Fraud @ MindSay



 

   
Detecting Malice eBook - Fraud Loss Prevention

Detecting Malice eBook - Fraud Loss Prevention


Fraud Loss Prevention eBook










Every day hackers are stealing millions from websites and this is the book that will help you detect it happening on yours. Detecting Malice was written to help website administrators, developers, operations personelle and security product managers in building and maintaining a higher security posture. Understanding user intent is the cornerstone for reducing fraud ratios in modern web applications. From retail to government, this book covers many different realms of fraud and how to detect it at many different technical layers. From DNS and TCP to embedded content and browser fingerprinting techniques it is possible to identify users who are most likely to become dangerous often before it actually happens. A plethora of tools and techniques are all available to you within the 300+ pages of this book.


Table of Contents:









  Detecting Malice: Preface

    User Disposition

    Deducing Without Knowing

    Book Overview

    Who Should Read This Book?

    Why Now?

    A Note on Style

    Working Without a Silver Bullet

    Special Thanks

  Chapter 1 - DNS and TCP: The Foundations of Application Security

    In the Beginning Was DNS

    Same-Origin Policy and DNS Rebinding

    DNS Zone Transfers and Updates

    DNS Enumeration

    TCP/IP

    Spoofing and the Three-Way Handshake

    Passive OS Fingerprinting with pOf

    TCP Timing Analysis

    Network DoS and DDoS Attacks

    Attacks Against DNS

    TCP DoS

    Low Bandwidth DoS

    Using DoS As Self-Defense

    Motives for DoS Attacks

    DoS Conspiracies

    Port Scanning

    With That Out of the Way...

  Chapter 2 - IP Address Forensics

    What Can an IP Address Tell You?

    Reverse DNS Resolution

    WHOIS Database

    Geolocation

    Real-Time Block Lists and IP Address Reputation

    Related IP Addresses

    When IP Address Is A Server

    Web Servers as Clients

    Dealing with Virtual Hosts

    Proxies and Their Impact on IP Address Forensics

    Network-Level Proxies

    HTTP Proxies

    AOL Proxies

    Anonymization Services

    Tor Onion Routing

    Obscure Ways to Hide IP Address

    IP Address Forensics

    To Block or Not?

  Chapter 3 - Time

    Traffic Patterns

    Event Correlation

    Daylight Savings

    Forensics and Time Synchronization

    Humans and Physical Limitations

    Gold Farming

    CAPTCHA Breaking

    Holidays and Prime Time

    Risk Mitigation Using Time Locks

    The Future is a Fog

  Chapter 4 - Request Methods and HTTP Protocols

    Request Methods

    GET

    POST

    PUT and DELETE

    OPTIONS

    CONNECT

    HEAD

    TRACE

    Invalid Request Methods

    Random Binary Request Methods

    Lowercase Method Names

    Extraneous White Space on the Request Line

    HTTP Protocols

    Missing Protocol Information

    HTTP 1.0 vs. HTTP 1.1

    Invalid Protocols and Version Numbers

    Newlines and Carriage Returns

    Summary

  Chapter 5 - Referring URL

    Referer Header

    Information Leakage through Referer

    Disclosing Too Much

    Spot the Phony Referring URL

    Third-Party Content Referring URL Disclosure

    What Lurks in Your Logs

    Referer and Search Engines

    Language, Location, and the Politics That Comes With It

    Google Dorks

    Natural Search Strings

    Vanity Search

    Black Hat Search Engine Marketing and Optimization

    Referring URL Availability

    Direct Page Access

    Meta Refresh

    Links from SSL/TLS Sites

    Links from Local Pages

    Users' Privacy Concerns

    Determining Why Referer Isn't There

    Referer Reliability

    Redirection

    Impact of Cross-Site Request Forgery

    Is the Referring URL a Fake?

    Referral Spam

    Last thoughts

  Chapter 6 - Request URL

    What Does A Typical HTTP Request Look Like?

