Exploring an iCloud Phishing Server Ring [Link]

March 16, 2017 by Gabe | [mmd] | ℳ↫

This story by Brian Krebs is an amazing breakdown of an iCloud phishing ring. It not only provides a lot of detail about the thinking behind these phishing services (and all those phishing emails you get) but it's a study in human nature too:

This is where the story turns both comical and ironic. Many times, attackers will test their exploit on themselves whilst failing to fully redact their personal information. Jonatan apparently tested the phishing attacks on himself using his actual Apple iCloud credentials, and this data was indexed by Jonatan’s phishing account at the fake iCloud server. In short, he phished himself and forgot to delete the successful results.

Older articles

  1. Who Owns Your Email

    March 06, 2017 by Gabe | [mmd] |

    Email is more than just a communication tool for me. With unbelievably inexpensive storage options and incredible search and filtering my email is now a filing cabinet. I make the extra effort to organize my email archive because it improves my search experience, but even if I just moved everything ...

  2. Security for Living Under the American Regime

    February 23, 2017 by Gabe | [mmd] |

    Living in a country with the second best espionage infrastructure in the world, I like to think I'm prudent. Be that as it may, there's always more to consider and I've shared this site with many of my friends. It's a good primer on securing your ...

  3. How to Bury a Major Breach Notification [Link]

    February 22, 2017 by Gabe | [mmd] | ℳ↫

    From Brian Krebs:

    That’s because in addition to compromising the download page for this software package, the attackers also hacked the company’s software update server, meaning any company that already had the software installed prior to the site compromise would likely have automatically downloaded the compromised version when ...

  4. Americans and Cybersecurity [Link]

    February 14, 2017 by Gabe | [mmd] | ℳ↫

    A new study out last month from the Pew Research Center show that americans understand the security risks online but are pretty bad at protecting themselves.

    The survey also finds that Americans are not always vigilant in the context of mobile security. For instance, 28% of smartphone owners report that ...

  5. Google Ordered to Hand Over Foreign Email [Link]

    February 06, 2017 by Gabe | [mmd] | ℳ↫

    From Betanews:

    In Philadelphia, Magistrate Judge Thomas Rueter said: "Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States". He ruled that ...

  6. KFC Facial Recognition Trial [Link]

    January 10, 2017 by Gabe | [mmd] | ℳ↫

    Really, what could go wrong here:

    the system would tell a male customer in his early 20s to order a set meal of crispy chicken hamburger, roasted chicken wings and coke for lunch, while a female customer in her 50s would get a recommendation of porridge and soybean milk for ...

  7. DROP TABLE LTD [Link]

    January 06, 2017 by Gabe | [mmd] | ℳ↫

    From the "the future kind of sucks" files comes this update out of the UK. There's now a company named for a SQL injection attack. I'm hopeful that the global economy will survive ; DROP TABLE "COMPANIES";-- LTD's first public offering.

  8. The Download on the DNC Hack [Link]

    January 04, 2017 by Gabe | [mmd] | ℳ↫

    Another great summary from Brian Krebs. No matter which side you fall on politically, this stuff should concern you. The problem isn't whether there is hacking, the problem is that we can't even believe the official responses so it leaves a vacuum of information that is readily filled ...

  9. Evernote, Humans, and Machines

    December 19, 2016 by Gabe | [mmd] |

    The recent Evernote privacy policy brought about considerable response from the nerds.

    Here’s the relevant section many are concerned with (highlighting is mine):

    The latest update to the Privacy Policy allows some Evernote employees to exercise oversight of machine learning technologies applied to account content, subject to the limits ...