Category: information

Website Comments and Pingbacks

“I truly love your website.. Excellent colors & theme. Did you build this amazing site yourself? Please reply back as I’m wanting to create my very own blog and would love to know where you got this from or exactly what the theme is called. Appreciate it!” by home and family crafts  at homeandfamily.eux

Now this sounds like an enthusiastic comment on my blog.

But it isn’t. It’s a computer generated random comment and instead of being added as a comment – it’s been added as a Pingback.

What are Pingbacks?

These are like making comments by remote.

The spammer makes an entry on their own website/blog etc. and adds a large number of links to pages she wants to advertise.   Each link goes to the comments section of a legitimate blog (or website) such as Fightback Ninja blog.

That registers a comment (pingback) on my blog and when I read it that counts as a page hit on the scammers website.

Scammers and spammers want high levels of traffic to their websites as they can then charge more to their own advertisers, but I don’t want pingbacks because they are always spam.

Pingbacks are automated and meaningless. If someone wants to make a legitimate comment, they would do so and not use a pingback.

Self Pingbacks

Self-pings (pings within your own blog) are found useful by some, annoying by others. Those who find them useful feel that if someone finds the old post that they will see the link to the new post. But some are unsure if this is a good idea or not.

Normally when you create a link, the entire URL including http:// is used. That will cause a self-ping.

To prevent self-pings, use a shortened url i.e. remove the http:// and the domain name

e.g. http://fightback.ninja/the-1000-gift-card-scam/ shortens to /the-1000-gift-card-scam/

Note: Your editor may add back the domain information so you need to check this.

How to Disable Pingbacks

In WordPress, go to Dashboard, settings, discussion and find the relevant box to untick.

You can also disable pingbacks on individual posts via the Discussion metabox on your Add New or Edit Post page:

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Horizon: The Day the NHS Died

We all watched in shock as the NHS was forced  to shut hospitals, send patients home, cancel operations and close surgeries due to the WannaCry ransomware that disabled many of the NHS systems in mid May 2017.

The BBC Horizon programme “The Day the NHS Died” tells the story of what happened – how the NHS coped and the guys who stopped the ransomware in its tracks.

The presenter, Kevin Fong,  is a doctor so the programme was very much about the medical effects of what happened.  The attack started on May1 2th and rapidly spread across the NHS because of certain old computers still on the network and newer computers that weren’t up to date with security patches.

Much of the NHS relies heavily on computer systems – especially radiology  and once the attack was recognised much of that equipment had to be turned off to prevent the attack spreading to those systems as well.

The two guys who stopped the attack work in cyber security and looked at the ransomware code and discovered a website address which turned out to be an off switch for the ransomware and they used it to stop the attacks.

The programme is interesting but also worrying at how badly the NHS fared compared to other organisations. There’s a lot of work to do on the NHS computer systems to make them secure and that means a lot of money needed.

Watch now on iPlayer at

http://www.bbc.co.uk/iplayer/episode/b08vfzm0/horizon-2017-cyber-attack-the-day-the-nhs-stopped

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Warrington Gears Up Against Scammers

Friends Against Scams run awareness sessions around the country to educate people on how to avoid scammers and what they should do if they or someone they know is caught up in a scam.

There was such a session in Warrington recently and it seems to have had a big effect.

All those attended signed-up to be a “Friend Against Scams” or a “Scam Champion” and have pledged to raise awareness and spread the word across communities about the dangers of scams, particularly to Warrington’s most vulnerable residents.

As part of the event, they showed how criminals attempt to trick people with official looking documents or websites, or convincing telephone sales patter, with the aim of persuading them to send a “processing” or “administration” fee, pay postal or insurance costs or make a premium rate phone call.

A relative of a 78-year-old man from Cinnamon Brow who was a recent Warrington mail scam victim said: “I tried intercepting as many letters as I could find in his house and return them with ‘gone away’ but that had no effect on the volume of mail sent. He was still receiving at least one hundred scam mailings a week. “I estimate he has spent at least £30,000 in four years on scam mail products and scam lotteries.

