Entries by David G (Chuzpah) (32)

Sunday
Nov152015

Phishing MMO Credentials

Users of popular Massively Multiplayer Online (MMO) games such as World of Warcraft have often been targets. Attackers will farm e-mail addresses from several different websites that may have been compromised such as online gaming forums. I received this phishing e-mail several years ago and wanted to explain why it is suspicious. Initially what caught my eye was the bad grammar and incomplete sentences. This e-mail is a shot in the dark for the spammer which is made obvious because of the lack of specificity. I will attempt to break down all of the red flags.

 

1)    The e-mail address may not seem suspicious to the recipient but for a company such as Blizzard with several different intellectual properties it is hard to believe that the company uses a separate e-mail address for each one. 

2)    This claims to be an automated response, however, it does not clearly explain the purpose of the e-mail or why the account violated the EULA to begin with.

3)    This section was intended to scare the recipient due to the tone, however, the grammatical errors make it difficult for this to be taken seriously. Also the recipient of the e-mail is asked to verify account ownership but does not give a good reason as to why!

4)    This part of the e-mail states that the recipient will need to verify account ownership, wasn’t this mentioned a few lines above? A company with millions of subscribers would never make this mistake! The spammer obviously did not put much thought into this and it shows!

5)    This URL is obviously not from Blizzard

6)    Another scare tactic designed to get the user clicking, however, if the recipient has read this far then there is probably some doubt anyway.

7)    Company name is misspelled, an obvious tell tale sign that this is a fake.

 

Header text of phishing e-mail:

Upon examining the message headers, I noticed that the originating IP is from mainland China, doing a GEO IP lookup has confirmed this.

 

How do I know the message is really from the sender in question?

 

  1.  Look for the green shield! Many legitimate companies are identified as a trusted sender, meaning they are vetted by the e-mail provider being used by the recipient.
  2. An example of a green shield:
  3. If in doubt do not click on any links in an e-mail, instead visit the vendor’s website directly and look for the green bar or https text in the URL field of the browser. 

 

Saturday
Oct032015

Developer Tools

I have used Embarcadero's RAD Studio and Delphi (formally Borland) for years now. In July, 2015 Embarcadero's sales team sold me an upgrade to the full RAD Studio Professional. Since I'm an indie developer the cost was high but I was pleased with the product. However, I made the mistake of not getting software maintenance. I have always enjoyed it's IDE and recently the company has moved to multi-platform development (Windows 10, OS X, iOS, Android, and Windows Phone). In April 2015 Embarcadero released XE8 which introduced a ton of new features such as multi-device previews, 64 bit iOS App support (Pascal and C++) which is great because Apple is not requiring all developers to submit 64-bit apps now. Creating an iOS App is actually not too difficult but it is not so easy even with it's most up-to-date version (10 Seattle), more on that later. Another cool feature is to migrate IDE settings from previous versions of the XE series. Embarcadero acquired Castalia which has been a great tool to refactor Dephi code. App Tethering is a cool new feature that allows app interactivity on your computer and share data between them. This works well over IP for all platforms that XE8 supports. Bluetooth App Tethering is supported with Windows, OS X, and Android (not iOS). 

As of Auguest 31st, 2015 (only 4 months after XE8) Embarcadero released a major new version that included a ton of new features (full review coming). Since I did not have software maintenance I could not get all of the new bells and whistles. That does not bother me as much since XE8 works fine with iOS 8.x and 9.x. The only thing I do not like about the company is it's reliance on software maintenance (which they never discount). Embarcadero will not even allow XE8 customers to Other vendors such as Microsoft will allow you to at least get service packs (bug fixes and features) for free until the next major release. In mid-September Embarcadero had a special Saturday developer event. I really enjoyed the presentations, it is great that a developer tools vendor offers Saturday sessions (a rarity). I asked sales if they had any special discounts since I just upgraded to XE8 a couple of months prior. The best they could do was 10% (the discount that they gave everyone). Most companies will give you a substantial discount within 90 days from the date of purchase when a major product is released. Embarcadero's sales response was "get Software Maintenance next time"! 

Don't get me wrong Embarcadero (formally Borland) makes awesome tools. They just don't have great customer service.

Monday
Sep072015

My first book is published!

Hey!

Just wanted to give everyone a quick update. The book is published and is FREE until Thursday, September 10th. In one day it is #20 in the 90 minute reads for Computer and Technology!

Here is the link: http://www.amazon.com/dp/B014ODDX0M

 

 

Tuesday
Feb242015

Skype for Business (really Lync 2014)?

Its been a while since I've posted anything UC related so I thought I would explain what Skype for business really is.

 

Skype for Business, formally Lync Server 2013 has a long history of product renames and rebranding. The product was originally an instant messaging (IM) add-on to Exchange Server 2000, and very few organizations had even known about it. I had deployed it back in 2002 as an experiment and it would not work with just any IM client. You had to deploy the Exchange client and even then it would not always work! Soon after my failed IM experiment Microsoft ripped the technology out of Exchange and rebranded it Live Communications Server (LCS). My company at the time had no interest in it. A couple of years later we deployed the second version of this product, Live Communications Server 2005. Microsoft introduced a bunch of new features but it was still a glorified IM Server product with no real purpose. Companies implemented this product because of its federation capabilities (i.e. communicate with other companies). At this time other vendors such as IBM, and Cisco were coming out with their own IM products.
It was not until Microsoft re-branded for a third time before businesses took notice. in 2007 Microsoft announced and released Office Communications Server (OCS) 2007, then later 2007 R2. This was a very significant release for Microsoft since Enterprise Voice features were implemented for the first time. Also there were several IM enhancements such as multi-party IM and enhanced presence (showed additional info if the user was away, online, etc). Shortly after OCS 2007 was released Microsoft made things more complex by introducing OCS 2007 R2. The biggest feature here was SIP trunking which gave the product a lot more control how outbound calls were routed and finally brought the product up to even remotely compete with Avaya or Cisco. Most voice technicians still don’t believe that even the current version of the project handles voice well.
Flash forward two and a half years, Microsoft announces Lync 2010 Server; yet another rebranding. This is the product a lot of companies started to take notice. A lot of my customers at the time wanted to migrate from LCS to Lync, a process that is not for the faint of heart! Lynn 2010 introduced most of the features that competitors already had such as room based video. Microsoft relies heavily on partners to make even this magic happen! A couple of years later Lync 2013 is born and introduces even more features (including Skype integration). My customers really took notice with this one.
Skype for business is born. I’m working on a proper Skype for Business post but Microsoft’s 2011 8.5 billion investment in buying Skype is starting to pay dividends. Clearly the Skype brand is the big winner here since the average person off the street never knew what Lync even was but everyone knows Skype!

 

 

Saturday
Jan312015

What I'm working on

Reviews of Digital Forensic Tools

I’m working on several items for the blog, I’m putting together a review of four forensics tools that I use every day. Part of my job is teaching (and knowledge transfer) so my students often ask what is the best computer forensics tool. My answer is “it depends on the job at hand”. For example, for disk forensics commercially available tools such as EnCase or FTK are great but cost thousands of dollars. There are a number of free and low cost tools out there as well. Below is a list of reviews (planned and in progress).
Autopsy 3.1.1 (In progress)
Paraben P2 Commander (Planned)
EnCase 7 (Planned)
X-Ways forensics (Planned)
Future tools will be reviewed as I have time to work with them. I expect to publish the Autopsy and Paraben reviews within the next week and the other ones over the next 2 to 3 weeks.