Solipsism Gradient

Rainer Brockerhoff’s blog

Browsing Posts in Miscellaneous

[Note for English-language readers: I describe a transient DNS poisoning attack against Banco do Brasil.]

Ontem, dia 4 de maio, em torno de 13:00 locais (17:00 GMT) entrei no site do Banco do Brasil. Na tela normal de login, tem-se que informar agência, conta e a senha de 8 dígitos. Feito isto, apareceu uma tela — inusitada! — solicitando, também, a senha de 6 dígitos!

Apesar da tela normal, com todos os logos etc. no lugar, desconfiei e olhei alguns dos links que saíam desta tela. Vários deles se dirigiam a um servidor, também, inusitado: ndninternetbbseguro.bb.com.br.  Fui verificar via whois:

whois ndninternetbbseguro.bb.com.br
...
domain:      bb.com.br
owner:       BANCO DO BRASIL S.A.
ownerid:     000.000.000/0001-91

ou seja, aparentemente normal. Porém, mirando este servidor eu vi:

PING ndninternetbbseguro.bb.com.br (46.166.173.180): 56 data bytes
64 bytes from 46.166.173.180: icmp_seq=0 ttl=48 time=1203.666 ms

um endereço que não me lembrava de ter visto para um site brasileiro. De fato:

whois 46.166.173.180
...
inetnum:        46.166.173.0 - 46.166.173.255
netname:        BALTICSERVERS-LT-DEDICATED
descr:          Dedicated servers
country:        LT
...
person:         Martynas Simkevicius
address:        Tilzes 74
address:        LT-76140 Siauliai

ou seja, um servidor localizado na Lituânia! Obviamente se tratava de um ataque “DNS Cache Poisoning” e isto, provavelmente, nos DNS da Vivo, meu provedor atual. Claro, não prossegui nas páginas nem tentei seguir os links; mas, com toda certeza, minha senha de 8 dígitos já tinha sido enviada ao impostor.

Vi outro relato possivelmente relacionado ao incidente nesta mensagem:
https://twitter.com/andreas_schutz/status/727143088582434817
“Your connection is not secure…” e, depois, um erro na configuração SSL/certificados do servidor www2.bancobrasil.com.br, que eu sabia ser um dos normalmente usados no internet banking do BB. Tentei acessar este servidor aqui, com o mesmo resultado.

relatos esporádicos de tais ataques contra o BB no passado, e muitos contra outros alvos.

Por precaução, fui imediatamente ao banco e alterei as minhas senhas — e, de fato, do terminal de lá conseguia acessar a conta normalmente. De volta, mudei para outro DNS e apaguei os caches; também, agora, tudo de volta ao normal aqui em casa.

Back again…

No comments

…and you probably hadn’t realized I was away. Well, we spent 10 days away in Chile (more precisely, the Atacama Desert) and Bolivia (Salar de Uyuni). Here’s our updated world map (61 countries):

Briefly, it was tiring and cold but the landscapes were worth it.

Now back to the old drawing board; a bug-fix update to RB App Checker Lite should be out tomorrow, I hope. Stay tuned.

It took more time than I thought, but here’s the second public beta for RB App Checker Lite.

The UI looks better, the text is zoomable, it parses in-app purchase receipts, and many bugs have been fixed. It will also run on the 10.8 developer preview 2. Please check out the product page for details.

As before, this beta will run for 60 days from today (build day). Still missing:

  • Printing (well, it works but not well)
  • Better help text
  • Online updating

Please send feedback! There’s a convenient “Email the Developer” menu item in the Help menu just for that.

Shape Type

No comments

In the same vein as A Kerning Game, this test makes you drag around bezier control points to make characters look optimal:

Shape Type

This is trickier than the previous one, since you have to consider what the style of the font might be like. (They tell you the name of the font but I suppose looking it up would be cheating…). I scored only 81 out of 100.

A Kerning Game

No comments

Been some time since I posted a test and this one is rather specialized:

KERNTYPE a kerning game

You must drag the middle letters into the optimal position – the leftmost and rightmost won’t move. It’s been many years since I played around with font design, and so I scored only 85 out of 100. 🙁

Busy backson

1 comment

This is just to assure you, faithful reader, that I’m alive and well. (And also to make a test post, since I’m twiddling with the underlying software.)

Re: Look! a bandwagon!

No comments

Posted by pablowestenh:
its extremely quiet in here icon_neutral.gif

post some interesting topic guys

Look! a bandwagon!

No comments

I seem to have boarded the latest bandwagon du jour. They seem to come at progressively shorter intervals these days – the last one was just two days ago. In other news, serious work today has again been successfully averted…

Photos licensed by Creative Commons license. Unless otherwise noted, content © 2002-2017 by Rainer Brockerhoff. Iravan child theme by Rainer Brockerhoff, based on Arjuna-X, a WordPress Theme by SRS Solutions. jQuery UI based on Aristo.