Blog for hpHosts, and whatever else I feel like writing about ....

Monday, 23 January 2012 In and out of common sense

Oh dear, this isn't going to end well. To clarify folks - as makes clear, there isn't a vulnerability here - it's a simple case of typo-squatting and attempted extortion.

Introducing Arthur 'Wesley' Kenzie, aka Securikai

Late in December of 2011, HD Moore received a curious email from "Arthur (Wesley) Kenzie" notifying him that Kenzie had "important information to discuss with you regarding an email vulnerability that I have discovered affecting your organization." The mail was sent to HD at his personal domain "", where he is the only person receiving mail. Kenzie goes on to say that more information about the vulnerability can be found on his web site under the category "Black Hole" email vulnerability.

In short, Kenzie's "black hole email vulnerability" is simply the act of creating a domain that is very similar to a target domain, and accepting email sent to any address at that domain. For those of you who have been in the security industry for more than a year, you probably know this practice as Typosquatting. Wikipedia defines this as "a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to an alternative website owned by a cybersquatter." Rather than a "vulnerability in HD's organization" as Kenzie framed it, this is a well-known occurrence on the Internet that happens to be routinely exploited by unsavory characters.

Read more

Rather hillariously, it seems is trying to justify his actions (and failing miserably) claiming he's doing these companies a "favor" - he is in one sense, in the fact he's letting the companies know exactly who is responsible, and providing evidence to help them get him prosecuted for extortion.

No comments: