Cloudgen

網釣相關技術及工具

前文曾經介紹過，「釣魚網站」所涉及的是一連串的入侵、欺騙及盜取的行為。所以，「網路網釣」所涉及的技術也不只一類，從入侵到盜取的每一個步驟都有其所需要的相關技術。並不是《百度百科》在其網站引述個別的「網絡安全技術人員」所認為的技述含量不高。

我們很難將所有相關技術羅列出來，在這裡我們會列出一些有代表性的「網路網釣」的技術以及工具。

「智能轉向」

網絡保安公司RSA於2006年發現有駭客使用稱之為「智能轉向」Smart Redirect的技術來進行「網路網釣」。「智能轉向」的原理是駭客透過入侵大量的網站，部份會用來設置「釣魚網站」，部份會用來方置「智能轉向」的網址。由於只放置「智能轉向」比較容易，駭客會有大量的「智能轉向」的網址，及數量相對較少的「釣魚網站」。之後，透過已入侵的電腦及電郵帳戶，大量發送偽冒電郵，電郵的會放置冒認真網站的連結，而這裡連結，其實是那些預先放置的「智能轉向」的網址。當被騙者點擊這些偽冒的網址，他們會在不知不覺的轉送到那「釣魚網站」。一旦有些「釣魚網站」因被投訴而關閉或被網站的原本的擁有者移除，「智能轉向」的網址的程式放棄被關閉的網站，然後轉向那新仍在營運中的「釣魚網站」。這種技巧會提昇「網路網釣」的成功率。參考：http://latinamerica.rsa.com/press_release.aspx?id=6615

「國際化域名近似字母欺騙」IDN Homograph Spoofing

於2009年10月《網際網路名稱與數字地址分配機構》（ICANN）確實了以國家域名為基礎，以多國不同語言的域名制度。域名不再只限於英文字減號及數字，今天的域名登記制度容許申請人用不同國家的語言來註冊域名。然而在不同的語言之間會出現字型一樣但意思不同的「近似字母」Homograph。例如俄文所用的斯拉夫字母就有多個跟英語所用的拉丁字母有著相同的字型但發音不同的情況，而且，這些「近似字母」除了外表一樣擁有內碼卻是完全不同。希臘文字母當中也有跟英語用的拉丁字母相似；亞美尼亞字母有跟拉丁字母及斯拉夫字母的「近似字母」。利用這些「近似字母」我們可以製造出看似一樣其實是不同的網址。參考：http://en.wikipedia.org/wiki/IDN_homograph_attack

「駭客港灣」商店（The Black Bay）及其駭客工具

2012年2月，網絡安全公司RSA發現一間叫做《The Black Bay》「駭客港灣」商店，它在網上售賣建設「釣魚網站」所需要用到的工具：

PHP Shell﹣PHP Shell是用來入侵別人的網站從而奪取網站的控制權的程式。售價方面：用來入侵美國本土的網站每次收費為2.5美元、美國以外地方收費為4.5美元。
利用HTTP隨道作SSH登入的帳戶﹣這些是已經入侵的網站，在網站內架設了多個沒有Root權限的帳戶。用戶可以利用SSH程式來登入。登入後可以上傳自行製作的網頁。每個帳戶售價為8美元。
Root權限帳戶﹣Root權限帳戶可以用來在已入侵的系統安裝其他駭客工具及設置帳戶。Root權限帳戶售價約為15到30美元。
微軟遠端桌面登入﹣這些是已經被盜取的遠端桌面登入帳號，可以用來發放電郵、架設網站、安裝其他駭客工具等。每個帳戶售價為20元。
控製台﹣可以遙控多於一個已入侵帳戶或伺服器的工具，售價為3美元。
參考：http://blogs.rsa.com/rsafarl/blackhat-tool-shop-is-open-for-business/
「全方位中間人網釣套件」Universal Man-in-Middle Phishing Kit
網路安全公司RSA於2007年1月10日發表新聞稿，他們發現一種新型的「網路網釣」工具。該工具名為「全方位中間人網釣套件」Universal Man-in-Middle Phishing Kit。該套件從被冒仿的網站提取登入的畫面，一旦被騙者信以為真並填寫他的登入名及密碼，將被騙者的真實的資料將會傳送到真的網站，再將真的網站的內容送回使用者，當中的任何資料都會被記錄。由於該套件能配合任何的被冒仿的網站及收集任何的資料，所以被稱為「全方位」（Universal）。參考：http://www.rsa.com/press_release.aspx?id=7667

