Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

That which is old is new again–Ecard spam

May 31st 2012

  You don’t really have a secret admirer, honest…  don’t try this at home unless you have a sandboxed VM that you can trash at will.    

Read On Comments Off

A sophisticated, and detailed (but fake) Amazon Kindle purchase spam

May 25th 2012

Check it out at the bottom of this post. Interestingly, several different URLs are used in the spam email, scattered around several countries – somebody’s put a nice bit of effort into this one…  

Read On Comments Off

Ok, this is funny: Avast blocking Avast?

May 25th 2012

  All credit to http://thedailywtf.com/Articles/Element-of-Violence.aspx

Read On Comments Off

Problems at metacafe.com?

May 18th 2012

Cite: http://www.google.com/safebrowsing/diagnostic?site=metacafe.com   “Of the 15199 pages we tested on the site over the past 90 days, 5944 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-05-18, and the last time suspicious content was found on this site was on 2012-05-17.”   […]

Read On Comments Off

adultfriendfinder.com spam

May 18th 2012

Subject: “FWD: ALERT: You have an E-Card from your Secret Admirer.   Clicking on the URL leads you here – just so we’re all clear, nobody actually has a crush on you (sorry):   Click on “My Profile and Pics” and you end up at adultfriendfinders.com:   The Privacy Policy hyperlink and Terms of Use […]

Read On Comments Off

Alert: OX X Lion update exposes encryption passwords

May 6th 2012

This, I would have to say, is a pretty basic, and bad, screwup. “a quality assurance mistake can cause OS X users’ FileVault encryption passwords to be exposed” Cite: http://nakedsecurity.sophos.com/2012/05/06/apple-update-to-os-x-lion-exposes-encryption-passwords/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security “It appears that a debug option was accidentally left enabled in FileVault, resulting in the user’s password being saved in plain text in a log […]

Read On Comments Off

Domains implicated in malvertizing incidents

May 5th 2012

checkingserve.com ICANN Registrar: Register.com Inc Created 24 April 2012 IP: 216.21.239.197 Registrant: Tom Baker (medows_time@yahoo.com) ***** trackingserviced.com ICANN Registrar: Register.com Inc Created 26 April 2012 IP: 216.21.239.197 Registrant: Tom Baker (medows_time@yahoo.com) ***** directionmedian.com ICANN Registrar: Register.com Inc Created 20 April 2012 IP: 216.21.239.197 Registrant: Hidden behind Domain Discreet Privacy Service ***** adalphatrack.com ICANN Registrar: Todaynic.com, […]

Read On Comments Off

Users of OpenX versions 2.8.0 – 2.8.8–please read!!

May 5th 2012

http://blog.openx.org/05/security-update-for-openx-28-users/   “A recent security issue with OpenX versions 2.8.0 – 2.8.8 means users of these versions of the platform should take the following steps: 1. Secure their servers by removing the files being exploited: www/admin/account-settings-debug.php www/admin/plugin-index.php www/admin/plugin-settings.php www/admin/admin-user.php 2. Removing these scripts will impact some of the user/plugin management systems, but will not affect […]

Read On Comments Off

Fake USPS postage labels invoice

May 5th 2012

Again, it’s not real – and again, hovering over a hyperlink in the email is a dead giveaway…  

Read On Comments Off

Fake Facebook emails

May 3rd 2012

The pictured emails are not real Facebook emails – look at the URLs that are exposed when you hover your mouse cursor over the “sign in” and “reactivate” links.  

Read On 1 Comment