I won $10,000 worth of shopping voucher??

I received an email informing me that i have won $10,000 worth of shopping voucher coming from HardwareZone's newsletter.

The email format really give me the impression that i am the lucky winner, with two other "winners" listed in the email.



But after reading through the emails, it start to show tell-tale sign that it is just an advertisment and i did not really won a prize. They skillfully claims that "you may be a possible winner" as not to be accused as fraud later.



After clicking the link "www.greatsingaporevoucher.com.sg" to "verify" your details, it was obvious that the email is actually a legal "spam".

By "verifying" your details, you are actually joining the lucky draw instead. It also allow them to collect your information so to legally "spam" you further via Handphone, email, and mailing address.




w01f advise: If anyone still interested to join this lucky draw (or any similar online contest) and to be "spam" further, make sure you read and understand their "Terms and Conditions" and "Privacy Policy" before releasing your personal information to them.

Default again?

Another device found to be using default password. This time is a home router in Korea. It is a DAVOLINK DVW-2000N router.




w01f advise: Home router console should not be accessible from the Internet. The account should also be properly secured with strong password.

"Easy" access to exam questions?

While doing my "googling" and security analysis, i happen to come across a Shanghai school portal and manage to easily "gain access" into the "admin" account.



With the admin access, i am able to access to all the documents in the portal. Wondering if there are any exam questions in there?



I can do a listing of all the user account, which i can edit or delete.

w01f advise: Web portal should be proper secured, especially the administrative account. Strong password should also be used by all users.


Disclaimer: Only access to the "main" and "user account" page, no modification to the portal and no download of any files from this portal. It is purely for security awareness purpose with no malicious intent.

Should print server be secured?

Recently, there are many news on data lost of customer information, product designs and algorithms from big corporation. WikiLeaks that exposed sensitive communication. Printers can be one of the good source of data leakage.

When surfing and "googling" around the Internet, we still see many print servers accessible from Internet. Some of these print servers were even configured with default login credential.

Beside data leakage, you can also create some disruptions to their business by making unauthorized changes.

Below are some examples, which i manage to gain access.



From the Admin console, we can access the "System Tools".




We can also make changes in "Advanced Setting".




w01f advise: Print server should not be accessible from the Internet. If access from the Internet is required, make sure it is properly secured and change all default login.