I love this post by Merlin. How people can (mis)treat the people that they want work from.
Reminds me of this YouTube video.
Thursday 11 November 2010
Wednesday 6 October 2010
.ly domain space to be considered unsafe
Unfortunate, when there is no central control over Domain Name registration this stuff can happen.
Article here
The Libyan Domain Name Registry is grabbing back .ly domain names and stating that less than 4 character domain names in the .ly namespace must be held by Libyan residents. In addition, websites in this domain space must comply with Libyan Sharia Law.
Wondering what impact this will have on bit.ly, owl.ly and ad.ly?
Article here
The Libyan Domain Name Registry is grabbing back .ly domain names and stating that less than 4 character domain names in the .ly namespace must be held by Libyan residents. In addition, websites in this domain space must comply with Libyan Sharia Law.
Wondering what impact this will have on bit.ly, owl.ly and ad.ly?
Hacking the D.C. Internet Voting Pilot
Very good article on the pilot test of the system which will allow overseas military personal to vote online.
A shell-injection vulnerability which allows the remote commands to be executed.
Evil happens when you allow the temp file to retain commands in the file extension.
A shell-injection vulnerability which allows the remote commands to be executed.
Evil happens when you allow the temp file to retain commands in the file extension.
Saturday 28 August 2010
Heads up on the following fallacious information floating around Facebook
Facebook launched Facebook Places yesterday. Anyone canfind out where you are when you are logged in. It gives the actual address & map location of where you are as you use Facebook. Make sure your kids know. TO UNDO: go to"Account", "Account Settings", ..."Notifications", then scroll down to "Places" ...and uncheck the 2 boxes. Make ...sure to SAVE changes and re-post this!!
This does not turn off Facebook Places - it simply stops you recieving Facebook Places notifications from friends.
Facebook Places only works from GPS enabled devices (eg iPhone and Android). You need to be running the Facebook app ...and check-in through that app for it to send out notifications of your location
If you want Facebook Places to not post your location from your mobile phone - don't use it. Don't check in from your mobile phone. No need to change any settings in Facebook for this.
However, it is important to understand when you agree to an iPhone or Android app sending location information from a GPS mobile phone, what is sent and who it is sent to. It is too easy to click through those dialogues.
Finally, tell your kids to not post anything that they do not want handed to them during a job interview. It is the best way to approach this form of self-exposure rather than try to alter ever-changing privacy settings.
Facebook launched Facebook Places yesterday. Anyone canfind out where you are when you are logged in. It gives the actual address & map location of where you are as you use Facebook. Make sure your kids know. TO UNDO: go to"Account", "Account Settings", ..."Notifications", then scroll down to "Places" ...and uncheck the 2 boxes. Make ...sure to SAVE changes and re-post this!!
This does not turn off Facebook Places - it simply stops you recieving Facebook Places notifications from friends.
Facebook Places only works from GPS enabled devices (eg iPhone and Android). You need to be running the Facebook app ...and check-in through that app for it to send out notifications of your location
If you want Facebook Places to not post your location from your mobile phone - don't use it. Don't check in from your mobile phone. No need to change any settings in Facebook for this.
However, it is important to understand when you agree to an iPhone or Android app sending location information from a GPS mobile phone, what is sent and who it is sent to. It is too easy to click through those dialogues.
Finally, tell your kids to not post anything that they do not want handed to them during a job interview. It is the best way to approach this form of self-exposure rather than try to alter ever-changing privacy settings.
Friday 9 July 2010
Classic Craiglist Money Order Scam in the wild
Story of a girl who got a job and then a simple request by her new "boss".
-----------
My friend accepted a job as a 'personal assistant' she found on CL. So far her boss, who says he is out of the country in Ireland, has sent her two Western Union money orders for $950 each, and her job was to put the money orders in the bank, take out a $300 for her trouble and then send the rest to some other person. (The last one was in Dubai)
This seems incredibly fishy. Is there a reason she shouldn't be doing this? She knows literally nothing about the guy other than his email address, phone number and first name.
UPDATE: She didn't seem to think it was as big of a deal as I do. I think she's embarrassed and doesn't want to admit it. She has a savings account with money in it from modeling or something when she was a kid, so she said if it turns out it was a scam (and not money laundering like she thought at first), she'll just have to pay the money back and be out $1700.
----
This is why CraigsList has this statement at the bottom of the page
* DEAL LOCALLY WITH FOLKS YOU CAN MEET IN PERSON - follow this one simple rule and you will avoid 99% of the scam attempts on craigslist.
* NEVER WIRE FUNDS VIA WESTERN UNION, MONEYGRAM or any other wire service - anyone who asks you to do so is a scammer.
* FAKE CASHIER CHECKS & MONEY ORDERS ARE COMMON, and BANKS WILL CASH THEM AND THEN HOLD YOU RESPONSIBLE when the fake is discovered weeks later.
* CRAIGSLIST IS NOT INVOLVED IN ANY TRANSACTION, and does not handle payments, guarantee transactions, provide escrow services, or offer "buyer protection" or "seller certification"
* NEVER GIVE OUT FINANCIAL INFORMATION (bank account number, social security number, eBay/PayPal info, etc.)
