[nabs-l] ~
Littlefield, Tyler
tyler at tysdomain.com
Thu Jun 28 21:28:36 UTC 2012
I'm trying to get something out here though. People see hacker, spam,
virus and the first impulse is to run in circles, scream and shout.
Yes, identity theft is possible, and it does happen. You can prevent it
by using a lot of common sense. That old lady who is sending you emails
from her death bed in Nigeria with 90 million bucks she'll transfer if
only you'll give her your account, is obviously fake, but people still
fall for it. We've had viruses circulating since 1995, but still, people
click on links and attachments from people.
The media has sort of set up this image of a hacker as some
basement-dwelling kid, with the complection of casper and soda cans and
chip bags piled up high around him, and so everyone is worried about it.
It's fairly difficult to get someone's social and personal information,
even if you do have their first and last name. Social engineering can
make it possible, but if that's your fear, I recommend everyone get off
facebook and messenger and everything else. It's probably best if you
confine yourself to your basement in a glass bubble.
Usually when people get credit card numbers (there are people that sell
blocks of say 1000 card numbers or so at a time), it's done through a
trojan or something similar. They install something on your system, and
just capture it as it goes inn. Identity theft is still possible, though
again it's a lot less common.
So, like I'm throwing out there. First, just be aware of what you're
clicking on. This isn't just for email, it's facebook and everything
else. Second, protect yourself. Owning a computer is like owning a
car--if you don't take care of it, you're going to have problems.
Install Microsoft security essentials if you have nothing else running,
along with Malwarebytes. Make sure windows update runs all the time.
Don't use internet Explorer, switch to something like Firefox.
At any rate, I didn't want to start an argument. I just kind of wanted
to kill everything being bounced back and forth and all that. I do some
security consulting from time to time; my main goal is to help people
understand the threats. Most know about the mean evil hackers, but
knowing what and why they do what they do really helps in protecting
yourself.
I think we're getting off topic here, but if anyone has questions or
whatever feel free to shoot them to me privately. My email address is
tyler at tysdomain.com
On 6/28/2012 3:18 PM, josh gregory wrote:
> That's kinda my point, but I digress.
>
> On 6/28/12, Littlefield, Tyler <tyler at tysdomain.com> wrote:
>> Feel free to tell me how you're going to pull a social security number
>> from someone's name. You have a few routes.
>> 1) Phishing. Send out a message that tells them something is up,
>> redirect them to a form and there you go. Lots of people would do that,
>> which is why it's so common. With a bit of research it's possible.
>>
>> It's pretty hard to get someone's social outright though minus social
>> engineering. Unless you manage to infect their computer that works, but
>> even banks and other similar sites don't tend to show the full number,
>> they might just show the last four, for example. That leaves you 5 more
>> numbers to get to. Organizations and corporations should never be
>> sending social security numbers through email, because that would be
>> incredibly non-PCI compliant, so having an email address and a password
>> might net you some info, but you're still going to have to do a lot of
>> work to pull it. At best, you could get a credit card number or
>> something, but even that is usually xxx-xxx-xxx-0000 or something.
>>
>> On 6/28/2012 12:12 PM, josh gregory wrote:
>>> Tyler;
>>>
>>> I understand where you are coming from. But, don't you think that it's
>>> even remotely possible for identity theft to happen with only email
>>> info. All a person needs nowadays is your name, date of birth, and
>>> social security number. If, all this is in your account (which
>>> everything is besides your ss number) then they have a path to go
>>> down. If you're more comfortable talking about it offlist, feel free
>>> to write me privately (and that goes for anyone).
>>>
>>> On 6/28/12, Littlefield, Tyler <tyler at tysdomain.com> wrote:
>>>> I just wanted to clear something up, because people are throwing around
>>>> words and it's totally off.