「標籤頁搶奪」Tabnabbing

駭客入侵或者利用其他手段（例如：SQL注入攻擊）將一些多人瀏覽的網站加入程式，使得一些開啟了很長時間的瀏覽器上的標籤頁自動轉至「釣魚網站」。由於較新的網頁瀏覽器都會加入標籤頁的設計，用戶若加入新的標籤頁或點選另一個標籤頁，用戶無法看到其他標籤頁的變化。被侵入的網頁會按時間或閒置的時間長短，將該標籤悄悄地轉到「釣魚網站」，讓用戶誤以為自己曾到訪該網站，並再一次填寫登入名及密碼，資料會被駭客盜取。參考：http://en.wikipedia.org/wiki/Tabnabbing

http://www.xn--ruq77z0ocz5j6ql42wgqal97g1dy.asso.hk/%E8%AB%87%E8%AB%87%E3%80%8C%E9%87%A3%E9%AD%9A%E7%B6%B2%E7%AB%99%E3%80%8D%E4%B9%8B%E4%B8%89%EF%BC%9A%E7%B6%B2%E9%87%A3%E7%9B%B8%E9%97%9C%E6%8A%80%E8%A1%93/

No comments

談談「釣魚網站」之二

Tuesday, April 17, 2012 8:55:24 PM

「釣魚網站」的起源及發展

「網路網釣」(Phishing)一詞於何時出現已經無從稽考了。Jerry及Chris早在只有互聯網且網頁還未發明之前，於1987在發表的《 System Security: A Hacker’s Perspective》 (1) 一文中已提到駭客如何「網路網釣」。當然，這時還沒有「釣魚網站」。

及後於1991年8月6日Tim Burner Lee建立的第一個網站，互聯網開以興旺起來。AOL為當時在美國其中一個出名的互聯網供應商。當時有很多用戶為了免費使用AOL的服務而使用假的信用卡號碼，AOL修改了信用卡號碼的驗証程式，使得很多駭客開始使用「網路網釣」來盜取別的用戶名及登入密碼。technicalinfo.net指出，「網路網釣」早於1996年1月於新聞組alt.2600被一個叫做《mk590》的用戶提及：

It used to be that you could make a fake account on AOL so long as you had a credit card generator. However, AOL became smart. Now they verify every card with a bank after it is typed in. Does anyone know of a way to get an account other than phishing?

—mk590, "AOL for free?" alt.2600, January 28, 1996

早期的「網路網釣」的方式常涉及駭客利用「即時通訊」喬裝成AOL的工作人員，然後向AOL的用戶詢問其密碼。及後於1995年有駭客開發出名叫《AOHell》的程式將「網路網釣」自動化。《AOHell》有提供多種功能，包括隨機地抽出用戶號碼，並向該用戶發出虛假的信息：

“Hi, this is AOL Customer Service. We’re running a security check and need to verify your account. Please enter your username and password to continue.”

