go to sections menu

The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: security news and commentary

Go to Homepage [0], contents or to navigation menu



Here we go with another fakery of scare tactic

I saw the following on my phone yesterday. These types of emails I’ve seen before, and I’m still here. They’re trying to scare you in to paying moneyy and as far as I’m concerned, this network is safe.

On top of this, they fill out both portions of the form with the same thing, and my web site has been stable since I fixed all the bugs after developing it in 2008.


Below is the result of your feedback form. It was submitted by () on Tuesday, November 24, 2020 at 21:50:32
—————————————————————————
Name: JimmyCom
phone: 86266635738
contact_method: phone
bug: no
additional_bug_info: Your reputation and business are at stake!

We on your behalf in the message your website address jaredrimer.net and your contact information (including in social. Networks and messengers) will send:

+ on 15,897,318 sites, threats with insults to site owners, US residents, Europeans, LGBT and BLM.

+ 790,000 messages to bloggers with threats and insults

+ 2 367 896 public figures and politicians (from the USA and Europe) with threats and insults

+ 70,000 negative reviews about you and your website jaredrimer.net

+ 23 467 849 contact forms of sites with threats and insults

+ 150,000 emails messages to people with disabilities with threats and insults, many of them will definitely sue you

+ 57000 emails of messages to veterans with threats and insults, FOR THIS YOU WILL BE EXACTLY SITTED

Following from all of the above, you will get a lot of losses:

+ an abuse from spam house, amazon and many webmasters (for spam, insults and threats) will come to your site jaredrimer.net, as a result, your domain will be banned and blacklisted

+ people will sue you because you threatened and humiliated them

+ in court you will not prove anything, everything will look as if you did it all, MOST YOU WILL GO TO PRISON

+ internet will be inundated with negative reviews about you and your website jaredrimer.net

+ threats and reprisals from BLM and LGBT community members, in fact, these are dangerous community guys

Total: you will lose your business, all your money, you will spend on lawyers and compensation for court decisions, you will go to jail, your life will turn to hell …

We already have everything ready to launch all of the above, but we decided to give you a chance to avoid all this, you can buy off a small amount of money.

Make a payment, transfer 0.39 Bitcoins to this address

1JDYfBMP3vg8TcuFuwSHc1Wop3rREqupC4

We are waiting for the transfer from you until November 27, on Saturday November 28, if payment does not come from you, we will begin to destroy your business and you along with it.
comment_or_question: Your reputation and business are at stake!

We on your behalf in the message your website address jaredrimer.net and your contact information (including in social. Networks and messengers) will send:

+ on 15,897,318 sites, threats with insults to site owners, US residents, Europeans, LGBT and BLM.

+ 790,000 messages to bloggers with threats and insults

+ 2 367 896 public figures and politicians (from the USA and Europe) with threats and insults

+ 70,000 negative reviews about you and your website jaredrimer.net

+ 23 467 849 contact forms of sites with threats and insults

+ 150,000 emails messages to people with disabilities with threats and insults, many of them will definitely sue you

+ 57000 emails of messages to veterans with threats and insults, FOR THIS YOU WILL BE EXACTLY SITTED

Following from all of the above, you will get a lot of losses:

+ an abuse from spam house, amazon and many webmasters (for spam, insults and threats) will come to your site jaredrimer.net, as a result, your domain will be banned and blacklisted

+ people will sue you because you threatened and humiliated them

+ in court you will not prove anything, everything will look as if you did it all, MOST YOU WILL GO TO PRISON

+ internet will be inundated with negative reviews about you and your website jaredrimer.net

+ threats and reprisals from BLM and LGBT community members, in fact, these are dangerous community guys

Total: you will lose your business, all your money, you will spend on lawyers and compensation for court decisions, you will go to jail, your life will turn to hell …

We already have everything ready to launch all of the above, but we decided to give you a chance to avoid all this, you can buy off a small amount of money.

Make a payment, transfer 0.39 Bitcoins to this address

1JDYfBMP3vg8TcuFuwSHc1Wop3rREqupC4

We are waiting for the transfer from you until November 27, on Saturday November 28, if payment does not come from you, we will begin to destroy your business and you along with it.
submit: Submit comment or question to the Jared Rimer Network
—————————————————————————

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
REMOTE_ADDR: 188.126.94.179


The IP belongs to an ISP, why are ISP’s allowing things like this to look like they’re coming from them? This is a data center web transit IP, one that should not be visiting any web site. I’ve seen and reported many of these through an abuse web page that tracks these types of things.

According to the reports, it has been reported 92 times and a 100 percent spam risk. So, what is going to happen next? I can surely block the range of IP on my domain, but that isn’t going to solve anything. ISP’s should not be allowed to have their networks being used like this. Take a look at this, and let’s come up with a solution we can present somewhere to fix this. This aught to get interesting.

Comments (0)

Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

Malware can easily exploit the feature and send people’s data directly to remote servers, posing a massive privacy and security risk, researchers said.

Source: Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

This is the beginning of a very interesting article. Still need to see what Herbie sent me, and I retweeted this at him. This threat post article covers this very dangerous behavior, and boy, apple is getting slammed for this and I can see why. Let the comments begin on this Apple recent development.

