Category: proxies

Text message clickbait attack from g4svc.info [closed]

Recently I received a text message like this:

“xxx, we’re trying to get a hold of you about your Costco receipt UUIB-LPZ. Please claim your overcharge reimbursement here g4svc.info/6Jp1UwFdf.”

Apparently it’s a scam, but I just want to dig deeper to see what kind of attack it is. Is it just a clickbait? Or maybe it contains some JavaScript that executes instantly when I clicked on the link?

However, when I try to access it again from my laptop to analyze the source code, this link is no longer valid. It’s not like that I want to attack this server, but I really want to understand how this kind of server’s architecture works, and what kind of attack this is.

My guess is that this server keeps generating random mapping path and send to victims, whenever a URL is clicked, the server will redirect the user to the actual clickbait page, and clean up the original URL so most of the time it won’t be recorded and reported.

Why make it difficult to disable MFA tokens?

Some websites make it easy to enrol multiple TOTP apps at the same time but make it difficult to disable these apps. For instance, the user would have to completely reset the MFA settings instead of just disabling one TOTP app, or the user would have to provide a state-issued ID to have this done by user support.

What type of threat scenario does this address? After all, an attacker who would be able to authenticate as a legitimate user would then be able to change the password and lock the legitimate user out, so what is the difference?

Kafka source code on github and from the apache website is missing the “org.apache.kafka.common.message.” package? [closed]

I tried downloading the source code of Kafka from Github as well as from Apache’s website. I found that both the sources were missing the “org.apache.kafka.common.message.” package. Can anybody kindly let me know why this might be the case.

Kindly note that I had downloaded the source of “AK RELEASE 2.5.0” from Apache’s website. Similarly I used “trunk” branch from the current github repository for kafka.

Efficient Data Structure for Closest Euclidean Distance

The question is inspired by the following UVa problem: https://onlinejudge.org/index.php?option=onlinejudge&Itemid=99999999&category=18&page=show_problem&problem=1628.

A network of autonomous, battery-powered, data acquisition stations has been installed to monitor the climate in the region of Amazon. An order-dispatch station can initiate transmission of instructions to the control stations so that they change their current parameters. To avoid overloading the battery, each station (including the order-dispatch station) can only transmit to two other stations. The destinataries of a station are the two closest stations. In case of draw, the first criterion is to chose the westernmost (leftmost on the map), and the second criterion is to chose the southernmost (lowest on the map). You are commissioned by Amazon State Government to write a program that decides if, given the localization of each station, messages can reach all stations.

The naive algorithm of course would build a graph with stations as vertices and calculate the edges from a given vertex by searching through all other vertices for the closest two. Then, we could simply run DFS/BFS. Of course, this takes $ O(V^2)$ time to construct the graph (which does pass the test cases). My question, though, is if we can build the graph any faster with an appropriate data structure. Specifically, given an arbitrary query point $ p$ and a given set of points $ S$ , can we organize the points in $ S$ in such a way that we can quickly find the two closest points in $ S$ to $ p$ (say, in $ \log V$ time?).

How to find out where CNAME resolved to?

Resolved as in, in the past… Are there any tools for this?

I am doing some research into pentesting and subdomain takeovers with cloud providers like AWS and Azure. I have a list of subdomains (A records) that could be used for this, but they are indecipherable in terms of seeing where they once resolved to. Without this information, the entire thing is redundant.

For example: sjd-3949-af3.trafficmanager.net would have originally resolved to mydomain.takeover.com but doesn’t now.

Anyone know how to find this out please?