於2001年後，開始出了針對金融機構的「網路網釣」行為。及後，於2006年甚至出現了冒認美國國稅局發出的電郵：

駭客大量發送這類的網釣信件，並在電郵信件中提供已被入侵的網址。當然，當用戶點擊那個偽冒的網址，他會看到一個只真正的網站一樣的畫面。駭客將收集回來的資料會賣及其他駭客、並會跟據相關的用戶的銀行資料，偽冒成銀行，進行第二、甚至第三輪的「網路網釣」。

近年的「網路網釣」已經發展為多元化。不同的「網釣技術」，例如：「魚叉網釣」（Spear Phishing）及「鯨釣」（Waling）。

「魚叉網釣」，是針對單一機構發出偽冒的電子郵件，誘使用戶進入已入侵的「釣魚網站」，進行「網路網釣」。近年比較知名的「魚叉網釣」包括：「RSA SecurID 事件」。於2011年3月，駭客冒認RSA向其員工發出電郵，該電郵內附有一個名為“2011 Recruitment plan.xls"的文件，文件中有一個可以入侵Adobe Flash的漏洞的程式，該程式會安裝一個「後門程式」，可以讓駭客可以遙控該電腦。

「鯨釣」，是一種針對單一機構的高級行政人員所發出的電子郵件，以盜取機構的重要機密。近年比較轟動的莫過於「Anonymous入侵事HBGary事件」。Anonymous當中的一個不知名的駭客，透過HBGary公司其下的一個網站hbgaryfederal.com的漏洞，找到HBGary的高層的電郵地址及相關的資料，然後入侵該高層的電郵戶口，並利用該戶口發出虛假的電郵到負責防火牆的員工，指示他關掉防火牆，並利用防火牆被關的一刻，進一步入侵整間公司的檔案系統。作為美國政府的其中一間資訊保安顧問公司，當中有很多跟美國政府相關的資訊保安的資料因此流出。

http://www.xn--ruq77z0ocz5j6ql42wgqal97g1dy.asso.hk/%E8%AB%87%E8%AB%87%E3%80%8C%E9%87%A3%E9%AD%9A%E7%B6%B2%E7%AB%99%E3%80%8D%E4%B9%8B%E4%BA%8C/

No comments

Tuesday, April 17, 2012 8:52:48 PM

在這裡所談的「釣魚網站」是一個網絡安全的專用名稱。在知名的網頁搜尋器上，當我們搜尋「釣魚網站」時，或許會得出一些談論垂釣活動的網站。可是，今天講的「釣魚網站」跟垂釣是風牛馬不相及的。所以，請不要誤會為一些談論在海上、湖上或河上垂釣活動的網站。

「釣魚網站」中的「釣魚」兩字是用來形容誤導別人，使得他人受騙（即俗稱「上釣」）的欺騙行為。英文會用Phishing來形容這種誘導別人「上釣」的行為，發音也很近似Fishing即「釣魚」的意思。在「百度百科」http://baike.baidu.com上，對「釣魚網站」所出以下的總結：

「釣魚網站通常是惷偽裝成銀行及電子商務等網站，主要危害是竊取用戶提交的銀行帳號、密碼等私密信息。」

自1991年誕生了網頁這種技術，經過廿多年，發展至今天的高速網絡經濟。認識「釣魚網站」及其禍害，不單是「網絡安全」一個重要課題，也是作為一個精明的「網絡使用者」的必須具備的智識。

《百度百科》認為「釣魚網站」是一種不法分子在網絡上進行欺詐的行為，而這些行為涉及仿冒真實網站的地址以及內容，或者利用真實網站的漏洞，讓用戶以為他們在一個安全網絡環境以下提供帳號、密碼等的個人資料。

而然，單單依靠模仿真實網站並不能有效地大量盜取不同用戶的帳戶資料。騙徒還需要靠大量發送電郵，或透過入侵其他網站誘使用戶不警覺之下進入「釣魚網站」。所以正確一點來說，騙徒是利用「網路網釣」這種行為來大量盜取不同用戶的帳戶資料。「釣魚網站」是「網上釣魚」的過程中的重要工具。

