Bojan Popović

Posts Tagged ‘lažni’

Kako sam naseo na stari trik ili lažna Fejsbuk strana

Posted on 29. 11. 2009., 16:31, by Bojan Popović, under Aktuelnosti.

Dobijem email danas u kome piše kako me je neki Stane Jeršić dodao kao prijatelja na Facebooku. Pomislih da je u pitanju jedan poznanik i spustim gard. Inače poruka izgleda ovako:

Screenshot-Inbox (4112 total) - Evolution

Kod mene je isključeno prikazivanje slika pa mi nisu bili mnogo čudni oni okviri oko slika. očigledno lažnu email adresu nisam primetio sve dok nakon svega nisam shvatio šta se zapravo desilo.

A šta se desilo? Kliknem na link i otvori mi se na prvi pogled stranica Fejsbuka:

Lažna Facebook login strana

Šta je ovde čudno? Adresa. Adresa je http://www.blokneronline.net/facebook/loginface/

Čudna stvar je da je blokneronline.net sajt poznatog domaćeg muzičkog novinara Branimira Loknera:
http://whois.domaintools.com/blokneronline.net
Sajt je radio Urban Design Team – http://www.urban-design.org.uk/.

E sad, mnogo je veća verovatnoća da je neko upao na server i postavio lažni formular za login nego da je bilo ko od gore pomenutih imao bilo kakve veze sa ovim. Poslao sam Lokneru email pa ćemo videti kada će lažni login biti skinut sa interneta. Sve u svemu loša reklama za Verat (hosting kompanija koju koristi blokner.net).

Cracker je koristio uredno registrovani Gmail nalog ako je sudeći po zaglavlju poruke:

 eMail (mbox) |   copy code | ?  
01 Delivered-To: iluzionista@gmail.com
02 Received: by 10.216.3.205 with SMTP id 55cs366763weh; Sun, 29 Nov 2009
03  05:52:50 -0800 (PST)
04 Return-Path: <facebook.facebook01@gmail.com>
05 Received-SPF: pass (google.com: domain of facebook.facebook01@gmail.com
06  designates 10.223.14.145 as permitted sender) client-ip=10.223.14.145;
07 Authentication-Results: mr.google.com; spf=pass (google.com: domain of
08  facebook.facebook01@gmail.com designates 10.223.14.145 as permitted sender)
09  smtp.mail=facebook.facebook01@gmail.com; dkim=pass
10  header.i=facebook.facebook01@gmail.com
11 Received: from mr.google.com ([10.223.14.145]) by 10.223.14.145 with SMTP
12  id g17mr606345faa.51.1259502769894 (num_hops = 1); Sun, 29 Nov 2009
13  05:52:49 -0800 (PST)
14 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
15  h=domainkey-signature:mime-version:received:in-reply-to:references
16  :date:message-id:subject:from:content-type;
17  bh=D3i2ItN2bP1hAFNfSbLW7HvvpQr89vXTJ+ISrGkxhMU=;
18  b=syJlqtLukB+g3CNT5VrhViPNVsqtfJvGa18ZFO18xzzZP1PW3EMKITGImUpbPxHgNS
19  lDS0twjLRY0W7bPajDIED3S8elYp+3FaL5RZ4LdoaLFMoztHl3SFXPoXpiJqUGL6gmlY
20  H4uo8DjXq9y8wo1sA3VxT2GzX60XPYzVvrcps=
21 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
22  h=mime-version:in-reply-to:references:date:message-id:subject:from
23  :content-type;
24  b=R0XPEWixhSMRHT1H9CD2jZGuMAp5WpGxL7e1wjUVhPsXiC2+hES/nzxDnYC5WAJQt9
25  9ytlmxA++XsqWpZXtwKanXgVsAiI9SB93BQkpXZt9WT9rhURJoyVMIngv4GDQMqtLuw3
26  d3fOZcBc0IOyP5bOYs8M3l+j5E7poiF2RS/2c=
27 MIME-Version: 1.0
28 Received: by 10.223.14.145 with SMTP id g17mt606345faa.51.1259502755162;
29  Sun, 29 Nov 2009 05:52:35 -0800 (PST)
30 In-Reply-To: <cbdaa2a00911290551w63e1e0b1m4d0cbd25f165055b@mail.gmail.com>
31 References: <cbdaa2a00911290551w63e1e0b1m4d0cbd25f165055b@mail.gmail.com>
32 Date: Sun, 29 Nov 2009 14:52:35 +0100
33 Message-ID: <cbdaa2a00911290552v3af70438uee544cf40a36f736@mail.gmail.com>
34 Subject:
35  =?UTF-8?Q?Stane_Jer=C5=A1i=C4=8D_added_you_as_a_friend_on_Facebook=2E=2E=2E?=
36 From: Facebook <facebook.facebook01@gmail.com>
37 Content-Type: multipart/alternative; boundary=00151747360a315f28047982d7e4
38 X-Evolution-Source: imap://iluzionista@imap.gmail.com/

Pouka: pazite da vam se ne desi isto. Dobro proverite domen stranice pre nego što unesete lozinku na nečemu što liči na Fejs. S obzirom da sam odmah shvatio u čemu je reč stigao sam da promenim lozinke pre nego što je cracker uspeo da ih zloupotrebi. U narednim minutima ću videti da li je nekako moguće prijaviti korisnika Googlu i ukinuti nalog.

Uzgred, meni je čudno kako sam uopšte naseo. Obično sam vrlo oprezan i do sada mi se nikad nije desilo nešto slično. Ali eto. Svakom se desi da ponekad pogreši. Ostaje gorak ukus u ustima za nauk. A vi? Učite na tuđim greškama pre nego što bude prekasno. Ali čak ni to nije garancija da vas neko i negde neće prevariti.

Oznake:bane, branimir, facebook, fake, fejsbuk, lažni, lažno, login, lokner, prevara, scam
Nema komentara | Read the rest of this entry »

Posts Tagged ‘lažni’

Kako sam naseo na stari trik ili lažna Fejsbuk strana

Strane

Skorašnji članci

bpopovic na Twitteru

MyCity Linux

Kalendar

NetworkedBlogs

01	Delivered-To: iluzionista@gmail.com
02	Received: by 10.216.3.205 with SMTP id 55cs366763weh; Sun, 29 Nov 2009
03	05:52:50 -0800 (PST)
04	Return-Path: <facebook.facebook01@gmail.com>
05	Received-SPF: pass (google.com: domain of facebook.facebook01@gmail.com
06	designates 10.223.14.145 as permitted sender) client-ip=10.223.14.145;
07	Authentication-Results: mr.google.com; spf=pass (google.com: domain of
08	facebook.facebook01@gmail.com designates 10.223.14.145 as permitted sender)
09	smtp.mail=facebook.facebook01@gmail.com; dkim=pass
10	header.i=facebook.facebook01@gmail.com
11	Received: from mr.google.com ([10.223.14.145]) by 10.223.14.145 with SMTP
12	id g17mr606345faa.51.1259502769894 (num_hops = 1); Sun, 29 Nov 2009
13	05:52:49 -0800 (PST)
14	DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
15	h=domainkey-signature:mime-version:received:in-reply-to:references
16	:date:message-id:subject:from:content-type;
17	bh=D3i2ItN2bP1hAFNfSbLW7HvvpQr89vXTJ+ISrGkxhMU=;
18	b=syJlqtLukB+g3CNT5VrhViPNVsqtfJvGa18ZFO18xzzZP1PW3EMKITGImUpbPxHgNS
19	lDS0twjLRY0W7bPajDIED3S8elYp+3FaL5RZ4LdoaLFMoztHl3SFXPoXpiJqUGL6gmlY
20	H4uo8DjXq9y8wo1sA3VxT2GzX60XPYzVvrcps=
21	DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
22	h=mime-version:in-reply-to:references:date:message-id:subject:from
23	:content-type;
24	b=R0XPEWixhSMRHT1H9CD2jZGuMAp5WpGxL7e1wjUVhPsXiC2+hES/nzxDnYC5WAJQt9
25	9ytlmxA++XsqWpZXtwKanXgVsAiI9SB93BQkpXZt9WT9rhURJoyVMIngv4GDQMqtLuw3
26	d3fOZcBc0IOyP5bOYs8M3l+j5E7poiF2RS/2c=
27	MIME-Version: 1.0
28	Received: by 10.223.14.145 with SMTP id g17mt606345faa.51.1259502755162;
29	Sun, 29 Nov 2009 05:52:35 -0800 (PST)
30	In-Reply-To: <cbdaa2a00911290551w63e1e0b1m4d0cbd25f165055b@mail.gmail.com>
31	References: <cbdaa2a00911290551w63e1e0b1m4d0cbd25f165055b@mail.gmail.com>
32	Date: Sun, 29 Nov 2009 14:52:35 +0100
33	Message-ID: <cbdaa2a00911290552v3af70438uee544cf40a36f736@mail.gmail.com>
34	Subject:
35	=?UTF-8?Q?Stane_Jer=C5=A1i=C4=8D_added_you_as_a_friend_on_Facebook=2E=2E=2E?=
36	From: Facebook <facebook.facebook01@gmail.com>
37	Content-Type: multipart/alternative; boundary=00151747360a315f28047982d7e4
38	X-Evolution-Source: imap://iluzionista@imap.gmail.com/

mart 2010
P	U	S	Č	P	S	N
« dec
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31