Announcement

Collapse
No announcement yet.

Forum phishing

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Forum phishing

    I recently found an old document containing my username and password for the Fedora Linux forums so I tried to see if the account was still active and I used it to log in, which I was able to. Anyway, whilst logged in I noticed a news item on their forums about a potential phishing attack of their forums.

    Here's the details...
    Nov 11, 2013 - 7:16 PM - by bob
    Forum attack alert! We've just removed a new member posting a seemingly valid message with a link to illustrate his "problem". When members would click the link, they'd find a page that was an exact replica of the FedoraForum login page and think they'd somehow logged out. If you logged in to the phony page, the identity thief would have been given access to your username and password and been able to post garbage in your name.

    Hopefully, this is the only such attack we'll have, however if you ever find yourself unexpectedly "logged out", look carefully at the full address bar to confirm that you're really at fedoraforum.org . In this case the attacker used our forums.fedoraforum.org but also his attack site: museumsalama.com..
    It got me thinking, why would someone even attempt to steal someone's login and password for a web based forum? What possible data or financial reward could they get? Surely no one stores their personal information / bank details under their account in these web forums?

    Are some people so sad that they like to do things like this?
    Tags: None
    • Top
    • Bottom
    #2
    Originally posted by NickStone View Post
    ... why would someone even attempt to steal someone's login and password for a web based forum? What possible data or financial reward could they get?
    I can think of 3 reasons straight off:
    1. to spam the forum
    2. many people reuse passwords, knowing forum passwords might give access to other sites, or help populate dictionaries or "rainbow tables" for cracking passwords that matter
    3. being able to pose as a user of long and good standing eases social engineering attacks to gain administrator access to the forum

    3. above might seem far-fetched, but it was a similar attack that took down the Ubuntu forums.

    Regards, John Little
    Regards, John Little
    • Top
    • Bottom

    Comment

      #3
      Originally posted by NickStone View Post
      I recently found an old document containing my username and password for the Fedora Linux forums so I tried to see if the account was still active and I used it to log in, which I was able to. Anyway, whilst logged in I noticed a news item on their forums about a potential phishing attack of their forums.

      Here's the details...


      It got me thinking, why would someone even attempt to steal someone's login and password for a web based forum? What possible data or financial reward could they get? Surely no one stores their personal information / bank details under their account in these web forums?

      Are some people so sad that they like to do things like this?
      Its probably a very good way to get access to other, more personal things. Once they have the Fedora Forums info, they can look at the user's settings to find their email account, and possibly their full name, location, im account ifo etc. Using this info, they can check for common passwords and potentially gain access to email accounts. Once they have that, they can do all sorts of things: find banking details, credit card numbers, social security numbers, actual physical addresses etc.
      • Top
      • Bottom

      Comment

        #4
        Originally posted by NickStone View Post
        ...Are some people so sad that they like to do things like this?
        Unfortunately the answer is yes.

        I'll think about this every time I click a link on a forum. I won't be so fast to conclude I timed out from lingering on a page too long after clicking a link.

        It would be sad and frustrating to be forced to start over with a new username after years of reading, learning, and posting.

        Thanks for posting this.
        sigpic
        • Top
        • Bottom

        Comment

          #5
          Originally posted by jlittle View Post
          many people reuse passwords, knowing forum passwords might give access to other sites, or help populate dictionaries or "rainbow tables" for cracking passwords that matter
          Mostly for this reason.

          Originally posted by NickStone View Post
          Are some people so sad that they like to do things like this?
          Absolutely! Impersonation attacks are not new, humans have been doing it for thousands of years. Yet for some reason, the notion of "computer crime" still seems foreign to a lot of people. What especially bugs me (as a security professional) is that my industry feels the need to rename ancient attacks when carried out by computer. "Impersonation attack" becomes "identity theft." That's just scareifying language. If I steal something of yours, like your wallet, you lose possession of it. "Identity theft" isn't theft at all: you are still you, even though I might be impersonating you (and doing great damage to your reputation). We should be calling this stuff what it is.

          </rant>
          • Top
          • Bottom

          Comment

          Previous template Next
          Working...
          X