I recently published a post about blackmail spam in which the spammer was (as far as I could tell) unsuccessful in their efforts to scam people. Unfortunately, another campaign dropped into my inbox over the last couple of days where the spammer has been much more successful. I’m not going to do the full breakdown…
Taking a look at blackmail spam
Introduction Like many people, I receive quite a lot of spam email. Unlike most, I actually read it, because it’s often interesting. I’ve had a number of email addresses, and between them I think at least one of my email addresses has been included in most of the big website breaches over the last eight…
We Live In The Future
I grew up on science fiction. I loved reading stories of The Future, where space travel was commonplace, where all energy was generated cleanly, and where we worked side-by-side with machine intelligences to accomplish tasks. Of course, that wasn’t what most of the books were about; space travel, clean energy, and A.I. were just part…
Moving to Ubiquiti Unifi
It’s no secret that I enjoy working with new technology and figuring out better ways to do things. For the last couple of years I’ve been dissatisfied with how my internal network was configured; I was using a basic, off-the-shelf, all-in-one consumer-grade router/wireless access point, and while it normally worked okay, it didn’t always give me…
It’s always DNS
I host a few websites for myself and family on DigitalOcean. Up until recently, I’ve always just spun up a new droplet for each site, so they were all fully independent from each other; this was the easiest and most convenient way to get a new site up and running without jeopardizing uptime on other…
Memcached abuse opens door to massive DDoS attacks
A new reflection attack was unveiled today which can increase the size of a DDoS attack by 51,000-fold. It uses memcached, an object caching system designed to speed up web applications, to amplify attacks against a target. This represents a substantial increase from previous attacks, which have used network time servers to amplify attacks 58-fold…
New Apache Web Server bug can reveal server memory to attackers
Another day, another vulnerability in a widely-used software package. Today’s bug (dubbed Optionsbleed by Hanno Böck, the journalist who documented the vulnerability) can reveal passwords and other pieces of vital information to attackers. While not as big of a threat as Heartbleed, a similar bug which allowed attackers to snag private encryption keys for servers (which…
New WordPress Vulnerability Results in ~2 Million Defaced Sites
The vulnerability was patched in WordPress v4.7.2 two weeks ago, but millions of sites haven’t yet updated. This leaves them open to a vulnerability in the WordPress REST API, which can allow malicious actors to edit any post on a site. Ars Technica has a very nice writeup on the effects of the exploit, which…
Is it time to abandon antivirus software?
I’ve noticed a growing trend in more advanced computer users lately: some of them have begun advocating against using antivirus software. Instead, they suggest using browser extensions like uBlock Origin (which I use and recommend), combined with safe browsing practices, to remove the need for antivirus software altogether. Ars Technica did a very nice write-up on this trend today,…
New Host!
I’ve finally moved to a VPS on DigitalOcean, from my previous (free) shared hosting. I did this for a couple of reasons: first, while my hosting was free for a year with my domain name, that year was almost up. To renew my hosting for the second+ year, I would have needed to pay $38.88/year;…