Category Archives: Things that are bad

Definitions, Internet crime, Security, Spam and scams, Things that are bad

What is phishing?

Leave a comment

Phishing is a type of cyber attack that involves the use of fraudulent emails or websites that appear to be legitimate in order to trick people into revealing sensitive information such as passwords, credit card numbers, and account login details. These attacks often use social engineering techniques to manipulate people into taking action, such as clicking on a malicious link or opening an attachment. Phishing attacks can be difficult to identify because they are designed to look legitimate and can be highly targeted, making them a common and effective method used by cybercriminals to steal sensitive information.

(Editor’s note: This is a guest post by ChatGPT, a chatbot launched by OpenAI in November 2022. I asked it the question “What is phishing?”, and it generated the text above. I verified the response as accurate.)

Also see Phishing – What is it? on the Opera web site. Ars Technica has a post about a particularly nasty phishing web site.

Firefox, Miscellany, Things that are bad, Tools

Dark Mode Rant

Leave a comment
What you see above is what I see after a few seconds of viewing a web site in ‘dark mode’.

Web sites are traditionally shown with dark text on a light background. Which is reminiscent of something… (checks notes)… that’s right, books! Why change something that’s worked fine for literally millennia? Apparently because a lot of people think light text on a dark background looks cool. And, to be fair, some people claim that using dark view is easier on their eyes.

So now we have a ton of web sites, apps, and other assorted crap showing up on our computer screens that is almost entirely illegible to a large proportion of the population (well, me for sure, and I’m guessing I’m not the only one).

When I look at white text on a dark background, after about five seconds, all the lines start to blur together (see image above), and I’m unable to continue. If I persist, I just end up with a headache. For the record, I’ve had my eyes checked, and aside from needing to update the prescription for my reading glasses, my eyes are fine.

Here are a few links to web sites that default to dark mode:

A request to web designers and developers: if you can’t resist making your web site dark mode by default, please, please at least provide some method for viewing it in light mode.

Some browsers have built-in features that allow viewing dark sites in light mode. But they’re inconsistent. Firefox has Reader View, which reformats a web page to show it like a book, with less clutter and — more importantly — dark text on a light background. Sadly, the Reader View button, which normally appears at the right end of the address bar, doesn’t always show up. That’s apparently because it’s only able to handle individual posts/articles, not other types of pages.

There are many Firefox plugins for showing web pages in dark mode, but initially I wasn’t able to find one that does the opposite. I had been struggling with a plugin called Dark Reader, which sort of worked, but only with a lot of fiddling, presumably because it was designed to do the opposite of what I want.

Recently, however, I discovered a Firefox plugin called Tranquility Reader. This one does exactly what I want, forcing page text to black and page background to white. So far, it’s worked perfectly on every page I’ve tried.

When installed in Firefox, Tranquility Reader adds an icon to Firefox’s toolbar. Click it once to view the current page as black text on a white background. Click it again to go back to the page’s default colour scheme. Simple!

If you ever find yourself struggling to read dark mode web pages, try Firefox with Tranquility Reader. It may save you from a headache or two.

Related:

Anonymity, Internet, Privacy, Things that are bad

Some VPN services should be avoided

Leave a comment

People use VPNs (Virtual Private Networks) for lots of reasons, both legitimate and… less so. They are commonly required for remote access to workplace computers by employees. They are used by people who do their banking from public WiFi networks. They are used by people who can’t afford to pay for dozens of streaming and cable services and instead rely on still-considered-illegal downloads of copyrighted media. And some people use VPNs to get around ridiculous regional limitations on access to streaming media.

I myself fit into at least two of those general categories of VPN users. I won’t say which.

Because people want (and rightly feel they deserve) access to their culture, and because Big Media is willing to go after absolutely anyone who dares to defy their stranglehold on culture, savvy media consumers rely on VPNs to avoid costly (and absurd) lawsuits.

But sadly, some VPN services exist only to fleece gullible consumers. There are numerous ways in which a VPN provider can cause problems for its customers:

  • Faulty service can leave the customer’s activity exposed.
  • Logging customer activity, and being willing to provide those logs to Big Media’s law enforcement lackeys, essentially renders a VPN service pointless.
  • Requiring installation of software that is then used by the VPN provider to route other customer traffic through the customer’s computer is just a horrible idea.
  • Selling customer information to anyone who wants it.
  • Poor security can lead to customer data being exposed.

Recently, a group of VPN providers, all owned and operated by one company in Hong Kong, was discovered to be doing many of the problematic things listed above. Needless to say, all of these VPN providers should be avoided:

  • UFO VPN
  • FAST VPN
  • FREE VPN
  • SUPER VPN
  • Flash VPN
  • Secure VPN
  • Rabbit VPN

In general, VPN services should be carefully researched before using them. There are numerous VPN rating sites on the web, but many of them are maintained by the VPN providers themselves, and not to be trusted. TorrentFreak’s “Which VPN Providers Really Take Privacy Seriously” series is both trustworthy and comprehensive, and focuses on investigating the privacy claims of VPN providers.

There’s also a growing chorus of voices encouraging people to reconsider their reliance on VPN services for privacy, arguing that the way most of these services work provides little actual privacy for their customers. Techdirt has more along those lines.

There’s more on the welivesecurity site.

Brian Krebs recently investigated the extremely shady proxy service provider Microleaves (currently being rebranded as ‘Shifter.io’). This service uses a huge network of computers runing their software, often installed without the knowledge of their owners.

Internet crime, Spam and scams, Things that are bad

Fake malware warning scams

Leave a comment
A recent example of a full-screen browser window that appears to be a serious malware alert.

Web sites that make their money from advertising usually subscribe to one or more advertising providers, such as Google Adsense. There are many others, including some that push ads that are really just scams.

One popular type of scam ad takes the form of a malware warning, presented to the unsuspecting user in a full-screen web page that seems to lock out the user completely. The example above (provided recently by a client) appears to be from Microsoft, generated by Windows anti-malware software, and it includes what is supposedly a Microsoft phone number.

In reality, this is just a web page, generated by Javascript from an advertisement on a shady web site. The full screen effect is produced by your web browser’s built-in full-screen view feature, triggered by the ad. These messages are not reporting the presence of malware; they are intended to scare you into calling a phone number. Messages of this type are categorized as ‘scareware‘.

A Google search for the phone number in the example above shows that it’s definitely associated with support scams.

These fake alerts vary in appearance and quality. Some are more convincing than others. Many are based on real malware warnings. You can see other examples by searching Google Images for ‘fake malware warning’.

It’s important to understand that legitimate anti-malware software won’t ‘lock’ your computer when it detects malware, and it won’t insist that you call a phone number.

If you see one of these scary-looking screens, don’t panic. Obviously, don’t call the phone number shown on the screen. Nothing good will come from that. Try pressing the F11 key on your keyboard. This is the near-universal key that toggles full screen view in web browsers. If it is just a web page, pressing F11 will reveal your web browser’s user interface, and you should regain your bearings immediately. Close the tab, and/or close the browser.

Also, please reconsider visting any web site that’s operated by people who care so little for visitors that they are willing to inflict this kind of dangerous garbage on them, albeit indirectly.

More useful information about this from the Safety Detectives site.

Things that are bad, Tools

Cisco Immunet anti-malware software

Leave a comment

In brief: stay away from this software.

I’m always interested in evaluating anti-malware/antivirus software, especially when it claims to be ‘lightweight’. All too often, anti-malware software that’s configured to run in the background has a very noticeable effect on performance.

So I installed Cisco’s Immunet on my main Windows computer. About ten minutes later, I removed it.

The user interface is horrible, seeming more like a first-time coder might have produced it, rather than an organization with the resources of Cisco.

I was very careful to configure Immunet before I ran any scans. In particular, I configured it to ask me before quarantining any files. Imagine my surprise when on its initial scan, it went ahead and quarantined three executables, none of which were actually malware.

Of the three quarantined files, I was able to use Immunet to restore one. The others were irretrievable, and I had to reinstall the associated software. For one of them, I lost its settings as well.

Normally I would persist with an evaluation like this, to give it a thorough test. But really, having suffered this much in such a short space of time, why bother?

This is crappy software. Avoid at all costs.

Microsoft, Patches and updates, Things that are bad, Windows

Microsoft updates still breaking things

Leave a comment

Is it just me, or is Microsoft actually getting worse at this? It seems that every month there are more horror stories about problems caused by MS software updates. Given that Microsoft is still pushing hard for all Windows updates to happen automatically, this is very troubling.

In the latest instance, updates pushed out for January’s Patch Tuesday caused some Windows servers to reboot continuously. For server admins, this is a nightmare scenario.

One could argue that since the problem only affected a specific subset of Windows servers, this was less serious than something that affects all Windows 10 users. But affected servers were potentially used by hundreds or even thousands of people, which amplifies the scope of the problem.

Microsoft’s approach to testing changed with the release of Windows 10, and they now rely on reports from regular users who have opted in to pre-release versions of Windows. It’s clear that this kind of testing is much less useful than proper, methodical testing. Whether Microsoft will eventually go back to proper testing remains unclear. Meanwhile, we all suffer. And wonder whether the next Patch Tuesday is going to be a day of disaster.

Ars Technica and The Verge have more.

Mobile, Spam and scams, Things that are bad

COVID-related phish received via text

Leave a comment

I just received a text message from someone pretending to be a representative of the Liberal Party of Canada.

The message, sent via SMS to my mobile phone from a phone number in Toronto, offers a monetary reward for being vaccinated for COVID-19, and invites the recipient to click a link to liberalparty-assist[dot]com. Here it is:

The phishing message I received on my phone this morning

If you receive this message, or anything similar, please do not click the provided link. I can’t be sure what will happen, but it won’t be good.

