Tag Archives: phishing

General

Two things happened today that inspired me to write this post tonight.

  1. A brief back-and-forth on Twitter with @kaigani where I outlandishly claimed that Facebook Connect is a phishing scam waiting to happen
  2. The warning of another Twitter scam that typically exploits the layman‘s inability to spot a fake URL.

Facebook and Twitter both offer authentication services arguably known as “single sign-on”. Facebook Connect is a proprietary system, and Twitter offers a system based on the OAuth standard. These services do something quite marvellous – They allow you to authenticate with a another website without the third party ever seeing your password. What’s makes it even more handy is that you’re probably already signed in to these popular services, so you may not need to enter your password at all. The problem is when you do.

Continue reading…

General

I just became aware of an apparently legitimate US-based company who I shall not provide a link to;
[whois guard] [dot] [com] – operated by [name cheap] [dot] [com].

Their opening gambit “We hate spam like you do” is somewhat ironic when you consider that their services are of enormous help to cyber criminals such as phishing gangs. These ‘people’ need to operate domain names, but they must remain untraceable. Protecting their whois data is an obvious step towards concealing their identity. I am not suggesting that companies offering such services are corrupt, rather that it highlights the dichotomy of the internet privacy problem. Continue reading…