“Thy sin’s not accidental, but a trade.” (from Measure For Measure)
Getting bombarded by Phishers is no fun but sometimes these communications offer some comic relief. This posting is dedicated to the anguished English and linguistic jewels they produce. May the tormented ghost of Shakespeare continue to sabotage their exploits.
Here are my top ten favorites:
1. Starting the message in one language and then switching to another as in “Dear Cliente,”
2. Getting subject verb agreement wrong as in “Your account just make…”
3. Poor punctuation as in “Due to concerns, for safety and the integrity…”
4. Nonsense content as in “Most of your date in our database were encrypted…”
5. Poor formatting as in missing a space after a period.that’s right.
6. Wrong capitalization as in “This is the Last reminder…”
7. Poor grammar as in “If this message sent as Junk or Spam, its just an error…”
8. Excessive use of exclamation marks as in “Update Required!!”
9. Poor spelling as in “It has come to out [our] attention that…”
10. Failure to do basic arithmetic accurately as in “$254.99 + $20.00 = $374.99”
© Copyright 2016 Yaacov Apelbaum, All Rights Reserved.
Several days ago, I got an email from PayPal Support with the title: “We noticed unusual activity on your account”. The body of the email contained details of a suspicious transaction that allegedly occurred in my account and it invited me to click on the hyperlink “I Didn’t Authorize This Purchase” to dispute the transaction. At first blush, the email seemed well formatted and looked possibly legit.
I took a closer look at the embedded URL and noticed that it had the following shortened alias: http://bit.ly/1ml6nhf which resolved to: http://account-service-costumer.com/us/webapps/mpp/home. Taken together with the obvious Chinglish verbiage in the body of the email, it became apparent that this was not an actual PayPal address but rather a phishing site.
I must say, I was taken back by the quality of the site. Whoever was responsible for setting it up invested a lot of time and effort into it. In a departure from typical phishing site design where most of the bogus links either don’t work or are eliminated, this one had multiple layers of linkage functionality designed to make the site appear real. For example, when I clicked on the “Send Money” link, I was prompted to enter a transfer amount and my recipient’s e-mail address. Impressive functionality.
Structure and Functionality
In terms of navigational structure and content, the phishing site was almost an identical copy of the actual PayPal website. It had identical layout, images, and link names. It even had all of the streaming media. One note of interest is that even though the link names were verbatim, most of them just reloaded the phishing site landing page with the exception of “Investor Relations” and “Feedback Links” at the bottom which loaded external pages. This is a departure from the previous phishing practice of simply eliminating such links from the site altogether.
As far as the actual phishing exploit is concerned, the “Login” and “Sign Up” links are the core components. If you click on them they redirect to a fake PayPal login page where you are prompted to enter your user ID and password after which you land on a form intended to verify your identify which collects all of your personal information including DOB, SS number, phone number, and address. Double whammy!
Site Hosting and Publication
The site was registered in the US just two weeks ago via the Name.com web register and its IP is hosted on a dedicated server in the New Jersey/New York area.
This is somewhat unusual because most of the phishers tend to host from abroad on repurposed or hacked servers serving other legitimate content.
This was probably done in an effort to survive a cursory URL Whois check that would confirm that the hosting is in the US (which would be the case for the real PayPal servers).
Heads up! It appears that we are witnessing a revolution in phishing affairs through the escalation in quality and detail of these sites. Considering this, it may behoove payment industry providers such as PayPal to start utilizing image match search capability to detect and block the appearance of such sites in near real-time instead of passively waiting to receive fraud alert messages from their customers weeks after the phishing campaign has wrought its havoc.
© Copyright 2016 Yaacov Apelbaum, All Rights Reserved.
Based on the illustrations of Gay Jolliffe
Several months ago, I was working on a UAV project that involved some sensor integration. After spending several sleepless nights figuring out the right power distribution by trial and a lot of error, I figured that there must be an easier way. It was time to hit the books. After some research, I found that two decent introductory books on the subject are the "’Make Electronics’ series and ‘Electronic Components’ by Charles Platt.
I am still working through these books at present. Other than learning a lot on the subject and building some neat devices, I have also discovered that Mr. Platt is a prolific author; a true Renaissance man.
I perused some of his other titles on Amazon and I picked up “How to be a Happy Cat”. It’s a great family read especially if you have a cat and kids who will undoubtedly enjoy the satirical narrative and Gay Jolliffe’s illustrations.
Professing to be the “first and only self-help guide for cats”, the book answers many existential questions—from the point of view of a cat—that have boggled the minds of felines since the dawn of history. Here a cat can find answers to problems such as how to live more than nine lives and how to find lasting romance.
One of my favorite observation in the book is:
“There are millions of humans just waiting to pamper us with gourmet food, indoor sanitation, and professional care. It’s absurd not to take advantage of the situation.”
As far as the Make Electronics books, they’re great! The labs are well structured and they take you from zero knowledge to a decent proficiency on the subject while requiring hands-on work and learning by doing.
Another reason to go with these books is the coverage that you can find in YouTube and the author’s responsiveness to questions. When I ran into a problem with one of the experiments and just couldn’t figure out the solution, I posted a question the the book’s website. To my pleasant surprise, I got a detailed response from the author who provided me with some troubleshooting guidance.
So in the spirit of sharing the knowledge, here are several tips and resources that I found useful if you are planning to work through the book:
Component Sources – If you do need to purchase replacement LEDs, transistors, or relays, get them on Amazon or Ebay. Most of the US retailers charge comparatively exorbitant prices for these components. For example, I paid $2.69 for a bag of 50 LED, which is the same price Radio Shack charges for a single one. Not a biggie, but disproportionate.
