Firefox version 2.0.0.12 has an issue with a possible remote denial of service due to the way it handles iframes.

Looking at the example exploit code, if you are using the NoScript extension there may some mitigation to your exposure.

See the full article.

Today I received an email from PayPal that had a reply address of akstcalmaribatejanamnsdgs_at_almaribatejana.com. That tipped me off that something wasn't quite right with the message. A quick read through the message confirmed that for me. The grammar was not quite right and the word member was mis-spelled in the message. And if you moused over the link the target address was not paypal, but the one listed in the email text below.

See the full text of this email, with the grammar and spelling mistakes highlighted.

Read more! »

So here is a scam email that I received the yesterday. It looks very much like Monster Version of the Foreign Payment Officer Scam, but they are some subtle differences. The biggest one is the description of how you will earn the salary is missing from this message. Maybe in an attempt to throw off spam filters or just to make the message look more legitimate.

There are a couple of things that don't sit right with the message:

1)   The email address that you are supposed to contact does not match the sender's domain.

2)   Secondly the company is based in the Ukraine but the sending email domain is listed as an internet provider for the UK.

3)   You can't see it in this text version, but the image that is attached to this message is for "Masters DB Software Development Company", which is the company that supposedly sent the Monster Version of the Foreign Payment Officer Scam email.

4)   Lastly, whoever wrote this message misspelled Ukraine.

Here is the full text of the email I received:

Read more! »

I thought OpenID would be pretty cool if it was adopted widely. For it to be adopted widely, it needed the support from a group of the big boys. Well it looks like that is starting to happen.

The OpenID Foundation announced that Microsoft, Google, Yahoo, IBM and VeriSign would become its first corporate board members.

I guess we will have to wait and see what happens now. Hopefully everyone can work together for a solution that we can all use.

I received a suspicious email today and after a quick look realized that it was a phishing email. First off, it is addressed to someone named Moarah, beats me who that is. Then when I moused over the link I saw that the target of the link was very different from what I expected as a matter of fact it pointed to a completely different domain than one that Citibank would use. Another big tip off that this is not a valid email.

Here is the full text of the email:

Read more! »

February 25-29, 2008 - Tulsa, Oklahoma

The University of Tulsa, Continuing Engineering & Science Education

As you know, the CISSP certification provides information security professionals with an independent and objective tool to demonstrate their competence. It allows knowledgeable and accomplished information security professionals to distinguish themselves with a credential that commands international respect.

This review seminar serves as an excellent foundation for learning the concepts, topics, and standards of the CBK (Common Body of Knowledge); as well as preparing for the Certified Information Systems Security Professional (CISSP) Exam.

Read more! »

A couple of days ago, I received an email that looks very much like the Sir Richard Williams Version of the Next of Kin Scam Email or Next of Kin / Barrister scam email or Another Next of Kin scam email that I have received previously. It is pretty the exact same message with a few changes in the wording.

As always, one of the biggest tip offs in messages like this are the misspellings of key words. In this case the word mining is spelled minning. Since this is the name of the company, it probably should be spelled correctly.

Here are the contents of the email message:

Read more! »

So here is an interesting email I recevied the other day. At first glance I was just going to throw it away and then I realized that this was another version of the Foreign Payment Officer Scam - David Martins or Another Foreign Payment Officer Scam or Foreign Payment Officer Scam .

This one is a little more insidious since it was sent supposedly from a hit that was found on monster.com, a job site.

There are a couple of things that don't sit right with the message:
    1)   The email address that you are supposed to contact does not match the sender's domain.
    2)   Secondly the company is based in the Ukraine but the sending email domain is listed as an internet provider for the UK.
    3)   If this was truly a business that was making this much money, they would already have a solution in place.

Here is the full text of the email I received:

Read more! »

Late last week, I received an email that told me that I was the lucky winner of a "Random Award from AOL and Microsoft". Aside from the fact that it is very unlikely that any organization would misspell their own name in an award notification. If you look at the first sentence in the first paragraph of the announcement, Microsoft and successfully are spelled incorrectly. I am not subscribed to any beta programs through either of these companies. So this was a fairly easy scam to spot.

Here are the contents of the entire email.

Read more! »

Last week I received an email that looks very much like the Another Foreign Payment Officer Scam or Foreign Payment Officer Scam that I have received previously. It is pretty the exact same message with a few changes in the wording.

Here is the entire message.

Read more! »