Receiving Email from a Yahoo account warning

You may receive an Email from a friend [or someone in the family] who has a Yahoo account. [The Email address sent from may not be a Yahoo account but the person has one.]

In the Email, which may not have a subject, it will give you most likely a one line paragraph and to click on a link.

It may be something like:

“You can’t miss it! It’s my favorite one!”

The site above does not exist but is an example. Replace “Johnny” with the name of the person that sent it to you.

DON’T Click on the link in the Email.

Verify with the individual if they sent it. Do not reply to that Email directly.

I have received two of these the past couple of days. These are probably related to one of the two huge hacks on Yahoo over the past couple of years or so.


More on the Sony hack and North Korea’s Internet going out

Seems the Sony hack front has turned a bit in different directions.

First, Sony announced that two small independent chains in the US will be showing The Interview, that movie that has driven North Korean to go ballistics. The chains aren’t huge but it shows that Sony has decided to give in after banning the movie. The movie still [at last check] has no openings in various other countries.

Both US President Barack Obama and a number of high profile celebrities [most of them who vote for the Democrats] have come out saying that Sony made a mistake.

At one point there was though of a straight to video release [but I’m wondering what the North Koreans would think about that].

Interesting to note that Sony’s world headquarters is in Tokyo but they didn’t seem to be threatened. I guess the US is the worse of two evils.

Flipping the coin, it was reported that North Korea got hit with a 9.5 hour blackout. According to a report, North Korea has for cable links for the Internet all going through China – a friend of theirs. But President Obama asked China if they could investigate to see if the Sony hack originated on their soil. I guess China is caught between two upset “friends”.

Unsure what North Korea would do as they threatened to do to the US a thousand times what any retaliation on them.  Problem is that the links go through China. So unless China cut them….

Also wondering what kind of redundancy they have as all four lines dropped.

Interesting to note that in a CNN report, as little as 4-5 years ago, North Koreans connected to the Internet by using dial-up modem into a Chines network. Wow.

Even now, the Internet is restricted to senior government officials and their cronies, those paid bribes, etc. North Korea has a country wide Intranet with a reported 5000 sites but they are strictly controlled.

Does NSA have backdoor and spyware access to all devices and computers?

If you believe the story, and most [well except the conspiracy and anti-government nuts excluded] people would start to laugh at a story released by Der Spiegel at the end of last year which states that the NSA can access practically any device and computer out there through backdoors and other hacks.

There is a claim that NSA agents intercept brand new devices and computers when ordered and implant spyware onto the device or computer, reseal the package and send it on its way. That would means that either delivery companies have allowed NSA to intercept the packages or the manufacturer has. Quite unbelievable.

“According to internal NSA documents viewed…” So we are taking their word that they somehow were able to view these documents? No mention that the information supposedly came from Edward Snowden.

The article claims that even Huawei, a Chinese company owned by former Chinese army officers, would agree to the claims in the story – let alone who’s who of companies from Microsoft to Apple to Samsung to Cisco. That is one big conspiracy. [Although not owned by the Chinese government, most sure they indirectly control the company.]

The article claims the NSA can even eavesdrop on Blackberry communication – one of the hardest to hack into.

Obviously, any company mentioned in the article [or even if not directly mentioned] have denied that they are involved with the NSA in any spyware, backdoors, etc.

Dawson College student expelled for illegal site scan

Dawson College in Montreal has expelled a computer science student for a “serious professional conduct issue.” Ahmed “Hamed” Al-Khabaz discovered a security problem in a mobile application called Omnivox [made by Skytech Communications] used by the school to manage and allow access to student information. The application is widely used by educational institutions in the province as well as elsewhere.

When Al-Khabaz initially informed the director of Information Services and Technology, he was told that the problem would be fixed. They even congratulated him.

According to Al-Khabaz, the software has “sloppy coding” that allowed anyone “with basic knowledge of computers to gain access to the personal information of any student”.

Several days later, Al-Khabaz decided to see if the vulnerability still existed by using a website security scanning tool again. The tool is designed to be used with off-line copies of web applications, not on live sites.

Skytech detected the second scan and the company’s president called Al-Khabaz. Al-Khabaz claimed that and the company’s president threatened prosecution if he did not meet with him and sign a nondisclosure agreement. The company’s president confirmed the conversation but denied he ever made the threat. I suspect Skytech tried to cover up the glitch as there is no other reason to sign a nondisclosure agreement.

After a meeting with the dean and 15 computer science professors, Dawson deemed Al-Khabaz’s actions an attack and expelled him.

Skytech has responded to the backlash by trying to reach out to Al-Khabaz and help him continue his studies by offering Al-Khabaz a part-time job and a scholarship to continue pursuing his degree at a private college.

Dawson College and Skytech’s websites were both down on Monday apparently due to a denial of service attack.

Al-Khabaz should have known that scanning an institution [or anywhere] is illegal without consent. When he notified the administration I would be surprised if the administration didn’t made some type of comment like it was nice to notify us but you should be scanning the site and don’t do it again [but of course we don’t have the exact conversation].

He obviously shouldn’t have scanned again to see if it was fixed. It is not his job to do so. He’s probably lucky the school didn’t have him arrested.

It also looks like Skytech was trying to hide the security issues so it would not ruin the company’s reputation.

From the various reaction, some think Al-Khabaz should be given a reward [or even a medal] for exposing the security issue. Others suggested locking him up.

Note: The information has been taken from various sources and seemed to be reliable as of this publication date and time.

Update #1 2013/01/22: According to Dawson College, Al-Khabaz was warned after he reported the security issue. They also hinted that he actually may have entered portions of the site that he shouldn’t of entered [i.e. he may have gone into the financial system, grade system, etc.].

Update #1 2013/01/28: Al-Khabaz couldn’t wait to get onto any media outlet that would have him to claim his innocence. Hmmmm.