    Watching For Things That Don’t Belong

    Domain Name in the Request Field

    Proxy Access Attempts

    Anchor Identifiers

    Common Request URL Attacks

    Remote File Inclusion

    SQL Injection

    HTTP Response Splitting

    NUL Byte Injection

    Pipes and System Command Execution

    Cross-Site Scripting

    Web Server Fingerprinting

    Invalid URL Encoding

    Well-Known Server Files

    Easter Eggs

    Admin Directories

    Automated Application Discovery

    Well-Known Files

    Crossdomain.xml

    Robots.txt

    Google Sitemaps

    Summary

  Chapter 7 - User-Agent Identification

    What is in a User-Agent Header?

    Malware and Plugin Indicators

    Software Versions and Patch Levels

    User-Agent Spoofing

    Cross Checking User-Agent against Other Headers

    User-Agent Spam

    Indirect Access Services

    Google Translate

    Traces of Application Security Tools

    Common User-Agent Attacks

    Search Engine Impersonation

    Summary

  Chapter 8 - Request Header Anomalies

    Hostname

    Requests Missing Host Header

    Mixed-Case Hostnames in Host and Referring URL Headers

    Cookies

    Cookie Abuse

    Cookie Fingerprinting

    Cross Site Cooking

    Assorted Request Header Anomalies

    Expect Header XSS

    Headers Sent by Application Vulnerability Scanners

    Cache Control Headers

    Accept CSRF Deterrent

    Language and Character Set Headers

    Dash Dash Dash

    From Robot Identification

    Content-Type Mistakes

    Common Mobile Phone Request Headers

    X-Moz Prefetching

    Summary

  Chapter 9 - Embedded Content

    Embedded Styles

    Detecting Robots

    Detecting CSRF Attacks

    Embedded JavaScript

    Embedded Objects

    Request Order

    Cookie Stuffing

    Impact of Content Delivery Networks on Security

    Asset File Name Versioning

    Summary

  Chapter 10 - Attacks Against Site Functionality

    Attacks Against Sign-In

    Brute-Force Attacks Against Sign-In

    Phishing Attacks

    Registration

    Username Choice

    Brute Force Attacks Against Registration

    Account Pharming

    What to Learn from the Registration Data

    Fun With Passwords

    Forgot Password

    Password DoS Attacks

    Don’t Show Anyone Their Passwords

    User to User Communication

    Summary

  Chapter 11 - History

    Our Past

    History Repeats Itself

    Cookies

    JavaScript Database

    Internet Explorer Persistence

    Flash Cookies

    CSS History

    Refresh

    Same Page, Same IP, Different Headers

    Cache and Translation Services

    Uniqueness

    DNS Pinning Part Two

    Biometrics

    Breakout Fraud

    Summary

  Chapter 12 - Denial of Service

    What Are Denial Of Service Attacks?

    Distributed DoS Attacks

    My First Denial of Service Lesson

    Request Flooding

    Identifying Reaction Strategies

    Database DoS

    Targeting Search Facilities

    Unusual DoS Vectors

    Banner Advertising DoS

    Chargeback DoS

    The Great Firewall of China

    Email Blacklisting

    Dealing With Denial Of Service Attacks

    Detection

    Mitigation

    Summary

  Chapter 13 - Rate of Movement

    Rates

    Timing Differences

    CAPTCHAs

    Click Fraud

    Warhol or Flash Worm

    Samy Worm

    Inverse Waterfall

    Pornography Duration

    Repetition

    Scrapers

    Spiderweb

    Summary

  Chapter 14 - Ports, Services, APIs, Protocols and 3rd Parties

    Ports, Services, APIs, Protocols, 3rd Parties, oh my…

    SSL and Man in the middle Attacks

    Performance

    SSL/TLS Abuse

    FTP

    Webmail Compromise

    Third Party APIs and Web Services

    2nd Factor Authentication and Federation

    Other Ports and Services

    Summary

  Chapter 15 - Browser Sniffing

    Browser Detection

    Black Dragon, Master Reconnaissance Tool and BeEF

    Java Internal IP Address

    MIME Encoding and MIME Sniffing

    Windows Media Player “Super Cookie”

