learn unix and linux commands

Phishing attack disguised as message from FDIC

Tags

attack, message

01-20-2009

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Phishing attack disguised as message from FDIC

See today's DHS DailyOpen Source Infrastructure Report (DOSIR) for information regarding a phishing attack disguised as a message from the FDIC. It is impacting the Fedwire. Will it impact your business?

The report isavailable at http://www.dhs.gov/xlibrary/assets/DHS_Daily_Report_2009-01-20.pdffor the next two weeks. Later, it can befound at http://www.hspig.org/phpbb/viewforum.php?f=20.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ...

2. Programming

How to limit max no of message in a posix message queue

Hii can anyone pls tell how to limit the max no of message in a posix message queue. I have made changes in proc/sys/fs/mqueue/msg_max But still whenever i try to read the value of max. message in the queue using attr.mq_curmsgs (where struct mq_attr attr) its giving the default value as 10....

3. Windows & DOS: Issues & Discussions

Stanford security experts unveil defenses against �phishing� attacks

It's an online con that is growing fast and stealing tens of millions of dollars. An e-mail seemingly from a financial institution instructs you to log on to a legitimate-looking Web site. Such �phishing� attacks exploit a universal weakness in online security: passwords. To read the rest of...

LEARN ABOUT PHP

hash_equals

HASH_EQUALS(3)								 1							    HASH_EQUALS(3)

hash_equals - Timing attack safe string comparison

SYNOPSIS

       bool hash_equals (string  $known_string, string	$user_string)

DESCRIPTION

	Compares two strings using the same time whether they're equal or not.

	This function should be used to mitigate timing attacks; for instance, when testing crypt(3) password hashes.

PARAMETERS

	      o $known_string
		- The string of known length to compare against

	      o $user_string
		- The user-supplied string

RETURN VALUES

	Returns TRUE when the two strings are equal, FALSE otherwise.

ERRORS
/EXCEPTIONS
	Emits an E_WARNING message when either of the supplied parameters is not a string.

EXAMPLES

       Example #1

	       example

	      <?php
	      $expected  = crypt('12345', '$2a$07$usesomesillystringforsalt$');
	      $correct	 = crypt('12345', '$2a$07$usesomesillystringforsalt$');
	      $incorrect = crypt('apple',  '$2a$07$usesomesillystringforsalt$');

	      var_dump(hash_equals($expected, $correct));
	      var_dump(hash_equals($expected, $incorrect));
	      ?>

	      The above example will output:

	      bool(true)
	      bool(false)

NOTES

       Note

	       Both  arguments	must  be of the same length to be compared successfully. When arguments of differing length are supplied, FALSE is
	      returned immediately and the length of the known string may be leaked in case of a timing attack.

       Note

	       It is important to provide the user-supplied string as the second parameter, rather than the first.

PHP Documentation Group 													    HASH_EQUALS(3)