Il taccuino di Armando Leotta

Notte prima degli esami

ArMyZ — Tue, 18 Jun 2013 07:27:11 +0000

Mi fa tanta tenerezza ripensare ai miei esami di maturità.

Ho un ricordo a macchia di leopardo, discontinuo, episodico. Quello che ricordo però (sono passati 25 diversi anni), è perfettamente lucido, chiarissimo e ricordo perfettamente lo stress, i momenti di ansia e persino gli odori!

E’ un momento unico, nemmeno la discussione della tesi di laurea vi darà quel tipo di emozione e di preoccupazione.

Se posso dare un consiglio, siate rilassati, spensierati ma concentrati: godetevi la vostra età e gustatevi questa esperienza che vi ricorderete per tutta la vita.

Un in bocca al lupo per tutti Voi e… spaccate!

__________________________________________________________________

Notte prima degli esami is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.

ArMyZ security issues weekly roundup | 08-06-2013

ArMyZ — Sun, 09 Jun 2013 08:51:56 +0000

ArMyZ security issues weekly roundup | 01-06-2013 – http://t.co/lfOtFr6ruY 00:51:43, 2013-06-02
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @ArMyZ @xlthlx 08:16:25, 2013-06-02
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:26, 2013-06-03
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @dottorblaster 08:16:24, 2013-06-04
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @dmkravets @ilaria_damico 08:16:25, 2013-06-05
Zeus Trojan returns: Facebook being used to spread the infection http://t.co/iOpWNmmPgc #security 21:10:22, 2013-06-05
Cyberespionage campaign targeting government-affiliated organizations http://t.co/iyiuosjmTJ #security #apt 21:13:15, 2013-06-05
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @DennisF @triomedusa 08:16:27, 2013-06-06
Microsoft, Authorities Disrupt Hundreds of Citadel Botnets with ‘Operation b54’ http://t.co/AEjhGlmiU6 #security #botnet 20:31:58, 2013-06-06
Smart TVs vulnerable to a host of attacks http://t.co/pNFmeVPTZQ #security #bitcoin #botnet 20:34:04, 2013-06-06
The most sophisticated #Android Trojan http://t.co/uDH6cmwgOM #security #mobile #malware #analysis 20:41:33, 2013-06-06
How much would a #security breach cost your business? – infographic http://t.co/uu1EX4DGuE http://t.co/Y5W0ieVAnr 20:44:21, 2013-06-06
EU cyber attack legislation EU anti-hacker law takes totally flawed approach to internet security http://t.co/9RQAObzWvo 20:46:55, 2013-06-06
China To America: You Hack Us, Too http://t.co/KTEp3YW3lY #security #information #warfare 20:52:54, 2013-06-06
Google researchers publish Windows #0-day #exploit http://t.co/qhDzvhxpWW #poc #security 20:56:15, 2013-06-06
White-hat hacker fights cyber intrusions on NATO systems http://t.co/tzozRNHtDK #security 20:58:56, 2013-06-06
Watch where you plug in, folks – researchers hack iPhones with a charger http://t.co/6OK432dvsR #blackhat usa #conference 21:10:21, 2013-06-06
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @symantecitalia @ArMyZ 08:16:27, 2013-06-07
PRISM: Here's how the NSA wiretapped the Internet http://t.co/OmCfxAdq6T #security 07:41:03, 2013-06-08
Secret cyber directive calls for ability to attack without warning http://t.co/q4NVSEWPY2 #security #cyberwarfare 07:42:47, 2013-06-08
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:28, 2013-06-08

__________________________________________________________________

ArMyZ security issues weekly roundup | 08-06-2013 is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.

ArMyZ security issues weekly roundup | 01-06-2013

ArMyZ — Sat, 01 Jun 2013 23:51:33 +0000

The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:24, 2013-05-26
[#Phishing] Attenzione alla nuova mail (apparentemente) a firma ENI & Ministero dello sviluppo economico #security – http://t.co/EQR85t8ZtD 10:19:44, 2013-05-26
ArMyZ security issues weekly roundup | 25-05-2013 – http://t.co/Z9eDoa4nnj 21:51:31, 2013-05-26
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @ArMyZ 08:16:23, 2013-05-27
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @Nientenomi 08:16:25, 2013-05-28
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @mmdubya 08:16:28, 2013-05-29
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:25, 2013-05-30
Google: #Security flaws not fixed in a week should be made public http://t.co/U6BTs3aqEB 21:39:35, 2013-05-30
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:24, 2013-05-31
Researchers prove that light, sound can activate mobile #malware http://t.co/6ZU4NAT4RV #security 19:05:51, 2013-05-31
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:25, 2013-06-01
UPDATE [Phishing] Attenzione alla nuova mail (apparentemente) a firma ENI & Min. svil. economico #phishing #security http://t.co/RSyzj039Y9 08:55:18, 2013-06-01
UPDATE: nuovi vettori, mail corretta e più verosimile – new vectors, text sent "improved" http://t.co/ausNmswc5n 08:58:50, 2013-06-01

