March 29 – 2019
Two step verification
Part 2 : Cloaked phishing ( a.k.a. “the Modlishka method” ).
Hackers know how to avoid two step verification with a bypass method and that saves them a lot of work compared to “sim swapping” , mentioned in blog – part one about this subject.
Cyber security experts have raised the alarm about a hardly perceptible method of hacking digital data such as usernames, passwords and login codes. Even worse, the phishing toolkit for that is for free available on the web and downloading is in fact child’s play.
Note : For safety reasons I’m not explaining where, I don’t want to be responsible for promoting this. My task is promoting web safety and all issues around that.
The Dutch cyber security company DTX discovered the malicious software. Their security specialists have tried out the program and were heavily shocked. If you click on a link in a phishing Email, you will be redirected via another external server to the official website of any organization or web store. In the meantime, hackers are watching because it passes through their gate, the external server. The consumer is not aware of anything and doesn’t realize because the phishing is cloaked.
The DTX computer specialists tested the software by logging in to various websites which work with two-step verification, including the one of DigiD, the official website of the Dutch government where one can apply for privacy sensitive documents. They received the login details and were able to take over the entire session as long as the user was logged in.
Because the victims of phishing end up on the original website of a bank or online store via a redirect ( a bypass ) controlled by cyber criminals, it is also difficult or impossible for them to notice that someone hacks sensitive data in the background.
DTX: “In addition, hackers no longer have to create entire fake websites of banks, investment companies or the – above mentioned – DigiD.” Just to mention some.
Cyber security experts in other countries also report the use of the – so called – “Modlishka method” worldwide. The software was developed by the Polish cyber security researcher Piotr Duszyński. He wanted to demonstrate that the two-step verification is NOT secure.
Opposite tech website ZDNet, Duszyński proclaimed he wanted to provide evidence that the method works, otherwise it would remain a theoretical discussion and no action would be taken. Yeah right, what an excuse to justify such behavior ! A great way to explain cyber criminals how to apply this method.
ICT security company DTX tested the software and fears large-scale abuse by criminals. “You don’t have to know much about computers to get started with this software. And you don’t have to look for it on the dark web either. It’s simply free to download from a site with legitimate software” , so they state.
What to do against his ? First of all it’s a wise thing never to click on links from whatever bank, investment company or official institute. Usually they don’t contact you this way to avoid digital criminality. They send you a paper letter in stead, or – when urgently needed – call you.
It’s also better to enter a website manually in your browser, never – ever use the link in an Email. Make use of your list of favorites to enter websites directly.
Finally I can’t help saying this, though not really polite ………
Thank you very much for putting this download on the net, Polish dombo ! Great job, that helps !
March 26 – 2019
Two step verification
Part 1 : Sim swapping
So you think that two step verification is safe ? Well then, read this and you’ll find out.
For the modern two step verification your cell phone number is needed and that’s exactly what promises more safety. But is it really ? Once your number is in the hands of hackers, you’re completely out of control. And the promised extra safety can come as a boomerang back, against you.
What can happen ? Well it appears to occur a lot, that hackers take over your cell phone number in a sneaky way. The reason for that comes later, let’s start with the method they use. To begin with they need to know as much as possible about your private life. They need that to mislead the helpdesk of your tele – provider later on. To gather information they scan the social media and grab everything about you they can find, to add to the puzzle. And if you think about it, Facebook, LinkedIn and other social media are a rich source. And – besides that – they also need to hack your computer, e.g. with a trojan that opens a backdoor, to get passwords and login codes in hands from your memory.
The second step is that the cyber scumbags call the helpdesk of your tele – provider and ask them to change the number to a new sim card, with the excuse that the old one is lost, damaged, stolen, fallen in water or whatever. Usually the provider then asks a few control questions to verify if the person on the phone is the same as the client in the file on their screen. They e.g. ask for your birthday, or other private information and here the hacker needs the gathered information to “throw them sand in the eyes”. The provider doesn’t need your phone for the change and can do that with a system modification, so you don’t notice until your phone is suddenly “dead” ( disconnected ). Do you then realize that this is more than a failing cell phone ? Not directly I guess, it can also be a technical failure of the device and at first you don’t think of hacking attempts.
By the time that you contact the helpdesk of the provider or you visit the phone shop to check your cell phone, it can be too late already.
But it can be even worse when a hacker applies for a dual sim card. Then you may not notice the hack at all, because your phone isn’t “dead”. But when a tele-provider is a bit sharp and operates correctly, they sent you a letter or E-mail notification to confirm the application of the dual card and hence finally you find out. But also – like said before – too late.
Whatever happens, once a hacker has established the connection to HIS sim card, it’s a matter of minutes to plunder your bank account, to steal your identity, to hack your social media accounts and more. Once you find out, the damage is already done.
And most likely your privacy sensitive data will also be sold on e.g. the dark web to other cyber criminals. So this will haunt you for years.
What can you do against this ? To be honest, not much except keeping your computer safety up to date. The only measure which is of help is not putting too much privacy sensitive data on the web. After all the scandals leaving Facebook is – for instance – perhaps a good option. And believe me, I don’t have a Facebook profile and you’re missing nothing.
Real life is already exciting enough i.m.o.
Januari 20 – 2019
This says enough !
In the past I’ve written a guest blog for Web Of Trust called “Technostress” about, among other things, the overdone use of smartphones – stuck to your hands – and how that affects us.
For the link to that blog at Web Of Trust, please scroll down on this page.
This picture – placed at a beach bar – says enough.
Nothing to add !
December 17 – 2018
Many companies are lately hit by a new type of blackmail software, called Sam Sam. A large cybersecurity company has knowledge of dozens of victim – companies, from large to small. And they expect a lot more, because many attacks haven’t been reported, due to the shame of letting it happen and / or the damage to the image of the company. In these cases it’s kept silent and sometimes those companies were able to solve it themselves. Or they paid the ransom in the hope that it works. Mostly it doesn’t, like I mentioned in an earlier blog about Cryptolocker and Wannacry.
In a few words : A nasty variation on Cryptolocker and Wannacry. Those trojan viruses immediately hit you after contaminating your computer ( or network ) and after encrypting your data demand ransom money directly. Sam Sam is even more nasty, because it silently invades your computer and spreads itself in the background, without you realizing that. The malware is lurking around, establishing where they found a backdoor and it waits with making itself public to you. In the mean time it crawls deeper and deeper in your system with the intention to wipe out all your back ups and functions to restore your system and start up files.
Once that’s finished Sam Sam then encrypts all your files and demands ransom. With this approach the hackers enlarge the effectivity, because the chance that you have to restore by using your back ups is minimalized. And that means that they can demand more ransom money, because – most likely – you’re out of options other than to pay them. And because the Sam Sam malware is lurking around for a while, the hackers are also capable of collecting more information, e.g. about the amount of money a company has available.
If you have back ups and files to restore on an external memory, separated from your computer, be careful with that. One can expect that Sam Sam will immediately invade that memory when you connect it to your computer. So clean your computer thoroughly and then you can start installing Windows again, with your other software ( Like Office, Photoshop or whatever ) and your data. Best thing is to make a copy of your external memory on another – clean – computer. And then use that copy to connect to the cleaned victim computer. In that way you block the risk of losing your external memory as well. After all, what is the price for an additional USB ? In fact this is also a – manual – way to create a fire wall.
Most likely Sam Sam invades your computer through an attachment in phishing mail. So be careful what you open, sometimes hoovering with your mouse over the name of the sender explains the real source.
Spam can be “spoofed” and with this hoovering the box of pandora opens a bit. But better leave it by that ! If the sender is unknown to you, if you don’t trust it or whatever is suspicious, DON’T CLICK THAT !
And when – by accident – you did open such a spam mail, be absolutely certain NOT to open the attachment. That’s the real box of pandora
Be safe out there and keep your eyes open, The web is a jungle !
October 7 – 2018
The never ending story ……………… I won’t stop !
In the past I’ve warned over and over again about Facebook, the data swallowing multiheaded monster. If you use your common sense, you can imagine that something’s wrong. But I’ve explained that already in former blogs. It doesn’t make me happy, but sad that slowly comes out that I’m right. Facebook is dangerous and a big threat to your privacy. After all, their business model is built on gathering information as much as possible and selling that ! In other words : infringement of your privacy is the way they earn money, whatever blah, blah they use to proclaim otherwise.
Once you’ve grown so big and have so much sensible information, you’re a target to shoot on. Or you’re seduced to sell information to third parties. Or others abuse you to spread misinformation to influence the news for political reasons and/or to change the outcome of elections. And that happens now, some examples :
1 – The scandal with Cambridge Analytics. I don’t have to explain what happened, we all know by now.
2 – Recently about 50 million Facebook users had to manual login again, because hackers broke in the system and in that much ( or more ) user accounts. These hackers were also capable of reaching information at Instagram and Whatsapp, both also owned by Facebook and apparently highly integrated. Combining all this to “big data” …. yeah, how nice ! Works fine !
3 – Another issue is that when you use Facebook to login at another service on the web, all transferred web traffic is being diverted and passes through “the gate of Facebook”. With that they can pick up and store what you buy, what you’re interested in, what services you’re looking for, what relations you have and so on. They’re eager to know, because that means money, money, money ( like ABBA sang in the past ).
4 – But there’s one issue that still stays underexposed. Facebook has the possibility of two step authentication. They proclaim that this is safer for your account to avoid hacker or whatever attacks and hence better for your privacy. In the process of the two steps they also need your cell phone number to send you an SMS with a unique code, that’s only known to you. And to you only. Yeah right ! What the dirty rats don’t tell you is that your cell phone number isn’t kept private and isn’t deleted afterwards. Oh no …….
They sell these phone numbers for marketing and advertisement purposes to third parties. So if you’re vigilant in daily life in giving your cell phone number only to people you know and trust and sitting like a duck on the eggs, some day a blurry call center from whatever lousy country can still bother you on the phone. And once your number is public it’s sold over and over again and spread around the world like a virus.
Just a thought : In the past we had paper phone books and all landlines could be found in that, except a few secret / private numbers. Back then your phone number was public, unless you chose to have it secret ( = not in the book ). But I’ve never ever seen a phone book or internet register file of cell phone numbers. Hence this is an earning model for Facebook, but they’re not honest about that. Your cell phone number is a trading product !
Privacy and Facebook …… bad combination !
*** BTW : In the meantime Facebook doesn’t give up spamming my mailbox of this website. They still call me “Dear Trash” ( I’m honored ….. ) and I’m getting requests of people I’ve never heard of to become “friend” and others useless rubbish.
My weapon : Shift – Delete and don’t even open them.
My advice : Stay out of the rats hole ! ! ! “Fakebook” is a more appropriate name.
June 18 – 2018
Modern style ……..
Big data …… Social media …… Tracking and phishing methods ……. Spyware and trojans. With the upcoming tech developments the world of intelligence is changing. But even more it’s expanding to our private life. Some considerations :
In the past collecting data was a game for spies and moles of the CIA, KGB ( FSB ), MI6, Mossad, (Iranian) VEVAK and more of these secret services, who were trying to invade on government and companies level. That still goes on these days, but with the help of computer tech we’re now faced with the growing problem of infringements of our private life. We, the average citizens, not being famous or whatever important are the target now. It has become big business to collect whatever is possible from the average John Doe. We, the people in the street, living in ordinary houses aren’t safe anymore ……… “Big data” is the new money making machine ! And where to stay under the radar or how to hide yourself ?
Just take a look on what’s happening for real. In a helicopter view, independent of influences around you that can have effect on your opinion. In my country ( Holland ) we use idioms for that like : “Put your feet on solid ground”, or “Keep standing with your boots in the mud”. Which means : “Be critical, with your eyes wide open and keep your mind clear”. Whatever they tell us to justify what’s going on, it isn’t right. Period !
Holland was a pioneer when it comes to internet use. We were the first to have a country extension (dot”nl”) shortly after the creation of dotcom, dotorg and dotnet. And one of the founders of our first ( and still best ) internet provider XS4ALL has now said at retirement that the net has become an incontrollable instrument, a monster and both a blessing but also a disguise. In the grey world where nothing has been described in international treaties or covenants what’s allowed (and what not) and where borders play no role, smart and / or cunning types earn fortunes with information from our private life. People with few conscience or even missing that at all.
Most of the invasion comes from the USA, sorry to say that …. Our befriended partner in NATO and the Western world, but that doesn’t seem to matter. At first we had the NSA scandal that came to the surface when Wikileaks exposed it. Now our “friend” Zuckerberg had to visit both the American Senate as well as the EU parliament to give some explanation. What came out is just the top of an iceberg and the only thing Marc Zuckerberg did was sweeping as much as possible under the carpet. Empty promises to keep his money machine going and nothing else. Politics look at it and allow it to happen. What a fake show ! This guy should be held responsible in some way. But how, if there’s no law or treaty for that.
Just an example from my private life of what Facebook is doing. For a long time it’s already known that Facebook tries to create some kind of profile about you even when you don’t have one (like me). A few months ago the evidence of that was delivered by them when they started sending mails to me, better said to the mailbox of this website. What happened : I’ve made a separate mailbox for this website and my Web Of Trust activities and the name of that mailbox begins with “trashbin” to avoid using my own name or whatever identity. And see what happens, Facebook has found that mailbox and sends Emails with announcements to “Dear Trash”. For instance that I needed to check my profile urgently to complete that and later on I got a notification for that again. Than I received mails that “friends” like Luuk Roks and Samantha Riley had placed new pictures. Who are they ??????? When I still didn’t respond, they did attempts with mails that I was tagged on some party. Has trash ever been tagged ?????? And on what party ?????? Yeah really, it all happened. This proves the data hunger of Facebook, most likely done by robots and algorithms. After all, which normal person would call somebody “Trash”. Certainly not me ……
But, there’s more in life than f…ing Facebook. For instance the other social media and don’t forget Whatsapp, also owned by Facebook and a rich source to harvest information.
Now ….. what can we, average citizens do against this and what’s more coming ? Sending the Dutch army to the USA to destroy the HQ of the NSA and Facebook for a start ? Followed up by other data collectors and server centers. Nonsense of course, but where really to begin ? It’s everywhere around us. If you simply stroll around on the net, you’re followed. Once I was looking for wheel covers for my car and even after ordering them, I was bothered for months with advertisements about that. Cleaning up my cookie register files didn’t even help. But those are just the things you can see. What’s more worrying is what’s happening in secret behind our back. To be honest, I expect much and it gives me the creeps. Can our government protect us ? Oh no ! Definitely not, it comes from everywhere around the world. From hostile, corrupt and criminal countries to even our allies in the world.
Shoud the UN play a role in this ? And are they capable of protecting our privacy ? I have my doubts, knowing all the veto’s nowadays. And the world is still at war …… But something needs to happen ! We, the average anonymous citizen, simply can’t see and hence don’t realize what’s all happening around us.
Russian fake news and internet hacks from the “news factory” in Sint Petersburg. North Korea who is stealing billions of dollars with the help of malware. Chinese spyware embedded in hardware products. Just some examples which reached publicity, a lot doesn’t.
In fact there’s a huge scandal growing. We simply have no privacy anymore ! Call it whatever you want, to me it’s new style espionage and unacceptable.
In the past we had the Occupy movement, where people tried to give a voice to their anger. Against the banks that created the economical crisis, then made that crisis with their behavior deeper than necessary and after that we – the tax payer – had to save them. And now these banks, guilty of creating the problems and keeping them longer going, get help from the FED ( in America ) and the ECB ( in Europe ) with ridiculous interest levels and money injections. We, the average citizen, get nothing on our savings and in some countries ( like Germany and Switzerland ) you even have to pay interest to “park” your money there. And that because these countries are in some way a “safe haven”. The result of all this is that the debts bubble in the world is 20 times as much as it was in 2007/8 before the crisis. And when the world goes upside down again there isn’t a safe haven anymore. Nowhere …..
Knowing all this it’s a mystery why the Occupy movement slowly died. Was it lack of leadership, or did people simply get tired after some time ? And went back home to live a normal life again ?
Now ! Who gives us a voice and shows leadership ? Both when it comes to the – soon coming – next crisis and also in forcing stricter – and international respected – rules that can protect our privacy better.
To be honest, I don’t know where “the good wind” will come from. And I’m afraid that “the solid wall will turn the steerless ship” someday, as we tend to say in Dutch. And that will happen with causing a lot of damage. How and when …… who knows ?
So ….. for the time being you’re on your own when it comes to shielding your privacy.
Stay awake !
May 07 – 2018
Attacks for sale for less than a thousand Euros ………
Recently the police in Canada, Croatia, Serbia and The Netherlands have taken action against a group who was selling DDOS attacks on the internet. That after damaging attacks on banks in several countries and on the Dutch Tax Service. In fact that last one doesn’t bother me at all, they only cost a lot of money …….. ROTFL !
But serious, if payment traffic of large banks goes down and e.g. the stock exchange and many, many companies have also been made lame by that, it’s running out of hand.
In February the Dutch police had already arrested an 18 year old boy again, who had launched an attack for the second time. His first was a small one when he was still a teenager and meant as a try out, but the bloke had the idea that he could do better. After that arrest a network appeared of many users who also tried to blackmail companies with threatening them with a coming DDOS attack if they didn’t pay.
The attacks were for sale at the website “Webstresser.org” and the webmaster was residing in Hilversum – Holland, while some moderators were active from Canada, Croatia and Serbia. All of them were caught by the police and now – here in Holland – they’re hunting for the users too. And I expect worldwide the same is happening. At least let’s hope so.
The site “Webstresser.org” was market leader ( if one may say so ) in selling DDOS attacks and had about 130.000 users worldwide who together carried out some six million attacks. It’s now disabled by the authorities and off line.
Ever since then it’s silent in “DDOS land”, but for how long ?
Good catch by the Dutch cyber squad, who directed the international action !
April 05 – 2018
More news from Europol about the “stinking nest of Europe”
Recently the Spanish police arrested Denis K. from the Ukraine in the tourist village Alicante. He’s said to be the leader of a gang which attacked banks in more than 40 countries with malware called “Anunak”. The gang had both Ukrainian as well as Russian members and Europol has anounced that the damage they made is estimated over a billion Euros.
The cyber criminals always used a proven method by sending E-mails with an attachment, purporting to come from well known companies to several banks in e.g Belgium, Spain, Great Brittain and Russia. When an employee opened that attachment in an E-mail, it silently also installed the malware. With that they managed to infiltrate deeper and deeper in the server software of those banks.
Once in control they were able to manipulate ATM’s. And the malware was also able to artificially “expand” the amount of money on bank accounts. After that they “ordered” an ATM to throw out a lot of money, while another gang member stood there, ready to pick up that money.