>>>> First, people very rarely sit around and just crack random gmail
>>>> passwords. A good password is nice because this happens, but it's not to
>>>> often. Generally spam happens because you have a virus that did a couple
>>>> of things. Either it just uses your email client (why bother trying to
>>>> get your password when that's already available), or it will just wait
>>>> for you to log into something and send your info off to something. There
>>>> are also botnets, where people can rent out computers. Someone just
>>>> connects, pays $10 for 500 computers for 30 seconds or something and
>>>> uploads their program, then it runs and that's that. This is also
>>>> because of a virus.
>>>>
>>>> If you think you have issues with your email client, virus scan (I use
>>>> security essentials as well as malwarebytes), then change your password.
>>>> Identity theft is something different altogether. Someone gets your
>>>> credit card/social and uses that.
>>>> On 6/28/2012 11:54 AM, Ashley Bramlett wrote:
>>>>> Humberto,
>>>>> If anyone contacted you, it was probably off list.
>>>>> If you think identity theft is going on, contact your email provider
>>>>> about it.
>>>>>
>>>>> -----Original Message----- From: Humberto Avila
>>>>> Sent: Thursday, June 28, 2012 1:05 AM
>>>>> To: blindTlk at nfbNet.org ; nfbWaTlk at nfbNet.org ; nabs-l at nfbNet.org ;
>>>>> GUI-talk at nfbNet.org ; nfbcs at nfbNet.org ; musicTlk at nfbNet.org ;
>>>>> reader-users at nfbNet.org ; jobs at nfbNet.org
>>>>> Subject: [nabs-l] did anybody happen to see any messages sent on my
>>>>> Behalf?
>>>>>
>>>>> Hello everybody:
>>>>>
>>>>>
>>>>>
>>>>> My sincere apologies for cross posting this message to all lists I'm
>>>>> subscribed to, and also if I am off topic.
>>>>>
>>>>> I wanted to write in regards to a recent activity I have seen on
>>>>> listserves,
>>>>> where apparently a member of the list sends an email message with no
>>>>> subject
>>>>> and a strange link in the body of the message. Unless that member
>>>>> really
>>>>> intended to send the message, someone hacking e-mail accounts probably
>>>>> causes this and it is spreading spam. Did anyone happen to see any
>>>>> message
>>>>> that looks strange or with no subject, under my name or email address?
>>>>>
>>>>>
>>>>>
>>>>> I am not someone who is just wanting to scream out and share widely my
>>>>> findings just because I find this kind of stuff on any list, nor am I
>>>>> the
>>>>> moderator what so ever. However, the reason I am asking this question
>>>>> is
>>>>> because, this evening, I happen to look at my account activity under my
>>>>> gMail account and something noticed my attention.
>>>>>
>>>>> As I was looking at the last activity, a saw a table with 3 columns and
>>>>> about 12 or so rows. The table summarizes the type of activity,
>>>>> whether it
>>>>> is use of browser, mail client, or some other, then a row with the
>>>>> location
>>>>> and IP address, and the date and time accessed. Usually, this lists my
>>>>> preferred methods of accessing gmail, which is through outlook and
>>>>> firefox,
>>>>> and then the IP address of my computer which was pretty much the same.
>>>>> Under
>>>>> the location row, the page displays the info in the form, for example,
>>>>> "united States (WA) (66.189.2.)", meaning that is coming from
>>>>> Washington
>>>>> State in the USA, and is my computer's IP address. However, in one of
>>>>> the
>>>>> rows, the information displayed was something like "United States (CA)
>>>>> (66.200.)". It appears that somebody from California had access to my
>>>>> account and this is not my IP address.
>>>>>
>>>>>
>>>>>
>>>>> Back on topic for these lists, blind people are getting more and more
>>>>> access
>>>>> to technology and information as well as the sighted population in this
>>>>> world. We use e-mail every day to communicate as well as social media.
