Wednesday, October 7, 2009

Ready? ./set

Social Engineer Toolkit:

The Social Engineering Toolkit (SET) is a python-driven suite of custom tools,
SET has two main methods of attack, one is utilizing Metasploit payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing.

The SET is designed to make complex social engineering tasks relatively simple for you by allowing you to utilize a robust framework for penetration tests.

SET works with metasploit and basicaly targets on automatic mail and website attack.

Email password leak update

After the leak of 10,000 Hotmail and Windows live email passwords and details yesterday, this morning it emerges that another list containing 20,000 e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and others service providers has been posted online.

There were more then 10,028 pairs of user names and passwords posted to multiple pages of public upload website like, some of which remained live at time of writing. The stash is likely only a small sample of a much larger file,

Wouldn't it be great if this phishing was somehow linked to Mafia Wars or any other FB APP? could it be a phising attack?