Archive for June, 2009

Phishing Email Targeted Maybank2u Customers Again

Date Monday, 29 June 2009  Posted in Category Computer Resources  Tags , ,   Comment 1 Comment »

I received phishing email for Maybank2u customers again, the email message would not be able to cheat me but don’t know whether would it be able to cheat other or not, here is the phishing email message:

quote

Dear Valued Customer,

We discovered a serious security problem in your account as several unauthorized transactions were attempted from an unknown location. We have deactivated and also restricted access to your account for security reasons. Your immediate attention is required to reactivate your account. Please be informed that your account will be terminated if not activated now.

Activate
http://www.maybank2u.com.my

Thank you,
Maybank Group

unquote

You may notice the http://www.maybank2u.com.my above does not link to Maybank2u Official Website but a fraudster/phishing site.

Faster Actions Needed Against Phishing Domains (from Netcraft)

Criminals often register their own domain name to perform phishing attacks. Unlike the other common phishing site scenarios (including hacked servers, open redirects, and abuse of free webhosting), phishing sites that have their own domain name can be harder to remove, because the website owner and domain owner is the fraudster. Only the hosting and DNS providers and the domain registrar are able to take the site down and also likely to cooperate.

The operation of top-level domains is generally split between a registry, which operates the infrastructure that answers DNS queries, and registrars, which sell domain names and provide the process for owners to maintain their records. Registries generally are not directly involved in removing phishing domains, and refer those to the registrar through which the domain was registered.

However, it is relatively easy to become a registrar, so large numbers of hosting companies, web design firms and domain name resellers are able to handle registrations. Registrars may not all respond quickly to abuse complaints. And in unusual cases registrars themselves may be involved in illegal activity.

There is a particular problem with so-called fast flux phishing attacks. Here the attacker uses a large pool of compromised hosts — often personal computers on DSL connections — and from these randomly chooses a number to act as web servers to host the phish (and also some to act as DNS servers for the phishing domain). The set of hosts used to support the phishing site is changed regularly, so efforts to contact the owner of one hacked system would at best cause the phishing site to be temporarily unavailable. ICANN (which hands out the contracts to operate generic top level domains including .com) published a report earlier this year looking at whether it should intervene to encourage adoption of more effective policies by registrars to prevent the abuse of fast-flux setups; but it seems reluctant to compel registrars to stop a practice that may also have some legitimate uses.

The one common point for any phishing attack is the URL sent to victims. In the case of fast-flux attacks, the owner of the domain will not cooperate and there are too many hacked systems hosting the phish for contacting the hosting provider to be effective. The only place where the attack can be quickly stopped is for the registrar or registry to suspend its domain name.

The policies of the DNS registry for the top-level-domain containing the site are therefore important. The most practical indication of the relative success of these policies is to look and see which top-level-domains (TLDs) are most often used for whole-domain phishing attacks:

tld-domain-phish

The high placement of .tk is unsurprising, given that it is possible to register .tk domains for free that redirect to any URL, completely anonymously. .com is the most common TLD for phishing domains, perhaps due to the ease of registering .com domains, and because the large number of registrars for .com domains gives an opportunity for fraudsters to look for registrars with weak checks or that respond slowly to abuse reports.

Finding an efficient escalation process in the case where the registrar is slow to cooperate will be the key to reducing the number of domains registered for phishing. The system that was designed to deal with domain disputes around ownership and trademarks is now looking too cumbersome when dealing with the problem of phishing attacks, where fast responses are essential to minimising fraud.

You can download the free Netcraft Toolbar to protect your savings from Phishing attacks.

Free and Useful Web Applications – Web Wikis

Date Saturday, 27 June 2009  Posted in Category Web Applications  Tags , , ,   Comment No Comments »

Main Post: Free and Useful Web Applications

Web Wikis:

mediawiki
MediaWiki
MediaWiki is a free software wiki package originally written for Wikipedia. It is now used by several other projects of the non-profit Wikimedia Foundation and by many other wikis.
Free: Yes
Platform: Linux
Review Rating: 4 stars
Homepage: http://www.mediawiki.org/

pmwiki
PmWiki
PmWiki is a system for collaborative creation and maintenance of websites. Pages created with pmWiki look and act like normal web pages, except they have a link that makes it easy to modify existing pages and add new pages into the website.
Free: Yes
Platform: Linux
Review Rating: 3 stars
Homepage: http://www.pmwiki.org/

twiki
TWiki
TWiki is a flexible, powerful, and easy to use enterprise wiki, enterprise collaboration platform and knowledge management system. It is a Structured Wiki, typically used to run a project development space, a document management system, a knowledge base, or any other groupware tool, on an intranet or on the internet. Web content can be created collaboratively by using just a browser. Users without programming skills can create web applications. Developers can extend the functionality of TWiki with Plugins.
Free: Yes
Platform: Linux
Review Rating: 3 stars
Homepage: http://www.twiki.org/

Free and Useful Web Applications – Website Add-Ons

Date Saturday, 27 June 2009  Posted in Category Web Applications  Tags , , , , , , , ,   Comment No Comments »

Main Post: Free and Useful Web Applications

Website Add-Ons:

Advanced Guestbook
Advanced Guestbook is a PHP script that you can use to add a guest book to your Web site.
Free: Yes
Platform: Windows/Linux
Review Rating: 3 stars
Homepage: http://proxy2.de/scripts.php

kampyle-feedback
Kampyle Feedback
Use Kampyle to: Collect, analyze and manage your website visitor’s feedback. The Kampyle on-demand (SaaS) application combines: Fully customizable feedback forms, Powerful reporting and analysis tools, Easy-to-use feedback management application. Discover how Kampyle lets you leverage valuable customer feedback to improve your website and increase customer satisfaction.
Free: Yes
Review Rating: 5 stars
Homepage: http://www.kampyle.com/

network-for-good
Network for Good
Network for is a nonprofit organization that helps other nonprofits raise money and reach supporters online. Founded in 2001 by AOL, Cisco and Yahoo!, Network for Good has processed over $250 million in donations for more than 45,000 nonprofits.
Free: Yes
Review Rating: No Rating
Homepage: http://www.networkforgood.org/

PHCDownload
A file content management and manipulation system unlike any other available on the market today, with unique innovations, tools, and design, customizing and producing your database is made easy.
Free: Yes
Platform: Linux
Review Rating: 3 stars
Homepage: http://www.phpcredo.com/Software/PHCDownload/

phpmyfaq
phpMyFAQ
phpMyFaq is a multilingual, database-driven FAQ management system that you can use to create and manage a FAQ on your Web site.
Free: Yes
Platform: Linux
Review Rating: 4 stars
Homepage: http://www.phpmyfaq.de/

phpmyvisites
phpmyvisites
phpMyVisites is a free and powerful open source (GNU/GPL) software for websites statistics and audience measurements. phpMyVisites gives a lot of information on websites visitors, visited pages, software/hardware utilization, etc… The GUI Interface is fun and practical. Statistics are very complete and use many clear graphics to present data. The web analytics software is translated in more than 30 languages!
Free: Yes
Platform: Linux
Review Rating: 3 stars
Homepage: http://www.phpmyvisites.us/

webcalendar
WebCalendar
WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors.
Free: Yes
Platform: Linux
Review Rating: 4 stars
Homepage: http://www.k5n.us/webcalendar.php

WWW Paint Board
WWW Paint Board (Wpb) is a tool where users can draw dynamically on the web with VML (Vector Markup Language) technology.
Free: Yes
Platform: Linux
Review Rating: 2 stars
Homepage: http://obiewebsite.sourceforge.net/obie.php?WWW_Pa