Friday, December 2, 2016

Phishing Attempts On My Facebook Fan Page

Right about the time my Facebook fan page started blowing up, all the scammers came out of the woodwork. It's pretty much what you'd expect, from the "hey I wired you a bazillion dollars so make me admin and I'll give you the codez" to the "hey i luv ur page make me admin plz,"

This one was novel because it took me a couple glances to read the domain name. There's so new top level domains nowadays that you have to mentally parse the URL, which is good for all the phishing scams.

The message begins with an ominous warning that your page has violated someone's terms.

Wе hаvе rесеivеd mаny rероrts frоm yоur fаn раgе. Plеаsе rеviеw yоur раgе аnd yоur роsts fоr rеаsоns thаt yоu hаvе viоlаtеd оur tеrms.

‌Y‌о‌u‌r‌ ‌c‌a‌s‌е‌ ‌і‌d‌ ‌і‌s‌:‌ ‌59382774

Here's the full URL they linked. I wouldn't advise following it. I sure didn't.

A quick WHOIS search for shows it was bought from namecheap and they paid for the "whois guard" which pretty much anonymizes them.

Yeah, it's pretty much a throw-away domain technically registered tomorrow haha! Scammers in different time zones for the win!

Domain Name: 110741904325873.REVIEW
Domain ID: D428254-REVIEW
WHOIS Server:
Referral URL:
Updated Date: 2016-08-17T22:05:09Z
Creation Date: 2016-08-17T22:01:41Z
Registry Expiry Date: 2017-08-16T23:59:59Z
Sponsoring Registrar: NameCheap, Inc.
Sponsoring Registrar IANA ID: 1068
Domain Status: clientTransferProhibited
Registrant ID: C428250-REVIEW
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code: 00000
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Fax: +51.17057182
Registrant Email:
Admin ID: C428251-REVIEW
Admin Name: WhoisGuard Protected
Admin Organization: WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin City: Panama
Admin State/Province: Panama
Admin Postal Code: 00000
Admin Country: PA
Admin Phone: +507.8365503
Admin Fax: +51.17057182
Admin Email:
Tech ID: C428253-REVIEW
Tech Name: WhoisGuard Protected
Tech Organization: WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech City: Panama
Tech State/Province: Panama
Tech Postal Code: 00000
Tech Country: PA
Tech Phone: +507.8365503
Tech Fax: +51.17057182
Tech Email:
Billing ID: C428252-REVIEW
Billing Name: WhoisGuard Protected
Billing Organization: WhoisGuard, Inc.
Billing Street: P.O. Box 0823-03411
Billing City: Panama
Billing State/Province: Panama
Billing Postal Code: 00000
Billing Country: PA
Billing Phone: +507.8365503
Billing Fax: +51.17057182
Billing Email:
DNSSEC: unsigned
>>> Last update of WHOIS database: 2016-12-03T02:26:27Z <<<

Wednesday, November 30, 2016

More Malware From IMDB

Just like last time, I was looking up a movie (yeah, I watch a lot of movies) on IMDB when it redirected me to the URL below. Same "Urgent Chrome Update" message, and this time I noticed that it still says "Miller's Crossing (1990)" on the tab.

The domain is new: and the domain registration is locked down this time, so it's hard to follow up on like the last one. Others on Reddit have mentioned this type of malware redirect from large sites. My guess is that IMDB is still serving up infected ads.

I did notice from the WHOIS record that it looks like the domain was created today. Talk about zero day malware!

Here's the URL:

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to
for detailed information.

Sponsoring Registrar IANA ID: 303
Whois Server:
Referral URL:
Status: clientTransferProhibited
Updated Date: 29-nov-2016
Creation Date: 29-nov-2016
Expiration Date: 29-nov-2017

>>> Last update of whois database: Wed, 30 Nov 2016 10:17:30 GMT <<<

Sunday, November 27, 2016

IMDB Serving Up Malware?

This is the second time in less than a week where I was looking at a movie on IMDB and it suddenly redirected me to an obvious malware link. Every couple of months I get a popup from Frontier asking to complete a customer satisfaction survey. Big ISPs often use what would best be described as a Javascript injection attack for all sorts of reasons.

So, I looked on my machine for an infection--there was none--and wondered where it came from. But this time I was paying better attention. It redirected to the following URL when I was just sitting there looking at an Al Pacino movie. Exact same site, exact same screen.

My guess is that IMDB is serving up a shady ad from whatever ad network they use.

Doing some digging, it doesn't seem like anyone else is reporting this issue. There's no way for me to say definitively that this came from IMDB--there's lots of ways to attack a computer--but it sure looks like it!

Malware scans come back clean and I haven't had any issues or anything suspicious with this Windows 10 / Chrome install. Uh, yeah, don't think I'll be clicking on this.

A WHOIS search shows the domain to be registered in California.

