Free Coupons can HACK you

Free Coupons can HACK you 102

Last Friday, we came across an interesting case study. Here a graduate from India’s reputed Information Technology College was a victim. He told our team, that few days back he bought a Camera online, for which he was looking for free coupons (as we all do :P). While he was looking for coupon he got a 10 Digit number, seems to be a coupon. As a note, below to coupon something was written “Add this coupon to URL after selecting a net-banking”. After he made the transaction he found that some extra money was detected from his account.

 

Sooner or later, this case was reported to HANS – Anti Hacking Anticipation Society. We started investigation and today finally came to a conclusion that it was a matter of DOTless IP.

 

Let’s make our hand Dirty.

 

Type: ” 1249739623″ in address bar and see the magic.

 

free coupon hack

 

Usually this art is used by spammers / Scammers to fool the internet users.

 

h t t p : / / F A K E _ U R L @ 1 2 4 9 7 3 9 6 2 3

 

First take note of the “@” symbol that appears a mid of String and numbers. In actual fact, everything between “http://” and “@” is completely irrelevant! Just about anything can go in there and it makes no difference whatsoever to the final result.

 

free coupon hack

 

This feature is actually used for authentication. If a login name and/or password is required to access a web page, it can be included here and login will be automatic.

 

Example: http://username:password@1249739623

 

But if the page requires no authentication, the authentication text is in effect ignored by both browser and server.

 

This feature is actually used for authentication. If a login name and/or password is required to access a web page, it can be included here and login will be automatic. By the way, the @ symbol can be represented by its hex code %40 to further confuse things; this works for the IE browser.

 

All right, so what about that long number after the “@”? How do 1249739623 get you to www. google .co . in?In actual fact, the two are equivalent to one another. You need to know (most Net users know this), is that Internet names translate to numbers called IP addresses. An IP address is normally seen in “dotted decimal” format. http://www.google.com translates to 74.125.131.103. So of course, this page’s address can be expressed as: http:// 7 4 . 1 2 5 . 1 3 1 . 1 0 3/.

 

This technique is also known as OBSUFUCATION. So, moral of the story is nothing is free except sun and air.

 

Be Aware, Be secure.

If you like this post Share it Like it

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s