All Posts by Paul

MobileMe Who me? Could this be Phishing?

Paul
Photo By : Richard Thomas
Photo By : Richard Thomas

MobileMe one of Apples latest software packages, recently started getting emails claiming they need to update their credit card information.

 

It seems that along with Twitter, Facebook, and PayPal Phishing are on the rise. I know this was going to happen do to the fact of the recession. I’ve seen more and more attempts to send people to the Canadian Pharmacy and to sell you drugs that I wouldn’t recommend buying it online.

 

Some things I am wondering is when will Apple release they are having to protect their consumers from these types of attacks? I’ve talked about the Apple Botnets and how they will become more and more prevalent due to the fact users think they can never get a virus. See the Apple Ads in 2007 to prove my point.

 

So let’s talk about online safety, and help those who might need help. Some of my thoughts to help keep the Apple People happy are:

 

  • [ad]Don’t go Downloading Illegal stuff – This is mostly how they malware authors are getting Mac users to install malicious software. You think you downloading the I-Life 09 but are really installing a virus.

  • Don’t click links in Email – This is so tempting because it easier to just click and have it open up automatically but most of the time if you click a link that says it is going to http://www.apple.com/support (That is how they fool you).

  • Don’t give out your email on twitter – This is also something you should follow more and more, because you don’t want to get a virus or spam from making your email public. There are ways to see your deleted twitter message so that isn’t going to be hard to find those emails.

  • It’s time to install Macintosh Anti-virus software – Yes you heard me, I know there are a few Mac Anti-virus software’s out there. You should also make sure to keep that up to date.

Now is when Apple should start suggesting security, but they have stopped recommending it for so long. The Malware authors are getting restless with anticipation. I can only guess what they will try next but it will happen. Sooner or later you will get a virus so bad that Apple will start recommending it on there site. When that day comes, I’ll be so happy because that means Apple software isn’t that bad. I just hope Apple realizes it before it’s too late. They’ve had so much Apple don’t Virus propaganda thrown at it’s consumers it is no wonder they aren’t worried about Security.

Free Anonymous Browsing with Opera-Tor

Paul

2588641284_603490d6d1_m Photo by Philip Chapman-Bell

Anonymous browsing is something of huge interest to the Internet users, who are very particular about their online privacy and security. There may be many reasons and situations, when you might be interested in using internet anonymously; for instance, you may be working on a public place and do not want to leave the traces or you may not like your family members or office colleagues to know what you have been doing online. Whatever be the reason, but still, it is an area, where a lot research is to be done.

 

How Anonymous Browsers Operate?

At present there are two dominant techniques used by various anonymous browsing tools. One is the use of JAP Networks, which was used hugely used earlier but later it ran into controversies after a backdoor had to be put into the product to allow interception of child pornographers on insistence of German Police.

 

The second technique is the use of Tor (The Onion Ring), which only allows anonymous browsing but also facilitates other applications like anonymous P2P, email, IM, and IRC chat. This technique is dominantly used in present day anonymous browsing tools.

 

Operator – A useful anonymous browser

 

OperaTor is small and relatively fast anonymous web browser, which combines the browsing platform of Opera, with privacy provided by Tor engines and the speed of browsing provided by Polipo.

 

You can download this 7MB application in your USB drive and carry it whenever you need to use a public computer for anonymous surfing.

 

In my testing, I was pleasantly surprised with the speed of browsing, which I was getting with this little tool. I had earlier used XBBrowser for anonymous browsing, but it was too slow, as compared to Operator. In fact, there was hardly any noticeable difference in the browsing speed as compared to my normal Opera browser. This is because of Polipo, the small caching web proxy, that comes bundled with Opera-Tor.

 

Since Operator allows only http and https protocols in anonymous mode, you should avoid Javascripts and Opera’s IRC functions running through it.

 

Some people complain that it has not yet released the source code of itself. But my view is that unless you are hard-core programmer and really need to tweak the source code, why should you worry about that. After all, trusted networks like CNet says OperaTor has been tested spyware free and Softpedia gave OperaTor its 100% Clean award. Major antivirus vendors, like GData, Kaspersky, McAfee and Microsoft, confirm that OperaTor contains no malicious software.

 

Overall, one of the best applications for anonymous browsing available today.

[This is a guest post by Silki Garg. She advises on how to eliminate spyware, online threats and malware detection, on her Internet Security Blog. A visit to her Blog is highly recommended. You’re sure to find something of interest.]

 

 

JSRedir-R/Gumblar The underlying problem!!

