Archive for the ‘Security’ Category

Very interesting highlights from the Project Honey Pot
– A billionth spam message received on December 10th
– “Fraud” spammers – those committing phishing or so-called “419” advanced fee scams – tend to send to and discard harvested addresses almost immediately.
– Whereas, “product” spammers tend to hold on to email addresses longer and send on average several messages a week to each address on their list.
– “There is a 21% decrease in spam on Christmas Day and a 32% decrease on New Year’s Day. Monday is the biggest day of the week for spam, while Saturday receives only about 60% of the volume of Monday’s messages.” Bad guys take vacations too!
– IRS is the second most hit entity which is used for frauding comsumers by spammers
– Though a lot of spams originate from foreign countries; there are more “bot” machines located in the US
– Most common blog-attacking spammers come from the USA
– On the lists of Best IT Security vs. Worst IT Security:
Best IT Security
#1 Finland
#2 Canada
#3 Belgium
#4 Australia
#5 Netherlands
#6 United States – We (our IT systems) are not as secure as that of Canada! :-{
#7 Norway
#8 New Zeland
#9 Sweden
#10 Estonia
Worst IT Security
#1 China
#2 Azerbaijan
#3 South Korea
#4 Colombia
#5 Macedonia
#6 Turkey
#7 Viet Nam
#8 Kazakhstan
#9 Macau
#10 Brazil
I was expecting to see Nigeria or Indonesia in this list, but they probably are on other reports.

Read Full Post »

There are more crazy hacking people from the other side of the world. It was Russian, Indonesian, Nigerian, … and now Vietnamese.
This morning upon checking my yahoo email, I found two of the same kind of email in Vietnamese from google email support.
My first thought: what the heck? Google support people send this out of vietnamese? So untrue.
So I checked out the full header of the email and Voila. The returning path has: @gaia.bounces.google.com. This is suspicious. Looking up for the IP address – it is from Google in Mountain View. Weird! Is it possible that they use Google’s IP to mask their own? First of all, google support would carry gmail.com, or just @google.com in their returning path. Secondly, they always send out message to your gmail account if you are a gmail user, and of course in english. Well then the spammer is within google itself? There is always a possiblity. The best action to take: Beware and be careful.
If you receive email like the one below, spam them immediately (in Yahoo) and report abuse/spam (in Gmail). They hacked into your google profile for secondary email linked to your gmail account, or vice versa with yahoo.
This type of email hacking can drive you nuts, leave people in confused, not-knowing-what-to-do state.
From accounts-noreply@google.com Sun Nov 8 13:35:28 2009
X-Apparently-To:myemail@yahoo.com via; Sun, 08 Nov 2009 05:35:28 -0800
X-YMailISG: wdVoCz8WLDumX4K3HJfa.tEgd37FK31iGVxuq6zI1_apNlBDcSh4GnHICqvZZBvu4.aCimflhHk7pKyVQb2f6esYW0aN2D3DgXQRXZ8ECdbIQfwAfS2qO5aw7UiMLhESmSS58HcRcZ4Hwh.m2VFYTPToktflJdb_yDkuy5San9_l1Wkxr04520HdGH1gbp3eV3hjB9HDspiO0Oc0aa4Raa0lHNEB4kqsf2HdY6hOx9k.R8v_tNsfc1.oEEsa1l58o9N1oFBd2w88VnscKdTbOBkD0_WFU0Gec2vCbL67bbpI9jpDfgPk3vmvr3FltRBJodkzNEInvKAIHtKRbHYwIE0YX8sQfXAK7EIqNVqBGDJD8_yCCoTGJT_RfZ_VmlRBsIHUDWFhq_Hj3tlo4_etVgGS9FLmqqNj0n1AxV1qpr6WkKkGOdlBnXpB6uW85qVw6BtJek_y0VodbKoGMWroiTNuH9qAIHKVIsmyha4H3GmLbNtFaWaEXojG
X-Originating-IP: []

Try out this cool tool for tracing “Who is” at a certain IP address even your own IP address and your computer’s information.

