Category Informational

What are our lessons learned so far from this little Twitter Phishing Scam?

First of all, this involved infecting a single or single groups of people.

Distribution consisted of Infect a person by sending them to a site to capture their credentials.   Once those usernames and passwords were collected, they would then use those compromised credentials to send this same message (via DM) to their followers, and continue the spread.

If Joe has 10 followers and DM’s it to those 10, and those 10 have 10 followers and DM it to the next 10, shortly you’d have thousands who are redistributing this – So long as they’ve visited the site and entered their credentials to be captured.

I see a lot of anger “I’m going to get person ‘x’ who sent me this message!”

It’s not the fault of the sender, not entirely.   They were compromised by a phishing scam, it happens, you should work towards educating them instead of castrating them.  So next time it will be part of their sense to not transmit their username/password to an untrusted site.

How could this terrible thing have happened? Now I hate (BlogSpot, Twitter, Followers)

Don’t hate the player, just be glad that it WAS done this way (a semi-safe site with only a small portion of cookies which get added to your browser)   Here is what could have happened if it were introduced in an effective ‘distribution manner’.

You visit the site, you are prompted for credentials.  Perhaps you’re prompted for credentials, though the better payload would be in the form of Malware, Spyware, Phishing-ware, Password capturers, and a number of other infection mechanisms.

Once this would be done, you’d be able to compromised on a number of fronts and able to distribute this to millions instead of just the few followers you have – Infecting Facebook, your banking account, etc so on and so forth.

What can I do about this in the future?

The universal rule of communication, especially unsolicited is ask yourself a few questions.   Would you visit this link if you were having a conversation with the person? Having established rapport with them while talking? Yes likely.

However the tip here is – Random “auto-dm’s” does not guarantee a reason to visit their link.  Yes a lot of people DO send out auto-DM’s, to the bane of all of us (SocialToo/ChrisBrogan– Thanks for helping limit that exposure!)  However, don’t bane all communication in the future.   If you think someone seriously DID write a funny blogpost about you because the person knows you, definitely do check it out! But in all seriousness, if you’ve not had some kind of established communication with this person to justify it, and let alone it brings you to not a funny blogpost, but to a fake twitter login page – Be sure to question it and use your common sense here.

Oh, and be wary of ever entering your credentials – again unless you explicitly trust the source.

Hopefully this Post-Mortem helps you deal with this situation, I’m still waiting for my self-infected account to start tweeting out to me (Controlled infection) For every problem there will be people looking to exploit it, and others trying to solve and contain it.   I’ll be there trying to find new solutions and rid the world of future exposure as well :)

Good luck, and feel free to follow me if you like :) @cxi

Ever been Phished on Twitter? Get ready to.

You might receive a message similar to this:

Going to this page causes a redirect to this lovely site: http://twitter.access-logins.com/login/

Wow, that looks like the Twitter login page, however it isn’t Twitter.

Don’t enter your credentials, for you begin to enter into the world of being Phished!

Simply clicking on each of their links results in a broken page as well (That’s not very good phishing!)

Not Found

The requested URL /about was not found on this server.

Even their SignUp link is broken!

Once you enter your credentials you’re passed on to the Twitter.com mainsite and are able to see the basic information you’d see as if you were logging in to twitter.

I created a test account specifically to bring you that information :)

So, beware, and be sure not to visit this site and enter your credentials.

This is REAL Phishing in motion!

FYI: When this operates correctly, it appears to operate in an almost “Worm-like” fashion by infecting one person and then sending the payload “Auto-DM” to everyone that is following the person, so on and so forth while it spreads itself through the interwebs.

I’m still trying to self-infect a test account in order to see it in action, but so far on luck!

YES! Here on the Eve of the New Year, I am bring this super cool module to you!

Just a recap of the last Dashboard snapshot, the portion we’ll be addressing is Visualizations!

Once you click that little gem of a link you’ll be brought to a page which looks like this:

As usual I censored out the Filer name, Serial # and other things, but I did leave in some nice details.   Note:   based on latest loaded AutoSupport: 2008/12/27 06:00:00 PM -06:00

The reason I mention that is, you can run one Visualization report for say, December, and then pull one for November and then compare them for whatever reasons you need.

That single benefit alone makes it even more super cool ;)

At this point, click one of the objects in there (System, Disks, Raid, QTrees or Storage)

It will render the data and make it available to you: You can also export it to PDF of XLS

Time for a view of the System Tab:

This is the top portion of the System Tab.  Notice how it breaks things down as if it were an actual system, giving you details.  Something which you may not notice unless you hover are these cool popups (Popups do not function in Chrome)

System Options

Services

VIF3

And so on and so forth! You can hover over any object (Interfaces, Shelves, Loops) and it will provide you information which you’d normally spend your time scouring through sysconfig’s in order to find.  That little bit right there is pretty damn sweet if you ask me!

Now when you go over to Disks you get a similar picture:

And hovering over one of our disks gives us information like this:

Details of a Disk 

Now taking this journey along, we visit the Raid View of the Disks:

This one is fairly straight forward, same type of pop-up data – Very useful, but not really super exciting, unless you are looking forward to this specific data (I do at times, but at the moment, It feels anti-climactic with what is coming ahead! :))

Here is where it gets really cool (Part1) with Volume Logical Layout: QTrees and LUNS:

This is the first of the coolness! Below I’ve included something with LUN’s in it so you get that perspective as well.  

