tag:blogger.com,1999:blog-6477215397403017256.comments2023-11-08T03:33:06.125-08:00the JoshMeister on SecurityJosh Longhttp://www.blogger.com/profile/03511083686180216122noreply@blogger.comBlogger144125tag:blogger.com,1999:blog-6477215397403017256.post-32349188232976364902017-07-01T04:05:29.474-07:002017-07-01T04:05:29.474-07:00Nice PostNice PostAnonymoushttps://www.blogger.com/profile/00357933460302060158noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-6797560054305499452014-09-14T20:22:17.121-07:002014-09-14T20:22:17.121-07:00Darren, sorry for my delayed response.
Since you ...Darren, sorry for my delayed response.<br /><br />Since you mention that you're using a Mac, hopefully you already have an antivirus suite installed such as Sophos Anti-Virus for Mac Home Edition (freeware) or Intego VirusBarrier (commercial). I definitely recommend scanning with one of those and leaving it installed.<br /><br />I would suggest also trying AdwareMedic (freeware/donationware), a new program developed by my friend Thomas Reed of The Safe Mac — see http://www.adwaremedic.com for a direct download link. You can also try malware scanners available on the Mac App Store. Here are a few that are worth trying, in alphabetic order:<br /><br />* Bitdefender Virus Scanner (free)<br />* ClamXav (freeware/donationware) — note that there's a more fully featured version at http://www.clamxav.com/download.php<br />* Dr.Web Light (used to be free; now $16.99 if you haven't downloaded it previously)<br /><br />If you still don't find anything malicious after also scanning with four (or more) of those programs, your Mac likely isn't infected. Hope that helps.Josh Longhttps://www.blogger.com/profile/03511083686180216122noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-42712842893443005002014-09-11T20:41:39.224-07:002014-09-11T20:41:39.224-07:00Hi,
I got hit with this a couple days ago. I open...Hi,<br /><br />I got hit with this a couple days ago. I opened a weird message from my wife "i have sent you a skype message<br />Read your mail friend request" and the next thing that occurred was that a similar message was sent to ever contact from my Mac Mail. I have run 6 of the antivirus programs that you reported are able to find this bug. No antivirus software has found any suspicious files on my Mac. I am still concerned about my security and wonder if you have any other suggestions other than changing passwords (which is done)?<br /><br />Thanks,<br /><br />DarrenAnonymoushttps://www.blogger.com/profile/04119581134827115067noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-13820544298772162682014-07-19T07:55:28.829-07:002014-07-19T07:55:28.829-07:00I'm seeing this article many years later ( 201...I'm seeing this article many years later ( 2014 ) but there is still a lot of truth to it. My mother has been using the G5 we got her, mostly for basic email, Facebook, etc, but certain aspects of functionality are disappearing, even from these simple things. It just seems absurd. There must be a HUGE pile of these G5 towers destroying the environment somewhere.the late stylehttps://www.blogger.com/profile/13886949918943869636noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-70010483068255720262013-11-18T14:31:09.931-08:002013-11-18T14:31:09.931-08:00There is a new entry in the XProtect.meta.plist fi...There is a new entry in the XProtect.meta.plist file for each entry. It is:<br /><br /> PlugInUpdateAvailable<br /> true<br /><br />Just set it to false and then it will let you use the website whitelist security in preferences.<br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-16455082930599507792013-11-13T13:49:36.983-08:002013-11-13T13:49:36.983-08:00This one's good and has plenty of advanced opt...This one's good and has plenty of advanced options:<br /><br />http://kfc.io<br /><br />- multiple long urls<br />- custom name url<br />- url password<br />- expiry<br />- limited number of url uses<br />- save to folders<br />- private or public url<br />- QR code<br />- APIAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-84709632901813867042013-11-12T21:49:26.141-08:002013-11-12T21:49:26.141-08:00Gold, you were correct, at least for a short perio...Gold, you were correct, at least for a short period of time. A few minutes ago I verified that I was only able to access http://goo.gl/1tRbb+ whilst logged into the Google account from which I created it. However, a few minutes later (after I was ready to publish an update to this article), I was again able to visit http://goo.gl/1tRbb+ and http://goo.gl/info/1tRbb whilst not logged into any Google account. Also, the goo.gl homepage still says, "All goo.gl URLs and click analytics are public and can be accessed by anyone." You may have noticed a temporary glitch that Google has already fixed.Josh Longhttps://www.blogger.com/profile/03511083686180216122noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-6266672284483013262013-11-12T16:37:35.005-08:002013-11-12T16:37:35.005-08:00goo.gl/shortcode+ doesn't appear to work any m...goo.gl/shortcode+ doesn't appear to work any more. It takes you to the front page unless you're logged in, in which case you get the analytic page.CMDR Unifexhttps://www.blogger.com/profile/09023348676416501871noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-16481280333614168412013-08-28T13:42:48.014-07:002013-08-28T13:42:48.014-07:00just received it in 2013 cosmicrayukjust received it in 2013 cosmicrayukAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-57136955120941840042013-08-24T14:40:19.467-07:002013-08-24T14:40:19.467-07:00Also in reply to gadgetsa2z:
