3 Matching Annotations
  1. Apr 2019
    1. Per a Wednesday report in Business Insider, Facebook has now said that it automatically extracted contact lists from around 1.5 million email accounts it was given access to via this method without ever actually asking for their permission. Again, this is exactly the type of thing one would expect to see in a phishing attack.

      Facebook are worse than Nixon, when he said "I'm not a crook".

    1. Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. “To continue using Facebook, you’ll need to confirm your email,” the message demands. “Since you signed up with [email address], you can do that automatically …”A form below the message asked for the users’ “email password.”

      So, Facebook tries to get users to give them their private and non-Facebook e-mail-account password.

      This practice is called spear phishing.

  2. Apr 2017
    1. Phishing attack that uses Unicode characters to fake a domain name.

      The xn-- prefix is what is known as an ‘ASCII compatible encoding’ prefix. It lets the browser know that the domain uses ‘punycode’ encoding to represent Unicode characters. In non-techie speak, this means that if you have a domain name with Chinese or other international characters, you can register a domain name with normal A-Z characters that can allow a browser to represent that domain as international characters in the location bar.

      What we have done above is used ‘e’ ‘p’ ‘i’ and ‘c’ unicode characters that look identical to the real characters but are different unicode characters. In the current version of Chrome, as long as all characters are unicode, it will show the domain in its internationalized form.