go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: security news and commentary

Go to Homepage [0], contents or to navigation menu



A twitter update worth sharing

I decided to go ahead and check on the twitter issues we’ve had been covering both on the box, and a segment in the regular podcast.

Twitter Support, We’re hearing confusion around how the 8 accounts we reported yesterday relate to the 36 we reported today. These numbers refer to different things. 5 days ago, Twitter Web App

Twitter Support, 8 is the number of accounts where an archive of “Your Twitter Data” was downloaded. This includes all of *your* account activity including DMs. None of the YTD downloads impacted Verified accounts. https://help.twitter.com/en/managing-your-account/accessing-your-twitter-data 5 days ago, Twitter Web App

Twitter Support, 36 is the number of accounts where the attacker took control of the account and viewed the DM inbox on https://Twitter.com. 5 days ago, Twitter Web App

Twitter Support, To recap:
?130 total accounts targeted by attackers
?45 accounts had Tweets sent by attackers
?36 accounts had the DM inbox accessed
?8 accounts had an archive of “Your Twitter Data” downloaded, none of these are Verified 5 days ago, Twitter Web App

I want to make sure people see this, as Twitter has been very transparent as of late, so this is a good sign. These tweets are 5 days old, and I tought about looking as of late. Its never too late to share this type of data with the community in case they do not follow or know about the information being disseminated.

What to read:

Were you impacted by the issues that started on July 15th? Do you think twitter has been more transparent? Please sound off! If you’re a twitter user, read the related link dealing with your data, I’ve read quite a bit and its pretty straight forward.

Comments Off on A twitter update worth sharing

The latest on twitter: Monday , 7/20 18:00 PT

I was asked about any updates on the twitter situation. While its still in the investigation phase, I’m a little bit concerned, however, we really don’t know what went on so I’m not going to pass judgement.

Here’s the latest from Twitter Support and I thought I’d pass it along.

Twitter Support, We’re sharing a blog post that collects the latest on our investigation. It reiterates what we’ve already shared here, and includes a few new findings. https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html 2 days ago, Twitter Web App

Twitter Support, As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. 2 days ago, Twitter Web App

Twitter Support, We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. 2 days ago, Twitter Web App

Twitter Support, For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true. 2 days ago, Twitter Web App

Twitter Support, Our investigation and cooperation with law enforcement continues, and we remain committed to sharing any updates here. More to come via @TwitterSupport as our investigation continues. 2 days ago, Twitter Web App

Twitter Support, We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right. 2 days ago, Twitter Web App

Twitter Support, There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts. 2 days ago, Twitter Web App

Here’s a link to that blog post and I hope we continue to learn more.

To add my own thoughts, I don’t think that this was a deliberate act of Twitter. I’m sure someone made a mistake, and the mistakes can give people a falst sense of security if a major breach takes place. Ongoing training was the big point I took from the blog post which I urge everyone to read. The investigation is still ongoing, and I’m sure we’ll learn more. The blog post has a lot of what is quoted from twitter, so please read the entire post. Thanks so much for reading the blog.

There are no news articles at press time from my sources with anything new. The link to Twitter’s blog came directly from Twitter directly.

Comments Off on The latest on twitter: Monday , 7/20 18:00 PT

Breaking! An Apparent Megabreach at twitter? More to come

I saw a tweet from Steve Gibson from Security now about a potential incident that has happened today.

Steve Gibson, Yay! Verified Twitter users are again able to Tweet. Twitter had clamped down during today’s recent Mega Twitter Hack! 7 minutes ago, TweetDeck

Steve Gibson, Re: Today’s Mega Twitter Hack:
I’ll be on live with Jason Thursday morning at 11am Pacific to discuss everything we know about today’s hack. See you there! 🙂 6 minutes ago, TweetDeck

Here are tweets from Twitter support directly.

Twitter Support, We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly. 2 hours ago, Twitter Web App

Twitter Support, You may be unable to Tweet or reset your password while we review and address this incident. 2 hours ago, Twitter Web App

Twitter Support, We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience. an hour ago, Twitter Web App

I’ll join Twit tomorrow morning to see what Jason and Steve will be talking about. More later.

Comments (2)

Spam likely, this is the first I’ve seen this

I was on a phone call this morning, and i was getting an inbound call when we were about to finish our call. The phone said Spam likely, and I didn’t see the number at first while it rang. The missed call notification I got was “spam risk” and when going in there I found the phone number that called.

This is the first time I’ve seen this, because I’ve heard of people receiving these notifications on their calls for some time. I think this is great news! Maybe now I can go back to possibly answering my phone for phone numbers now knowing I have this to help me.

This is known as STIR/SHAKEN where this is a protocol where caller ID can’t be spoofed. It does not stop the calls from coming in unless you specifically go on to your phone settings and turn on silence unknown callers. I’m not necessarily sure if thats the right thing to do, as places like doctor offices, hospitals, and other companies use a bank of phone numbers and you’ll miss calls.

Its best to link to the Wikipedia article as there are a lot of links to various aspects including the caller ID spoofing, Internet Engineering Task Force, and nore. Security Now has also talked about this on their podcast and you should check it out.

Security Now! is the longest running twit show to date. I know I’m behind, and I need to catch up, but it is a show worth listening to.

This technology works no matter the phone, a person who comes here to assist me does not have an iphone. This is nice to see!

You can see Security Now! podcast 761 for a recent update on this.

How have you delbt with the spam likely calls? Turn on the unknown callers and call people back? I aught to play with it and see if thats the way to go. Your thoughts are welcome.

Comments (1)

What is the state of Antivirus today? Is it about dead?

I read an email now twice, and it made me think the first time about the status of whether it is worth using Antivirus software. Companys like Eset, Trend Micro, and Norton are household names in this industry. Recently, I got an email from someone who wanted me to link to Eset in a piece I ran way back many years ago. I normally don’t do this because people don’t go back that far, but the email I got from Shaun got me to think.

I really like the way Trend Micro worked when I used it. It blocked things that were potentially harmful, and I could still view the portions of the page that were safe. If the entire web site was bad, they let you know! They’ve got a vast network and use the cloud to help keep you safe by proactively blocking bad URL’s or web sites as its been known.

I’ve also used Norton and Eset, and both were good in their time. While I’m not going to say one way or another whether any of these products are good today, I know that Windows Defender is not. I know this because I purposely downloaded a file I knew was bad. This program never picked it off. I think I deleted it now, but if Defender is to be good, it would know about this potential file because it came from an email claiming that I had an invoice, or some such thing.

In 2017, I wrote a very interesting blog post Antivirus and the disabled computer user where I ask the question of what is accessible out there. Two different products came out and none were products like Eset or even Trend Micro. I did download home, and never installed it.

In recent discussions, someone who does a technology show on the mix indicated I should get Malware Bytes. I’ve never used it, but the feedback I got indicated that it was accessible, and I’ve been contemplating downloading it.

In June 2020, I got the following Email from Shaun which sparked me thinking about this again, and I told the person I’d put a link to eset in to a post after thoroughly reviewing the following email.

Hi.

Got this from another list I am lerking on.

Reviewing the windows release info there is something about avast.

What scares me is that avast own avg now.

So your supposed security software can smash your system to bits now.

You know I am so happy I no longer use security software bar windows defender with many excludes.

I do have and run from time to time malwarebytes but if this is the state of security software, then I’d rather get a virus, or hacked, or have to pay
a ransom.

I read the forums linked to from one of the posts and several others in the same vain and many people have had their systems completely destroyed.

Its a shame I have to say that, but maybe our security companies are getting to greedy on things.

Some of these guys that got hit actually payed for this shit, guess they won’t be coming back.

Not without reformatting and reinstalling everything at any rate which is what I would do.

I am surprised no one is suing over this, I’d at least want my money back and would never go back.

So pleased I quit the comercial security suite thing back in 2007.

My friend or at least one of them and his family are still wedded to norton.

After hearing all this, its really stopped me trusting any security suite or any anti anything software period at least all thirdparty things.

I’ll take passive preventitive protection and on demand protection but all these active defence live protections seem to be more trouble than they are
worth.

In my case it works but I have had to exclude so much of my drive from the viruses thing I may as well not bother running something like security.

And if microsoft gets really annoyed its starts saying system files that don’t exist have issues.

So far these are programs I can do without but I still get mad at all this.

In 2007 when it was accessibility it wasn’t to bad, it only got really bad in 2012 and didn’t get really bad till the end of last year beginning of this
year.

I first noticed it after symantech got norton back in 2003, before that I actually used things and they worked.

The forwarded message links to two links about Windows 10 version 2004.

The first, Windows 10, version 2004 and Windows Server, version 2004 Known Issues and the second Resolved issues in Windows 10, version 2004 and Windows Server, version 2004. On the accessibility front, Blind Bargains posted Windows 10 2004 is Available; Narrator Gets Improved Web and Outlook Support, Even Firefox Compatibility on June 11th.

All of this is great, but what about the security software? Where does it stand with all of this? I don’t want to use inferior software that is not accessible enough to use to set up or even use if it does detect a problem.

Is MSE the best we can do? Windows Defender? Please sound off!

