Category: Small Talk

Imaginary Friends or Foe?

I know it’s 2023. But no, “imaginary friends” emailing you are dangerous.

I’m not talking about “catfishing” or “to catch a predator” and I’m definitely NOT talking about social media friends, influencer following, or bumping up your social’s followers here–although those are all valid “imaginary friends”. I’m pointing out the “old school” phishing scam emails where this invisible new digital friend wants to give you their fortune because you’re such a good person, befriends you, but in reality is asking for all your bank account info and any other items of value. Even better, you’ve gotten the “isn’t it oh so obvious your friend’s email has been hacked or spoofed” email and yet, you click the email to read it. (BTW it’s suspicious so why – why do you click the link? just delete it.)

PROTIP: If you use email message preview that usually gives you some hints it’s not a good email and you can delete it quicker.

Ahhh, but here you are 2023- you’ve clicked and automatically downloaded the morsel (worm, virus, etc.) your new friend has given you – it’s too late, right? Probably. Usually my “foe free” advice falls on deaf ears for any number of valid or invalid reasons. So yes, now you make a go for it – just throw your phone away, start that new Apple ID, and reorder all your credit cards … makes total sense.

I’ve firsthand reviewed or fixed so many work outlook, hotmail accounts, and laptops on this one thing alone. At least once a week the commanding language is the norm: “Change your password! Don’t click that! Don’t open that odd attachment!– yawn. With the built in junk mail problems too, I know several people that simply avoid email. But avoiding email at work, doesn’t work. (Well, maybe it does for some, but that’s another topic can of worms!)

I’m not pointing fingers here, just typing the truth, but the yearbook award of “most likely to succeed” goes to the C-suites opening up suspicious email and macro enabling those Word documents that set “fire” to the company email and servers. Subsequently, email servers can be down for days!? I’ve unplugged and disconnected infected machines, but then there’s the cloud/third party email – sigh, good times.

If it’s too late, you need an “IT Superhero” to save the day. If you’re being preventative as a business, you need a plan. This includes a security policy updated yearly, annual review/assessment, and ongoing EndUser training.

Lessons Learned and Still Too Many Stories to Tell.

Internet imaginary friends are not fun! You don’t want your own story to tell or yet another bamboozled account. Albeit everyone can share a similar woeful story of this email foe, your new digital “imaginary friend” you met from a phishing email will steer you wrong in reality.

Here’s some golden friendly advice, I’ll leave you with:

  1. FTCHow to Recognize, Avoid Phishing Scams, and What To Do
  2. SANS Security Awareness Training – Phishing
  3. IT Crowd” clip.

+ | shew |

  • by bluenotch

THE 2017 CHECKLIST

 

  • Updated logo
  • New website
  • Yearly duty – corporation tax prep ( excuse me while I hibernate and drowned in expense reports )
  • Make ten more checklist + reminder lists.

Happy New Year + Happy Groundhog Day.  You would be surprised how many *ahem* younger people do not know what I’m referring to when I say “alarm clock scene – Bill Murray Groundhog Day” ahhhh … and you guys can now “just Google it” on YouTube for instant gratification and add to your knowledge base category and tags – the cult epic movies that are referenced in other movies.  Circa 1993+ I had to record it on a VHS if I wanted to watch that scene again (and worse yet, only on a tube television – what mobile smart phone?!)

Yes.  I do wake up at 6am.  Groundhog Day can be classified as a real life documentary, right?

Groundhog Day Scene  HERE >

+ | shew |

Bye Bye 2015

In 2015, we drank a lot of Stumptown Coffee – roughly 900 homebrewed or take away cups and thirty 12oz whole bean bags bought.  It feuled a busy year as we worked around the world clock. We reminisced about the 2000s – everything from our involvment of Y2K radio reprogramming, The Great Translator Invasion, and the time the office got burglarized and the thieves took all the junk computers saved for an e-recycle drop off (yes!) and stole all the bottled water (shortage / drought in California?!) Needless to say, we have accumulated a lot of stories over the years.

In the cliché of looking back, I realize that there are a lot of projects and lists unfinished to complete in 2015 – two days left! Prioritizing critical events and client visits, come first over completing tasks like “You know < pause > I really need to update a wiki page!” or “Can we set up our twitter to amazon.com order?” And at the same time, those seem faster and easier to do in 10 minutes than what has been on our bucket lists. Anyone want to be an intern? Hah. I guess sipping coffee in 10 minutes became a priority and we had to put down the keyboard while drinking (fear of spillage).  All jokes aside, we look forward to 2016. Happy New Year.  + | shew |

+ I’ve been focused in 2015 on crafting malicious documents and VM forking.