__________________________________________________________________

ArMyZ security issues weekly roundup | 01-06-2013 is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.

ArMyZ security issues weekly roundup | 25-05-2013

ArMyZ — Sun, 26 May 2013 20:51:25 +0000

ArMyZ security issues weekly roundup | 18-05-2013 – http://t.co/W9XmxXmya9 00:55:48, 2013-05-19
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @ArMyZ 08:16:23, 2013-05-19
Vatican bank and transparency http://t.co/NbiN5QvNRD 05:08:43, 2013-05-20
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @FrankieBit 08:16:24, 2013-05-20
Targeted Espionage Attack Borrowing from Cybercriminals http://t.co/yRabDYLMS4 #security 21:22:11, 2013-05-20
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:25, 2013-05-21
Hack attempts & good news #security – http://t.co/elnS96wdLi 22:27:35, 2013-05-21
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @JBrodkin 08:16:26, 2013-05-22
European Cyber #Security Month – building together a joint EU advocacy campaign! #enisa https://t.co/gaKzVdmtfS 19:18:55, 2013-05-22
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @DarkOperator @pestoverde 08:16:27, 2013-05-23
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:24, 2013-05-24
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:24, 2013-05-25
Ci vediamo al #Security #Summit Roma https://t.co/mgElXRp7Gp in cui parlerò di Security Governance e controlli critici il 6 giugno #clusit 18:30:14, 2013-05-25
Nuovo caso di phishing – Attenzione alla mail "ENI & Ministero dello Sviluppo Economico". Non cliccate sui link http://t.co/gBmkxSh8t7 21:02:52, 2013-05-25

__________________________________________________________________

ArMyZ security issues weekly roundup | 25-05-2013 is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.

[Phishing] Attenzione alla nuova mail (apparentemente) a firma ENI & Ministero dello sviluppo economico #phishing #security

ArMyZ — Sun, 26 May 2013 08:52:54 +0000

Phishing Eni e Sviluppo Economico

Il periodo non è certo dei migliori.

La mail con oggetto “Richiedi la carta benzine con lo socnto di 400 euro” presenta diversi elementi interessanti.

In primo luogo, è evidente la componente di social engineering: logo del Ministero dello Sviluppo Economico, Partita IVA dello Sviluppo Economico nel footer della mail (come sapete è un’informazione obbligatoria e si trova facilmente sul vero sito del Ministero), riferimento ad un nuovo DECRETO LEGGE.

Inoltre, si fa meschinamente leva sulla possibilità di acquistare una carta carburante a prezzi incredibilmente vantaggiosi:

“Agip gruppo Eni ti consente di acquistare la carta carburante di 500 Euro al prezzo di 100 Euro (80% rimborsato dal Ministero dello Sviluppo Economico).”

In secondo luogo, aldilà della credibilità o meno dell’iniziativa, spunta la componente di phishing: il link suggerito per approfondire le informazioni sembrerebbe quello del Ministero dello Sviluppo Economico ma punta all’indirizzo sviluppoeconomico.myvnc.com.

Il dominio myvnc.com è un dominio gestito da servizi di dns dinamico (no-ip.com).

Indirizzo reale a cui punta

Per gli addetti ai lavori, raggiungendo tramite sandbox (anubis) quell’indirizzo, ecco qualche dettaglio in più (tralascio le svariate chiavi del registry lette E modificate).

