HDFC- Smart Shoppers is a reported attack site
June 5, 2010 by rooturaj
Filed under Business, Online Security
Was feeling like buying an Olympus Digital SLR cam today. The HDFC guys sent me a flyer with the specification and I was pretty happy with it. So I call up the phone-banking service to order the cam. They tell me you need to order it on HDFC site. Fine, so I am on the HDFC shopping site and look what I get …
Bl0ody hell ! this is what our top urban bank has to offer us? See what the firefox report has to say about this.
This page tries to install programs that steal private information and use your computer to attack others or damage you computer.
This site is probably not a direct HDFC property. They are kind of affiliates through which they help sell consumer goods through easy installment system on their credit cards
Anyway I tried to open the same site in Opera Browser and it did not have a problem opening the site. But I could not find the product they had sent the flyers about. So I felt like contacting them online. I click the contact us link and this is what I get..
And everyone wonders why is Online Shopping not so popular in India? HDFC is the most Tech Savy bank in India in my opinion. Now this is what they offer. One sentence saying enter your contact information here. What next…? Design error? Cross browser compatibility failure? Whatever it is, it only pisses of a user.
I will of course be directing the attention of HDFC people about this and at the same time would like you to share it with your friends so that they are aware of the Crap they are being supplied with in the name of online technology.
Related Posts:
Kaspersky Detects Trojans in Google Adsense
January 25, 2010 by rooturaj
Filed under Online Security
I don’t know if it affects you or if my Anti-Virus is just acting up but every time I force refresh a page with Google Adsense with it Kaspersky (ver: 8.0.0.454) Internet Security detects a Trojan on the google javascript file. This even comes up on leading sites like lonelyplanet.com.
Here are the details.
To force refresh I mean using CTRL + F5. Then my antivirus gives this message.
Kaspersky detects Trojan on Site with Adsense
On further checking of this report Kaspersky gives me the following actions and errors.
This is the actual error report on Kaspersky. 1/25/2010 8:01:18 PM- http://pagead2.googlesyndication.com/pagead/show_ads.js Firefox Processing error: Trojan.JS.Redirector.ar
Report points to Adsense file
I get the same issue on IE6 with Kaspersky. On Internet Explorer I with Kaspersky installed I get an Additional Error. See Below.
Issue duplicates on separate machine with IE6 and Kaspersky
I have no idea whats going on. After a basic search on Google I found this related post. But this is an old case and the ads are not being hijacked. From the report it seems it is the original Google Adsense Javascript file that is being detected as malicious.
If some of you have kaspersky could you please test this issue at your end and let me know. I will mean while report this to Google.
Related Posts:
Hacking into your life through your emails
January 20, 2010 by rooturaj
Filed under Online Security
I am going to share with you a funny but serious event that unfolded in my Inbox yesterday. There is a silly job listing site in the name of jobszone.info. They blast bulk mails to thousands of people about latest job openings. Yesterday I received a mail from them that reads.
Now what does a user like me do in this case. Carelessness like this leads to the hacking of email accounts and corporate websites.
Here is how a hacker would proceed once he is fed with information like this. I am not a hacker but I have read about them and I am somewhat familiar with their train of thought. Thanks to recent events like Iranian attack on Twitter.and previous Twitter Admin hack news.
So first of all we try out popular mail portals like Gmail, Yahoo, Hotmail, AOL etc. If our trial yields no result then we try to access the webmail accounts using urls like domain.com/webmail or mail.domain.com. How to find out the site? Use google for the most relevant term from the mail. It is not always that easy though.
In my case I struck gold with Gmail. Though I tried the domain.com/webmail approach first as the mails seemed to originate from the said website.
Normally what first timers would do is reset the password. But that is the stupid thing to do. Don’t let the original user suspect that the account has been compromised.
Next search for password or username using mail accounts search feature. Gmail in this case is just wow. I got around 40 results. This idiot left an excel file with a list of user ids and passwords for some 25 accounts. Wow. I can further use the same to get into more classified information. May be I could find some credit card details too but my ethics stop me going beyond this. LOL
Additionally one could use Gmail labels or folders in other email clients to reach out to specific information on your email accounts.
I hope this malicious email account access process would give you enough ideas about how to protect your accounts from being hacked. Many large organizations like twitter have been hacked using this very method.
This has been a long post already. Watch out for my next post that is a list of steps to keep your accounts safe from hacking.
