Josh Wieder

Scams focused on stealing tax refunds remain highly profitable, despite the fact that they are well known and understood by security professionals and the general public , and have been for years. A variety of distribution methods are used, with the common threads being the use of IRS logos and bureaucratic-sounding language to convince users to click a link, download and execute a file and/or send personally identifying information like a Social Security number. A recent example of one such a scam that I came across is a damning illustration of the failure of online service providers to protect users from obvious and simple malware distribution methods. In the example I wish to discuss today, the distribution method was a spammed email that on a small ISP's installation of SpamAssassin (note: I am not an admin or employee of this system; I'm a customer) received an X-Spam-Status score of 5.3 after being flagged with the following variables: X-Spam-Status: No, score=5.3 re

I received a somewhat horrifying email from Electronic Arts in reference to my Origin account yesterday : I pissed my pants a little. The email definitely originated from EA, and there is very little resembling a phishing scam in the process they use to update security setting. I haven't used my Origin account for anything other than playing games on Xbox that require one... I haven't played my Xbox in months. There is no payment information associated with my Origin account, and the login information for it is not associated with any other accounts. There is nothing in the account activity to suggest purchases have been made. I would be a lot more comfortable with this sort of thing if the email was specific about what the issue was. So I am wondering a bit as to why I received this email. Has anyone else been receiving these emails? This whole "standard systems analysis" strikes me as .... suspicious. UPDATE: I've confirmed that I am not the only O

This morning I received an interesting message from someone I haven't heard from in a while through email. The subject line was "FIND PDF COPY" (in all caps). Inside the body of the message, embedded within the normal garbage footer attached by their email client, was this: I may very well have gotten suckered into this one if it weren't for the all caps subject line. The person who ostensibly sent me this message is, somewhat ironically, the type of person to include all caps text in their email - but there was something a little too weird about the grammatical solipsism intrinsic to the phrase "FIND PDF COPY" even for this supposed sender. So I took the two seconds out of my day to hover my mouse over the link and, what would you know, dropbox was not the target at all. The link forwarded to "goto-saketen.com" instead. Just to be sure I took a look at the headers of the message. This did in fact come from the sender it claimed to, althou

So Tropical Storm Erika is rapidly approaching my home in South Florida. Those who don't live on the Gulf Coast or the South East usually aren't familiar with the drama that is living through a hurricane. Its an emotional roller coaster similar to what war has been described as " boredom punctuated by moments of extreme terror ." The hurricane comes at somewhat of an odd time; coming almost exactly three years after I was caught outside my house in the middle of a tornado which sent me flying into a wall after being hit by a wall of water . The tornado three years ago was the remnants of Tropical Storm Debbie, which was supposed to completely miss my neighborhood. The winds were so strong that they snapped a solid concrete bench in my back yard in half, right down to the re-bar. A gentle summer breeze In my front yard, the tornado ripped a 15-20 foot tree out by the roots, twisted it until it cracked, and laid the whole mess to rest on the hood of my car - mis

A ton of Skype users were unhappy with the update from Skype 6.x to 7.x. Most of what I have seen is complaining about a few minor changes to the user interface. In the usual baby/bathwater situation that follows this sort of thing, "Power Users" began circulating guides on how to modify hosts files to prevent TCP connections to skype and msn domains. You know, because making sure you have the correct proportion of whitespace is more important than stupid trivia like patching critical security vulnerabilities . To address this madness, Microsoft decided to get clever. In addition to sending the Skype 7 update through the Skype application and related packages like Lync, they would push it through as a Windows update - KB2876229 . The Skype application updates are pushed through *.skype.com and *.msn.com , while Windows updates come from domains like  *.microsoft.com , *.windowsupdate.com and *.windows.com . The looks over substance crowd hadn't yet reached the levels

After seeing this I'm convinced we should probably keep the War on Drugs going for a few more decades. Remember, kids:

My mom was at an awards ceremony tonight for journalists in Miami. She was one of the first women in news radio in the South, a Pulitzer Prize nominee and a staunch feminist. So you can imagine my surprise when she told me that this afternoon she was escorted out of the awards ceremony after a series of not one or two but FIVE bomb threats were called in to the venue [ EDIT : some people are saying it was up to ten ]. The bomb threats weren't called in by ISIS or Al Qaeda or white supremacist militias. Apparently the threats were called in by anti-GamerGate activists. I guess somewhere in the same building was an event called SPJ AirPlay , which was targeted. Someone threatened to explode my mom over video games . This is my mom. I think she played Angry Birds once. I have to admit I am not very familiar with GamerGate. I guess it has something to do with a couple breaking up very publicly and a nasty blog post accusing video game critics of some sort of malfeasance? An