直至今天，中文版的《維基百科》http://zh.wikipedia.org並沒有收錄「釣魚網站」，反而是詳細的講解「釣魚式攻擊」這一詞。「釣魚式攻擊」正正就是解作「網路網釣」這種行為。中文版《維基百科》認為「釣魚式政擊」是一種企圖從電子通訊，透過偽裝成信譽卓著的法人媒體，以獲得用戶敏感的個人資料。而當中所謂「信譽卓著的法人媒體」，包括社交網站、拍賣網站、網路銀行、電子支付網站及網路管理者。

不論是《百度百科》或是中文版《維基百科》都視「釣魚網站」為造成大量網上經濟損失的元凶之一。《維基百科》引述Kerstein及Paul在2005年的文章《How can we stop phishing and pharming scams?》，指出於2004年到2005間「釣魚網站」在一年間造成了超過九億（92900萬）美元的損失。在McCall及Tom的研究中，更顯示「釣魚網站」在2007年8月之前為美國造成32億美元的損失。數字之巨，令人嘩然。

「釣魚網站」能產生這麼巨大的經濟損失，從另一角度，亦是一個對行騙者一個極度豐厚的誘因，使他們冒著被捕，千方百計地從事「網路網釣」的行為..

Source from
http://www.xn--ruq77z0ocz5j6ql42wgqal97g1dy.asso.hk/%E8%AB%87%E8%AB%87%E3%80%8C%E9%87%A3%E9%AD%9A%E7%B6%B2%E7%AB%99%E3%80%8D%E4%B9%8B%E4%B8%80/

No comments

A share of how to learn jQuery Plugins

Monday, January 17, 2011 1:48:08 PM

jQuery plugins, jQuery book, learn jQuery, learn jQuery plugin ...

Recently, a lot of people are talking about developing iphone applications. Iphone is hot and it gives golden opportunities for programmers. Seeing the great wave in technology, I have started my career in writing iphone applications, too.

Unfortunately, I am new to Mac platform and I am not used to write code in Objective-C. Therefore, I have to spend a lot of time learning everything from scratch. The learning process is hard and this recall me on how I learned jQuery two years ago.

If you want to learn a new language and get used to the language, you have to study the basic concepts, analysis examples and try to write you own. It especially took you a lot of time in searching relevant examples and looking up the syntax of commands before you can complete one piece of your own code.

Two years ago, the resources available for people to learn jQuery are limited. Almost all my knowledge was come from the jQuery's website: www.jquery.com. And you can still find examples, syntax and basic concept there. The website had provided sufficient information for me at the beginning. However, as I reached certain level of understanding of jQuery, I found out that, if I want to have further understanding and improvement in effectiveness of writing jQuery code, I have to write my own jQuery plugins. So, I changed my focus to jQuery plugins and started to write jQuery plugins in a latter time.

As you visit www.jquery.com, you will find a brief introduction about how to write a jQuery plugin. However, the information provided is not sufficient for advanced learners who needed to write plugins for specific purpose. At that time, I was requested to write an online magazine using jQuery In order to apply jQuery plugins in my project, I’d spent a lot of time, searching relevant plugins from the internet and downloading them to my computer. I’d studied the code of the plugins line by line. I’d tried to use them and then rewrite them in my code before I could have a full understanding about every plugins I download. And, finally, I was able to convert my knowledge to a workable solution in my project.

If there was a book which had provided an in-depth explanation of the concepts of jQuery plugin, together with useful examples categorized by the nature of application, I could save a lot of time and I could have a shorter learning cycle in jQuery and jQuery plugins.

In the mid-December, I’ve received a book from Packt. “jQuery 1.4 Plugin Development – Build powerful, interactive plugins to implement jQuery to its best – Beginner’s Guide” which is a eBook written by Giulio Bai. I’ve started reading the eBook during my Christmas holiday. As you know, a book for concepts and examples is essential in learning jQuery, this book is what I looked for a long time.