Comments (0)

Look alike domain webinar

Hello folks, I had the pleasure of attending the look alike domain webinar that was hosted by Phishlabs. It was very interesting, and definitely covered quite a bit. As they indicated, not all attacks are going to have look like domains or domains that might mimic your web site or brand.

One of these that didn’t mimic anything except copyright per see was the email host security domain that I talked about last Friday in this blog post titled: Just saw the best email ever … in my inbox … domain is relatively new which talks about this in a spam email through my forms. Just to give you an update on that case, it looks like now that the domain is still registered but shows a blank page. I don’t know what was done, but I do know that the domain is still existing. According to the icann who is look up web page it is still registered and had pointed where I saw it through Ultrahost.

According to the webinar, this type of thing can be used to keep tabs on domains, although I think the presenter forgot that the who is directory doesn’t seem to show anything anymore on address, phone number, and the like. I’ve tested that on my domain and on one I have a who is protection on.

There was a lot more, and I know that they’ll provide a recording. Maybe at some point, I’ll record it and present it on a podcast. Thanks for reading, and we’ll chat soon!

Comments (0)

Just saw the best email ever … in my inbox … domain is relatively new

So I decided to have a little bit of fun today. I got the following email through jaredrimer.net’s contact form.


Below is the result of your feedback form. It was submitted by () on Friday, November 06, 2020 at 10:00:57

Name: WalterGlype
phone: 81976922431
contact_method: both E-mail and phone
bug: no
additional_bug_info: Unusual login details

Country / region: Lagos, Nigeria

IP address: 41.73.224.0

Platform: Windows 10

Browser: Chrome

Click here to check for more detailed activities. http://emailhostsecurity.com/?page_id=26

Failure to update might lead to permanent deactivation of your email account.It looks like they have privacy turned on based on my lookup, because it doesn’t even list a company.


The creation date was November 4, 2020 UTC. It expires in three years. There is a little bit more information listed like where it is pointing, and who registered the domain I.E. Enom, Godaddy, etc. but I am not interested in sharing all of what is listed publicly, you can look that up on your own. I just thought this was quite interesting, a domain claiming to be a host security domain blatently asking for email address and password, and nothing on its web site on who they were. Quite interesting.
comment_or_question: Unusual login details

Country / region: Lagos, Nigeria

IP address: 41.73.224.0

Platform: Windows 10

Browser: Chrome

Click here to check for more detailed activities. http://emailhostsecurity.com/?page_id=26

Failure to update might lead to permanent deactivation of your email account.

submit: Submit comment or question to the Jared Rimer Network

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 OPR/54.0.2952.51
REMOTE_ADDR: 143.244.38.159


When I went to the URL base domain, the page looks to have an image. Nothing more. It also has a supposed copyright C pannel that is linked. When I went to the address in this email, it asked for an email address and a password.

I just decided to have a little fun. I gave them an email address all right, and I even gave them a password. The site said: “Thank you for your trust. You’ll receive an email from us shortly.”

No, I didn’t give them anything on my domains, in fact, they won’t be finding me where I sent them.

Updated 11:25 am PT to clean up slight errors.

Comments (0)

This had to be the best, fascinating talk ever!

Today was the ATTACK AND DEFENSE: EXPERTS TO DEBATE CYBERSECURITY THREATS ON PODCAST and it was quite interesting. Both sides really had things well covered. There were two sides, a red team and a blue team, similar to a boxing match. The discussion talked about what the attackers would do, and how the defenders would protect their network if possible against the attack. The Twit Events page will have a copy of the podcast when it is complete. The program lasted an hour, and I’m opening the comment boards to see if you listened and what you thought. We’re listening.

Comments (0)

This was an interesting twitter issue today

I got email from DLVR and even live journal about my own twitter today. I thought maybe something happened so I went ahead and did what DLVR needed for me to regain my twitter. Apparently, an issue happened today which locked some accounts.

Twitter Support, You may be noticing a delay in your Tweets showing up on timelines. We’re working to fix this right now. 5 hours ago, Sprinklr

Twitter Support, We’re seeing a number of accounts that have been locked or limited by mistake and not because they Tweeted about any particular topic. We’re working to undo this and get those accounts back to normal. 4 hours ago, Sprinklr

Twitter Support, This is now fixed. Your Tweets should be making it onto your timeline…on time. an hour ago, Sprinklr

Twitter Support, The accounts that were mistakenly locked or limited have been restored. We’re sorry this happened in the first place.

If you’re having trouble accessing your account, here’s what you can do: https://help.twitter.com/managing-your-account/locked-and-limited-accounts an hour ago, Sprinklr

I saw the third tweet on my phone.

I think this was an honest mistake somewhere and unfortunate. Sadly, I believe Live Journal also had a problem as I tried to log in to my account to reconnect my twitter and its sayingt something about my password being out of date. While I want to fix that, seems like I’m now not getting email as I should. That address is up to date as I got the email saying my twitter was having a problem.

Mistakes happen, and I think this was an honest one. Were you effected by this twitter issue today? Sound off. Also coming out, some accounts were also suspended by mistake as well. They’ve reversed this too. More to come if I get any updates on this. Just wanted to pass this along.

