Posts tagged ‘phishing’

Qalys, Inc

Got a good-looking newsletter today from them.  SANS, whatever that is.  It indicated it was opt-in; I find it unidentified.  A lot of the information was valid.  I strongly suspect this is high-quality phishing.

Oh.  When I say it was opt-in…I didn’t.  Treat this thing like garbage, unfortunately, and dispose of it, unless anyone has more news.  There was valid data in it, too, which would be characteristic of a hacker.  DO NOT UNSUBSCRIBE!!!

–Glenn

December 10, 2008 at 9:49 pm Leave a comment

finallyfast.com

Don’t go there.  It is a phishing site; even if you don’t bite on giving out your credit card number, this is the same trick with new suit.  Why they manage to advertise even on late-night television is beyond me.  Don’t go there.

–Glenn

October 28, 2008 at 5:57 am Leave a comment

Avoid DNS Poisoning: USE Open DNS

I’m going to go into the DNS thing in a bit more detail later, probably.  DNS is a Domain Name Server.  As I recall–being senile, I’m probably wrong [I’m not] you had to type in the whole thing, http[s]:/ etc. and at least sometimes actual IPs.  If you go to Open DNS you’ll see an example.  You don’t have to set up your router, if you have one.  The internet actually “sees” your router as one IP address.  This is an added layer of (trusted) protection named at the Black Hat Conference.  That’s not fedoras, it’s hackers.  So I hear, never having known how to program.  Here’s one of Erik Larkin’s comments on lines of protection: “5. Your fix-it options: Apply the patch for your particular DNS server.  Or switch to a protected service like Open DNS where you use their servers.”  [If you don’t use a router, then your Internet Service Provider is the source of your servers…which pretty much means you actually just use their servers.  Nor have any of the providers been particularly speedy or adept at applying any fixes.  That may–not that I sympathize in the least–have been because the management felt overwhelmed and unable to dedicate enough tech support time.  If I were daring, I’d say it was actually mainly because they didn’t give a damn, but I believe in, well, everything.  It’s why I’m so cheerful.  Note that I linked to Erik’s article twice, because it’s nearly a must-read for anyone who uses the internet, especially for businesses.  It’s serious, and it’s a simple fix.

–Glenn

August 12, 2008 at 1:39 pm Leave a comment

Warning of a critical MS Word flaw/A further word (again) on protection

Which is something very new.  It’s also astonishingly new that it leads to self-executing routines.  As I remarked there (doesn’t mean it will be allowed to show), news of worms dates to ancient times.  Like Brunner’s Shockwave Rider.  I was even alive then, not all that astonishing considering I am a Vietnam vet.

 

There’s also no tip at all given that I see as to avoid it.  You can avoid this kind of flaw in any kind of document, no matter what kind of executable file it uses.  Open and save it in a simple text editor, one that doesn’t allow for executables within it.  You’re pretty close to safe if you just open it and then immediately save it in that kind of format without taking any other actions.  Particularly don’t do any tracking of changes.  If you do that trick–saving in a *.txt-like format–delete the original.  Then do something really racy and empty your recycle bin.  And in general if there are hyperlinks in something that’s sent to you, at least google the ip address.  If you don’t know how to do that, think about not going there or just doing a search for whatever the document (or whatever you call something not in *.doc format) is, on the internet.

 

To make it simple.

 

Your default should be not to click on links in the Internet unless you’re dam’ sure you can trust ’em.  Then you should just think about it.  Carefully.

 

–Glenn

June 25, 2008 at 6:43 pm Leave a comment