All the money they “collected” – including fake bank transactions too – was then white washed by transferring that to virtual money ( like bitcoins ) and that vanished into anonimity.
Criminality seems to be profitable ………….. although for some time !
March 03 – 2018
News from the “stinking nest of Europe”
It’s about time ……. The authorities in Ukraine have announced that in Kiev they have arrested an important cyber-criminal called Genaddi K. in the end of February. He was the leader of the Avalanche network, that has taken over hundreds of thousands computers worldwide and added these to their botnets. With these botnets the network tried to capture usernames and login- passwords of internet banking accounts. And they also “planted” software to take your computer hostage with the use of e.g. the Cryptolocker virus. The damage caused by the Avalanche network can’t be given precisely, but it’s estimated to be hundreds of millions Euros.
Finally justice in Ukraine is doing something. The arrest is just the top of an iceberg. Let’s hope that this leads to more “cleaning up” actions. To be honest : I don’t have much faith in that……
One of the (many) reasons why we – in Europe – don’t want this very corrupt country in the EU. Just the idea of their flag between the others in Brussels makes us shiver.
We’re faced with dodgy figures over and over again. Keep your security up to date !
February 18 – 2018
Again ………. ( second blog )
In October 2014 I’ve written about this – still current – topic for the first time. *To read that scroll about ¾ down on this page until you see this cartoon of a school.
That’s more than 3 years ago an ever since then this problem has extended, but also some former teenagers are now in their twenties and faced with the consequences of what occurred in the past ( or still occurs ). Let’s think for instance about what happens when you’ve finished high school and you’re looking for a job. Human resource departments of employers nowadays check the social media to find out who they’re faced with. And when – oops – erotic related pictures of you pop up on e.g. Instagram, you at least have something to explain with the shame red on your cheeks. Weather you’ve done this yourself back then or someone else is NOT an issue. It follows you and remains unpleasant. And carries the risk of not being invited at all for an interview leading to the “dream job” you absolutely want.
Hence the second story about this awful problem that can ruin someone’s life, after all …. what once has been placed on the web will never vanish. It’s said in the news that suicide of young people caused by this has occurred. To me it seems a good reason to write a blog again as a follow up of the first in 2014.
An update of what happened since then :
Our government has now recognized this growing problem as a real threat to privacy and more. Think of young people feeling isolated and depressive, which means not functioning in society. That can lead to unemployment, costs in mental health care and if that doesn’t work, the worst case scenario of suicide. Hence the government has started an information campaign, where well informed coaches will visit all schools for children of the age of 13 and up, to warn them for the great risks of sexting. That appears to be necessary, after all teenagers can be pretty careless.
Next to that the Dutch national bureau “Halt” which is the institute that takes care of youth criminality and carries out “work punishments” to teenagers below 18, will expand its activities from street related criminality to cyber criminality as well.
In the mean time our government is adjusting the law with heavier punishments on so called “revenge porno”, though the problem in justice is that you can also expect teenagers under the age of 18 in court. And of course other – less heavy – punishments are applicable for them .
Bureau “Halt” will also take preventive measures, e.g. with work / learn practice projects for young people in ICT companies, where they can at the inside see what misery cyber criminality causes.
If these measures will be sufficient effective is something we will find out in the future. But this is for sure a good beginning.
January 9 – 2018
VLC Media player
Be aware of the risks
Recently a friend told me that he had a nice film available on USB. And he advised me to download VLC Media Player to smoothly watch that movie on my PC. According several peoples opinions, including my son – who is a computer techie – this is great software to watch films and videos.
So far so good, I’ve copied the film from his USB to my PC and stored it on the hard disc. My AV didn’t scream alarm and besides that I did an additional check on this external file. No issues found.
But then ……… Step two was to download VLC Media Player from the internet. This software is for free available, but the amount of download links offered in a search engine is enormous. Which one to choose ? What is safe, free of whatever malware or additional rubbish ? Because I’m member of Web Of Trust, I can see which sites are green rated in a search engine and selected one of these. I selected hxxps ://videolan.org ( link disabled ), the original site of the French designers. That one seemed safe. Seemed ……..
The opening page of that site wasn’t really complicated, in top the sentence “Official VLC Media Player – Free download for Windows” and below that a big button to click with “Download” on it. How easy can life be, you might think….. Before clicking the button, I checked the W.O.T. scorecard of the site. No warnings, several experienced W.O.T. members were positive about this one. Only one bad comment with a lot of “disagrees”.
Okay, let’s download then ! Here we go ……….. and then it started to download VLC Media Player. Like always I had several pop ups on screen where e.g. I had to give permission to download and – later on – install the software. No problem you might think. As always with free available software you must be vigilant not to download all kinds of additional software rubbish they offer, but you don’t need. If necessary I removed all checkmarks for that, which are automatically inserted. Same goes for the installation procedure, one needs to stay focused ! *Even if you install an AV this needles additional software can be offered ….
Job done and the movie was nice. But then in the two weeks afterwards I began to get the feeling that something was wrong. It’s like smelling smoke and then a fire must be nearby. My PC was behaving unusual and after a while I had pop ups that I needed to update Windows drivers which were outdated. Things like “W 10 Family guard” and other nonsense and every time I had to fill in all kinds of privacy sensitive data like mail addresses, account verification and such. *Which of course I didn’t btw.
WTF ! That became more and more annoying and this wasn’t okay. I was sure that I didn’t download whatever additional software with VLC Media Player, so where did this come from on a site that was rated very safe on W.O.T. ?
So let’s start digging ! Sneaky hidden software, coming from “Slimware Utilities” – hxxps ://www.slimware.com ( link disabled ) which causes no notification on screen, appeared to be the only explanation. I went to the config of my PC and checked the software list. There I found “Windows Utilities” and removed that permanently.
After that I did a scan with – beloved and unsurpassed – MBAM ( Malware Bytes Anti Malware ). To my surprise MBAM still detected 32 PUP’s ( Potentially Unwanted Programs ), in spite of the removal. WOW ….. thirty two which had to be quarantined. Additional drivers, register files and more software additions.
I felt like a fool who – in spite of all my precautions – was caught by fucking bastards ! But to be honest, this can happen to all of us. Sneaky hidden phishing software that later comes to the surface.
Note : “Slimware Utilities” appears to be a company in New York selling diet products and services. Perhaps they’re unaware of the fact that their site is hacked and used as a means to spread trojans.
Why this story ? Downloading free available software is always risky, even if you’re vigilant. Hence this warning, if not necessary, leave it ! And this story makes clear that every now and then you need to run a security check, preferably with MBAM.
December 18 – 2017
Failing Office versions
Microsoft doesn’t listen enough to its users
This story has nothing to do with whatever internet threats, but it’s about arrogant Microsoft. And about trouble on your machine, so I feel the need to tell. And to show you the way to a solution for an annoying problem.
A few years ago the users of several Windows versions, like W 7 and W 8(.1) could change for free to Windows 10. Back then very generous of Microsoft to their Windows users, but it made me think when – citing a Dutch idiom – “the adder in the grass” would be discovered. After all, “freeware” in most cases has a hidden agenda in some way. Sometimes that’s a sneaky hidden addition or a PUP (Potentially Unwanted Program). And what to think of the privacy breaches in Windows 10. It’s all about grabbing as much data as you can these days. * I’ve written about that – and how to weapon yourself – in another story on this page.
But in case of Windows 10 the real “adder” appeared about two years later. If you made use of older Office versions, like the ones of 2003 and 2007, suddenly some applications – like Excel – didn’t work properly anymore. At one moment you find out that the combination of Windows 10 and an older Office version causes this, by not being compatible. And …….. this was shortly after the period ended that you could return to W 7 or 8(.1), so there was no way back – escape route. Was that by coincidence ?
I doubt it, somehow the “chimney needs to smoke” at the Microsoft company as well.
In fact with this trick Microsoft forces you to buy a new Office version. After a short while you get very annoyed by improper working Office software and ~ sigh ~ you decide to purchase a recent version.
But here – again ! – comes trouble around the corner !
In the Office versions 2013 and 2016 (the most recent one) the photo processing application is very limited in its possibilities. In the past we had “Photo Editor”, which was later renamed in “Office Picture Manager” , lovely software for picture management and processing. A lot of users have already complained about that, but Microsoft very simply denies the problems and declares that the new Photo software is very suitable, same as Picture Manager in the past.
Well Microsoft …… it isn’t. No doubt about it, Office Picture manager is great and much better than the recent one ! If you are – like me – mastering four websites, you have a lot of pictures in store which e.g. needs to be colour processed, resized, edges cut off, turned to have the horizon horizontal and more. One simply can NOT do that with the recent Photo version in Office 2013 and 2016.
So what to do ? Luckily in this case there’s an escape route to Picture Manager in Office 2010. You can download the separate program for free. And it’s not necessary to download the whole Office 2010 software package. Simply put the search sentence “Office Picture Manager 2010” in a search engine and the download links appear in the list. Forget the advertisements in top and search for Picture Manager 2010. Perhaps the 2007 version is also good, but 2010 is more recent and it’s expected that the support for the 2010 version will remain longer than the 2007 version.
Don’t get frightened during the download procedure, you make use of the software of Microsoft SharePoint Designer (SPD) 2010 version to install Picture Manager. And afterwards you can indeed find Microsoft SharePoint Designer (SPD) 2010 back in the configuration screen, in the item “Programs”. But don’t worry, after downloading and installing you end up with only Office Picture Manager.
Step 2 is opening the Windows info screen by clicking the button below on the left in the toolbar. There you can find the installed Office Picture Manager 2010 and if not, use the search bar. Once you’ve found it, you can copy the icon to the bureau screen, to create a direct link. You do that by simply dragging the icon from the Windows info screen to the outside ( inside it will remain ), or click right to create a copy that you can drop outside.
Step 3 is opening a picture once installed everything. Now the computer will ask you with what program you want to open the file. There select Office Picture Manager 2010.
Then click O.K. and the Photo application in Office 2013 or 2016 is permanently disabled. *But don’t worry, not removed.
Good luck !
November 23 – 2017
New EU guidelines
Work to do on your website / webshop……
As of May 25 – 2018, new EU rules apply to each company with regard to privacy and data files. This applies to all entrepreneurs, regardless of turnover or size of the company.
- Privacy regulations for web shops and websites that collect personal data.
- Companies must have an internal protocol that states how they deal with such data.
- You have to be able to demonstrate how you collect data.
- High fines for violating the new EU rules.
- Starting date: 25 May 2018.
In detail what to do and what not :
As of May 25 – 2018, all entrepreneurs, including freelancers and sole traders, have to comply with the new European rules on privacy through online media and data files.
The privacy on the Internet in all its forms is regulated through the EU-Privacy Directive, while the General Data Protection Regulation (GDPR) applies to the way data files are used and managed.
It is mandatory for every entrepreneur, regardless of the size of the company, to comply with these rules.
- You may mail to existing customers with whom you already have an “invoice relationship”.
- You may NOT mail unsolicited to companies or persons who are no customers ( spamming ).
- You can mail to companies or people who have registered for your newsletter.
- You may NOT mail about topics for which someone has not registered or for which the invoice relationship does not exist. So if you sell e.g. boats you can mail about it, and about the additional supplies. But NOT about the – let’s say – coffee machines which you also want to sell later on and for which you have NOT received permission. Again, than you cross the spamming line.
- If someone wants to unsubscribe, you have to make sure that this happens. For this you must have an unsubscribe option on your newsletter.
But watch out! Your responsibility does NOT end here …
In addition to the EU-privacy directive, the General Data Protection Regulation will also take effect on 25 May 2018. This applies, just like the EU-privacy directive, to all countries in the EU. This is how you deal with customer files containing personal data, whether that is for a newsletter or your webshop. Strict requirements are set for monitoring the privacy of people who are in these files.
- You have to set up a protocol for your organization in which it is clear who has access to the information (for example also to your IT company that could see the database), and how you store and secure the files.
- You must be able to demonstrate how you collect the data of the persons concerned and that they have given permission to record their data.
- If someone wants to know what you have recorded about him or her, then you have to give that information and possibly show it.
- If someone wants to have their data removed, you must comply with them (with the exception of any legal obligations, of course).
- You may record only the minimum required information.
- If you suspect that the files have been viewed by unauthorized persons, if your system has been hacked or if you have lost a USB stick with such data, you must report this to the Data Protection Authority.
- If you work with an external company or expert in the management or processing of such data, make sure that they set up a so-called processor agreement with you. As owner / client you always remain responsible for what happens with such data, and such an agreement helps to prevent problems afterwards.
- Do you work together for managing ( or editing ) such files with a company or expert outside the EU ? Than currently the legislation of the following countries complies to the demands of GDPR : Andorra, Argentina, Canada (excluding Quebec), Faröer Islands, Guernsey, Isle of Man, Israel, Jersey, Uruguay, USA . But make sure that the relevant company or expert also works according to the applicable rules. For example, US companies may indicate that they comply with the EU-USA Privacy Shield.
Incidentally, these obligations apply not only for internet-related data, but for all data files that you use. So for example also for your personnel and salary administration and for the customer files that you have collected in your administration via your physical store.
It’s wise, if you have not already, now to identify what data you work with and what action you should take to bring everything in line with the EU-Privacy Directive, and the GPDR. Because fines can be considerable if the rules are violated, it’s said that 4% of your turnover is possible for each violation.
That can be very costly……. You have only a few months left !
September 19 – 2017
Stop them !
How to fight ransomware succesfully……
A year ago I’ve already paid attention to ransomware in a blog of August 2016 ( together with the infograph of Exigent Networks from Ireland ). A few months ago the whole world was in panic, it really went out of hand with all the Wannacry ( and later ) Petya attacks. Part of the problems was caused by a safety leak in Windows 10 and if you didn’t update in time for the necessary patch …… bingo !
Ransomware has become one of the most threatening and destructive types of malware. It encrypts the data on your laptop or PC, and you’re only granted access ( hopefully ) if you pay ransom. In many cases you don’t get whatever reaction after paying and it can happen that once you’re “caught in the net” they brutally ask for more money. So don’t ever pay !
In the fight against ransomware, which you can get through infected files ( e.g. as an attachment of spam ), infected websites or a friend’s or colleague’s document, traditional anti-malware and anti-virus software does NOT ( or barely ) help. The only way to avoid powerlessness is to make frequent back ups !
In daily life I,m a plant / flower breeder who posseses unique information, that I can’t even store safely in the cloud. Simply because the cloud isn’t safe. Period ! I’ve written before in another blog : “What stored in the cloud can vanish in the mist”. So I’m used to making my own back ups, at least weakly and sometimes even daily. Once it’s a habit, you realize that it’s a matter of discipline and actually not much work. And something important : Keep those back ups on an external memory, separated ( = disconnected ) from the PC / lap top. Drop it somewhere in a draw or so.
The security company Cybereason has a new program available that eliminates ( virtually ) all threats at this point. RansomFree is a program that ensures that when ransomware enters your computer or laptop, it’s activily intercepted, immediately blocked and stopped. You can be sure for 99.9% that your computer will no longer be infected by ransomware that encrypts your files and important data.
How it works : The program places a few files in e.g Excel and Word on your hard disc as some kind of decoy. Those “trap”files change frequently on your hard disc and are very sensitive to attacks. The behavior looks like how viruses appear, but don’t worry ! Once these “warning”files detect a beginning attack they respond immediately by stopping that and you get a warning on screen.
RansomFree can be installed immediately after download. Once installed, you can forget about it, it does its work completely transparent in the background. The use of memory and CPU is completely minimal.
RansomFree is free software for commercial and private users.
Great job Cybereason…….. Compliments !
If it’s up to you that’s history !
August 21 – 2017
Another way to get infected……
And again I’ve found an advertisement with false intent in Microsofts Hotmail / Live / Outlook. This time it was an ad of a Dutch website saying “We buy any car from you, just give us the number of the plate and we will offer you a fair price”.
I’m thinking of selling my car and became curious if they really mention a fair price ( don’t think so btw ! ). To test that I clicked it and immidiately received a warning from Web Of Trust that the URL behind the ad was detected for malware and/or virusses.
And Web Of Trust has proven it’s value again. Lovely tool, that warning screen which gives you the chance to stay out.
My warning : Don’t rely on it that Microsoft keeps the mail system clean. Never let your security depend on others, but build your own “wall of safety”.
June 23 – 2017
The “Fear Of Missing Out” syndrome……
I’ve already before written some blogs about social media, with tips how to handle that and about the risks of getting addicted to Facebook ( “Farce book” ), Twitter ( “Trumps Trumpet” ) and such. But with the coming up of new social media, new problems also arise. There was still an empty “playing field”, being the young teenagers of – let’s say – 10 to 15 years old. This group can’t be attracted with whatever kind of text. They grow up in a fast world where only quick and short impressions count. In their view text is sóóóóó 2016 and old fashioned, they tend to respond more to views and send each other pictures, video’s and snapshots, sometimes accompanied with a small comment or so. This is why social media like Instagram and Snapchat became popular and found their place in the “social media landscape”. Those young teenagers have found a way to share their adventures, what happened in class, their feelings and doubts as well as funny items with each other.
But – as always – this “development” in the social media world has a dark side. The British Royal Institute for Public Health has done a survey under 1500 teenagers about the feelings that they have when using social media. And what comes out ? The most negative reactions are about Instagram and Snapchat, while You Tube came out as the best btw. Among the negative feelings they mentioned fear, depression and loneliness. Many young people seem to suffer from negative thoughts, called “Fear Of Missing Out”. At first they start to doubt about themselves, because they see so many funny pictures, video’s and such pass by. And because they’re afraid to miss something, they constantly “refresh” their social media. And more funny content passes by, but yeah……it’s about others and you don’t join at that moment. Your life isn’t that exciting……. Then you get bored and shut down e.g. Instagram. But that doesn’t work either, because now you’re lonely, so you open it again to be sure not to miss a thing and the whole cycle begins again. This is called “Fear Of Missing Out” and is pretty addictive.
The only thing that helps is self control, put the phone down ! Store it in your pocket or so and live your own life. If you’re missing something about someone else’s wonderful life, what the fuck……Who cares !
Parents do have a steering and controlling task here……
June 21 – 2017
Due to software changes in the used Ryu theme, I need to switch – from here upwards – to the type of text that belongs to the theme. Sorry for the inconvenience !
May 19 – 2017
A never ending story …..
In March the Dutch police has arrested 28 people on suspicion of internet scamming. This includes, among other things, people who offered goods on the internet but did not deliver them, and about 7 so-called money mules. In total, more than 200 declarations of fraud have been given a follow up with this police action. The claiming victims are all online buyers who responded to internet ads, made a money transfer and never received the goods. In most cases it’s impossible to track the responsible criminals, so this is a victory for “the guys who serve the law”. Some examples of the scamming sites, the source is the Dutch police list of URL’s : best2dress.nl , freezycraft.nl , nike2016outlet.nl , thesneakerstore.nl and many more that look trusted at first site.
