I haven't made a post in a long time. I guess its time for me to bounce back in the blogging arena. The latest gadget I have built is a device to hack Facebook users who connect to some random un secure internet. This device has some serious limitations but none the less cool and works on carefully social engineered situations. This type of attack is called "Pharming" . Its different from Phishing since the user is not tricked into clicking a bogus URL. The video below demonstrates the mock attack that we carried out at my home !
Pharming (pronounced “farming”) defined by Symantec Inc is “A form of online fraud, very similar to its cousin phishing. Pharmers rely upon the same bogus Web sites and theft of confidential information to perpetrate online scams, but are more difficult to detect in many ways because they are not reliant upon the victim accepting a “bait” message. Instead of relying completely on users clicking on an enticing link in fake email messages, pharming instead re-directs victims to the bogus Web site even if they type the right Web address of their bank or other online service into their Web browser.”
The hardware platform I used is from OpenPicus and I made use of their Flyport module with a USB nest.
Below are the links to presentation and source code. I will explain more in the next post.
Disclaimer: This post is to expose the serious vulnerability of the systems in place and for educational purpose only, I can't be held liable for any damage or losses caused to persons who are using this type of attack based on my design and idea.
Monday, January 30, 2012
Tuesday, April 13, 2010
Handling SecurityCertificateError exception in JAVA by adding security certificate using Keytools
To add the security certificate for https URL the following steps needs to be followed
- Take a backup of cacerts file in the following directory (This can be your default JRE directory also) C:\Program Files\IBM\SDP70\runtimes\base_v6\java\jre\lib\security\
- Save the security certificate in some location for ex c:\certificate.cer
- Go to Run type cmd
- Execute CD C:\Program Files\IBM\SDP70\runtimes\base_v6\java\jre\bin (This is the location of the JRE WebSphere uses, in other environments please navigate to the JRE BIN the application uses)
- Then execute the following command
keytool -keystore "C:\Program Files\IBM\SDP70\runtimes\base_v6\java\jre \lib\security\cacerts" -import -file c:\certificate.cer -alias https://your-url.net
- It will ask for a password , enter changeit
- The security certificate will be added for the JRE
Now you can access the URL or access the webservice in the URL.