LUX.ET.UMBRA

I have to say that it’s very amusing when you get emails like this. I had to do a little bit of digging to get the dirt on it, but fortunately when you’re not the first of these types of scams, the Internet can be a great resource. Basically, the idea is no different than the domain snail mail letters that people send in the mail that look like a bill in the US. This takes a different approach, since it makes you scared that your brand is in jeopardy and you didn’t buy up some of the other domains.

The below was a verbatim email that I got from the scammers. I had started a dialogue in my usual manners, but was fascinated when they basically said that they were doing due diligence, but then they could not deny the application by the other corporation even though they were doing due diligence.

Hmm, makes you wonder. What’s the point of doing due diligence then?

If you ask about it, then they’ll send you a cost sheet, and it’s like $60-$120 per brand and domain. Amusingly, these same domains cost somewhere around $10 to $30USD depending on what they were, and a lot of them, you have to show registration of a legitimate business within that domain. For example, in Hong Kong and Taiwan, you have to have a registered business within those regions to actually even apply for the .com.tw and .com.hk. I don’t know about China, but in all honesty, it’s not something that I would care to register as a business owner. In the end, the .com is king and anyone in the web world knows that.

This happened to come from a site called “drc-asia.org” which claims to be a domain registrar in China. Interestingly enough if you look up the domain itself, it’s owned by “shanghaifengwangwangluokejiyouxiangongsi”. Which is fine in itself, except for the fact that they have a .live.cn (Hotmail China) email registration. Crazy thing here, but legitimate businesses never have domains registered under any personal email places. No hotmail, gmail, or anything else. Much less when a domain registrar doesn’t know how to set up a CNAMEs so that drc-asia.org doesn’t point anywhere, but www.drc-asia.org actually does go to a host? Come on.

In any case, if you find yourself worried that you might be on the verge of getting taken in, fear not. Usually it’s a permutation of the email below.


(If you are not the person who is in charge of this, please forward to the right person/ department, as this is urgent, thank you!)

Best regards,
Robert Yang


Tags: Internet, Observation, Security by darkmoon
View Comments

Interestingly enough, there’s this new fun little thing that the TSA is pushing which really shows that they’re actually with the times.   While most people still use the paper boarding passes, you can now have it sent to your phone.   What it does, is that it actually sends you an image of a QR code I believe, of which is then scanned at the TSA checkpoint.   They use one of the red bar code scanners so it doesn’t really get effected as much by the reflective screens on smart phones.

What’s neat about this technology isn’t just because it’s “green” since there’s no paper, but the fact that the government is finally getting on board the technology train WHILE it’s going.   Not like ten years behind.  Usually you don’t see things like that except in military and advanced research labs.   I find that absolutely fascinating.

While I had the opportunity to use it more recently, I was hesitant mainly because I didn’t want to hassle with it if there were airports that had screeners that were not trained to actually deal with the passes.  Even if the airlines are pushing it, it doesn’t necessarily mean there are untrained staff out there.  So I decided to observe and see for myself.

It happened that there was one lady in front of me at Newark that used this system.  It was actually very quick and easy and definitely put my mind at ease that perhaps this is the next thing I’ll adopt while I travel.  Nothing like getting rid of the abundance of boarding passes that one has to carry these days along with all of the advertisements and the weather and what not.  In all honesty, while it seemed like a pretty good idea, I usually am annoyed that they print all my boarding passes on separate pages with a bunch of junk on them.   Just print them all on one page!

I’m actually pretty happy that so far my observation of the paperless boarding pass has been a great experience.

Tags: Cellular, Government, Observation, Security, Travel by darkmoon
View Comments

Image by sociomantic via Flickr

I don’t know who came up with using quotes. But having analyzed much of the traffic that goes across social networks, I have to say that if you use quotes, you’re asking for trouble.

Why?

Have you ever looked the twitter bot accounts and what they post? Usually, a substantial number of them use quotes. Those that filter onto Facebook also use quotes. In fact, there really isn’t any time that those bots don’t throw in the quotes section since they want some filler that could be applicable to human interaction. And thus, those of us that actually do watch and read the traffic become extremely desensitized to quotations.

This is a lose-lose situation. First, the people that read don’t feel like there’s substance there so they skip reading your information, even if you might have some fabulous stuff later on. What can I say, the attention span of Internet users is fairly short. But also, the user of the medium that has integrated quotations also gets thrown into the bucket with the spam bots. Now, I don’t know about you, but I wouldn’t want to be in the same bucket as spam bots.

If you do use quotes, I implore you to stop. It’s not helping and the filler really isn’t useful. If you intend to keep at it though, no worries. The rest of the world is probably ignoring you.

Tags: Blogging, Facebook, Internet, Observation, Opinion, Twitter, spam by darkmoon
View Comments

Image via Wikipedia

If you didn’t know already, the encryption for GSM’s antiquated algorithm has been cracked. All 64-bits of it. And guess what…. apparently most carriers haven’t upgraded to the 128-bit algorithm because… well, I’m not exactly sure. I suppose security by obscurity is probably the key reasoning behind this, but A5/1 which has been around since 1988 was replaced by the GSM Association in 2007 with A5/3 but most carriers haven’t bothered to upgrade.

It’s not anything spectacular since the 64bit keys were cracked through brute force, and with the computing power these days along with parallel computing, you can pretty much crack the smaller length algorithms through brute force easily. And this doesn’t allow you to listen in on the calls just yet, it just opens the doors to any of the communication that runs on those bands if the carriers haven’t changed the codes on you not to mention the legality of breaking those codes outside of academic research.

