I don’t think many of you have heard of SPYSE (I didn’t before this interview) before, but let me tell you - they are amazing people, great developers and believe me when I say they are contributing great to information security community with their amazing tools and projects. I got interested and frankly heard about them when I checked out on certdb and findsubdomains projects - remarkable sites and highly recommended to have a look!
Many of us are in the security consulting business, or bug bounties, or even network intelligence and have now and then come across a need to find subdomains. The requirement can be from either side of the table - a consultant assessing a client’s internet presence, or a company validating its own digital footprint. In more than a decade, it has happened so many times that people are not aware of what old assets are they running, and hence can be exploited to either damage the brand image, or actual networks.
It’s 21st century, the year 2014 and we are still on ground zero talking about spam emails and attacks like spear phishing. No matter how stringent your controls are, how much you have invest in your “defense in depth” approach, a single human being of your firm clicking a link on an unsolicited email can crumble your empire. This is not at all melodramatic as it sounds. It is for real, is scary and sad.
Before you deep dive in the technical information, I wish to confirm that this vulnerability has been FIXED. Thanks to PAYTM for taking a quick action. Looking forward for such quick response on security concerns. Kudos! Don’t get this wrong. I wish to share a vulnerability that can be leveraged by attackers to perform/ initiate a spear phishing attack. The website in discussion is paytm.com. There is an information disclosure vulnerability in the main website, and an un-authenticated user can query for a mail address against a mobile number.
We come across so many links via social networking websites, and we unknowingly click many of these. The malicious links have catastrophic results and the system as well as yours privacy is either compromised or your data takes the hit. Here is one such analysis of a link dated 17.April.2012 that I came across via Twitter and LinkedIn. NOTE: All links have been appended with ‘non-clickable’ suffix hxxp:// to prevent mistaken clicks.