A hacker reported that they he have breached Kaspersky US web site. He claimed that he have successfully done an SQL injection attack enabling their group to access the database containing customer information as well as some Kaspersky proprietary information. For full story read the TheRegister.co.uk.
Kaspersky officials denied the claims of the hacker in their website. Quoting Kaspersky site.
…The attack was unsuccessful and, despite their attempts, the hackers were unable to gain access to restricted information stored on the website. Claims by the hackers responsible for the attack that they had managed to gain access to user data are untrue.
As a result of the attack, a vulnerability was found in one section of the usa.kaspersky.com website. Company personnel took immediate action to address the issue, and the vulnerability was closed a short time later.
Following the hackers’ blog via the theregister. co.uk article, the hacker claimed that they have also breached Bitdefender website and had access to some customer information. Btw, Bitdefender is also an antivirus software vendor like Kaspersky. No information is available via the Bitdefender website to dispute this claim. Comments on the hacker blog post points out that the website in question is a Bitdefender distributor site in Europe.
If these data breaches are true, all I can say is my heart goes to Kaspersky and Bitdefender guys (Hey! these are good guys). Just like what I mentioned in my Google interstitial error post last January 31, the important this here is that they: Face it, Fix It and Move On.
It’s been my nth time to visit Taipei, Taiwan. But this trip is kinda new since this is my first visit after getting into this blogging thing, so I guess I am seeing things from a bloggers perspective.
Just to share some little discoveries I had for the day:
Sunday is a very very busy day at the Ninoy Aquino International Airport (NAIA) Terminal 2. The ground attendants told me that since there are many flights departing on a sunday, hence the chaos.
The mobile police cars in Taipei are BMW’s and Mercedes’ (or maybe those stationed in the highway from the airport to the city). Yup! I guess these two brands are not that of a luxury here (compared to PH).
The people in Taipei are very disciplined. Take this example, in the fastfood where I had dinner (see details below), they put their wrappers, left-overs, cups in the trash bin and they clean their tables after eating in the fastfood. Yup, no need for the fastfood attendant to bus the table for the next client.
And this fastfood store is the one that saved my day.
I don’t know if I can blog regularly for the week, but I’ll try my best 🙂
I’m a blogger driver. I brave the streets of Metro Manila everyday. This is the main reason why I am very interested in knowing the lowest unleaded gasoline prices and share it to my fellow bloggers and readers. To all the drivers out there, maybe the tip below can help you.
You’re familiar with the street children on the road, asking for a small change right (“Barya lang po ser, mam“)? How about the instant car-wash boys on the streets during traffic? If we have the same experience, then you would know that they are really persistent and “makulit“. They will bug you until you give them some spare change. They will even wipe their face on your side window, just to annoy you (and so that you already so annoyed you may give in and spare some change and they will go away). Do you want a remedy to end their persistence and “pangugulit“?
Please don’t get me wrong. I’m not the arrogant or anti-poor kind of guy. I believe it giving to the needy and sharing your blessings to the less fortunate. But that belief does not mean I will give my money to all street children who will beg whenever I’m driving. I will give it to charitable institutions and not to them. They are a big road hazard and I know of stories that these street kids are part of a bigger syndicate but that’s another story worth of another post in the future.
So back to our main topic. So do you want to know my tip?
Just knock two times on the window where the street children is asking you for money. Yes two knocks. And see what will happen 🙂
This tip is shared to me by my friend who is an expert on these things. Let me know if this trick will be useful for you, and when they (the street children) go away, drop me some comments here or post something via my contact page.