* AVOID DEALS INVOLVING SHIPPING OR ESCROW SERVICES and know that ONLY A SCAMMER WILL "GUARANTEE" YOUR TRANSACTION.
-----------
My friend accepted a job as a 'personal assistant' she found on CL. So far her boss, who says he is out of the country in Ireland, has sent her two Western Union money orders for $950 each, and her job was to put the money orders in the bank, take out a $300 for her trouble and then send the rest to some other person. (The last one was in Dubai)
This seems incredibly fishy. Is there a reason she shouldn't be doing this? She knows literally nothing about the guy other than his email address, phone number and first name.
UPDATE: She didn't seem to think it was as big of a deal as I do. I think she's embarrassed and doesn't want to admit it. She has a savings account with money in it from modeling or something when she was a kid, so she said if it turns out it was a scam (and not money laundering like she thought at first), she'll just have to pay the money back and be out $1700.
----
This is why CraigsList has this statement at the bottom of the page
* DEAL LOCALLY WITH FOLKS YOU CAN MEET IN PERSON - follow this one simple rule and you will avoid 99% of the scam attempts on craigslist.
* NEVER WIRE FUNDS VIA WESTERN UNION, MONEYGRAM or any other wire service - anyone who asks you to do so is a scammer.
* FAKE CASHIER CHECKS & MONEY ORDERS ARE COMMON, and BANKS WILL CASH THEM AND THEN HOLD YOU RESPONSIBLE when the fake is discovered weeks later.
* CRAIGSLIST IS NOT INVOLVED IN ANY TRANSACTION, and does not handle payments, guarantee transactions, provide escrow services, or offer "buyer protection" or "seller certification"
* NEVER GIVE OUT FINANCIAL INFORMATION (bank account number, social security number, eBay/PayPal info, etc.)
* AVOID DEALS INVOLVING SHIPPING OR ESCROW SERVICES and know that ONLY A SCAMMER WILL "GUARANTEE" YOUR TRANSACTION.
Wednesday 7 July 2010
The Secret Stash Project
yiting cheng does a decent job of showing you how to hide stuff in plain sight.
yiting cheng does a decent job of showing you how to hide stuff in plain sight.
Wednesday 26 May 2010
Facebook - The Privacy Reality
After seeing a lot of articles appearing on the new facebook privacy changes, I think that the only reasonable response to these and future changes is the following:
Do not post anything on Facebook that you want to keep private
You have to be aware that your posted content and personal information can be sold to a third party without your consent.
Currently, your information can be secured within Facebook using the new privacy settings, however, as has been seen in the recent past, Facebook is highly likely to change their privacy policy in the future.
So, the only control that you as a Facebook user have is to limit the information you provide through this social website.
Do not post anything on Facebook that you want to keep private
You have to be aware that your posted content and personal information can be sold to a third party without your consent.
Currently, your information can be secured within Facebook using the new privacy settings, however, as has been seen in the recent past, Facebook is highly likely to change their privacy policy in the future.
So, the only control that you as a Facebook user have is to limit the information you provide through this social website.
Saturday 2 January 2010
Security Concerns with using your iPhone as a Credit card reader
I always thought it was strange that Apple Stores used Windows CE devices to take payments. It is testament to the power that Microsoft's Mobile OS has in the payment field, while Apple seems to have a struggled in this area.
Supposedly some folks are trying to change this and the new Card Readers for Apple portable devices are appearing.
The only reason this story is appearing here in the ZIS blog is due to the lack of basic security provision in these new addons. Slide card readers should be on their last legs and I was surprised by use of them in North America when I was last there.
Supposedly, new cards issued by North American Banks are being shipped with chips but the hardware suppliers should be on this movement as well. While chip and pin has its problems as well documented by the security group out of Cambridge and specifically Stephen J Murdoch, no one would dispute the technical advantages it has over the older magnetic strip system. The main concern that S J Murdoch has is the banks assertions that the system is completely secure and that any fraudelent activity that takes place is due to card user lack of diligence and not their systems.
I would assume that products being designed now would include at least chip and pin and adhere to the basic PCIDSS requirements.
Supposedly some folks are trying to change this and the new Card Readers for Apple portable devices are appearing.
The only reason this story is appearing here in the ZIS blog is due to the lack of basic security provision in these new addons. Slide card readers should be on their last legs and I was surprised by use of them in North America when I was last there.
Supposedly, new cards issued by North American Banks are being shipped with chips but the hardware suppliers should be on this movement as well. While chip and pin has its problems as well documented by the security group out of Cambridge and specifically Stephen J Murdoch, no one would dispute the technical advantages it has over the older magnetic strip system. The main concern that S J Murdoch has is the banks assertions that the system is completely secure and that any fraudelent activity that takes place is due to card user lack of diligence and not their systems.
I would assume that products being designed now would include at least chip and pin and adhere to the basic PCIDSS requirements.
Subscribe to:
Posts (Atom)
Posts
