Wednesday, December 31, 2008

Don't be a donkey, they just want a mule

Hi folks,

Today I received this in the email...

>Hello ,

>Make $10,000 per week working from home. No experience necessary.

>Do you wish you could make money regardless of where you are, work or home?


>Stop wishing. Get a life of freedom where you can do what you want, when
>you want, all while making a good living from wherever you want.

>Register on our website,"

Ten grand a week working from home? Gosh, I'd be a fool not to follow up on that ... wouldn't I?

Heh. If you follow up, of course, eventually you find that all they want you to do is move money through your account, for which you get to keep a percentage. Very easy money.

Or maybe they want you to receive packages, and re-pack the contents and send them overseas somewhere, and again, it's easy money.

Until the Secret Service shows up, that is, and explains that the money and/ or the goods have been obtained illegally, and you are now in a spot of bother.

It's called being a mule, and such pitches are both more common and more tempting in these difficult finanacial times.

Bottom line is that, even on the Internet, if it sounds too good to be true, it probably is.

Keep safe folks,



Roger

Tuesday, December 30, 2008

Forged CAs

Update #1 - Jan 2nd, 2009

It looks like Versign has fixed it (or at least thinks it has) ...

https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php

Reading between the lines, they've tweaked their cert issuing backend so that vulnerable certs cannot be issued. In other words, what the Clever White Hats originally did was get a website cert and then turn it into a root cert, and Verisign has changed their procedures so that vulnerable certs can no longer be issued.

This is called a work-around, as opposed to a true fix, but it's probably good enough.

We'll continue to monitor the situation, but I think all is well.

Cheers

Roger


Hi folks,

One of the most interesting developments in the last few weeks came at the 25c3 conference. The nub of the matter is that some really clever researchers have figured out how to break SSL. In other words, if this stuff was to become widespread, you couldn't trust a website anymore that was offering an https connection.

This would suck for the web in general, except that it's hard to duplicate. What this means is that it probably falls into the category of "This will be really bad if it ever happens, but it's by no means certain to happen."

I don't think there are any easy fixes for this, and we'll just have to watch to see how it unfolds.

I'm just glad it's at least hard to duplicate.

Cheers

Roger

Tuesday, December 16, 2008

Awww.... puppies?

Hi folks,

A couple of days ago, I got this in email...

"GOOD DAY,

HOW ARE YOU DOING ? HOPE FINE.

MY NAME IS REV.PAUL xxxxx I AND MY WIFE AND 3 KIDS ARE ON A CHRISTIAN MISSION TO AFRICA AND WE CAME ALONG WITH OUR 2 TEACUP YORKSHIRE TERRIER BABIES. (BOTH ARE 14 WEEKS OLD) AFTER A WHILE WE NOTICE THAT THE AFRICAN WEATHER IS NOT GOOD FOR THERE HEALTH AND WE HAVE NOT BEEN ABLE TO TAKE GOOD CARE OF THEM THE WAY WE ALWAYS DO, BECAUSE OF MY JOB. THEY ARE AKC REGISTERED. - TEACUP. HOME RAISED,VACCINES & HEALTH GUARANTEE.

WE NEED SOMEONE TO ADOPT BOTH AND TAKE CARE OF THEM THE WAY WE ALWAYS DO. IF YOU CAN TAKE GOOD CARE OF THEM, DO SEND A REPLY AND WILL EMAIL YOU WITH MORE INFO.

P/S: PROVIDE A CONTACT PHONE NUMBER FOR FURTHER COMMUNICATION.

WE HOPE TO READ FROM YOU.

REGARDS,

REV. PAUL & MARY xxxxxx
MOTTO: IN GOD WE TRUST."

Now, I know he's a Reverend, and I know they're just little puppies, so nothing could go wrong with that, could it?

Heh. Of course, it's just another 419 scam, but it's a bit funny. Oh, and watch out for the "Pretty Russian girl" who wants to be your friend too.

Cheers

Roger