Comments (0)

A twitter update worth sharing

I decided to go ahead and check on the twitter issues we’ve had been covering both on the box, and a segment in the regular podcast.

Twitter Support, We’re hearing confusion around how the 8 accounts we reported yesterday relate to the 36 we reported today. These numbers refer to different things. 5 days ago, Twitter Web App

Twitter Support, 8 is the number of accounts where an archive of “Your Twitter Data” was downloaded. This includes all of *your* account activity including DMs. None of the YTD downloads impacted Verified accounts. https://help.twitter.com/en/managing-your-account/accessing-your-twitter-data 5 days ago, Twitter Web App

Twitter Support, 36 is the number of accounts where the attacker took control of the account and viewed the DM inbox on https://Twitter.com. 5 days ago, Twitter Web App

Twitter Support, To recap:
?130 total accounts targeted by attackers
?45 accounts had Tweets sent by attackers
?36 accounts had the DM inbox accessed
?8 accounts had an archive of “Your Twitter Data” downloaded, none of these are Verified 5 days ago, Twitter Web App

I want to make sure people see this, as Twitter has been very transparent as of late, so this is a good sign. These tweets are 5 days old, and I tought about looking as of late. Its never too late to share this type of data with the community in case they do not follow or know about the information being disseminated.

What to read:

Were you impacted by the issues that started on July 15th? Do you think twitter has been more transparent? Please sound off! If you’re a twitter user, read the related link dealing with your data, I’ve read quite a bit and its pretty straight forward.

Comments (0)

The latest on twitter: Monday , 7/20 18:00 PT

I was asked about any updates on the twitter situation. While its still in the investigation phase, I’m a little bit concerned, however, we really don’t know what went on so I’m not going to pass judgement.

Here’s the latest from Twitter Support and I thought I’d pass it along.

Twitter Support, We’re sharing a blog post that collects the latest on our investigation. It reiterates what we’ve already shared here, and includes a few new findings. https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html 2 days ago, Twitter Web App

Twitter Support, As of now, we know that they accessed tools only available to our internal support teams to target 130 Twitter accounts. For 45 of those accounts, the attackers were able to initiate a password reset, login to the account, and send Tweets. 2 days ago, Twitter Web App

Twitter Support, We are continuing our forensic review of all of the accounts to confirm all actions that may have been taken. 2 days ago, Twitter Web App

Twitter Support, For up to eight of the Twitter accounts involved, the attackers took the additional step of downloading the account’s information through our “Your Twitter Data” tool. We are reaching out directly to any account owner where we know this to be true. 2 days ago, Twitter Web App

Twitter Support, Our investigation and cooperation with law enforcement continues, and we remain committed to sharing any updates here. More to come via @TwitterSupport as our investigation continues. 2 days ago, Twitter Web App

Twitter Support, We hope that our openness and transparency throughout this process, and the steps and work we will take to safeguard against other attacks in the future, will be the start of making this right. 2 days ago, Twitter Web App

Twitter Support, There is a lot speculation about the identity of these 8 accounts. We will only disclose this to the impacted accounts, however to address some of the speculation: none of the eight were Verified accounts. 2 days ago, Twitter Web App

Here’s a link to that blog post and I hope we continue to learn more.

To add my own thoughts, I don’t think that this was a deliberate act of Twitter. I’m sure someone made a mistake, and the mistakes can give people a falst sense of security if a major breach takes place. Ongoing training was the big point I took from the blog post which I urge everyone to read. The investigation is still ongoing, and I’m sure we’ll learn more. The blog post has a lot of what is quoted from twitter, so please read the entire post. Thanks so much for reading the blog.

There are no news articles at press time from my sources with anything new. The link to Twitter’s blog came directly from Twitter directly.

Comments (0)

Breaking! An Apparent Megabreach at twitter? More to come

I saw a tweet from Steve Gibson from Security now about a potential incident that has happened today.

Steve Gibson, Yay! Verified Twitter users are again able to Tweet. Twitter had clamped down during today’s recent Mega Twitter Hack! 7 minutes ago, TweetDeck

Steve Gibson, Re: Today’s Mega Twitter Hack:
I’ll be on live with Jason Thursday morning at 11am Pacific to discuss everything we know about today’s hack. See you there! 🙂 6 minutes ago, TweetDeck

Here are tweets from Twitter support directly.

Twitter Support, We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly. 2 hours ago, Twitter Web App

Twitter Support, You may be unable to Tweet or reset your password while we review and address this incident. 2 hours ago, Twitter Web App

Twitter Support, We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience. an hour ago, Twitter Web App

I’ll join Twit tomorrow morning to see what Jason and Steve will be talking about. More later.

Comments (2)

Spam likely, this is the first I’ve seen this

I was on a phone call this morning, and i was getting an inbound call when we were about to finish our call. The phone said Spam likely, and I didn’t see the number at first while it rang. The missed call notification I got was “spam risk” and when going in there I found the phone number that called.

This is the first time I’ve seen this, because I’ve heard of people receiving these notifications on their calls for some time. I think this is great news! Maybe now I can go back to possibly answering my phone for phone numbers now knowing I have this to help me.