Comments (2)

Our Cyber Hygiene is very important

In a June 2020 video from Scott Schober, he talks about normal day-to-day hygiene and our cyber hygene when it comes to the covid-19 pandemic we’re continuing to face across the United States. While it was posted mid-june, I listened to it today, and it is still valuable and talks to people that I think may come across it. I’m going to link to it here, and it is the direct Youtube link.

Cyber Hygiene in age of COVID-19 is the video, and do give it a listen or a watch. You might find something that you may need to change in your practices for today’s Internet and technology age.

Comments Off on Our Cyber Hygiene is very important

Name doesn’t match, theres no deal

In the below comment form I just saw, although you’ve seen this before, the names don’t match.


Below is the result of your feedback form. It was submitted by
() on Sunday, May 03, 2020 at 17:01:44

Name: Elijah
phone: 02.47.98.76.96
contact_method: both E-mail and phone
bug: no
additional_bug_info: Hello

First, I would just like to say that I hope that you, your colleagues and loved ones are all healthy and well during these challenging times.

I think you have a great website, however I feel that you lack engaging videos to promote your products.

We offer customised animated videos at pricing you probably haven’t seen before. Please check us out at https://bit.ly/3bLCbFT

We are running a promotion for the next 24 hours.

Best wishes,

Ian
comment_or_question: Hello

First, I would just like to say that I hope that you, your colleagues and loved ones are all healthy and well during these challenging times.

I think you have a great website, however I feel that you lack engaging videos to promote your products.

We offer customised animated videos at pricing you probably haven’t seen before. Please check us out at https://bit.ly/3bLCbFT

We are running a promotion for the next 24 hours.

Best wishes,

Ian

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
REMOTE_ADDR: 89.187.178.239


What deal for what videos? I didn’t ask for any emails about any videos. This doesn’t even make sense and you fill out the bug reporting aspect of this as well as the comment aspect?

I should start blocking everyone who can’t fill out the forms correctly. No IP lookups, just flat out blocking through something called an IP deny manager. I hate the idea of blocking, as that can be circumvented, but fighting Spam like this needs to start somewhere. I’ve already killed one contact form, I should need to kill another one or two or three? Then nobody will contact us and thats not what the network is for. I’m curious on how people deal with these, especially now that we can’t go anywhere in some places. Do you block things like these at the IP level? We already know the forms email addresses could be forged anyway so blocking by email isn’t the question, and some form processors allow for that. I’d say I could do that, but I don’t like the idea because it can easily gotten around.

Comments (2)

Another type of extortion attempt? I am not laughing, nor am I convinced

I’ve gotten two of these emails, one at jaredrimer.net and the other at whitecanetravel.com on the 28th. I want people to see this, and tell me if I’m correct. Do you all think this is an extortion attempt? I do, as bugs legitimently coming to me I fix. If I’ve been hacked, I want to know about it so I can fix it. If I can’t, I can get the assistance. You be the judge.

Here is the first form.


Below is the result of your feedback form. It was submitted by
() on Thursday, April 30, 2020 at 01:08:41

Name: Leticia
phone: 479 9456
contact_method: phone
bug: no
additional_bug_info: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.jaredrimer.net and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.jaredrimer.net was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1HGxLfhnMzPEzWD7YeBwtWUGj3E2Q2YJKE

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I donâ t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, thereâ s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, donâ t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.
comment_or_question: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.jaredrimer.net and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.jaredrimer.net was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1HGxLfhnMzPEzWD7YeBwtWUGj3E2Q2YJKE

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I donâ t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, thereâ s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, donâ t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
REMOTE_ADDR: 92.223.89.5


Thats nice. You clain you hacked white cane travel and extracted data, but there is no data to be had. jaredrimer.net has no data to be had either, unless you hacked my word press database. If thats the case, you’ll have a lot of spam accounts plus a few legit accounts. WCT does not have any stored data, and any forms that come come via email. I hope you people have fun with whatever you had.

Here’s WCT’s email.
<


Below is the result of your feedback form. It was submitted by
() on Tuesday, April 28, 2020 at 09:12:45

name: Adam
phone: 04.35.62.75.78
method: Both E-Mail and Phone
to: First Available
bug: No
additional_bug_info: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.whitecanetravel.com and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.whitecanetravel.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1Bs6CYDuHy1UGLr5ccz2UxRNcPGpeAa7tz

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I don_t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there_s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don_t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.
comment_or_question: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.whitecanetravel.com and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.whitecanetravel.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1Bs6CYDuHy1UGLr5ccz2UxRNcPGpeAa7tz

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I don_t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there_s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don_t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.

HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:59.0) Gecko/20100101 Firefox/59.0
REMOTE_ADDR: 92.223.89.5


Do you all think this network is stupid? If there is a legitiment bug, I need to know, I’m not scared by my reputation because you fill out the comment form in the bug reporting form trying to scare me. You say not to contact you, but I bet the addresses in both forms I provided are fake. I know the phone numbers provided are definitely fake, so I surmise this is fake. Have fun with whatever data you have, because bugs that come to me get fixed. It is a blatent targeted attempt to extort money, and I want people to see this. I need every dime of my money right now, and I know other people do too. Have fun trying to extort me, because I have things under control. Enjoy!

Comments Off on Another type of extortion attempt? I am not laughing, nor am I convinced

Nigerian 419 scam takes advantage of the Corona Virus pandemic

I should probably not be surprised while catching up on Phishlabs and their continuing coverage of lures that can take advantage of people during the Covid pandemic.

Nigerian letter frauds combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter mailed, or e-mailed, from Nigeria offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author—a self-proclaimed government official—is trying to transfer illegally out of Nigeria. The recipient is encouraged to send information to the author, such as blank letterhead stationery, bank name and account numbers, and other identifying information using a fax number given in the letter or return e-mail address provided in the message. The scheme relies on convincing a willing victim, who has demonstrated a “propensity for larceny” by responding to the invitation, to send money to the author of the letter in Nigeria in several installments of increasing amounts for a variety of reasons.

FBI: Nigerian Letter or “419” Fraud

Accessed April 13, 2020: 14:15 PT

While these are the common schemes quoted above, Phishlabs is reporting that they have now updated this very successful tactic for the modern pandemic.

Its not like people have anything else to do but get swept in to these types of things, and I’ve seen this type of thing sent to my email.

One of them contacted me through twitter, asking me to email them.

I did, thinking maybe it was a penpal relationship like they used to do via the mail or letterbox.

Boy, was I wrong. After sending an email, I got greeted with this type of scam.

In the following example, I’ve eliminated the point of contact, but left the letter in tact for you to see how this works. There are very different forms of this, and this is just one. I did respond saying I couldn’t help them and explained to them what this was. Never heard from them again!


Hello, my darling

Please with due respect and in the name of God.
First, thank you; in line with the message I sent to you, I am more than happy in your reply to my email. How is everything there in your country, I believe that you are in good health, and the atmosphere there in your country is very nice today? Mine is a little bit warm over here in Dakar Senegal.

My name is (claribel Abdel) am from Libya in North Africa, I am (23 years old), but age does not matter in a real relationship, I’m from (Libya), 5.2 feet tall, fair complexion in single (never married) and am currently residing here in Dakar as a result of the war that happened in my country that I had escaped to this country Senegal were’m under refugee camp.

My late father Major General (Abdel Fattah YOUNES). My late father He held the rank of Major General and the post of Minister of the Interior, but resigned on February 22, 2011 to desert the rebel civil war in Libya. My father was killed by members of an anti-Gaddafi military on 28 July 2011. When the rebels anti-Gaddafi military troupe attacked our house one early morning killing my parents. Also my mother was six months pregnant and she was a university professor before his death, it is only me that is alive now because I am the only child of my parents, and I managed to make my way with the help of UN to Senegal, where I am leaving now as a refugee. It was on a morning attack early by militant groups killed two members of my family my mother and father in a cold blood, also my mother was six months pregnant.

Now, as I’m talking to you, I am the only living person in my family, and I managed to make my way to this country (Senegal), where I’m going now as a refugee under the care of Rev. Father John Simon, who is the priest (Catholic Church Saint-Louis Roman (Senegal) here in the field, he has been very good to me since I came here but I am not living with him rather I live in the women because the camp have two hostels one for men and one for women.

Please do not be offended by this message that comes from me, please, it’s just that I do not know what else to do because my situation here as a refugee is giving me great concern, therefore, I would like you to consider my situation as an orphan, and be kind to me, as I’m putting all my trust in you with fear, although I do not know who you are before, but I believe that with God all things are possible and you can not me betray in the end.

I have communicated to you because of my difficult situation here in this refugee camp, Its just like one staying in the prison and I hope by Gods grace I will come here soon.
I do not have any relatives now whom I can go to, all my relatives ran away in the middle of the war the only person I have now is Reverend Father John simon, who is our guardian here in this refugee camp, he has been very fun for all the bodies in the camp, but we’re not living with him rather we are leaving the hostel, which is divided into two sections, one for men and the other for females.
Father Rev Tel number is (+221 780177232) if you call, please tell him you want to talk to me Miss.claribel Abdel, Libya he will send for me in the hostel to come and talk to you. Here in this camp I’m sending e-mail through the office computer of the church at the far office Rev. Because As a refugee here we do not have any right or privilege to anything be it money, phone, computer, or whatever because it is against the law of this country. I want to go back to my studies because I only attended my first year before the tragic incident that lead to me being in this bad situation. I was there when I saw my mother killed with six months of pregnancy.