    Virtual Machines, Machine Fingerprinting and Applications

    Monkey See Browser Fingerprinting Software – Monkey Do Malware

    Malware and Machine Fingerprinting Value

    Unmasking Anonymous Users

    Java Sockets

    De-cloaking Techniques

    Persistence, Cookies and Flash Cookies Redux

    Additional Browser Fingerprinting Techniques

    Summary

  Chapter 16 - Uploaded Content

    Content

    Images

    Hashing

    Image Watermarking

    Image Steganography

    EXIF Data In Images

    GDI+ Exploit

    Warez

    Child Pornography

    Copyrights and Nefarious Imagery

    Sharm el Sheikh Case Study

    Imagecrash

    Text

    Text Stenography

    Blog and Comment Spam

    Power of the Herd

    Profane Language

    Localization and Internationalization

    HTML

    Summary

  Chapter 17 - Loss Prevention

    Lessons From The Offline World

    Subliminal Imagery

    Security Badges

    Prevention Through Fuzzy Matching

    Manual Fraud Analysis

    Honeytokens

    Summary

  Chapter 18 - Wrapup

    Mood Ring

    Insanity

    Blocking and the 4th Wall Problem

    Booby Trapping Your Application

    Heuristics Age

    Know Thy Enemy

    Race, Sex, Religion

    Profiling

    Ethnographic Landscape

    Calculated Risks

    Correlation and Causality

    Conclusion

  About Robert Hansen










Detecting Malice is written by Robert "RSnake" Hansen, the author of the noted ha.ckers.org web application security lab. Mr. Hansen has spoken at industry conferences around the world and is widely considered to be a foremost expert in web application security and online fraud. Drawing on well over a decade of web application security experience, the book was written to be a relevant look into the deep technical nuances of user interaction. By being extremely observant and having the correct logging in place it is possible to dramatically reduce online fraud. Whether you are simply an enthusiast or are in charge of a Fortune 500, you will gain deep insights into the tools and techniques available to improve fraud loss prevention. Using practical and real-world examples, the book walks through the different layers in a highly digestable way, that is valuable to practitioners at almost every level of technical abilities.

Read what other experts are saying about Detecting Malice:







- "I can tell you that it is, without a doubt, the best web security book I have ever had the pleasure to read." - David Mortman, CSO - Echelon One



- "Detecting Malice is a must-read resource for anyone tasked with protecting a website. It is incredibly detained and comprehensive, without all the usual cruft you see filling up other books on the topic. If you have a website, have logs, and want to know what the bad guys are trying to do to you (and trust me, we're all targets), then this is the only resource out there to help you understand what they're doing, how to defend yourself, and how to turn the tables and unmask your attacker. It's written in a very accessible informal style, yet still loaded with content and practical examples." - Rich Mogull, CEO - Securosis



- ""Detecting Malice" really is a fantastic opus of WebAppSec wisdom." - Chris Hoff, Director, Cloud & Virtualization Solutions - Cisco



- "This book leaves the reader with the conclusion why some web-based attacks go unnoticed. It illustrates why our current tools and techniques are not built to detect them...yet! But just wait until the web security vendors read Detecting Malice!" - Quincy Jackson, IT Security Manager - Universal Weather and Aviation



- "Shell out the $39 for the 300 page e-Book Detecting Malice, written by Robert Hansen (aka RSnake, on Twitter at @RSnake) and actually read it. I can't believe I'm actually endorsing a freaking e-Book, but its really that good. I don't know Robert personally, I'm not endorsing it as a favor or because I like him as a person. For all I know he eats puppies for breakfast. But his book is fantastic." - Alison Gianotto, Author of Professional PHP4 Web Development Solutions



- "'He does a great job of covering the landscape, talking in plain language without a lot of technical jargon and with many clear examples.... I highly recommend this book, well worth the time and money. It will stimulate your thinking and certainly raise your level of paranoia, and perhaps level of motivation, to lock things down.'" - David Strom - Owner - David Strom Inc.



