Archive for the ‘Blog’ Category

Web Pishing dengan PayPal

Posted 17 Oct 2006 — by aryo
Category Blog

Menyusul diberlakukannya pembayaran lewat PayPal di Indonesia, pagi ini aku menemukan kegiatan Phising yang mengatasnamakan PayPal, masuk ke inbox emailku.

Berikut ini cuplikan emailnya:

Dear PayPal®member

You have recently updated your PayPal® account according to our standard security procedures.

Unfortunately the update procedure failed because some of the information you provided was incorrect.

Please take 5-10 minutes out of your online experience and update your personal records.However, failure to update your records will result in account suspension.

To update your PayPal® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run

Thank You.
PayPal® Service Department

Accounts Management As outlined in our User Agreement, PayPal® will periodically send you information about site changes and enhancements.

Sangat meyakinkan sebenarnya, dan tidak terpikir bahwa email itu adalah palsu. Namun kemudian ada beberapa kejanggalan:

  1. Aku belum pernah mempunyai account di PayPal. Jadi email itu buat apa?
  2. Alamat email pengirimnya adalah accounts@paypali.com, kok bukan dari domain PayPal.com?
  3. Link yang diberikan di email itu teksnya memang merujuk ke http://www.paypal.com/cgi-bin/webscr?cmd=_login-run, tapi URL yang terkandung di dalamnya adalah http://ogk-duffel.be/img/.www.paypal.com/webscr=auth/index.html, sehingga kalau diklik, larinya bukan ke paypal.com.
  4. Aku sengaja masuk ke link tersebut, dan tampilan yang muncul adalah sama persis dengan tampilan dari paypal.com, hanya proses di dalamnya yang berbeda. Pada form tempat pengisian email dan password, mempunya action yang berbeda dengan situs aslinya.
    Jika PayPal asli, jika disubmit akan menuju ke:

    https://www.paypal.com/cgi-bin/webscr?cmd=_login-submit

    Sedangkan yang palsu menuju ke:

    http://ogk-duffel.be/img/.www.paypal.com/webscr=auth/processing.php

    yang kemudian akan diredirect ke:

    http://ogk-duffel.be/img/.www.paypal.com/webscr=auth/pp.htm

    Di halaman terakhir inilah mereka meminta user untuk mengisikan informasi yang sensitif.

  5. Pada browser Firefox, muncul peringatan tentang kemungkinan adanya penipuan:PayPal Palsu

Dilihat dari kemungkinannya, ini adalah kejahatan dengan uang yang besar, karena jumlah pengguna internet yang awam akan selalu bertambah banyak.
Sebagai informasi, di Indonesia dulu juga ada kejadian semacam ini, yang sempat menghebohkan dunia internet Indonesia. Saat itu situs klikBCA ditiru tampilannya, dan data user yang login disadap lalu disimpan di situs palsu tersebut.
Selengkapnya di arsip master.web.id.

Seperti yang Steven Haryanto katakan, tidak perlu kemampuan teknologi yang canggih untuk membobol sistem keamanan yang menerapkan teknologi canggih. Hacker berpikir cerdik, jadi demikianlah seharusnya para programmer dan administrator berpikir.

Ganti Bahasa

Posted 17 Oct 2006 — by aryo
Category Blog

Uh, sudah terlalu banyak yang protes aku ngeblog pakai bahasa Inggris. Mungkin eneg melihat bahasa Inggrisku :)

Untuk selanjutnya, aku mengubah bahasa postinganku menjadi bahasa Indonesia. Namun sebagai bahan latihan berbahasa Inggris, tidak menutup kemungkinan untuk posting lagi menggunakan bahasa Inggris.

Salam.

Mail Yahoo Interface

Posted 12 Oct 2006 — by aryo
Category Blog

Ah, I think this is a old news, since I have heard it a long time before. But because I never open my mail on Yahoo!, so I never experience it myself.

Today, I try to open my email on Yahoo! Mail, and when I do the login process, there are some new interfaces I never see before.

All components are AJAX enabled, very exciting, as good as GMail interface.

But there are some negative point I have found:

  • Very Heavy to Load
    I just try it on Firefox and Internet Explorer, and it is very heavy to be loaded on both of those browser. The documentation said that the internet connection used must have enough speed. I am sure with my net speed, so I think the problem is on my notebook, that is not strong enough to load the display. So, new interface need a computer with a high quality now?
  • Very Heavy Advertise
    The heavy I mean here is not same with my statement above. I just wondering, why whenever I scroll down/up the mail list, the advertise banner is changed?
    I do not select the email yet, just clicking the scrollbar. And on each click, the banner content is refreshed. This is slowing down the email selection process.

Whatever, I am very impressed with the Yahoo! innovation, it is more like a desktop application now.

Here is the screenshoot:
Yahoo! Mail

You may take a look on Yahoo! Mail Beta Overview.

Another Hacking Tools

Posted 09 Oct 2006 — by aryo
Category Blog

This is posted on Milis Kampung Gajah a few days ago, about Google Code that has been used as a hacking tool.

You may try it by yourself:

  1. point your browser into: http://google.com/codesearch
  2. enter this query: lang:php file:wp-config user -sample
  3. submit it
  4. see what is returned by the search engine

This phenomenon also happened several years ago, similiar like this, when Google was used as a ‘victim finder’. The hacker only needs to search the terms like “under construction”, “login.asp” or something like that :)

Ok, with or without this ‘feature’, hacker still have the chance to find out a security hole, but with this tool, it will add the list of hacking tools.
The hacker will always search for security hole. Sounds like a nightmare for some system administrators. But with this situation, there will be always a security update, some code fixes, etc.

Bravo Hacker!

Windows Live Messenger Bug

Posted 09 Oct 2006 — by aryo
Category Blog

Not a big deal, I think. It is only one small mistake, just like what I have done (sometimes).

Today I just install Windows Live Messenger on my laptop, and here is what I got:

Windows Live Messenger
There is no problem with that, but, does anyone who create this installer not seeing this button titles? it is look so odd.
Or, is the problem actually on mine?

Page 5 of 6« First...23456