Posted by: David Harley | April 24, 2015

In-the-Wild (organ) harvest?

Being a guitarist, I’ve never really devoted much time to organ harvesting. (Sorry: I never could resist a pun, the worse the better.) In fact, there’s a long-standing urban myth about people in the US being drugged and waking up to find themselves in a bath of ice minus one of their kidneys, which has inspired several books/stories, movies and TV programmes. (Snopes, a site which is very informative on hoaxes and semi-hoaxes and which is also not averse to the occasional pun, has an article on the subject called You’ve Got to Be Kidneying.)

Of course, I’m not saying that organ harvesting never happens. There are obviously mechanisms for organ donation, whether it’s for close relatives or complete strangers. In fact, it’s quite common in some countries for people to sell their own organs, and I certainly wouldn’t claim that no-one has ever had an organ removed without their permission or knowledge. However, it tends to be quite difficult to verify stories of such misappropriation in the US or Europe, though there are reported links with human trafficking. And that’s not funny at all.

Still, I can’t help chuckling at this Art of Trolling post concerning an invitation to participate. Joke or social engineering? I think probably the former.

Hat tip to Kurt Wismer for calling it to my attention on his Security Memetics blog.

David Harley
Small Blue-Green World

Posted by: David Harley | April 8, 2015

Facebook Makes the World go Round

Well, I hope it doesn’t, but an awful lot of those people who don’t look up from their smartphones are probably on it. Facebook, like the social media in general, has enormous faith in its own algorithms, but I’m not sure that faith is justified. But how much difference does it make?

An article for ITsecurity.co.uk: Top Facebook Stories: Your Choice?

David Harley
Small Blue-Green World

Posted by: David Harley | February 12, 2015

Valentine Scams

[Update: clearly, someone at ESET thought they should make up for the dearth of Valentine posts last year: since I posted yesterday, Sabrina Pagnotta has warned us about 7 unromantic Valentines gifts from a cybercriminal, and Graham Cluley advises us that Sexy Russian scammers would love to break your heart this Valentine’s Day. I hope you’re all feeling the love from Bratislava.]

For ESET, Rob Waugh considers six common types of Valentine’s Day scams and how to spot them:  Is your valentine for real? Six signs you might be falling for an online dating scam

One gambit he doesn’t mention is the use of Valentine-related social engineering (using malicious links, fake ecards etc.) to deliver malware as Storm and Waledac (for instance) did. Of course, for that sort of clickbait, pretty much any holiday, news story, hoax video etc. will do.

Actually, it’s become somewhat traditional for my colleagues at ESET to take all the fun out of Valentine’s Day with doom and gloom about incoming scams, though we seem to have missed the boat last year:

Other seasonal blog articles from other vendors are, of course, available. I just don’t have the energy to go looking for them. ;)

David Harley
Small Blue-Green World

Posted by: David Harley | January 29, 2015

Tap Snake

Tapsnake Infection: not very likely

My first blog for Infosecurity Magazine for quite a while addresses reports of users of Android phones (but also iPhones and even Macs) seeing pop-ups telling them they’ve been exposed to an obsolete example of Android spyware and should therefore install a particular security program. Clearly, there’s something very hokey about this, uncomfortably reminiscent of the fake AV epidemic of not so many years ago.

David Harley

Posted by: David Harley | January 13, 2015

Some URL spoofing tricks

Further to the phishing post for ESET that I mentioned here, some comments I received indicated that people were particularly interested in the URL spoofing tricks I mentioned, so I expanded on some of those in an article on Phishing, Spoofing, and Looking a Glyph Horse in the Mouth for Kevin Townsend’s IT Security blog.

And that blog on CES security implications that I promised you, from Cameron Camp.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

 

Posted by: David Harley | January 8, 2015

Recognizing phishing plus 5 hot topics at CES.

I’ve just posted an article on how to recognize phishing messages on the ESET “We Live Security” blog.

Summary: While phishing-related malware is still mostly Windows targeting, attacks that rely purely on social engineering and fake web sites might be delivered by any platform, including smartphones and tablets. The more cautious you are, the better informed you are, and the more you think before you click, the more chance you have of leaving phishing craft stranded.

Complete with two horrendous visual puns.

And Cameron Camp, my colleague at ESET North America, has kicked off a visit to Las Vegas for CES (the International Consumers Electronics Show 2015) with five hot topics. He’s promised to follow up with a deeper look at digital invasion and privacy concerns in his next post.

