With the Boston Marathon bombing, and the fertilizer plant explosion in Texas, there’s been an upswing in spam with eye-catching headlines like:

Video of Explosion at the Boston Marathon
Boston Explosion caught on Video
Texas Explosion Injures Dozens
Fertilizer plant explosion near Waco, Texas

What they all have in common is the e-mail contains just a single web page address, such as:

Continue reading ‘Don’t fall for those “important news” e-mails’ »

Okay, so the site hasn’t been updated for some time now. I know that. Sometimes, life just gets in the way, and things just need to take a back seat.

If you look over in the “Blogroll” (usually right over there in the upper-right corner of this page), you’ll find a link to, among others, “Ask Leo”, one of my regularly-read tech blogs. Leo recently took a sabbatical from his blog, and is now back. (You can read his blog post about it here.)  I’ve decided that I should use this opportunity to “reboot” this blog, and get it going again.

I have numerous items I put aside in a “RunOnFriday ideas” folder.  I guess it’s time to start using them.

And, for those of you who found this blog due to Leo’s pointer to it (BTW — thanks!), welcome.  I hope you find it useful.

If you ever need a good resource about spam — what it is, why it’s bad, and what you can do about it — check out SpamPrimer.com.  It only takes 15 minutes to read the entire site, and it’s well worth the effort.  (So much so, in fact, that I’ve added a permanent link to it on this blog’s sidebar.)

The Spam Primer started in 1996 as a way to help people deal with a new problem: spam. Even then, author Randy Cassingham realized spam would become a huge problem for everyone who depends on e-mail (and it has: it’s estimated that about 90 percent of all e-mail traffic is spam, which makes it difficult for legitimate e-mail to get through, and to find it among all the garbage!)

The next time you hear someone say “what’s the big deal, just delete it” (or worse, “just click the unsubscribe link”), send them to SpamPrimer.com.

I’ve been getting a flood of phishing attempts, supposedly for a “failed ACH payment”.  In fact, there are times when, in the time it takes me to delete the ones that made it past my filters and into my inbox, a dozen more show up.  Out of curiosity, I checked my spam filter, and found this:

Continue reading ‘Spammers are nothing if not persistent’ »

Here’s a question for you.  If you wanted to create some piece of malware that would survive replacing the hard drive, flashing the BIOS, and reinstalling the O/S from a clean set of disks, and with no network connection, how would you do it?  Seems impossible, doesn’t it?  How could an infection get back in without any way for the infection to have survived the “wipe and start over” process?

Well, a well-known hacker named Charlie Miller found a way… the battery.

Continue reading ‘Latest security risk — your laptop’s battery’ »

(By Leo A. Notenboom of Ask Leo!)

Have you ever had a new toolbar suddenly “appear” in your browser? Although it might not seem like you agreed to install it, the likelihood is that you did.

Continue reading ‘Say No Thank You to New Toolbar – Opt Out During the Installation Process’ »

For those of us who follow our BlogTalkRadio show, you may have noticed we haven’t had one for a few weeks.  It’s just the usual end-of-summer/back-to-school rush at the end of August that’s been keeping us too busy.  We plan on resuming our show soon, though we will probably be mid-week rather than Sunday.

BTW, I wanted to post this on our BTR blog, but they have removed that feature.  (Existing posts remain, but you can’t add or change posts.)  So much for the “B”.

We’ve all seen those phishing e-mails, trying to steal your login information for banks, credit cards, and what-not. They all start “something bad happened, and if you don’t ‘confirm’ your identity within 72 hours, we’re going to delete your account”. So, when an e-mail with the subject “SourceForge.net passwords reset” hit my inbox the other day, I was a bit suspicious.

However, what followed did not look like your typical phishing scheme. In fact, it was a real e-mail from SourceForge.net.  Here’s the main part of the e-mail, along with my thoughts on what they did “right”.  (As well as what they could have done “better”.)


We recently experienced a directed attack on SourceForge infrastructure
(http://sourceforge.net/blog/sourceforge-net-attack/) and so we are
resetting all passwords in the sf.net database -- just in case.  We're
e-mailing all sf.net registered account holders to let you know about this
change to your account.

So far, it’s not much different than all those phishing e-mails we’ve seen. (Well, except for the use of proper English grammar and spelling, that is.) But, it continues… Continue reading ‘SourceForge.net does it right’ »

What’ s the best anti-phishing tool? According to a recent “Ask Leo” article, the answer is “you”. And I heartily agree.

Phishing is interesting, and difficult to protect against.

But I do have a strong recommendation for the absolute best anti-phishing tool.


You are the best anti-phishing tool. In fact, in some cases you are the only possible anti-phishing tool.

Click here to read the rest of his article.

The latest mass attack to hit my inbox has been a deluge of fake LinkedIn notifications. Coming in the guise of a new message from one of your LinkedIn contacts, it’s actually an attempt to infect your system with a trojan, which will probably let “the bad guys” steal your passwords, or take remote control of your system, which will be added to their ever-growing botnets.

Now, I don’t have a LinkedIn account, though I do get the occasional “real” e-mail from them with an invitation to join from someone I know. But, even if I did have an account, I would like to think that, upon opening my e-mail in the morning and finding 217 identical messages from overnight, red flags would be going up for just about anyone.

So, what’s the payload?

Continue reading ‘Deluge of fake LinkedIn notifications’ »