The total damage was an amount of millions of Euros and after analyzing the used – suspicious – bank accounts the police found out that this was just the top of an iceberg. And they assume that far more victims are involved who never contacted the police. One of the suspects is a 24-year-old man from the city of Groningen in the north of Holland. To him, seventeen times scamming was reported. The suspect has admitted the scams and money laundering of his proceeds. All suspects in charge will be held responsible in court in September.
In addition, some money mules have also been arrested. A money mule is someone who makes his / her bank account and credit card available to scamming webpages. The money mule himself can sometimes carry on his aftermath of identity abuse for years to come. *In some cases those people are e.g. junkies, who are willing to support the criminal scammers in exchange for a small amount of money. If heroin addiction drives you and you absolutely need to score a dope shot, decent behavior is no issue anymore.
But what are the features to recognize a fraudulent ( scamming ) website ? First of all the mentioned prices. If it’s unbelievably cheap and extreme bottom prices are mentioned, in most cases it’s too good to be true. And you need to be vigilant. Second is that the contact information on the site needs to be mentioned and must be trustworthy and complete. Third is that in many countries there’s some kind of guarantee system, a controlled certificate on websites that these are reliable. This is no 100% guarantee, because sometimes criminals abuse such a certificate by simply copying that. But it helps. The fourth way to recognize unreliable websites is when these are bad translated with Google translate. When you’re native speaker, you can see that ! * For sure in my complicated Dutch language.
The police had a success, but it’s no more than “drying the floor with a mop, while the tap is still floating” ( = Dutch idiom ). The flood of fraudulent websites is enormous and continues day by day.
At Web Of Trust we have a member ( “No Scams” ) who’s chasing these scamming websites. He’s doing a great job and reported me that he alone already has about 19.000 fraudulent “.NL” – TLD,s in his database, and nearly 3000 of them from 2017 alone. And commented to me : “It’s mainly Chinese gangs that run those sites and they are not in any way related to The Netherlands ( NL ), other than having an “.NL” TLD ”.
As you can see, justice is doing it’s best. But in most cases it’s up to you to stay safe……
May 5 – 2017
It isn’t simple !
Your worst nightmare when it’s about privacy ….. Android, the operating system that has become quite common for mobile phones. That privacy issue at the same time is the reason to keep – the maker – Google out as much as you can. The data hunger of the almighty Google monster is unstoppable.
Android isn’t just an operating system ( O.S. ), but also a wonderful tool to deliver Google all kinds of information. Recently I discovered for instance that the pictures I make with my Android phone are – partly – send to Google as well. I’m a plant breeder and the pictures I make of experimental novelties are classified and privacy sensitive, so what gives Google the right to capture a copy ! I’ve removed the responsible app – that was installed by default – directly. Those pictures are mine and mine only and not meant for publication, perhaps some novelties will never be introduced and once information enters the net, it keeps hanging around there. It’s in someone else’s hands and impossible to remove.
This example shows what sneaky methods are used by Google and what they know about you. Well, that’s scary ! Google collects through all its services as much as they can. E.g. who you’re calling with, how long you’re calling, your IP address, the IP of any WiFi you connect with, what sites you visit and which pages of these sites, what you’re searching for, how much time you’re surfing and when. Google also knows with whom you communicate, because your whole list of contacts in your phone is synchronized ( = duplicated to them ). And the location of the phone is known to them and stored with the excuse that you need that for optimal use of Google maps. Yeah right, how about being followed constantly… I’ve switched off the GEO location service on my phone. I hate being shadowed !
The purpose of all this : The more Google services you use, the more it helps Google to create a complete profile about you. And the more Google knows, the more they can earn with advertising. After all, Google is an advertisement company that earns billions with specified ( custom made ) advertising, that enlarges the chance on really selling products or whatever. So…..when you reduce the use of Google services and apps, it means that Google isn’t capable ( or less capable ) to create a useful profile about you. And you are not so much bothered with advertisements and have some privacy left. Also keep in mind that some open source software ( apps ) can – in the background – be used by Google as well to collect data.
FYI : You can watch on Google what they know about you.
See : >> > google/settings/dashboard
Link : >> > google/account/privacy
I’ve checked and they only know my name and age, but not even my gender and date of birth. At least it looks that way, but can we rely on it that this information is correct, or just a cover up meant as a “smoke curtain”.
Keep the monster out !
April 19 – 2017
A warning for phishing
Formdesk is a software designing company from Wassenaar, a suburb of the city of The Hague in Holland. They create online forms, which are much used for questionnaires, to subscribe to events like conferences and meetings, to apply for membership of e.g. a club, or to deliver data for research projects and such.
One of the forms that is much used is the sub domain “fd8.formdesk.com”. I’ve seen that one pass by many times as a link in E mails send by institutes, companies and cooperation’s. I once filled in such a form in 2011 to deliver data to a research project. Shortly after that I was unpleasantly surprised by a lot of spam. It was obvious that a data leak in the form was the cause of this when I started digging in the WOT scorecard of this “fd8.” sub domain. It appears that this form is translated to several languages and I’m not the only one who was faced with spam caused by phishing. It seems that cybercriminals have created a backdoor in the online form, some kind of link that gives them the opportunity to silently read along. Wow………. , what a rich source of data, constantly delivering privacy sensitive information.
Has this ever been discovered by the software builder Formdesk ? And what can they do against a form that’s common used and stored everywhere ? And that already for years and years. Time to ring the alarm bell and to warn you for this form, that’s somehow involved in phishing.
For more information and to see the detections of the bad sub by several WOT members around the world, see >> > WOT scorecard
For the record : I don’t blame the company Formdesk, perhaps they’re even unaware of this problem. And the reputation of Formdesk is good, see >> > WOT scorecard of Formdesk itself.
But don’t use this form, protect your privacy !
February 20- 2017
Popular addon ended
And the alternative solution ………….
A good tool to keep trackers out was the popular addon “Do not track me”. But the builder Abine has ended the lifecycle of this addon and hence I’ve removed the piece of text about that successful addon in the end of the page >> > “Privacy protection” of this site.
“Blur” works different than the former addon “Do not track me”. The new software avoids that trackers follow you and also that those trackers can gather information about you. A difference with ad blockers like Ghostery and Adblock – Plus is that this addon does allow advertisements that DON’T have hidden functions to track you. One may say the “innocent” ones ……. Besides that you can use “Blur” to mask your Email when a website asks for that and “Blur”can also create strong passwords. “Blur” is capable of storing these passwords encrypted.
Note : Personally I shouldn’t store whatever in “the cloud”, certainly no passwords even if it’s encrypted. Some time ago I’ve warned for the risks of “the cloud” in another blog ( see below on this page ). One should keep passwords and other privacy sensitive information to yourself. PERIOD !
Anyway : If you’re willing to pay $ 3 a month “Blur” can also assist to make credit card payments safer. The maker Abine than stands up as some kind of middleman and “covers” your credit card identity.
To me it seems that “Blur” is an extra extended version, meant as the follow up for “Do not track me”. More info at >> > www.abine.com.
January / February – 2017
Famous addon compromized – Part 2
Web Of Trust on Firefox ? An addition to the first blog below ……..
For those of you who still want to make use of WOT ( why not btw. ? ) and browse with Firefox there’s a solution. In Firefox go to the bar in top and click on extra and than on addons, with that you open the list of the addons you have installed. Some of them maybe switched on, while others perhaps switched off ( by yourself ).
Now ! WOT hasn’t vanished there, but is by default switched off by Firefox. And hence you get a WOT page on screen that asks you to login / register again if you want to open your WOT profile. If you switch on the addon, WOT works again in FF and brings you to your profile page. But keep in mind that once Firefox carries out an update, you need to do that again.
December 27 – 2016
Famous addon compromized – Part 1
Web Of Trust in trouble ? An overview……..
In the end of October the German broadcasting station NDR ( Nord Deutsche Rundfunk ) published the results of a long running investigation after privacy breaches on the internet. In the news the focus was mainly on Web Of Trust and their leaking of privacy sensitive information to third parties. As an example they gave evidence of about 40 to 50 German members of Web Of Trust ( WOT ) who were faced with their browsing history being sold to third parties by WOT, without having the info anonymized.
The sales of large amounts of information to third parties and/or gathering information is common practice in the compu- tech world, but if that can be lead back to persons or companies it becomes painful privacy sensitive. And if you’re faced with that, it can emotionally feel as an attack on your private life. After all, we all cherish our privacy and have our secrets more or less, don’t we ?
Here three issues are playing a role :
1 – Web Of Trust ( WOT ) as an enterprise, based in Helsinki Finland.
2 – The WOT community of members, all volunteers.
3 – The fact that WOT is apparently only in Germany “under enemy fire”.
About issue 1 : Since the founders Sami and Timo have left, WOT (partly) had a difficult period. One of the CEO’s that followed them up was accused of bad leadership and incompetence (not my words b.t.w. and I won’t mention names). The company “WOT services ltd” has changed in February 2016 to “TOW software oy” and then in the end of the summer the management of the company was brought in the hands of the Finnish lawyers office Lindfors Antti Summa & Co. *Note : that “oy” is a Finnish juridical company identity, like “Gmbh.” in Germany, “B.V.” in my country, “s.a.r.l.” in France or “Inc.” in the USA. What does this mean ? Has WOT created a technical bankruptcy and a new start with a new entity to shake off creditors ? Or are they faced with claims in whatever way and is this a juridical move ? Of course no one will announce what’s going on, that’s pretty unusual in such cases.
About issue 2 – It’s very remarkable that only German members were faced by the privacy infringements. I haven’t heard a thing about this from any other country. Here in – neighbor country – Holland it wasn’t even in the news or in any newspaper. In the very beginning shortly after WOT was born in 2006, the main countries where WOT grew out with many members were the English speaking countries like the UK, USA and Australia and also Germany. When I joined WOT in the summer of 2009, it was completely unknown in Holland and my country only had a handful of Silver, Gold and Platinum members. And in those days the earlier mentioned countries played a major role. Later on WOT made Russia a focus country, then it rolled out their successful system to other parts of the world and grew out to the huge amount of community members and downloads now.
About issue 3 – Why is it that only German members were hit ? I’ve found information that – technically spoken – there’s a different type of WOT browser addon active in Germany. A spokesman proclaims that it’s an addon that in the past wasn’t even made by WOT *Note : It was a source in German and I can read that language, found this info on a German tech website. I don’t know the technical details, if this is historically grown and if it’s only limited to certain browsers, like e.g. Internet Explorer and Firefox. A lot of open questions unsolved, but it might be an explanation. The German tech website didn’t provide additional technical details.
Overlooking the present situation we can establish that the matter has a lot of open ends and unanswered questions. But when it comes to the privacy breaches of WOT, it seems to me the problems are blown up to proportions that are unjustified. When you put this in perspective to what Facebook and Twitter do in collecting data and violating privacy of their users, it’s no more than an incident. In a way, many people are happy with their smartphones, while being spied on by various apps like Twitter, Facebook and Whatsapp (also owned by Facebook). They simple don’t care. In the past Yahoo did even worse things than this. Now that the WOT is doing something similar by mistake, some members are going nuts….. To me it seems rather over-reactive. A remark : We may wonder if a company in desperate need of money has been careless. After all, when you reduce the amount of employees to reduce costs, accidents can happen caused by getting out of control. But this is just guessing, WOT still hasn’t given an explanation as to what really happened. And I expect they never will. Perhaps it really is better to remain silent. A Dutch idiom says about these cases : “When you’re being shaven you need to sit still”.
Finally : Let’s maintain a proper perspective, calm down and keep our heads cool. Will this storm blow over ? For sure it will and one day it’s blunt history and no one will talk about it anymore.
I also want to make a call to Mozilla : “Come on guys ( and girls ), don’t get more holy than the pope. This was just an isolated accident ! And only limited to some members in one country ( Germany ). Put them back on the Firefox addon list.”
Note : In Google Chrome WOT is already available again.
“A good name comes by foot and leaves by horse”, as we tend to say in Holland. It’s much easier to make damage than to repair that. Let’s all work on restoring that good name.
And forward we go………
Addition : The staff of WOT has anounced that they made security adjustments and that they’re back again on Google Chrome >> > WOT BLOG
October 23 – 2016
The Windows ninja……..
What if you have the feeling that your computer is contaminated. Or if you want to download something you prefer to have, but don’t trust it. In that case “Winja” software can be a nice tool. The help program shows an overview of what’s active on your computer or what starts automatically in the start up procedure of Windows.
If you see something in the list that you want to investigate, you can do a check up with the menu that shows up under your right mouse button. Winja is also capable of researching suspicious files with – famous – Virus Total, even before downloading them. The results of the VT scan are shown in the “scans result”. = Link to >> > Winja
This site contains several freeware programs. And with freeware it’s in many cases the same issue. When downloading you need to guard the process and be vigilant against PUP’s, that might be added in the download procedure. Make sure to only download the Winja software without ballast.
Notes : The site also provides keylogger software, you may probably better avoid. And some user detected riskware, a suspicious Skype application on the site (and reported that in Scumware.org). But for the rest multi scan tool URLVoid and Virus Total proclaim the site is safe. If you want to built in a precaution against whatever danger, download the software in a sandbox or check the software as a file in Virus Total before downloading or storing that.
September 25 – 2016
A broken promise
We could wait for this to come……..
I’ve already predicted this in the past and it’s happening now. Data of Whatsapp users are passed through to Facebook. What else did you expect to happen? In the past Facebook promised hypocritical that this was not the intention, but now they’re shacking the money tree. After all, they didn’t pay $ 19 billion just for nothing.
Whatsapp presented the change in policy as an advantage for the users. By connecting phone numbers to the Facebook systems they proclaim to be capable to add costume made advertisements to the FB users on their profile. And to be able to connect “friends” better to each other.
Are we waiting for that ? My wife has experienced the policy change in the mean time. She already had contact requests of so called “friends”, who in real are only contacts from an event she visited some time ago. Those are people she knows, but friends ? NO ! Talking about a lack of privacy…….Whatsapp proclaims that they want to offer services of other companies as well. They provide the example of Facebook information about delayed flights provided by airlines or reports of suspicious transactions by your bank. Yeah right, what a joke ! Is your bank really going to use Facebook to contact you ? Wishful thinking by Facebook, but that won’t happen.
And then something else : Some time ago all data traffic on Whatsapp has been encrypted and that makes it look like more safe. But what do you think ? I guess Facebook has the keys to the encryption and can read along without you – perhaps – realizing that.
The action group Bits of Freedom who’s guarding the privacy of internet users talks in their reaction about a U turn construction, meant to legalize a system that in fact is the world upside down. Now Whatsapp users themselves need to take action when they don’t want their data shared, instead of their privacy being respected.
It’s like hearing Facebook say that the methods of Facebook are okay. In Dutch we have an idiom for that : “The butcher who’s judging his own meat”
Facebook and Whatsapp…. Limit your conversations and messages to the daily chit – chat and never trust whatever confidential information to these services.
August 29 – 2016
Recently I was contacted by an employee of Exigent Networks, a computer company from Cork, Ireland with offices in Dublin and Birmingham ( U.K. ) as well. They designed an infograph that gives useful information to avoid the horrible ransomware. It’s becoming a plague and cybercriminals earn millions with that.
Of course I support every effort to fight and stop the scumbags. And thank Orla F. of Exigent Networks for handing over to me their excellent scheme.
Don’t let the pickpockets rob you……
Compliments to co-author Orla F.
August 4 – 2016
Not a funny subject, but still worth reading…
Death can be nearby. Some examples of bizarre things that happened to me.
1 – Years ago I departed from Newark airport (near New York) and the plane of Egypt Air that left before us on the same runway crashed in the Atlantic Ocean. The pilot proclaimed “Allah U Akhbar” through the radio ……. and many lives ended in the waves below me. Wrong plane, wrong flight, wrong moment ……. end of story. This was btw even before 9/11.
2 – I also once had a “near miss” on the road, it can happen in traffic as well. There wasn’t much space left between a huge old tree and a large truck.
3 – My brother in law died of a heart attack on the age of 47. He suddenly fell of the chair behind his computer. Far too young of course, he left behind a widow with 3 teenagers.
I know ! : Death isn’t a funny subject, but we’re all human, not immortal and finally someday it’s over. And then your family realizes – after mourning – that they can’t ask you anymore.
Actually somehow you have to be prepared, though you prefer to leave this for what it is ! When you’re – like me – travelling every now and then, this becomes an even more important issue. You don’t want to think about it, but …… Suppose a lethal accident happens, does your wife (or children) have access to passwords, login codes and such ? If not they may have a serious problem ! I’ve noticed that my sister in law (the mentioned widow) has been digging after information – like codes and passwords – for months. Now …… that’s over and over again being confronted with the loss of your partner !
So one needs to take precautions and hopefully it’s all an unneeded waste of time. But how to do that ?
My solution : I’ve made an Excel spreadsheet with all important information about various subjects, from websites – admin login to bank and credit card PIN codes. And update that file frequently, roughly 3 to 4 times a year by default and in between when I’ve changed passwords or when – for instance – receiving a new bank/credit card.
But where to store that Excel file in a safe way ? And I mean really safe !
An odd question : Did you ever see a hacker climb out of your computer, walk through your living room and pick up a list or external memory from a closet, the bottom draw or a safe locker ? Stupid question of course, this will never happen. Maybe in a comic book it’s possible or silly Sponge Bob Square Pants might be capable of doing so. But in real life, the answer is NO……. out of the question !
My idea with this is to make you thinking. And this is what you have to keep in mind : If you really want to store your PII (Personally Identifiable Information) such as passwords, login codes, credit card numbers and bank account information secure, you absolutely need to do that offline. Not even on the hard disk of your own computer, but separated from the device. Old fashioned on a piece of paper or – better – on e.g. a USB and that in the “bottom draw’’.
*Somewhere “in the cloud”, on a secured website that promises top quality SSL or TLS encryption or whatever “safe” service on the web ? No way, absolutely not, stupid idea, out of the question and even the thought about that is foolish. Don’t do that ! ! ! Nothing on the internet is safe, nowhere. There’s NO guarantee on 100% safety. Strong passwords, two step authentication or any other measure to create maximal security, it doesn’t help ! You can read about that in my blog of February 17 – 2016 called “Cloud storage” on the news page of my site. Am I seeing ghosts ? Definitely not, read my blog and you’ll be convinced.
