General February 22, 2021

A post about searching a software developer on LinkedIn that didn’t go as planned

I was and still am in need of a freelance Android developer with experience in Java. After trying all other possibilities (my own network) I decided to post the job on LinkedIn. Due to the special requirements of the project, I needed a very close and good cooperation between myself, the customer and the developer. For this reason, I asked in my post on LinkedIn to be contacted by freelancers in the CET +/- 2 Timezone. Now, if you look on a map, this means approximately until Turkey in East and Portugal in West. I did not mention restrictions on nations because I have no prejudices with whom I work. I work now and have worked in the past with people from all around the world and I can really work with anybody. I published it on Thursday the 18.2.2021, on Friday I closed the comments, and finally I erased it on Saturday 20.2.2021 in the evening.   Let’s have a closer look on the post.   I wrote specifically : I need an experienced freelancer PM me only if you meet this requirement… “Companies are excluded”, because I want to build a long-term relationship with that person.    Let’s…

News September 30, 2020

The Virus Bulletin Conference 2020 VBLocalhost is live and my video presentation is there

Here is the conference link: https://vblocalhost.com/conference/ You need to register first (free).   Here is my paper: One year later: challenges for young anti-malware products today I have to say that the VB team did a good job with the editing 🙂   I think I was too nice with Defender :))) What do you think ?   Here are some , more or less. funny facts about the session filmed: I did the recording in a one day, just before leaving on vacation. I needed more than 8 hours to do it I filmed myself 10 times, 8 of them from start to end a few times I made mistakes a few times my children made some noises once came the post once the cat started to meow so loud in front of my office door, that I had to stop The 8th attempt was the one you see there and it was taken in two parts.

security September 24, 2020

Defender Application Control or Defender SmartScreen – what can you do to not be blocked by it

Ever wondered why do you get one of these popups for your Windows program, despite of the fact that it is signed with a standard code signing certificate ? Applications that are signed with a standard code signing certificates need to have a positive reputation in order to pass the Smart Screen filter. Microsoft establishes the reputation of an executable based upon the number of installations world wide of the same application. Since you haven’t published your application as yet (and therefore the reputation hasn’t been established as yet), the Smart Screen will continue to flag the application. If you have a standard code signing certificate, some time will be needed for your application to build trust. Microsoft affirms that an Extended Validation (EV) Code Signing Certificate allows to skip this period of trust building. According to Microsoft, extended validation certificates allow the developer to immediately establish reputation with SmartScreen. Otherwise, for some time, until your application builds trust, the users will see a warning like “Windows Defender Smartscreen prevented an unrecognized app from starting. Running this app might put your PC at risk.”, with the two buttons: “Run anyway” and “Don’t run”. In newer Windows version you see the…

antivirus, Educational, News August 21, 2020

Speaking at the Virus Bulletin Conference 2020: ‘One year later: Challenges for young anti-malware products today’

Source: https://vblocalhost.com/presentations/one-year-later-challenges-for-young-anti-malware-products-today/ A year ago, at VB2019 we presented for the first time an overview of how the anti-malware world looks from the perspective of a young company trying to enter the market: how they try to build products, how they try to enter the market, how they try to convert users, and what challenges they face in these activities. In this new paper we will present an overview of the situation for such a company after one year of experience. We will look at the situation from several angles: that of the consulting company helping them to build the product and enter the market that of working with certification companies regularly, checking the products for detection and performance that of working with Microsoft to make the company compliant and keep them compliant One year later, many still have a hard time understanding that the security market is no longer the Wild Wild West, but we also see that a lot of visible efforts are being made to improve. This means that compliance with ‘clean software’ regulations is becoming an issue. We will present some interesting statistics and compare data from the past with current data. The young companies still…

General July 24, 2020

Facebook advertising at its best

It is known that the Facebook advertising is very aggressive sometimes and that it very often fails. Very often I find strange ads and I click on the details in order to to see why was it displayed to me. If you click on Hide Ad: And then, for example, click on “Irrelevant”:   Then, you can click on “Why did I see this ad?”. I found very strange to see one ad for some kind of sales training and process improving (?!). To my surprise, I’ve seen that the ad was targeting “Star Wars” fans… :))   The other two requirements are always the same: – 18+ – location Germany     So, is this intended and there is actually some study that shows that Star Wars fans are more inclined to buy consulting for improving sales ? What do you think ?    