Paul

Some people have made comments about there website being hosted to Malware injection into there site.  I’ve been seing a Lot of talk about JSRedir-R/Gumblar found to be the biggest malware threat on the Web.  They estimate that it is 42% of infected websites to be carrying this malware threat, last week.  I have heard some think it is weak login creditals.

[ad]See the Graph from Sophos about the percentage.  I also wanted to tell people how to identify if you have the infection or not.  This is very important to check because people are letting this Malware spread and all.  

I on the other hand think the way this is spreading is a Cross Site Scripting vulnerability for these websites but there are a few websites that do keep your login cache on your system.   I would recommend if your a web site owner to have your cache deleted everytime you exit your web browser.   This should in theory help prevent Cross Site scripting and Website owners should also either buy [intlink id=”2205″ type=”page”]Anti-virus and Firewall software or install the Free version[/intlink] to better protect your website.

Just like the[intlink id=”3308″ type=”post”]Twitter Cross Site Scripting tom foolery [/intlink]this is my theory on how websites are being injected with this malware.   It is however just a theory.  I was never logged into my account on twitter through my web browser when this happened and that is what kept me from spreading it to my Twitter users.   You should also consider always logging off your web site when your done doing what you do!   Just my thoughts on the matter,  Remember only you can prevent from getting a Virus.

You’ve got hacked thanks to Twitter : Don’t “email me at”

Paul

I was reading a blog post about Spammers Harvesting Sorrow From Twitter.

Something came to my mind, so I did a little research and a lot of thinking and it finally came to me. It is easy for someone to find your email and use it for there own means. There are several different scenarios I can come up with:

    [ad]

  • Impersonating someone you know —  It is quite simple to find out who we know and who we follow.  You can always find someone who you don’t know the email address of and make it seem like your them to get even more information from the person.

  • Receiving Viruses, Trojans, or worms —   Although if you have a good Anti-virus this one won’t be getting to you but  according to ESET : 10 percent of computer users didn’t know if they had anti-virusware installed. This means that there are going to be some success for malware authors to send out a virus to every who twitters there email address and still have success.

  • Try to guess your password —  If they have your email address, which is almost like your SSN in some respects, they could go to Facebook and try to get into your account by doing a Dictionary attack or a Brute Force Attack.  They may even try to hack into your email address just to get access to all the other accounts.

I am sure I am going to miss others that could possibly happen but this isn’t about what could happen this is about ways to prevent this type of stuff.   Chris Pirillo seems to think that if we use the “AT” and “dot” in place of the real things that no Bot would be able to figure that.   I say no because this is the easiest thing for a bot to do is to copy everything after the “Email me at”  and put it in a text file.   Then the person harvesting the email address would just have to go through and find all them that have the “dot” and “at” and change them to what they should be.  I have been watching the search terms for the last few hours and it seems there is a new person posting there email address every 5 minutes or so.  Have you don’t it in the past?

In short, if you want someone to email you it is always best just to send a Direct message to them so no other eyes can see it.  I’d also suggest installing some [intlink id=”2205″ type=”page”]Free Anti-virus and Firewalls[/intlink] if you haven’t already to better help your protect your personal information.  Remember only you can prevent from getting your personal information stolen.

Skype has some Auto-Bots and Friendjungle.com

Paul

I was on Skype today and got an instant message from some girl:
skypespam

The Instant message goes like this:

hello there! I was checking people near me and i came across your page, and you seemed interesting.. 😉

Mary Fowler says: Im not crazy about Skype though … want to check out my picture and profile ?

use this link: http://www.matchshake.com/?id=4004&profile=rockergrl82

you just sign in (it’s free) to get to me, my username’s rockergrl82.

[ad]It looks like this is an Bot to help fool you into thinking it is a real person.  The link they give me is a redirect link that lands me on “Friendjungle.com”.  I am sure no matter what you answer with the question it asks that it will still send you a link.   You can however tell Skype to only allow chat from people on your contact list but that is totally up to you.   There is a story from the Rip-off Report about Friendjungle.com, so it looks like they went from text messaging to Skype chat.  According to Yahoo Answers, this is more or less a way for them to get money from you.   You sign up and before you realize it they are charging your card, so it looks really shady.   Although, To Friendjungle credit, they do have a scam section to help you report these types of incidents.   I don’t know if this works well or not but you can at least try.

There are some good comments about this Friendjungle on other sites that really make me wonder if they just don’t want your money.  If you get this type of message from someone, either through SMS or Skype, I’d just go along with my life and not register there are more better places to go to find your true love.