This is known as STIR/SHAKEN where this is a protocol where caller ID can’t be spoofed. It does not stop the calls from coming in unless you specifically go on to your phone settings and turn on silence unknown callers. I’m not necessarily sure if thats the right thing to do, as places like doctor offices, hospitals, and other companies use a bank of phone numbers and you’ll miss calls.

Its best to link to the Wikipedia article as there are a lot of links to various aspects including the caller ID spoofing, Internet Engineering Task Force, and nore. Security Now has also talked about this on their podcast and you should check it out.

Security Now! is the longest running twit show to date. I know I’m behind, and I need to catch up, but it is a show worth listening to.

This technology works no matter the phone, a person who comes here to assist me does not have an iphone. This is nice to see!

You can see Security Now! podcast 761 for a recent update on this.

How have you delbt with the spam likely calls? Turn on the unknown callers and call people back? I aught to play with it and see if thats the way to go. Your thoughts are welcome.

Comments (1)

What is the state of Antivirus today? Is it about dead?

I read an email now twice, and it made me think the first time about the status of whether it is worth using Antivirus software. Companys like Eset, Trend Micro, and Norton are household names in this industry. Recently, I got an email from someone who wanted me to link to Eset in a piece I ran way back many years ago. I normally don’t do this because people don’t go back that far, but the email I got from Shaun got me to think.

I really like the way Trend Micro worked when I used it. It blocked things that were potentially harmful, and I could still view the portions of the page that were safe. If the entire web site was bad, they let you know! They’ve got a vast network and use the cloud to help keep you safe by proactively blocking bad URL’s or web sites as its been known.

I’ve also used Norton and Eset, and both were good in their time. While I’m not going to say one way or another whether any of these products are good today, I know that Windows Defender is not. I know this because I purposely downloaded a file I knew was bad. This program never picked it off. I think I deleted it now, but if Defender is to be good, it would know about this potential file because it came from an email claiming that I had an invoice, or some such thing.

In 2017, I wrote a very interesting blog post Antivirus and the disabled computer user where I ask the question of what is accessible out there. Two different products came out and none were products like Eset or even Trend Micro. I did download home, and never installed it.

In recent discussions, someone who does a technology show on the mix indicated I should get Malware Bytes. I’ve never used it, but the feedback I got indicated that it was accessible, and I’ve been contemplating downloading it.

In June 2020, I got the following Email from Shaun which sparked me thinking about this again, and I told the person I’d put a link to eset in to a post after thoroughly reviewing the following email.

Hi.

Got this from another list I am lerking on.

Reviewing the windows release info there is something about avast.

What scares me is that avast own avg now.

So your supposed security software can smash your system to bits now.

You know I am so happy I no longer use security software bar windows defender with many excludes.

I do have and run from time to time malwarebytes but if this is the state of security software, then I’d rather get a virus, or hacked, or have to pay
a ransom.

I read the forums linked to from one of the posts and several others in the same vain and many people have had their systems completely destroyed.

Its a shame I have to say that, but maybe our security companies are getting to greedy on things.

Some of these guys that got hit actually payed for this shit, guess they won’t be coming back.

Not without reformatting and reinstalling everything at any rate which is what I would do.

I am surprised no one is suing over this, I’d at least want my money back and would never go back.

So pleased I quit the comercial security suite thing back in 2007.

My friend or at least one of them and his family are still wedded to norton.

After hearing all this, its really stopped me trusting any security suite or any anti anything software period at least all thirdparty things.

I’ll take passive preventitive protection and on demand protection but all these active defence live protections seem to be more trouble than they are
worth.

In my case it works but I have had to exclude so much of my drive from the viruses thing I may as well not bother running something like security.

And if microsoft gets really annoyed its starts saying system files that don’t exist have issues.

So far these are programs I can do without but I still get mad at all this.

In 2007 when it was accessibility it wasn’t to bad, it only got really bad in 2012 and didn’t get really bad till the end of last year beginning of this
year.

I first noticed it after symantech got norton back in 2003, before that I actually used things and they worked.

The forwarded message links to two links about Windows 10 version 2004.

The first, Windows 10, version 2004 and Windows Server, version 2004 Known Issues and the second Resolved issues in Windows 10, version 2004 and Windows Server, version 2004. On the accessibility front, Blind Bargains posted Windows 10 2004 is Available; Narrator Gets Improved Web and Outlook Support, Even Firefox Compatibility on June 11th.

All of this is great, but what about the security software? Where does it stand with all of this? I don’t want to use inferior software that is not accessible enough to use to set up or even use if it does detect a problem.

Is MSE the best we can do? Windows Defender? Please sound off!

Comments (2)

Our Cyber Hygiene is very important

In a June 2020 video from Scott Schober, he talks about normal day-to-day hygiene and our cyber hygene when it comes to the covid-19 pandemic we’re continuing to face across the United States. While it was posted mid-june, I listened to it today, and it is still valuable and talks to people that I think may come across it. I’m going to link to it here, and it is the direct Youtube link.

Cyber Hygiene in age of COVID-19 is the video, and do give it a listen or a watch. You might find something that you may need to change in your practices for today’s Internet and technology age.

Comments (0)

Name doesn’t match, theres no deal

In the below comment form I just saw, although you’ve seen this before, the names don’t match.


