Year: 2009

You’ve got hacked thanks to Twitter : Don’t “email me at”

Paul

I was reading a blog post about Spammers Harvesting Sorrow From Twitter.

Something came to my mind, so I did a little research and a lot of thinking and it finally came to me. It is easy for someone to find your email and use it for there own means. There are several different scenarios I can come up with:

    [ad]

  • Impersonating someone you know —  It is quite simple to find out who we know and who we follow.  You can always find someone who you don’t know the email address of and make it seem like your them to get even more information from the person.

  • Receiving Viruses, Trojans, or worms —   Although if you have a good Anti-virus this one won’t be getting to you but  according to ESET : 10 percent of computer users didn’t know if they had anti-virusware installed. This means that there are going to be some success for malware authors to send out a virus to every who twitters there email address and still have success.

  • Try to guess your password —  If they have your email address, which is almost like your SSN in some respects, they could go to Facebook and try to get into your account by doing a Dictionary attack or a Brute Force Attack.  They may even try to hack into your email address just to get access to all the other accounts.

I am sure I am going to miss others that could possibly happen but this isn’t about what could happen this is about ways to prevent this type of stuff.   Chris Pirillo seems to think that if we use the “AT” and “dot” in place of the real things that no Bot would be able to figure that.   I say no because this is the easiest thing for a bot to do is to copy everything after the “Email me at”  and put it in a text file.   Then the person harvesting the email address would just have to go through and find all them that have the “dot” and “at” and change them to what they should be.  I have been watching the search terms for the last few hours and it seems there is a new person posting there email address every 5 minutes or so.  Have you don’t it in the past?

In short, if you want someone to email you it is always best just to send a Direct message to them so no other eyes can see it.  I’d also suggest installing some [intlink id=”2205″ type=”page”]Free Anti-virus and Firewalls[/intlink] if you haven’t already to better help your protect your personal information.  Remember only you can prevent from getting your personal information stolen.

Skype has some Auto-Bots and Friendjungle.com

Paul

I was on Skype today and got an instant message from some girl:
skypespam

The Instant message goes like this:

hello there! I was checking people near me and i came across your page, and you seemed interesting.. 😉

Mary Fowler says: Im not crazy about Skype though … want to check out my picture and profile ?

use this link: http://www.matchshake.com/?id=4004&profile=rockergrl82

you just sign in (it’s free) to get to me, my username’s rockergrl82.

[ad]It looks like this is an Bot to help fool you into thinking it is a real person.  The link they give me is a redirect link that lands me on “Friendjungle.com”.  I am sure no matter what you answer with the question it asks that it will still send you a link.   You can however tell Skype to only allow chat from people on your contact list but that is totally up to you.   There is a story from the Rip-off Report about Friendjungle.com, so it looks like they went from text messaging to Skype chat.  According to Yahoo Answers, this is more or less a way for them to get money from you.   You sign up and before you realize it they are charging your card, so it looks really shady.   Although, To Friendjungle credit, they do have a scam section to help you report these types of incidents.   I don’t know if this works well or not but you can at least try.

There are some good comments about this Friendjungle on other sites that really make me wonder if they just don’t want your money.  If you get this type of message from someone, either through SMS or Skype, I’d just go along with my life and not register there are more better places to go to find your true love.

Why Norton users do it wrong with Passwords

Paul

I just read this blog post Phishing attacks on Facebook users point to efforts to mine login data for profit. After reading one of the suggestions on how to create a good password and I’ll quote:
< [ad]blockquote>1. Use complex passwords and unique ones for each site. My method? Pick one string of letters and numbers and then add the first letter from the website’s name. For example: if my password “string” were “abc123$” then my Facebook password would be “Fabc123$”.
Now I can see where this can be used to figure the password?  If people use this method they would still be able to figure it out over time.   Let’s say you use the same sequence of numbers and letters after each site you go to.  This would make it much easier for a hacker to figure out the other passwords.

I will keep saying this time and time again, remembering passwords for me is the past.  I’ve been using [intlink id=”2646″ type=”post”]Roboform[/intlink] for the past few months and haven’t had any problems.  I’ve also have them backed up to Mozy to help protect my passwords.  As long as you back them up with Mozy and Keep save a copy of it off your hard drive you will be much safer than trying to remember a good password.