Please listen to this – (because it’s a secret, it is not known about it except me and you know it)

I have the death certificate of my late father here with me, I’ll send you later, because when he was alive he deposited some amount of money in a leading bank in Europe which he used my name as the relative closest, the total amount is US $ 9.5m (nine million five hundred thousand US dollars). So I will like you to help me transfer this money to your account and from it you can send some money for me to get my traveling documents and air ticket to come to know him in his country. I kept this secret to people in the camp here the only person that knows about it is you and me.

For your own information, I want you to see the news about the killing of my late father, story by BBC World News http://www.bbc.co.uk/news/world-africa-14336122 So I like you to keep it to yourself as a secret and not tell anyone because I’m afraid of losing my life and the money if people know about it.

Remember I am giving you all this information due to the trust i deposed on you. I like honest people and understanding, true and people who have vision, and God fearing person worker. My favorite language is English and I speak very fluent English.

I can trust you as a true friend?

Meanwhile I would like you to call me, like I said, I have much to tell you ..
Have a nice day and think about my condition here
Attached here is my pictures for you,

Awaiting to hear from you soonest
Thanks and remain blessed.
with love. Lovely your claribel


Don’t be fooled! I told this person I couldn’t help them and have never heard from them again. They were the ones who sent me a message after I looked at their profile and it looked OK there. This is unfortunate I got this back in November, and I am not interested in wiring money to get it. You can donate money through my web site or even through paying me for services. I didn’t win millions, and I don’t even know who this is.

COVID-19 Phishing Update: Nigerian Prince Lures Evolve with Crisis is the article. There is a link to other samples, but I did want to post this one because of how prevelent it is today. I’m not saying the others are not, but I’ve seen this one, so this is what I want to talk about in this post.

Seen the 419 scam in this light? Lets discuss it! The comment boards await you.

Comments Off on Nigerian 419 scam takes advantage of the Corona Virus pandemic

Microsoft sending email account problems? Better check that URL!

In the following example I’m describing, it leads to a web site which I do not want you to visit.

I’ve gotten now a second email from Microsoft.

Here is the latest one:


Unusual Sign-in activity

We detected something unusual about a recent sign-in to Microsoft account

Sign-in details

Country/region: Unted State
IP address: 107.170.166.118
Platform: Mac OS
Browser: Chrome

Please go your recent activity page to let us know whether or not this was you . If this wasn’t you. we’ll help you secure your account. we’ll trust similar activity in the future.

Review recent activity

The Microsoft Security Essentials
Microsoft Team office Center
all rights reserved © 2020


The view account information leads to http://office365-online.myvnc.com/cutomer/portal/ Don’t go here!

Firefox reports:


Deceptive site ahead

Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.

Advisory provided by Google Safe Browsing.


I was curious, as the email address apparently said or a similar address, but we know that this can’t be the case.

The email does look very authentic, and this is what will get people. As someone who is curious on what the trend is, I only click to look, nothing more. Having Firefox on your side is great, as they may see this and mark it bad as Google does, through their safe browsing feature. Thats awesome, Google!

Make sure to check your links.This email and another one came to us through our contact at menvi.org’s email address.

Here are the headers:


imap://menvi-webmaster%40menvi%:143/fetch%3EUID%3E.INBOX%3E43967
Return-Path: <>
Received: from cp1-benor.nocwest.net
by cp1-benor.nocwest.net with LMTP
id Nbd7Bi3Yh159JwAAIyXCCQ
(envelope-from <>); Fri, 03 Apr 2020 20:43:25 -0400
Return-path: <>
Envelope-to:
Delivery-date: Fri, 03 Apr 2020 20:43:25 -0400
Received: from static.26.106.130.94.clients.your-server.de ([94.130.106.26]:33651 helo=thindra1.info)
by cp1-benor.nocwest.net with esmtp (Exim 4.93)
id 1jKWuB-0002bW-1m
for ; Fri, 03 Apr 2020 20:43:25 -0400
Subject: Microsoft account unusual sign-in activity
From: Microsoft account teamno-reply@microsoft.com
Reply-to: no-reply@microsoft.com
To:
Content-Type: text/html; charset=us-ascii; boundary=CMF8FBR06Z2XNQEBJOR4.1200369.CMF8FBR06Z2XNQEBJOR4


Nice going guys, wanna try something I’ve not seen? Problems with an account that is a forwarder and on the proper server that is working isn’t going to fool me or my team any.

Comments Off on Microsoft sending email account problems? Better check that URL!