Below is the result of your feedback form. It was submitted by
() on Sunday, May 03, 2020 at 17:01:44

Name: Elijah
phone: 02.47.98.76.96
contact_method: both E-mail and phone
bug: no
additional_bug_info: Hello

First, I would just like to say that I hope that you, your colleagues and loved ones are all healthy and well during these challenging times.

I think you have a great website, however I feel that you lack engaging videos to promote your products.

We offer customised animated videos at pricing you probably haven’t seen before. Please check us out at https://bit.ly/3bLCbFT

We are running a promotion for the next 24 hours.

Best wishes,

Ian
comment_or_question: Hello

First, I would just like to say that I hope that you, your colleagues and loved ones are all healthy and well during these challenging times.

I think you have a great website, however I feel that you lack engaging videos to promote your products.

We offer customised animated videos at pricing you probably haven’t seen before. Please check us out at https://bit.ly/3bLCbFT

We are running a promotion for the next 24 hours.

Best wishes,

Ian

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
REMOTE_ADDR: 89.187.178.239


What deal for what videos? I didn’t ask for any emails about any videos. This doesn’t even make sense and you fill out the bug reporting aspect of this as well as the comment aspect?

I should start blocking everyone who can’t fill out the forms correctly. No IP lookups, just flat out blocking through something called an IP deny manager. I hate the idea of blocking, as that can be circumvented, but fighting Spam like this needs to start somewhere. I’ve already killed one contact form, I should need to kill another one or two or three? Then nobody will contact us and thats not what the network is for. I’m curious on how people deal with these, especially now that we can’t go anywhere in some places. Do you block things like these at the IP level? We already know the forms email addresses could be forged anyway so blocking by email isn’t the question, and some form processors allow for that. I’d say I could do that, but I don’t like the idea because it can easily gotten around.

Comments (2)

Another type of extortion attempt? I am not laughing, nor am I convinced

I’ve gotten two of these emails, one at jaredrimer.net and the other at whitecanetravel.com on the 28th. I want people to see this, and tell me if I’m correct. Do you all think this is an extortion attempt? I do, as bugs legitimently coming to me I fix. If I’ve been hacked, I want to know about it so I can fix it. If I can’t, I can get the assistance. You be the judge.

Here is the first form.


Below is the result of your feedback form. It was submitted by
() on Thursday, April 30, 2020 at 01:08:41

Name: Leticia
phone: 479 9456
contact_method: phone
bug: no
additional_bug_info: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.jaredrimer.net and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.jaredrimer.net was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1HGxLfhnMzPEzWD7YeBwtWUGj3E2Q2YJKE

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I donâ t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, thereâ s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, donâ t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.
comment_or_question: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.jaredrimer.net and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.jaredrimer.net was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1HGxLfhnMzPEzWD7YeBwtWUGj3E2Q2YJKE

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I donâ t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, thereâ s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, donâ t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36
REMOTE_ADDR: 92.223.89.5


Thats nice. You clain you hacked white cane travel and extracted data, but there is no data to be had. jaredrimer.net has no data to be had either, unless you hacked my word press database. If thats the case, you’ll have a lot of spam accounts plus a few legit accounts. WCT does not have any stored data, and any forms that come come via email. I hope you people have fun with whatever you had.

Here’s WCT’s email.
<


Below is the result of your feedback form. It was submitted by
() on Tuesday, April 28, 2020 at 09:12:45

name: Adam
phone: 04.35.62.75.78
method: Both E-Mail and Phone
to: First Available
bug: No
additional_bug_info: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.whitecanetravel.com and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.whitecanetravel.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1Bs6CYDuHy1UGLr5ccz2UxRNcPGpeAa7tz

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I don_t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there_s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don_t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.
comment_or_question: PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!

We have hacked your website http://www.whitecanetravel.com and extracted your databases.

How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.

What does this mean?

We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site http://www.whitecanetravel.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques that we used in the past to de-index our targets.

How do I stop this?

We are willing to refrain from destroying your site’s reputation for a small fee. The current fee is $2000 USD in bitcoins (BTC).

Send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):

1Bs6CYDuHy1UGLr5ccz2UxRNcPGpeAa7tz

Once you have paid we will automatically get informed that it was your payment. Please note that you have to make payment within 5 days after receiving this notice or the database leak, e-mails dispatched, and de-index of your site WILL start!

How do I get Bitcoins?

You can easily buy bitcoins via several websites or even offline from a Bitcoin-ATM. We suggest you to start with http://coinmama.com for buying bitcoins with credit/debit cards or http://localbitcoins.com for other type of payments.

What if I don_t pay?

If you decide not to pay, we will start the attack at the indicated date and uphold it until you do, there_s no counter measure to this, you will only end up wasting more money trying to find a solution. We will completely destroy your reputation amongst google and your customers.

This is not a hoax, do not reply to this email, don_t try to reason or negotiate, we will not read any replies. Once you have paid we will stop what we were doing and you will never hear from us again!

Please note that Bitcoin is anonymous and no one will find out that you have complied.

HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:59.0) Gecko/20100101 Firefox/59.0
REMOTE_ADDR: 92.223.89.5


Do you all think this network is stupid? If there is a legitiment bug, I need to know, I’m not scared by my reputation because you fill out the comment form in the bug reporting form trying to scare me. You say not to contact you, but I bet the addresses in both forms I provided are fake. I know the phone numbers provided are definitely fake, so I surmise this is fake. Have fun with whatever data you have, because bugs that come to me get fixed. It is a blatent targeted attempt to extort money, and I want people to see this. I need every dime of my money right now, and I know other people do too. Have fun trying to extort me, because I have things under control. Enjoy!

Comments (0)

Nigerian 419 scam takes advantage of the Corona Virus pandemic

I should probably not be surprised while catching up on Phishlabs and their continuing coverage of lures that can take advantage of people during the Covid pandemic.

Nigerian letter frauds combine the threat of impersonation fraud with a variation of an advance fee scheme in which a letter mailed, or e-mailed, from Nigeria offers the recipient the “opportunity” to share in a percentage of millions of dollars that the author—a self-proclaimed government official—is trying to transfer illegally out of Nigeria. The recipient is encouraged to send information to the author, such as blank letterhead stationery, bank name and account numbers, and other identifying information using a fax number given in the letter or return e-mail address provided in the message. The scheme relies on convincing a willing victim, who has demonstrated a “propensity for larceny” by responding to the invitation, to send money to the author of the letter in Nigeria in several installments of increasing amounts for a variety of reasons.

FBI: Nigerian Letter or “419” Fraud

Accessed April 13, 2020: 14:15 PT

While these are the common schemes quoted above, Phishlabs is reporting that they have now updated this very successful tactic for the modern pandemic.

Its not like people have anything else to do but get swept in to these types of things, and I’ve seen this type of thing sent to my email.

One of them contacted me through twitter, asking me to email them.

I did, thinking maybe it was a penpal relationship like they used to do via the mail or letterbox.

Boy, was I wrong. After sending an email, I got greeted with this type of scam.

In the following example, I’ve eliminated the point of contact, but left the letter in tact for you to see how this works. There are very different forms of this, and this is just one. I did respond saying I couldn’t help them and explained to them what this was. Never heard from them again!


Hello, my darling

Please with due respect and in the name of God.
First, thank you; in line with the message I sent to you, I am more than happy in your reply to my email. How is everything there in your country, I believe that you are in good health, and the atmosphere there in your country is very nice today? Mine is a little bit warm over here in Dakar Senegal.

My name is (claribel Abdel) am from Libya in North Africa, I am (23 years old), but age does not matter in a real relationship, I’m from (Libya), 5.2 feet tall, fair complexion in single (never married) and am currently residing here in Dakar as a result of the war that happened in my country that I had escaped to this country Senegal were’m under refugee camp.

My late father Major General (Abdel Fattah YOUNES). My late father He held the rank of Major General and the post of Minister of the Interior, but resigned on February 22, 2011 to desert the rebel civil war in Libya. My father was killed by members of an anti-Gaddafi military on 28 July 2011. When the rebels anti-Gaddafi military troupe attacked our house one early morning killing my parents. Also my mother was six months pregnant and she was a university professor before his death, it is only me that is alive now because I am the only child of my parents, and I managed to make my way with the help of UN to Senegal, where I am leaving now as a refugee. It was on a morning attack early by militant groups killed two members of my family my mother and father in a cold blood, also my mother was six months pregnant.

Now, as I’m talking to you, I am the only living person in my family, and I managed to make my way to this country (Senegal), where I’m going now as a refugee under the care of Rev. Father John Simon, who is the priest (Catholic Church Saint-Louis Roman (Senegal) here in the field, he has been very good to me since I came here but I am not living with him rather I live in the women because the camp have two hostels one for men and one for women.

Please do not be offended by this message that comes from me, please, it’s just that I do not know what else to do because my situation here as a refugee is giving me great concern, therefore, I would like you to consider my situation as an orphan, and be kind to me, as I’m putting all my trust in you with fear, although I do not know who you are before, but I believe that with God all things are possible and you can not me betray in the end.

I have communicated to you because of my difficult situation here in this refugee camp, Its just like one staying in the prison and I hope by Gods grace I will come here soon.
I do not have any relatives now whom I can go to, all my relatives ran away in the middle of the war the only person I have now is Reverend Father John simon, who is our guardian here in this refugee camp, he has been very fun for all the bodies in the camp, but we’re not living with him rather we are leaving the hostel, which is divided into two sections, one for men and the other for females.
Father Rev Tel number is (+221 780177232) if you call, please tell him you want to talk to me Miss.claribel Abdel, Libya he will send for me in the hostel to come and talk to you. Here in this camp I’m sending e-mail through the office computer of the church at the far office Rev. Because As a refugee here we do not have any right or privilege to anything be it money, phone, computer, or whatever because it is against the law of this country. I want to go back to my studies because I only attended my first year before the tragic incident that lead to me being in this bad situation. I was there when I saw my mother killed with six months of pregnancy.

Please listen to this – (because it’s a secret, it is not known about it except me and you know it)

I have the death certificate of my late father here with me, I’ll send you later, because when he was alive he deposited some amount of money in a leading bank in Europe which he used my name as the relative closest, the total amount is US $ 9.5m (nine million five hundred thousand US dollars). So I will like you to help me transfer this money to your account and from it you can send some money for me to get my traveling documents and air ticket to come to know him in his country. I kept this secret to people in the camp here the only person that knows about it is you and me.