- "'Detecing Malice' by Robert 'RSnake' Hansen is a must read for security technologists, especially incident responders attempting to deal with the constantly advancing threats to web applications. 'Detecting Malice' uses simple language to help readers build a complex technical foundation to understand the most current web attack methodologies. More importantly however, Hansen provides real-world examples of attacks and provides methods to determine the intent of an attacker from a seemingly benign piece of information. This blend of technical know-how and psycho-analysis allows the reader a rare opportunity to understand the art of web application security." - Michael Montecillo, Principle Analyst - EMA



- "Anyone I bring it up to first complains about the $40 eBook, but it's the best technical book I've bought in a while." - David Meier, Consultant - Aeritae Consulting Group


 





By purchasing the Detecting Malice anti-fraud eBook you'll get immediate access to:










* 300+ pages of highly technical detail and insights

* Deep de-composition of threats at multiple OSI layers

* Useful examples and real-world vignettes

* Industry insights on detection of malicious activity

* Useful analysis on isolating hack attempts

* Written for businesses and websites of all sizes

* Security content found nowhere else

* Hundreds of examples and pictures

* Written in small bite-sized anecdotes

* Adobe PDF format for easy portability and readability

* Extremely detailed real life deconstructed hack attempts

* Free updates when new versions become available


ClickBank sells Detecting Malice. They are a trusted online retailer specializing in digitally delivered products. When you purchase the book, you will be taken to your download immediately. As this is an electronic book, no physical product will be delivered.




Order your copy of Detecting Malice today for only $39.95 USD.




More...

share:












  Delicious Bookmark this on Delicious Share on Facebook    
 
 
   
 

Fraud like this shouldn't be ignored
I said a day ago i was gonna talk about something shocking. I'm in no ways gonna break my word..and defently not on this. This is personal...it happened to someone in my faimly   and its a story like this that shouldn't go ignored because it could happen to you.

This family relative..went to a pain clinic to deal with his pain. Went to this doctor for months...then the next thing you know this person had another appointment scheduled where they needed this doctor to fill another prescription only to find out you get no answer on the phone..and you even learn this person's voice mail is full. Not a good sign at all.  However the reason he couldn't see his doctor wasn't because the doctor has a family emergency or anything you would think to be in the tragic category.

No..this person was caught with medicad fraud! Let me repeat that...medicad fraud! I just learned about this last Thursday/Friday.
I was in shock. This is a person you put trust in to take care of your medical problems only to learn of them scamming people and the US government out of millions of dollars. I'm not sure if he was ever caught. I hope the law puts this guy where he belongs..behind bars to serve his time.

I still ask.. why did he do it? Why did he take advantage of patients like this?

I may never know the main reason but heres the story for  you to make your own opinion of it.

http://www.chron.com/disp/story.mpl/headline/metro/6496208.html

This isn't made up..this is real life.

Now after reading this story..just imagine how you would feel knowing someone or even yourself going to this kind of doctor only to learn that this is what they did behind the scenes.


It makes you wonder if they ever thought about your health to begin with doesn't it. But more importantly stories like this shouldn't go ignored. Because tomorrow it could your community, your doctor(s) that pull this kind of stunt. I hope not but stuff like this you don't even think about untill there caught.

Tommrow i'll have something better to post about but for today i just needed to get this off my chest.

Anyways thats why i wanted to post this blog. Please feel free to leave your comments and let me know what you think about these dirt bags. Thank you. :(

 
 
 

   
How do I keep trusting my friends on Mindsay?

I read wonderingsoul  blog about nadia to find out she has been a fraud all of these years.  She has been my friend ever since I came to mindsay.  I cried for her and prayed for her for years.  I felt horrible she was going through so much.  She even pretended to care about me and support me in  my own trauma only to find out she was nothing more than a fake.