DNS Queries:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Name: [ ministerodellosviluppoeconomico.myvnc.com ], Query Type: [ DNS_TYPE_A ],
            Query Result: [ 8.23.224.90 ], Successful: [ YES ], Protocol: [ udp ]
        Name: [ www.grutuitapostecom.com ], Query Type: [ DNS_TYPE_A ],
            Query Result: [ 66.147.241.45 ], Successful: [ YES ], Protocol: [ udp ]

HTTP Conversations:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        From ANUBIS:1029 to 8.23.224.90:80 - [ ministerodellosviluppoeconomico.myvnc.com ]
             Request: [ GET / ], Response: [ 200 "Found" ]
        From ANUBIS:1030 to 66.147.241.45:80 - [ www.grutuitapostecom.com ]
             Request: [ GET /Agip/travel.eni.com/iveportal/cards/W155.PKG_RICONLINE.show_pageNL22.php ], Response: [ 200 "OK" ]
             Request: [ GET /Agip/travel.eni.com/iveportal/cards/W155.PKG_RICONLINE.show_pageNL2_files/offerta.css ], Response: [ 404 "Not Found" ]

In ultima analisi e considerazione, a giudicare da qualche errore riscontrato, il meccanismo non sembra (ancora) del tutto a punto ma, attenzione, quella risorsa .php esiste e viene correttamente raggiunta dal client.
Da come è scritta e dalle risorse chiamate in causa sembrerebbe di matrice italiana.

In ogni caso, non dimenticate le regole d’oro:

1) non cliccate sui link che vi giungono via mail ma verificate prima qual è la reale destinazione degli stessi.
2) aggiornate sempre i vostri sistemi (sia il sistema operativo che le componenti off-the-shelf come java e prodotti adobe integrati con il browser – plugin flash, acrobat, etc).
3) se avete raggiunto quel link effettuate una scansione totale del vostro dispositivo con un tool antivirus/antimalware aggiornato.

****************** UPDATE 1/6/13 ***************************

Ne stanno girando altre versioni con il testo leggermente più curato e credibile.

Stessa struttura, stesso ddns proviver (No-IP.com) questa volta con servebeer.com (ministeroeconomico.servebeer.com).

Questa volta non si appoggia a grutuitapostecom.com ma a un sito gratuito su altervista (mnsit.altervista.org).

__________________________________________________________________

[Phishing] Attenzione alla nuova mail (apparentemente) a firma ENI & Ministero dello sviluppo economico #phishing #security is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.

Hack attempts & good news #security

ArMyZ — Tue, 21 May 2013 21:27:29 +0000

Un alert insolito.

Fare un po’ di manutenzione e ritrovare tracce di 6 attacchi di crew diverse: priceless.

Codice base64 come se piovesse.
Decodificando mi ritrovo un PHP con POST con tanto di echo “indonesian people is here“.

Se non bastasse, ritrovo altri due php contenenti, secondo sophos per mac, il trojan PhpShel-G e altri dei tentativi di injection test.

Dimenticavo una jpg pronta all’uso: potevano mancare i Martiri di Gaza?

Cortese visita

I presidi funzionano così come gli alert.

Grazie Bluehost: well done!

__________________________________________________________________

Hack attempts & good news #security is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.

ArMyZ security issues weekly roundup | 18-05-2013

ArMyZ — Sat, 18 May 2013 23:54:45 +0000

The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:23, 2013-05-12
Chinese #hackers caught trying to steal secrets of Lockheed Martin http://t.co/Tk2qVgZJBz #security 09:00:26, 2013-05-12
Official list of English words misused in EU documents http://t.co/TskjPWcon1 09:03:12, 2013-05-12
Bloomberg News Busted For Spying on #Bankers http://t.co/a7u2kvaJRb 09:05:09, 2013-05-12
How Cybercriminals Stole $40 Million From ATMs Worldwide In 10 Hours http://t.co/M40iHsgFgj #security 09:07:50, 2013-05-12
Mainframe computer #security. Can they be hacked? http://t.co/3IRTByaurd – sounds interesting (likelihood and feasibility apart) #zos 09:15:59, 2013-05-12
ArMyZ security issues weekly roundup | 11-05-2013 – http://t.co/y1CwY3xtaO 23:51:47, 2013-05-12
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @DarkOperator @secuniadvisory 08:16:26, 2013-05-14
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:25, 2013-05-15
Researchers uncover large cyberfraud operation targeting Australian bank customers http://t.co/euCpU8uVMh #banking #security 18:33:13, 2013-05-15
VMware’s dual-persona smartphones phones finally available to purchase http://t.co/udZUeaD2Fe #byod #mobile #sandbox #security 18:40:25, 2013-05-15
Mobile crimeware and the global criminal marketplace http://t.co/aaSP3hbOqY #security 18:43:56, 2013-05-15
Facebook attacked with credential-harvesting #malware http://t.co/Vn9he5egfu #security 18:46:43, 2013-05-15
How I 'stole' $14 million from a bank: A security tester's tale http://t.co/X5ftkX4cKb #security #banking 18:54:03, 2013-05-15
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @HackRead @EdgarR0jas 08:16:26, 2013-05-16
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @elinormills 08:16:26, 2013-05-17
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:24, 2013-05-18

__________________________________________________________________

ArMyZ security issues weekly roundup | 18-05-2013 is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.

ArMyZ security issues weekly roundup | 11-05-2013

ArMyZ — Sun, 12 May 2013 22:51:39 +0000

ArMyZ security issues weekly roundup | 04-05-2013 – http://t.co/Yc4azyN83e 00:51:42, 2013-05-05
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @DarkOperator @ArMyZ 08:16:24, 2013-05-05
16-30 April 2013 Cyber #Attacks Timeline http://t.co/ufJvouxuNZ #security #ddos 21:20:15, 2013-05-05
IE8 #zero-day flaw targets U.S. nuke researchers; all versions of Windows affected http://t.co/iRS6cqgUBS #security 21:23:08, 2013-05-05
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:23, 2013-05-06
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @SecurityCurator @Trust_IT @V3_co_uk 08:16:23, 2013-05-07
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:25, 2013-05-08
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @ThreatFeed 08:16:27, 2013-05-09
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV 08:16:27, 2013-05-10
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @elie 08:16:25, 2013-05-11

__________________________________________________________________

ArMyZ security issues weekly roundup | 11-05-2013 is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.

ArMyZ security issues weekly roundup | 04-05-2013

ArMyZ — Sat, 04 May 2013 23:51:39 +0000

ArMyZ security issues weekly roundup | 27-04-2013 – http://t.co/5xoc2Oha8u 00:56:48, 2013-04-28
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 08:16:24, 2013-04-28
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 ▸ Top stories today via @rogeragrimes 08:16:23, 2013-04-29
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 ▸ Top stories today via @esaoperations @anthonymfreed @secuniadvisory 08:16:24, 2013-04-30
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 08:16:24, 2013-05-01
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @DrInfoSec @SecurityCurator 08:16:24, 2013-05-02
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @lastknight 08:16:26, 2013-05-03
Traces of #malware activity detected in App Store game http://t.co/WNLI8q1J3Z #security 21:35:26, 2013-05-03
IRC/HTTP based #DDoS bot nukes other bots http://t.co/Yk80wsNgfC #security 21:37:01, 2013-05-03
Multi-stage #exploit #attacks for more effective #malware delivery http://t.co/74tuQqjAbP #security 21:39:38, 2013-05-03
The Armando Leotta Daily is out! http://t.co/6QPiFjJHlV ▸ Top stories today via @InfoSec 08:16:26, 2013-05-04

__________________________________________________________________

ArMyZ security issues weekly roundup | 04-05-2013 is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.

ArMyZ security issues weekly roundup | 27-04-2013

ArMyZ — Sat, 27 Apr 2013 23:56:02 +0000

ArMyZ security issues weekly roundup | 20-04-2013 – http://t.co/kIulatCZNq 00:52:12, 2013-04-21
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 ▸ Top stories today via @ArMyZ @SecurityCurator 08:16:24, 2013-04-21
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 08:16:26, 2013-04-22
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 ▸ Top stories today via @SecurityCurator 08:16:27, 2013-04-23
Latest Gozi trojan variant comes packaged with #rootkit http://t.co/IxAwBrHXn5 #security #banking 21:44:23, 2013-04-23
#Malware C&C Servers Found in 184 Countries http://t.co/PJSP7sxil1 #security 21:46:38, 2013-04-23
Banks Remain the Top Target for Hackers, Report Says http://t.co/rF5AvaadyJ #security 21:53:03, 2013-04-23
Financial #malware #hijacking Twitter accounts http://t.co/f07AFPgjKH #security 21:54:33, 2013-04-23
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 08:16:27, 2013-04-24
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 ▸ Top stories today via @SecurityCurator @InfoSec 08:16:30, 2013-04-25
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 08:16:25, 2013-04-26
The Armando Leotta Daily is out! http://t.co/TSd16Nvlj4 ▸ Top stories today via @TechL0G 08:16:26, 2013-04-27

__________________________________________________________________

ArMyZ security issues weekly roundup | 27-04-2013 is a post from: Il taccuino di Armando Leotta

Il Taccuino di Armando Leotta by Armando Leotta is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Italy License.
Based on a work at blog.armandoleotta.com.