Hackers – Paul's Tech Talk

5 Ways to protect yourself on Kik Messenger!

PaulFebruary 15, 2014

Understanding the Kik Messenger!

The Kik Messenger is just a little app that allows people to chat without the need to share you phone number. It has several things that help make people want to use Kik, and I am going to share some of them with you and hope that it helps you protect yourself from scammers. With any messaging app, you will always have bots and scammers who only purpose in life is to steal your money or your identity. It seems that I found a few that times when I wondered how they figure out my username. it really wasn’t hard to find me on Kik, I seem to keep Something the same and you could find me to if your really wanted to.

Don’t give out your Phone Number — It seems it is the easiest thing to do but if you give out your phone number to a complete stranger, you are just asking for trouble from people who are going to stalk you or harass you.

Don’t give out specifics — until you really start to be friends it is something that should be in your head at all times. Don’t tell them your personal stuff like where you actually work, or the exact model of your car. If you have to answer them, just generalize it to the point that it would make it really hard for them to find you after that. I wouldn’t say Lie to them but don’t speak the whole truth, until you are sure they are trustworthy.

Quick Repliers — If you find yourself getting almost instant replies from the sender, you can bet that it isn’t truely a person because even I can’t type that fast. It does not mean people who reply with yes or no answer are bots because most people are quick with those. if it is long text in under a minute, you can bet it is a bot!

Don’t share Pictures or Videos — If you don’t want your friends to see the picture or video, you really shouldn’t share it to some unknown bot or person on the messenger app. You really do not know who or What they will do with that stuff. It could cause your embarrassment in the future.

Don’t click links — Unsolicited links are just going to probably get your infected and thus you shouldn’t click on any links or go to sites that that the person says unless you know about that site personally. Just be careful what you do online and you are far better off!

If you use these tips, you are better off than before. Just remember that you do not really know the person unless you meet them in person. HOpe this helps!

WordPress Security Tips — For the untrained :

PaulJune 10, 2009

I was reading over at Malware Diaries, about a hacker that doesn’t secure his exploits. What gets me is that I am so surprised that he did that, then I thought about it and I read what Trend Micro had to say about it:

Creating a website is indeed a big task but, considering the present threat landscape, monitoring it and keeping it secure from attacks is a bigger one.
Website administrators have the responsibility to keep their systems malware free, secure web server files from unauthorized access, and keep their website clean of malicious codes, for their own sake and most especially, their visitors’.

[via Trend Micro blog]

[ad]Now admittedly Trend talks about the [intlink id=”3578″ type=”post”]Gumblar[/intlink] and how they compromise websites with either a FTP password stealer or and SQL Injection. These are a common practice with hackers and thief to get the credentials to use your server for their means. So I wanted to talk about some things you can do to better protect your WordPress blog. Since I have a WordPress Blog this was something I know about.

WordPress Security Scan — This is a great plugin to help you identify and also suggests how you can fix them to prevent a hacker from getting in the first place.

Block Wp-Folders from being Indexed — This can be done by going to your robots.txt file and making sure it says:

Disallow: /wp-*

Protect your Wp-admins folder — Attackers can use brute force attacks to without much waiting to get access to your Wp-admin page so you should:

Login Logger Plugin — This is good to see if anyone is trying to login and keeps a log for those instances where you might need to block a certain IP in the .httpaccess file section.

Limit Login Attempts plugin — This has a set amount of login before that IP is locked out for a certain amount of time. You can have it set to what you want an hour or more, it just depends on your preference.

Bad Behavior — This is a good little plugin to help with spam such as referral spam and comment spam. I’ve been using it for the past few months and my referral spam has dropped drastically to almost Zero.

These are just a few things I’ve done to help protect my blog and protect my community and users. I will not disclose everything because I have to keep those bad guys from getting in but I have I hope started you in the right direction. I would also suggest using something like [intlink id=”2646″ type=”post”]Roboform[/intlink] that comes with a password generator to use that with your wordpress login password. This will also help prevent from gaining access easily.

Twitter and the Acai Berry Spammers

PaulMay 24, 20092 Replies

Well According to Sopho’s There seems to have been some hacking going on for the Acai Berry spam. Some of the messages were:

It seems to be a random http://random.CN domain but we’ve talked about this in the past. Sopho’s isn’t sure how this happen but I have a suspicion that it was a Phishing attack done on the facebook users recent weeks that have the hackers going to other social sites and trying those passwords.

[ad]Although I agree with Sopho’s on making sure not to have a dictionary word, I also think users should take care of all your online accounts. As most people will become aware of is most users use only one password for all their accounts online or only have 3 different passwords for 20 different sites. This is something that needs to change and you can do that with [intlink id=”2646″ type=”post”]Roboform[/intlink] to keep your passwords safe and also to make sure they can’t guessed.