Zoom is filled with problems, two in Mac and one potential in windows

If Zoom didn’t have enough problems, this article I’m going to link to indicates that you can have problems with the Zoom client for Mac. Zoom Bombing is when someone takes control of your meeting and does stuff that you’re not wanting. to happen. This is more to do with video conferencing and the different sharing aspects, so we may not have anything to worry about.

With the two Mac issues which can happen anywhere, I’m hopeful that the company will address and fix these vulnerabilities as a company in this space should do. The article Zoom’s Privacy Problems Snowball as Two Zero Days Uncovered should be read so you’re aware of it and take the necessary precautions as you see fit.

Comments Off on Zoom is filled with problems, two in Mac and one potential in windows

Webinar on covid19 from a guy that should be giving this talk

Mikko Hypponen is the chief researcher at F-secure. This is going to be given on the first of April looking like Evening US time. I’m going to attend and see what he has to say. CYBER SECURITY AND COVID-19 is the page, please sign up if you can. I’ll try to tape this for future podcasting.

Comments Off on Webinar on covid19 from a guy that should be giving this talk

Posting on a forum for credit card info: lets teach our kids

I’ve been trying to come up with a way for me to talk about something I saw on a forum, without making it sound like it is one of the worst things you can do.

While it isn’t advisable to be posting questions asking for different types of info, I want to be caucious at the fact that there are people here that may not know better and do something that could harm them.

We’ve all done it, posted something somewhere we shouldn’t have. Its a possibility that I did this, even in my adult years, so I’m going to harp on myself as well as part of this post.

One of the things in today’s internet we need to be aware of are sites called Dark Web sites. Sadly, the Dark Web and the Deep Web can be used interchangeably according to Wikipedia’s lookup on dark web.

Some of the things that can go on in the dark or deep web is credit card selling. Also, tons of personal information is sold in the dark or deep web. With that, what I saw was posted in a forum in the application Dice World, which would be considered the clear web, or the vast majority of the visible Internet.

I’ve talked about Dice World problems before with good news included. The latest bad thing was this post talking about cheating as it relates to games which would include Dice World. We’ve also talked about dice world in our podcasts like podcast 326 and podcast 341 just to name two of them.

I’m not going to talk about this on my podcast, but I want to highlight with this post that the information about asking for information can go on any type of forum or mailing list, and this should not be taken just from the forum on Dice World.

Someone posted on the forum for someone to give them access to a credit card because they could not pay for more space on their icloud. The person in question indicated that they were under the age of 18. I’m not going to mention the age, nor the user name because I do not remember the user name off hand, and the age would not be appropriate to disclose in case it is wrong.

I can tell you that I’ve never seen this type of thing, and responses indicated that people should not give them any information. I was caucious and said that you should only do this with people you trust, not from an open threat such as this.

Mistakes can happen, no matter what the platform is. We’ve talked about software stuff before and now the phishing attacks with the Corona Virus. I’ve also talked about scammers targeting the blind but I don’t feel that this was necessarily the case.

I feel that the report I was given was pretty genuine, this may have been a child. who didn’t know any better, and education is appropriate. If I were able to moderate this, I would educate them about the fact that this is not necessarily a good idea, and that their parent or legal guardian should be responsible for their spending. I know that my stuff is paid for in this way, although I do pay for other things as well.

I’ve made mistakes on mailing lists, and was talked to, so I’m not singling any person out when I say that this person should’ve been blocked. I would definitely hope that once the post was removed by Dice World, immediate communication comensed by Email or messaging through the application to explain that this was not a good thing to do.

We should teach the young, not give them harsh punishments. As it were, the account was created the very day that I saw the post. In part, “I don’t normally do this, but …” and it was followed by the request.

My blog tries to cator to everyone, so if the person effected was to read this, I’d love to talk to you about the Internet so you understand what is happening now especially since things are changing in this world.

Do you know anyone who may be doing this? Do teach them, lets not give them a hard time. They aren’t criminals, yet. Look at the intent and determine whether or not a harsh punishment is necessary.

Comments Off on Posting on a forum for credit card info: lets teach our kids

What is this? This is another scam … as the domain doesn’t exist?

OK, I saw this in my email. They’re saying that the site listed in the IP unblock request form is not posting how we’re not doing anything to protect our members of the public.

First of all, the sites along my network are open to the public at large, and do not serve any pbulic people coming in to buy, unless I’m unaware of it.

Due to the nature of the issues, if they didn’t receive notice, its because they probably don’t live here in the area?

I know sites are posting notices, but it is not important for general info like any of my sites are to post notices.

Check this out.

On another note, the domain doesn’t exist!


