Nov 292018

Catalin Cimpanu reports:

New Delhi police have arrested 63 suspects in the last two months working and operating 26 call centers that were engaging in tech support scams, posing as tech support staff at Microsoft, Google, Apple, and other major tech companies.

The raids on Delhi-based call centers have taken place over the last two months, Microsoft said. Police first raided 10 call centers and arrested 24 people in October, and then raided 16 other call centers and made 39 more arrests this week.

Read more on ZDNet.

Happy Thanksgiving!

 Posted by at 9:09 am  Uncategorized
Nov 222018


Happy Thanksgiving to those who celebrate this holiday!

For those who will miss out on their family get-together because they are serving their community as firefighters, medics, police, soldiers…. thank you for the sacrifices you make today so that the rest of us can enjoy this occasion.

As always, I am grateful for those who regularly read this blog and share their thoughts and other articles they find.  And I am eternally grateful to the researchers and sources who share their findings so that we can all learn more about the (sorry) state of our data security.

Mistakes will be made today — and I’m not talking about my cooking, although possibly, that, too.  Breaches will happen and thousands of people will have their data exposed or stolen or misused. And eventually maybe we’ll find out about some of it.

But for now back to cooking and cleaning here…. see you all tomorrow when posting will resume.


Nov 152018

Natasha Lomas reports:

Mozilla is adding a new security feature to its Firefox Quantum web browser that will alert users when they visit a website that has recently reported a data breach.

When a Firefox user lands on a website with a breach in its recent past they’ll see a pop up notification informing them of the barebones details of the breach and suggesting they check to see if their information was compromised.

“We’re bringing this functionality to Firefox users in recognition of the growing interest in these types of privacy- and security-centric features,” Mozilla said today. “This new functionality will gradually roll out to Firefox users over the coming weeks.”

Read more on TechCrunch.

Nov 072018

Catalin Cimpanu reports on a zero-day published by researcher  Sergey Zelenyuk and his decision to go public instead of going through the usual system of notification, waiting, etc.

Some of the issues he raises are ones that I have been hearing about recently from other researchers who are disenchanted, to say the least, with the HackerOne program.

Maybe Zelenyuk’s actions will start a conversation and dialogue that seems to be needed.

Read about both issues on ZDNet.

Oct 232018

Sometimes I tweet these, but I thought that I’d post the most recent three emails demanding I pay extortion or else the criminals will allegedly post video of me that they captured while I allegedly masturbated while allegedly watching a porno site. I say “allegedly” although the criminals try to write as this is all definite and ruination will come to me.

Anyway, for those who want to track the BTC wallets to see if anyone makes payments to them, here are the latest failed extortion attempts. If any serious researcher or journo or law enforcement needs header info, contact me via email.

Email 1:

Subject: Your life is in your hands
From: “cmwfdn” <[email protected]>
Date: Thu, October 18, 2018 01:10
To: [email protected]

Dо nоt mind оn my illitеrасy, I аm frоm China.

This is my last warning.

I uрlоaded thе mаliсiоus рrоgram оn your systеm.
Sinсе thаt mоmеnt I рilfеrеd аll privy baсkgrоund frоm yоur system.
Аdditiоnally I havе some morе соmрrоmising еvidеnсе. Thе mоst interеsting
еvidenсе thаt I stоlе- its a videоtаре with your mаsturbatiоn. I аdjustеd
virus оn a роrn web sitе аnd аftеr yоu lоadеd it. Whеn yоu dесidеd with thе
vidеo аnd taррed оn а рlаy buttоn, my dеlеtеrious sоft аt оnсе sеt up оn yоur
systеm. Аfter adjusting, yоur саmera shооt thе vidеоtаpе with you
self-abusing, in аdditiоn it sаved рrесisеly the рorn vidео you mаsturbаtеd
оn. In nеxt fеw dаys my mаlwаre сollеctеd аll your sосial and wоrk сontaсts.

If you wаnt tо deletе the recоrds- рay mе 600 еurо in BTС(сryрtocurrenсy).
I providе yоu my Btс numbеr – 1Mf2SRGU3HuRzQQpegRj5ro2VfoMkcSeYL
Yоu have 24 hours aftеr rеаding. When I gеt trаnsfеr I will destroy the
vidеotaре еvеrmоrе.
Othеr way I will send thе tаре tо all yоur cоlleagues and friends.

Email 2:

Subject: admin – [password redacted by**]
From: [email protected]
Date: Sat, October 20, 2018 18:18
To: [email protected]

Hello, my victim.
I know your password – [password redacted by**]

That is my last warning.

I write you inasmuch as I set a trojan on the web page with pornography which you have visited.
My spyware got all your own personal data and switched on your webcam which captured the process of your masturbation.
Soon after that trojan stored your contact list.
I will eliminate the compromising movie and all the information if you pay me 500 USD in bitcoin.
That is wallet address for payment : 1AzdzwWHaJXytimxenzi45JVtY4FsXwLZZ
(you can google on “how to buy bitcoin”)

I give you 24 hours after you see my message for making the payment.
The moment you see the message I’ll know it right away.
It is not required to share with me that you’ve delivered BTC to me. That address is related to you, my program will remove every thing instantly after payment confirmation.
You can go to the authorities but no-one can’t help you.
If you attempt to cheat me, I’ll see it straight away!
I don’t live in your country. Therefore no one can’t track my area even for 9 months.
Do not neglect the disgrace. Your life can be ruined.

** Interestingly, that may have been a real password from an app I used eight years ago. But access by that app to Twitter was revoked, and the password was never used for any other service.  I have never seen any report of that app being hacked or breached, and the password is not in, so I’m not sure what to make of it, but it’s interesting that the threat actor included what could be a real password used by their target/victim.  I just wasn’t falling for it.  UPDATED: It appears that including a password helps the attackers — this wallet, unlike the other wallets, already has 5 transactions as of October 23.

Email 3

Subject: Тickеt#707406279 <[email protected]> 23.10.2018 05:32:30 Our common ground
From: Prout Thede <[email protected]>
Date: Mon, October 22, 2018 22:32
To: [email protected]

You can complain to the police but they will not solve your problem.I am
foreigner.It means nobody can track my location even for 6 weeks.

Your system was infected by my virus.We turned on your web-camera,at the
moment you went to the porn web-page.Now I have the record of your

Your contacts are copied on my disc so if you ask me to delete this
compromising evidence you should send 680 dollars in bitcoin.

Use this wallet address – 14ui6EtVjzk4TKDLhm2BveECBeBXFhyG7b

(use it like your credit card number). I give you 28 hours after clicking on
this message to complete the transaction.

Goodbye.Dont forget about the ignominy.

Update 1:  And more:

Email 4:

Subject: Ticкеt#676973058 <[email protected]> 23-10-2018 09:28:17 Your happiness depends on this letter
From: Bushey Neuzil <[email protected]>
Date: Tue, October 23, 2018 14:28
To:  [email protected]


You can visit the police station but they will not help you.I am foreigner.So
they can not catch my location even for 6 weeks.

Your system was infected by my virus.We turned on your web-cam,at the moment
you went to the porn web-page.Now we have the video with your masturbation.

We downloaded your contactlist so if you ask us to keep this secret you have
to pay 550 dollars in bitcoin.

Enter this wallet address – 1KpQmomQgh5Fkgqq3XtV5sDC6eaegjxoMB

(something like a credit card number). You have 30 hours after you open this
letter for making the transaction.

Goodbye.Think about the disgrace.