Saturday, July 15, 2006

Flickr

This is a test post from flickr, a fancy photo sharing thing.

posted by Alex @ 3:51 PM   0 comments links to this post

Monday, July 10, 2006

Teenagers used to push Zango on Myspace?

Can you imagine seeing a popup on myspace looking like it was endorsed by myspace but actually adware. Teenagers are being tricked into distributing this adware. It looks like a video software that can be put into your profile so people can view videos. When you put the code into your profile, viewers of your profile will see a popup to download the "video software" which is really adware. The popup looks like this:

read more | digg story

posted by Alex @ 2:51 PM   0 comments links to this post

Saturday, July 08, 2006

Nigerian Fraud Emails Clogging Your Inbox?

Does your email inbox look like this? Mine does. My Gmail account has caught over 700 spam messages in the last 30 days, some in foreign languages in an account that I haven't used for a year. But what really catches my eye are the numerous Nigerian fraud emails. Here's an example of a Nigerian fraud email that I received (I pointed out in red the most interesting information):

------------------------------------------------
THE COMMERCIAL BANK OF SENEGAL (CBS)
Business Assistance/Investment Proposal
Dear Ceo/Manager,

In order to transfer out (US$30 Million) Thirty Million United States Dollars from CBS .I have picked-up the trust and courage to write you this letter with divine confidence that you are a reliable and honest person who will be capable for this important business transaction believing also that you will never let me down either now or in the future.

My name is DR; MOHAMED GUE, a senior Auditing Officer with the CBS Bank in Dakar Senegal.There is an account opened in this bank in 1993 and since 1999 nobody has operated on this account again. After going through some old files in the records, I discovered that if I do not remit this money out urgently it would be forfeited for nothing.The owner of this account (Mr. Victor .B.Dada ) died since Oct 31st 1999. No other person knows about this account or any thing concerning it, the account has no other beneficiary and my investigation proved to me as well that this company does not know anything about this account and the amount involved is (US$30 million)Thirty million united states dollars.

I want to transfer this sum of Thirty million United States Dollars into a safe foreign account abroad.I am contacting you based on the fact that you are a foreigner because this money can only be approved for payment to a foreigner, more so it can not be approved by any local bank here, as this money is in US Dollars hence the former owner of this account is a foreigner too.

I know that this proposal will come to you as a surprise as we don't know ourselves before, however I got your contact from an internet consultant here in Senegal, though I did not disclose the purpose of my seeking for a foreign business partner to him.

I have involved a very senior official in the operational department and we have agreed that after the transfer of the money into your account, you shall be entitled to 20% of the total sum, we the officials will take 75% while 5% is for expenses. All necessary precautions have been taken to ensure a risk free situation on the side of both parties.Please note that this deal can only take place on the following conditions:-

[1]. You will provide your full Legal Address and your phone/ Fax number to enable us start this deal.

[2]. Absolute confidentiality and sincerity will be required and guaranteed, considering our (me and my partners) positions in the bank.

[3]. Assurance that our own due share will be released to us in good faith when this money finally gets to you.

All things being equal, this transaction will be within 10 working days as soon as we hear from you, Please treat with utmost confidentiality. Contact me as quickly as possible through my Private e-mail box : @gmail.com


Yours faithfully,
(DR; MOHAMED GUE).

-------------------------------------------

Here is my commentary:

1. "THE COMMERCIAL BANK OF SENEGAL (CBS)"
    • I googled the bank and about 90% of the results were related to the Nigerian Fraud
    • Also, the Commercial Bank of Senegal has a press release warning against these Nigerian fraud emails.
2. "US$30 Million" & "No other person knows about this account or any thing concerning it, the account has no other beneficiary and my investigation proved to me as well that this company does not know anything about this account"
    • A) Who leaves $30 million dollars lying around in cash
    • B) and why is it in Senegal?
    • C) Why does the bank have no clue that they are in possession of $30 million US dollars of which hasn't been touched in 7 years?
    • D) According to a post on http://news.biafranigeriaworld.com/ dated Friday, February 25, 2005, the owner of this money, Mr. Victor Dada was the PDP chairman in Yagba West LGA of Kogi State, Nigeria. We don't know exactly when this article was researched but if it was researched close to the posting date, Mr. Victor Dada would have been alive in 2005, because he had given a quote. Thus, he had not died Oct 31st 1999 as the article suggests.
3. "I got your contact from an internet consultant here in Senegal"
    • "Internet Consultant" hmmmm...you mean an email "harvester" AKA, someone who goes around the internet looking for addresses to spam.
4."if I do not remit this money out urgently it would be forfeited for nothing" & "believing also that you will never let me down either now or in the future"
    • OK, so I've never met you and you think I will never let you down including right now.
    • Is it my problem that you don't know what to do with $ 30 million dollars and you look for people to help you launder it by means of spam?
5. "[1]. You will provide your full Legal Address and your phone/ Fax number to enable us start this deal."
    • Why is this necessary again?
6. [2]. "Absolute confidentiality and sincerity will be required and guaranteed, considering our (me and my partners) positions in the bank."
    • Why?, so I don't report you illegal activities to the authorities and get you fired from your job and jailed?