Below is the result of your feedback form. It was submitted by

() on Wednesday, March 18, 2020 at 15:00:47

name: Cassie Buzzard
phone: 077 4527 1363
user: Cassie Buzzard
domain: bccsc.net
how_did_you_get_blocked:
Hello,

I have not received an update regarding measures you’re taking to combat COVID-19. I hope to hear that you are following all recently released guidelines and taking every precaution to protect our community?

Please reference the CDC’s emergency page (https://emergency.cdc.gov) and please consider completing a “Coronavirus Precautions and Pandemic Planning” course (http://pandemicplanning.info).

Without strict measures and an educated community, the virus will increase exponentially throughout the (global) population, as it’s already doing!

Stay safe,
Cassie
other_comments:
Hello,

I have not received an update regarding measures you’re taking to combat COVID-19. I hope to hear that you are following all recently released guidelines and taking every precaution to protect our community?

Please reference the CDC’s emergency page (https://emergency.cdc.gov) and please consider completing a “Coronavirus Precautions and Pandemic Planning” course (http://pandemicplanning.info).

Without strict measures and an educated community, the virus will increase exponentially throughout the (global) population, as it’s already doing!

Stay safe,

Cassie

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36 115Browser/8.6.2
REMOTE_ADDR: 162.245.222.236


Please do not waste my time sending this to this network as clearly its spam. I know the phone number is fake and so is the domain. If there is a place I should be forwarding this, please let me know. This is why the world is scared because of messages through contact forms like mine.

Take this as your notice. I’m not interested in spewing notices that are not welcome, and if my members of my site are interested, they can contact me through my sites and ask specific questions.

Comments Off on What is this? This is another scam … as the domain doesn’t exist?

Working from home? Better look at this

AA20-073A: Enterprise VPN Security has been sent to me, and it is a bulletine put out by the government. This document covers the potential for people to work from home because of this unpresented disease that has come across the world. Alert (AA20-073A) Enterprise VPN Security is the article linked here, and it has some great tips if you are concerned.

This does not cover anything from CDC and other things that you can get from other places on how to protect yourself, but this does provide information when it comes to securing yourself while working from home and what Phishers may do to try and steal passwords.

While we continue to learn more about this dangerous virus, lets make sure that the security is not taken along with us.

Comments Off on Working from home? Better look at this

IS TLS 1.0 and 1.1 really ready to go?

Livewire says yes, and articles out there have more

The last several days on Livewire have been quite interesting. Last week, I experienced a technical issue which has since been resolved. On top of that, I was notified that the site was upgraded to only work on 1.2 or higher TLS connections. Sans News Bites talks about this in one of their segments and this blog post entitled: It’s the Boot for TLS 1.0 and TLS 1.1 is one post and it comes from Mozilla themselves.

After the technical issues were resolved in live wire, someone recently reported running Windows 8, Firefox, and Jaws 16.

  • Windows 8, to my knowledge is not getting any updates
  • Firefox may be old, and unable to understand the TLS infrastructure
  • Jaws 16 isn’t supported with bug fixes
  • Chrome can’t run on 8

In the next podcast, I talk about Live Wire a little bit, what it is, the basics on the LTN (Livewire Telephone Network) and that while I did have an issue, it was my own doing.

The person behind Live Wire understands the security well, and I believe more sites will be moving toward this aspect. I said this before reading this article, and this is Sans News Bites from February 11, 2020. If I had the chance to read this before that discussion, I’d be more up to date!

Browsers negotiate to the highest common denominator which can mask the presence of less secure connection options. Make sure you’re regularly scanning the encryption settings on your web servers to ensure older, less secure connections are disabled, or monitored and documented where enabled. Monitoring may show the need to support older less secure operating systems and browsers may not be as significant as thought, or worth the risk.

Livewire is the first site to my knowledge to have taken this step, and I believe we’ll have more.

There are other articles around the web that covers this, and I’m running 73 of firefox now and have no trouble with connecting to Livewire since my own technical issue was resolved.

Comments Off on IS TLS 1.0 and 1.1 really ready to go?

Phishlab’s webinar was very informative

Hello folks, i hope you were able to get to today’s webinar from Phishlabs. If you missed it, This blog post had details.

They covered quite a number of things, including some of the scams I’ve seen including the romance scams. This blog post for example covers technical support scams, and as that article covers, it isn’t just your typical scam where you call a number for a problem. The scammer will lock your files, than have you covered by you calling a number to get help.

This blog post talks about how the romance scam talks to other people in the blind community like what has happened to me with various podcast and blog posts on people asking me for gift cards and money.

When I’ve encountered these folks, I told them that I did not have the money, and if they wanted a relationship, calling me would be best so we can see where it goes. None of them ever called!

