Known Exploits for Macs, and terminology for the Less Tech-Savvy.

Have you fallen victim to a hack on your Mac? Perhaps one of these exploits can show you how.

I was contacted on Twitter by a very polite man who informed me that his security was breached remotely. He wasn’t sure how this happened exactly but provided this really interesting article that he though may shine some light on the situation. >ARTICLE<

Basically, it mentions that hackers are able to use a Rootkit (which is basically software that is designed to enable access to a computer where it should not be enabled and mask itself) to access the Mac in sleep mode. This could mean that he has a backdoor on his computer now that is very well hidden and could let the attacker come back at any time.

I took some time to put in some research, and I found this extremely interesting… But frankly scary page that lists exploits and rates how bad they are here: https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-156/Apple-Mac-Os-X.html

I’m under the impression that most if not all of these are genuine.

For the average reader

You might open this and have no idea what any of those exploits mean. Well, it means IF you are being targeted one, or multiple of these may be used against you. So probably best to brush up on them.

My best advice to you would be that if you are doing anything that’s going to require you to delete your search history, then you should wear a virtual condom.

Virtual Machine baby!

A virtual machine is something you can download on your PC and as well as on your mac! (it’s just a little harder).

It will protect your actual computer from getting any type of virus or rat installed.

I don’t want to suggest any in specific because I think it’s best you find which one works for you.

In most cases

I think that in most cases exploits are localized, but remote ones can be just as bad.

It’s likely though that if you were infected it was because of careless use of the computer. I’m not here to scare you, the truth is that hackers just aren’t all that interested in Joe Blow who logged in to check out Jay’s blog and watch cat videos.

Back to the man who messaged me

I am a bit all over the place here, given it’s way past my bed time and I am turning into a pumpkin at this point.

He’s been doing research on what may have happened but he advises me that he finds it hard to understand some of the terminology that comes along with exploits. I want to take this time to simplify some of these terms in a way people who don’t know a lot about computers can understand.

TERMINOLOGY

#1 Phishing

This is when a hacker poses as something legitimate, in an attempt to have you reveal personal information to them. It’s often done on a large scale.

They will for example send you an email asking you to login to your Amazon to win free money, only to direct you to a fake page that looks like Amazon, where it will record your login information.

#2 RANSOMWARE

This is a form of malware that is used to lock people out of their files by encrypting them. Often they will be asked money to have the files recovered. Which may or may not happen.

#3 SPOOFING

This is one I see people fall for time and time again unfortunately. It’s when someone makes their information seem like it’s coming from somewhere else when it’s not. So one might use an exploit to make it look like their email is amazonsupport@amazon.ca or whatever. It can get way more complex than that but that is a topic for another time.

#4 Brute Force Attack

This is basically exactly how it sounds. Often the attacker uses software that gains access to accounts by guessing the password / username with trial and error.

#4 DDOS

This is a Distributed Denial of service attack. This hacking terminology is highly common among hackers and is a major concern for website owners and developers. A DDoS attack is carried out with the aid of zombies or botnets controlled by black hats. By programming the botnets, the black hats command them to send data packets to the targeted web server from multiple systems. This floods the target server thereby slowing down or even crashing and shutting down the server thereby disrupting any activity. All the while the user of the server is oblivious to the attack.

#5 Payload

Essentially, a payload is a cargo of transmitted data over a network. However, in black hat hacking terminology, a payload refers to the part of the virus that performs malicious actions, such as compromising data, destroy information, or hijacking the computer system.

#6 Rat

Remote Access Tool or Remote Access Trojan (RAT) is a form of malware which can be operated by even an unskilled hacker. Once a RAT is installed on your system, the attacker gains complete control of the system. While RAT can be used for legitimate purposes, like when a user wants to access his home computer from another location, it is largely used for illegitimate reasons.

#7 Cloaking

Hackers often use Cloaking to present different content or URLs to human users and search engines, thereby cloaking them under legit looking web material. Hackers use dynamic scripts and .htaccess rules to hide their tracks by returning a 404 or 500 error code to certain IP addresses or browsers while serving spam to other IP addresses or browsers.

#8 Encryption / Decryption

The process of scrambling data or messages making it unreadable and secret. The opposite is decryption, the decoding of the message. Both encryption and decryption are functions of cryptography. Encryption is used by individuals as well as corporations and in digital security for consumer products.

#9 Opsec

OpSec is short for operational security, and it’s all about keeping information secret, online and off. Originally a military term, OpSec is a practice and in some ways a philosophy that begins with identifying what information needs to be kept secret, and whom you’re trying to keep it a secret from.