Dr Muna Abdel Aziz, director of public health for Warrington, said: “Scams come in many forms, and scammers will target people of all ages, backgrounds and income levels. We receive complaints from residents who have lost thousands, and in some cases, tens of thousands of pounds

“These sessions aimed to empower residents to recognise and avoid scams and to help friends, family and neighbours do the same. Financial loss is not the only cost to victims, as feelings of vulnerability can also have a devastating impact.”

For more information about the campaign and how to get involved visit, go to  http://www.friendsagainstscams.org.uk

Friends Against Scams is a National Trading Standards Scams Team initiative which aims to protect and prevent people from becoming victims of scams by empowering communities to take a Stand Against Scams.’

Do you have an opinion on this matter? Please comment in the box below.

What is the Dark Web?

The Dark Web is the websites that the owners don’t want you to find, unless they specifically give out an invitation. These sites are not on Google or other search engines because they have never been registered  and deliberately don’t have links from other sites that Google or other search engines know about.

It’s true that most of the Dark web is about illegal activity including fraud, phishing, terrorist activities, drugs, hacking etc. However, there is some activity on the Dark web that people don’t want to be seen but is not illegal such as whistle-blowers preparing or sharing information, things that are legal in some jurisdictions but not in others, unmonitored communication in countries with totalitarian controls etc.

Darknet websites are accessible only through networks such as Tor  and I2P (“Invisible Internet Project”). Tor browser and Tor-accessible sites are widely used among the darknet users and can be identified by the domain “.onion”.

These route the users’ data through a large number of intermediate servers, which protects the users’ identity and gives anonymity. The complicated system makes it almost impossible to decrypt the information even  layer by layer. Communication between darknet users is highly encrypted allowing users to talk, blog, and share files confidentially.

Web Based Hidden Services in January 2015

Directories 2.5% Blogs 2.75% Pornography 2.75% Hacking 4.25%
Searches 4.25% Anonymity 4.5% Counterfeit 5.2% Whistle blowers 5.2%
Wiki 5.2% Email 5.2% Bitcoin 6.2% Market 9%
Drugs 15.4%

There are markets similar to Amazon but that sell illegal items such as drugs, weapons, hacking software, viruses, etc. Many hackers sell their services individually or as a part of groups. Various government bodies around the world try to track activity on the Dark Web but it is not easy.   There are numerous forums where credit card details and identities are sold.

Amongst the numerous illegal activity sites are scam sites that defraud people trying to carry out illegal activity.

See http://www.fightbackonline.org/index.php/guidance/12-explanations/69-the-dark-web-what-is-it for further information.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

The Identity Theft Resource Centre

http://www.idtheftcenter.org/

The Identity Theft Resource Centre (ITRC) is a non-profit organization that supports victims of identity theft in resolving their cases, and broadens public education and awareness in the understanding of identity theft, data breaches, cyber security, scams/fraud and privacy issues.

It is for American citizens only. You can call the ITRC on a Freephone number and they provide no-cost case mitigation and consumer education to approximately 10,000 victims and consumers annually. ITRC maintains records of data breaches and publish the list each week.

ITRC aim to:-

  • Educate consumers, corporations, government agencies, and other organizations on best practices for fraud and identity theft detection, reduction and mitigation
  • Serve as a relevant national resource on consumer issues related to cybersecurity, data breaches, social media, fraud, scams and other issues.

The ITRC also conduct research and surveys in collaboration with partners and sponsors resulting in white papers, fact sheets, and solutions to educate consumers and businesses.

They believe that prevention and reduction of identity theft will require education and cooperation between consumers, businesses, law enforcement agencies, and legislators.

ITRC is a very useful organisation and they help a lot of people each year.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

A World of Passwords

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce and is one of America’s oldest physical science laboratories.  NIST produces  a wide range of measurements and standards, many of which are used world-wide and contribute to many advanced technologies, materials and fabrication.

NIST also produces guidelines for the system developers who create APPS needing passwords and tells them what checks should be made and what restrictions to apply.

The latest guidance on passwords is DRAFT NIST Special Publication 800-63B Digital Identity Guidelines

It says that passwords should be

  • chosen by and memorable for the user.
  • of sufficient complexity and secrecy that it would be impractical for an attacker to guess or otherwise discover them.
  • at least 8 characters in length (unless allocated by the system in which case they should be at least 6 characters)

In the last few years, most websites needing passwords have insisted they include capital letters and numbers, but this new guidance says that’s unnecessary.

Systems shall not permit the subscriber to store a “hint” (for their password)  that is accessible to an unauthenticated user.

When processing requests to establish or change passwords, systems shall compare the prospective password  against a list that contains values known to be commonly-used, expected, or compromised. For example, the list may include (but is not limited to):

  • Dictionary words
  • Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’)
  • Context specific words, such as the name of the service, the username, and derivatives thereof.

If the chosen password is found in the list, the system shall advise the subscriber that they need to select a different secret, shall provide the reason for rejection, and shall require the user to choose a different value.

There should be a maximum number of times a user can try to input a password, and then the user should be blocked temporarily.

For some years, it became common for systems to require a password be changed every 6 or 12 months and that advice was given out many times, but this has changed. It is now recommended that systems do not require password changes. Users can choose to change their passwords whenever they wish.

Passwords are essential to access many online services and hopefully the new guidelines will enable the developers to make the process of selecting a new password easier and more secure than previously.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

The Hero Who Stopped NHS Ransomware Attack

The WannaCry ransomware attack of May 2017 wasn’t aimed at the NHS, it was spread across Europe and Asia and happened to hit the NHS very hard for a series of reasons including that they had old Windows 95 machines on their network and because their network has a huge number of computers attached to it.  The ransomware demands users pay $300 worth of online currency Bitcoins to retrieve their files, but the price goes up if they don’t pay quickly and of course there is no guarantee that payment allows file retrieval.

An anonymous  UK cybersecurity researcher (known by the Twitter handle @malwaretechblog)  with the help of Darien Huss from security firm Proofpoint looked at the ransomware and discovered the name of a website which was being accessed by the ransomware. But the website address hadn’t been registered by anyone. He bought the domain name in order to track the activities of the ransomware but in fact it was a “kill switch” that stopped the ransomware from spreading any further. Well done, if unintentionally.

That didn’t help the people whose computers had already been infected but it stop the outbreak from continuing.

Unfortunately once the scammers realised how the malware had been stopped, they created and released a version that ignored the kill switch. But at least people had time to build defences against another attack.

The researcher, who identified himself only as MalwareTech, is a 22-year-old from south-west England who works for Kryptos logic.

MalwareTech explained that he bought the domain because his company tracks botnets (automated networks of controlled computers), and by registering these domains they can get an insight into how the botnet is spreading. “The intent was to just monitor the spread and see if we could do anything about it later on. But we actually stopped the spread just by registering the domain,” he said. But the following hours were an “emotional rollercoaster”.

He also said he planned to hold onto the URL, and he and colleagues were collecting the IPs and sending them off to law enforcement agencies so they can notify the infected victims, not all of whom are aware that they have been affected.

He said he got his first job out of school without any real qualifications, having skipped university to start up a tech blog and write software.

“It’s always been a hobby to me, I’m self-taught. I ended up getting a job out of my first botnet tracker, which the company I now work for saw and contacted me about, asking if I wanted a job. I’ve been working there a year and two months now.”

Well done hero – he’s now an honorary Ninja.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Walkers Crisps 2016 Competition Scam

Walkers Crisps spent a fortune advertising their summer competition called Spell and Go, using Gary Lineker in the promotions.

The adverts claimed 20,000 holidays were to be won including trips to Hong Kong, Tokyo, New York, Bangkok and lots more places. It all sounded great.