I should add that if...Also in reply to gadgetsa2z:<br /><br />I should add that if you spend money for "SEO services" that claim to get your site linked from a number of popular sites or those with a high Google PageRank, this most likely means that the person or group offering those services will attempt to leave spam comments on those sites. Some people may pay for links or publicity and unknowingly get their site spamvertized, which can lead to their site getting blacklisted by anti-spam organizations. The damage to your site's reputation may be irreparable and will be a very bad thing for your site. Thus you'll have effectively wasted your money and have gotten nothing positive in return.Josh Longhttps://www.blogger.com/profile/03511083686180216122noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-6582071215397754452013-08-24T14:36:50.813-07:002013-08-24T14:36:50.813-07:00Hi, gadgetsa2z:
On your first point, I agree that...Hi, gadgetsa2z:<br /><br />On your first point, I agree that using URL shorteners that can track statistics can be useful. I normally use Bitly on social networks because it's free, it's widely known and respected, it allows users to preview the URL before visiting the destination site, and it provides stats. Just because someone is using a URL shortener doesn't mean that the destination site is bad.<br /><br />You raise the question of what exactly constitutes spam. I think this is an important discussion to have, especially on a site where the term is used frequently and not always defined explicitly.<br /><br />Spam comes in many forms, to be sure. It can be one of those "I know it when I see it" sort of things, but there are some keys that can make spam easier to identify (this is not a comprehensive list by any means):<br /><br />1) For one thing, spam is unsolicited, regardless of the medium (e-mail, blog comments, etc.) and usually comes from an organization or person a) with whom the recipient has never interacted previously and/or b) which the recipients never authorized to send them advertisements.<br />2) On this site when I discuss spam, I mostly talk about the misleading or downright deceptive type. This variety of spam usually attempts to either trick the recipient into clicking on a link or to reply to the message, and it often doesn't deliver what is promised or implied (in other words, it's fraudulent; a scam).<br />3) Sometimes a spam-advertised link goes to a site that may be legitimate but has been hijacked by someone with malicious intent (the idea here being that the hacked site's reputation will be sacrificed, possibly instead of the spammer's domains' reputation).<br />4) In nearly every case, the goal of the spam is either to make money (often by questionable means) or infect visitors' computers or devices (which in turn is typically used as a means to make money).<br /><br />You try to force a question of whether any site with advertisements may be considered a spam site. That's obviously not the case. Legitimate businesses obviously need to make money in order to be sustainable and pay their employees, and advertising is often the preferred means of making a profit so that content or services can be provided for free or at a reduced cost. Legitimate companies are required by law to include opt-out instructions in every advertisement e-mail, and those opt-out instructions have to actually work. Legitimate companies do not send the deceptive or malicious kinds of spam that I usually talk about on this site.<br /><br />As for the question of whether labeling a site as a 'spam site' is used as a form of bullying, as far as I know it's not very common. I've seen "bullying" behavior most often on community-rated reputation sites, particularly targeted towards major political or religious sites. Some people have very strong opinions about these topics, and a subset of those people seem to think it's their duty to damage the reputation of a site if they don't agree with everything that the site stands for (or that they think the site stands for).<br /><br />A different form of spam-related bullying is when certain anti-spam organizations get a little too trigger-happy, blacklisting a legitimate site or mailing list and then making it extremely difficult for the legitimate company to get removed from the list. That form of bullying happens on occasion as well, but I don't know if it's an extremely common occurrence. One would hope that the motives behind anti-spam sites would be pure, but in some cases their methods and practices may be less than ideal.Josh Longhttps://www.blogger.com/profile/03511083686180216122noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-61881486622909057052013-08-24T03:30:28.916-07:002013-08-24T03:30:28.916-07:00Good reference article!
