Thursday, March 15, 2018

That was a bit creepy...

So, anyway, for a variety of reasons which are not terribly important now, I decided to start using google calendar today.

First thing it did was ask if it could access my contacts. I generally say no to that sort of request, but, on this occasion, I thought, "What harm could it do?", so I clicked the OK button.

A couple of seconds later, I was shocked to find that it had populated my calendar with a couple of hundred birthdays.

Now I'm not opposed to wishing my friends a happy birthday on their special day, but some of the people in my contacts list are just business acquaintances, rather than "friends", and I would not think it appropriate to know things like that, let alone to wish them a happy birthday.

I thought, "How the heck did google know that just from a phone number or an email address? And what else do they know???"

I mean, I like google, and I consider them Good Guys, but I am concerned about the Privacy Revolution (more about that later), so with a rising sense of anxiety, I figured I'd better look at my contacts, to see if anything obvious was being leaked incorrectly.

Imagine my surprise when the first guy I looked at was not in my address book. Nor the second. Nor the third. None were in my address book. Wait ... what...???

Then I thought, "If it didn't get them from my address book, where did they come from?", and I thought... "FaceBook!!!", but then I poked around a bit, and realized that lots of them weren't friends on FaceBook either... and then, it dawned on me...

Ages ago, I'd joined google plus, but hadn't used it much, and had forgotten about it.

Yup. That's where they came from.

I was a dummy. I don't often admit it, but I was wrong.

Google calendar seems very nice.

As long as it doesn't start laughing at me...

Tuesday, February 27, 2018

Pretty good Apple phish

So, anyway, I've noticed a lot of Apple phishes coming into my email honeypots, and they're convincing enough to catch the unwary, so I thought I'd document it here a little bit. The initial email looks something like this ...
If you click the link, it takes you to this screen ...
which looks pretty convincing, unless you actually parse out the URL in the address bar, at which time you realize it ain't If, however, you are unwise enough to put your AppleID and password in,(or, as I did, just a bogus pair), you are taken to this screen ...
Followed by this one, which is really the point of the whole thing .... they want your credit card.
The screens, unfortunately, are convincing enough that they'll probably catch a few folk. Be cautious out there. Www stands for World War Web.