Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Fwd: Its time to take rick rolling seriously
From: "Razi Shaban" <razishaban () gmail com>
Date: Sat, 26 Apr 2008 23:02:22 +0300

Actually, yes.

I made a video about something similar the other day, you can find it at:


It elaborates on a few of your ideas, but refutes some others.


On 4/26/08, n3td3v <xploitable () gmail com> wrote:
---------- Forwarded message ----------
 From: n3td3v <xploitable () gmail com>
 Date: Sat, Apr 5, 2008 at 2:17 AM
 Subject: Its time to take rick rolling seriously
 To: n3td3v <n3td3v () googlegroups com>

 We need a big list of all the rick roll URL's, so we can protect the
  public against it.

  Network operators need a list of rick roll URL's to add to the block list.

  Can someone harvest all the rick roll URL's and post them as one list
  for folks to copy&paste into their block lists?

  Some of the rick rolls don't go to Youtube, some of them are
  sophisticated javascript that we need to clampdown on, so not to waste
  productivity and resources on these sites getting executed

  If you don't think this is a security issue, its time to wake up.


  If you look at how many hits the Youtube rick roll got alone, then
  that goes someway in showing your average joe how easy it is to
  compromise folks through phishing.

  Sure, it looks harmless enough, but the bottom like is, the Youtube
  link (don't click) http://youtube.com/watch?v=eBGIQ7ZuuiU has
  generated upto  9,290,352 views in only a few months since the craze
  took off via mostly social bookmarking sites such as Digg, Reddit.

  Those could easily equal into 9,290,352 malicious phishes, 9,290,352
  credit cards and 9,290,352 identity frauds.

  Now, what happens if the cyber criminals catch onto the rick roll and
  start "cyber rolling" everyone with malicious code or links to a
  forged banking site, then that's really going to be bad.

  So who is keeping track of rick rolling, so it doesn't turn into a
  "cyber roll" where folks get compromised?

  The media and others should use the rick rolling as a wake up call as
  to how easy it is for folks to be fooled, and if its just rick ashley
  this time, it might be more than "never gonna give you up" next time,
  because it could be your cyber security and bank info you're giving up
  in the future, so i'm calling on network security professionals and
  the media to use rick rolling as a highlight case of the dangers posed
  by social engineering and phishing by hackers, which can ultimately
  lead to data loss and disaster. rick rolling should be used to
  highlight awareness of the threat posed by link-based-phishing towards
  your everyday average single mom, retired couple or the 9,290,352
  folks who have to date been "rick rolled", who are the next
  potentially phished.

  And, not all, rick rolling could be used be an attacker to see how
  gullible his target is to links, before carrying out a full on
  phishing attack, so there are many issues here with rick rolling which
  the security community may not have grasped up till now.

  If you think its stupid, 9,290,352 were and thats alarming says n3td3v.

  There are stupid people out there and rick rolling could be an easy
  way to find the stupid people before your ultimate attack.

  Carry on the uses of rick rolling below this e-mail by cyber attackers
  and the indications its giving out to folks on how easy phishing and
  socialing engineering really is on the internet today.

  I see a new craze of "cyber rolling" coming which hackers can exploit
  and i'm not sure if I like it very much, its fun and games at the
  moment, but just wait to the hackers catch on and things develop with
  the rick roll trend.

  I'm worried, are you?

  All the best,


 Full-Disclosure - We believe in it.
 Charter: http://lists.grok.org.uk/full-disclosure-charter.html
 Hosted and sponsored by Secunia - http://secunia.com/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]