During my holiday, in most of the time, I liked to sit in front of my computer with a cup of hot coffee. One day, I opened the eBook, I started reading from the front page, then I skipped the first Chapter, which is about the introduction on jQuery. On the other hand, as a designers of some jQuery plugins, I am quite interested how other people teaches jQuery plugin. So, I chapter 2 carefully. After finished chapter 2, I found myself quite satisfied. In this chapter, the language is plain, the steps are clear and everything is quite easy to understand. And this is the first book that introduces the concepts and differences between function plugins and method plugins.

The topics as well as the examples in books are comprehensive: Image plugins, audio plugins, video plugins, form plugins, menu plugins, navigation plugins, animation plugins, utility plugins, etc. This book save us a lot of time from collecting different type of jQuery plugins. Thus, we can focus on those plugins that we feel interested.

The most valuable materials are always in the later part of a book. So, if you turn the pages to later part, for instance, Chapter 13, you’ll find a top 10 list of jQuery Plugins recommend by the author, Guilio. In this chapter, he had shared the findings and thoughts which he had spent a lot of time and effort before in studying those top jQuery Plugins. And he will tell you what’s the secrets for top 10 jQuery plugins.

I recommend people reading this book. And I think this book is especially useful for those who have the basic knowledge of jQuery and wants to have a in-depth understanding of jQuery and jQuery plugins. If you have spare time, you can try the “pop quiz” section provided in the latter part of every chapter. And you’ll find a lot of fun in do the pop quiz, too. Here is the link and cover of the book:

jquery 1.4 plugin develop - Beginner's Guide

No comments

Some some thoughts on the 6502 Technology

Saturday, August 21, 2010 3:36:45 AM

6502 hardware, 6502 website, 6502 histroy, 6502 Assembly ...

6502, why it is so important?

The first 6502 microprocessor was designed by Chuck Peddle and Bill Mensch in 1975 for MOS Technology, also known as CSG (Commodore Semiconductor Group), was a semiconductor design and fabrication company based in United States. 6502 is a low cost full-featured microprocessor. 6502 was originally second-sourced by Rockwell and Synertek and later licensed to a number of companies. It's one-sixth the price ($25) of the similar products from other well established competitors ($179, Intel 6800). Since the cost in building a computer has been lowed at that time, it eventually result in home computer revolution of the 1980s. Nowadays, 6502 is still made for embedded systems and video game console.

6502 bought the Home Computer Revolution

Due to their cost are low, the 6502 and Z80 bought us to the age of "Home Computer Revolution" in 1980s. 6502 home computers such as: Commodore RadioShack TRS-80, Commodore PET, Apple II, BBC Micro, Atari 800XL, etc were appeared in consumer market in 1980s. People started to have their own computers. (My father bought an Apple ][ computer in 1983 with HK$4500 (which is around US $600).)

At that time, most of the 6502 home computers come with a BASIC interrupter. And the software are mainly written in BASIC or assembly languages.

History of 6502 Technology

A 6502 processor is firstly packaged in a DIP-40 plastic package and was designed by the same development team that had designed the Motorola 6800. Thus, 6502 and 6800 process a lot of similarities, such as: single accumulator and small number of registers. In addition, the 6502 processor introduces the idea of "zero page" which improves the speed of communication. A 6502 can also be used to handle BCD calculation.

The first development board of 6502 processor launched to the market was MDT-650. Then KIM-1, Rockwell AIM65 and Synertek SYM-1 were also launched to the market. Those 6502 development boards were welcomed to both engineers and hobbyists, thus it leaded to widespread acceptance to the market.

One of the first publicly marketed computers using the 6502 technology was the Apple I computer in 1976. Later, there are Apple II and Commodore PET, Atari home computers, BBC Micro family, etc came to the market and bought the trend of 6502 computers.

6502 processor not only bought great influences to computers market, it developed the video game console, too. Most of the video game consoles uses refined version of 6502 processors. The first video game console which uses 6502 technology was the Atari 2600. Atari 2600 uses a simplified version of 6502, 6507 which can only address 8KB memory. (see more ...)