They say twitter is one of the wonderful innovations in the web recently (or at least in the blogging world). And so I tried it out. I registered an account over the weekend. I posted my first twit update. I followed some bloggers. No one’s following me yet 🙂 . I installed twitterfox plugin. Set the privacy into high (Protect my updates). And then came upon this interesting news today:
A twitter proof of concept (POC) hack has been developed. The POC can change the twitter status of the user (what are you doing? feature) without the user knowing it. Following the developers blog, he introduced the readers (me included) the concept of clickjacking (hijacking the clicks of the user with malicious intent, this is the first time I’ve heard of this). Quoting the developers blog:
‘Clickjacking’, if you haven’t heard of it, is a method used by malicious individuals to trick users like you into clicking something without you knowing what you’ve clicked. It’s also known as UI-redressing and only works in browsers that support frames/CSS.
Ouch! This one is familiar. Iframes with zero height zero width 🙁 . Can be used by bad guys to create malicious activities.
There seems to be no complete solution for this yet, but installing the NoScript firefox plugin will help Firefox users.
If you want to know more details, you can read the developers blog. The site has the POC link hosted there (WARNING: Twitter Kids: Try at your own risk, don’t blame me for any untoward events ok?). Clicking the button will add a new twit status “Yes, I did click the button!!! (WHAT!!??)”
Or you can visit DarkReading Twitter article.
So will I gonna be forgetting about Twitter? No! I think not, but I will be keeping the protect my updates feature ON for now.
Send your own SMS with SMSCaster ! >hon d2 ka mag reply load mo ako 300pesos
One look and I know it’s a SMS TEXTscam. I asked Raven and some friends and they did receive such text messages before. Searching the internet, it seems this scam is rampant in the Philippines. The perpetrator is using different cellular phone numbers and requesting for different amounts of cellphone load ranging from 30 pesos to 300 pesos.
It uses a good social engineering technique: “Hon” is the shortened form of “Honey” a popular term of endearment among couples in the Philippines. One possible setup scenario is that the scammer pretends to be the sweetheart who may have lost his/her cellular phone and he/she is using a different number and then asks for phone prepaid load. Mobile phone prepaid loading business is very popular in the Philippines. Even the smallest neighborhood “sari-sari” store have this prepaid mobile phone loading system.
Digging further on the SMSCaster keyword, I found some information about their business. The site describes their software as:
a Bulk SMS text messaging software for businesses to send marketing & advertising SMS messages to customers with mobile phone from PC (personal computers)
I don’t know if they are legitimate company or not, but they are being used by scammers that’s for sure.
To the scammer: I will make your scheme known to the whole menardconnected world. I’ll make you (in)famous! 🙂
I might even collect the numbers you use and post it here and do more awareness posts on your shameless deeds.
To the readers of this blog: I know you are smart enough to know that this is a scam, but my advise is that you share this knowledge to others (especially to your not-so-techie-friendly folks, friends, relatives and so on). If you receive similar text scam, feel free to leave a message here. If you have blog post discussing the experience, we can even do link exchange if you like.
If you have been online between 11:00PM (GMT+8) and 11:30PM (GMT+8) yesterday, January 31, 2009, and have searched something using Google, you definitely experienced the “This site may harm your computer” results for every search query you’ve had.
Even googling the word “Google” will give you the same results. The format of the link was http://www.google.com/interstitial?url=<search url here>
My first reaction was to check if my computer is infected by a malware. Results are negative. Checking Raven’s machine yielded similar result: Google seems to be flagging all sites as possible malicious site. After some twenty minutes of troubleshooting, my machine can successfully search via google with no errors. Same is true for Raven’s machine. So I guess it was some technical glitch somewhere out there.
Google confirmed something: Its a human error and they fixed it immediately. Quoting Googleblogs:
What happened? Very simply, human error. Google flags search results with the message “This site may harm your computer” if the site is known to install malicious software in the background or otherwise surreptitiously. We do this to protect our users against visiting sites that could harm their computers. We maintain a list of such sites through both manual and automated methods. We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list.
We periodically update that list and released one such update to the site this morning. Unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes.
I understand that every once in a while a technology software/service provider make some minor glitch in their systems. As the saying goes… Nobody’s perfect, and the important thing here is that they accept the problem, face it and move on. Google is very honest and direct to the point in handling the issue. They are also fast in fixing the problem. My hats off to Google!