My Path into Information Security

Let me be the first to say that I appreciate the path I took to get into the Information Security field.  Today, the more common name for the field is Cybersecurity, which I will short hand as cyber for the rest of this post.  I know there are purists that totally hate the short form, but they are not typing this, I am.  A recent effort by my nephew to consider a career change to move from a sales rep into cyber got me thinking about my path into the field. First, I was on the  leading edge of the Continue reading My Path into Information Security

Craigslist Service Providers Beware @interviewsessions on Telegram

I recently worked an incident where a an executive’s persona was impersonated through the use of gmail account to respond to service offerings posted on Craigslist for graphic artists offering up interviews for corporate positions. Once the person who posted the service offering got the e-mail from the executive, the scammer tried to move the interview process to Telegram. This is not much different from the Job Groups people create for metro areas on Facebook and scammers try to move the interview to Google Hangouts for jobs that don’t exist. In the case of Telegram, we were provided the User Continue reading Craigslist Service Providers Beware @interviewsessions on Telegram

Get The Scoop on Facebook Ads

I recently started getting inundated with ads for Lightroom presets and Photoshop overlays and actions when on Facebook. They all purport to be worth several hundred to over a thousand dollars in value. Intrigued by one ad offering $694 worth of these items for $19, I followed the link in the ad to a myshopify site where the price was actually listed as $29. I went back to Facebook to report the ad as misleading and during the process Facebook offered a menu option to review all ads by this advertiser. I clicked the link to view all of the Continue reading Get The Scoop on Facebook Ads

Who is Emogene Floyd? LinkedIn intelligence gatherer? Russians? Chinese? Iranians?

Recently saw where a person decided to impersonate an employee of the company on LinkedIn, but something did not quite add up when the name was cross-referenced internally.  Some due diligence located a deceased person whose obituary photo had been usurped for the fake LinkedIn account.  Smart enough not to take the bait on my contact request, but lots of interesting log entries hitting this site without a valid vhost.   Lesson to be learned by the folks who accepted the contact requests, validate a supposed co-worker is actually an employee or contractor before accepting the request.  Trust, but verify, when using Continue reading Who is Emogene Floyd? LinkedIn intelligence gatherer? Russians? Chinese? Iranians?

Nigerian Grant Scammers

Originally a Facebook post and note. So a friend’s Facebook account got counterfeited (duplicated and made to look like her messenger account) and started contacting me over messenger. So I played along, while making contact with her via another comms channel to verify and let her know. Starts off simple enough; then there is a reference to some money via a grant. A quick Google turned up it was indeed fraud. So, I shared to link to my server in hopes they would follow it and let me see their source IP address. They took the bait and wouldn’t you Continue reading Nigerian Grant Scammers

2009 Mac Book Pro El Capitan SSD Upgrade

In trying to get a little more life out of my 2009 Mac Book Pro (MBP), I decided to pick up a Solid State Drive (SSD). My original plan was to clone the old drive over to the new SSD, but that plan was eventually discarded in favor of a clean install of OS X El Capitan. The issues I ran into with the clone attempt were several. First, the new drive was 960GB while the existing drive was 1TB. In Yosemite, I could get into Disk Utility from the option key boot menu. The problem was the disk recovery Continue reading 2009 Mac Book Pro El Capitan SSD Upgrade

Nginx and Blocking Countries Redeux

After having some issues with this new server build and Apache2, I decided to move over to Nginx for the web server. This meant I had to figure out how to get a Linux, (e)Nginx, MySQL, and PHP (LEMP) server going.  Although I am not a DigitalOcean customer I used a great tutorial from them to determine what I needed on the Nginx and PHP5-FPM side of things and left off the other steps pertaining to Linux and MySQL.  I also had to recreate my self-signed cert for SSL which I did using these instructions from DigitalOcean. These portions of the Continue reading Nginx and Blocking Countries Redeux

Internet Neighborhoods

Deciding on which web hosting provider to use should be based on more than the hosting fee, or you stand the possibility that your site will end up on a blacklist that may prevent many of your potential visitors from reaching your site. Whether you are hosting a blog or a small business website, your ultimate goal is to have your site serve your visitors the content you want to share. But if your site is hosted as a virtual site on server that might be actually hosting hundreds of other web sites, you shouldn’t be surprised when potential visitors Continue reading Internet Neighborhoods

The Five – Countries

After much monitoring of malicious traffic and hacking attempts against this server, I have taken the ultimate draconian measure of blocking all countries except our US allies: Canada, United Kingdom, Australia and New Zealand. The attempted attack that broke the camel’s back came yesterday with an attempt to have WordPress download malicious content from another site. The attempted download failed, but I manually went and got the files only to find they were trying to load an IRC Bot, web shell, deface my site, and use it to scan for other victims. So recky aka bogel, and x0re; sorry it Continue reading The Five – Countries

Blocking Countries – Sad State of the Internet

After seeing how many attempted WordPress logins for invalid accounts there were through Wordfence, I decided to look into blocking the offending countries that were routinely in the list.  I started by trying to use TCP wrappers and adding country IP ranges to the /etc/hosts.deny file.  This seemed to be an exercise in futility and not very effective.  While the IP ranges are available lots of places on the Net, there were none already formatted to the required hosts.deny syntax.  After a couple of weeks, I gave up on hosts.deny idea and started looking into doing it on my firewall Continue reading Blocking Countries – Sad State of the Internet