Archive for September, 2006

Is securesuite.co.uk a phishing scam?

Published September 6th, 2006 in AIB and uncategorized. 32 Comments

I thought that securesuite.co.uk was a phishing attempt, but it seems be a legitimate outsourced provider of the so-called “3D secure protocols” known as Verified by Visa and MasterCard Securecode for card issuers. So far I have identified AIB (IE), and Royal Bank of Scotland (UK), and MBNA (IE) as users.

However I must be frank and say securesuite.co.uk has all the hallmarks of a phishing scam, I’ll make the phishing keywords bold in case you wish to skim over this section. Lets say you are presented with the screen, you are asked for your password when first presented with the popup which is a window with no address bar, not knowing your password - because this is your first time using the added layer of security - you’ll click forgot password, or register, you are then asked for your credit limit, CV2. To be sure you view the page info of the popup and see its securesite.co.uk, and not mybank.com, not even mycreditcardbrand.com, so you visit http://www.securesuite.co.uk, but there is no response, and at https://www.securesuite.co.uk there is a blank page. You perform a WHOIS query and see

Checking server [whois.nic.uk]

Domain name:
securesuite.co.uk

Registrant:
cyota

Registrant type:
Unknown

Registrant’s address:
8 west 38th street
new york
ny
10018
US

Registrar:
Register.com Inc [Tag = REGISTER-DOT-COM]
URL: http://www.register.com

Relevant dates:
Registered on: 09-Jun-2002
Renewal date: 09-Jun-2008
Last updated: 09-Apr-2006

Registration status:
Registered until renewal date.

Name servers:
ns0.eu.dedicatedserver.com
ns1.eu.dedicatedserver.com

Who are “cyota”? this looks like a scam. You call your bank but the functionaries on the line have never heard of securesite.co.uk, they know about Verified by Visa, and MasterCard securecode, but don’t know how they work. So you visit mybank.com, or in my case aib.ie, but of course their site is down again displaying an error message, you visit mastercard.com or visa.com, but naturally they can’t have something as simple as a list of authorised providers of the system.

Well I took the risk, in the interests of journalism, and buying a new harddrive from komplett.ie!

mc.png

and I can confirm that securesuite.co.uk is legitimate. But hey thats just what I say , ultimately is is up to each person whether or not they trust the system, would you?

Banks should really learn to put everything on their own single domain, eg bankofexample.com. Yet I see that Bank of Ireland still use boimail.com for their email, and bankofireland.ie for their website.
secure_code_p1.gif
verified_by_visa_p1.gif

*securesuite.co.uk is not to be confused with securesite.co.uk which is a shared SSL site operated by a company called Redstation, and looks quite nice, indeed in the Ambrand Dot Com office we enjoy listening to the most excellent and truly fresh beats user that one user has uploaded to his space on securesite.co.uk.

Continue reading ‘Is securesuite.co.uk a phishing scam?’

Share This

How to buy a suit

Published September 6th, 2006 in uniform, interview suit, clothing and uncategorized. Comments

I have a job interview next week and it seems, nay I know not seems, it is true that I need to present myself in a suit.


Chicago_woolen_mill_suits1.jpg


A suit is made up of

  • Jacket
  • Shirt (and Tie)
  • Pants (not Corduroy)
  • Shoes (Black polished leather)

Fortunately a hat is not required these days. The interesting element is the Jacket. I’ve never had one of those, not even a school blazer as my alma mater was beyond the pale. I had a look around the local department stores and shops and a cheap off the peg Jacket is EUR 150 (and a decent one is about 300). Maybe I shouldn’t have wasted that EUR 15 giving away free money!.


So if I’m going to spend EUR 300 I might as well make sure I know what to look out for.
Thomas Mahon, a “bespoke saile row tailor”, has written an article entitled what if you only have GBP 200? (EUR 300).
Just the facts, ma’am

  • Cloth: Classic colours such as Grey or Blue. The material must be wool,, and not some synthetic fabric.
  • Style: Single-breasted, two or three buttons.
  • Detail: The lapel must have a decent lapel hole, the longer, the better. The cuff should have four buttons, and if you can get it at the price then matching button holes. The pockets should have have flaps, and there must be a breast pocket, which is where you will put that silly handkerchief.
  • Accessories: You can’y beat a clean white or pale blue shirt with a double cuff and cufflinks. You should show cuff. The tie should be silk and, just like the jacket, don’t even consider synthetics. Printed designs will suffice. Shoes should be match the belt, and be shined on the cap. Socks should be black, not white