Phishing, Spam & Phishing July 20, 2020

Aggressive phishing against Strato.de customers

Strato.de (now belonging to 1&1) is one of the biggests hosters in Germany. Since a few weeks we see a lot of emails containing various texts that try to convince the user to login to his strato.de account and perform some actions. Strato published on their blog also a post about these fake emails: https://strato.de/blog/achtung-aktuell-wieder-phishing-mails-im-namen-von-strato-im-umlauf/   Fortunately, the phishing email is very simple and it just hides the target URL with the official strato.de URL. Pretty much all phishing filters detect it and block it.   The subject of the email is very aggressive: Last notification before judicial recovery The email says that the customer has one more day to pay. But now comes the funny part. The email says that the payment should be done via credit card, in order to make it “easy” for the customer. 🙂 To may this even more credible, they write that the introduction of a new payment method costs 1€. After that, they even communicate the name of the company that will try to retrieve the money from the customer: Intrum (www.intrum.de)   The problem I can’t stop to wonder how are the phishers obtaining all domains from Strato. I have all my…

News, security May 11, 2020

My IT_SecurityNews account nominated for “Best tweeter” account in the European Cybersecurity Blogger Awards

European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS: Vote here . Yes, it is a Google Form… but there is no malware or spam 🙂 Don’t forget to vote IT_SecurityNews! The seventh annual European Cybersecurity Blogger Awards sponsored by Qualys and powered by Eskenzi PR, will be bestowed upon the best cybersecurity bloggers, podcasters, Tweeters, Instagrammers and vloggers in a live virtual event on Tuesday 2nd June 2020. Visit IT Security news and the Twitter account.

automotive, News, security April 22, 2020

A brief history of software vulnerabilities in vehicles (Update 2023)

Updated in 2023: 2023: Sam Curry: Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More Kia, Honda, Infiniti, Nissan, Acura Fully remote lock, unlock, engine start, engine stop, precision locate, flash headlights, and honk vehicles using only the VIN number Fully remote account takeover and PII disclosure via VIN number (name, phone number, email address, physical address) Ability to lock users out of remotely managing their vehicle, change ownership For Kia’s specifically, we could remotely access the 360-view camera and view live images from the car Mercedes-Benz Access to hundreds of mission-critical internal applications via improperly configured SSO, including… Multiple Github instances behind SSO Company-wide internal chat tool, ability to join nearly any channel SonarQube, Jenkins, misc. build servers Internal cloud deployment services for managing AWS instances Internal Vehicle related APIs Remote Code Execution on multiple systems Memory leaks leading to employee/customer PII disclosure, account access Hyundai, Genesis Fully remote lock, unlock, engine start, engine stop, precision locate, flash headlights, and honk vehicles using only the victim email address Fully remote account takeover and PII disclosure via victim email address (name, phone number, email address, physical address) Ability to lock users out of…

General April 20, 2020

“Your Site Has Been Hacked” ransomware email campaign in the wild

I was actually not expecting this kind of ransomware… I am used by now with “You’re hacked”, “You’re infected”… and others alike , but this one with the website is actually really interesting. What I find very disturbing is the fact that there are 5 transactions. A few were for tests, I think, but there is at least one who paid. They do use the a correct website of mine. PS: Of course that my site hasn’t been hacked :))   Here are some of the headers: Return-Path: <hacker@autoservistoth.cz> Received: from autoservistoth.cz ([213.157.59.58]) by mx.google.com with ESMTP id ce7si16117485edb.534.2020.04.17.03.08.14 for <sorin@mustaca.com>; Fri, 17 Apr 2020 03:08:23 -0700 (PDT) Received-SPF: neutral (google.com: 213.157.59.58 is neither permitted nor denied by best guess record for domain of hacker@autoservistoth.cz) client-ip=213.157.59.58; Authentication-Results: mx.google.com; spf=neutral (google.com: 213.157.59.58 is neither permitted nor denied by best guess record for domain of hacker@autoservistoth.cz) smtp.mailfrom=hacker@autoservistoth.cz X-AntiVirus: Checked by Dr.Web [version: 11.1.11.04270, engine: 11.1.9.04170, virus records: 6152810, updated: 8.05.2017] Return-path: <postmaster@thehomebase.top> From: “Hacker” <hacker@autoservistoth.cz> To: sorin@mustaca.com   For indexing better, this is the body of the email. PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS! We have hacked your website http://www.xxxxxx.com and extracted…

General April 13, 2020

Hey, UniFi, why Java? Or “The Best way to destroy customer trust”

I am using at home Unifi to extend my WiFi through two access points. I am writing this post as a user who paid good money for these devices and feels betraid and left alone in the dark by Unifi. While installing the Unifi Controller on  new machine, I am prompted to install Java. I am forwarded on this page: https://www.java.com/en/download/win10.jsp     Of course, I know that Oracle changed licensing. Yes, this is supposed to be free for personal use. But I don’t like to support this concept, as I personally think that Java should be free for all. So, I tried to install OpenJDK, which is free to use for everybody: https://jdk.java.net/java-se-ri/14 And here started the problems: there is just a ZIP archive on that website. Sooooo, then I googled which environment variables are installed and I set all of them manually. That is a challenge itself, as the OJDK doesn’t seem to come with the required JAR files. Unfortunately, the Unifi Controller refuses to detect the OpenJDK. Then I started to google again on how to use Unifi with OpenJDK: Here As I was assuming, a lot of people are asking the very same thing. It appears…

%d bloggers like this: