PHP Profile Registration Script

Posted July 12, 2010 at 2:46 pm in Programming

PHP Profile Registration ScriptI tried my hand at coding a PHP registration script that a user would be able to use to register a profile for a site. My goal was to write a script that enforced a strict registration policy, focusing on enforcing a secure password and reducing the possibility of a fake email address.                 

The policy I created focused on:

  • A unique user name
  • A secure password using a minium of 8 characters in a combination of upper case, lower case, numbers (0-9), and special characters (! @ # $ % &)
  • Your first and last name
  • An e-mail address
  • Your gender

Read More | Comment

Trying my hand at tabnabbing

Posted June 19, 2010 at 10:59 pm in Phishing, Privacy

I recently learned about tabnabbing/tabgrabbing and decided to give it a try for myself. If you are unaware of what tabnabbing/tabgrabbing is then I suggest you point your browser to http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/ for more detailed information regarding the attack.

The idea behind this attack is to deceive the user into believing they have left open a browser tab that has expired credentials in the hope that they’ll attempt to reauthenticate themselves so we’re able to steal their credentials. It’s important to note that the user must not have an expired session or have logged out from the site we are attempting to steal credentials from. The gist of this attack is that the user submits their credentials, we steal them, and then redirect them to the site they were attempting to access in the first place. In order to do this we’ll need someplace to store these valuable credentials so the first thing I did was setup a MySQL database to house them.

Read More | Comment

Only $260 for $2.3M?!? Hook, line & sinker

Posted June 19, 2010 at 12:08 am in General

The following e-mail was sitting in my Spam folder and I thought it seemed like a good read. After all, it is from the Director of the FBI, Mr. Robert S. Mueller III. A quick summary of my favorite parts include:

  • “As a result of this we hereby advise you to stop communication with any one not referred to you by us”
  • “We guarantee 100% receipt of your payment, because we have perfected everything in regards to the release of your Two million and three hundred thousand us dollars to be 100% risk free and free from any hitches as its our duty to protect citizens of the United States of America”
  • The portion where I am provided with two FedEx tracking numbers to help “prove” that people are receiving their money (both “packages” were received Nov 11, 2009 — one in Stillwater, OK and the other in Baltimore, MD).
  • “Help stop cyber crime.”

Now that’s what I like to call going above and beyond the call of duty. Without further ado, the e-mail:

Read More | Comment

Page 1 of 1512345...LAST