 

I poured my sould out on Mindsay not once, not twice, but many times.  I am angry and I don't know who to trust anymore.  I don't know who is being sincere or being honest.

 

This did just affect "Nadia", it affected everyone who knew her and everyone who loved her.  She went to far and didn't care about our feelings.  She did this to get attention.  It is a part of Munchausen a.k.a. ficticious syndrom.  The more attention you get the more you keep doing it and the cycle never stops.

 

I don't know who to trust now. 

 
 
   
 

Voter Beware: Didja Get an Absentee Ballot?
The other day I was talking to SaikotikGunman  about receiving an absentee ballot with McPain's picture plastered all over it. I was pretty ticked off about it because I never requested an absentee ballot, and I definitely didn't request to receive such oog-lah in the mail.

Shadeofgray  brought up that I am registered Republican and that is probably why. I saw that as a possible answer until the Obama group I am a part of brought up a very odd piece of news that I had yet to read... check it out, it happened to me and could happen to you:
Progressive talk show host Lee Rayburn has gotten dozens of contacts from voters in Wisconsin, mostly recently moved, who are complaining that they have received unsolicited absentee ballot applications sent to their new addresses (not forwarded) from the McCain campaign, and that those applications have as the return address the county clerk of their FORMER address. While he was talking about this on the air today, other voters from Florida and North Carolina, as well as more from Wisconsin called to report that they had received the same. A number said that the were not registered Democrats, but had donated to Obama, so it appears that the public donor lists were the McCain campaign's source of the names. This had to have been cross-checked with change-of-address info at the BOEs.

This dirty trick serves a dual purpose. First the votes won't be counted. Second, and equally distressing, the inaccurate returned applications will be used by Republican state legislators to claim fraud by Democrats, and to push through laws with harsh voter ID provisions with which it is hard for poorer registrants to comply. This will suppress the vote in future elections.

Everyone who receives absentee ballot applications from the McCain campaign, or any unsolicited absentee ballot applications, needs (a)to not use them, (b)to publicize the problem as widely as possible including their state Democratic Party and the media, and (c)to demand an investigation by their Secretary of State immediately.

(Link)

So I give it to them that I am in fact registered republican. I can see that. But.. 1) I never requested a ballot, 2) I have had 2 changes of address in the past year and a half and 3) I donated to the Obama campaign. So maybe it was a mix up... or maybe anyone who shows any interest in the Obama campaign and is in this position is going to be screwed over. I don't care which party you belong to, this is just wrong.

Oh, and here's a picture of my trashcan for proof.



 
 
 

   
Someone got a hold of my Discover Card #!
At least it appears that way. Discover Card shut my card down. I was mad, because whenever this happened before it was for valid charges and there was no reason they should have done this.

However, someone charged $50 to my account from Bed, Bath, & Beyond in Durham, North Carolina.  The card was not swiped, but the number was keyed in. That is extremely strange, especially since I definitely did not order anything from BB&B YESTERDAY. Also I JUST got a new card, and yesterday at Rite-Aid I used the old one instead of the new one, so I thought they closed my card account bc of that.

Anyhow, this is very weird and I'm wondering who got my card #. I'm thinking any moment now I will realize that I bought a gift certificate for my mom or something, but the sad truth is....I DIDN'T!
 
 
   
 

Showing 1 - 5.   [ Next ]
 
Latest Comment
Re: expression.. - I like this... will have to stop back and read more later! "Eagle"

Read...


 
© 2005-2007 MindSay Interactive LLC
| Terms of Service
| Privacy Policy
My Account
Inbox
Account Settings
Lost Password?
Logout
Blog
Update Blog
Edit Old Entries
Pick a Theme
Customize Design
Modify Plugins
Community
Your Profile
Wiki Pages
MindSay Tags
Video & Photos
Geographic Directory
Inside MindSay
About MindSay
MindSay and RSS
Report Spam
Contact Us
Help