This blog post was posted when I saw the article on why social media is increasingly abused for Phishing and scam type behavior.

This blog post is a podcast announcement and the podcast can be made available. I believe I talk about one such scammer here and what they were trying to do to me. Millitary people asking for money in itunes gift cards?

I’m sure you can find more if you search for scam on the blog, or scammers. Books talking about scams are emntioned, and much more!

I’d love to get this webinar out to the public, but this is Phishlabs webinar, so time needs to be given to allow people who signed up at first dibs.

I’ll see if I can get a recording of this, as I had, but not sure if the other copy will be the better one to use.

Thanks for reading, and make it a great day!

Comments Off on Phishlab’s webinar was very informative

Scammers hitting the blind, same as my talks earlier

Dice World has been talked about on my podcast as well as it being demoed in various aspects throughout the podcast. I’ve been recently looking at the forums that have now been added, and it looks like the scammers are now targeting the blind.

On podcasts prior, I’ve talked about multiple people who have added me to twitter and have asked for my Hangouts. After getting me on Hangouts, they insist on either having me pay to get them here to see me, asking for gift cards, or even money.

One of these people I said that I couldn’t pay for anything, and that they’re a scammer. They were rude saying that I shouldn’t mess with their business and that their lawyer would contact me. I told them that I would tell them everything, and yet, still no lawyer. Its a business to scam people out of money and try to get people to have a so-called relationship with no voice or video communication?

While I’ve been on dice world for a number of years, it saddens me that the blind community is now being targeted with people who are doing this type of thing. I’ve not encountered them on my own through that platform, but the developer is encouraging players to report this to them by email.

Podcast 289 which is available upon request if you can’t find it through RSS, talks about one such person who followed me on twitter. As someone who has been on the Internet for quite a number of years, before some, I’ve read plenty of articles and even some books about what these people can do. This Blog Post talking about Scam me if you can is one such book, and I’m sure there are others.

Since this is a blog talking about all sorts of things, I want people to know what I’m seeing. If you think that scams like this could happen on a gaming platform like Diceworld, this article talking about employment scams may be a reminder that it isn’t just the above mention we should be talking about or even this tech support article where scammers will go after your hard earned files and even try to have you pay money to supposedly fix the problem they will or have already started.

Think thats all we have to deal with? > Phone Phishing, Data Breaches, and Banking Scams is something else, and you can search this blog for more.

The fact that the scammers, one of whom is changing their name from male to female, is coming over to a platform like Diceworld, means nothing. This is sad! Some of the people on this type of platform don’t know a whole lot about these people, and they can fall for whatever they ask, and question it afterword or even while communicating with them.

This is a sad state of affairs. I’m saddened that these people have nothing else to do with their lives. I think some of these people are very employable and can use their skills for good instead of getting money out of a community that relies on money to survive.

This is not going to go away any time soon, and if you search scam on this blog, you’ll find lot of articles besides the ones I’m linking here in this post. Use your gut. Its there to tell you if something is not right. Follow what it says. There’s a community out there who are bringing it up, and asking questions, and thats great! Keep it up!

If I can be of help, please feel free to reach out. I’m just an email, imessage, phone call, or text message away!

Comments Off on Scammers hitting the blind, same as my talks earlier

Security Now, podcast 750

Security Now, released podcast 750. Twit.tv’s sn page and the RSS for you here.

Below, find the stories talked about.


SN 750: The Crypto CurveBall
?Tuesday, ?January ?21, ?2020, ??6:41:14 PM
This Week’s Stories:

  • iPhones join Android in being a Google account security key.
  • How much “substantive assistance” did Apple provide in the Pensacola investigation?
  • A brand new serious Internet Explorer 0-day
  • Giving Windows an additional Edge
  • FBI says nation-state actors breached a US city government and a US financial entity by exploiting Pulse Secure VPN servers.
  • Critical new Windows Remote Desktop Gateway (RD Gateway) remote code execution vulnerability
  • SQRL for Drupal
  • Microsoft issues security update to fix “CurveBall” vulnerability
    Hosts: Steve Gibson and Leo Laporte

Download or subscribe to this show at https://twit.tv/shows/security-now.

You can submit a question to Security Now! at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Comments Off on Security Now, podcast 750

Use WordPress database? Better update it!

We do not use this plug in on the blog, but saw this article via Twitter called: This WordPress vulnerability could let hackers hijack your entire site and it talks about a plug in called word press database. It allows someone to manage the database, but the vulnerability makes the entire web site disappear if the hacker wanted. Read the entire article on this one, it sounds pretty serious enough.

Comments Off on Use WordPress database? Better update it!

Older Posts »

go to sections menu


navigation menu

go to sections menu