If you would like to find ways to help backup your passwords or your valuable information please [intlink id=”3171″ type=”post”]check this out[/intlink].

Remember your Roboform passwords are stored at :

C:\Users\(your username)\Documents\My RoboForm Data\Default Profile (Windows Vista and Windows 7).

C:\documents and settings\(your username)\My Documents\My RoboForm Data\Default Profile (Windows XP).

Although Norton’s suggestions does help keep your a little more safer this can be easily used to brute force attacks because they probably have tried letters from the website just because they do think about these things. You should always have a really good password and [intlink id=”2646″ type=”post”]Roboform[/intlink] can do that for you and keep it safe.

Netspend sends out card that I didn’t order :

Paul24 Replies

netspendsite

I arrived home today with Netspend card in my Mailbox. The letter states that I ordered the card and it has arrived. So I am concerned because of the possible [intlink id=”2644″ type=”post”]Identity theft[/intlink] that could be going on so I call them to find out what the heck is going on.   I call to find out it who signed me up for this and to get some kind of information as to the people who had this information about me.   I ask for the financial service that “recommended me for this Card” because I want to make a phone call to them about the security concerns  about sharing my personal information.   I say that because they had my Name, my mailing address.  This isn’t totally hard to find had I had a Land phone but with me just having a cell phone.

[ad]I ask for the IP of the person who signed me up and they said they don’t have that information and they have no information on who did it.  This sounds  like a poor way  to offer pre-paid card that has a VISA logo.   I think this is poor security and if someone signs me up and uses my identity what ever happened to logs?    This is what is most concerning to me, because I would have expected if someone signs up they would at least keep the IP in case of some criminal activity to know if it was one IP that is making so many creation of cards.   This is a fundamental principle in financial institutions that hold our money.

I did a Google search for others who had this happened and I see a bunch of people complaining about the same thing.  Some of the more important topics were, Netspend Is A Fraud! and Unethical Pirates! I found some really concerning complaints from people around the US.  All these are concerning, I told them to close out the account and I will be watching my credit for the next 6 months.   I think this was unethical by both Netspend and the Financial service, due to the fact that I didn’t give the financial services permission to give out my information.   I don’t know if Netspend had my SSN but I didn’t activate the card so I don’t know but I am very concerned by the way Netspend did not keep logs on who and when something like this was done.   If I find out what financial service did this I will be contacting the FTC and BBB over this.   I want to hear if anyone else has had this happened?  I will advise everyone who has this happened to call immediately to close out the account and complain to appropriate people.  

Casino Spammers still user Yahoo for Spam : Could this be Malware?

Paul

It just shows you just how one Geocities was taken down by Yahoo who owns it, the spammers have to come up with more ways to get you to download there software.

[ad]In my previous post about [intlink id=”3199″ type=”post”]Casino programs[/intlink],  They were using Geocities to host the page for the link to the download.

casinosmartdownload

It seems to be linking to “http://bestwinscasino.com/SmartDownload.exe“.  From [intlink id=”3199″ type=”post”]previous post[/intlink] I talked about what that program did but I wanted to do another test with CWSandbox and see what has change. It looks like they must be having problems lately,  So If you want to do your own test and send me the link by all means.  I don’t know what is going on but, it probably is like the other post about wanting to do some bad things.  Virustotal has some anti-virus programs flagging this so I am unsure of the Harmlessness of this file but I wouldn’t install this software.  According to Avinti this program is a trojan dropper.  So Iwill let you decide on installing this software or not.

While the CWSndbox checks for malware, I went to Whois and looked up the domain.   Very interesting,  According to Whois this domain is located in China?  You don’t say, we’ve heard a lot of stuff coming from China from Graham Cluely Blog.  So it only makes me wonder what they are attempting to do now.  I do know never download a file you haven’t heard off

This is a good time to install some [intlink id=”2205″ type=”page”]Free Anti-virus and Free Firewall [/intlink]software to better protect your system.