Testing Equipment and Tools – Get the best tools you can afford. Nothing is free in life, so don’t skimp on price or quality of your multimeter, oscilloscope, signal generator, power supply, soldering station, etc. If you don’t know where to start, check out Dave Jons’s EEV Blog for product reviews
Specifically for experiments 14 and 15, here are several tips and resources that I found useful:
The two capacitors used in the “Pulsing Glow” experiment should have their negative poles facing away from the LED. You can tell the negative poles by the location of the vertical white strip on the capacitor. Also, when inserting the LED into the female header make sure that the negative LED leg (the shorter leg) is close to the black negative wire.
When assembling the five transistors, pay attention to their type (i.e. BJT vs. PUT) and their orientation. The two transistors under the speaker are PUT 2N-6027, the remaining three BJTs are 2N-222A. Note the 180 degree difference in orientation for both types.
When preparing the project enclosure, use the following drill hole patterns. This template fits a 6” x 3” x 2” (15 mm x 7.5 mm) project enclosure box. To use it, print it out (make sure that the size does not change during printing), tape it on the enclosure cover, and mark the centers of each hole with an awl. Also, don’t pre-drill all holes on the cover. The sizes of the holes for the SPDT on/off switch and DPDT pushbutton switch (2 largest holes seen on the left side of the template) will be determined by the size of your specific components.
Leave your functioning breadboard design intact and don’t dismantle it when transferring the circuit to the perfboard. This will require you to purchase some spare parts, but having a functional prototype that you can refer to during the transfer process and use to troubleshoot is invaluable.
When soldering the components, use =<0.5 mm wire size and a conical-wedged tip. This will help you maintain fine control over the size of the solder joint. I also found that setting my solder temperature to 750F allowed me to complete each joint in about 4 seconds.
When assembling the final components, temporarily attach them to their poles by bending their lead wires and using alligator clips. Make sure that the whole system works, including the power on, self test, and magnetic sensor functionality before you perform the final soldering.
One more note: if you have a cat, batten down the hatches! We found LEDs, wires, transistors, and capacitors all over the house. Apparently, our own “Happy Cat” following the advice in the book, has been catching up on his circuit design as well.
© Copyright 2015 Yaacov Apelbaum All Rights Reserved.
I’ve arrived to Bali for a short stay. At the Ngurah Rai airport, I took a cab to Ubud, a small town of about 30,000 inhabitants located north of the airport and about ninety minutes away.
After checking into my room, I went out for a stroll around town. Ubud is a major hub for all sorts of regional drifters and the cafes and restaurants brim with tourists from every corner of the world. Riding on this wave of opportunity, the city sports numerous galleries and handcraft stores. The main attractions are the wood carvings, Balinese textiles, and paintings.
If you are interested in some wood or handmade crafts, the low currency exchange rate ($1= 11,910 Indonesian Rupiah) makes them very affordable. I visited a wood carver’s workshop in a nearby town and was amazed to find out that a hand carved teak house entrance door with elaborate screen and door frames was selling for abut $200-300 USD.
Before the trip, I had a mental image of Bali being a paradise. Turns out I wasn’t wrong. The island is a lush tropical forest that is full of monkeys, bubbling streams, waterfalls, and hundred eighty degree panoramas of remote, semi-active volcanoes. Unparalleled scenic beauty aside, the highlight of my visit was the doors, hands down.
The streets in town have not been modernized yet and hence are a mixture of small business and old residential buildings. Because of the Hindu prominence, the island is covered with scores of temples which include large public structures like the Mother Temple of Besakih, small village temples, and endless family residential temples.
The entrance to the family residences and temples has a standard architectural form: a brick or masonry wall that surrounds the property and terminates in a wooded entry door. These doors are just magnificent and turned out to be the highlight of my trip. I must have seen dozens of them and as you can see all are equally awe inspiring in their detail and artistry.
© Copyright 2014 Yaacov Apelbaum All Rights Reserved.
The Far East is a wonderous place. Over the past two years, I’ve spent a lot time there on business. When I’m not burning the midnight oil at work, I try to steal some time off on the weekends to go hiking.
I recently stopped in Japan on the advice of a friend and visited Narita’s Shinshō-ji temple.
Modern Japan is pretty industrialized by now, so it’s hard to find locations that confirm the romantic silk paintings that most of us associate with old Japan. Shinshō-ji, however, is a bona fide and beautiful vestige of the past.
The temple is located about 20 minutes by train from the airport,so if you are between flights and have a few hours to spare, store your luggage at the airport and check out this place. It is the poster child of pastoral Japan: a small village with traditional stores and houses, beautiful gardens, and breathtaking architecture.
© Copyright 2014 Yaacov Apelbaum All Rights Reserved.
Second day of the WCS and we have been demoing the City Falcon, an Unmanned Aerial Vehicles platform designed especially to operate in crowded urban environments.
Standard features include:
- Low RPM brushless motors
- All weather operational capability
- Fully autonomous flight and support for complex orchestrations
- Customization for multi radio frequencies
- Fire resistant design
- Long range flights (over 5 miles)
In addition to all of the above, the UAV also supports specialty custom payloads like environmental, chemical sensors, and multiple types of cameras.
Operational demonstrations included:
- Flight through high heat sources (Oil tank fire of over 450º F)
- Operating in high wind and high turbulence environments
- Evaluation of crowd formation and people flow
- Autonomous flights path and homing
- Stalking multiple targets of interest
- Patrolling and inspections of a chemical plant and hazardous substances
© Copyright 2014 Yaacov Apelbaum. All Rights Reserved.