Registrant ID: DI_49692548
Registrant Name: Chad N. Wessels
Registrant Organization: NA
Registrant Street: 4145 Diane Street
Registrant City: Atascadero
Registrant State/Province: California
Registrant Postal Code: 93422
Registrant Country: US
Registrant Phone: +1.8054618382
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Admin ID: DI_49692548
Admin Name: Chad N. Wessels
Admin Organization: NA
Admin Street: 4145 Diane Street
Admin City: Atascadero
Admin State/Province: California
Admin Postal Code: 93422
Admin Country: US
Admin Phone: +1.8054618382
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Tech ID: DI_49692548
Tech Name: Chad N. Wessels
Tech Organization: NA
Tech Street: 4145 Diane Street
Tech City: Atascadero
Tech State/Province: California
Tech Postal Code: 93422
Tech Country: US
Tech Phone: +1.8054618382
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:

The admin contact for this domain seems to be a German encrypted email service. Searching the email shows this person, Chad Wessels is associated with over 100+ domains, most of which look shady to me. But there's more. The email search also links to a discussion forum post about phony Firefox updates, so it seems like good ole Chad has been quite busy.

I'm a software engineer but security really isn't my specialty, so I'm interested to see how this plays out and whatever people have run into this phony Chrome update.

Friday, July 29, 2016

Using Bluetooth To Share Files Between Your Phone And Desktop Or Laptop

Many laptops come with Bluetooth built-in, but it's super easy to add a cheap Bluetooth dongle to your USB port and use your computer to listen to music, or share files, which is the subject of this article.

This article assumes you are using Windows 10, but I believe it would work similarly on Windows 8 or Windows 8.1, though Windows 10 is the version that finally got Bluetooth right as far as I'm concerned.

Step 1 - Make sure you have a Bluetooth adapter and that it's running.

Whether it's a USB dongle like the the one below, or whether Bluetooth is built into your system, you should see a little Bluetooth icon on your system tray, located on the bottom right of the screen.

 Clicking on the arrow on the system tray will show you the logo:

Click on the Bluetooth icon and choose "Show Bluetooth Devices" and you should see the Bluetooth settings screen similar to below. Notice I have my headphones already paired.

Step 2 - Allow Connections To Your PC

Windows 10 doesn't trust any Bluetooth devices out of the box, so first you'll need to click on "More Bluetooth options" and you will see this popup dialog box:

Step 3 - Get Your PC Ready To Share Files

Make sure the "Allow Bluetooth devices to find this PC" is checked and then press the OK button.

Next, choose the "Send or receive files via Bluetooth" option on the Bluetooth settings screen, and you will see a new popup:

For this example, I will be receiving files to my PC sent from my Android 6 (Marshmallow) phone, which is probably the most common usage.

At this point, Windows will wait for an incoming connection from my phone.

Step 4 - Share From Your Phone

Choose some files or photos to share on your phone, such as a photo of a cute little dog, like my Zoey.

Pressing the little share icon in the lower right hand corner, I get a list of a whole bunch of ways I can share this photo. For this example, you'll want to click the Bluetooth icon.

You should then see your PC on the list of devices to share with. In this example, only my PC shows up on the list, clicking on the device name will start the process of sending the files, but you still have to go back to your PC to receive them.

Step 5 - Receive on your PC

At this point you should see a box pop up on your PC showing you the files being downloaded, like so:

Once your files are received, you see the finish screen:

My photo of Zoey is now on my PC! Notice I could put the file(s) somewhere else, but I just clicked the Finish button and put the file in my Documents folder.

Thursday, February 25, 2016

Disney To Employees: Pay Us To Influence Politicians

In a letter to its employees, Disney recently asked its employees to help corrupt politicians through the millions of dollars it spends on lobbying. Apparently that's not enough, because they are asking their employees to take payroll deductions to help fund DisneyPac, the IP protectionist Super PAC long known for getting laws favoring Disney literally rubber stamped.

The letter, according to Ars Technica, brags about getting the TPP treaty passed, among other things. The TPP for people who haven't heard of it, is an awful trade agreement which was negotiated in complete secrecy, lest anyone find out how bad it was, and quietly ratified by its member countries before anyone realized what was going on.

A few years back when ICE (yes, the immigration service) launched a campaign to stamp out file sharing sites (which it failed at,) it kicked everything off from Disney headquarters just to show everyone how corrupt our political system is.

So, if you work for Disney, they'd sure appreciate if you'd feed their political machine, which for some reason reminds me of this episode of South Park, where Mickey Mouse beats up the Jonas Brothers!

Thursday, January 28, 2016

Spam Buddies: Epicurious and Vanity Fair

It's bad enough that Epicurious sends me email spam every day that I've been powerless to stop. But then, long after I tried to unsubscribe from their emails, they give my email to their sister company, Vanity Fair, which starts sending me unwanted emails. I managed to get Vanity Fair to stop emailing me, but now it looks like the Epicurious email spam is pushing for people to subscribe to Vanity Fair. Their spam is now incestuous.

Nice. For only a dollar per month, I can subscribe to a shitty magazine! But all the unwanted emails--those will be free!

I did notice that Epicurious now has two different email footers. Looks like Conde Nast is consolidating all their spam into one giant machine.

The emails I've been getting all along have this footer:

But ever since Vanity Fair started emailing me, I noticed that the footer changed on the other emails coming from Epicurious.

