[Full-disclosure] Fwd: Its time to take rick rolling seriously
xploitable at gmail.com
Sat Apr 26 00:48:59 BST 2008
---------- Forwarded message ----------
From: n3td3v <xploitable at gmail.com>
Date: Sat, Apr 5, 2008 at 2:17 AM
Subject: Its time to take rick rolling seriously
To: n3td3v <n3td3v at googlegroups.com>
We need a big list of all the rick roll URL's, so we can protect the
public against it.
Network operators need a list of rick roll URL's to add to the block list.
Can someone harvest all the rick roll URL's and post them as one list
for folks to copy&paste into their block lists?
Some of the rick rolls don't go to Youtube, some of them are
productivity and resources on these sites getting executed
If you don't think this is a security issue, its time to wake up.
RICK ROLLING HIGHLIGHTS THE EASE OF PHISHING ATTACKS
If you look at how many hits the Youtube rick roll got alone, then
that goes someway in showing your average joe how easy it is to
compromise folks through phishing.
Sure, it looks harmless enough, but the bottom like is, the Youtube
link (don't click) http://youtube.com/watch?v=eBGIQ7ZuuiU has
generated upto 9,290,352 views in only a few months since the craze
took off via mostly social bookmarking sites such as Digg, Reddit.
Those could easily equal into 9,290,352 malicious phishes, 9,290,352
credit cards and 9,290,352 identity frauds.
Now, what happens if the cyber criminals catch onto the rick roll and
start "cyber rolling" everyone with malicious code or links to a
forged banking site, then that's really going to be bad.
So who is keeping track of rick rolling, so it doesn't turn into a
"cyber roll" where folks get compromised?
The media and others should use the rick rolling as a wake up call as
to how easy it is for folks to be fooled, and if its just rick ashley
this time, it might be more than "never gonna give you up" next time,
because it could be your cyber security and bank info you're giving up
in the future, so i'm calling on network security professionals and
the media to use rick rolling as a highlight case of the dangers posed
by social engineering and phishing by hackers, which can ultimately
lead to data loss and disaster. rick rolling should be used to
highlight awareness of the threat posed by link-based-phishing towards
your everyday average single mom, retired couple or the 9,290,352
folks who have to date been "rick rolled", who are the next
And, not all, rick rolling could be used be an attacker to see how
gullible his target is to links, before carrying out a full on
phishing attack, so there are many issues here with rick rolling which
the security community may not have grasped up till now.
If you think its stupid, 9,290,352 were and thats alarming says n3td3v.
There are stupid people out there and rick rolling could be an easy
way to find the stupid people before your ultimate attack.
Carry on the uses of rick rolling below this e-mail by cyber attackers
and the indications its giving out to folks on how easy phishing and
socialing engineering really is on the internet today.
I see a new craze of "cyber rolling" coming which hackers can exploit
and i'm not sure if I like it very much, its fun and games at the
moment, but just wait to the hackers catch on and things develop with
the rick roll trend.
I'm worried, are you?
All the best,
Full-Disclosure is hosted and sponsored by Secunia.