Lady, are you a real geek?
I was out doing front yard work late this afternoon when I heard a neighborhood kid say “Lady, are you a real geek?” I looked up in surprise, dropped my garden shears (almost stabbed my arm) and saw a gangling, 11 or so brown haired boy staring straight down at me. I peeked back at him over black-rimmed eye glasses and said “why do you ask?”
11ish Boy [pointing at my tee shirt]: Sometimes you wear strange clothes…
Me: What! What is so strange about there’s no place like 127.0.0.1?
11ish Boy: What do the numbers mean? My mom says that your’re one of those weird Internet geeks.
Me: Do you know anything about networks?
11ish Boy: No.
Me: It’s a computer’s loopback address. You can Google it.
11ish Boy: Aah ok.
Me: What does your mom do for work?
11ish Boy: She plays Farmville all day.
Me: Interesting…
Source: Uploaded by user via Bev on Pinterest
After 11ish boy left, I started thinking about the boys’ question. Am I a real geek? Maybe…
_____________________________________________________________________________
BTW Twitter, your Tweetdeck bug was a privacy breach…
Last Friday Techcrunch, C|NET, CNN Money and other tech sites reported that some Tweetdeck users had access to other Tweetdeck user accounts. The issue was first reported on Twitter with a tweet from Geoff Evason: “A bug in your software has given me access to hundreds of accounts.”
Twitter status [short & succinct]
TweetDeck is currently down while we look into an issue. Apologies for the inconvenience.
At the time of this blog post Twitter’s @Tweetdeck remains non-responsive.
The capability to access other Twitter accounts via Tweetdeck without a password does not smack of a mere bug. If we allow social networking sites to continue downplaying privacy breaches as insignificant and incidental – bugs will continue to trump the truth.
Do you think that social networking sites should take more responsibility for privacy breaches and “bugs?”
Twitter’s latest twist in the “Profile Views” scam
The latest Twitter “visit my profile for the website!” scam is following hot on the heels of a recent Facebook viewer profile scam that was reported by Sophos last Tuesday. The current Twitter scam builds on prior profile view scams but now includes an interesting twist. Instead of placing a link directly in the tweet, the scammer now points you to their profile. Using shortened URL services – the scammer profile includes a Bit.ly link that redirects to TinyURL.com, with the final HTTP Redirect to a co.cc domain with a request for an OAUTH token to authorize S,E,E |||| W.H.O version 1.4, a malicious Twitter app.
Once you authorize this malicious app, you will be logged into the viewers area at co.cc. Next, you have to complete a short survey in order to unlock the page. You have a choice of five surveys to complete. Each survey leads to unsavory websites that include phishing.
The information that most of these surveys request include:
- Full name
- Complete address
- Date of Birth
- Phone number
- Email address
- Income
- Education
- Credit card information
Many of these scam surveys also want you to provide the last 4 digits of your social security number for age verification. I had a grand chuckle over yesterday’s verification popup because it helps them from confusing me with another consumer…
Within a few hours of authorizing this app, you will note activity on your twitter account. The tweets include a TinyURL link that changes every 7-10 minutes until Twitter’s spam trap catches it.
The art of social spamming
It is not surprising to find CTO of CPALead, LLC, Jason Swan sitting at the helm. Last year Facebook filed a lawsuit against him:
In three separate complaints, we allege that Steven Richter, Jason Swan, and Max Bounty, Inc. used Facebook to offer enticing, but non-existent products and services. According to our complaints, the defendants, among other things, represented that in order to qualify for certain fake or deceptive offers, people had to spam their friends, sign up for automatic mobile phone subscription services, or provide other information. –Facebook
Social spam is interactive and Blackhat affiliate marketers are very aware of this fact. Often they use CPM (Cost Per Action affiliate marketing) techniques to lure potential victims into clicking on offers that are obviously too good to be true to the lot of us. Unfortunately, they manage to entice plenty of gullible believers into pursuing these fraudulent iPad or $1,000.00 gift certificate scams…
Let the spam begin
After running two test accounts with this malicious app – Twitter filtering was able to intervene within the space of an hour:
The test email accounts were not so lucky. Email spam from domains like Smart-buyertoday was the first to hit my inbox inviting me to click for more enticing offers. By tomorrow I should have an inbox full of bogus offers and these test email addresses will become part of the spammers database of online-idiots-who-can-be-easily-seduced.
Unlocking the screen at co.cc
Once the co.cc viewers panel is unlocked , the follow button leads directly to Unfriend Finder at userscripts.org. Unfriend Finder is a script that assists you in finding out who defriended you on Facebook. Ironically, there is also an Unfriend-Finder (SyncMyFriends) Facebook application (most likely another rogue app) that does not appear to be connected to userscripts.org or the UnfriendFinder Official Site.
No app can tell you who viewed your profile
This Darkhat affiliate scam has been around the block for a few years now. Though Twitter is proactive in shutting down fake profile tweetstream links – they still need to address tweets that direct people to bogus profile redirect links.
People that are new to Twitter platform could easily get caught up in clicking on a fake profile link. On the other side of the coin, there are those who are simply too gullible to have an account on any social networking site. You know the type – they click on every link that appears on their screen and they install every app that they run across. In the good old days we would have told them to unplug their computer, pack it up and ship it back to the vendor…
Do you have any thoughts on ways to address rogue apps on Twitter?
Canadian Tax Refund Phishing Scam Steals IRS Copyright!
Another day and another scam. This morning I received a Canadian Income Tax and Benefit Return claiming to be from the Canada Revenue Agency. There was one serious error in this phishing email that many of you would flag in a heartbeat – their copyright: Internal Revenue Service. All rights reserved. Perhaps they need to hire a better proofreader so that they do not mix up the nations that they are trying to scam.
There were several warning flags:
- I am not a Canadian citizen.
- IRS Copyright error.
- Filling out personal identifiable information (PII).
- Email headers: Originating hostname: 64.79.102.35.rdns.clusterspan.net based in Seattle, WA. (the GEO location is not based in Canada honey).
Though the graphics looked official with no grammatical errors the Tax Refund Online Form requests the following information: Email address, full name, credit card number, card expiration, CSC number, billing address, date of birth, work & home phone numbers, current employer, mother’s maiden name and social insurance number. Imagine what they could do with all this information! Believe me, there are people out there who would comply with this request and cry sham when their identity or bank accounts get ripped off…
The CRA does never does the following:
- The CRA will not request personal information of any kind from a taxpayer by email.
- The CRA will not divulge taxpayer information to another person unless formal authorization is provided by the taxpayer.
- The CRA will not leave any personal information on an answering machine.
You can view other samples of fraudulant emails and Online Refund Forms at the Canada Revenue Agency.
In order to make their claims seem more believable, the scammers often include seemingly official tax department logos, copyright notices and secondary links that lead to the genuine tax department website. Internet users should be very cautious of any emails that purport to be from their nation’s tax department that ask them to provide personal information by following a link or opening an attachment. No legitimate taxation body is likely to inform taxpayers about a possible refund and ask them to provide personal information via an unsolicited email. –Hoaxslayer
Dear Google Search-Husband…
You have been limiting and rearranging my search life to the point where I am no longer able to conduct a relevant or worthwhile search online. I have been ultimately powerless in this search-marriage for a few years now, and in order to regain my sanity I have no option but to divorce you. I will admit part of the reason for the sad state that our search-relationship is in today is due to my lack of keeping tabs on you. I have been like a frog sitting in a pan of warm water for too long. The intercalary structures of my toe pads need a break from the pending heat.
I also have a confession to make. I’ve been having an ongoing search-affair with DuckDuckGo
(DDG) for about a year now. We are at the point in our relationship where it is time to consider consummating our search-relationship. DDG is refreshing and does not limit me by trying to guess what I am searching for based upon prior behaviors.
Ashen devlesa,
Your soon to be Ex-search Wife