[3]. "Assurance that our own due share will be released to us in good faith when this money finally gets to you."
    • There's a few problems with this.
      • A) You must be kidding - you are going to send me $30 million dollars of which I will have to pay taxes on.
      • B) Your scam is based on me sending the initial 5% to you, and then you not sending the money to me.
      • C) Now that you have all my info and know exactly who I am, who are you?
      • D) Believe me, this isn't as easy as one, two, paypal $30 million dollars

I did a little searching around the internet, and it turns out that people also receive similar letters through the USPS mail. They have an interesting article on their website. Apparently the Postal Department of NY, destroys all Nigerian fraud letters they find. One of their statistics is that out of every 10 bags of mail that comes from Nigeria, 8 bags are scams. They warn against responding to these letters. The USPS recommends that you either throw this mail away or mail it to:

Inspection Service Operations Support Group

Two Gateway Center, 9th Floor

Newark, NJ 07175-0001


Want to see who else received your letter? Go to http://potifos.com/fraud/.
Please feel free to post the Nigerian Scam letter that you've received in your comment to this post.

posted by Alex @ 3:26 PM   0 comments links to this post

Google's Binary Search Helps Identify Malware

Thousands of malicious Web sites pinpointed thanks to a little-known capability in Google's search engine. Google's search engine has helped security vendor Websense uncover thousands of malicious Web sites, as well as several legitimate sites that have been hacked, the company said today.

read more | digg story

posted by Alex @ 3:00 PM   1 comments links to this post

Thursday, July 06, 2006

U.S. gov't mandates laptop security

The Bush Administration is giving federal civilian agencies just 45 days to comply with new recommendations for laptop encryption and two-factor authentication.

read more | digg story

posted by Alex @ 9:47 PM   0 comments links to this post

Spam is a Growing Problem

Spam is an annoying misuse of an essential service -- email.

According to dictionary.com:

(spm) Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups; junk e-mail.

An article on the Federal Trade Commission's website reads,
"computer security experts estimate that as much as 30 percent of all spam is relayed by compromised computers located in home offices and living rooms, but controlled from afar."

But, how do spammers get our email addresses in the first place?
A spammer purchases an email list from someone who "harvested" or collected email addresses off of the internet.

Another factor in this growing problem, is spam at the workplace. A company with 10 employees who each make $50,000 a year and receive 10 emails a day, including one spam message, will lose around $230 a year due to bad productivity because of the spam.

Not surprisingly, the US is the 1st on Spamhaus' list of the 10 worst spam origin countries. The US is followed by China, Japan, Russia, Canada, Taiwan, South Korea, the United Kingdom, the Netherlands, and Hong Kong. Also on Spamhaus, you can find a list of the 10 worst spammers.

To reduce the amount of spam in your inbox:
  • Don't expose your email address online
  • Check privacy policies to see if the company you are giving your address to will try to sell it
  • Read the whole form before you submit it to uncheck check boxes that would subscribe you to special offer newsletters
  • Use a unique address (spammers often try to spam email addresses that occur in the dictionary)
  • Use 2 email addresses -- one for personal messages and one for newsletters and websites
  • Use an email filter to block spam
  • Report spam to your ISP or the spammer's ISP
  • Report spam to the Federal Trade Commission (spam@uce.gov)


In recent years, laws have been put in place to slow down spam. The CAN-SPAM Act directly affects what commercial emailers can and can't do. According to the Federal Trade Commission:

  • It bans false or misleading header information. Your email's "From," "To," and routing information – including the originating domain name and email address – must be accurate and identify the person who initiated the email.
  • It prohibits deceptive subject lines. The subject line cannot mislead the recipient about the contents or subject matter of the message.
  • It requires that your email give recipients an opt-out method. You must provide a return email address or another Internet-based response mechanism that allows a recipient to ask you not to send future email messages to that email address, and you must honor the requests. You may create a "menu" of choices to allow a recipient to opt out of certain types of messages, but you must include the option to end any commercial messages from the sender.
  • It requires that commercial email be identified as an advertisement and include the sender's valid physical postal address. Your message must contain clear and conspicuous notice that the message is an advertisement or solicitation and that the recipient can opt out of receiving more commercial email from you. It also must include your valid physical postal address.
Each violation of the above provisions is subject to fines of up to $11,000. Deceptive commercial email also is subject to laws banning false or misleading advertising.

Additional fines are provided for commercial emailers who not only violate the rules described above, but also:
  • "harvest" email addresses from Web sites or Web services that have published a notice prohibiting the transfer of email addresses for the purpose of sending email
  • generate email addresses using a "dictionary attack" – combining names, letters, or numbers into multiple permutations
  • use scripts or other automated ways to register for multiple email or user accounts to send commercial email
  • relay emails through a computer or network without permission – for example, by taking advantage of open relays or open proxies without authorization.

The law allows the DOJ to seek criminal penalties, including imprisonment, for commercial emailers who do or conspire to:

  • use another computer without authorization and send commercial email from or through it

  • use a computer to relay or retransmit multiple commercial email messages to deceive or mislead recipients or an Internet access service about the origin of the message

  • falsify header information in multiple email messages and initiate the transmission of such messages

  • register for multiple email accounts or domain names using information that falsifies the identity of the actual registrant

  • falsely represent themselves as owners of multiple Internet Protocol addresses that are used to send commercial email messages.
To find the latest spam outbreaks, check out this site.

posted by Alex @ 8:03 PM   1 comments links to this post

Residential windmill saves money, the environment

A new residential windmill from Southwest Windpower promises to not only help keep you green by reducing your dependency on coal-fired power plants, but to actually provide up to 90% of the juice that a typical household consumes in a year. At around $8,500, the Skystream supposedly pays for itself in 4-12 years.

read more | digg story

posted by Alex @ 4:16 PM   0 comments links to this post