2 points i would like to ...Good reference article!<br /><br />2 points i would like to make.<br /><br />1- URL shortening is very useful to understand what web content works or not via the visit stats.<br /><br />2- Spam? IMO, The term spam can be misleading at times and often is simply used to destroy someone else genuine business. I now think of it as another kind of bullying.<br /><br />What is the actual definition of spam? <br />* irrelevant or inappropriate messages sent on the Internet to a large number of recipients.<br /><br />Now a days, companies/individuals/websites simply need to make a living and want to cash-in the profits of any product/link shown in their own web site and because of this by branding anyone else offering a product/service a spammer that this definition IMO is changing. The fact most people don't realize is, that the majority of popular websites (e.g. Facebook, twitter, WordPress, etc, etc) already have systems in place to detect, block and even replace any URL shortening advertising links with their own advertising links. e.g. I found a really good deal for a product and posted in some deals website, next the link had been updated with their own personalized link so the deals website gets commission from where i seen the offer...<br /><br />Should we next consider any website out there offering Google adverts or any other form of advertising links which have financial interested behind it (e.g. a product review or a coupon/voucher) also be considered spammers?<br /><br />Basically if you pay a website to link to your product/products/services you are no longer considered a spammer but if you don't then those web sites have the power to brand any links to your product/products/service as being spam. Believe me I hate spam but branding someone a spammer can be just another form of bullying.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-50874036449728402122013-03-29T06:13:17.466-07:002013-03-29T06:13:17.466-07:00Thank you very much; this is helpful.Thank you very much; this is helpful.Edhttps://www.blogger.com/profile/13885914896978976173noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-60938811031894905562013-03-28T10:30:21.135-07:002013-03-28T10:30:21.135-07:00Ed, this is probably not a symptom of your own acc...Ed, this is probably not a symptom of your own account being hacked, and it may or may not be an indication of someone else's account getting hacked. Spam (the type of unsolicited e-mail you're describing) has been around for decades. Spammers try to adapt to spam filtering technologies, so the exact content of junk e-mail will continue to evolve, but we can expect spam to continue to exist for years to come. You're wise to never click on any links in spam e-mails. When in doubt, it's best to delete questionable e-mails (ideally without opening them, whenever possible).<br /><br />Based on my observations of various e-mail accounts, AOL seems to be among the worst e-mail providers at spam filtering (meaning a lot more spam will reach your inbox if you have an AOL-based e-mail account), while Google's free e-mail service Gmail is one of the best at filtering spam (although even Gmail isn't perfect). Other e-mail providers are usually somewhere in between. Gmail also offers additional security features including two-factor authentication (meaning you can ask Google to send you a text message to verify it's really you whenever someone tries to log into your account) and warnings when someone has recently attempted to access your account from a country you don't normally visit.<br /><br />If spam is a really major problem with your current e-mail account, you might consider setting up a Gmail address that you only give out to family and friends (and perhaps a small number of really important businesses you deal with, like your bank and/or bills, to make sure you don't miss those e-mails) and then continue to give your <b>old</b> e-mail address to most businesses, Web sites, etc. Basically, you're then using your old address as a spam trap since most junk mail will probably end up there rather than in your new inbox. For those few businesses you give your new address, try to use the plus symbol to create unique sub-addresses for your account. (Note that you can only do this with Gmail and a small number of other e-mail providers that support it, and unfortunately some companies don't allow you to register with an address that has a plus symbol in it.) For example, if you have Bank of America, you could try giving your bank the address "mynewgmailaddress<b>+bankofamerica</b>@gmail.com" and then you'll have a better idea of which e-mails are genuinely from that company (which can help you identify phishing e-mails used by fraudsters to try to trick you into giving up your banking information). Later if one of those companies gets hacked and you start getting spam at that "plus address," you can give the company a new plus address and create a Gmail filter to automatically delete any new e-mails sent to the old plus address.