Continue reading ‘How to buy a suit’

Share This

The Definitive Guide to Apache Mod_Rewrite

Published September 5th, 2006 in web programming and uncategorized. Comments

Welcome to mod_rewrite, the Swiss Army Knife of URL manipulation! (apache docs)

I just stumbled upon a text entitled The Definitive Guide to Apache Mod_Rewrite. At first I was surprised that such a techincal topic would be discussed on dead trees, but moreover I was surprised people would pay to buy it, because everything you need to know about Mod_Rewrite is covered in the Apache doc. Yet after perusing the amazon wishlists of the web luminaries, including but not limited to Mr Neylon, I found this book of universal desirability. So what is so interesting about Mod_Rewrite?


It centres on making better public URLs, that is to say better URLs for visitors, you can keep you actual files in whatever messy fashion you desire, and with a set of logical rules still serve visitors the content they request.


Best practice
Before looking at the technalities lets consider the principles

  • URLs should be human-readable
  • URLs should be short
  • URLs should be hierarchical
  • URLs should be permanently unique

I prefer seeing examples so here is another way of expressing what I’ve just said

  • Good example: http://example.com/cars/bmw/e39/
  • Bad example: http://example.com/cgi-bin/coolscript.pl?session=12345678&loggedin=false&level1=cars&level2=bmw&level3=e39

Hey mom, look at my coolscript
The latter bad example looks so silly, but it is so common today. Lets look at whats wrong with it

  • cgi-bin: in the future you might figure out how to enable script processing in the root and move th script
  • coolscript.pl: if a vulnerability is discovered in the script hackers will hightail it to their favourite searchengine with the query “url:coolscript.pl” and find your site, also in the future you might change to another backend
  • ?session=12345678: use cookies instead, if you are relying on a URL then you are inviting brute force hackers
  • &loggedin=false: use cookies instead, if you are relying on a URL then you are inviting brute force hackers
  • &level1=cars&level2=bmw&level3=e39: this isn’t serch engine friendly

and of course, details aside, the URL is just too long


But fear not you can keep your script, just spend a few minutes adding Mod_Rewrite code to the .htaccess and you can have the good URL up and running.


Enough talk show me some examples that I can copy and paste
My thoughts exactly, I can’t understand the apache docs! It’s actually easy to put together basic rewrites however once things get complicated you get stuck. For example I need the code to perform the following


example.com/countriesireland.php (the actual file) > example.com/countries/ireland (the public URL)
and
example.com/countries.php (the actual file) > example.com/countries (the public URL)


Help required, apply within
As you can see I’ve made multiple php files in the root, and I want everything after the tld to be read, stripped of the forward slash, appended with .php, and returned to the requester.
Can anyone help? Please leave a comment with the code, or I’ll have to pull an all-nighter with a Snickers and Can of Coke.

Continue reading ‘The Definitive Guide to Apache Mod_Rewrite’

Share This

Human beatbox

Published September 4th, 2006 in cool videos, youtube, beatbox, music and uncategorized. Comments

Continue reading ‘Human beatbox’

Share This

The magic of ultraviolet

Published September 2nd, 2006 in ultraviolet and uncategorized. Comments

To make the life of counterfeiters more difficult, many sensitive documents such as credit cards, driving licences, passports, certificates and of course cash include a UV watermark. This can only be seen when viewed under a UV-emitting light - although when badly done on paper it can just be seen as a translucent grease like image. Passports issued by most countries today contain UV sensitive inks and security threads. Visa stamps and stickers such as those issued by Ukraine contain large and detailed seals invisible to the naked eye under normal lights, but strongly visible under UV illimunation. Passports issued by the United States have the UV sensitive threads on the last page of the passport along with the barcode.


You can pick up a UV light - typically a LED - pretty cheaply on ebay, and it’s interesting to look at everyday items and see what appears.


Here are a few cards you might have in your wallet:

uv_visa.png
Visa shows the Bird logo

uv_mastercard.png
MasterCard shows the letters MC

uv_amex.png
American Express shows the letters AMEX

uv_diners.png
Diner’s Club shows the Diner’s Club logo

uv_maestro.png
Maestro shows the word Maestro in the characteristic font

Continue reading ‘The magic of ultraviolet’

Share This

Advertising

.

Close
E-mail It