Can you Spot the Phishing Email?

It arrived in my Gmail earlier this week. How many clues can you spot?

I’ll give you the first two, it’s unfair not to…

1 – I didn’t order anything, and if I had, it wouldn’t have been using that email address.

2 – terrible spelling and grammar, FedEx would never

3 – the big red flag – a non-FedEx email

4 – the absence of information, there’s no links, tracking number…

5 – Operation Agent. I like the name though

As far as phishing emails go, this one’s obvious; see the LinkedIn one for a more sophisticated example here.

—-> ! Know what’s impressive though? —-> !

The attachment made it through Google’s security checks and filters.  Nicely done guy.

That’s why never let downloads open automatically – more here.

And see how small it is? 4K, tiny. Doesn’t take much to mess your machine up.

Stay sharp out there.

Blog tag = Phishing

 

 

Airpot WiFi Looks like This – Pretty & Dangerous

Pretty eh.

And unsafe – airport WiFi is considered
the most dangerous network in the world.

Why? Read these 2 posts – here’s a possible attack, and the time when I was compromised using it at ORD Chicago.

How to Protect Yourself

Don’t connect to it.

But you have to get online?

Tether your phone, via USB, to your laptop.

Not possible? Then do this:

– check the network name and verify it’s actually the airport, and not someone spoofing it. Example: FreeWiFiAtPearson is probably fake

– only visit sites using SSL (the address bar will have an S in it – httpS://KeriBlog.com – like that)

– turn on your firewall

– never enter any logins or credentials; banking from an airport WiFi connection is practically begging for it

– use a VPN – Virtual Private Network

turn off WiFi on both phone and laptop when not in use

Another screenshot of airport WiFi.

WAIT. This just hit me… could that printer be a honeypot?

That’s in Miami, and seems odd to permit a printer to be unlocked – ( why to always lock your printer here) – and like, if I was in charge of securing an airport I’d tell the vendors lock theirs…..

Blog tag = Wifi Security

Blog tag = Airports, because I love them

 

 

BMW is 1st Automaker to Admit a Security Flaw

Hat tip to BMW – they may be one of the first automakers to publicly admit to a security flaw in their vehicles.

What Happened

The potential breach was found in BMW’s ConnectedDrive infotainment system.

In Germany, the ADAC (their CAA) discovered a potential security gap during data transmission.

It would have allowed an attacker to use ConnectedDrive to remotely unlock the car’s doors, then potentially access the SIM card to control some of the vehicle’s functions (not critical ones though, like steering or braking.)

What BMW did

They promptly sent out a mass software patch to over 2.2 million vehicles, switched to using HTTPS (like a bank) to encrypt traffic between their servers and the vehicles, and then even posted a press release about it, here.

Why this is meaningful

It’s not the first time an automaker has experienced some sort of potential security breach.

What’s different is how they handled it – swiftly, and openly talked about it, something which often only happens when the manufacturer is publicly shamed.

 

 

Google & ‘Safer Internet Day’

When you Google’d today you saw it’s ‘Safer Internet Day, but then probably not much more about it, because it’s more of a European thing.

Still a good reminder to change a few passwords,
because when was the last time you did?

At least change email / Facebook / bank passwords. Or don’t, it’s not my identity and money.