>>>>> Therefore, fellow blind computer users, I would like to give you a
>>>>> piece of
>>>>> recommendation to you out of courtesy. If you notice something
>>>>> spreading
>>>>> like this across your contacts (this includes e-mail addresses of
>>>>> lists you
>>>>> put out as contacts in your webmail address book), like this "no
>>>>> subject-and-link" thing, please check your webmail site for your last
>>>>> account activity, or whatever is called on your specific webmail
>>>>> provider or
>>>>> email provider. To you gMail users, look for the text, "last account
>>>>> activity" on any page and there should be any link there to take you
>>>>> to the
>>>>> activity using whatever page view you prefer using, either Basic html
>>>>> or
>>>>> Standard. To all others, look for a similar text under your webmail
>>>>> pages
>>>>> and see if you notice any unusual activity like this.
>>>>>
>>>>>
>>>>>
>>>>> This may be that some clever spammer is breaking into your account and
>>>>> knows
>>>>> how to get your password. If so, please change your password so this
>>>>> does
>>>>> not happen.
>>>>>
>>>>>
>>>>>
>>>>> I am only sending this out for your information and to make sure there
>>>>> is no
>>>>> further identity theft if this is to continue in more depth. We should
>>>>> protect our accounts, not just our e-mail accounts, so that these
>>>>> things do
>>>>> not occur in the future. If you see any suspicious activities, please
>>>>> take
>>>>> action.
>>>>>
>>>>>
>>>>>
>>>>> Again, thank you for reading this and I am sorry if this goes too
>>>>> off-topic.
>>>>> If you want to reply about this matter, please do so off-list.
>>>>>
>>>>>
>>>>>
>>>>> Sincerely,
>>>>>
>>>>> Humberto
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> nabs-l mailing list
>>>>> nabs-l at nfbnet.org
>>>>> http://nfbnet.org/mailman/listinfo/nabs-l_nfbnet.org
>>>>> To unsubscribe, change your list options or get your account info for
>>>>> nabs-l:
>>>>> http://nfbnet.org/mailman/options/nabs-l_nfbnet.org/bookwormahb%40earthlink.net
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> nabs-l mailing list
>>>>> nabs-l at nfbnet.org
>>>>> http://nfbnet.org/mailman/listinfo/nabs-l_nfbnet.org
>>>>> To unsubscribe, change your list options or get your account info for
>>>>> nabs-l:
>>>>> http://nfbnet.org/mailman/options/nabs-l_nfbnet.org/tyler%40tysdomain.com
>>>> --
>>>> Take care,
>>>> Ty
>>>> http://tds-solutions.net
>>>> The aspen project: a barebones light-weight mud engine:
>>>> http://code.google.com/p/aspenmud
>>>> He that will not reason is a bigot; he that cannot reason is a fool; he
>>>> that
>>>> dares not reason is a slave.
>>>>
>>>>
>>>> _______________________________________________
>>>> nabs-l mailing list
>>>> nabs-l at nfbnet.org
>>>> http://nfbnet.org/mailman/listinfo/nabs-l_nfbnet.org
>>>> To unsubscribe, change your list options or get your account info for
>>>> nabs-l:
>>>> http://nfbnet.org/mailman/options/nabs-l_nfbnet.org/joshkart12%40gmail.com
>>>>
>>
>> --
>> Take care,
>> Ty
>> http://tds-solutions.net
>> The aspen project: a barebones light-weight mud engine:
>> http://code.google.com/p/aspenmud
>> He that will not reason is a bigot; he that cannot reason is a fool; he that
>> dares not reason is a slave.
>>
>>
>> _______________________________________________
>> nabs-l mailing list
>> nabs-l at nfbnet.org
>> http://nfbnet.org/mailman/listinfo/nabs-l_nfbnet.org
>> To unsubscribe, change your list options or get your account info for
>> nabs-l:
>> http://nfbnet.org/mailman/options/nabs-l_nfbnet.org/joshkart12%40gmail.com
>>
>
--
Take care,
Ty
http://tds-solutions.net
The aspen project: a barebones light-weight mud engine:
http://code.google.com/p/aspenmud
He that will not reason is a bigot; he that cannot reason is a fool; he that dares not reason is a slave.
More information about the NABS-L
mailing list