Very important this one, take it seriously.

#10 Worm

A specific type of malware that propagates and replicates itself automatically, spreading from computer to computer. The internet’s history is littered with worms, from the Morris Worm the first of its kind, and the famous Samy worm, which infected more than a million people on MySpace.

All this said, I hope that the importance of keeping yourself protected is becoming more important.

I’m going to end this article off here, but this blog is still in it’s infancy and I am always updating things. Keep updated with what I post by subscribing / following me on twitter.

If you have any questions, please comment below and I will answer them in this blog post for each of you.

Until next time & as always, stay safe.

The Love Scam, Praying on peoples emotions for as long as we can remember.

Have you ever been in love? Unfortunately when that love is found online, it’s not always as it seems.

People have been using this scam for a long time. They will sign up for dating sites under a fake name with photos that are not of them. These are the worst kind of social engineers, completely heartless in nature. They want you to open your heart so that they can promptly open your wallet as well.

How does it happen?

Most commonly (but not always), it will be someone from another country posing as a beautiful woman / man on a dating site. They find lonely and vulnerable people and begin to chat with them. Once some connections are established they will begin to tell you about their problems.

The hook

They will tell you that something bad has happened to them and they need money to solve it. For example: they will say that they were arrested and need money to be released or that they need money to keep a roof over their head often offering to repay it.

Then comes the milking…

You don’t just pay it once oh no, once they realize you will send them money…

They will ask again.. and again.. and again. A bit like a broken record you could say.

Take a look at this person who lost a bunch of money to this scam: https://www.bbc.com/news/uk-northern-ireland-47222958

How can YOU prevent this?

The internet is such a big place with so much going on. For every one good thing here, there are multiple dangerous and shady things.

I’ve devised some ways to ovoid this happening to you, and if I can help just one person ovoid this scam I will be happy. Here they are below:

Always verify who you are talking to is who they say they are:

The best way to do this is by talking over a video chat, where you can see they are the person in the picture. You can get to know them more as you speak.

Be wary of anyone asking for money online:

I’m not saying that you can’t help anyone, I just advise you make sure that the reasons are just.

Never spend more than you can afford, even when it comes to love.

It hurts me so bad to see that some poor people have lost their whole life savings to these scams, I wish there was more I could do to help them.

Educate yourself

The best prevention is preparation in my opinion. The more you know about how this is done and the methods they are using the better you can protect yourself.

When in doubt, ask a friend.

Sometimes people fall for this because they are blinded by love. That’s exactly what the scammers want. If you start to feel like something may be wrong in your online relationship, ask a friend to advise you. An outside prospective may just save you.

Those were some points on how I think once can protect themselves.

Have you been a victim of this, or believe you may be? Let me know. I would love to hear about it, or possibly help in any way that I can.

As always, be safe out there friends.

That one time I got arrested for cracking the MCdonalds App.

Before I even start, just know that the Mcdonalds Mobile app is in NO way secure and should be avoided at ALL COSTS.

A little bit of boring backstory:

It all started when I decided to pack up my bags and leave Nova Scotia to move to Ontario.

My girlfriend and I left everything we had behind and moved to a new place to be closer to her family, I had nobody and very limited money.

I searched online to no avail searching for some type of ”Money Maker” you know, those get rich quick promise you the world type things…

Anyway, I came across this cracking website I will not name and learned how to use SentryMBA to use codelists to break into things like Facebook, Wifi, Apps etc.

DISCLAIMER: DO NOT ATTEMPT THIS, YOU WILL EVENTUALLY BE CAUGHT!

How Mcdonalds came into the picture

Well, to put it simply… I was hungry. Why else does anyone go to Mcdonalds? But for me there was just a little bit more to that.

I literally just called a company I won’t name (Hint: picture golden arches) and asked for a list of emails for accounts, surprisingly enough… It worked!

Next thing I did was get a free list of commonly used passwords and put them both into SentryMBA and began trying them on the website to see if they worked (it does it automatically and very quickly)

SUCCESS !!! IT WAS EASY

Bro, I was about to be rolling in Bigmacs all day long until I was so overweight. Lol I was literally on cloud 9 want to know why?

When I used the list I got access to 100 or more accounts in less than 5 minutes, and they ALL had creditcard information. This meant I could order whatever I want whenever I want.

Oops, they flag the purchases.

