January 2009

Vonage phish

This is interesting:

Dear Vonage Member,

Your Vonage Account will expire in: January, 20 2009

This might have happened due to the following reasons:
– You did not accessed your account for more than a month.
– You have dynamic IP address and due to that our system might have interpretated it as a hacking attempt.
– You entered a wrong password 3 times when you tried to connect to your Vonage Account.

To avoid an account suspension, please click link below:


*We will check your IP address, time zone, and confront it with our database logs.

We are very sorry if this affects you in any way but our client’s security is a top priority for Vonage Inc.


Vonage Security Team.

The link points to a phishing site that is stored in India and collects your vonage username and password. Go one directory up to see the complete kit.

This is a cute attack: you may be thinking, what can they possibly gain by logging into a vonage account? Well, Vonage has a useful feature of redirecting your calls to another number. If that other number is a paid service (or an international number, say, in India) you will pay extra and Vonage will pay that service provider (or telcom company). At that point, they just need to call your number and hold the line while counting the revenue coming in – very oldschool.

NATO Website Hacked

The NATO Parliamentary Website –> www.nato-pa.int was defaced by a Turkish hacker recently.

According to www.nato-pa.int:

“Bringing together members of parliaments throughout the Atlantic Alliance, the NATO Parliamentary Assembly has provided for half a century an essential link between NATO and the parliaments of the NATO nations, helping to build parliamentary and public consensus in support of Alliance policies.”

The server looks like its running Windows 2003 and IIS 6. My guess: SQL Injection, WebDAV exploit, or some other web bug. But something else to think about would be rumors of an IIS 6 0day floating around a while back…