Simply buy a bag of Walkers and enter the 12 digit code on the bag into the Walkers website and it will give you a letter. You collect the letters until you have the destination name you want and you claim the holiday.

In case you cannot find all of the letters you want, there was a swap feature whereby you could swap a letter for another random one or swap with another person.

BUT, once the competition had got going, frustrated and angry people used social media to vent their feelings towards Walkers.

The problem was that all of the destinations contained one or more of the letters C,D and K and those just didn’t turn up. Nobody could find one and on the social media sites no-one could be found that had actually won one of the holidays. Eventually some people did claim to have won but it still seemed a virtual impossibility.

Figures provided by Walkers to the Advertising Standards Agency show that only 796 of the claimed 20,000 holidays were ever won.

Of the 12.8 million times people had entered a code on the website – just 98 letter Ks, 252 letter Ds and 278 letter Cs were given out.

PLUS, in the swap facility there were zero letter Ks, letter Ds and letter Cs – what a scam.

The Advertising Standards Authority received over a thousand complaint about the competition and ruled that because some of the valuable letters were released they couldn’t declare I the whole competition misleading but that the random swap feature was misleading and Walkers must do better in future.

Let’s hope that Walkers have learned their lesson and will not aggravate their customers with this kind of misleading Marketing in the future.

Do you have an opinion on this matter? Please comment in the box below.

Victim Support

Website:  https://www.victimsupport.org.uk/

VICTIM SUPPORT is an independent charity that works towards a world where people affected by crime or traumatic events get the support they need and the respect they deserve. They help people feel safer and find the strength to move beyond crime. Last year they offered support to just under one million people.

If you’ve been affected by crime, Victim Support can support you to move forward. The services are free, confidential and available to anyone in England and Wales, regardless of whether the crime has been reported or how long ago it happened.

Contact Victim Support by phone on their national number (08 08 16 89 111 ) or by local phone number or go online.  (The care team in Surrey is on 0808 168 9274)

Practical help

Being a victim of crime can lead to all kinds of practical problems. This can range from minor issues (such as damage to your property or having to fill in insurance forms), through to serious medical problems or the loss of your home. While emotional support can help you to deal with your feelings after a crime, practical problems often act as reminders of what you’ve been through and make it harder to get your life back under control.

That’s why they also offer help with sorting out the practical implications of crime.

They can help with simple tasks like filling out forms (for compensation claims, for example), getting broken doors and windows fixed and installing burglar alarms. they can also assist with bigger problems such as getting medical treatment, getting rehoused or dealing with the criminal justice system over the course of your trial. They’ll give you the information you need to understand your options and next steps.

Everyone reacts to crime differently, which is why their services are tailored to individual needs. They’re here to help anyone affected by crime, not only those who experience it directly, but also their friends, family and any other people involved.

About Victim Support

The main source of income is from Police and Crime Commissioners and other statutory and non-statutory bodies for the essential services that are provided to victims.

But Victim Support relies on donations to help fund projects and services for other service needs. Donations are vital to help them work for a world where people affected by crime and traumatic incidents get the support they need and the respect they deserve.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Pay To Give a Presentation

Normally, people are paid to give presentations  –  not the other way around, especially at conferences.

An email from ubm-info.com which belongs to UBM who are organising the Technology for Marketing conference for September 2017 in London.

The email is about a  Call for Papers – they want people to present papers in areas to do with use of technology in Marketing.

They want

  • Case studies on multi channel approaches
  • The competitive edge of personalisation
  • Leadership in the modern age
  • How content can transform the brand story

And so on.

This all sounds reasonable.

The bottom of the email states “Please note that submissions from suppliers may be liable to a fee if entry is successful”

It sounds mean to charge people for giving a presentation but maybe it’s just a catchall statement and they reserve the right to charge if a supplier is basically giving a sales pitch rather than just a presentation.

That’s the world of Marketing.

Do you have an opinion on this matter? Please comment in the box below.