In the screenshot you can find the design I’ve made on an Excel spreadsheet. * Remark : I’ve compressed it for this page size. Fill it in as you wish, expand it to the size you prefer, adapt it to your demands, this is just an example. Store it on an external memory, e.g. a USB or SD card and keep that separated from your PC. And btw. : Not on your NAS memory as well, that’s also part of your network and hence connected to your PC.
||Version : Month – Year|
|Website||Admin URL||Stats||User||Pass||Login||Two step||Which||Browser fav.||General|
|( URL )||Dashboard||URL||account||name||word||code||auth. code||browser||yes / no||remarks|
|Website||Admin URL||Stats||User||Pass||Login||Two step||Which||Browser fav.||General|
|( URL )||Dashboard||URL||account||name||word||code||auth. code||browser||yes / no||remarks|
|( admin )|
|( statistics )|
|A.V. Product key|
|PIN/Bank codes :|
|Pass nr. :|
|Credit card nr. :|
*And if you want the file directly in the (much better !) Excel extension, send me a message through the contact page. WordPress doesn’t give me the option to paint with background colours here, hence the example looks a bit weird.
And finally one important guideline : When you need to use the memory stick or card and put it in your computer, be sure to be off line. Never, ever plug it in when you’re online ! Suppose you don’t know, but silently a Trojan has been installed that makes a gate open (a backdoor), then a hacker can read along and all PII are harvested within seconds. Then you’re screwed, awfully screwed. Always, really always stick to these rules and you’re safe….
That’s security by using your common sense ! Be careful…….
June 29 – 2016
The value of data
Linkedin purchased by Microsoft
Recently the world’s second largest social network has been purchased for an enormous amount of money. One of the biggest acquisitions in the “tech world” ever. As I’ve mentioned before in earlier blogs, “big data” is the new phenomenon and this story provides some evidence how much money it’s worth. And it’s only about owning information…… , no goods, no services, nor whatever you can grab with your hands.
Some dazzling facts : LinkedIn has 433 million members in about 200 countries worldwide, 56% of them are man and 44 % women. *In my country (Holland) they have 4.2 million users, which is roughly a quarter of our entire population. And – in general – all these 433 million members provide even more personal (privacy sensitive) information on their profiles than they each of them should do on Facebook. The reason for that is that LinkedIn has another background than Facebook, it’s a career network and also used as a platform to find work assignments by independent entrepreneurs. So there you need to unfold your C.V. completely, otherwise people don’t pay attention to you / your profile and move to someone else. Talking about a rich source of information………..
Microsoft has taken over LinkedIn for $ 26.2 billion (approx € 23 billion) and they now own not only an already profitable company, but also the “big data” of all member – profiles. In a press announcement MS has made clear that the new daughter company will go on operating unchanged under the same leadership of director Jeff Weiner. Business as usual, so to say. Mr. Weiner gave the example of Instagram and WhatsApp being bought by Facebook as comparison. Those networks also remained unchanged so far.
One must be pretty naïve to believe that. They don’t spend so much money just to own a company. Even if it was an enormous “cash cow” , the price is far too high. MS paid nearly 50% more for the shares than the real value the day before on the stock market. The real reason is that MS already has a strong position in the business market, e.g. with the Office software and they strengthen their position in this market where money can be made. Besides that they want to integrate all data of LinkedIn members into their other services. And you can expect that they will earn money with advertising and marketing cross-overs between Windows / Office software, Outlook (Hotmail), Skype and LinkedIn. After all sooner or later the money has to be earned back again.
Some quick counting brings me to the fact that your profile (and mine) have a value of $ 196, given away by you (and me) for free / nothing / nada…… Just a thought how money can be earned nowadays. When MS puts their money on the bank, they don’t get much interest. So this is a logical step and all LinkedIn shareholders are cashing with a pretty big smile on their face ……..
FYI : Some additional information about how much money is going round in the “tech world”. The top 5 of acquisitions in the past :
1 – The largest amount ever was paid by Dell for EMC, $ 67 billion for a – to most people unknown – giant in online storage.
2 – (Up until now) : WhatsApp bought by Facebook rather recently for $ 19 billion.
3 – Compaq bought by Hewlett Packard for $ 18.6 billion.
4 – Again HP and this time $13.9 billion for EDS, a company in ICT solutions for large companies.
And finally nr. 5 : Almighty Google once bought Motorola, mostly for the patents they owned and paid $ 12.5 billion. This one made clear that not all acquisitions become successful. The drama ended when Google sold the company again for no more than $ 2.9 billion to Lenovo. That must have caused a severe headache, even if you’re a giant.
The “tech world”…… a billions industry!
June 27 – 2016
A blog elsewhere about an important subject …..
Link : >> > Technostress : How technology affects us
A guest blog on the site of Web Of Trust
Have fun reading,
May 13 – 2016
Fake WhatsApp notifications
The dark side of popularity.
The service WhatsApp has grown exponentially, out of nothing a few years ago to what it’s now. Used by millions of people around the world. Of course that growth creates chances to cyber criminals, who always follow trends, because there most people can be found. And with such a large target group, the chance of fooling some of them is the biggest. It’s a matter of just setting up a trap and see what you catch.
Hence that lately the amount of fake WhatsApp notifications has shown a tremendous growth, it’s becoming epidemic. You can be faced with these notifications on Facebook, Linkedin and perhaps on other social media as well. Most of them have – more or less – the same style. Usually they start with : “ You have an unread private message from………” mostly followed by a name that says nothing to you. And that directly is something that –hopefully– makes you suspicious and vigilant. At the same time that’s also your weapon. After all an unwritten rule in social media is : “If you don’t know at all who it is, don’t allow them in your contacts / friends / network connections or discussion group“.
I don’t have a Facebook profile, ~ sigh ~ what a relief. But I am present on Linkedin for business reasons and there I also had a few “messages” from absolute strangers. In fact it’s quite simple, do NOT respond and remove this right away.
TIP : In the Web of Trust forum a dedicated thread about fake notifications was started by Web of Trust ( WOT ) member “Matiks“. There you can find a lot of domains that redirect to another ( somehow malicious ) URL, found by several WOT members. Great job Thomas, an eye opener to read……
Link >> > WOT FORUM DISCUSSION.
He has also made a tool to analyse domains you don’t trust and where you can see to which URL you will be redirected, link >> >MyWOT analysis page.
Besides what’s happening on social media, also a lot of spam gets spread with fake WhatsApp notifications. It’s always the same in these mails : “You have an unread WhatsApp message. Please click the following link for more details”. Or instead of this last sentence “Please click the attached file for more details”. And that’s a ZIP file in most cases. BTW : Some spam mails have both, links as well as an attachment. It’s remarkable that the mail text never mentions a name where the Whatsapp message should come from. If a name of someone you know would be mentioned, the mail should look more real. But in that case cybercriminals must find out who your friends or relatives are and that’s too much work for them compared to the chance of getting someone hooked. Now they can use the same message for bulk mailing. After all criminality also needs to be efficient, you know……….
When you receive these mails, never open them and delete directly. And if by chance you did open them, absolutely don’t open the attachment and / or click on links ! Even the “Unsubscribe” link in the footer can be a dangerous trap. If you do, you will be contaminated with a virus, trojan or whatever disastrous malware.
Those mails and social media messages are absolute nonsense. Take care………
April 27 – 2016
The Panama papers
A blog elsewhere…..
I can’t stand injustice and hence the publications about the “Panama papers” some time ago made me angry. Of course these practices aren’t new in the world. But once you’re faced with tangible facts, it’s really confronting to see how unfair people and companies are.
So I couldn’t leave this for what it is and was already writing a blog about this, because I found a source that revealed what has happened in Panama and has lead to the leak. Then a deal was made with Web Of Trust to publish on their site. They’ve taken the initiave to have members blogging as guest posters on their site and I was offered a chance to do so.
There was only a small problem, Web Of Trust had already published a blog with the title “Panama papers“. So the tiltle has been changed to a common used English idiom.
Interesting to read where carelessness can lead to >> > “DEATH AND TAXES”
Added may 10-2016 : The international aid organisation Oxfam has started a campaign against the tax evasions. It hits so many countries, including the poor ones. And it’s a shame that those in poor don’t have the money for proper health care or to send children to school, so they say. Now, that’s what I call a great initiative…..
April 8 – 2016
WOT for Android
A promising novelty !
There’s a tremendous growth worldwide in the use of mobile devices. And people are visiting the internet more with their smartphone than on a desktop ( or lap top ) these days. This change in web behaviour will go on and demands a new approach in internet safety.
At Web Of Trust they realise that times are changing and hence they’re developing an App for smartphones with the Android OS. This is carried out in cooperation with Google, the maker of the Android OS.
On the right the opening page of the promising novelty.
The App is now in the testing period and will soon be launched. The idea of making available the huge data base of – more than a billion – rated websites in Web Of Trust ( WOT ) to users of Android devices is attractive and will give a boost to internetsafety. As a follow up WOT will add extra functions to the next versions to come.
At the WOT website you can read more about it >> > BLOG
More news coming soon…….
Addition April 27 : Web Of Trust has officially announced the release of the new app for Android >> > MESSAGE
March 31 – 2016
But exciting to see !
Norton ( by Symantec ) has published a documentary about cybercriminality, called “The most dangerous town on the internet“. Nice to watch where they reside, how they operate and where they hide ! Part one is about Romania and part two was filmed with a chopper above the North sea, in Holland, in Sweden and more.
Link >> > Episode 1 ( about 20 minutes ).
Link >> > Episode 2 ( about 24 minutes ).
It’s possible to have the comment in several languages, so perhaps you have to make a language choice in the upper right corner.
Have fun watching,
March 15 – 2016
And your privacy – What privacy ? ? ? ?
We all know that Windows 10 has a questionable reputation when it’s about your privacy. When installing the OS – or upgrading from older Windows versions – only one time you have the chance to shut as many doors as possible. But don’t count on it that your privacy will be fully respected after this ! That was only meant to give you the idea that you’ve done everything.
Microsoft was so generous to give users of older Windows versions a free upgrade. But they have to earn money somewhere, don’t they ? “Big data” is the new phenomenon these days and said to be the “earning model” for the future. Hence there’s only one thing you can be sure of, you will be followed and watched. Microsoft is not that cute as this one….
The German company “O & O software” – well known for their Windows tools such as Defrag – has developed a great tool that gives you better insight and control on Windows 10. And that goes further than the few adjustments you’ve made. It’s e.g. about the hidden functions in Windows 10 which doesn’t make a privacy sensitive user happy.
You don’t have to install anything, it’s an online download service. As soon as you start “Shut up 10 – free anti spy tool ” on the O & O website ( >> > link to the tool / page ) and have unpacked the software, all functions will be displayed which are involved in your privacy. And that’s much, real much ! Oh, and eh, don’t worry that the packed version is a “zip” file. This one is safe ! I’ve thoroughly checked it and used the software ( see further below ). My – extended – security didn’t warn or scream alarm…..
The functions are split up in the categories Security, Privacy, Location services, User behavior and W.10 updates. At each function a symbol is displayed that makes clear to you if it’s smart to switch that off. In case you’re in doubt you can click each item to get a more extended explanation. You will have the opportunity to create a “system restore point”. And the tool also has an option to return to the original Microsoft factory settings, just click the “Undo” button. The switch set to green means blocked ( privacy safe ), in the factory settings nearly all functions have the switch in red and that means that “big brother MS is watching you”.
I’ve implemented new settings with this tool, most of them in green modus, after getting scared about everything that’s gathered by Microsoft behind the screens.
Put an angry dog with big teeth behind the door to your privacy !
Febr. 17 – 2016
The frightening truth ……..
In a few years time storing your files in the cloud has taken off like a rocket launch. Everything, really everything is entrusted to the “holy” cloud. Large companies and multinationals use the cloud on a scale you don’t even imagine. And to be honest that’s handy when a company has people at work on many locations in several countries.
But you could wait for the moment that less honest people find or create tools to exploit the enormous gold mine. After all, classified information is strategically important and worth a lot of money. Hence drilling in such a rich source is very attractive for cyber criminals. And it’s getting worse by the day…… **BTW : In my blog of April 2014 called “A herd of elephants” ( down below on this page ) I’ve already paid some attention to “the cloud”.
Here’s the evidence of the insecurity of the cloud. With the software on the site of “CloudCracker” ( >> > link to the website ) that was designed to check on safety leaks, the opposite is happening now. This program is capable of breaking passwords, login codes and encrypted keys. Millions of safety measures used nowadays have become useless ! It’s a matter of paying $ 20 to 30 for the service and then it’s “Open sesame”. Cloud Cracker is capable of finding the passwords and codes in WPA/WPA2, NTML, SHA-512, MD5 and/or MS-CHAPv2 networks.
This is how it works : You need a sample of the network traffic and because that’s wireless it’s easy for cybercriminals to pick that up. E.g.“Wire shark” ( >> > link to the website ) is abused for that . That software is designed and meant as a network protocol analyzer. It lets you see what’s happening on your network at a microscopic level. But again it’s used in the opposite way by cyber criminals ! When this is done, they need to filter from the analysis what they want to have cracked and upload that to the CloudCracker site. After the payment a large amount of computing power is used, e.g. password generators and such, until your passwords and keys are found and your files “broken open”. It’s that easy !
Who are the victims ?
– Millions of Wifi access points, both of private home users as well as public versions.
– All passwords on peer-to-peer based Windows networks, including most NAS equipments connected.
– Older types of VPN connections
– Remote access points ( Network Access Servers ).
This is the world we live in nowadays ! Do you still want to make use of the “fantastic” cloud ? I doubt it …… As you can see, there’s no such thing as privacy in the digital world. My advice : If you want to keep information to yourself, put it on some memory ( USB stick, SD card and such ) and store that in the bottom draw, separated from your computer. And ! When you put that memory in your computer, be sure to be off line. Suppose you don’t realize that, but your device has a “backdoor” open ( an internet gate constantly opened ). Than what ? In that case a hacker can read along with you what’s stored on that memory when you’re in the mean time also online, without you realising that.
This story makes one thing very clear. Storing all your passwords, login codes and other PII on a website behind one main password code seems handy, but it’s out of the question ! This is also cloud storage ….. No matter how complicated you make that main password, the gold mine can be broken open. Even a complete sentence isn’t safe. A service on the internet ? ! ? ! You never know where the info is hanging around.
Nothing’s safe on the web !
BTW : The two links in this story lead to safe and legitimate sites. It’s not my intention to show hackers the way, without me they also know that. And I can’t be responsible for someone elses criminal behaviour. I don’t have influence on that and this story is only meant to warn.
Jan. 22 – 2016
A promising novelty that contributes to safe surfing……….
Nearly 150 million people are already member of Web Of Trust. And that makes it the largest internet safety community in the world and a top ten addon for many browsers. But still we (WOT members) need to convince the rest of the worlds computer users to join us. That’s gonna take a lot of time, but there’s another approach possible now for users of the popular CMS WordPress. An improvement that offers additional internet safety to non members.
A French computer specialist and software programmer has built a new WordPress plugin which offers visitors of a website an insight on the reputation of linked websites, e.g. in comments but also in pre placed links. This novelty shows the coloured WOT doughnut icon directly next to the link mentioned and automatically disables malicious links in comments. So before taking the step to click the link, you’re as a visitor already informed what to expect when it’s about safety. And you’re protected !
*Remark : Since it’s a plugin the software can only be used in the extended WordPress[dot]ORG version. After all, sites (and blog pages) built in WordPress[dot]COM don’t have the possibility to adapt plugins. Hence that e.g. on this website you won’t find this great addition. But you can be sure that each link on this website is thoroughly checked on safety by me. An American idiom says: “Even when you’re in doubt , throw it out”. And that’s exactly what I do if I find something to be suspicious.
Okay….back to the new WP plugin. It was built by WOT member “Matiks” >> > link to his WOT profile/board and stored here : >> > link to Matiks website He had some help from another WOT member who gave him two subdomains to test and store the concept versions. After killing some bugs and adding some extra functions like new layout for the threshold of ratings (by moving the central hand or by entering a value) and speed optimization to display results, the WP plugin is now ready to use for everyone. And to be honest : Isn’t it nice that YOU as a site owner / webmaster can offer additional safety to your visitors ? It improves your website reputation as being reliable !
The default value settings in a screenshot ( see further ).
Citing Matiks : “I have worked on a WordPress plugin using the WOT API. The purpose is to suggest a simple tool to WordPress site owners so they can protect their visitors from malicious links in e.g. comments. In fact, it works like links in the WOT forum but owners can decide what the threshold should be to block links and/or also to block links with unknown ratings yes or no. The default values are : Minimum level of trust: 60/100 – Minimum child safety: 60/100. But – as said – it can be adjusted.
This may look somewhat complicated, but it isn’t. Some technical details by Matiks to explain the scheme : When the page is loaded with comments, every link gets a new attribute (a kind of flag) and if owners make the choice to block them before knowing ratings, they are disabled here (1). When page is loaded and displayed (2), an automatic ajax query is done(3) for a background process so it doesn’t slow down the loading of the page.
During this background process (4), every domains in URLs are analyzed with the WOT API (or obtained from cache) / and cached in database (to avoid useless queries).
When this work is done, links are blocked if they are unsafe (5). The option “block URLs before knowing ratings” allows to block all links if there is a failure during step 4. And this is the opposite at the step 5, safe links are unblocked.
All these steps are in fact really fast. A click on a circle ( = WOT doughnut icon ) opens the scorecard. For security, each php script can’t be called directly (via a url) and also queries are protected by nonce’s (https://codex.wordpress.org/WordPress_Nonces )
Sites built with the WordPress CMS could benefit of the help by the WOT community to block unsafe links in the site. This is quite simple (only a settings page) and actions are made automatically, each time a page is consulted.
The page with easy to adjust values ( with second hands )
The default settings, exposed with second hands.
I think the most interesting tool of this plugin would be the scan. I want to suggest a tool to scan links in post/pages/comments which will display a summary of the analysis and actions to be taken under this analysis (delete a comment/remove a link)…
Also, it could be interesting to schedule analyses and to receive reports by emails.
You can scan your site like you do with an antivirus. The plugin will retrieve every URLs in articles, pages and comments. Each of them will be analyzed with WOT API. Results will be filtered by their reputation. For links in comments which have a poor reputation, a simple click on a button allows to disable them. End of citing.
The analysis reports of the scanning
Finally : The new plugin – called “Tap&Trust” – is launched now and listed at WordPress.
See >> > WordPress – WOT Plugin/Tap&Trust ( link ).
Thanks for the great work Thomas. It took you two months, a hell of a job. And the result is something to be very proud of !
