cryptocurrency exchange. Click the image below and see if you can spot what’s going on with this Web address:

This live phish targets users of cryptocurrency exchange Bibox. Look carefully at the URL in the address bar, and you’ll notice a squiggly mark over the “i” in Bibox. This is an internationalized domain name, and the real address is https://www.xn--bbox-vw5a[.]com/login

Load the live phishing page at https://www.xn--bbox-vw5a[.]com/login (that link has been hobbled on purpose) in Google Chrome and you’ll get a red “Deceptive Site Ahead” warning. Load the address above — known as “punycode” — in Mozilla Firefox and the page renders just fine, at least as of this writing.

This phishing site takes advantage of internationalized domain names (IDNs) to introduce visual confusion. In this case, the “i” in Bibox.com is rendered as the Vietnamese character “ỉ,” which is extremely difficult to distinguish in a URL address bar.

As KrebsOnSecurity noted in March, while Chrome, Safari and recent versions of Microsoft’s Internet Explorer and Edge browsers all render IDNs in their clunky punycode state, Firefox will happily convert the code to the look-alike domain as displayed in the address bar.

If you’re a Firefox (or Tor) user and would like Firefox to always render IDNs as their punycode equivalent when displayed in the browser address bar, type “about:config” without the quotes into a Firefox address bar.

Then in the “search:” box type “punycode,” and you should see one or two options there. The one you want is called “network.IDN_show_punycode.” By default, it is set to “false”; double-clicking that entry should change that setting to “true.”

Read the whole story
alexanglin
56 days ago
reply
Ottawa, Ontario
Share this story
Delete

Evaluating Tech Things

4 Comments and 10 Shares
Also known as the Black Mirror-Mythbusters scale.
Read the whole story
alexanglin
69 days ago
reply
Ottawa, Ontario
Share this story
Delete
4 public comments
satadru
66 days ago
reply
This is one of the most sexual XKCD comics I have ever seen.
New York, NY
llucax
68 days ago
reply
Tooltip!
Berlin
alt_text_at_your_service
69 days ago
reply
Also known as the Black Mirror-Mythbusters scale.
hairfarmerrich
69 days ago
Sooner, please. All the drone tornado footage I found is aftermath or from a distance.
alt_text_bot
69 days ago
reply
Also known as the Black Mirror-Mythbusters scale.

Internal Monologues

7 Comments and 14 Shares
Haha, just kidding, everyone's already been hacked. I wonder if today's the day we find out about it.
Read the whole story
alexanglin
104 days ago
reply
Ottawa, Ontario
Share this story
Delete
7 public comments
emdot
99 days ago
reply
Real life.
San Luis Obispo, CA
ChrisDL
104 days ago
reply
yarp
New York
DaftDoki
104 days ago
reply
Yeah, thats about right.
Seattle
farktronix
104 days ago
reply
The fact that trees are made of air has been bothering me for years now.
Sunnyvale, CA, USA
redson
102 days ago
it drives me nuts also when people lose fat they do it through breathing
satadru
104 days ago
reply
Medicine is more about looking at people and having your internal dialogue automatically start to list possible disease states.
New York, NY
alt_text_at_your_service
104 days ago
reply
Haha, just kidding, everyone's already been hacked. I wonder if today's the day we find out about it.
alt_text_bot
104 days ago
reply
Haha, just kidding, everyone's already been hacked. I wonder if today's the day we find out about it.

Comic for October 04, 2018

1 Share
Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.
Read the whole story
alexanglin
110 days ago
reply
Ottawa, Ontario
Share this story
Delete
Next Page of Stories