November 5th, 2006

Andrei in the office

Remember, remember

"Remember, remember, the 5th of November
The Gunpowder Treason and plot ;
I know of no reason why the Gunpowder Treason
Should ever be forgot.
Guy Fawkes, Guy Fawkes,
'Twas his intent.
To blow up the King and the Parliament.
Three score barrels of powder below.
Poor old England to overthrow.
By God's providence he was catch'd,
With a dark lantern and burning match
Holloa boys, Holloa boys, let the bells ring
Holloa boys, Holloa boys, God save the King!
Hip hip Hoorah !
Hip hip Hoorah !
A penny loaf to feed ol'Pope,
A farthing cheese to choke him.
A pint of beer to rinse it down,
A faggot of sticks to burn him.
Burn him in a tub of tar,'
Burn him like a blazing star.
Burn his body from his head,
Then we'll say: ol'Pope is dead."
Andrei in the office

Duck Season? Wabbit Season? PHISH SEASON!

About 2 years ago I fell prey to a Phishing scam.

I received a link via IM from a friend. It was a web site on Geocities. Geocities is owned by yahoo.

When I got to the GeoCities page I got the customary warning that the web page was adult oriented and I'd have to log in to get access.

Problem was, the log in screen wasn't to Yahoo. It was the phisher. They got my username and password. Promptly logged in and changed it. Then they proceeded to send the link from my IM to anyone on my list.

This little mess too me 5 days to clean and required me phoning names on the corporate executives list until someone realized that their customer support was really lousy.

So to mark nearly 2 yrs... I got an IM on Yahoo from a friend with a link.

Wouldn't you know.. it was Geocities and a Yahoo login page. Well (an unsafe login page)

I've been thru this on a very detailed level. I know what the exploits are that phishers are using and I know how to get them shutdown quickly.

The first step is recognizing them.

SonicWall has put up a really good EMAIL PHISH TEST.

10 pieces of email. Are they legitimate or are they an attempt to get your information?

Here's the test. I got 10/10 the first time thru. How well do you know your phish, from your spam, from your legitimate provider email?