Archive

Our individualistic culture inflames the ego and numbs the spirit. Failure teaches us who we are.

"Full access to a person's phone is the next best thing to full access to a person's mind," says cybersecurity expert Eva Galperin. In an urgent talk, she describes the emerging danger of stalkerware -- software designed to spy on someone by gaining access to their devices without their knowledge -- and calls on antivirus companies to recognize these programs as malicious in order to discourage abusers and protect victims.

This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at [https://www.troyhunt.com/project-svalbard-the-future-of-have-i-been-pwned/]: Have I Been Pwned is no longer being sold and I will continue running it independently. After 11 months of

Impossible Routes I've been thinking about routing engines for my upcoming course (titled: All Maps Lie) and what they reveal. Projects like…

Schools are increasingly adopting surveillance technology to spy on students while they’re at school, at home, or even on their social media. The companies that make these surveillance products and services advertise them to schools as a way to keep students safe–but there’s no evidence so far that they actually protect students, and worst of all, they can harm the people they

Generative plotter drawing made from asemic writing.

In 2018 I somewhat innocently bought very expensive coffee (Nespresso capsules) online from Ebay. What followed was a series of unexpected additional packages from the manufacturer Nespresso and a lurking suspicion that something had gone terribly--if not criminally--wrong as a result of my purchase. This talk chronicles the obnoxious amounts of obsessive research and tracking that became my new hobby--stalking Nespresso fraudsters and my decidedly non-technical attempts at developing a generic search profile and reporting the fraudsters to anyone who would listen, to include : the persons whose identities had been stolen, Nespresso, Ebay, and the FBI. Ultimately I just ended up with a LOT of coffee; a lingering sense that I had committed several crimes; and no faith left in humanity. Nina Kollars Nina Kollars is writing a book about the ways in which hackers contribute to national security. She is a political scientist whose main research is in technological adaptation by users. Kollars is Associate Professor for the Naval War College in the Strategic and Operational Research Department. She conducts research on military weapons and the humans who use them. Largely unsatisfied with sitting still, Kollars has also worked for the Library of Congress' Federal Research Division, the Department of Afro-American Studies at Harvard University, the World Bank, an anti-glare coating factory on the third shift, and volunteers for BSides. She is the former viceroy of the DC strategy group Cigars, Scotch, and Strategy. She is also a certified bourbon steward. Twitter: @nianasavage

An illustrated essay on generative algorithms written by Anders Hoff.

Over the last 50 years, our world has turned digital at breakneck speed. No art form has captured this transitional time period - our time period - better than generative art. Generative art takes full advantage of everything that computing has to offer, producing elegant and compelling artworks tha

Chatter on message boards is reshaping the options market and sparking wild rallies.

From the sixteenth to the twentieth century, urban farmers grew Mediterranean fruits and vegetables as far north as England and the Netherlands, using only renewable energy.

CyberNews research analysts discovered 6 serious PayPal vulnerabilities and reported them. But instead of a bounty or thanks, we got punished by PayPal.

RT @thinksimons: Read this—then let’s have a “touchbase” about your “takeaways”.

The personal website of Jeffrey Paul.

The Paywalled Garden: iOS is Adware. iOS has a ton of in-feed ads, popup ads, auto-enabled…

The AI moonshot was founded in the spirit of transparency. This is the inside story of how competitive pressure eroded that idealism.

In the early days of Facebook, Zuck kept his plans for world domination in handwritten journals. He destroyed them. But a few revealing pages survived.

A substantial building programme is needed to rearrange our cities to benefit all types of journeys – not just commutes.

Old Book Illustrations offers a wide range of public domain, royalty-free images scanned from old books. Searchable galleries include animals, plants, techniques, artists names, books titles, and much more...

Ben details some of the techniques he uses in order to elevate the natural feel of his generative art.

Can consumers at Costco really have their free sample and eat it too?

Interactive article explaining how mechanical gears work.

It's the newest offering from consumer advocacy group DoNotPay.

The apps covertly track activity on victims' phones.

Ten years from now, what seismic change will we reflect back on and think, “well that was pretty obvious, in retrospect”?   Debt is going to finally come to the tech industry.  We can hat…

Multiple confidential documents obtained by Motherboard show the sort of companies that want to buy data derived from scraping the contents of your email inbox.

What if the Agile software movement was the manifestation of an entire industry that was, just, like, dealing with some stuff right now?

And why is it worth $163B? Every year companies spend $41B on enterprise resource planning software, commonly known as ERP. How did ERP get so big? And how does it work?

I was recently the (unsuccessful) target of a very well-crafted phishing scam. As part of a housing search a few weeks ago, I was trawling craigslist and zillow for rental opportunities in the SF bay area. I reached out to a beautiful looking rental place to inquire about a tour. Despite my experience as a security professional, I didn’t realize this was a scam until about the third email! Below I will account the story in excessive detail including screenshots.I’m writing this to illustrate that the best phishing attacks will look very convincing. Often people are told to watch out for poor grammar and formatting to protect against phishing. This will work in some cases, but not in cases like the one I’m about to show. Sophisticated scammers use good English and pattern-match with legitimacy.The listing 🗒Legit looking listing.The initial emails 📫The craigslist ad asked serious applicants to call, but didn’t list a phone number. I thought this was just an oversight, since many of the other ads I’d seen had information like that missing. I replied through craigslist saying I was interested, asked for the phone number, and provided my own.I get a text from the landlord telling me to contact him at “davidgrinde@engineers-hibernia-chevron.ca”. You might think this would have seemed odd to me, but honestly the rental search involved lots of ridiculousness about phone number and emails and runarounds. I sent off an email to that address that the person replied with this:At this point, I still had not realized this is a scam 🙃The fact that the landlord says he is away most of the time seemed a little unusual, but not by that much. Plenty of the landlords I contacted in this search lived far away. The questions listed here are pretty normal questions, and I went ahead and answered them.I got the following reply:The red flags started here. With this email, I was 80-90% sure it was a scam 🕵️‍♀️The first red flag was “So we’ll keep our communication to email if that’s ok with you”. The second was the weirdness about Airbnb. Why would they want me to pay through Airbnb? The third was the excessive amount of pictures to convince me this was a real person. If they were in fact a real person, why were they trying so hard to convince me?The Airbnb part actually threw me. I figured at this point this was likely a phishing scam, but I wasn’t sure. I was pretty sure their scam wouldn’t work if I actually booked their place through Airbnb, since Airbnb has a pretty good dispute resolution process and would flag that kind of thing pretty quick. I showed a friend this ad, and they thought it wasn’t a scam. We should have made a bet, because I would have won.At this point, I resolved to get to the bottom of this, scam or no scam, so I asked for the Airbnb link.Wait what? They wanted me to search Airbnb for their listing. This was weird, but it didn’t make any sense. If they were trying to scam me, booking their place on Airbnb wasn’t a sensible way to do it.But wait, I couldn’t find their place on Airbnb. So I asked for the link again…They sent me the link. It looked legitimate. See that “airbnb.com” domain? This ain’t my first phishing rodeo, so I checked the real destination of the link. If look at the plain text of the email, this is what I see:Smoking gun 💨🔫That’s right, it’s a phishing site. Let’s check it out.This screen shot is taken a few days later. When I first investigated, Chrome did not display the “Dangerous” warning by the URL. This phishing site was well done! It was interactive and looked quite convincing! I can easily imagine someone not paying close attention to the URL being fooled.Excellent fake reviews. 5/5 would phish again.I didn’t explore the “request to book” link, but I’m sure it would have taken me to a credit card phishing page. Thanks, maybe another time.Why am I impressed by this? 🤔The phishing team—and given the work involved and the level of polish I bet it was a team—ran a pretty tight operation. Their English was perfect, their emails looked professional, and their phishing site looked identical the original Airbnb site. The email domain “engineers-hibernia-chevron.ca” redirected to “hibernia.ca” to add legitimacy for those who took the extra step of looking up the domain.I’m even more impressed by their subtle psychological tricks. Each step of the way, they left out information which required me to ask for something if I wanted to proceed. It’s a lot easier to be on your guard when others are asking you for things. When you’re the one doing the asking, it’s even harder to say something when things look strange, because you may already feel like you’re being a burden on their time. For the initial ad, they left out the phone number so I had to ask. After they told me I could look at their airbnb site, I had to ask for a link. Then, after they sent me to search on Airbnb’s site, I had to ask for the link again! That was deliberately planned!Throughout these interactions, they mentioned there were other people looking, maintaining a plausible sense of urgency. Finally, using Airbnb as the phishing site was clever, because it gave the impression of a trusted middleman. I was genuinely thrown off at first, because I couldn’t figure out how they were planning to steal my financial information. If they had just asked for bank or credit card information early on, their game would have been easy to spot.Takeaways to protect yourself 🛡 When engaging with strangers online, always check the source of their links! Usually just clicking won’t hurt you, but in some cases that is enough. I wasn’t 100% sure this was a phishing scam until I saw the fake Airbnb URL, but that confirmed it. Remember sender email addresses can be spoofed and domain names may not be what they appear! Just because you recieve an email from “investigations@fbi.gov” does not mean the FBI has sent you an email. Look for signs that someone is toying with you. Does it seem like they’re trying to convince you that they’re real? Are they projecting a sense of urgency? Use multiple channels to verify someone’s identity. The first red flag here was the scammer saying they could only interact by email. If someone is remote, have a videocall with them, and cross reference with their linkedin, facebook, etc.Thanks for playing! 🎮I hope you found this useful. Stay safe out there!