While I avoided clicking the phishing link, I did look into the site it points to. The domain is actually owned by a provider in Paris, France: M247-LTD-Paris. Definitely not anything to do with a political party in Canada. The phone number has been reported numerous times as a scam source.

Since the majority of Canadians have been vaccinated, this phishing message seems likely to attract many clicks from unsuspecting people. Sadly, that will include people who desperately need the money, as well as older folks and others who may not be as technically astute as the rest of us.

Some day it may be possible to track down the people responsible for these scams. I enjoy dreaming up interesting forms of punishment for these people.

Android, Internet crime, Malware, Mobile, Privacy, Security, Things that are bad

Pegasus spyware

Leave a comment

Pegasus is spyware that can be installed on Apple and Android mobile systems. It’s difficult to detect, and difficult to remove. Pegasus is developed by NSO Group, who deny that the software is being used for anything nefarious, or that if it is, that use has nothing to do with NSO Group.

The methods used to install Pegasus on mobile devices have changed over the years. It can be installed directly, with physical access to the target device, which is presumably how it ends up on devices legitimately. Pegasus can also be installed more surreptitiously. Previously, that involved inviting the user to click a link in an email or SMS message. More recently, it’s being installed using app and O/S exploits that require no interaction from the user, including a very nasty exploit for WhatsApp.

Pegasus is not a virus. It does not spread on its own. Further, it’s important to distinguish between Pegasus and the methods used to install it. Pegasus does not typically arrive on a device at random. Devices are specifically targeted, and those targets are often used by journalists, suspected terrorists, and other people whose activities are tracked by government agencies and criminal organizations.

The main problem here is not Pegasus, but the way security vulnerabilities are discovered and — more importantly — how information about vulnerabilities is disseminated. Unfortunately, some organizations perform this research not for the public good, but for themselves and their partners, legitimate and otherwise. In an ideal world, when a vulnerability is discovered, the vendor is informed privately and then proceeds to develop and release a fix. In reality, vulnerabilities and exploits are often hoarded.

Advice to anyone who operates a mobile device and wants to reduce the likelihood of Pegasus or other unwanted software being installed without their knowledge: stay informed regarding security vulnerabilities in your device’s O/S and any apps you run. When you learn about a zero-click exploit, immediately install a fix if one is available, or uninstall the affected app. If it’s an unpatched O/S vulnerability, all you can do is hope that you’re not being targeted.

Related

Internet, Things that are bad

Deceptive design patterns

Leave a comment

There’s an informative post over on the Mozilla Explains blog, about deceptive design patterns. From the article:

Deceptive design patterns are tricks used by websites and apps to get you to do things you might not otherwise do, like buy things, sign up for services or switch your settings.

The post goes on to list some common examples. I’m sure you’ll recognize at least some of these.

Unfortunately, this kind of deception is not limited to the online world, and most of us don’t even raise an eyebrow when we encounter shady sales practices in the ‘real’ world. But the online world is already much more confusing for many people, so recognizing deception can be difficult.

It’s an interesting read, and it may help you to understand some of what you see online, and on your connected devices.

Malware, Security, Things that are bad

Flagging software as dangerous for the wrong reasons is idiotic

Leave a comment

There’s a disturbing trend in the world of malware detection: falsely labeling software as malware.

For example, there’s an entire category of software that’s being mislabeled as malware by an increasing number of anti-malware providers: torrent software.

Torrent software is widely used by people trying to get access to cultural material that is otherwise locked away by the gatekeepers of big media (by way of prohibitive pricing, overlapping services, poor or unavailable service, geo-locking, release windows, and other big media fuckery).

Torrent software is used all over the world to legally share media in an extremely efficient, and Internet-friendly way.

But big media doesn’t care about any of that, because torrent software is also used for piracy.

Currently, there are efforts underway by media organizations to discredit and cripple torrent software in any way possible. Apparently they are now leaning on anti-malware software and service providers.

Why would an otherwise reputable anti-malware organization erroneously flag software as malicious? There are a number of possibilities:

  • They are being fed false information
  • Industry/corporate threats
  • Financial incentives

Why is this a problem?

  • It’s an extremely annoying inconvenience for users. Unable to install the falsely-labeled software, or exclude it from malware scans, some users will resort to uninstalling their anti-malware software.
  • It’s increasingly difficult for users to distinguish between actual threats and bullshit.
  • If an actually malicious version of one of these programs comes along, there’s no way to distinguish it from other versions that are erroneously flagged as malicious.
  • A general loss of trust in anti-malware providers and their services.

Big media will keep playing this idiotic game of whac-a-mole in any way their lawyers dream up. Media piracy continues, despite these efforts, and the only people affected are innocent users.

Advice to anti-malware purveryors: stop doing this. It’s short-sighted, dangerous, and stupid.