For your own information, I want you to see the news about the killing of my late father, story by BBC World News http://www.bbc.co.uk/news/world-africa-14336122 So I like you to keep it to yourself as a secret and not tell anyone because I’m afraid of losing my life and the money if people know about it.

Remember I am giving you all this information due to the trust i deposed on you. I like honest people and understanding, true and people who have vision, and God fearing person worker. My favorite language is English and I speak very fluent English.

I can trust you as a true friend?

Meanwhile I would like you to call me, like I said, I have much to tell you ..
Have a nice day and think about my condition here
Attached here is my pictures for you,

Awaiting to hear from you soonest
Thanks and remain blessed.
with love. Lovely your claribel


Don’t be fooled! I told this person I couldn’t help them and have never heard from them again. They were the ones who sent me a message after I looked at their profile and it looked OK there. This is unfortunate I got this back in November, and I am not interested in wiring money to get it. You can donate money through my web site or even through paying me for services. I didn’t win millions, and I don’t even know who this is.

COVID-19 Phishing Update: Nigerian Prince Lures Evolve with Crisis is the article. There is a link to other samples, but I did want to post this one because of how prevelent it is today. I’m not saying the others are not, but I’ve seen this one, so this is what I want to talk about in this post.

Seen the 419 scam in this light? Lets discuss it! The comment boards await you.

Comments (0)

Microsoft sending email account problems? Better check that URL!

In the following example I’m describing, it leads to a web site which I do not want you to visit.

I’ve gotten now a second email from Microsoft.

Here is the latest one:


Unusual Sign-in activity

We detected something unusual about a recent sign-in to Microsoft account

Sign-in details

Country/region: Unted State
IP address: 107.170.166.118
Platform: Mac OS
Browser: Chrome

Please go your recent activity page to let us know whether or not this was you . If this wasn’t you. we’ll help you secure your account. we’ll trust similar activity in the future.

Review recent activity

The Microsoft Security Essentials
Microsoft Team office Center
all rights reserved © 2020


The view account information leads to http://office365-online.myvnc.com/cutomer/portal/ Don’t go here!

Firefox reports:


Deceptive site ahead

Firefox blocked this page because it may trick you into doing something dangerous like installing software or revealing personal information like passwords or credit cards.

Advisory provided by Google Safe Browsing.


I was curious, as the email address apparently said or a similar address, but we know that this can’t be the case.

The email does look very authentic, and this is what will get people. As someone who is curious on what the trend is, I only click to look, nothing more. Having Firefox on your side is great, as they may see this and mark it bad as Google does, through their safe browsing feature. Thats awesome, Google!

Make sure to check your links.This email and another one came to us through our contact at menvi.org’s email address.

Here are the headers:


imap://menvi-webmaster%40menvi%:143/fetch%3EUID%3E.INBOX%3E43967
Return-Path: <>
Received: from cp1-benor.nocwest.net
by cp1-benor.nocwest.net with LMTP
id Nbd7Bi3Yh159JwAAIyXCCQ
(envelope-from <>); Fri, 03 Apr 2020 20:43:25 -0400
Return-path: <>
Envelope-to:
Delivery-date: Fri, 03 Apr 2020 20:43:25 -0400
Received: from static.26.106.130.94.clients.your-server.de ([94.130.106.26]:33651 helo=thindra1.info)
by cp1-benor.nocwest.net with esmtp (Exim 4.93)
id 1jKWuB-0002bW-1m
for ; Fri, 03 Apr 2020 20:43:25 -0400
Subject: Microsoft account unusual sign-in activity
From: Microsoft account teamno-reply@microsoft.com
Reply-to: no-reply@microsoft.com
To:
Content-Type: text/html; charset=us-ascii; boundary=CMF8FBR06Z2XNQEBJOR4.1200369.CMF8FBR06Z2XNQEBJOR4


Nice going guys, wanna try something I’ve not seen? Problems with an account that is a forwarder and on the proper server that is working isn’t going to fool me or my team any.

Comments (0)

Zoom is filled with problems, two in Mac and one potential in windows

If Zoom didn’t have enough problems, this article I’m going to link to indicates that you can have problems with the Zoom client for Mac. Zoom Bombing is when someone takes control of your meeting and does stuff that you’re not wanting. to happen. This is more to do with video conferencing and the different sharing aspects, so we may not have anything to worry about.

With the two Mac issues which can happen anywhere, I’m hopeful that the company will address and fix these vulnerabilities as a company in this space should do. The article Zoom’s Privacy Problems Snowball as Two Zero Days Uncovered should be read so you’re aware of it and take the necessary precautions as you see fit.

Comments (0)

Webinar on covid19 from a guy that should be giving this talk

Mikko Hypponen is the chief researcher at F-secure. This is going to be given on the first of April looking like Evening US time. I’m going to attend and see what he has to say. CYBER SECURITY AND COVID-19 is the page, please sign up if you can. I’ll try to tape this for future podcasting.

