Author: admin

Virgin Media Customers at Risk of Hacking

Virgin Media has told 800,000 customers to change their router passwords to protect against being hacked.

This only applies to Virgin media customers with the Super 2 router. The router is box that provides your Internet connection and WI-FI.

Which consumer magazine has been investigating Wi-Fi in the home and discovered this problem.

Virgin Media said the risk was small but advised customers using default network and router passwords to update them immediately. This means that if your router has never had its password changed, then you should consider changing it.  To do this you need to use your browser and connect to the http address for the router.

A spokesman said: “The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards. We regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions.”

Supposedly, the issue exists with other routers of the same age and is not exclusive to the Virgin Media model.

Which carried out the study in conjunction with ethical security researchers SureCloud and they tested 15 devices -of which eight had security flaws.

In one case a home CCTV system was hacked using an administrator account that was not password protected. Hackers were able to watch live pictures and in some cases were able to move cameras inside the house.

Which? called for the industry to improve basic security provisions, including requiring customers to create a unique password before use, two-factor authentication, and issuing regular software security updates.

Do you have an opinion on this matter? Please comment in the box below.

Scumbag Awards 2017: Most Public Ransomware

Category: Most Public Ransomware

Wannacry

May 2017, this stopped several hospitals, doctors surgeries and much more for days before it was stopped.

 CryptoWall

This nasty piece of work encrypts your files and they cannot be decrypted by anyone else plus it deletes any backups. Very common through 2016

Teslacrypt

This targeted specific computer games and charged $500 in bitcoins for the decryption key. In mid-2016 the developers shutdown the ransomware and published the master decryption key and just the word ‘Sorry’

 

Vote by email for your favourite.

Website Comments and Pingbacks

“I truly love your website.. Excellent colors & theme. Did you build this amazing site yourself? Please reply back as I’m wanting to create my very own blog and would love to know where you got this from or exactly what the theme is called. Appreciate it!” by home and family crafts  at homeandfamily.eux

Now this sounds like an enthusiastic comment on my blog.

But it isn’t. It’s a computer generated random comment and instead of being added as a comment – it’s been added as a Pingback.

What are Pingbacks?

These are like making comments by remote.

The spammer makes an entry on their own website/blog etc. and adds a large number of links to pages she wants to advertise.   Each link goes to the comments section of a legitimate blog (or website) such as Fightback Ninja blog.

That registers a comment (pingback) on my blog and when I read it that counts as a page hit on the scammers website.

Scammers and spammers want high levels of traffic to their websites as they can then charge more to their own advertisers, but I don’t want pingbacks because they are always spam.

Pingbacks are automated and meaningless. If someone wants to make a legitimate comment, they would do so and not use a pingback.

Self Pingbacks

Self-pings (pings within your own blog) are found useful by some, annoying by others. Those who find them useful feel that if someone finds the old post that they will see the link to the new post. But some are unsure if this is a good idea or not.

Normally when you create a link, the entire URL including http:// is used. That will cause a self-ping.

To prevent self-pings, use a shortened url i.e. remove the http:// and the domain name

e.g. http://fightback.ninja/the-1000-gift-card-scam/ shortens to /the-1000-gift-card-scam/

Note: Your editor may add back the domain information so you need to check this.

How to Disable Pingbacks

In WordPress, go to Dashboard, settings, discussion and find the relevant box to untick.

You can also disable pingbacks on individual posts via the Discussion metabox on your Add New or Edit Post page:

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Horizon: The Day the NHS Died

We all watched in shock as the NHS was forced  to shut hospitals, send patients home, cancel operations and close surgeries due to the WannaCry ransomware that disabled many of the NHS systems in mid May 2017.

The BBC Horizon programme “The Day the NHS Died” tells the story of what happened – how the NHS coped and the guys who stopped the ransomware in its tracks.

The presenter, Kevin Fong,  is a doctor so the programme was very much about the medical effects of what happened.  The attack started on May1 2th and rapidly spread across the NHS because of certain old computers still on the network and newer computers that weren’t up to date with security patches.

Much of the NHS relies heavily on computer systems – especially radiology  and once the attack was recognised much of that equipment had to be turned off to prevent the attack spreading to those systems as well.

The two guys who stopped the attack work in cyber security and looked at the ransomware code and discovered a website address which turned out to be an off switch for the ransomware and they used it to stop the attacks.

The programme is interesting but also worrying at how badly the NHS fared compared to other organisations. There’s a lot of work to do on the NHS computer systems to make them secure and that means a lot of money needed.

Watch now on iPlayer at

http://www.bbc.co.uk/iplayer/episode/b08vfzm0/horizon-2017-cyber-attack-the-day-the-nhs-stopped

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

The Scumbag Awards 2017

Most industries have their own awards to highlight top performers. E.g. The Oscars for the best over-actors and the Razzies for caught out over actors, the Stella award for dumbest lawsuits, the Darwin awards for dumbest life threatening accidents, the IgNobel awards for the most pointless scientific achievements etc.

So, the Fightback Ninja has created the Scumbag Awards 2017 for the scammer and spammers who make our lives miserable through theft of money, time and even identity.

Each week, the Fightback Ninja will select and publicise one or more categories of scam or spam and a list of contenders for the award. You pick the winner by voting online.

The awards will be announced in July.

Any scammer or spammer wishing to collect their award can do so at The Old bailey in London where a simple written admission of criminal activities will result in the award (and maybe a few years in jail to go with it).

There will; be awards for:-

  • The stupidest scammer
  • The biggest data breach
  • The most prolific lottery scam
  • Dating and Romance scams
  • Identity theft
  • The most destructive ransomware
  • Biggest phone scam

and more.

For runners and riders as they are selected, go to http://fightback.ninja/scumbag-awards-2017/

Do share this on social media #scumbagawards

Warrington Gears Up Against Scammers

Friends Against Scams run awareness sessions around the country to educate people on how to avoid scammers and what they should do if they or someone they know is caught up in a scam.

There was such a session in Warrington recently and it seems to have had a big effect.

All those attended signed-up to be a “Friend Against Scams” or a “Scam Champion” and have pledged to raise awareness and spread the word across communities about the dangers of scams, particularly to Warrington’s most vulnerable residents.

As part of the event, they showed how criminals attempt to trick people with official looking documents or websites, or convincing telephone sales patter, with the aim of persuading them to send a “processing” or “administration” fee, pay postal or insurance costs or make a premium rate phone call.

A relative of a 78-year-old man from Cinnamon Brow who was a recent Warrington mail scam victim said: “I tried intercepting as many letters as I could find in his house and return them with ‘gone away’ but that had no effect on the volume of mail sent. He was still receiving at least one hundred scam mailings a week. “I estimate he has spent at least £30,000 in four years on scam mail products and scam lotteries.

Dr Muna Abdel Aziz, director of public health for Warrington, said: “Scams come in many forms, and scammers will target people of all ages, backgrounds and income levels. We receive complaints from residents who have lost thousands, and in some cases, tens of thousands of pounds

“These sessions aimed to empower residents to recognise and avoid scams and to help friends, family and neighbours do the same. Financial loss is not the only cost to victims, as feelings of vulnerability can also have a devastating impact.”

For more information about the campaign and how to get involved visit, go to  http://www.friendsagainstscams.org.uk

Friends Against Scams is a National Trading Standards Scams Team initiative which aims to protect and prevent people from becoming victims of scams by empowering communities to take a Stand Against Scams.’

Do you have an opinion on this matter? Please comment in the box below.

Mobile Device Malware “Judy”

The Korean company Kikiwini published 41 Android APPS under the name ENISTUDIO Corp.

These could have infected up to 36.5 million Android devices by hidden malware that produced fake advert clicks.

Security firm Check Point identified these apps and realised these infected devices could be used to generate large amounts of fraudulent clicks on advertisements, generating revenues for the creators of the malware.

The malware was dubbed “Judy” by Check Point after the title character in Kiniwini’s apps. Chef Judy: Picnic Lunch Maker, for example, encourages players to “create delicious food with Judy

Google removed the apps from Google Play once it had informed of the problem.

How does Judy infect your device?

Hackers create a harmless app that can get around Google’s security screening and it is added to the app store.

Once it has been downloaded by users, it silently registers with the makers servers for update.  That update is not just latest software, content and adverts etc. It contains the code and list of web addresses. The APP then opens a browser window and starts to make clicks on the listed websites on the selected adverts. These clicks are registered by networks such as Google Ads and in time will produce payments to the makers.

This kind of cheating has been used in the past but this is one of the worst such examples and it circumvents Google APP security which they will not be pleased about.

Kiniwini also develop APPS for Apple devices but so far there are no reports of problems with those APPS.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.