Contributing co-author : Thomas – Web Of Trust member “Matiks”
Jan. 09 – 2016
And their devastating role …….
Recently a group of script kiddies are caught by the Dutch police – cyber squad. One of them overplayed his hand in his hunger for attention and admiration and sought publicity by contacting a newspaper journalist. The guy was already known to the police and on the “wanted” list. And before he ever had the chance to give an interview the police grabbed him by the neck and offered him a room in a “state hotel”. The guy was no more than 17 years old and after his arrest a whole network of cooperating “hackers” was pulled out of their beds in a coordinated police action across the country and some also in neighbor countries. And again most of them were still teenagers.
But are they “hackers” ? No not really in fact. More than 80% of the hacking activities on the net are committed by these script kiddies. What’s the difference between these ? Well, hackers are the real pro’s who program damaging software ( =malware ) themselves. Script kiddies pick up “ready to plug in” software from the internet to build virusses, trojans and other malware and then adapt that.
This group had internal contacts to share their expertise and to tell each other proudly what they had “achieved”. What they did is trending now and called “DDossing” websites and web shops. The sport is to carry out a DDos attack on a site with a self created botnet and the bigger or most well known the site is, the more famous you become within the group. They send each other messages like : “Hey, I’ve “DONE” the webshop of Blokker ( a chain of Dutch household shops ). This was a tough one……. , but I managed to create a “melt down” for a few hours….”
What a fun ! ! Suppose you’re a company and have spend a lot of money on creating a web shop, because online shopping has become common. A real good web shop, with perfect working “after sales” ( like tracking and tracing the placed orders and a client account overview ) is required these days or otherwise your competitors overrule you. And then when you’ve paid the huge invoices of the web designers, these morons appear after some time to ruin all your work and the reputation of your web shop. The server goes down caused by too much traffic (=visitors). And that only for the fun and the sensation !
*As a site owner the first thing you think of is how to smash their computers and break their neck……. But where to find them ?
My question is if these script kiddies have a common sense and realize how much damage they cause. Where’s your ethical compass when you do this ? And what about the role of the parents ? Do they know what their kids are doing and do they realize what the consequences are ? In court a judge should give these nut heads a course in proper behavior, besides a heavy punishment and pay back of the damage made. And when they’re minor age those parents are responsible for paying back the damage.
~ Sigh ~ We already depend too much on the internet nowadays. When does the moment come where the same internet is so much “polluted” and attacked that it will crash – or worse – turn against us and ruin our whole society. Just a thought, but a scary one……
The only thing we can do against these invisible cyber criminals is keeping our security up to date, so the device can’t be added to botnets by opening a “backdoor” ( permanently open gate ). Keep them out ! After all : No botnets = No DDos attacks.
Dec. 23 – 2015
The fight goes on !
We all use more and more equipment to be online. Lap tops, notebooks, iPads and – most of all – our smart phones connect us to the internet . The service Whatsapp has also rapidly grown out to popular and we buy on web shops frequently these days. But all these expanding activities make us also more vulnerable.
Telemarketing is becoming more and more clever, using modern sophisticated diagnostic tools. And to be honest, if you’re not keen on that and switch off a lot of functions in the installation procedure, Windows 10 also contributes much to the infringement of your private life.
“Big data” is the new magic word for telemarketers nowadays ! And they lurk around constantly.
I’ve read a comment which says that this program might have influence on some cloud services like One Drive. But the program has an UNDO button that resets all changes you’ve carried out. So don’t hesitate to try this out.
Here’s the link : >> Spybot Anti-Beacon
It’s your life, don’t let “them” invade that !
Dec. 8 – 2015
An unexpected USB from Asia
Out of the blue…. and what to do ?
A story that raises questions : A guy in my family bought some sports clothing at the Chinese web shop Alibaba[dot]com. Ordering directly in China ?!?! That sounds rather tricky. But if you have the choice between € 280 local price ( = over $ 300 ) and $ 35 on Alibaba, it’s worth a try. So he did !
Alibaba has a perfect “tracking & tracing” system and he could follow his order by that. Hence he knew that the goods were packed and posted. But surprisingly after about two weeks a USB arrived, posted from Singapore with his address on it. Then you get curious, did I use the wrong article number ? Why does this come from Singapore and not from China ? Is the USB additional and price included ? Or a modern notification about the delivery ? The USB was packed in manufacturers plastic and seemed new, not opened and used yet.
I warned him not to put the thing in his computer. But his answer was “Oh boy, that’s him again. You’re seeing ghosts everywhere”. Anyway, I would ignore my curiosity and never ever use such a thing. The best place for that is unopened between the trash !
And ( yes !! ) two weeks later the actual delivery from China arrived.
**I’m wondering if Alibaba has a safety leak to cloaked “third parties”.
Then a few weeks later I bought a computer magazine and in that a warning was placed never to put a USB in your PC, that is owned by someone else. Bad scripts and malware can find a way to your computer through that, even if you might know the owner. IMO a good rule to obey, someone else can proclaim that his/her USB is clean. But how much does he/she know about computer safety ? I should never rely on that.
If you absolutely want to make use of an “external” USB, two measures are needed : 1 – Check the contents with the famous tool Virus Total and 2 – Scan the device with “USBFix”, which you can download at www[dot]fosshub[dot]com. *Note : That site is safe, but I didn’t make a link of this, because in my opinion it’s a bad idea to go this far. But if you insist, based on the idea that it’s most likely trusted……… Okay, here’s the rest.
After downloading and installing USBFix, click the button “Research”. Wait for the results and with the button “Clean” you can tackle the found rubbish. BTW : When installing the free version be vigilant for PUP’s that the makers want to add. You don’t need those, nor the added advertisements. Though the idea behind USBFix seems handy, it’s better not to trust on this and on Virus Total. Remember that it’s possible that the USB directly invades your PC with malware or – even worse – ransomware after putting it in !! And then you’re already “fucked” and too late to start a scan or whatever. It’s a much better idea to have real time protection from ( at least ) a strong firewall and a good AV. Prevention is the best protection !
Think it over before you try this ! – I’ve warned you.
Dec. 3 – 2015
iOS invulnerable ?
Breaking a myth………
Don’t think that using iOS ( also called OSx ) is a guarantee for being safe. It’s a myth many people still believe in ! In the beginning when the OS ( operating system ) was new, it was – more or less – applicable. But times change and cyber criminals have also made it a target since it’s more and more popular these days.
I’ve reported in an earlier blog of May 7 – 2014 called “Malware in Apple iOS“ on this page about an iPad that was irrepairibly hacked. And now Symantec, the maker of Norton AV software, has recently published evidence that iOS is also vulnerable for ransomware. And again the idiom : “There’s no such thing as 100% guarantee on safety” is – unfortunately – proven a realistic fact.
There’s no need for me to write large pieces of text about this. The Symantec blog I recently found tells the story itself. Just click the link : >> > Symantec blog
Nov. 4 – 2015
The new plague…….
The last few months spam is running terribly out of hand. Some Web Of Trust colleagues and other friends or relatives are complaining about that problem and report that their mailbox is getting “carpet bombed” daily. Hence this story that’s split up in two chapters, but both about the same subject : Staying “under the radar” – out of sight from the spammers. Special thanks to the directors of Seashore Media, the web designers who have built my company websites. The first part called “Under the radar 1” was made by them in Dutch and was translated by me and used – with their permission – for this story.
Under the radar – part 1
Internet, it isn’t fun at all anymore. From all sides dubious characters and criminal gangs try to capture your login details or entice you to click on malicious attachments. Mails that try to harvest your login details, passwords and personal codes are called “phishing”. Other mails with embedded links are meant to contaminate your computer, or e.g. to open a “backdoor” that gives hackers an entrance to your PC.
To start with the bad news:
They are getting sneakier, meaner and more professional. For example an E-mail that supposedly was sent by the Railways, with an offer for free train tickets on some action days. Do not forget of course to login and leave ( privacy sensitive ! ) information somewhere for the administrative data. Seems harmless …..
Trojans and ransomware :
There are also E-mails which want to seduce you to click on an attachment or a link to a website. That carries the risk of being faced with a so-called “Trojan”, that installs itself on your computer and starts doing a lot of dubious things, such as spamming or searching in your files for log-in data and other confidential information. Nowadays, there is an even more virulent variant emerging: ransomware. This is “Cryptolocker” software distributed through attachments or a link to a site, and then that virus encrypts specific files or even your entire computer. The criminals that have taken your computer hostage promise in a message that it can be undone with paying a so called “fee”. Believe me, even if you pay, it will never happen. The chance that they come back for an additional second “fee” is bigger !
Healthy skepticism needs a place here . Why does a company make you an offer, while you’ve never passed them your E-mail address? Notice this : Banks, credit card companies, PayPal etc., never ask you through E-mail to login or to deliver codes, passwords and such.
Check where a link will take you to :
2 – Never click on links in such E-mails. If you move the mouse over the link without clicking, you can see in the bottom of your mail program where this link really redirects you to.
For example, a link appears to be from your bank, but – for example – your mail program reveals that you end up in the site “……bank.geocities.com”. WTF, it looked so real !
Doubts ? :
Simply go to the company website itself by typing the URL in your browser, so without clicking on the given links. If you’re there and you can’t find a thing about the topic in the mail, you know enough : Stay away from this ! And of course you can always call that company to ask if they really have sent that e-mail.
New tactics :
Trick 1 : Website owners often receive an E-mail asking them to now extend their domain. The Dutch company “NL Domain Host” is notorious for this, but there are more dubious entities who count on the ignorance of administration employees. Foreign companies often use semi-serious sounding names such as “Domain Service Central”. Do not respond! That extension will cost a fortune and you’re often for years fixed to an expensive payment.
Trick 2 : This is rather new, haven’t heard that one very often yet. By phone or E-mail some “consultancy bureau” or vague “agency” approaches you with an apparently thoughtful question, a customer of the company has asked to register a particular domain name and wants to use that name e.g. as a registered trademark. However, so they say, because that name is very similar to the Internet domain ( URL ) you already use, they ought to give you the first right to purchase that name. Of course, as you can guess, against a huge amount of money. All this is complete nonsense, never respond to such fraud ! Don’t get ambushed.
The scumbags lurk everywhere, but with healthy distrust you – hopefully – don’t get caught.
Under the radar – part 2
Using a “throw away” mailbox.
Sometimes you bump on a site that seems interesting and/or handy. And in many cases you can only join that site and participate in the secured “members only” pages (or forum) when you have a password / login. For that the first time you usually need to register to the site and then they ask you to give an E-mail address. If you have a mail address especially for junk mail, newsletters send in bulk and other trash, you can use that one. Best is to have an internet mail address on Hotmail, Gmail, Yahoo ( and such ) for that, because with that it’s safer to login on public networks. But most of us don’t like mastering several mailboxes, because keeping overview isn’t easy that way. More about this on the page “Privacy protection” of this site in “Step 17” >> > IMPORTANT TIP (linked).
If you only have one mail address that’s usually your ISP’s ( Internet Service Provider ) E-mail account, where your “personal” E-mails arrive from trusted sources, business partners, family and friends. You surely want to keep that one uncontaminated from all kinds of rubbish, useless newsletters or – even worse – spam. Like a bird who’s sitting on the valuable eggs. Every time you use this “personal” mail address to register somewhere, there’s the risk of that address leaking away and mail address harvesters are fond of adding it to their list. After all, mail addresses are trading stuff, worth a lot of money. And from that moment on you’re a “victim” of spammers.
Remark : Personally I own 4 mailboxes and that saved me a lot of trouble through the years. Hacking attempts, address book stolen, phishing spam and much more happened to me. And I could shake them off. But nevertheless someday they catch you….. And after many, many years my “personal” ISP office mail still fell in the hands of spammers though, in spite of all my measures. * Just a thought : Someone else can be less careful in guarding the address book and then you’re also hooked. The only way to keep your mail address 100% secret is by not using it, but that’s a silly idea.
And now I’m daily faced with all kinds of spam, though I have two spam filters. One is by the hosting provider ( ISP ) and one as an addition to my AV. And still some spammers manage to avoid the filters and enter my inbox ! It differs from romance scams to offers to buy land, shares, domains, leather chairs and whatever. So some day you lose the fight, pretty annoying ! ! And the only thing left to do then is taking a new mail address, but that results in a lot of work by informing all your relations. It also carries the risk of missing important mails that still arrive in the abandoned one. And probably after some time the whole story starts again, it’s a real cat and mouse game…….
What to do when you want to protect your privacy ?
If you want to register on a site, e.g. to become member, there’s a solution by using a temporary E-mail address that automatically vanishes after a short while. Depending on what service you use it’s from 10 minutes to an hour or even 24 hours. That’s more than enough to receive the password, login code and / or verification number. You can store that and the mail address disappears again.
Link >> > temporarymailaddress.com
This is a “https” URL and hence the site is secured with SSL or so !
Link >> > mailinator.com
I’m giving two options because some sites refuse to accept addresses that come from services like these. So you have to try out which one does work.
One last remark : Don’t make use of a service called “Guerrillamail~dot~com” ( with double “r” ). According the WHOIS that one is registered in Panama, where a lot of “internet pollution” resides. And then there’s the site “Guerillamail~dot~com” ( with one “r” ), which has a red rating at Web Of Trust, a safety warning for hidden links redirecting to scam sites. Rather confusing and with one typo you can be hooked up with malware. So better be safe than sorry.
Try to stay out of their hands !
Co authors of chapter 1 : The directors of Seashore Media
Oct. 17 – 2015
There’s freeware and freeware – The differences :
Not all freeware is really “free” to use. Sometimes you’re faced with “adders under the grass”, which confront you with an unpleasant surprise. Freeware can be found in all kinds of types and here’s some explanation that defines the differences.
1 – Bloatware : ( A.k.a fatware and crapware ) – Usually extra software that has been pre installed on a new computer by the producer. It can e.g. be trial versions of games, or software meant to simplify logging in somewhere, starting up unwanted graphics or so. In many cases those software contains functionalities for advertising, like pop ups. Or it’s done to encourage you to buy the extended – paid – version of software, think of games. Sometimes it’s bad programmed software, that can have safety leaks and hence makes your computer vulnerable for hacks. For sure it occupies much memory space on the hard disc, which is slowing down the start up of your machine. After purchasing a new machine, the best you can do is opening the software list and delete all rubbish you don’t want and need. But only the programs of which you’re absolutely sure, don’t take risks ! When you’re in doubt, don’t throw it out ……. And check the manual or additional info about that software on the net.
Sometimes it’s hard to remove certain “crapware” and in these cases you can make use of the help of PC Decrapifier on >> > decrapifier.com (linked). After starting up the tool, click on the “Analyse” button. After the scan, the results are presented in 3 tabs called “Recommended” , “Questionable” and “Everything else“. Just leave a checkmark next to all you want to have thrown out. Then click “Remove selected“, et voila ! *But again, be careful what you’re doing.
2 – Real freeware – strictly seen – is software that’s mostly made by idealists who want to make computer use easier ( and/or to get famous by that ) and can be downloaded and used without restrictions. You don’t have access to the source code and in most cases there’s no such thing as additional support of course.
3 – Less pure forms of freeware are donationware, beerware and cardware. All these are for free, but the maker expects you to do a donation when you like the program and use it often. An example is “X notifier” ( former “Webmail notifier” ), a very handy tool to manage your mail if you – like me – own several mail boxes. It guards your incoming traffic and shows that in a small icon ( = an envelope ) on your screen.
4 – Freemium software is a variation on donationware. The basic version is for free and functional, but for the more advanced version with more possibilities you need to pay e.g. a yearly fee. Examples are MBAM ( Malware Bytes Anti Malware ) and Reason Core Security. The standard protection already works good, but for realtime protection and more functions you need a paid “Premium” version. *Note : At MBAM the paid version costs about € 22 per year ( approx $ 25 ) which isn’t pricy for such magnificent software that you can use as extra protection besides an AV.
Note : If you want to download MBAM, don’t make use of sites that have build in additional software, like e.g. CNET. Find the pure and clean version on the original site of Malware Bytes itself : >> > Download link MBAM
5 – Open source software is again someway different. It isn’t always for free, but e.g. the great – privacy safe – browser Firefox ( by Mozilla ) is. It’s common that this version belongs to communities where all members can make use of the ( semi – ) open source code to do modifications.
6 – Shareware can be downloaded for free, but after trying it you need to pay directly if you want to continue using the software. Sometimes such programs get reduced to a few basic functions when you don’t pay. That’s called “crippleware” and the developers get more and more persistent over time in persuading you to buy the software. Some can become nasty, especially if they have build in hidden software that identifies your IP and machine. The advertising pop ups can become pretty annoying, even after you have decided to delete the software. This also has a name : “nagware”.
7 – Malware : The fear of each computer user ! Except for the morons who want you to download that. Beware, malware can also be a hidden script in freeware, without the original developer even knowing that.
And that brings me to the bouncer of this story. The final – but very important – remark : Always check new software with VT ( Virus Total ) after downloading and BEFORE installing to be sure you allow clean coding only to settle inside your computer. The use of a sandbox as an extra safety precaution is advisable, though these days “sandboxing” is in many cases already default in a lot of modern operating systems. So check your OS.
Take care what you download and remember that all software – good or bad – uses memory space and that slows down the start up of your machine. Except when you’re capable of excluding those software from the start up procedure, but that’s another story.
Oct. 13 – 2015
On the 24th of August I’ve written about PUP’s and the use of the program “Unchecky”.
Recently the software has become part of a security program called “Reason Core Security” made by the company Reason Security. They call the new product “bundle protection”. Reason Core Security is an anti malware program that you can compare with MBAM (Malware Bytes Anti Malware), but – to be honest – I don’t know if it’s as effective as MBAM.
Anyway : The free version of Reason Core Security is called “Standard protection” and the paid version is called “Complete protection”. And the system works the same as with MBAM, the free version is already sufficient to remove spyware, malware and other rubbish, but misses continued realtime protection. The option “bundle protection” is present in the free version, which makes the program worth trying out.
See the website of Reason Security : >> > reasoncoresecurity.com ( link )
At the moment it’s unknown if Unchecky will also remain as a seperate program and if so, updates will appear in the future. And if the Unchecky website remains “in the air” is also unkown now. Unchecky works perfect, so if you want the addon seperate, you better be quick. Download before your chance is over !
Sept. 7 – 2015
Active crime servers
An overview worldwide.
Blueliv, a cyber security company based in San Fransisco, Cal. – USA has a page on their site that shows a worldmap with an actual overview of active crime servers. Amazing to see that !
Some people think that cyber crime comes from certain countries ( which I won’t mention btw. ). But this map gives a view on reality, which appears to be different from what you expect.
An eye opener !
August 24 – 2015
PUP – “Potentially Unwanted Programs”
And what to do against that.
Like the name already says, unwanted they are. You didn’t install them on your computer, but in some way they invaded your machine though. Sometimes you don’t even know how it entered.
* My wife had a PUP called “Sweet IM” that was detected several times by MBAM and removed again. But apparently not detected by her AV ! Where that came from and what it exactly did is still a mystery.
More info about this and a Removal Guide on Malwaretips : >> > malwaretips.com
Anyway : PUP‘s have several methods to silently sneak in. It can be a hidden script added to a software download without you knowing that ( or added in the background to pictures or a video download ). Spam with apparently a suspicious attachment is also known as a source. In the cases mentioned it’s usually malware with the intention to infect your computer with a virus, trojan horse or so. Or an attempt to open a gate and add your computer to a botnet.
But legitimate companies also add PUP’s on purpose to a – b.t.w. harmless – program update with the intention to install software of e.g. a new toolbar or another home page. If you don’t guard the installing procedure properly and forget to remove some checkmarks ……… Bingo, you’re stuck with ballast.
*I’ve already written about this in my blog of May 1 – 2014 called “Stinking methods” ( see below on this page ).
In all cases it’s unwanted and invasive rubbish you want to keep out. But how to do that ?
Recently I’ve found a good tool to oppose these PUP’s. An addon called “Unchecky” is very allergic to checkmarks that cause unnecessary software rubbish on your machine. The addon automatically removes those checkmarks as much as possible. It doesn’t mean that you don’t have to be cautious, but it’s a good assistant to reduce the risks.
More info on the Unchecky site : >> > unchecky.com
Like I’ve said elsewhere on the site, there is no 100% guarantee on safety. *Same goes for the real world b.t.w.
But you can do a lot to protect yourself ……..
August 2 – 2015
Computer stolen ?
The service “Prey” is a handy tool to find a stolen lap top back. For that install Prey on your computer, go to the site >> > preyproject.com. As soon as your computer is stolen or you’ve lost it in another way, you report this on the Prey website.
After that Prey will start your computer through remote access and give the device orders to send reports, enter the www e.g. to send mails and even the webcam is activated, so you can have a look who’s – possibly – sitting behind it and in what surrounding. The screenshot of that might perhaps be useful to the police…….. The lap top can also be located with the help of GPS and / or the IP of the thief or healer. Just a hunch : Make a picture with your cell phone of the sticker with the type and serial number on the bottom of your computer and store that elsewhere, e.g. on an external NAS or USB, where you usually keep your back ups. That picture is also very handy for the police……….
Note : There’s a paid version of Prey with even more possibilities, but the free version is already worth installing it. Any way : You’re chances on finding the thing back with these precautions are much bigger. And you can take action against the morons who did that, which helps solving your feeling of frustration.
Weapon yourself……… Succes !
July 21 – 2015
What Facebook knows about you
Well, to be honest ………. much !
Almost all Facebook users know the feeling of getting tired and bored to watch how exciting the lifes of your friends ( and the friends of your friends ) are. They have no worries, everything they do is amazing fun and their life is astonishing great, as if they always live a dream. Yeah right, what a nonsense ….. That isn’t what real life is about ! Sometimes life sucks and you have a bad day or a period of sadness. That happens to all of us, because “that’s life” ( as we tend to say ), but no one ever puts that on Facebook.
At some moment it starts to get annoying and then your concerns about your privacy can be “the drip that causes the bucket to overflow” ( Dutch idiom of “more than enough” and “reaching the finish line” ). Do you consider leaving Facebook or are you curious what the data swallowing service knows ? In this story some explanation how to download nearly everything about yourself and – probably – how to leave FB permanently.
But before you leave it’s necessary to take some action :
1 : Save in an archive what is of value to you, shared pictures, precious messages and such. For that open your FB account, click the downwards arrow and select “Settings” / “General”. Then click “Download a copy” and follow the instructions. The archive is accompanied by an “index.htm” file and you can open that in your browser. Now you see the messages, photos and videos you’ve ever made and the apps that have sent information to FB.
Of course you can also see your list of friends and which friends are gone in the mean time. Be sure to take a look by clicking “Adv” and try not to get scared.
Here you’re faced with your profile, the way FB has placed you in all kind of categories and keywords, for their clients ( advertisers ). Because that’s what it’s all about, making money. Much money !
Is seeing all this the earlier called “drip” and you decide to abandon the service ? Then you need to carry out action 2 : Check where you use FB to login and untie them before leaving. Think of disconnecting streaming services like Netflix, HBO and Spotify, message services or – possibly – apps on your smart phone. Don’t forget the ones you hardly use, one day you’ll need them, e.g. an app you only use on holiday or so. In most cases you can change to logging with your Email address and a password. *Must better for your privacy btw.
Only after this you can delete your Facebook account. But even then they don’t leave you alone. You have a “cool down period” of a month where all your information is secured and you can come back without losing everything on your account. And if you’re “stubborn” by not coming back, Facebook still saves your data ( for their own use ) another year. So if you want to be sure not to leave much traces you need to “shake out” your account as much as possible before deleting that.
Some people who criticize Facebook say that the information swallowing monster even tries to form a profile of people who don’t have an account, by using information that their family or friends leave in messages on Facebook and Whatsapp. It might be true, but it’s no more than a rumor.
You never know….. I wouldn’t be surprised.
July 15 – 2015
And the risks of that, when using public networks.
A “honey pot” is in fact a hidden trap in computer terminology. Honey pots are often used in the software of safety systems, e.g. to mislead spammers and let their rubbish arrive in a “digital dead end street”. In this case honey pots are part of a spam filter. Honey pots are also effective tools to block malware from invading large computer networks and the software in mainframes.
But there’s more and for that you can read the technical details on Wikipedia. >> >Link
Cybercriminals also make use of honey pots to gather information and for attempts to get entry to your computer. And that is what this story is about.
It’s common known that public networks are the most sensitive when it’s about phishing. When searching an external network in Windows 7 you have the choice on screen between your Home network, a Company network and Public networks. I expect the first two ( your home and your work in the office ) to be secured behind a password and login. With public networks it’s another story, they’re “open” and hence an Eldorado for cybercriminals. Think of logging in at a restaurant, a railway station, an airport or in a hotel. On such places you start with scanning the surrounding to find a network and that is by definition not secured. Of course you always have a firewall and an AV active, but that says nothing!
BTW 1 : Selecting a “Public network” ( in W 7 ) means that by default Windows automatically switches off every function that has to do with sharing files. *And don’t do it yourself too ! In Windows 8 / 8.1 the network choice is more limited. Once you joined a network Windows asks you if you want to share data. For safety reasons always select “no” if you’re on someone else’s network.
BTW 2 : Don’t think that a network behind a password is by definition a safe network. No way, that’s a fairy tale ! If the network isn’t build and secured properly it’s just as dangerous as an “open” network. The password only means that people have access yes or no and nothing more than that !
*It happened to me once in Eastern Europe that – besides other networks around it – the hotel where I was showed me 3 networks. Now, which one is the proper one of which the hotel gave me the password ? I’ve asked them and they were rather surprised. Perhaps someone with bad intentions had set up an alternative network from another room inside the hotel to “catch” me and others. Those alternative networks to fool you, are also called a “honey pot”.
Suppose you login to that network and a cybercriminal can follow and copy / redirect your data. Than an AV and a firewall doesn’t help with data traffic going out. You’re on the web reading /sending your mail, Facebook or whatever and notice nothing unusual. In the mean time you have a gate open and the hacker also has the keys to invade your computer to gather passwords, bank information and such.
In fact the best defense to avoid attacks and phishing is not to go on Wifi in public areas and – if possible – make a wired connection to the web. Who can hack a cable ? *Only in two pieces, but that doesn’t help much in being connected ….. ROTFL.
Another solution is making use of VPN ( Virtual Private Network ) on Wifi. With that you create a secured tunnel for your internet traffic that can’t be hacked. Usually the freeware versions are less quick than paid versions, but the last must – though they’re faster – fit to your demands. Tip : For free versions you can use Spotflux ( spotflux.com ) or Hotspot Shield ( hotspotshield.com ).
Stay safe outside of the door !
June 23 – 2015
The pro’s and contra’s of this privacy guard.
One of the best addons to secure your privacy on the web is Ghostery. It can be used on many browsers. And that exactly is the difference with the competitor No Script, which is also good but that one can only be used on Firefox.
With Ghostery you can surf on the web “like an invisible ghost”. Very handy if you don’t want to be followed, but Ghostery also has it’s disadvantages. *More about that later. The addon keeps control over about 2000 trackers, which are known in their database.
Through the Blocking options you can adjust which trackers need to be blocked. You can do that manual, but there’s also the option “automatic” and then all trackers are blocked. Ghostery detects privacy-trackers, advertising-trackers and analytics. Besides that it also offers scriptblocking.
So far so good, but at some moments using Ghostery can be disturbing. I’ve heard from Germany that the addon also blocks web shops. Of course, when you purchase something online, the web shop needs some personal data from you. E.g. your address for the delivery of the goods and a payment by credit card, Paypall ( much used in the USA ) or Ideal ( much used in the EU ). Ghostery though blocks all these data gathering and hence you can’t buy a thing. Some web shops seem to have this solved, but that coin had two sides, depending on what your opinion is about that approach. Is it a solution or an infringement of your privacy measures ?
In the addition “Ghostrank” the makers of Ghostery ask you to deliver information to them. That can be a good idea if you detect a new tracker. But they also ask what trackers are – in your opinion – harmless. If they put those on a white list, the whole idea behind the addon is undermined. My suggestion is to leave “Ghostrank” for that reason for what it is and don’t contribute.
So : if you think that Ghostery is worth the energy of shutting it down every time you want to order something online, this addon is advisable. But don’t forget to activate it again after the purchase was finished !
May 14 – 2015
An odd story……..
What has an earthquake to do with Parmesan cheese, annoying telephone terror and continuous spam ?
A story about how your personal data ( telephone number / mail address ) can leak away.
Some years ago an earthquake hit the north of Italy and caused a lot of damage to the storage houses of Parmesan cheese. As you know a cheese needs to ripen and for that they store them on a shelf and turn them upside down weekly. When the earthquake happened some warehouses collapsed and others were heavily damaged. Most cheeses dropped from the shelf on the floor and were more or less damaged.
Then an action was set up to give aid to the Italians by selling the damaged cheese – or parts of those cut from them – on the European market. The purpose was damage reduction, finding a way to get rid of tons of cheese rapidly and creating cash flow to rebuild the storages that needed to be empty for reconstruction work.
In Holland e.g. a foundation was established called “Save the cheese” and a pick up point was set up near Utrecht, a city in the center of my country.
A friend of mine is a real Italy fan, goes on holiday to that country each year and loves Italian products. He signed in for the action with his address, including telephone number and webmail address. After a while they noticed him that truckloads of processed and packed, good edible cheese arrived in Holland. He picked up some kilo’s and later on again when a second shipment arrived from Italy.
Since then he has constantly had telephone calls from Italians ( ? ) in bad English who try to sell him all kinds of Italian products from wine per 100 bottles to olive oil and also very cheap products, that for sure are counterfeit.That has fortunately ended now.
Next to that he’s receiving repetitive spam on his hotmail inbox with offers from Asian brides to Viagra ( the combination of these two might be handy btw – ROTFL ), from online casino to financial scams and more.
His son is an IT specialist and has found out that the spam might look Italian but comes from Romania. And it’s possible that the phone calls also come from that country.
So there you are with all your good intentions to help European fellow citizens in need ! Once your mail address starts to roam around, you never know who has laid his hand on that.
Now he feels like a “dumb cow on wooden shoes”, but that’s IMO not applicable. Respect mate, you did a good thing !
My security tip : Get an internet webmail ( Gmail, Hotmail or so ) in addition to your personal E-mail inbox. Use that one for all the possible crap, newsletters and other – possibly garbage delivering – activities. By later on deleting that webmail account – when e.g. spam runs out of hand – you’ve kept your personal ( ISP connected ) mailbox clean. An easy way to protect yourself and to shake off a lot of annoying rubbish.
Read more about that subject in the Important tip of “Step 17”, scroll down for that on the page : >> > Privacy-protection
April 11 – 2015
Pretty embarrassing for a guy like me, who’s active for internet safety. But still….. it can happen and there isn’t much you can do about it. The story is worth telling, so I have to leave the feeling of shame behind me.
What happened : Already for years I own an E-mail address on Hotmail. The reason is that in the office we work with POP mailboxes and those are linked ( and limited ) to that IP and domain only. Sometimes I need to work in other countries and then it’s handy to be able to communicate with for instance the home front ( like “miss Big Boss” at home ). That mailbox has the name #product name#(at)live.nl and the sender title is #product name# – #company name#. Nothing unusual by the way.
About two years ago that mailbox was hacked and all contacts in my address book were ”stolen”, which means copied and stored by the hacker. I had a strong password containing 9 characters, being five letters ( with a capital ) and four ciphers. But still that wasn’t enough defense. I assume that those hackers use some kind of password generator to “bombard” the target until they finally succeed.
Immediately after the hack I’ve changed my password to an even more difficult one. But the damage was already done….. And since then some scumbag is spreading phishing spam under my name every two or three months to my relatives and business relations. Even contacts that are in the mean time removed by me still receive the spam, e.g. someone who is retired some months ago still gets spammed at her former work office.
Ouch ! That hurts and is very embarrassing. Each time I need to give an explanation and have to apologize for something I didn’t do. But there’s nothing I can do to stop it ! That hacker is invisible and where is my address book stored ?
Spoofed E-mail is spam mail that is pretending to come from someone else than the real sender actually is. And in this case my title and mail address is abused by some nuthead. But if you take a sharp look on the header of the mail you can see that it’s coming from somewhere else. And that’s surely a fake URL to cover the identity of the hacker.
Sorry and don’t blame me please. I wish I knew how to make an end to this. This is the f***ing real word full of criminals……… Live sucks every now and then.
March 14 – 2015
In an earlier news blog I’ve already warned that most of the zip files – that are sent as an attachment in Email – are by definition suspicious. And that you should only open such an att. when you’re absolutely sure that the source of the mail is known to you, trusted and hence safe.
This is an example of such a spam mail I recently received :
Title : “Your payment order”
“From : XXXXXXX ( for privacy reasons not mentioned, might be spoofed ).
Please open the attachment to view your payment ORDER
Confirm and get back to me regarding my request.
Telegraphic payment made to you regarding order and supply.
Global Express International Limited
#34342 new industrial layout”
Some digging after the source brought me to a server In Tehran – Republic of Iran. That doesn’t mean that the mail itself comes from that country, but it can though. But a server in Iran ? Yeah, that’s suspicious and gives me the creeps, independent from where the real sender is residing. That can be everywhere in the world.
Whatever ! If you see a mail with a “rar” attachment, never open that. Even if the source looks trusted. It’s spam and should be treated likewise, in other words delete that directly. In a Dutch idiom we say about such an att. : “This is no clean-purified coffee”. So stay away from this.
February 18 – 2015
Nigerian 419 scams
A.k.a. “advance fee-fraud”
We all know them, the attempts on the internet to pull money out of our pocket. But in many cases those are 419 scams – coming directly or indirectly from Nigeria – without us even realizing that. In that country it’s a national sport to find out how to lay your hands on the money of someone in the Western world. If you succeed, you’re said to have magic, but more about that later.
Years ago I’ve read somewhere that 419 had to do with a postal code in that country which area was supposed to be the source of the scams, but that isn’t true.
In Nigeria article 419 in the law forbids financial fraud activities, but since the country is corrupt to the bone, many – many people in some way earn money with that. Powerful people in the government, police, politicians, judges and more are in some way involved. Not only by nature this country is a jungle, but also when it’s about filthy self-enrichment.
A short history in birds view : Before the British made Nigeria their territory the Nigerian tribes had their own – mostly unwritten – habits to rule their society. Then the British took over and implemented European styled laws, which the inhabitants didn’t understand. For many years the country wasn’t real criminal under their control. Even during WW 2 – when the Allies needed every man as a soldier and the British reduced the amount of police in Nigeria – it was a poor, but still rather peaceful country.
Then the country became independent and slowly sank back to the usual chaos that you can find in many African countries. Self enrichment ( poison to a society ) is spread widely, for instance oil is stolen and sold on the black market and if someone is caught they proclaim to work for “Mister minister”. Which one ? – They don’t know, but it’s for sure a minister.
Anyway : The country is an uncontrolled mess now, for safety reasons left by many people from abroad at the moment and also involved in a war with the terrorists of Boko Haram in the north.
Officially committing 419 scams is forbidden and for the show that’s announced, as you can see on the picture. But in the mean time everyone – including police – shuts their eyes and turn their heads away. There are even courses where you can learn how to commit 419 scams and what smart tricks to use. It’s hilarious how the law is enforced, better said….. not enforced !
Nigerian 419 scams can be found in many variations, coming from both the country itself or from other countries, e.g. with the help of Nigerian immigrants living there. I’ve seen many E-mails from London ( GB ) and South Africa for instance. Both are Commonwealth countries where many Nigerians live.
This scamming already exists for years, in the past it was done by postal mail, later on by fax as well and now they enjoy the benefits of the internet. But still we also receive fake invoices by post and messages by fax that we’ve won millions in the office.
The method is for instance that they tell you to have won money in the soccer competition, in a lottery or they declare that you’re the lucky one who can earn much money with a transaction where you’re help is needed as a mediator / transferrer. Or they tell you that some far away family has left you an inheritance of much money. When you respond, in all cases they ask you to send some money for the costs of the transactions, security measures, bank fees and such. Mostly it ends there and you’ve lost a few thousand dollars, euros or whatever. Gone, vanished, vaporized……
Sometimes they play the game much longer and you’re even invited to come to Nigeria or the neighbor countries to “sign some contracts”. Once you’re there they take you hostage and with threatening you ( or worse ) they force you to hand over more and more money.
If they somehow succeed in collecting money they are a hero and are said to have magic, which is called “dju dju”. Some of them think they’re unreachable for justice from that moment on. It happened once that a Nigerian under arrest said : “This is impossible, I’m an untouchable “dju dju gost” and invisible for you”.
Anyway : Never transfer money to such scammers. Be vigilant and use your common sense. If it’s to good to be true, it can’t be true.
For the definitions of 419 scams and info, there’s a special site : >> > 419 Eater website/FAQ
On this site a group of activists list fake banks : >> > Artists against 419 fake bank list
And the home page of the Artists against 419 group : >> > Scam baiting 419
Finally : They earn millions with the scamming. It’s a real plague, be careful……
January 21 – 2015
It’s already common habit and accepted by everyone that companies provide “support on a distance” to update the software you once bought from them or to fix issues and/or bugs in their software running on your machine. It’s efficient, quick and saves a lot of travelling time. The digital world has it’s own problems, but you won’t find traffic jams, do you ? Hence remote access is often used.
But ! As always everything has a downside. Companies develop great tools that are very helpful, but the “less honest” among us abuse them for criminal activities. That exactly is the situation on the internet when it comes to “remote access software and services”.
An enterprise which created some well known tools is LogMeIn Inc. This is a reputable company best known for its Remote Access Service and their sites like “support.me” and “join.me” are famous. Once founded in 2003 in Budapest, Hungary in 2003 as “3am labs Inc.”, the company now has it’s HQ in Boston, Massachusetts – USA and some 600 employees.
Microsoft and other respected companies use this services to assist customers with technical issues.
Success can have it’s negative dark sides and that also happened to LogMeIn Inc. Some of their products / sites are very useful, but unfortunately internet criminals also noticed that. A clear example is “support.me” which is very often used (abused !) by Indian scammers to commit fraud, money scams and other criminal activity, relating to false tales of how one’s computer is infected when it really isn’t.These scammers both contact you by mail ( spam ! ) – which is always “spoofed” ( = false sender URL ) – as well as by telephone, falsely posing as Microsoft Engineers, software developers or similar.
* I’ve written about that in my story of August 22, called “Ongoing telephone terror”.
Is that fair ? No, of course not, doing so is like blaming the phone company if you answer a call and give a scammer your credit card number. LogMeIn products are a service used to allow remote access to computers. Scammers can only use it if the victims ALLOW them to use it.
IMO a realistic approach that explains the situation, helps releasing the company from whatever unjustified accusations. Hence my comment on the scorecard of “support.me” at Web Of trust : “Checked the site extendedly –> CLEAN and rated green on trust.
1 – You can NOT blame a website with useful functionalities when others abuse those.
2 – And you can NOT blame the owner of an URL when it’s e.g. used in spoofed spam mail.
** The problem with this site is that it’s a useful service and hence abused by Indian scammers, both when it comes to “cold calls” to tell you that you have a computer problem (NO, you don’t !), as well as in spoofed phishing and spamming mails”.
In fact this comment is valid for many other remote access sites as well. So…. Do not mistake LogMeIn ( and other companies ) for the Indian scammers. They will lie stating they are from LogMeIn, or from Microsoft, or any other legit software company.
>>>Tell the government of the Gupta’s to put those scammers behind iron bars<<< .
We’ve discussed this in the forum at Web Of Trust, see : >> > WOT/forum/LogMeIn Inc. And together green rated the following list of domains / hosts owned by LogMeIn Inc. for being clean and trusted :
Recently LogMeIn have stopped free personal use of their services, and you can expect scammers will start to use TeamViewer and others instead, as they are still free.
Bottom line : The main point to get across is that you never respond to spam emails / pop ups / phone calls etc. with warnings that your PC has a problem, and that you should only allow someone you trust 100% to remotely connect to your PC / network. Because anyone can use this service, make sure YOU are the one who initially requested computer support. Period ! ! And I think it should cover all remote access services, not just LogMeIn Inc. products, as they all have the same issue.
Finally this important warning … If you receive an unexpected “cold call” advising you that your computer is faulty and demanding access to your computer, such a call is fraudulent ! Do not provide the caller with any financial or personal data and do not download or install anything based on the caller’s instructions.
* BTW : Remote access seems to me not advisable for children under the age of 18, because it opens the PC to external users. Perhaps they may have good intentions, but some younger people can be rather naïve, so don’t allow them to ever use these services without adult supervision.
*Special thanks to Sharon in England ( a key member at WOT ) for bringing me to the idea of writing about this subject and for providing information about LogMeIn Inc.
More info on these scams can be found at >> > Microsoft info page.
December 29 – 2014
Mega internet fraud
The frightful difference between the facts and your imagination.
A survey of “Fraud help desk”, the Dutch governmental bureau for reporting inter net fraud has made clear that in the last two years 9% of the population over 18 years in my country (The Netherlands) was faced with inter net fraud. This is much, astonishing much ! And far more than we – common citizens – would expect.
This means that more than a million people were cheated and according the survey the average amount involved is € 4900,- per person. The overall damage in two years is estimated more than 5 billion Euros, an awful lot of money. *FYI : The exchange rate is roughly 5 Euros against 6 US-Dollars ( on Dec 31 – 2014 ).
The survey also shows that about half of all incidents were not reported to the police, because many people think that’s useless. Unfortunately they are right, from the about 50 % reported cases, only 1/3 was checked because there were traces to follow and in 6% of the cases the police really investigated, but almost all of them ended with no result !
Fraud on the inter net is very slippery, trans boundary and hence hard to fight. Cyber criminals hide their identity of course and even if you can trace them, they appear to reside in some monkey country far away where corrupt police and politicians turn their head away.
How come ? Why does this happen on such a large scale in my country, which isn’t more criminal than other countries in the Western world ? – Some reasons :
1 – We are the highest populated country in Europe, the “Singapore” or “Hong Kong” within the European continent. On world scale we have the size of a post stamp, but crowded with 17 million inhabitants. Most of them good educated and prosperous people, hence we’re an important economy in the world.
2 – Per 1000 inhabitants we have the highest density in web connections of the world.
3 – Our technology and cable network is modern and fast, plus over sized to be able to confront future growth in data traffic. And nearly all of that infrastructure is brought below the surface in the ground, hence our energy systems and all other necessary networks that makes a society work smoothly can’t be damaged by nature, such as storms, ice rain and snow.
4 – Our connections to the outside world are also excellent. That’s needed because our small country has an international focus when it comes to business, banking and trading around the world. We earn money with e.g. import, transport and export. For many products our country is in some way the European roundabout.
5 – Besides safe energy systems we also posses one of the few big inter net hubs in the world. And plans for a second soon to be build. Hence companies like Google and Microsoft love to operate data centers ( partly ) from here, the stability of Holland and the central place in North West Europe is attractive for them (and many others).
BUT, every coin has two sides !
Besides all these advantages Holland (The Netherlands) is also a lovely playground for cyber criminals. Making use of our fast networks makes them difficult to trace and to catch. And the size of our country is excellent for them to try out their filthy methods on a scale with overview. Once successful at the (Dutch) “trial station”, they can later “roll out” their scams in larger countries when they improve their networks and web connections.
Purchasing products here by a web shop on the inter net has grown rapidly. Especially the “yuppie generation” of people in the thirties and forties are hit most by fraud, says a police spokesman in a reaction on the survey. That’s logical, because that’s also exactly the most active generation on the web. The damage differs from small amounts of money, paid for smart phones or concert tickets which were sold on fake websites and never delivered, to enormous amounts of money caused by online bank robbery or by romance scams on dating sites that appear to be phishing.
Some people lost tens of thousands Euros, because some “Ludmilla” or Asian beauty who is dating with them needs money constantly for visa, hotel rooms, flight tickets, unexpected hospital visits or whatever stupid falsehood. All fake of course, but “love makes blind” as they say…..
Any way : One thing is clear, this kind of criminality is difficult to fight for police, Interpol and justice departments.
Once your money is gone, it will not come back. Vanished for ever – Period !
So take care what you do on the inter net, you’re on your own !
My 2 cents : And if this is going to be the future of the inter net…. I’m very worried that one day the web – that also brought us so many good things – will dig it’s own grave. Governments should work together to stop the trans boundary criminality. But as long as they themselves abuse the inter net, think of e.g. the N.S.A. scandal, I’m rather pessimistic and without confidence about the future of the www. – *Shouldn’t the U.N. play an important role in this ?
November 21 – 2014
The traces of your fingers
You may think so when reading the title, but this story has nothing to do with fingerprints ! In these days of fast technical developments, new risks arise and hence this story about the warmth of your fingers and what that can cause.
To build up a clear story I need a short introduction :
At some point in my years as a fire fighter we were provided with new equipment, a heat detection camera. That appeared to be a very useful tool, though the first model wasn’t really handy because off the size. The camera was clear yellow and about as big as a shoe box, which made it difficult to use in small spaces and in the smoke we often hit the camera – hanging on a belt round our neck – against all kinds of obstacles. This camera version had a black and white screen, like very old TV’s in the past. A black object was cold and from dark grey to bright grey the temperature of the object went up, finally the white coloured spots and objects were the hot ones.
What an eye opener, you could trace fire in a chimney or a ceiling and – with that – avoid breaking that open at the wrong place, overheated electricity pipes in a wall and also people behind a door by the radiation of the warmth.
Later on we received more modern cameras, smaller and also with a colour screen and additional functions, e.g. spot temperature measuring. On these screens blue colour is cold, from green to yellow is where it’s getting warmer and red is hot.
Through the years the models became smaller and smaller and very handy to use, with e.g. a hand-grip. Those devices really save lives……And minimize damage…….
When you e.g. put your flat hand against a wall, the print of the remaining warmth can be seen for minutes or more, depending on the material. On a wooden wall – which isolates good – it stays for a long time, because it vanishes slowly. On a brick wall it’s faster gone, but even there it lasts more than a minute.
It’s amazing to see this, on the road you can exactly find out which cars were driven recently and which are parked already for a long time. And which neighbor is using the solarium at home in the wintertime by the warmth of the lamps.
These cameras provide a view of the temperature of the whole area. Here’s an example of a floor with heating tubes inside, you can also see the chairs and the table. This is exactly what is displayed on a colour screen.
But cameras are not only getting better and better, but also smaller and smaller. Just think of the camera in your smart phone, which produces really good pictures with a high resolution. If you compare this with the first cell phones with a mini cameras build in, wow ..… what a difference.
The same happened with the heat detecting cameras. Nowadays very small versions are for sale, I’ve found this one on the website of a “spy shop”. It’s attached to a fingertip and it’s wired to the rest of the electronics that can e.g. be stored in your pocket. Equipment with this size can be hidden everywhere or can unseen be used by someone without you realizing that.
And that opens new possibilities for our fellow citizens with bad intentions. If you pay your purchases with “plastic money” ( your credit card ) you need to print your personal code on the buttons of a keypad. Or if you visit an ATM you also use your personal code.When criminals are able to read that directly afterwards, they only need a pickpocket to rob your wallet with your cards and then they have unlimited access to your bank account.
Just watch this You Tube video of about 3,5 minutes : >> > You Tube LINK
Yes, that’s scary ! What can you do against this ?
First of all is to demand some privacy when you’re in the paying process. Look behind you and if someone is unpleasant nearby, say something about that.
Second is to lay your fingers ( or your whole hand ) after paying – and card removal – on some other buttons to create a wrong track. That may cause interference on the payment terminal and the next visitor has to wait a few seconds for a reset of the device, which is exactly your intention. Maybe the shopkeeper isn’t happy or the people in the queue behind you, but who cares.
Better safe than sorry……..Stay vigilant, also in daily life ! Prevention is the best remedy.
*Special thanks to my friend Jesus in Florida ( USA ) who proposed to write about this subject and provided the link to the You Tube video for that article.
The You Tube video and this article are based on a scientific research report by University of Cal. – San Diego. You can read the recapitulation of that report >> > HERE ( link )
October 30 – 2014
A troll ! – Oh help, now what ?
Introduction : Recently I was faced with a troll. At first I didn’t notice , until finally the next day I was overlooking what was going on and suddenly realized myself :
“WTF, this is a troll !”
Definition : A”Troll” is the Internet term for someone who is intentionally mean and / or disruptive to a community in the hope of getting a reaction. If you “bite”, you play right into their hands.
It began with a site owner ( and web designer ) who requested an evaluation of his website in the forum at Web Of Trust. Because the site was also in Dutch, an English speaking member asked me to read and analyze that version. I did, but in the mean time others had already seen the English version and had positive critical remarks. Shortly after that I also had positive critical meant remarks about the Dutch version as well. The site owner didn’t accept any criticism at all, because he already had a biased negative opinion about Web Of Trust and believed that we confirmed that. But yeah, he did ask us to evaluate his site and if you expect everyone to be completely satisfied and only positive, seeing remarks can be a disappointment.
Next to that he was also breaking the rules and guidelines on WOT. And when members find out that you’re misleading the community, then you’re caught. Oops !
He couldn’t deal with all that, though it was him who made the “mistakes” and became angry and aggressive. From that moment on it ran completely out of hand, because the site owner started attacking everyone who joined the forum discussion and behaved rude.
Moderators than removed all his hateful and offending posts. And that resulted in seeing him hitting around wherever he could. E.g. he posted aggressive PM’s ( personal messages ) on the MB’s ( message boards ) of several WOT members. And he was attacking my site without reason by leaving silly comments on the WOT – scorecard of my site. That is damaging the reputation of my site, hence I’ve send him an Email with the friendly request to remove those nonsense.
Usually a troll is hiding behind anonymity and it’s said that if you can trace him he gets scared and ends his behavior. That’s why I’ve told him in my Email that the electronic path to his front door is laying open. He doesn’t understand that and now he thinks that I’m really going to visit him, which made him even more angry.
The only way to approach this is : Stay calm and don’t get involved in a fight.
All this brought me to the idea to contact James, a friend in the UK who – in the past – has written an excellent article about this subject. He’s a very good web designer and web master of several sites in his area and helped me a lot by mailing the article which was still in his files.
Thank you James for sending me this and allowing me to publish it.
Have fun reading, it’s worth it !
Dealing with a troll
If you have opted for embracing social networks to promote your product or brand identity and have managed to build up a small but growing community of followers, or if you’re member of an inter net community e.g. with a forum, it will be inevitable, at some point, your community will be invaded by a troll.
An Internet Troll is someone who will post a deliberately provocative message to a newsgroup, forum or message board with the intention of causing maximum disruption and argument. The troll will continue to harangue and harass others, and often have nothing worthwhile to add to a certain conversation.
At times it may be hard to distinguish between a troll and someone who happens to disagree with your viewpoint, however, someone who merely disagrees with your viewpoint usually is able to maintain a respectful and reasonable manner. Trolls will often fall back to general insults, put-downs, name calling, accusations and even threats.
Trolls can be very disruptive to your other members, can intimidate certain members, and can also reflect badly on your brand or product. There are steps you can take to minimize their damage and deal with the troll effectively.
Never feed the troll: Do not rise to the troll and don’t give them further ammunition to carry on their trolling attempts. One of the best ways to manage a troll, is to ignore them completely, however at times if they are trolling members, you will have to intervene. In that case give positive feedback to those that are being trolled, while ignoring the troll as much as possible.
Keep it light and friendly: A troll likes to cause friction and arguments, one method to combat this, that I have personally found useful, is to keep it polite and friendly. If you insist on arguing with a troll, you are already losing the battle. By keeping it polite and friendly, that is too far the troll can go, so they will disappear because “the fun is over”. A positive attitude then shows to other members that you are prepared to listen to criticisms and can handle the most negative of comments from trolls professionally and courtesy.
Do not ban trolls: Banning trolls is an easy solution, but one that can backfire very quickly, as well as building an atmosphere to the other members of censorship if they do not agree with your viewpoint. Banning a troll is a short term solution, as there is nothing stopping that troll from creating multiple accounts and trolling your community and members again.
If you keep it friendly and allow the troll comments within your community, you are showing a level of transparency and are open to criticisms, even though a troll is merely posting inflammatory content to try and get a rise from someone. Deal with trolls in an overly friendly manner, or completely ignore them, but never ban them. If you have an active community, your best hope is that some of your members will be allies, and will be ready to stand by your side in a troll dispute.
Trolls vs trolls: When someone is trolling your community, sometimes other trolls will appear on the scene and begin fighting amongst themselves. If this ever happens, do not get involved, allow them to fight it out amongst themselves. The advantage of a troll fight, apart from the humor to be gained from the situation, is that (A) the trolls are leaving your members and brand alone, and (B) they are making themselves obvious to your other members, who will also find their argument disdainful and will eventually marginalize the trolls themselves.
Only ever step in, if the trolling back and forth is going too far, to a point, where each troll is starting to use threatening language, racial slurs, etc.
Most importantly, do not let them get under your skin, that is their main aim, to get a negative or overblown reaction from you. If you refuse to feed the troll, the troll will eventually go away and lurk elsewhere.
Author : James – Glasgow area, Scotland – G.B.
Web Of Trust member “Mentalist3D”
Remark : Another very good site page about this subject on >> > Webroot.com
Addition per November 5 : Finally after two weeks the troll was banned from the community by Web Of Trust staff at the HQ in Finland. But the remainders of his improper behavior, being his negative “disagrees” on other comments, still can be found on the scorecard of my site. Minor problem, though IMO those “disagrees” should also be removed, but they didn’t.
October 25 – 2014
“The postman always rings twice”.
Subtitle : “Here we go again 2”
Paying ransom for your holiday pictures ? Yes, it can happen !
Recently I’ve received information about a new way of blackmail, with the use of Cryptolocker. Does it ever stop ? No it won’t, because cyber criminals earn much money that way. And that’s why I also won’t stop warning.
What happens : You receive a ( fake ) E-mail from the postal service which looks very real. In the mail they announce that a postman has been at the door once or twice to deliver a package with a photo album, but found no one home. The mail contains a link to a ZIP file in an attachment, which is suggested to be the information about the delivery and the sender of the package.
Don’t ever click on that ZIP file !
If you do, all your files on the hard disc will be encrypted and unreachable for you, including the holiday pictures you had also stored there. Than later on you receive the famous E-mail where they demand a payment to “release” the ( your ! ) files taken hostage. * For more information how this works, read my earlier stories about this subject below.
The Dutch ICT safety company Fox-IT has calculated that the gangsters at least have “earned” more than half a million Euros with that in the last two weeks, mostly gathered in bitcoins. It also seems to happen in Italy, Australia and Great Brittain and hundreds of people already fell victim to this.
The criminals demand a payment of about € 400,- on one of their bank accounts and that transferred in bitcoins. Analysts have found 7 bitcoin accounts already and detected many payments on those. It seems that the perpetrators have also found a creative way to make a smoke curtain as to where the money comes from and goes to. Spokesmen expect that the problem will grow in the next coming weeks.
In general you can say that most ZIP files are suspicious ! Always think twice what it is, if you expect some mail and if it’s from a reliable source, before clicking on that to open it.
Author : Peter
October 5 – 2014
“Sexting” ( and the danger of spreading on the web ).
One third of all younger people between 12 and 21 are in some way challenged to send a nude picture or sexually related film of themselves to someone else. A survey of the Dutch institute “Sense” has made that public and it appears that about one of every five young people really do that, mostly during their period of life on high school. Making a naked “selfie” with your smartphone is called “Sexting“.