Thursday, January 21, 2016

Avoid GearBest

GearBest was a decent seller for me, until they started with the shady behavior, which I'm the first to call them out for. So, I would avoid them if at all possible. I gave the full story on my outdoor blog, but this has sort of become a blog focused on consumer protection and similar issues relating to technology, and overseas online shopping seems to fall into that category.

Vanity Fair Now Spamming Me

Today I got an unsolicited email from Vanity Fair, who I have no relationship with, and I've never visited their site. But I noticed the email came from Conde Nast, which also owns Epicurious, which I have been fighting with for 3 over months, the whole time being mercilessly spammed by them. It's pretty easy to make the connection that Epicurious shared my email address with their sister company, so they can join in the spam fun. What's funny is that Epicurious gave them my email address after my fight began with them.

The tag line is ... ironic.

I notice that the return address emails are different between the two companies;

Vanity Fair:

So it looks like Vanity Fair uses a third party email service provider, where Epicurious is sending spam from their own domain. Third party ESPs are usually a little more strict about the behavior of their clients, so I think there's a fair chance that Vanity Fair will honor the unsubscribe request--we'll see. I just noticed that email from Vanity Fair seems to really be coming from Epicurious.

Wait, maybe not. Is this email from Vanity Fair, or is it from Epicurious? It seems a little suspicious. Thank you, Conde Nast for sending me spam from Vanity Fair on behalf of Epicurious!

I got an austere screen when I clicked on the button.
Wait, which company did I unsubscribe from? This was a Vanity Fair email. Also note that that 10 days is the maximum allowed under the CAN-SPAM act. And from building back-end corporate computer systems for the last 25 years, the time it takes for a large system to process something like this is measured in milliseconds--thousandths of a second. So, it's kind of a dick move to spam you the full 10 days after you tell them to stop. Some systems will do a big batch processing every night, so maybe one day could be believable. But the full 10 days, yeah, that's dickish.

Here are the email headers from the above email. I know Conde Nast must be feeling a little heat, because these articles are starting to get some traction, and I'm receiving email from readers angry about Epicurious. We'll see if Vanity Fair gets my ire.

Update 1/24/2016: looks like the unsubscribe took. Now if I could just unsubscribe from their sister company, that would be a real victory.

Thursday, January 7, 2016

Epicurious Email Spam: The Saga Unfolds

It's pretty simple in theory. People obey the law because there are consequences for not doing so. The problem begins when those "people" are large, multi-national corporations. Couple that with an almost complete "regulatory capture" of the communication and tech industries, and well, the law doesn't always always apply to corporations.

For those following along, Epicurious seems indifferent to an unsubscribe request, emails to their company, complaints to both the FCC and FTC, and the few people in cyberspace making a stink about it. Their communication infrastructure seems fine, as they continue to email me every day, even twice a days over the holidays, so I wonder why they won't communicate with me other than via spam.

So, I'm coming up on 3 months of doing what I can to get these people to stop sending me emails. Not a day goes by that they don't send me an email, but when I email them, no response. Day after day from them, like we're friends. In fact, few of my good friends even email me twice a day.

I'm just going to keep telling my story and linking the proof that they are not obeying the law, and hopefully someday their actions will catch up with them. I still have yet to start contacting email providers to try to get their domains black listed.

Notice below that they are spamming me from two different recipients: "Epicurious" and "Epicurious Cook This Now"

Here's the email headers on one of those random emails so everyone can see this is the same email I unsubscribed from. Notice that it also provides an unsubscribe URL. As I've always said, I believe they will continue to spam me until they are faced with tangible consequences, and then they will say "oops it was a mistake, sorry" to weasel out of it. Mark my words!

Received: by with SMTP id 2csp5969513iox;
        Sun, 27 Dec 2015 07:27:58 -0800 (PST)
X-Received: by with SMTP id o2mr16167950pfa.113.1451230078058;
        Sun, 27 Dec 2015 07:27:58 -0800 (PST)
Return-Path: <>
Received: from ( [])
        by with ESMTP id mi6si1938155pab.95.2015.
        for <>;
        Sun, 27 Dec 2015 07:27:58 -0800 (PST)
Received-SPF: pass ( domain of designates as permitted sender) client-ip=;
       spf=pass ( domain of designates as permitted sender);
Return-Path: <>
DKIM-Signature: v=1; a=rsa-sha1;; s=v1; c=simple/simple;
q=dns/txt;; t=1451230071;
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;
Received: from [] ([]
by (envelope-from <>)
(ecelerity r(44647)) with ESMTP
id 1D/DD-31639-77300865; Sun, 27 Dec 2015 07:27:51 -0800
Date: Sun, 27 Dec 2015 07:27:56 -0800 (PST)
From: Epicurious <>
Message-ID: <>
Subject: 20% Off The WIRED T-Shirt Collection.
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="---=_NEXT_151e40d9f0a"
X-eid: 2.5.3Kg.2hg.17syts.ENK1D2..N..1ZLy.CeVQETc0
X-pid: 406908
X-AcxSID: 13610.406908
List-Unsubscribe: <>