Account – Page 2 – Paul's Tech Talk

When do you “Never Fold”

PaulMarch 5, 2009

So I got this email and wanted to show you just how try to get you to link to their site:

I got this email and wanted to talk about how people link to sites they shouldn’t. Although this a real site, I had my doubts from the get go. You see it talks about sending 21 visitors to my site. I got to the site Neverfold.net which after I looked and there I am but I wonder why? Because Poker and Calicanis have nothing in common with Poker or at least news and all that.

[ad#ad2-right]As you can see when you go to that site via the link he gives me, which by the way if you weren’t paying attention is a hidden link with Neverfold.net/?pg=YKchR. As you can see this is a way for him to know when you click it to put your name on the forum page. You can tell because Ref: YKchR is at the bottom of the email. This is most likely a generated email by a bot, I did even more research to find out more information. I found out that the so call 5k to 7k page views were bogus. I checked with Alexa, and I find out this:

In the last few days the of this site they have dropped from 2k per day to under 1k because of links dieing out. You see Google takes the page rank out when you don’t have any new people linking to you in 3 months. So I am guessing this has been going on for quite some time. So I had to make sure before I said anything, I did a Google search for my name in there forums and I came up with nothing. I am guessing there is a Nofollow links going on. So I thought I would also make sure to add the Nofollow link. I also know about Google Juice and how it works and know about the No follow. I have read how others are not quite sure what is going. Found this Gambling Forum where they were talking about this type of email and they weren’t to sure about this site. I love how people think you’ll link to them without doing some kind of investigation. I encourage all webmasters if you get an email like this you should do your own investigation and not expect the email to be truthful. Since this email isn’t being truthful to me, I feel no obligation to give it any more than it is due.

Gmail Vulnerable to a Change PW Attack!

PaulMarch 3, 2009

Securiteam has made an announcement that Gmail has an issue. I will quote:

GMail is vulnerable to CSRF attacks in the “Change Password” functionality. The only token for authenticate the user is a session cookie, and this cookie is sent automatically by the browser in every request.

[ad#ad2-right]An attacker can create a page that includes requests to the “Change password” functionality of GMail and modify the passwords of the users who, being authenticated, visit the page of the attacker.

The attack is facilitated since the “Change Password” request can be realized across the HTTP GET method instead of the POST method that is realized habitually across the “Change Password” form.

[Via Securiteam]

One way to prevent this to a point is right now having GMAIL automatically connect securely. You would go into your settings in gmail and make sure it uses https connection:
This is one way to prevent the cookie attack but is still needing to be fixed. Since it is using the HTTP GET method it should use the HTTPS method as soon as you try accessing the site. Google needs to change to the HTTPS Get method instead to prevent this type of attack. If you have any other ideas for Google just leave a comment.

A fan wants to Release Windows 7 Now : My Security Concerns

PaulJanuary 29, 2009

After reading about this from PcWorld, I’ve went to check this site out. I went to his twitter accoun(Kelly Poe) to find out the site he put up and I am quite impressed. Here are few things that I am concerned about starting with the website.

[ad#ad2-right]I love the idea and all but I am quite concerned with the privacy of my email account. I don’t know if you have to submit your email account but I would caution people not enter one until the site says what it will do with your email address.

Now that being said that’s the only thing I can think of when it comes to security for your email address, you don’t want to someone to give out your email address to spammers. That would just make it even worse for your email account. You could however use a 10 min Email account to use but that might make it harder for Microsoft to contact you if they want to verify these accounts!!

Now my main concern is Windows 7 right now and Security. You know the Conflicker/Conflickr/Downadup Worm is currently loose on the internet. It uses the the Ms 08-067 Exploit and currently Windows 7 does not protect against this Worm in fact Microsoft has released information that you would need to install the updates manually to fix this problem.

Some vendors are yet to develop for Windows 7 beta due to it being a beta. Some others like Security Vendors are offering protection for Windows 7 Beta. This is mainly the Anti-virus software group, I would like to see more people embrace windows 7 as much as the security groups. Although this is the first step it would need to be more open response from Manufacturers and dealers alike they would need to get it to work making sure their drivers and such will work good with Windows 7. This is where it takes time, that is why I am glad it is a beta, it allows vendors and Companies a like a chance to test out their software and Hardware and even their drivers before the release.

Before I support this, I would like to see more happen to Windows 7 in some areas. For instance I’d like to see more compatability and more drivers and software that works for Windows 7. I’d also like to see Microsoft to take Windows 7 Beta Serious and Keep the Security up on it and not let it lapse. I’d want Microsoft to send out patches for Vulnerabilities just like Vista and keep people’s system updated so you don’t have to update them manually. I just hope Microsoft takes Apple’s example to heart and release Windows 7 without having to have several versions of the same Operating System.

sinowal.trojan Problems.

PaulDecember 4, 2008

Trojan-PSW:W32/Sinowal.CP drops and loads a password stealing component on the infected system and tries to steal account information from it. It also tries to steal information that is required to access certain online banks’ and online payment systems’ websites.

[via F-secure]

[ad#ad2-right]It seems to be a very hard virus to remove but there are ways to get rid of this virus. Some tips and tricks to get rid are:

Check out my Anti-Virus Page

Computing.net

The Geek Police

How to Detect Sinowal

This are the beginning steps to get rid of a Virus but it will be a really hard virus because it wants to stay in your system. You should also Restart in Safe mode and Try to remove that virus that one. You will also want to disable your system restore due to the fact that it will be in there and might come back if you restore your system. Just some simple tips to help keep you safe on the net.

Facebook Virus strikes again

PaulDecember 4, 2008

“Look you were filmed all naked!” read the subject header on one iteration of the virus-spreading message, which is being sent automatically from infected accounts to the “friend” list for that account. Clicking the link usually takes users to a page that looks like YouTube, and a pop-up message advises the user to download a Flash plug-in. The download contains the virus, which replicates by contacting everyone on the victim’s Facebook friend list and advancing the hoax.

[Via Boston Media]

[ad#ad2-right]This is a good social engineered attack, they seem to have you download a virus into your system. I Keep talking about how you need to be careful with emails. I also suggest that you do a complete Virus scan if you think you’ve been hit with this. There is only one way to prevent yourself from getting this little facebook virus and that is not to click it. Some other things to consider if you found out this was a virus is to contact the person who sent this to them so they to could do a virus scan on their system.

It is always going to be something to be hard, because these people are using social engineering. It seems they are trying to prove a point, even Macintoshes can be vulneble to this attack. If you get anything through you email from people saying they seen you naked or got pictures of your butt, I’d suggest, not clicking those links.