Month: April 2010

Under account, Privacy Settings, Applications and Websites you’ll find a new option:

Facebooks states:

Allowing instant personalization will give you a richer experience as you browse the web. If you opt-out, you will have to manually activate these experiences. Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application. Learn more.

By default they have this option ON.  If you don’t want your information automatically shared with 3rd party sites uncheck this option.

This was in my inbox today…

The email address it was sent to isn’t the email address i use for my fb account.  And seriously, is there any legitimate use for zip files inside of email anymore?

Common Sense:  Don’t even bother with zip files as attachments in email messages.  If you need to move data try dropbox or iFolder or some other transport system.

My wife pointed out that facebook wouldn’t address me as “Dear user of facebook” they would say “Dear John”, they wouldn’t sign it “Your facebook”, and they would ask me to log in and change my password, not send me a new password.

I just got this group message from someone i know (but never gotten a message from before)

asking me to go “check out this interesting article”  DANGER WILL ROBINSON.  This is a common way of saying let me scam your money.

Their wasn’t a link on this but a typed out website.  So i typed that website which was a spoof from a common reputable news source. With a character added to the address.  Firefox immediately told me not to go any further, it was a scam.  Ok.. so i tried on IE (because i knew it wouldn’t block me) and this is what i saw.

They scraped the site from the reputable news agency, and added some links “Google Pay Day” Which takes you to what looks like a very well done version of an advertisers page.  Allot of time and money went into this one.  Obviously they are making quite a bit from it to justify the expense.  Don’t be fooled into adding to their pockets.

Common Sense: If something looks suspicious, take extra caution to be sure your getting what your want to get to.  Only use websites you recognize, not only by look but by URL too.

The actual site seams to be owned by someone in China.  (Darn Chinese Hackers (inside joke))

Registrant Contact:
YAN HUA
HUA YAN
053182149514 fax: 053182149514
LONGSHANLU18
JN SD 250019
cn
Administrative Contact:
HUA YAN
053182149514 fax: 053182149514
LONGSHANLU18
JN SD 250019
cn
Technical Contact:
HUA YAN
053182149514 fax: 053182149514
LONGSHANLU18
JN SD 250019
cn
Billing Contact:
HUA YAN
053182149514 fax: 053182149514
LONGSHANLU18
JN SD 250019
cn
DNS:
ns1049.websitewelcome.com
ns1050.websitewelcome.com
ns1.lilil2iili.com
ns2.lilil2iili.com
Created: 2010-03-30
Expires: 2011-03-30

Update: 4/11/2010 Got the same message today this time asking for Local8News.net but the same scheme.

as more and more people become aware of all the bad things out there in the tangled mess of the interweb, most people just take for granted that their antivirus software is actually working.

I have a stock pile of known virus’s but they are not what i would want to use to test an otherwise healthy computer with, hence the EICAR test virus is the perfect solution.  Back when i first started using EICAR it stood for European Institute for Computer Antivirus Research.  Now EICAR is just known for their name as an security company rather than just AV.

You can download the test virus’s from their website,

http://www.eicar.org/anti_virus_test_file.htm.

The signature of the file is designed to set off any virus and label it as the EICAR Test-Virus but no actual harm is done to your computer if the antivirus doesn’t catch it.  It does give you the chance to see if your antivirus is actually working and picking up treats.

not willingly i hope though.  Got this email from her a few moments ago.  It was from someone i knew so i didn’t hesitate to open and investigate further. 

The email was also CC’d to other friends and family members i knew.  It had these three thumbnails with links.  I didn’t recognize the people in the images.  There were not actual embedded attachments (kind of odd) i checked the link to see if it would actually go to an image and found it wanted to take me to:

http://downx05.h12.ru/

Taking me to a Russian website.  At the time i attempted to investigate the site further it was being overwhelmed by request to try and access that site.  Those poor souls…

Common Sense People:  If your not expecting people to send you files, be weary.  If it looks suspicious.. it probably is.

I must have done it in my sleep because i don’t ever remember opening a checking account with Yorkshire Bank. Come to think of it.. i don’t even know where to find my local Yorkshire Bank. 

This should be the first sign of a bogus email.  But for those who actually DO have a Yorkshire account it may appear legitimate.  Clicking on the link does not take you to the bank however.  It goes

http://mk.volina.ru/includes/patTemplate/patTemplate/Modifier/HTML/fullPassword.ctl.htm

FireFox, Chrome blocked the site, IE reported it as unsafe but brought it up

The site would then ask for your customer number, your password, all three of your security questions and answers as well as your email address.  After entering such information and submitting would take you to the actual bank’s site, http://www.ybonline.co.uk/personal/ib-logout  but by then, it’s probably to late.  you’ve just give all your sensitive information to the Russians. 

Common sense: If you bank does send you an email, log on to your banks site yourself.  don’t use any enclosed links.  That way you know your not being directed somewhere else without your knowledge.