It’s now been 10 years teaching at SANS Check out SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking course and lead author Stephen Sims 

+ | jim.shew |

Summer of 1999

I was living in southern Idaho

and back then, it meant a requirement to travel. I was just starting a radio internship at a network of stations – format of rock / alt indie and quickly headed to full time work there.  Yes, hours of fun, shows, tours, etc. But still needed California vacation time. So yes, 60-80 hours a week in a closet size studio and the need to visit my home, Southern California was a priority. Granted Idaho has great white water rivers and white powder snow capped mountains, but still – surf, sand, and retail sunshine were missing.

The gateway medium?  Electronic plane tickets via Expedia and Hotmail. Both I didn’t have yet.  So I signed up for a Hotmail account via Internet Explorer. Awwww … I miss those early Passport MSN Messenger – IM and “one new message” bar sounds – nostalgia. Back to rewind, 1999, okay so not everyone had Hotmail yet – mostly Yahoo or AOL and Microsoft recently acquired Hotmail.  I still had a difficult time getting my third choice account name.  So brainbending – one simple combo was available! Full first name and last initial. Two minutes later done registering to welcome email arrives. Step two – I start to book Expedia … Need an account. My email is already registered?!? What? Okay …. “Forgot password.” Send. You didn’t fail to read the title here, summer of 1999, right? Just checking. Well despite me not caring about the why it was a registered email user account < look, I had late nights, not yet a daily straight up espresso drinker, and really did not think much of it. It was highly likely and logical that I started an account process and forgot to finish one late night > I waited – The Password emailed to me… Some vacationy type password. Again, highly likely I made it that password – no red flag. Odd right? But true. The password was five characters long. High Five.  I  think about a month later, I forgot the password … Reset and added a “1” Good job? Yes this means more out of town trips were booked. 

A couple months later I get an email from the old Hotmail user letting me know it was once his, but he’s “moved on.” < bitter much >  And I think we even might of mentioned my hijack of Expedia. Laugh. He had a similar name, lived in Washington state and was a computer nerd of some sort. I still recall his name and he emailed me several years back again just to say hi … Ahem or try to get his email back.  I just looked him up on LinkedIn – Senior Infosec Engineer, now lives in Utah.  Look it was free Risk-game type takeover. In the words of Seinfeld’s Kramer, “The Ukraine is weak.”  + | shew | 

Same year, same station, different channel role

It was my job, nay duty, to encourage user security awareness. My favorite technique was to “baggy pants” anyone leaving their email open. They would return to their desk and find an email (from themselves) declaring how cool they are and how their pants are the baggiest.  Or a claim that their password was weak and they should change it …+ | jimshew |

P.S. Irony – I was a victim of such ^^ email shenanigans ^^  . + | shew |

Cybersecurity thoughts on Presidents’ Day

In January 2008, the Bush Administration established the Comprehensive National Cybersecurity Initiative (CNCI).  Recently, the Obama Administration released several notices on cybersecurity, below is an Executive Order.

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows: 

Section 1. Policy. In order to address cyber threats to public health and safety, national security, and economic security of the United States, private companies, nonprofit organizations, executive departments and agencies (agencies), and other entities must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.

Continue reading here http://www.whitehouse.gov/the-press-office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-information-shari

It is of note, during this White House Summit held at Stanford University, CEOs from Google, Yahoo, Facebook – absent. Tim Cook, Apple CEO, attended.

SMALL TALK  On a coffee + laptop observational side note:  I was at a coffeebar on Saturday and there were only Macs everywhere.  Yes, I did the 360 check while waiting for my Americano-latte.  It’s like you could only stay and drink coffee if you owned an Apple product … and sign on the Square POS iPad (which can we agree we love / hate the emailed receipt?!).  So apparently, if I bring my ThinkPad, I might need to trek down to other coffeeshop down the street – they use an older school Point of Sale system and have the most amazing hazelnut gelato.  + | shew |

Five Year Plan

SMALL TALK    I’m working on my five year plan, just trying to figure out the font.  < that’s a line in the pilot episode of Chuck >  I’ll be honest, that was the funniest line, made me laugh and I’ve used it as a tag line — but I never watched past the pilot episode (nor ever used Geek Squad).   +  | shew |

Since we’re on a television tangent … Just saw esxi console on Blacklist, now I *know* it’s a documentary. + | james.shew |

© 2024 BLUENOTCH. Designed by Quema Labs.