Full Disclosure mailing list archives
Re: Fwd: Its time to take rick rolling seriously
From: Ureleet <ureleet () gmail com>
Date: Sun, 27 Apr 2008 15:46:22 -0400
i actually agree with this thread. but its not just rick rolling. its any link that anayone sends. On Sat, Apr 26, 2008 at 4:02 PM, Razi Shaban <razishaban () gmail com> wrote:
Actually, yes. I made a video about something similar the other day, you can find it at: http://www.youtube.com/watch?v=Yu_moia-oVI It elaborates on a few of your ideas, but refutes some others. -- Razi On 4/26/08, n3td3v <xploitable () gmail com> wrote: > ---------- Forwarded message ---------- > From: n3td3v <xploitable () gmail com> > Date: Sat, Apr 5, 2008 at 2:17 AM > Subject: Its time to take rick rolling seriously > To: n3td3v <n3td3v () googlegroups com> > > > We need a big list of all the rick roll URL's, so we can protect the > public against it. > > Network operators need a list of rick roll URL's to add to the block list. > > Can someone harvest all the rick roll URL's and post them as one list > for folks to copy&paste into their block lists? > > Some of the rick rolls don't go to Youtube, some of them are > sophisticated javascript that we need to clampdown on, so not to waste > productivity and resources on these sites getting executed > accidentally. > > If you don't think this is a security issue, its time to wake up. > > RICK ROLLING HIGHLIGHTS THE EASE OF PHISHING ATTACKS > > If you look at how many hits the Youtube rick roll got alone, then > that goes someway in showing your average joe how easy it is to > compromise folks through phishing. > > Sure, it looks harmless enough, but the bottom like is, the Youtube > link (don't click) http://youtube.com/watch?v=eBGIQ7ZuuiU has > generated upto 9,290,352 views in only a few months since the craze > took off via mostly social bookmarking sites such as Digg, Reddit. > > Those could easily equal into 9,290,352 malicious phishes, 9,290,352 > credit cards and 9,290,352 identity frauds. > > Now, what happens if the cyber criminals catch onto the rick roll and > start "cyber rolling" everyone with malicious code or links to a > forged banking site, then that's really going to be bad. > > So who is keeping track of rick rolling, so it doesn't turn into a > "cyber roll" where folks get compromised? > > The media and others should use the rick rolling as a wake up call as > to how easy it is for folks to be fooled, and if its just rick ashley > this time, it might be more than "never gonna give you up" next time, > because it could be your cyber security and bank info you're giving up > in the future, so i'm calling on network security professionals and > the media to use rick rolling as a highlight case of the dangers posed > by social engineering and phishing by hackers, which can ultimately > lead to data loss and disaster. rick rolling should be used to > highlight awareness of the threat posed by link-based-phishing towards > your everyday average single mom, retired couple or the 9,290,352 > folks who have to date been "rick rolled", who are the next > potentially phished. > > And, not all, rick rolling could be used be an attacker to see how > gullible his target is to links, before carrying out a full on > phishing attack, so there are many issues here with rick rolling which > the security community may not have grasped up till now. > > If you think its stupid, 9,290,352 were and thats alarming says n3td3v. > > There are stupid people out there and rick rolling could be an easy > way to find the stupid people before your ultimate attack. > > Carry on the uses of rick rolling below this e-mail by cyber attackers > and the indications its giving out to folks on how easy phishing and > socialing engineering really is on the internet today. > > I see a new craze of "cyber rolling" coming which hackers can exploit > and i'm not sure if I like it very much, its fun and games at the > moment, but just wait to the hackers catch on and things develop with > the rick roll trend. > > I'm worried, are you? > > All the best, > > n3td3v > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fwd: Its time to take rick rolling seriously n3td3v (Apr 25)
- Re: Fwd: Its time to take rick rolling seriously Razi Shaban (Apr 26)
- Re: Fwd: Its time to take rick rolling seriously Ureleet (Apr 27)
- Re: Fwd: Its time to take rick rolling seriously mcwidget (Apr 28)
- <Possible follow-ups>
- Re: Fwd: Its time to take rick rolling seriously MiW Mailing Lists (Apr 28)
- Re: Fwd: Its time to take rick rolling seriously Razi Shaban (Apr 26)