Most younger don’t realize what the consequences of that can be. In a way they can be rather naive by trusting that such pictures or films are safe and sound in trusted hands. They believe that what is stored in their inner circle, will remain in that.
But it doesn’t ! ! ! !
And here comes the danger of the inter net : Once such material has “landed” there, it spreads out in public like an oil spot . Second problem is that it remains there for years. Nearly nobody has – so far – cleaned up the contents of the world wide web. So contents you would prefer to be removed from the web can follow / chase you for years……. Even if you store the pictures on your own phone it’s NOT safe. Who can guarantee that the phone will not be used and seen by others, stolen or hacked e.g. because they’re curious?
In most cases nude material of girls leak out, of boys less. What can happen : A couple of – let’s say – 15 or 16 years fall in love with eachother and after a while when they really believe it’s for ever and ever, they “live on a pink cloud” and promise each other eternal love and make nude pictures or films for the fun and excitement. Then some day the boyfriend appears to grow out to another personality than what she expects him to be and the “prince on the white horse” isn’t the ideal man for the rest of her life anymore. So after having some doubts, finally she dumps him. He’s pretty disappointed and gets angry. In a deed of revenge he then spreads the nude material among his friends and classmates, someone is so “kind” to drop it on the inter net and BINGO ! The beginning of the oil spot.* It can btw also happen in an opposite way, girls can be nasty as well.
This is a pretty hard way in building up experience in life, but it doesn’t just stick to that…….
Hence the Dutch institute “Sense” is going to publish a book called “Stories for under your pillow” with subjects like “Never been kissed before” and “The group pressure to do “It” (sex), to warn them in advance and to make them more resilient. That will be spread in an amount of about 100.000 books to all schools to shake up the discussion about this subject. The book also includes information about the risks of privacy infringement, abuse as porn, getting blackmailed and so on.
Of course there’s an important task for parents to make their children aware of the risks. But are they themselves, in these days of fast technical changes ? And as a parent do you know everything your child is doing, especially in these erotic matters ? Young people are discovering the world and don’t tell their parents everything.
This is the situation in my country and perhaps elsewhere it’s a bit different. But believe me, it will also happen there, the world isn’t innocent in other countries as well.
As an example : A true story of what did happen, the source is a reliable Dutch newspaper.
Julia ( not her real name ), a Dutch nurse and single parent, found out five years ago that awful nude pictures of her daughter could be found on the inter net. The girl was 14 back then and the pictures were SM related.
“We’ve had an awful time since then” Julia says. “And finally we’re in control of our lives again, but it was a tough job to get there”. Julia and her daughter lived in a city in the middle of Holland when trouble began. The daughter fell in the arms of a “wrong boy” and after some time he forced her to undress in front of the camera. Julia didn’t know a thing until she was called by another mother of a classmate, who told her about pictures on the web. By then it was already too late, the oil spot was already active. And the boy had added to the pictures that “This slut is fond of fucking” and included her phone number too. And that about an innocent girl of 14 who wasn’t ever kissed before ( except by her mother ). Her classmates were also involved in spreading out the pictures and that proves that young people can be extremely harden to each other. Finally Julia was called by a man who had found the pictures on the inter net, a pedophile who wanted to pay for a night with her daughter……
The situation ran completely out of hand, her daughters position in school became unsustainable. And the school failed in doing something to stop this. So Julia decided to move with her daughter to another town and – with that – another school, 50 kilometers from their old house. They changed all phone numbers and Julia only contacted her own good friends in the former city they had lived, they avoided the former school and all classmates there. And she decided to bring her daughter to a therapist to bring her life back on track. That helped after some time and now her daughter visits an education to learn a profession in social care.
All this is meant as a warning. The inter net is a blessing but also an open sewer full of filth. One thing is sure, if you never make nude pictures or sex films they won,t end in the inter net as well. Just an idea ……….
Warn your children when they change from base school to high school (or in the first years there) !
Author : Peter
August 22 – 2014
Ongoing telephone terror
In June I’ve written about “fake Microsoft calls” coming from cyber criminals who want you to download their software to gain access to your computer and all your data. *See the story of June 22, down below.
This is becoming a real plague, sóóóó many people complain about this. I thought at home it had stopped, but we still have one or two phone calls a day, coming from other telephone numbers than 001607 as well. Nowadays we first take a look on the screen what number is calling before we pick up. If that starts with the international entry code 00 – like the last two weeks with 0056, 0058, 0060, 0063 and 0071 – we grab the phone and immediately hang up again, or even let it ring until they get bored. Pretty annoying, but so far it seems that police or telephone companies are unable to stop this.
What you can do ! – Don’t give them a path to your privacy of course !
But here’s some additional information about what happens when you do let them enter your computer.
After running through the process with their “kind help” they’re in and “fix’ your device. Then they charge you for their work in speeding up your computer 4700 Ruhpias ( India currency ), which is roughly € 27 or $ 36. And yeah, the machine runs faster ! What a relief and you pay them by bank. But in the payment process they change the currency and suddenly you loose € 4700 or $ 4700 from your bank account. Of course the money vanishes for ever. Or…… nothing goes wrong at that moment, but after a few months – when you’re not that vigilant anymore – they suddenly rob money from your bank account, e.g by using your credit card or banking data.
How that happens : In the process where they assist you, they also silently create a “backdoor” (an open gate) that constantly gives them access to your machine with the possibility to scan your files and to track everything you do, even when you’re not “surfing”. And with that they can gather all kinds of privacy sensitive information, e.g. about your bank account and / or credit cards. And just imagine that someone is constantly looking over your shoulder………..
Do I have to warn you again. Stay away from these bandits ! ! !
Nice to read what happens if you do let them in and play the game with the Indian scammers for a while on the South African site >> > Tech Central
Author : Peter
July 11 – 2014
Viruses on Android
I know someone with a Samsung smart-phone who was hit by such a virus. In fact the smart-phones nowadays are small computers and that makes them attackable by hackers. At this moment at least two Android viruses are detected, but perhaps more are active though not found yet.
One is the Kohler virus that stores large amounts of porn on your phone or tablet. As a result your memory is completely filled and you will get warnings that you’re unable to receive messages through App or SMS, because there’s no memory space left. This one is already common found.
The other one is an Android version of Cryptolocker, in this case called Scriptoblocker.
“Here we go again” for the second time, see my earlier messages about this of June and March 2014. You could wait for this to happen, now that Android is a much used O.S.
Some people have their whole private life stored in that thing. Beware that all that information about contacts, mail addresses and such is a rich treasure to hackers.
* And then an additional warning that can also help to keep memory space available. In May a press release was published to warn that Facebook claims and uses an enormous amount of data space on your phone. So it can also happen that your phone memory gets full even without a virus. To be honest, in fact Facebook is also a phishing site that wants to know everything about you. How far away are they from being malicious ( for aggressive phishing methods and privacy infringements ) ?
Protect your privacy ! You can read more about that on the page “Privacy protection” of this site ( linked, >> > ).
Author : Peter
June 22 – 2014
Odessa (?) calling, ++1607
My wife was called five times in the last few days by someone who proclaims to call from Microsoft, to tell her that we have a computer problem they need to fix. The man asked if we own a Windows computer. That already is weird, if they really work for Microsoft they should know that in advance and don’t need to ask….
Anyway : Those phone calls appear to be a wide spread problem around the world. The man spoke really bad English and my wife hang up the phone each time directly. Then he called the sixth time again and begged her to stay on the phone, because they really had an important announcement, so he said. She told him that she was pretty annoyed and this has to stop, or she would call the police.
If that really helped or they realized that this was a dead end, I don’t know. But it has stopped since then. Glad it did, both my wife and the phone were getting bored of it.
These “fake Microsoft calls” are coming from cyber criminals who want you to download their software to gain access which gives them full control of your computer and all your data.
Very kind fellows are so unbelievably helpful to guide you step by step through the whole process of installing and downloading. They proclaim to work for Windows Help desk, Windows Service Center or Microsoft Support.
*Apparently some people step in the trap and this criminal activity is profitable, otherwise there’s no explanation how this can go on for years already.
Recently Microsoft has spread a press release that they never approach clients by phone and to warn against these practices.
Some strolling around on the inter net shows different results as to where these phone calls are coming from. Some sources speak of South East Asia, others mention Russia and India. Possibly these calls come from Odessa in Ukraine. What a mess, that country ! And what an enormous amount of cyber criminality has its source there…..
The phone numbers used by these bastards make them look like coming from the USA or Canada, because they always begin with the country code 1, behind the international entry code ( e.g 00 in Europe, 19 in the USA ). But all numbers used by them start with 001607 and surely are in some way redirected. Here’s a list of much used numbers, not saying that it’s complete though :
The official information on these scams can be found at >> > Microsoft
**More information available in the story of August 22.
Author : Peter
June 9 – 2014
Here we go again…..
Recently two new types of ransom-ware have appeared that look like Cryptolocker. See my previous news of March about that nasty virus, further below on this page.
The new detected Cryptowall and Cryptodefense are copycat viruses similar to Cryptolocker, malicious software that encrypts a user’s hard drive. According recent information hackers have build in pieces of the notorious Zeus/Citadel virus ( or GoZeus virus ) in these new variants. This makes them even more dangerous because – after infection – they silently take time to install themselves everywhere in your PC and network (!), before appearing by setting its teeth in your files, with all devastating results.
I already have received a weird spam mail, purporting to come from Amazon.com with an announcement about a shipping status. * Remark : Don’t blame Amazon for that, their name is only abused.
The spam mail contained a suspicious zip file in the att. – Never, ever open such a file!
I didn’t and deleted the trash immediately, for two reasons :
1 – Amazon is American and I never order products there, bcoz I’m European ( might be possible though ).
2 – A “shipment status” ? Yeah right, suppose so…… For what ? Baked air perhaps ?
Author : Peter
May 31 – 2014
Good resource to find support if you’re scammed in some way :
Scamwarners.com ( link to ext. tab, = >> > )
Author : Peter
May 7 – 2014
Malware in Apple iOS
Today I’ve received information about an Apple Ipad being hacked.
What happened ?
A friend of mine told me that his sister received a pop up banner on her Ipad screen that she had won a price and to receive that she had to fill in personal information on a form. Phishing of course, but oops…. she did and directly after submitting that her screen went black.
I assume that with filling in the questionnaire she opened a gate and through that backdoor gave acces to hackers. Since then it’s impossible for her to register / login on her device. And a technician told her later that it’s irreparably damaged.
Since Apple products are getting more and more popular, you could expect that this would happen. And it’s exactly a lot of people that changed to iOS because they think than not to be bothered by malware. That appears to be a miscalculation………
Here’s the evidence that it can happen on devices using Apple technology too. But this also proves again that it’s you to take precautions and use your common sense. Never click those banners !
Author : Peter
May 1 – 2014
Suppose you’re hungry. And you go to the supermarket to pick up an oven ready pizza ( a common Bolognese or so ). When you open the box it appears that someone in the factory has added raw anchovy to the box in a separate bag. The addition of fish wasn’t announced on the box and you don’t like fish or the smell of it. What do you do ? You get pretty annoyed and throw away the fish. And you plan to complain to the supermarket about the product.
But it can be worse. Suppose you buy a pizza and someone has put the anchovy on the pizza Bolognese itself . You don’t want the fish, but even if you throw them out, the smell of that is impossible to remove. In this case you get angry, the product isn’t according what you want.
Aarrrrrgghh ! Which screwballs have invented this……. Let’s complain ! The product is opened and you can’t return it.
A strange story ? Maybe it is, but something similar happens with software updates that you need to download. And there it’s accepted by some people as being normal……..
Normal ? ! ? !
Here we go ! The comparison : Suppose your computer needs a software update. You go to the internet to pick up the update ( the pizza for your “hungry” computer ) and additional – unwanted – software is enclosed in the download ( the bag with anchovy ). This is what Oracle does when you receive an update of their Java software. The “Ask tool bar” is always added and if you forget to remove the check mark it will be installed as well. This is already annoying, but if you’re vigilant you CAN opt out ( throw away the fishes ).
And here comes the part where you get really angry : When downloading Adobe Flash Player, automatically “McAfee Security scan plus” is added and placed on your computer ( the pizza with the anchovy on it ). So now something unwanted is pushed through your throat ( pizza that tastes and smells like fish ).
And again, the product is opened and you can’t return it.
Who was crazy enough to invent this ?!?
If you don’t want the PUP ( Potentially Unwanted Program ) you can only remove that in the software list of your PC. For that go to “Configuration”, than select “All programs” , search for the PUP and delete / remove it.
And then a remark : I’m not sure if the McAfee software will fight your own Anti Virus software, but better safe than sorry. So get rid of it !
Finally : You don’t expect well respected companies with a good reputation to make use of such methods. But it happens and I guess it’s a matter of money.
Shame on you Adobe, McAfee and Oracle…….. Your methods are foolish and awful stinking ! And the reputation damage can one day turn against you when alternatives without PUP’s will be available from new competitors. Let’s hope so……… and soon please !
Author : Peter
April 23 – 2014
Great initiative…. The ESET video tutorials !
IT security company ESET has produced an interesting series of short videos on Internet safety. Ten videos, each no shorter than two minutes and no longer than about five minutes, provide a combination of information for newcomers to the web and helpful tips for the more experienced veteran users as well.
More information here : >> > securityskeptic.typepad.com/use-esets-security
Author : Peter
April 15 – 2014
A herd of elephants…….
In 2013 a new tool was launched to check your computer thoroughly. It promises 100% cleaning of your machine, according the description. “Herd protect” is the name of the new miracle, at least that’s how it’s promoted on their website : >> > www.herdprotect.com with a picture of a group of elephants on the homepage.
The website promises you that 68 malware scanners are capable of cleaning your PC within 60 seconds. Sixty seconds ? ?
Oh really ? ! ? ! Well, I have my doubts…. Not saying that it’s impossible though. But if you use your common sense this seems too fantastic to be true.
Personally I’m a fan of using Malware Bytes Anti Malware ( in short MBAM ) every now and then, to do an additional scan whenever I have the feeling that a threat is possible. An MBAM “quick scan” takes that sole program already 10 to 15 minutes and a “full scan” takes more than an hour.
So imagine that you have 68 malware scanners running through your computer at the same moment, using a secured tunnel to the cloud to scan your files there. And those 68 are doing that within 60 seconds ? ?
Back to the elephants to explain this visual :
You have a mosquito in the house ( malware ) and to crush the insect you open the door to let a herd of 68 elephants pounder through your home. That will be a disaster, all these grey monsters walk in each other’s way. Maybe a funny comparison, but at least it makes you think about the concept of Herd protect.
Yes, Herd protect might work…… But is this needed when you can fix your infection problems with well known programs like MBAM , HitmanPro, Spyware Blaster and such ?
*And then an additional remark about “the cloud” : To me something intangible, mystical and vague. Where is “the cloud” ? What is exactly “the cloud”, stored where and by whom ? But most of all, who can enter your data in the cloud ? In other words, how safe are your PII and files ? I prefer to have my personal data and backups on my own computers, which are under my control !
The cloud, I’m out ! ……… Stay away from the NSA !
Author : Peter
There’s nasty malware going round on the internet called the Cryptolocker virus. It spreads itself by use of a zip file in an attachment of E-mail. That zip file opens a gate for cybercriminals, a “backdoor” that creates an entry for a PUP ( Potentially Unwanted Program ) from outside. If you get infected this virus encrypts all your files on the hard disc of your PC, which makes it impossible to use them anymore.
Then shortly after that you receive an E-mail that explains you what the cyber crooks have done to your computer. And they order you to pay a few hundreds of Euros, US Dollars ( or other currency ) in exchange for release of your files by removing the encrypting virus again.
THIS IS PURE BLACKMAIL AND NEVER, EVER PAY THAT !
Once the virus has set its teeth in your files, the damage can NOT be restored. If you pay nothing happens, no virus will be removed. Don’t fool yourself, the money will simply be gone. And even worse: There’s a great chance that they come back for more money, if you’ve paid the first time.
Recently a second version of the Cryptolocker virus has appeared on the internet, which seems less aggressive. But still a lot of damage can occur. At the moment I don’t know what the exact differences are, but this one is also devastating.
Someone in my family had this, after receiving an E-mail that purported to come from the office at his work. He had full trust that the mail was okay, opened the att. and BINGO !
Luckily he had backups of ( nearly ) all his files and could replace them.
This proves once again that it’s wise to make backups frequently. Like I’ve mentioned on the page SAFE SURFING ( link >> > ), do that monthly, or at least bi-monthly. It can save you !
An international action group of computer specialists called “Malware must die” ( link >> >) have set up an operation called “Tango down” to fight Cryptolocker. They succeeded partly when they could disable about 150 domains ( URL’s ) by dropping those in a sinkhole. Respect for such people, who voluntary do their best to make the internet safer.
Unfortunately they didn’t succeed in finding the source of the virus(es) and the crooks behind it. So the fight goes on.
My advice : Even if a mail looks very familiar to you, always use your common sense and think about it as to whether it’s normal that some mails are send to you. Like e.g. a mail from your work in the weekend or send at night is weird.
Stay vigilant !
Fake online casino sites
If you have an internet E mail account on Hotmail ( or Hotmail – Live ) you can be faced with persistent spam from “Ruby Palace Casino” and “King Palace Casino”. These spam mails are coming from an enormous network of cybercriminals who earn a lot of money with their illegal activities.
You can recognize those mails because they always promise you great chances on winning large amounts of money and the first deposit of gambling money to be paid by them.
The sender of the mail isn’t what you think. Those criminals hide between someone else’s mail address, so if you think it’s from – let’s say – Italy, Iceland or Malta you’re mislead. These E mails are “spoofed” , that’s how you call mails that pretend to come from somewhere else. And you can’t blame the URL in the mail address for spamming. In most cases the owner of that URL doesn’t even realize the abuse of his URL ( domain name ).
The intention of these mails is phishing after P.I.I. ( Personal Identifying Information ) and for that there’s always in the bottom lines of these mails an Internet link where you are expected to respond to their interesting gambling offer. NEVER CLICK ON THAT ! If you should there’s a risk of getting infected with nasty malware and / or the spammers then know that you’re mail address is active and in use ( = read by you ). And that is important information for them, active mail addresses is stuff that can be traded and used for all kinds of cyber criminality.
Every time the URL in the link changes, because those are blocked by Hotmail ( Microsoft ) after a while. It’s a real cat and mouse game between the spammers and Microsoft.
Some examples of URL’s used in the mentioned links :
It’s too much to mention, because there are tens of thousands of these URL’s.
Anyway : If you receive these mails, delete them directly and absolutely don’t click on the mentioned link in the mail. Stay away from this !