If you have been compromised on t witter and only use one password, you can bet all you other accounts have been compromised as well. You should change your passwords as soon as possible. You should also make sure in the future not to be tricked into giving out your password which is called Phishing, in which a site with a different url is made to look like Twitter, Facebook, and Myspace log in page.

Offline Update 5.0, Clone of Autopatcher to Some!!

PaulFebruary 3, 2009

Offline updater 5.0 has been released a couple months ago and I just realized it now. This is an excellent tool for IT professionals who want to keep all your Systems up-to-date with the last patches from Microsoft. The systems it supports are Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 x64, And Windows Vista / Server 2008.(32 bit and 64 Bit updates).

[ad#ad2-right]I find this a very useful program for people who have a multitude of problems, from not being able to get on the net to computer virus infections. This is really good for big businesses that want to update a lot of systems in easy way without having to wait for downloads of updates to install. You can take a DVD and update on the fly within Mins. DVD being Cheap or buying them in bulk helps saves time and money for the company. Less time spent downloading the updates and more time actually getting work done. As with the Conflicker, Downadup, and to some the Conflickr Trojan, if you got infected with that little worm. This would help install the updates that it prevented you from doing in the first place. I also found that once you download do the update the files are kept on the hard drive so you no longer have to redownload them again. You just update the updates every second Tuesday of the month and it downloads the newest patches and creates a whole new ISO for you to burn.

Q: How can I create the offline update CD images automate, for example via a “scheduled job”?
A: Create a new batch file in the “cmd”, eg “DownloadUpdatesAndCreateISOImage.cmd”. Add the desired calls of

“DownloadUpdates.cmd” and “CreateISOImage.cmd” with the necessary parameters in this new file. The file might for

example have the following contents:

@ echo off
call WXP download updates eng
call CreateISOImage WXP eng

Then set a “time-controlled contract” for the new script “DownloadUpdatesAndCreateISOImage.cmd” to your desired

time. For example, after each Microsoft Patchday create new images, select every second Wednesday of the month.

[Via The FAQ’s Documentation (Translated Via Google)]

As you can see you can have it do a script and be ready for you in the morning. You then just take it out of the drive and install where you need to install the day after the updates are issued. On another Note if you have clients who use Windows office Xp, 2000, 2003, 2007 then this will also help:

This is nice if you have clients who use the Microsoft Office Suites also. Some Malware will often try to infect people’s systems through a office script or some other vector. So this will also prevent infections or hackers from getting onto the system by updating this also. You can have this added to each and every DVD ISO you make to include these as you update the patches also.

Download:

Offline update 5.0 Download site

Official Site for Offline Update (Translated into English)

Brace for Impact, Brace for Botnet! (Conflicker Worm)

PaulJanuary 24, 2009

The Worm that has infected 6% of Personal Computers is starting to build into something totally different. According to some Researchers, they are saying this has to happen soon. And I’ll quote:

In any case, today seems better than the day before and we think that growth of Downadup has been curbed. Disinfection of the worm remains a challenge.

[Via F-secure]

[ad#ad2-right]Although this sounds like it has stopped, I don’t think so I am sure the worm will get even bigger. I don’t think it has been curbed we might have a rest period before the Worms tries again.

“Why is it taking so long?” asked Huger. “That’s what we’re all asking.” He couldn’t recall an attack of this size with such a long lag time between the initial attacks and follow-on downloads of more malware to the hijacked systems.

[Via PcWorld]

Now We know this exploit is being patched as quickly as possible in some areas of the industry but that leaves the question? What isn’t being patched, I am guess the next stage of this worm is mutant into a new worm much like the way it tries to communicate to download new software or instruction. I believe it will be using a newer exploit so that it can infect even more computers. I also think it will be a botnet and so does others.

But he also pointed out that the clock is ticking. “If they don’t hurry up and do it, someone else will,” he said, explaining that hackers must fend off not only security researchers, but also other criminals, who would like nothing better than to pinch a ready-to-use botnet.

[Via PcWorld]

So they are going to use this Downadup Worm soon, I am counting on it. Somethings for IT professionals to prevent more infections are to make sure you have patched the latest security holes before they exploit that. Like my favorite program, the Clone of Autopatcher, which you can create a month by month patch DVD to install on all important systems. IT professionals must not start getting relax, because of people saying it is on the downfall. In nature there are always going to be periods of rest before growth. So I am sure something will happen rather quickly, and probably in the next week or two.