Summary: With nearly 160,000 lust-ridden techies, corporate denizens and a few of us security types descending on a slightly crisp wintery Las Vegas to see what all the fuss is about at CES 2015, here are a few things to keep an eye out for this year at the show.

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Posted by: David Harley | January 6, 2015

Facebook Disclaimer: FB users still missing the point

A while ago, as I reported on this blog here, I published an article on ESET’s blog about Trust, Truth and Hoaxes in Social Media. The main point of the article was to address common misconceptions about Facebook’s right to control content that its subscribers post, with reference to a widely distributed but legally unhelpful disclaimer that people are posting to their wall in the hope of retaining control.

Security blogging veteran has made similar points today here: as his audience seems to be much bigger than mine, hopefully he’ll reach more Facebook users with his article. :) It’s not that this particular hoax is necessarily harmful, as such, and Facebook does deserve some of the criticism it has attracted for its ambivalent attitude towards the privacy of its users. But this disclaimer is based on at best a partial understanding of Facebook’s view towards its users’ content.

In FB’s own words:

Our philosophy is that people own their information and control who they share it with. When a person shares information on Facebook, they first need to grant Facebook a license to use that information so that we can show it to the other people they’ve asked us to share it with. Without this license, we couldn’t help people share that information.

[…]

People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them—like email addresses, phone numbers, photos and so on—to other services and grant those services access to those people’s information. These two positions are at odds with each other. 

People spreading the hoax (and claims that the story is supported by reputable TV channels are clearly intended to mislead, so hoax isn’t too strong a word) are not only misunderstanding how Facebook works, but expect the disclaimer to afford them a degree of protection that it can’t possibly provide.

David Harley

Posted by: David Harley | December 12, 2014

Recognizing Facebook hoaxes

Rob Waugh’s article for ESET, Facebook hoax – how to tell instantly if a story is fake sounds as if it’s promising more than it can deliver. However, as a summary of some common types of hoax and scam, it’s worth a look. The sort of brief summary that Facecrooks often does well.

David Harley

Posted by: David Harley | December 10, 2014

A hoax is not just for Xmas

Yesterday, I put up a new post on ESET’s WeLiveSecurity site, about Trust, Truth and Hoaxes in Social Media. The main point of the article was to address common misconceptions about Facebook’s right to control content that its subscribers post, with reference to a widely distributed but legally unhelpful disclaimer that people are posting to their wall in the hope of retaining control.

A couple of other issues are also addressed there: a widely distributed hoax message claiming that Facebook is trying to stop a nativity picture being posted (not the case), misleading photographs incorrectly labelled to persuade FB users in the UK that their MPs are only interested in debating their expenses and salaries, and a more-or-less-true but outdated warning about a premium rate scam that was current several years ago.

However, another story caught my eye today, one that claims that Loggers Accidentally Cut Down World’s Oldest Tree in Amazon Forest. Well, I don’t for a moment say that deforestation (legal or otherwise) isn’t a critical issue in the Amazon (and elsewhere), or that riding roughshod over the culture and beliefs of native communities never happens. But in this instance, the story comes from World News Daily Report, whose reputation for the accuracy of its reporting is non-existent. As, apart from Hoax-Slayer’s brutal analysis, you might also gather from the tone of its About Us page and various highly probable stories also to be found on the site such as Mexican Drug Smugglers Eaten Alive By Giant Squids After Boat Sinks Near Coast Of California  and Plastic Surgeon Gives Free Nose Jobs to Homeless for Christmas. 

I’m sure there must be a use for this sort of thing, but I can’t quite think what it might be. I guess I don’t have a future as a satirist. There again, given the behaviour of some MPs, maybe there isn’t a difference between satire and real life anymore.

David Harley
Small Blue-Green World

Posted by: David Harley | October 26, 2014

This is how to do tech support

I actually saw this a few months back, but didn’t do anything with it until Kurt Wismer reminded me of it. It’s a G+ post by Chris Blasko on how he used his ‘powers’ as a sysadmin to disrupt a telemarketer. I don’t advocate vigilante action as such against nuisance callers, for a number of reasons, but I have to admit that this was a highly amusing example of social engineering. As Kurt remarks, it would have been even funnier used against a support scammer.

David Harley
Small Blue-Green World 

Older Posts »

Categories

Follow

Get every new post delivered to your Inbox.