fraud - Dave's Blog


Tweet from The Atlantic

2016 Nov 28, 10:07
The lasting damage done by Tump's 'voter fraud' allegations: 

DSL modem hack used to infect millions with banking fraud malware | Ars Technica

2012 Oct 1, 6:33

According to the links within this article, although the root URI of the router requires authentication, the /password.cgi URI doesn’t and the resulting returned HTML contains (but does not display) the plaintext of the password, as well as an HTML FORM to modify the password that is exploitable by CSRF.

The attack… infected more than 4.5 million DSL modems… The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.

PermalinkCommentstechnical security html router web dns csrf

Schneier on Security: Ebook Fraud

2011 Apr 4, 11:18Two eBook frauds involving the automated creation and publishing of books in order to make money off the long tail. The spam of books.PermalinkCommentsebook fraud bruce-schneier security amazon copyright publishing

Schneier on Security: Fraud on eBay

2009 Jun 19, 3:27You must wonder if Bruce Schneier is having trouble selling his laptop just because he's Bruce Schneier and he announced his sale on his blog. I thought his description was funny though: "But I still want to sell the computer, and I am pissed off at what is essentially a denial-of-service attack." A scam or attack to you or me is at worst a DoS to Bruce Schneier.PermalinkCommentsbruce-schneier ebay fraud security dos

Ceci n'est pas un Bob: The Zone of Essential Risk

2009 Jun 10, 12:17"Bruce pointed out in his return email that while the fraud pattern was a good match for escrow, the transaction size wasn't: since the item exchanged in the eBay transaction he highlighted was sold for only $500, the price of an escrow agent would have been hard to justify. He's right."PermalinkCommentsblog security economics article bruce-schneier Bob-Blakley ebay

New Domain Names Put Name Brands in a Bind -

2008 Nov 5, 9:43Proposed new arbitrary TLDs are super expensive. As it turns out large companies have to buy their name on every new TLD to avoid potential fraud.PermalinkCommentsdns tld domain economics security iana ietf

The Pros and Cons of LifeLock

2008 Jun 18, 12:44Bruce Schneier writes about LifeLock for which you've probably seen the comercials of the CEO parading around his SSN. I was wondering what LifeLock actually did.PermalinkCommentsbruce-schneier identity fraud credit article wired security privacy lifelock

This may look like a fake Mona Lisa. It isn't. It's a fake of a fake Mona Lisa - Times Online

2008 May 19, 12:28"Were he alive, Konrad Kujau, the man who forged...countless paintings, would no doubt feel a tingle of pride for his great-niece...being prosecuted for forging his signature on hundreds of cheap, Asian-made copies of works such as the Mona Lisa..."PermalinkCommentsart history fraud

Hitler's Diary and Hermann Goering's Yacht - FRONT PAGE - How Markus makes $15k a day from free dating site Plentyoffish

2008 May 19, 11:54Forged fake art: "After being released from prison in 1988, Kujau opened a gallery in Stuttgart where he sold 'authentic fakes'... In fact, his work became so popular that other forgers began to create forged copies of Kujau's forgeries."PermalinkCommentsart fraud history via:boingboing.comments konrad-kujau

Smithsonian Magazine | Arts & Culture | Showcasing Shams

2008 May 19, 11:46Museum of fraudulent art. "Instead of being destroyed, as they were in the past, the fraudulent pieces will live to see another day in the Museum of Fakes, established in 1991 as part of the University of Salerno's Center for the Study of Forgery."PermalinkCommentsart museum fraud via:boingboing

Phishing coders hook clueless crooks | The Register

2008 Jan 24, 8:55A software kit for phishers that, unknown to the phisher, messages any stolen info back to the originators of the kit.PermalinkCommentsfraud article phishing

I Bought Votes on Digg (Wired News)

2007 Mar 1, 1:01Wired reported pays a service to make his fake blog popular on Digg.comPermalinkCommentsarticle digg fraud bribe

iTunes fingers musical fraud (New Scientist Technology Blog)

2007 Feb 20, 10:29"The recordings of a British concert pianist who found fame in the last years of her life have been exposed as hoaxes by Apple's iTunes music player."PermalinkCommentsitunes apple music fraud hash classical article


2004 Aug 19, 2:52I received an email from the other day with the subject "Fraud Check Verification". Or at least that's what someone at the domain would have me believe. The whole official looking email was very convincing at first glance. There's the Citibank logo image up in the left corner, the reassuring TrustE image in the opposite corner, and just the right amount of legal-ese on the bottom. The text requested me to follow a link in the email to update and verify my information. At closer examination however it becomes apparent that this is a scam. Little things start to catch your eye. The TrustE image is hosted on ebay and the Citibank logo is hosted at Both images one might expect to be hosted on Citibank's site. The link in the email looks like its taking you to but in fact its taking you to a page hosted at again. The following sentence appears in the email:

If your account information is not updated within 48 hours then your ability to sell or bid on Citibank will become restricted.

Oh shit! My bid on Citibank might not go through! Seriously, they might have gone to a little more effort than just copying and pasting a scam letter meant for EBay. And the number one fact revealing the email for what it is -- I don't have a Citibank account. I had received an email exactly like this several months ago and just deleted it, but for some reason, perhaps I was in a foul mood, I decided to do something this time around. I emailed abuse at my domain, the ISP controlling their IP address, and Citibank. My domain told me there was nothing they could do. Citibank has yet to respond. As for their ISP, the following day I received an email from Leon at Alabanza's Abuse department informing me:

This account has been locked down and is now on schedule for deletion. If we can further assist you please let us know.

Fuck yeah! This was a lot better than anything I had expected. I anticipated no response from any of the letters I sent. The page is gone now. Leon rocks!PermalinkComments
Older Entries Creative Commons License Some rights reserved.