Author: admin

Stupidest Scam of the Week – Your Real Life Superpower Revealed

The email is titled “Your Real-Life Superpower Revealed”.

So this is obviously either a stupid quiz or a stupid scam message and this one is a scam.

It begins:-



Imagine being able to bend the world to your will.

What if you could use your mind to create a reality that you desire in the same way that Neo did in the blockbuster movie The Matrix?

Believe it or not, some of the smartest, most successful and most educated people in the world believe we are living in a Matrix-like virtual world.

Movies like the Matrix are great fun and very creative but they are just movies. How we think obviously influences our lives a great deal, but anyone who thinks that they can create their own world using the power of their mind is either permanently day-dreaming or heading for a major mental problem.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

Google Project Zero

Project Zero is the name of a team of security analysts employed by Google, tasked with finding zero-day vulnerabilities in commercial software. This means bugs in other people’s software that can lead to security problems. They have no interest in everyday bugs that affect people’s work but not security.

After finding a number of flaws in software used by many end-users while researching other problems, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by its users. It’s establishment fits into the larger trend of Google’s counter-surveillance initiatives in the wake of the 2013 global surveillance disclosures by Edward Snowden.

Responsible Disclosure

When serious security bugs are found in software, should the world be informed or just the software maker?

Bugs found by the Project Zero team are reported to the manufacturer and only made publicly visible once a patch has been released or if 90 days have passed without a patch being released.

This is Google’s way of implementing responsible disclosure, giving software companies 90 days to fix a problem before informing the public so that users themselves can take necessary steps to avoid attacks.

Notable Discoveries

On 30 September 2014 Google detected a security flaw within Windows 8.1 which allows a normal user to gain administrative access. Microsoft was notified of the problem immediately but did not fix the problem within 90 days, so the information about the bug was made publicly available on 29 December 2014. Releasing the bug to the public brought a response from Microsoft that they were working on the problem.

On 19 February 2017 Google discovered a flaw within Cloudflare, which caused their edge servers to run past the end of a buffer and return memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data.

On 27 March 2017 Project Zero discovered a vulnerability in the popular password manager LastPass and four days later LastPass announced they had fixed the problem.

Project Zero was involved in discovering the Meltdown and Spectre vulnerabilities affecting many modern CPUs, which were discovered in mid-2017 and disclosed in early January 2018.

Keep up the good work!

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

How Scammers Make Their Offer Irresistible

Scammers use a set of psychological tricks to make you trust them then accept whatever they are offering.

These’ ‘tricks’ are well-known and used by Marketers and many others.

These include

  1. Create a sense of legitimacy
  • Lists of references from satisfied customers
  • ‘Professional’ reviews of the product or service
  • Celebrity endorsements
  • Ride on the back of well respected products2

2. Invoke emotion

  • Create excitement around a new release or a ‘first’ of some kind
  • Create fear that they may miss out on the product or service
  • Make them worry they may regret not taking the opportunity
  • Create anger that the product has been kept hidden away from the public until now

3. Create a sense of urgency

  • Fake deadline
  • Only a limited number/amount of the product remains
  • Be the first to get this product or service

4. Use social influence

  • Happy references from members of the public
  • 100,000 people have tried this and recommend it

Do think about how the scammer’s message affects you before making any decisions. This also applies to whenever someone is trying to sell you something  or to get you to do something.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Why You Need Double Opt-In Marketing

With single opt-in, you let people sign up to your newsletter, subscription or whatever by simply clicking once on a link or filling in a contact form etc.

But double opt-in takes this a stage further and you have to get the person to either return an email confirming their registration or  click on another link in an email to confirm.

Hence it is a two-step process to register.  This extra step will mean you lose some people, who would have otherwise registered with just the single opt-in, but there are advantages to double opt-in and it becomes law in May 2018 with the European Directive General Data Protection Regulation (GDPR).

From May 2018, consent for processing personal data and any Marketing communications must be freely given and unambiguous pre-ticked boxes, generic descriptions or over complicated terms and conditions.

GDPR also states that companies must keep a record of how and when the customer gave such consent. The double opt-in method is considered the easiest way to comply.

If you’re offering incentive to get people to sign up to your subscription or newsletter etc. then there are likely to be many people who sign up but with fake email addresses and spambots that try to sign up.  This means that many of the email addresses on your list will be bogus and hence you will be wasting your time sending out emails to them.

Double opt-in takes care of this as only people who give correct email addresses will sign up and if the second stage of confirmation has not put them off then you have a better quality email list.

So, double-opt-in as well as becoming a legal requirement may actually help you.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Identify Ransomware

If you are hit by Ransomware, you need to block off the attack by removing Internet access from your PCs and  servers,  stop any encryption processes in progress and any other processes running that shouldn’t be running.

Then the first stage of investigation is to identify what you’re facing and the website is a good starting point.

You upload one encrypted file or the file that is the ransom message to this website and it will try to identify the variant of ransomware. Currently it can identify more than 500  different variants.

For each there is extra information which can tell you if there are decryption keys available on the Internet.

Some anti-hackers try to find the decryption keys and post them freely, but the blackmailers do know this and try to stay of ahead of them by using new variants for which there are no keys available except for the one held by the blackmailer.

The website is run purely as a free service to the public and does not decrypt files for you – you need an IT  professional for that (assuming it’s possible as many cannot be decrypted without a key from the blackmailer)

If you have a suspected virus rather than ransomware then there is a website that may help to identify it  at

As always, the advice is that it’s best to avoid being held to ransom – ensure you have adequate systems protection in place, staff that have been educated on the danger of cyber attacks, regular backups (including off-site) and have a plan in place to deal with a ransomware attack.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

The Danger of Internet Connected Gadgets in Your Home

Some homes are now filled with dozens of appliances, devices and children’s toys which can be connected to Wi-Fi and some are useful while others are just for fun, but if they are not fully secure the consequences can be unpleasant .

Often set with a default password or no password, these devices can  provide an easy route for cyber attackers to get into your systems and look for confidential information.

The Internet of Things

The “Internet of Things” is a name for the adoption of Internet enabled devices in the home. The idea being that more and more household objects will communicate over the Internet. Common such items now include thermostats controlled by an APP, smoke alarms that phone you, toys that access Internet stories and music, the Alexa and Google Home devices that you can say instructions to and they use WI-FI to control other devices or find information or translate something. This also includes Internet-connected “wearable” devices, such as fitness bands which upload your GPS co-ordinates and telemetry to the Internet so you can access the data on your PC.

Many companies are working on more of these Internet of things devices.

These devices can give out information to interlopers that you may not consider e.g. the recent case of American Special Forces soldier wearing fitness bands and their location being broadcast on Google.  OOPS.

How to Make Your Connected Home More Secure

  • Secure the wireless network. Use the WPA2 protocol if your broadband router allows that option.
  • Give your Wi-Fi network an unusual name that doesn’t identify your address e.g. General Electric.
  • If guest access is enabled on the network – disable it.
  • If your router is capable of creating two separate WI-FI networks then use one for computer devices and a separate one for household gadgets.
  • Always use strong passwords that cannot possibly be guessed by anyone e.g. a string of random words.
  • Login name is often admin or administrator by default – If you are able to change the login name then change it to something that cannot be guessed.
  • Disable any remote access for gadgets. If you ever need it for allowing the supplier to fix a fault then you can re-enable it temporarily.

Some of these gadgets have appropriate Internet security and insist on strong passwords etc.  but others have little or no thought of security, so you must take care to plug any holes in security.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature