Targeted Spamming via Facebook

26. September, 2012


In the past few weeks, I started getting mails from friends which just contain a link:

hey, Aaron


9/25/2012 12:34:56 PM

Turns out that someone is analyzing my Facebook account and sends me mails using names from my friends list.

If you get such a mail, don’t click on the link. It probably points to a page which infects your computer with a virus.

Right now, these mails are pretty easy to identify as fake because the email address is wrong. But you should know that the sender address in emails is just a text; neither the sending nor the receiving computer will check what is in there. A spammer can write anything into that field. If the scheme starts to fail too often, I expect to see “better” email addresses.

This means as a receiver, you should never click on links in emails. As a sender, you should never share links by email.


Spammers Found Something New

15. May, 2011

Since Friday, a spammer tries to spam me via pingbacks 😦

It’s nice that WordPress lets me move this comment to spam, it’s not so nice that the spam keeps coming back.

But I’m sure they’ll fix that soon 🙂

Simple passwords

6. September, 2010
Credit card

Image via Wikipedia

How secure can a simple password be?

Well, that depends. What do you want to protect and against whom?

Today, there are two main attacks. The first one is by people who are close. Coworkers and relatives. The coworkers need some information or access to some function while you’re not around or because there wasn’t enough money to buy a software license for everyone. The relatives want to spy on you (for various reasons). If your password is something personal, they will figure it out easily enough.

The other attack is by spammers who want to gain access to your computer (to send more spam or to get access to more computers or to your bank account, your credit card number, etc) or your accounts. Credibility (as in Google ranking) can be worth money, so control over a well-known blog or a reputable website is not something a cracker would shun.

These people run professional attacks against logins, so they try words from dictionaries with a few numbers added (like cat123). They have tables with passwords and how often people use them (hint: don’t use 123456 as password).

For big sites, the question isn’t really how “secure” the passwords are but how often they are used. If every password was different, it would be much more effort for attackers to crack enough accounts to make the attempt worthwhile.

That means passwords could be simple enough to remember. As they should be. Or people will have to write them down somewhere — we’re not computers. Which remember everything perfectly. Unless the last backup didn’t work. Or a virus comes along. Or someone makes a mistake.

Related Articles

Hot or not

1. September, 2010
no spam!

Image via Wikipedia

When I write a post, I’m always wondering if someone cares. Since I’m not one of the top 1’000 bloggers who rally millions of readers, I just get so many hits and it’s hard to find out what people like to read.

Today, I noticed something: Some articles get more spam than others. Since spammers want to get noticed, they are more likely to spam the hot stuff.

Problem solved 😉

FREE! Really.

28. July, 2008

I just found a nice comment under my blog. It offered a free service. One sentence was: “REGISTRATION IS ABSOLUTELY FREE!” When you see that, you know you’re being ripped off. I’m not mentioning the name of the guys who tried that stunt in order to give them no additional advertisement. ‘Nuff said.

Tip: If you want me to join your planet or RSS mega feed or whatever, it’s not smart to post a comment in my blog. This is my blog, my reputation, my honor. I decide who gets free advertisement here.

Spammers “Cracking” Accounts on Blogger

10. September, 2007

There seems to be a recent increase in spammers “cracking” blogger accounts and replacing the blogs with spam/porn/etc.

If you want to save yourself from some hazzle (like your boss asking why you advertise porn on your blog), here are a few tips:

  • Don’t blog while connected via WLAN.
  • Always log out after blogging.

If you have to blog via WLAN, always assume that everyone on this planet watches what you do. In our case here, the spammers don’t actually “crack” your account; they just copy the cookie which your browser uses to identify itself against the server.

Anyone who can present that cookie is “you”. So they listen for it when you talk to the server on a WLAN and, after you’re gone, they run a little script which deletes your blog and replaces it with spam. Takes a few seconds and is almost impossible to track down afterwards.

If you want to be safe, don’t use hotspots to connect to the internet. If you have to, you must set up a VPN, otherwise it’s just a matter of time until your blog will be “cracked”.

%d bloggers like this: