usefulfor.com/security » Uncategorized

Dear Scammed Victim

etd — Wed, 16 Jun 2010 15:47:19 +0000

Just got this on my inbox:

Compensation From The Government.

The Chairman
DEBT MANAGEMENT OFFICE
Committee On Government Compensation,
Wuse Zone II, FCT, ABUJA.:
Our Ref : FGN /SNT/STB

Dear Beneficiary,

Re: Government Compensation on Scams Victims, Lotto, Unpaid/Unclaimed
Contract/Donation.

The Federal Government of Nigeria through the President Dr.Goodluck Jonathan GCFR CON, has mandated the Debt management office in colaboration with Nigeria Financial Intelligence Unit (EFCC)to compensate all foreigner’s who in one way or the other has been retrieve of there hard earn money through illegal transaction.

All the Scams Victim who has lost so much to the fraudsters in Nigeria can now be compensation in pro rata of money lost.we are carrying out this verification and payment procedure with guideline from the The Federal Bureau Investigation Director (FBI) Mr.Robert,S.Mueller. The EFCC Chairman Mrs. Farida Waziri agency had not only recovered $6.5bn since its inception but had secured 400 convictions :http://www.punchng.com/Articl.aspx?theartic=Art201006153502178

You are officially informed that the sum of $150,000.00 (One hundred and fifty thousand U. S. dollars only)has been accredited in your favor for compensation due to your inability to claim your funds for some circumstances.

The Instruction has been given to us to Compensate the Scams Victims.Please if you have not been Scammed do not reply this message,it is onlyfor those that were scammed of their money that needs to reply this mail for Compensation.

For processing and verifications, kindly tender the below information:
* Full Name:
* proof of payment/relevant document:
* Phone Number:
* Gender:
* Age:
* Occupation:
* Country:
* Identification:

Direct your information below to the officer that will give instruction to
pay you the Compensation.

Dr. Greg Sambo
DEBT MANAGEMENT OFFICE
Committee On Government Compensation.
email:dmo@contractreviewplanel.fr.fm

Bypassing Java thick client SSL checks

etd — Tue, 23 Jun 2009 18:20:36 +0000

x509 certificate generation

Generate the certificate using OpenSSL:-

$ openssl genrsa 1024 > foo.key
$ openssl req -new -x509 -nodes -sha1 -days 7300 -key foo.key > foo.crt
$ openssl pkcs12 -export -out foo.p12 -in foo.crt -inkey foo.key -name "your name"

You will need the .p12 file (contains key and certificate) to configure Burp. And the .crt file to add it to the Java keystore used by the client. Checkout Burp's help page for instructions on how to get the first done.

Create a Java keystore, import the certificate

Straightforward enough (just remember the password you entered):

keytool.exe -import -file foo.crt -keystore usefulfor.jks -alias burpcert

Run the application and point it to your keystore

java \
  -Djavax.net.ssl.trustStore=usefulfor.jks \
  -Djavax.net.ssl.trustStorePassword=password \
  -Djavax.net.debug=all  \
  com.usefulfor.Demo

Other interesting properties that you may need in order to further tweak the SSL configuration are javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword.

DeepSec 2008

rdv — Thu, 18 Dec 2008 11:20:13 +0000

DeepSec 2008 took place in Vienna in November. For a period of two days attendees enjoyed a good set of talks, a good atmosphere and had the chance to talk to different people from different security backgrounds.

I was invited to present my 'Behind Enemy lines' research, which mainly focused on different attack techniques that are currently affecting a large number of administrative web interfaces.

The slides of this presentation can be found here: [1]

More information about this research can be found in the following white paper: [3] [4]

Hello world!

admin — Sat, 17 Sep 2005 19:29:31 +0000

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!