Read Full Post »

If you have email and have used email, I am sure you have come across at least once in your internet life this kind of email. The email that asks you to forward to 100 people and you’d be blessed or lucky and winning lottery… Did you read, and/or forward? I received this kind of chain email so many times, and who is it from? It is from my sister!
Geez, I wonder if she ever reads these, or just is enthusiastically pre-wired to just click and send/forward. So this time I decided to write back with a dry sense of humor:

Full View
My dry humor – Re: Fwd: [FWD: FW: Feng Shui (read – Please don’t delete)]

From: Lyna Le


1. Chain letter is considered SPAM. While you have nice intention of sharing “wisdom”, you’re sharing everyone’s email addresses. A lot of people do not like their privacies being shared around the world. My 2cents for email etiquette: There is “BCC” for you to use and hide email addresses of your circle; or remove people’s email addresses from the message’s content. Resize the message. Consider people ‘s computer limitations.

2. Why wouldn’t someone get bothered by these changes of font color from red to green to purple.., big font to small font, small case to upper case inside the message? Don’t you feel like you’re being yelled at while reading these? Wouldn’t you want to enjoy reading a more eye-pleasing message?
It would be a big surprise if someone spend time scrolling down to read this entire message, while not even touching or finishing reading a magazine for years. Yeah, you know who. 🙂 Talking about “click and just send”, or “delete”, it seems we are all pre-wired by these chain mail?
Even a preacher can’t practice what they preach. What do you think of that “read – but don’t delete” ?

Hope you take it as my dry humor for today.

Peace, folks.

Date: Tue, 20 Oct 2009 09:26:20 -0700
From: @yahoo.com
Subject: Fwd: Feng Shui (read – Please don’t delete)
To: @hotmail.com; g

— On Tue, 10/20/09, MikeSubject: .

Begin fo

Feng Shui
This is without a doubt one of the nicest good luck forwards I have received.. Hope it works for you — and me!

Lotus Touts: You have 6 minutes

There’s some mighty fine advice in these words, even if you’re not superstitious. This Lotus Touts has been sent to you for good luck from the Anthony Robbins organization. It has been sent around the world ten tim es so far.

Do not keep this message.

The Lotus Touts must leave your hands in 6 MINUTES. Otherwise you will get a very unpleasant surprise. This is true, even if you are not superstitious, agnostic, or otherwise faith impaired.

ONE. Give people more than they expect and do it cheerfully.

TWO. Marry a man/woman you love to talk to. As you get older, their conversational skills will be as important as any other.

Read Full Post »

In response to a question in one comment to my posting “Givers vs Takers…”, I am posting my answer to his/her question “What is CAPTCHA script?”. I apologize for this delayed answer as his/her comment, whoever the commenter was on my post, was sent from an adult website and therefore his/her message ended up in the “spam”.
Speaking of “spam” and “CAPTCHA” – they are inter-related.
Let’s expand a bit on the term “CAPTCHA”.
In common language, it is a challenge hand-shake language between the machine and the human being before you are guaranteed for access to the machine. This code is widely seen nowadays online, sometimes italicized and bold, other times a distorted image of alphanumerics as in this “WymZ1B2“.
It is a challenge code, of course generated randomly by the machine, which of course is pre-programmed using a hash algorithm (if you know what this terminology is about). It is acronym for “Completely Automated Public Turing”.
CAPTCHAs can be deployed to protect systems vulnerable to e-mail spam, such as the webmail services of Gmail, Hotmail, and Yahoo! Mail.
CAPTCHAs found active use in stopping automated posting to blogs, forums and wikis, whether as a result of commercial promotion, or harassment and vandalism.
Goolge the web for more resources on CAPTCHA, you’ll get more picture of what it means or it does.

Read Full Post »