(Extracted from "Some discussion about the 6502 Technology", 6502 Assembly Blog)

2 comments

Update August 6, 2010, 6502 Assembly

Friday, August 6, 2010 1:37:08 PM

DEC, INY, DEX, INX ...

The instruction sets manual for the Arithmetic Operations have been updated. The updated pages involved:

1. Arithmetic Operations
2. ADC - ADC, Add with Carry
3. DEC - DEC, Decrement Memory
4. DEX - DEX, Decrement X
5. DEY - DEY, Decrement Y
6. INC - INC, Increment Memory
7. INX, INX - Increment register X
8. INY - INY, Increment Y
9. SBC - SBC, Subtract with Carry
10. 6502 Instruction Set
11. Op-codes Table
12. Opcode of LDA Instructions

Happy Programming

CloudgenUpdate August 6, 2010, 6502 Assembly
(Extracted from "Update August 6, 2010, 6502 Assembly" of "6502 Assembly Blog"

No comments

Update July 26, 6502 Assembly

Sunday, July 25, 2010 11:58:25 PM

ORA, Website Update, EOR, Logical Operation ...

The Logical Operations session of the 6502 Instruction set has been updated, the following pages have been involved:

AND, AND - Logical AND
EOR, EOR - Exclusive OR
ORA, ORA - ORA with Accumulator
Happy Programming ,

Cloudgen
(Extracted from "Update July 26, 6502 Assembly",6502 Assembly Blog)

No comments

How many domains google used for search engine?

Sunday, July 25, 2010 5:24:08 PM

google domain, google, seo knowledge

Why I know that? You guess...
The answer is 183

No comments

Update July 24, 6502 Assembly

Saturday, July 24, 2010 1:54:19 AM

Four instructions under the categories of Stacks Related Operations have been updated:

1. PHA --- PHA stands for PusH Accumulator
2. PHP --- PHP stands for PusH Processor status (SR)
3. PLA --- PLA stands for PulL Accumulator
4. PLP --- PLP stands for PulL Processor status (SR)

Happy Programming,

Cloudgen
(Extracted from "Update July 24, 6502 Assembly", 6502 Assembly Blog)

No comments

What will happen when your ip has been blocked by Google?

Friday, July 23, 2010 11:12:37 AM

sorry google, captcha, Google Search, Blocked IP ...

So actually what will happen when your ip has been blocked by Google. If you've just "searched too fast" or "infected with computer virus" or running "robots", the following will come up:

You will be redirected to a page, a saying that "We're sorry... ... but your computer or network may be sending automated quries. To protect our users, we can't process your request right now. The page is located in the sorry.google.com server, e.g., http://sorry.google.com/sorry/Captcha?continue=http%3A%2F%2Fwww.google.com&id=2517167959383899603&captcha=destorm. Inside the page, there is a captcha, (usually pure characters, however, in some google server, the captcha may be pure numeric). If you want to see random captcha, here is the link: http://sorry.google.com/sorry/image?id=3997555809511330333
Of course, you have to type the Captcha correctly and press the "I'm human!" button, before you can resume normal operation.
Then you there will be a redirect together with a posted "password" send to your original server.
However, if you try other google's servers, for example, http://www.google.ad ..., etc. You will be redirected to the sorry.google.com server again. If you clear your cookies and restart IE, you will be redirected to the sorry.google.com again.

What will happen if you ignore these and keep on searching by typing the query in the address bar?

Your IP will blocked for a longer time. If you clear cookies, you have to enter the captcha again. Once, I've seen the Google's Japan server keep asking me captcha regardless I've entered the captcha correctly.
So far, I haven't come across a case that google block the ip permanently. So, after certain time, your ip will be released again.

Happy Programming,
Cloudgen
(Extracted from "What will happen when your ip has been blocked by Google?", Cloudgen's Blog)

No comments

1 2 3 4 Next »