Archive for the ‘Uncategorized’ Category

One of the new features in Windows 10 is called “Wi-Fi Sense“, which is supposed to simplify access to Wi-Fi hot spots.

At first, this sounds like a good idea… when there is an open Wi-Fi hot spot visible, it will simply connect to it, no fuss, no muss.

However, there is another feature, where you can be automatically connected to password-protected Wi-Fi networks, if any of your “friends” have connected to it in the past.  Convenient?  Perhaps.  Security risk?  Definitely.  After all, the sharing works both ways.

That is, if a computer with Wi-Fi Sense enabled connects to your password-protected network, your password will be shared with all of that computer’s “friends”.

Here’s an article on “Ask Leo” that explains things further.

So, make sure not to share networks with your friends, and if you ever put your network password in for someone else’s computer, follow the directions in the above articles to make sure that they don’t share your network with their “friends”.

With the Boston Marathon bombing, and the fertilizer plant explosion in Texas, there’s been an upswing in spam with eye-catching headlines like:

Video of Explosion at the Boston Marathon
Boston Explosion caught on Video
Texas Explosion Injures Dozens
Fertilizer plant explosion near Waco, Texas

What they all have in common is the e-mail contains just a single web page address, such as:

Continue reading ‘Don’t fall for those “important news” e-mails’ »

Okay, so the site hasn’t been updated for some time now. I know that. Sometimes, life just gets in the way, and things just need to take a back seat.

If you look over in the “Blogroll” (usually right over there in the upper-right corner of this page), you’ll find a link to, among others, “Ask Leo”, one of my regularly-read tech blogs. Leo recently took a sabbatical from his blog, and is now back. (You can read his blog post about it here.)  I’ve decided that I should use this opportunity to “reboot” this blog, and get it going again.

I have numerous items I put aside in a “RunOnFriday ideas” folder.  I guess it’s time to start using them.

And, for those of you who found this blog due to Leo’s pointer to it (BTW — thanks!), welcome.  I hope you find it useful.

If you ever need a good resource about spam — what it is, why it’s bad, and what you can do about it — check out SpamPrimer.com.  It only takes 15 minutes to read the entire site, and it’s well worth the effort.  (So much so, in fact, that I’ve added a permanent link to it on this blog’s sidebar.)

The Spam Primer started in 1996 as a way to help people deal with a new problem: spam. Even then, author Randy Cassingham realized spam would become a huge problem for everyone who depends on e-mail (and it has: it’s estimated that about 90 percent of all e-mail traffic is spam, which makes it difficult for legitimate e-mail to get through, and to find it among all the garbage!)

The next time you hear someone say “what’s the big deal, just delete it” (or worse, “just click the unsubscribe link”), send them to SpamPrimer.com.

For those of us who follow our BlogTalkRadio show, you may have noticed we haven’t had one for a few weeks.  It’s just the usual end-of-summer/back-to-school rush at the end of August that’s been keeping us too busy.  We plan on resuming our show soon, though we will probably be mid-week rather than Sunday.

BTW, I wanted to post this on our BTR blog, but they have removed that feature.  (Existing posts remain, but you can’t add or change posts.)  So much for the “B”.

The latest mass attack to hit my inbox has been a deluge of fake LinkedIn notifications. Coming in the guise of a new message from one of your LinkedIn contacts, it’s actually an attempt to infect your system with a trojan, which will probably let “the bad guys” steal your passwords, or take remote control of your system, which will be added to their ever-growing botnets.

Now, I don’t have a LinkedIn account, though I do get the occasional “real” e-mail from them with an invitation to join from someone I know. But, even if I did have an account, I would like to think that, upon opening my e-mail in the morning and finding 217 identical messages from overnight, red flags would be going up for just about anyone.

So, what’s the payload?

Continue reading ‘Deluge of fake LinkedIn notifications’ »

There was a rather, umm, “interesting” theme in today’s batch of spam that made it through my filters. Here’s a screenshot of the subjects, after deleting the dozens of duplicates.

Of course, the attached  HTML document, supposedly a link to a news report about a plane crash, was instead an obfuscated Javascript program which would attempt to download an infection. (I didn’t bother investigating what, exactly, that infection was.)

Another common type of e-mail fraud is called “phishing”. Basically, they pretend to be someone else, in an attempt to get you to reveal personal information, just as login and password, or your social security number. (Or both.) Many of these can be rather sophisticated, mimicking the real website down to the slightest detail.

Some, on the other hand, are so poorly done, you have to wonder why they bother. The reason is simple… because people fall for it. When you send out a million phishing e-mails, it only takes a very small fraction to fall for it to make it worth their effort.

Here is a recent example of a “so poorly done, it’s gotta be obvious that it’s a fake” phishing e-mails:

Subject:  Business Online Banking Account Alert!

—–

You must submit verification documents to continue using your account without interruption. To view the details of this request and submit the required information, click on the following link (or copy & paste it into your web browser):

http://[elided]/Upload_documents_blank.exe

We thank you for your assistance in this matter.

So, let’s take the 30-second “what red flags does this raise” tour:

Continue reading ‘Do people really fall for this? Part 2’ »

It’s hard to imagine, but people still fall for scams like this all the time.

I just got another “you won the lottery” spam e-mails. This one was supposedly from “MICROSOFT CORPORATIONS”(sic), and contained the following message:

You have been awarded the sum of £1,625,000.00GBP in the MICROSOFT EMAIL PROMOTI
ON AWARD 2010.Cont  Mr Mark Anderson with your names,address,phone and Country to
[elided]@w.cn.cn or call +4470-[elided] for moreinformation on this award.

With the exception of removing the username part of the e-mail address, and the rest of the phone number, that is the exact contents of the e-mail, spelling and line breaks as-is.

With so many obvious “this isn’t real” warning signs, I find it hard to imagine that people still fall for this. Yet they do.

Continue reading ‘Do people really fall for this?’ »

A recent article in eWeek tells how the FBI has indicted 3 people in a $100 million rogue antivirus scam.  While it’s only an indictment, and not an arrest or conviction, at least it’s a start.

Three men have been indicted in what the FBI described as an international cybercrime operation that sold $100 million in rogue antivirus software to victims in more than 60 countries.

Can you imagine the number of victims, and the number of infected systems, from $100 million in sales?

Remember, if you get a popup from a program you don’t remember installing, with a link to buy a program to clean the infection, it’s probably a scam.  Don’t click on the link!