Anatomy of a Scam

I like to look at my spam folder in Gmail every once in a while. You never know what type of gems pop up in there. Today I found a scam email that rose the bar for letters from Nigeria. This time around, the story was that the FBI found that I was communicating with scamsters. The FBI negotiated on my behalf with some foreign country and has a settlement to pay me in the form of an ATM card. I just need to send in $250.00 total...

Here are the pieces of the email that I thought were getting better. They reference some specific units in the FBI. They also put the J. Edgar Hoover postal address in the email. And get this. They even make reference to the fact that there are some scammers out there that I may have lost money to! Precious.

Where do they continue to foul up? Well the email came from somewhere in France. Umm the FBI sends email from fbi.gov, right? They also want me to send my $250 to someone using their Gmail address. Once again, wrong domain. Gmail put all kinds of warnings around this email stating that it is most likely a ploy to steal my money.

Nice try guys. You are indeed stepping up your scamming skills. But you have not hit the home run yet. When will they ever learn?

Demoscene Drama

Someone released a 128 byte demo namd Wolf128 the other day. They tagged it as being done by Red Sector Inc. The demo is very cool. I have no idea how it could be implemented in 128 bytes alone. The real story is that people took offense at the work being credited to Red Sector Inc (RSI).

To tell you the truth, I did not know who the heck RSI is/was. That's because they are very old. They were started in the 1980s writing demos for the Commodore 64. In the 1990s they moved to writing demos for the Amige.

Sometime later the crew joined forces with with a group called TRS. Collectively they were then known as Tristar Red Sector Inc, or TRSI. Yeah. I know. Who cares right? Well apparently TRSI alumni do. Nevertheless, the demo is cool. Check out the Wolf128 page.

Codebabes

The Internet is abuzz with the launch of the Codebabes web site. This site tries to teach you topics such as HTML, CSS, and PHP. To encouage you to pay attention, the presenters are women in various stages of undress.

At first I thought this might be a joke. Then I thought it was a scam to get my credit card number. It does not seem to be either. As long as you answer the quiz questions correctly, you can proceed to the next lesson (and see some clothes come off your presenter).

I actually went all the way though the PHP tutorial. Not much was learned. I already know my PHP. Some of the quiz question answers were wrong. Oh well. The presenter seemed to be a bikini and lingeria model. At least she seemed to know how to present the material.

Boosting Your Chess Skills


Recently I have read a few articles on how to quickly boost your chess ability. Hey I am always down for a shortcut. Well you can't get something for nothing. There is some work involved. However you can maximize your bang for your buck in studying.

One thing you got to do is manually analyze your games. Don't just let the computer do it. Record your moves and go back over them after your games. You also got to study up some exercises. There are a lot of books to help you do that. Practicing the basics can give you quite a boost.

Here is some advice that I found strange. Avoid studying openings. That is not a high return on investment type of study. Go figure. All I know is that I need to step up my game so I can put my chess computer program in its place.

Beware of Emily


Some bad boys came up with a plan to infiltrate a government security agency. They set up a fake social media profile of a hottie. They used some random good looking girl's photo. They also made it seem like she graduated from MIT. Her resume boasted 10 years experience in the industry. Poor government officials had no chance.

Emily started making virtual connections. Got some FaceBook likes and friends. Also got some LinkedIn love. It was not long before she was getting offers to help her cut through the red tape to get jobs at government agencies and commercial companies alike.

Did I mention that some emails sent from emily had viruses in the payload? Yep. Government computers compromised. What is a security professional to do? Guys cannot help themselves when they see poor Emily needing an assist. Social engineering at its best.

Wide Open for Attack


I switched over to a new router recently. Set up WPA-2 encryption on the wireless access. Don't want the neighbors stealing my Internet bandwidth. Then I had to move all my printer over to use the new router. I got a ton of printer. But I use three of them wirelessly all the time. Two of them are cheap Brother printers. The other is a color HP.

Turns out the easiest way to configure the printer network configuration is to connect to the printer over the network. Each of these guys seems to have a built in mini-web server. You just figure out the printer's IP address. Then you put that address in the browser URL bar. Presto. You are greeted with a tons of menus to control the printer.

Now changing the printer network configuration requires you to enter a username and password. The problem is that I never changed those passwords from the factory defaults. Doh. This is just like leaving the default passwords on my wireless routers.

Now I figure there can't be too much damage done if someone comes in and mucks around with my printer configuration. I could always press the button that returns them to their factory configuration, then lock them down. But why wait? Lock them up tight I say.

Operation Honey Pot


I have used the default SSID on my wireless router at home. Did not enable any encryption on the thing. The whole neighborhood could use it to access the Internet. The rest of the people in my home got irked that they had to share bandwidth with random strangers. I caved in and decided I would put a password on our connection.

However I decided to achieve the bandwidth goal using another means. I bought a separate router that had a secure connection. But I left my old router on. I bet there are lots of people using the old connection to get to the Web. Why not turn that router into a honey pot?

I still needed to keep the Internet connection open. First I figure I could just log who is using this open router. Then maybe I could start to spy on their traffic. Finally I could see whether I could reach back into their devices (computers) to poek around. This is going to be fun.

Perhaps I should google around to find some tools to help me with my exploits. Or I could just roll my own tools. That would be truly educational. Fair warning people. If you are leeching off a router with SSID linksys, you might be owned soon.