And last but definitely not least Capacity View! *Cheer!* Err.. :

While there are so many things I can hover over and get details on (When you hover it will ofcourse tell you information about the volume, settings, etc) I want to make a special focus on the one with the yellow border!)

Notice the “See Recommendations” That is amazingly cool, if you ask me ;)

A little click on that and suddenly you see:

Remember as I’ve mentioned this before, this is a suggestion of discussing your state and that you ought to look at it.  If it is part of your design to run something where you get a notice, that’s just fine! If you weren’t aware of it on a volume though, definitely worth investigating!

And that brings us to the end of the NetApp Premium AutoSupport Visualizations segment.   I’d like to note the export to PDF and XLS are very cool, however you do not retain that same level of ‘interactive popups’ in PDF format that you do accessing it via WebGui.   So, this is a pure case of What you See is What you Get – once you export out to PDF.  And when you export to XLS You don’t get any pretty pictures, but you do get all of the raw data that you would see in the Popups, so they’re very complimentary to each other, and your ability to present and manipulate the data!

Hopefully you’ve enjoyed this segment, I’ll be working on Configurations next so look forward to my next post!

What is the @girlkawasaki effect? How does this work, and how can it work for you?

Let me first off by telling you that @girlkawasaki is a very real person who has a very real blog.  They’re a very good friend of mine and are fortunate to have been an influence of the first draft of this (Originally it could have been the @cxi effect, but that’d be lame and the fruits of my labors resulted in the direct effect to apply to @girlkawasaki :))

So, WTF is this?!? – Alright, I’ll tell you!

While studying the way Twitter works, and more importantly how other people on Twitter work, I began to analyze some trends and patterns of likely events.  I personally love conversation on all topics, so I would follow people of all backgrounds on twitter.  When someone re-tweets someone else on something interesting, I follow them as well, continuously spreading the love of knowledge whether me sharing or simply learning from others experiences.

I noticed that when you add some people, you may get an immediate follow-back, and more often than not an Auto-DM (Direct Message).  A lot of people find these Auto-DM’s to be a bit annoying.  I simply find them to be rather insincere and only a little annoying. ;) I do like them because Auto-DM’s typically give rise to the fact that you’re using a 3rd party service like SocialToo or others which auto-sends that, and often Auto-follows on your behalf :)

So if you have a boatload of followers like I do (Hey I’m no @guykawasaki) But I do have a fair number of followers, many of which happen to reside in my own industrie(s) You’ll tend to find that by following a lot of people, a lot of people will often follow you back.

So in that first test, @girlkawasaki wanted followers for the same reasons I do (People to learn and share with) so she followed a bunch of the people I (@cxi) happen to have been following and a number of them ~half followed her back.  And this trend would carry on for some time, of people following her either directly (a response to being followed) or randomly based upon tweets, comments and interaction.

So the next phase of this, once @girlkawasaki was seen to have a comfortable following of stable tweets, I then tried to follow everyone (minus spammers and locked accounts) that happened to be *Following* her ~650 people were following @girlkawasaki which were then followed.

This is where it gets interesting.  You might think “I’ll get a mass of followers instantly!”  But that isn’t true and isn’t the case, because people use different services which have large databases with different scrubbing and updating routines.   The result turns out to be that after the first hour of following ~650 people,  ~130 twitter accounts followed back.

This is after the first hour ofcourse, and after several hours we’ll see how the numbers reflect.    I’m not saying you’re guaranteed to get hundreds of followers if you follow everyone who is following @girlkawasaki, however after one full day I’ll update this to include what the final number looks like.    The account I used in this test is indeed an actual real twitter account so these are real live and valid numbers to be working with. :)

This is not a test of a Denial of Service, more of an interest of parties out there (like me) who want to follow more people and want more followers so we can continue our conversation in life, in Tweetdom and most importantly with ourselves :)

This is no disrespect to anyone who follows @girlkawasaki and are interesting in what she tweets (both actual tweets and her wonderful blog posts :)) Just think how many followers you get by consequence when you don’t fall into that small criteria of auto-followers :)

Thanks, and don’t hesitate to ask any questions or leave any comments on your success! :)

Control Group: 373 followers in 17hrs, for 56% followback!

When that’s out of 650 that’s pretty amazing!

It’s been asked – Hey what kind of features do you get when you use Google Apps in the Standard Edition?

For those of who you use Google Apps will realize it is free, so you can host your email (as I do) and have the rest of the apps controlled and assigned out there for the huge cost of $0.00

Let’s take a look at a few of the distinctive features.

By the looks of it, I have Webpages (I don’t use) Start Pages (Don’t use!) Email (Do use!) Chat (Use while in Email) Calendar (Don’t use) and Sites also not being used.

One cool feature of User Accounts is Contact Sharing!

A cool specific features for the Domain Settings happen to be some granular control, one feature of which Sarah was interested in knowing!

Another cool bit is Service Setting does allow you granular control over each of your Services that you have available.   But those few things aside, this was just an extremely high level look at the Free offerings that Google has as part of Standard Edition