Before you deep dive in the technical information, I wish to confirm that this vulnerability has been FIXED. Thanks to PAYTM for taking a quick action. Looking forward for such quick response on security concerns. Kudos! Don’t get this wrong. I wish to share a vulnerability that can be leveraged by attackers to perform/ initiate a spear phishing attack. The website in discussion is paytm.com. There is an information disclosure vulnerability in the main website, and an un-authenticated user can query for a mail address against a mobile number.
We come across so many links via social networking websites, and we unknowingly click many of these. The malicious links have catastrophic results and the system as well as yours privacy is either compromised or your data takes the hit. Here is one such analysis of a link dated 17.April.2012 that I came across via Twitter and LinkedIn. NOTE: All links have been appended with ‘non-clickable’ suffix hxxp:// to prevent mistaken clicks.
Vulnerabilities are increasing by leaps and bounds and any industry – technical or non-technical has to grow its security in sync or else, it is highly vulnerable and lucrative target. There is news of data loss, breaches every now and then. A rough estimate of the growth of vulnerabilities (as reported) over last decade (1995-2008) is shown in Figure 1. This accounts to vulnerabilities as reported, wherein there are hundreds of active (non-reported or un-patched) vulnerabilities floating underground which are in the hands of money driven and black hat profit driven attackers.
It’s the kind of evening that anyone would expect me to be sitting in office for a snacks time conversation. But today due to some power problems, we called the day off pretty early. I was feeling a little restless, so came out and walked into a Cafe Coffee Day (CCD) to have an Expresso. On the table next to me, there is a group of teens discussing about Facebook, Orkut etc.