Tuesday, January 31, 2017

Hello Dearest One

   I just got some incredible news!  I really love working in Information Security, but with this windfall it's certainly time to retire.

   And I wanted to share this news with all of you!

   Here's the email I received that covers it all... this is so exciting!




Hello Dearest One,

I am Mrs. Jessica W the Administrative manager at a vault of financial & security Institute in Madrid, I am contacting you as regards an abandoned sum of $31.7 Million Us dollars (Thirty One million, Seven Hundred Thousand United State Dollars) in our safe deposit vault, that belongs to one of our foreign customers that share the same surname with you, who died along with his entire family on the 11th march 2009 in a ghastly motor accident in Porto Portugal.

The banking policy can only allow the release of such funds to a benefactor through an application as next of kin to the deceased. After his death, the bank has been expecting a possible beneficiary, but nobody came for the claim, this institute has exploited all its ethical possibilities in other to contact possible relation or inheritor, but no success, I have made my own research with the help of private investigator, it is my knowledge that this man has been living in Barcelona for the past 19 years and has never returned back home. I also leant that his wife and 7 year old daughter died with him during this accident, however because of the international financial crises, a lot of reform has been made within the Spanish financial system; this includes the new law on succession/claims which indicates a duration in which such inheritance could be tolerated,

Upon your acceptance to partner with me, I urge you to please kindly get back to me with your direct contact details for further details via my email address: EMAIL: jessica_jessicaxx@yyy.com  or Alternative Email: jessica_vivian@yyy.com on how you and me can make a claim to the funds in question. I GUARANTEE you that this process would be executed under a legitimate and risk free arrangement. Thanks as I wait to hear from you as soon as you receive this proposal e-letter.

Best Regard,
Mrs. Jessica W
EMAIL: jessica_jessicaxx@yyy.com
Alternative Email: jessica_vivian@yyy.com


   I did alter the email addresses!

   I'm not sure what I did to get so lucky to receive this gift, but it sounds like the greatest thing ever!  And the thing is, I'm lucky that I even saw this message because it was in my spam folder.

   ðŸ˜ƒðŸ˜„😉


Tuesday, January 17, 2017

(Browser) Caching Fire

   Someone recently asked me a question about the safety of allowing your web browser to save, and then auto-fill, passwords.  That's a very timely question because that issue has been in the news lately.

   Web browsers have all kinds of built-in capabilities.  One "feature" that is only a few years old is the ability to save information you might put into forms such as: your name and address, phone number and other contact info, credit card information.  Browsers can also save your userids and passwords for sites, then automatically fill in that info when you visit the site.

   I've always said that security-minded people should not allow web browsers to save this kind of personal and security info.  This is primarily because all browsers have a track record of having many vulnerabilities.  I've always "said" this but, as it turns out, I've never written about it!  It's about time! [Note... or so I thought! While looking for some other info, I found that I did talk about this issue back in 2013!]

   There are two primary reasons why allowing the browser to save sensitive information is a bad idea:
  1. Copycat and phishing websites can grab information directly your browser has stored without your knowledge.  This is the problem that was recently announced.
  2. As I just mentioned, browsers have many vulnerabilities and exploits. At this year's Pwn2Own contest (a 2-day event at which teams compete to exploit software vulnerabilities for cash prizes), all of the major browser fell victim!
   The latest issue that was discovered occurs when you are lured to a specially crafted website.  That happens more often than you might think

Tuesday, January 3, 2017

New Year, Don't Click!

   Well, it's a new year and, as we've discussed in the past, the more things change the more they stay the same.

   My advice for 2017... Don't Click!

   Of course, that's easier said than done.  We've discussed phishing and malicious email here, here and here.

   But on a more practical note, and because I like things that come in 3's, here's some info from the way-back machine... it's advice from Brian Krebs from 2011.  It is his 3 basic rules for online safety.  They are every bit as relevant now as when this was first published.  And it was relevant for years before that.

   The 3 rules are:
  1. If you didn’t go looking for it, don’t install it - this means when you get a pop-up asking you to install some software... don't click!  Only install software that you look for and intend to use.  And, wherever possible, install from reputable websites.  Do your research.
  2. If you installed it, update it - After you install the software you want, you need to keep it up to date.  This is not trivial, but I like using Secunia PSI (Personal Software Inspector) on my home systems for keeping software up to date.
  3. If you no longer need it, remove it - software will have vulnerabilities.  The less software you have, the fewer opportunities there are for vulnerabilities and malware.  This is especially true on your smartphone and tablet, where excess software really slows the performance of the device.
   Here's to a safe and secure 2017!