I may or may not have made some purchases before being caught for less than 25$, but this one fateful day I purchases two identical orders for over 30$ each which instantly sent the email to the owner who decided to call Mcdonalds and surprise, here I was standing there grinning waiting for my food.

The cops were called and I was arrested on the way home.

I got a court summons, had to admit guilt and eventually paid restitution to have my case dismissed. That all happened today.

Moral of the story

Don’t try to take something that isn’t yours, I don’t care how bad you need it. You don’t know the person on the other end. I know I learned my lesson.

Oh. And also, don’t trust Mcdonalds App, they are super insecure and you could lose your money easily.

I’m not the only one who did this

This is still happening and Mcdonalds is doing nothing to stop it. Just check out this news post from Quebec: NEwS

Out of Ideas.

I’m really out of ideas to write in relevance to this, so I would love to have you ask some questions so that I can respond to the questions and make this article more enjoyable! Thanks again for reading, i’ve got a Starbucks coffee with my name on it.

Ransomeware could infect you easier than you think.

Danger: Your computer has been infected. Please send 1000$ to X BTC Address.

The FACTS:

  • 75% of companies effected by ransomware are running up to date protection
  • 580/1000 Cyber Security Experts state they are NOT prepared to defend against a ransomware attack.
  • Ransomware costs companies over 75 Billion $ a year and rising
  • Once your files are encrypted and locked the only way to decrypt them is with a decryption key
  • The hackers may or may NOT unlock your files after paying.
  • A Bitcoin purchase is usually required to unlock your files

What can YOU do about it?

THE SAD TRUTH

The sad truth is that nothing can be done to stop this once you are infected without costing you a pretty penny. This is exactly why the PREVENTION needs to be done BEFOREHAND.

Tips to prevent infection, Courtesy of Norton.

  1. Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
  2. Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
  3. Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls.
  4. Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
  5. Do employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
  6. Do make sure that all systems and software are up-to-date with relevant patches. Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.
  7. If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi like Norton Secure VPN.

Source for the top 7 list

I believe that if you follow these tips you could succeed in keeping your account safe… For the most part.

Be safe out there friends!

People are using Social Engineering to Fraudulently obtain Amazon goods and heres how…

For the new reader who may not know, here is a quick rundown of what Social Engineering is:

Social Engineering is; by definition: the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

What makes this dangerous?

There are multiple reasons why this can be dangerous to a normal person. There have been so many cases of Identity Theft related to this.

.

How is it being used to con amazon out of money?

Well, Social Engineering plays on the emotions of people. So Generally what happens is that people order expensive products off of amazon like THIS computer for example.

What happens next?

The crafty con artist will then pay for the item with a credit card and have it delivered to their / someone else’s home.

Once it arrives, amazon has a number that you can call to report any problems with your item.

Con artists will make up story after story of excuses as to why the product didn’t show up / was stolen etc.

Typically, amazon will want you to send the product back for a refund but in special cases they do not require the product.

I don’t believe you! what is an example of an excuse?

Here is a rather simple one I have read about somewhere or other in the past…

Con Artist – ”Hey, I ordered this computer to my home and the person dropped it off without having me sign for it! My poor grandmother couldn’t take it in the home before I got back from work and some kids stole it! Please help me, I really need the money for school!”

Amazon rep – ”I am sorry to hear that, since you have an account in good standing we will send you a new one or process you a full refund first thing tomorrow”

These things happen people and more commonly than you think!

Depending where you stand on Social Engineering, these are the facts and how Con Artists implement them every single day right under the nose of the general public.

I would love to hear your thoughts on this, feel free to comment of subscribe to the blog to get notified when I post! I do post daily.

The best possible book to read if you want to disappear.

A bit out of my normal posting habits I admit, but this is a MUST share.

I read this book some time ago and I really just couldn’t put it down, there is so much information about Anonymity in it that it doesn’t even compare to anything I could personally write.

If you’re so inclined, please check it out: HERE

The book is called How to Be Invisible by J.J Luna

You can get it at the above links as a test read for FREE before actually purchasing it, and it should teach you a ton that would actually surprise almost anyone.

Goodluck on your quest to be invisible!

Hi, i’m Jay.

So excited to get stared!

I am a Social Engineering expert who may or may not have been arrested a few times for practising (oops).

I want to discuss different methods being used in current times for Social Engineering, as well as what it is and how it’s done.

I have been passionate about this topic for many years and hope that you follow this journey with me.

Look no further for interesting information on Social Engineering and join my on my quest to enlighten the masses on this and Cyber Security! Please read on and enjoy.

Create your website at WordPress.com
Get started