<br /><br />These are just a handful of ideas on how to avoid spam. I hope you find some of them useful.Josh Longhttps://www.blogger.com/profile/03511083686180216122noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-89059073041420909422013-03-28T08:16:40.301-07:002013-03-28T08:16:40.301-07:00Every day I receive 20 to 30 emails supposedly fro...Every day I receive 20 to 30 emails supposedly from Oprah, Beyonce, Pamela Anderson, etc. about weight loss, beauty secrets, etc. I never click on the links. Has my email been hacked, or is it because one of my contact's email has been hacked?Edhttps://www.blogger.com/profile/13885914896978976173noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-27020648451972623912013-02-06T12:19:37.117-08:002013-02-06T12:19:37.117-08:00Is there a way to disable/enable "Automatical...Is there a way to disable/enable "Automatically update safe downloads list" with a terminal command? I need to make sure an update does not get applied on many client machines.Mr. Dreyfushttps://www.blogger.com/profile/16513893988693825086noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-80713913899195113562012-09-04T05:44:40.526-07:002012-09-04T05:44:40.526-07:00This is the last one I just received; little modif...This is the last one I just received; little modified.<br />Be careful with the clicking on open page, since not only the button is an active link, but the entire image/page.<br /><br />"Unfortunately we failed to deliver........."City_Citizenhttps://www.blogger.com/profile/17466812745756695485noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-55066117872333330672012-08-30T00:45:18.353-07:002012-08-30T00:45:18.353-07:00Thank you so much for this article! I used it to m...Thank you so much for this article! I used it to make another cheat sheet in Russian in my LJ (with link to you, of course).<br />Another update: "URLVoid Unshorten URL" changed from http://www.urlvoid.com/tools/unshorten-url/ to http://unshortenurl.urlvoid.com/Anonymoushttps://www.blogger.com/profile/08568996017449746946noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-30451293232529293792012-08-12T13:31:01.499-07:002012-08-12T13:31:01.499-07:00These links are invalid:
https://beta.aol.com/
htt...These links are invalid:<br />https://beta.aol.com/<br />https://beta.webmail.aol.com/<br /><br />This link: phoenix.aol.com states:<br />> Oops... looks like you are not a Phoenix user.<br />> Try signing in at mail.aol.com.<br /><br />Appears to me still no HTTPS for AOL email...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-30211280805012144002012-07-17T08:57:13.241-07:002012-07-17T08:57:13.241-07:0052101766-d01c-11e1-a552-000bcdca4d7a: It's hig...52101766-d01c-11e1-a552-000bcdca4d7a: It's highly unlikely. I haven't heard any reports about iOS malware spreading through e-mail attachments.<br /><br />Still, it's a good idea to be more careful in the future.<br /><br />Think it through logically:<br /><br />"This e-mail claims that USPS attempted to deliver a package and it was sent to the wrong address. I don't have the package, so what good would it do for me to print a shipping label?"<br /><br />Furthermore, legitimate companies will almost never send and ask you to open an attachment. That's another big red flag.Josh Longhttps://www.blogger.com/profile/03511083686180216122noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-34834858058471180052012-07-17T07:33:26.895-07:002012-07-17T07:33:26.895-07:00I received similar email (after logging into the r...I received similar email (after logging into the real USPS.com website and : Attempted delivery of package on June 27 was sent to erroneous address, please reprint shipping label. Unfortunately I opened it on my Iphone. It was a .zip file. Josh, any word if by now the virus has evolved and is infecting Iphones with .zip files, or are we still safe because Iphones cannot open them?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-4733226579784210002012-06-14T08:19:01.364-07:002012-06-14T08:19:01.364-07:00luciole2345: Not likely.luciole2345: Not likely.Josh Longhttps://www.blogger.com/profile/03511083686180216122noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-72516920706723052872012-06-14T06:26:55.204-07:002012-06-14T06:26:55.204-07:00I've looked everywhere for an answer to this q...I've looked everywhere for an answer to this question and would very much appreciate any advice: could I be infected if all I did was open the zip file but then got wise before clicking on the .exe file? I was reading an email in Windows XP, in Pine, said yes to opening the zip file (the emailed claimed to be from DHL), suddenly it was showing me a .exe file to click on, at which point suddenly I woke up to what was going on.<br /><br />I didn't click on the .exe file, immediately closed the window, closed the email, deleted it. Exited, restarting, about to do a scan from an Avast! disk. The only immediately odd thing was that I couldn't disable the wireless network before shutting down, which seems worrying. Other than that - my main question is: will just opening up the zip file but not having clicked on the .exe file still have infected me?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-15043377023122575022012-06-06T15:19:12.639-07:002012-06-06T15:19:12.639-07:00v.gd is another shortener that enables previews by...v.gd is another shortener that enables previews by default, from the people who made is.gdcodlhttps://www.blogger.com/profile/03273021978376124811noreply@blogger.comtag:blogger.com,1999:blog-6477215397403017256.post-59905242759681213122012-05-15T13:23:18.567-07:002012-05-15T13:23:18.567-07:00For yi.tl (http://yi.tl) just add a tilde to the e...For yi.tl (http://yi.tl) just add a tilde to the end '~'. It not only shows you the full link but also checks the link against Google's Malware and Phishing databases.<br /><br />Add a '+' for stats.<br />Add '.qr' for the QR code.Nurnalhttps://www.blogger.com/profile/14362059216463546626noreply@blogger.com