Lesson on MISP - Computer Security
Cyber crime is a big issue of company's risk management. To avoid the risk company should think ahead instead of react after disaster happening. Most of the time we know how to fix the problem when the company's server being hacked. However, the key issue is to gather evidence to find out the source of the problem. This is what I learnt from today's MISP (manage information system & project) tutorial.
At the same time, we were recommended to read the book High-tech crime revealed that it will be available in the library soon.
P.S. Today Bruce Schneier wrote a blog entry about 'Unicode URL Hack'. The principle of hacking is very simple. Anyone can use the Unicode character to substitute the letter of normal URL that can direct people to a fake website. At the same time, the URL from the address bar and status link shows normal. People might not know that is a fake one and type their credit card number and password as usual. He cites www.paypal.com as an example:
At the same time, we were recommended to read the book High-tech crime revealed that it will be available in the library soon.
P.S. Today Bruce Schneier wrote a blog entry about 'Unicode URL Hack'. The principle of hacking is very simple. Anyone can use the Unicode character to substitute the letter of normal URL that can direct people to a fake website. At the same time, the URL from the address bar and status link shows normal. People might not know that is a fake one and type their credit card number and password as usual. He cites www.paypal.com as an example:
I tried it by using Firefox and the problem really exists. Secunia gives a solution for the risk:Here's a demo: it's a Web page that appears to be www.paypal.com but is not PayPal. Everything from the address bar to the hover-over status on the link says www.paypal.com.
It works by substituting a Unicode character for the second "a" in PayPal. That Unicode character happens to look like an English "a," but it's not an "a." The attack works even under SSL.
Here's the source code of the link: http://www.pаypal.com/
[last modified: 2005-2-16 21:11]
- Don't follow links from untrusted sources.
- Manually type the URL in the address bar.
posted by Jim Qiu at
12:14 PM
8 Comments:
The site's already taken off :) But yeah, I think it's the same problem I posted on my site too! Have to be more careful from now on :)
By
jiajia, at 1:55 AM
Hello there, I'm out surfing for a goodblog on adware download removal spyware and found your great site. Although##TITLE## wasn't exactly what I'm looking for itcertainly got my attention and interest. I see now whyI found your excellent blog-site when I was searchingfor adware download removal spyware related web sites and I'm glad Ifound your site even though its not an exact match. Excellent Post, thank you for the read. Please checkout my site - adware download removal spyware.
By
Anonymous, at 5:02 AM
Hello there, I'm out surfing for a goodblog on adawre scan and found your great site. Although##TITLE## wasn't exactly what I'm looking for itcertainly got my attention and interest. I see now whyI found your excellent blog-site when I was searchingfor adawre scan related web sites and I'm glad Ifound your site even though its not an exact match. Excellent Post, thank you for the read. Please checkout my site - adawre scan.
By
Anonymous, at 11:37 PM
Hi, today I'm surfing for a good blogexperience on adawre killer and I found your great site. Well ##TITLE## wasn't exactly what I was looking forit did receive my attention and interest. I see nowwhy I found your resourceful web-site when I wassearching for adawre killer related information and I amglad I found your site even though its not an exactfind.
By
Anonymous, at 5:07 AM
Hey, nice blog site, fell free to check outmy site maybe we can exchange links: daware away.Great Informative Post, thanks for the.daware away
By
Anonymous, at 8:52 PM
Hey there, I was looking for info. Blog onadware frees pyware trial and I found your blog-site. ##TITLE## isn'texactly what I was searching for but it did get my andinterest. Now I know why I found your excellentblog-site when I was looking for adware frees pyware trial relatedinformation and I'm glad I did even though its notan exact find. Great Informative Post, thanks for the.
By
Anonymous, at 7:55 AM
Hi, today I was looking for a nice blogexperience on adware download fere removal spyware and I found your website.##TITLE## wasn't exactly what I was looking for butit did get my attention and interest. I see why Iarrived on your excellent website when I was searchingfor adware download fere removal spyware related information and I'm glad Idid even though its not an exact fit.
By
Anonymous, at 6:37 PM
Hey, nice blog site, fell free to check outmy site maybe we can exchange links: adware killer.Great Informative Post, thanks for the.adware killer
By
Anonymous, at 7:40 AM
Post a Comment
<< Home