There are a couple ways around this problem. One is to upgrade to a larger key such as 128 bit (which is pretty standard considering many banks run SSL certs on 128 bit encryptions). Not the super-safe, but it does create a lot more combinations to guess through brute force. The other way is through the methodology similar to RADIUS with WPA for Wifi. Wifi keys are easily broken, but if you have a service that continuously rotates those keys and makes it a dynamic password, then any hacker is left with a time limit to break in. From a security standpoint, this becomes a more daunting task.

And as far as iPhones are concerned… oh… if you own one and didn’t know already…(as do most of the world’s mobile devices), they run on GSM carriers. But then again, so will Google’s Nexus One.

Tags: Cellular, Hacking, Observation, Opinion, Security, Wireless by darkmoon
View Comments

Over the weekend, it seems that there was a compromise with Hotmail accounts. Five figures worth of accounts apparently. Now, the first thought would be that someone actually took action against Microsoft and busted through. But in this case, it was apparently ill-gotten from phishing scams. The password list was posted on Pastebin which is a place where developers share snippets of code to get more eyes on it. They have taken down the offending accounts and taken the necessary precautions.

Either way, Microsoft has identified this issue and has apparently locked down the compromised accounts. If you were compromised and are locked out, there is an email form that Microsoft Live has set up for you to reclaim your account. I took a look at it, and it asks for some serious private information.

All of this should teach you (the end user) something. Lesson here is that you don’t click on anything ever in emails or otherwise, when you can go directly to the site itself and look for it. One of the reasons I have always hated HTML emails since it stupefies the entire security aspect and makes it a more difficult problem since you go against human nature. Thus? You’ll never see me prefer text over HTML any day of the week. You can dump links there, but I can read them.

Tags: Email, Microsoft, Security, phishing by darkmoon
View Comments

Ever wonder how to get rid of the spammers on Twitter? TwitBlock is a great way to find the ones that have followed you and whether or not they could be the same spammers.

Using a special algorithm, it calculates out whether or not a person is potentially a spammer and gives them a score. Based on whether or not TwitBlock users have marked the user as a spammer, the effect of the scoring goes up or down. It’s actually a pretty interesting method since most of the ways of detection are common sense things.

I would probably say that most people that have more than a thousand followers probably have quite a few bots and such on there, but at least there’s a way to somewhat detect these now instead of going through your followers one by one.

If you’re curious about it, definitely run this every so often on your account. It uses OAUTH so you actually never give it your password and such which is a great thing from a security standpoint of a third party application. Give it a whirl.

Tags: Tips and Tricks, Twitter, spam by darkmoon
View Comments

If you’ve been wondering why Twitter won’t work this morning, just go and check their status section. I found it interesting that the entire site wouldn’t work at all and found it suspiciously like a DOS attack. That was confirmed here.

So in case you were hoping to get your tweeting in today, you might encounter some issues over there.

Tags: Internet, Security, Twitter by darkmoon
View Comments

Sometimes, I find spam absolutely hilarious.

I mean, check this one out that came through our small business accounting software site. What really got me was the fact that it was sent from a gmail address and the reply to: field was the same gmail address. What’s even more interesting is that the actual address has always been a gmail if you do a search for this fellow, and the addresses just change. Seems rather “phishy” to me. Here’s the actual content of the spam email:

We would like to get your website on first page of Google.
All of our processes use the most ethical “white hat” Search Engine Optimization techniques that will not get your website banned or penalized.
Please reply and I would be happy to send you a proposal.

By now, if you haven’t junked it or laughed at it and then junked it, you would need to realize a couple things. First is that while white hat SEO is a great term, it doesn’t really fly in the face of those that have no inkling of what it is. The second is that spamming someone’s forms really isn’t considered “ethical” by any means so it doesn’t give credence to your SEO tactics. Last of all? Really. If you expect people to take you seriously for SEO, then you need to get a real website, with a real company name and be able to show up on the first page of Google for “best SEO company“. Let’s face it. If you’re truly good at what you do, you’d be there wouldn’t you?

Tags: spam by darkmoon
View Comments

If you’re one of the many that are searching for positions on the Internet and probably sending your resume along on those job sites, be wary. One of the latest scams that has been broadcast in the past six months through security firms has been an increase in identity theft through job postings.

Think about it. You’re desperate to become employed again, you hand over your social security number, name, address, and all sorts of other identification materials to a “potential” employer just to realize that they don’t exist. My suggestion? Do your homework.

While you might not stop every sort of theft, providing due diligence will greatly decrease the risk of being taken for a ride. See if that person actually represents the company that they claim they are. Are they overseas and using a local number to contact you? Do they represent a placement agency? Perhaps you’ve never even heard of this business that they claim is several miles from your house and it’s not in the phone book. There are always signs to these sorts of scams.

If you don’t, you take a great risk. If you do, you minimize that risk. And best of luck on your search.

Tags: Identity Theft, Internet, Security, Society by darkmoon
View Comments

I never did understand why direct mail never came under as much scrutiny as spam. Everyone has an issue with spammers, but most actually just suck it in and deal with direct mailers.

Now let’s be honest, if you look at both sides, they operate under the same concept but just in different mediums. Direct mail uses the postal service, while spammers use the Internet. You have no say in either thing on whether or not you get it, and both are trying to sell you something. And just like having an inbox, if you have a mailing address, you will get some regardless of how hard you try to keep it completely hidden.

So my question is… why isn’t direct mailing under similar rules as the CAN-SPAM Act? Why is it that we have to suck it up and deal with this type of marketing tactic and not the other? It seems like they would fall under similar regulation rules since the difference really only being that one being electronic and the other is physical. In fact, now that I think about it, I’ve even taught the concept of emailing with the analogies of home addresses.

I suppose it’ll never be changed, but one can always wonder since both are annoyances in most people’s lives.

Tags: Opinion, spam by darkmoon
View Comments