Archive for the ‘malware’ Category

How to have a high traffic, massive member Forum (A forum with lots of people)

14 Jun

Often you will see Forums for sale with tens of thousands of members plus a high through-put rating(something that says the forum have active postings).

How to some of these forums accomplish such high readership?

Simple: By not running anti-spammer software or plugins.
Currently this forum is under attack from such people, as can be seen below from my anti-spammer plugin.

Now interestingly to get this far, they have to enter a valid name & email address, plus they need to defeat a CAPTCHA and finally need to reply back to the email that is sent to them.
So either they have some fairly sophisticated software/scripting to perform this process or they are doing it manually in which case it is costing them money.
After all that hard-work, they ultimately end-up being caught in a massive honeypot sting.

So the moral of the story is, do not believe everything you read or see on the web and if something seems too good to be true, then usually it is.


Roll up… The great Facebook privacy abuse scandal

08 Jun

Just in today:
Facebook now scans the photos you upload to the FB service using facial recognition software, and just to ensure that profits are maintained the FB scanning system is enabled by default.
Read the rest of this entry »


Do NOT Buy Apple’s Lion OS X

07 Jun

So you may think this is a new pro windows rant.
It is not.

Jobs/Apple recently announced that:
“Lion will only be available to download online through the app store”
Read the rest of this entry »


Meta-Data Hacking and location tracking with email.

27 May

So I was thinking about Email today, and how to track down those damned spammers.

They consider they are protected, because they sit behind an ‘hidden’ email account, usually one at Google or MSN.

At first it seems like it would not be possible to find out the TCP/IP address of someone you send an email to, especially as the email is a package that is delivered to a mail account and the mail account is read at random.

But consider If we set up a web server, that served uniquely encoded images.

We then send the ‘spammer’ a reply that contains HTML marked up text, and in the HTML we embed an image request, something like:

Now when their email client renders the email on THEIR computer, their computer will make a TCP/IP connection to our image server, once that is done their TCP/IP address will be logged and we can then start to build up a Geo-location map of where they are.
Potentially if we construct our server correctly, as soon as the image is requested we can then launch an exploit against the requesting computer.
This would seem to make rather an interesting ‘plug-in’ for metasploit.


How to avoid or remove Mac Defender malware

25 May

Has finally woken up to the problems being caused by this malware, as a result Apple has released a technical support document, the document goes some way to explaining that you should not enter your credit card information!!, but it does also detail how a user may remove the malware, you can find the document here: removing Mac Defender

Look, Everybody with a mac
Do yourself a favour go over to the sophus website, and download their free antivirus program: Free OS X Antivirus.
Whilst it may not be the best AV on the market, it is going to be better than a poke in the eye with a sharp stick


New forensic opportunities for cars

24 May

There was a recent announcement in the states that the government may be on the verge of requiring all cars to have black boxes fitted.
Read the rest of this entry »


Facebook Wembley Stadium Identification scam

22 May

There are rumours that Facebook is working on technology to identify individuals from their photographs.
Recently a photograph was taken at Wembley stadium, this photograph was so detailed and taken at such a high resolution that potentially it allows each and every person in the 80,000 crowd to be identified.

Identification scam
Please identify yourself

Apart from this already being a massive invasion of privacy, and in some cases against existing laws related to photographs of children(be clear that pedophiles will also have access to the picture), it has been kindly requested that if you can identify yourself, you should add a Facebook tag with your details or indeed the details of any other individuals you can identify.

Do you REALLY want Facebook to have a photograph of 80,000 people including yourself each with a clearly identifiable ‘tag’, just be clear that once you have done this you will be identifiable to Facebook, its agents, rival fans, criminals and any law enforcement agencies.
You are also going to be identifiable to the end of time, also you may well be giving up your right ‘NOT’ to be identified in any other images available on the internet.

Reject this invasion of privacy, unite and enter as many false details as you can to ensure the database is contaminated, so that it will be of little use to people trying to identify individuals, or as stated here:
You can “Tag yourself in the crowd and be part of history.” (In ways you could not hope to comprehend)