The 11 of us

An interesting interview has recently caught my eye on a security related blog, called Scam Detectives.

It's a phone interview with a real Nigerian scammer, whom has been recently released from jail and telling his story, whether his claims are real or not but the interview's got a lot of interesting information about different email scam techniques and the methods used by the gangs working in these scams, and yes it's a very organized world with a defined hierarchy of roles, smart kids are taken out of schools to participate in such ploys to support their families, yet even some of the perpetrators believe that they have the right to be doing so since the victims are "...white people (who) deserve to have their money taken because of the way they have treated Africans in the past..."

I once tried to set a honeypot email to attract such scammers and try to research their ways, yet I found out after reading this interview that it hasn't been a safe land to tread into, and that I would be dealing with a very complicated system, yet I would still be interested to revisit the email inbox I created as the honeypot and check if the scammers really share their victims' emails and how do they change their scams.

The interviewee was mainly active in the advance fee fraud or the 419 type of scam and explained several techniques that are usually used in such schemes.

Thinking of it, the best way to mitigate such kinds attacks is mainly through awareness, because even fighting back or "scamming the scammers" would not be of the desired effect.

The interview can be found in three parts: part1, part2 and part3.

According to this post on the official Google blog, in the coming weeks Google Docs will offer to host all file types with a limit of 250 MB, which as they say is larger than the current limit for email attachements.

So far so good, right?? wrong..

This will have its consequences:

Files sharing services such as Rapidshare, Megaupload etc.. will lose their edge, they should eventually think of a profitable business model for offering services that are now being offered for free, except if Google puts some measures in place that may cripple the distribution of these hosted files to all the public, something which file sharing services are already doing and profiting from, but I strongly doubt Google will have such measures.

Now more and more pirated material will be hosted on the cloud and using Google as a distribution channel for copyrighted material, would there be any measures in place??

Also my security sense couldn't stop nagging me about potential security risks behind this, a free malware distribution channel and who knows what fresh vulnerabilities could be exploited in this channel.

Another fear in the minds of many, is of Google controlling all of our information and keeping it in its possession, you never know when the ammendment in the end user agreement will give Google full ownership of the information on its cloud, that is of course for free users, Google Apps users are already protected.

Anyway we have to wait and see what tomorrow brings.

While going through my daily list of security news, I came across this article Anti-Semitic Hacker Targets Jewish Web Sites

The article implies some of the most famous prejudices, news about so called antisemitic attacks, which is nowadays being as stupid as being introduced in some countries legislations; I should feel thankful to be writing this while governed by a legislation system that has no such issues.

Just by reading the dreadful title "Anti-Semitic Hacker Targets Jewish Web Sites", makes the reader automatically come to assumptions about the incident, such assumptions have been previously preprogrammed by media and triggered by the keyword Anti-semitism, the reader automatically assumes:

an Islamic terrorist...

attacking a helpless jewish website...

and discriminating against jews.

Now the word anti-semitic is largely unfair and misguiding, first because jews are not the only semitic people, yet they have been capitalizing on the antisemitism concept since very long, I think other semitics should have their chance too

Now what matters for me is the fact that is not security news of any kind, but a lame old tabloid trick, if you look into the article, you can find that this was a defacement attack on religious institutes' websites, usually such organizations' websites are very poorly secured  and managed, the attacker's message was concerning some news of organ stealing from palestinian children.

Such defacement attacks are approximated to be 28% of global web attacks, a look at some of the defacement reports can give a clearer idea about the state of website defacement; so the attack referenced in the article is NO NEWS

The important matter is, if such news will keep leaking into the information security scene, no one will no longer be able to maintain his information security professional credibility as long as such overrated news keep distorting the news outlets.

Note: for a view for how stupidly such news can be exploited, better have a look at the video published on the same page

UPDATE: a funny example of web defacement was discovered today on the spanish european presidency website (www.eu2010.es).

والعود أحمد

طبعا الشيء ده لسه عاوز تضبيط كتير بس برضه أحن من عدمه

وصل الكسل بالإنسان أنه يتمنى لو كان البطيخ يُباع كمكعبات او قطع جاهزة بدلاً من تقشيره، و يا حبذا لو كان منزوع البذر.