Comments (0)

Posting on a forum for credit card info: lets teach our kids

I’ve been trying to come up with a way for me to talk about something I saw on a forum, without making it sound like it is one of the worst things you can do.

While it isn’t advisable to be posting questions asking for different types of info, I want to be caucious at the fact that there are people here that may not know better and do something that could harm them.

We’ve all done it, posted something somewhere we shouldn’t have. Its a possibility that I did this, even in my adult years, so I’m going to harp on myself as well as part of this post.

One of the things in today’s internet we need to be aware of are sites called Dark Web sites. Sadly, the Dark Web and the Deep Web can be used interchangeably according to Wikipedia’s lookup on dark web.

Some of the things that can go on in the dark or deep web is credit card selling. Also, tons of personal information is sold in the dark or deep web. With that, what I saw was posted in a forum in the application Dice World, which would be considered the clear web, or the vast majority of the visible Internet.

I’ve talked about Dice World problems before with good news included. The latest bad thing was this post talking about cheating as it relates to games which would include Dice World. We’ve also talked about dice world in our podcasts like podcast 326 and podcast 341 just to name two of them.

I’m not going to talk about this on my podcast, but I want to highlight with this post that the information about asking for information can go on any type of forum or mailing list, and this should not be taken just from the forum on Dice World.

Someone posted on the forum for someone to give them access to a credit card because they could not pay for more space on their icloud. The person in question indicated that they were under the age of 18. I’m not going to mention the age, nor the user name because I do not remember the user name off hand, and the age would not be appropriate to disclose in case it is wrong.

I can tell you that I’ve never seen this type of thing, and responses indicated that people should not give them any information. I was caucious and said that you should only do this with people you trust, not from an open threat such as this.

Mistakes can happen, no matter what the platform is. We’ve talked about software stuff before and now the phishing attacks with the Corona Virus. I’ve also talked about scammers targeting the blind but I don’t feel that this was necessarily the case.

I feel that the report I was given was pretty genuine, this may have been a child. who didn’t know any better, and education is appropriate. If I were able to moderate this, I would educate them about the fact that this is not necessarily a good idea, and that their parent or legal guardian should be responsible for their spending. I know that my stuff is paid for in this way, although I do pay for other things as well.

I’ve made mistakes on mailing lists, and was talked to, so I’m not singling any person out when I say that this person should’ve been blocked. I would definitely hope that once the post was removed by Dice World, immediate communication comensed by Email or messaging through the application to explain that this was not a good thing to do.

We should teach the young, not give them harsh punishments. As it were, the account was created the very day that I saw the post. In part, “I don’t normally do this, but …” and it was followed by the request.

My blog tries to cator to everyone, so if the person effected was to read this, I’d love to talk to you about the Internet so you understand what is happening now especially since things are changing in this world.

Do you know anyone who may be doing this? Do teach them, lets not give them a hard time. They aren’t criminals, yet. Look at the intent and determine whether or not a harsh punishment is necessary.

Comments (0)

What is this? This is another scam … as the domain doesn’t exist?

OK, I saw this in my email. They’re saying that the site listed in the IP unblock request form is not posting how we’re not doing anything to protect our members of the public.

First of all, the sites along my network are open to the public at large, and do not serve any pbulic people coming in to buy, unless I’m unaware of it.

Due to the nature of the issues, if they didn’t receive notice, its because they probably don’t live here in the area?

I know sites are posting notices, but it is not important for general info like any of my sites are to post notices.

Check this out.

On another note, the domain doesn’t exist!


Below is the result of your feedback form. It was submitted by

() on Wednesday, March 18, 2020 at 15:00:47

name: Cassie Buzzard
phone: 077 4527 1363
user: Cassie Buzzard
domain: bccsc.net
how_did_you_get_blocked:
Hello,

I have not received an update regarding measures you’re taking to combat COVID-19. I hope to hear that you are following all recently released guidelines and taking every precaution to protect our community?

Please reference the CDC’s emergency page (https://emergency.cdc.gov) and please consider completing a “Coronavirus Precautions and Pandemic Planning” course (http://pandemicplanning.info).

Without strict measures and an educated community, the virus will increase exponentially throughout the (global) population, as it’s already doing!

Stay safe,
Cassie
other_comments:
Hello,

I have not received an update regarding measures you’re taking to combat COVID-19. I hope to hear that you are following all recently released guidelines and taking every precaution to protect our community?

Please reference the CDC’s emergency page (https://emergency.cdc.gov) and please consider completing a “Coronavirus Precautions and Pandemic Planning” course (http://pandemicplanning.info).

Without strict measures and an educated community, the virus will increase exponentially throughout the (global) population, as it’s already doing!

Stay safe,

Cassie

HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36 115Browser/8.6.2
REMOTE_ADDR: 162.245.222.236


Please do not waste my time sending this to this network as clearly its spam. I know the phone number is fake and so is the domain. If there is a place I should be forwarding this, please let me know. This is why the world is scared because of messages through contact forms like mine.

Take this as your notice. I’m not interested in spewing notices that are not welcome, and if my members of my site are interested, they can contact me through my sites and ask specific questions.

Comments (0)

Older Posts »

go to sections menu


navigation menu

go to sections menu