Phishers Promote Indonesian Rock Star

Thanks to the co-author of this blog, Avdhoot Patil.

In the month of January 2011 Symantec reported adult scams that targeted Indonesian Facebook users. These scams claimed to have an application in which users could view adult videos of Indonesian celebrities, taken from hidden cameras.

It seems that phishers are now using specific celebrities as bait for their phishing sites. This is unlike the previous Indonesian adult scams whose phishing pages gave the impression that the adult video would be of a random celebrity. In October 2011 phishers continued their adult scams on Facebook, but this time they chose the Indonesian rock star Ahmad Dhani in particular. Dhani is the frontman of the rock bands “Dewa 19” and “Ahmad Band”. The phishing site contained a photograph of Ahmad Dhani and Indonesian singer Dewi Persik. The Indonesian caption of the photograph translated: “To view videos of Ahmad Dhani recorded from CCTV cameras, please login below”. After users entered their Facebook login credentials, the phishing page redirected to a pornographic website. Of course, if users gave away their login credentials to the phishing site, phishers would have successully stolen their information for identity theft. The phishing site was hosted on a free Web hosting site.

Celebrities have been a common target in phishing attacks. In the past, we have seen Aishwarya Rai and Katrina Kaif used as phishing bait. Phishers are choosing celebrities with a large fan following because they perceive a larger audience will mean more duped users.

Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software, such as Norton Internet Security 2011, to protect you from online phishing.

In a Single Month, the Occupation Became a Force

On Sept. 17, Constitution Day, about 1,000 people assembled in lower Manhattan to protest Wall Street, the government’s bailout of too-big-to-fail banks, and the growing gap everywhere between rich and poor.

The world ignored them.

Around 150 stayed to “occupy” the park, living there in sleeping bags, laying claim to this New York, this America, as theirs. They were a curiosity. Tourists visited them. They were largely mocked or overlooked by the media. On Sept. 26, NPR’s news director, Dick Meyer, summarized big media’s collective view: “The recent protests on Wall Street did not involve large numbers of people, prominent people, a great disruption or an especially clear objective.” The implicit message was this: Without these things, #occupywallstreet could not matter.

But they went on occupying. They marched, carrying handmade signs with slogans serious and funny. They chanted “Whose street? Our Street!” and “Banks got bailed out, we got sold out!”  Their numbers swelled during the day, and dropped off at night. They got into some trouble with police, but they stayed.

They talked about representing the 99 percent of the population left behind by an economy that’s increasingly rigged against them. Something in the conversation changed, and people in city after city picked up and moved to parks, lawns, bit of sidewalk. They pitched tents, built kitchens, opened Twitter accounts, started to #occupy their city.

By Oct. 15, the occupation had spread to hundreds of cities, in America and across the world, and that Saturday witnessed mostly peaceful marches comprised of tens of thousands of citizens across the world.

For much of my adult life I’ve been told that the American Body Politic was apathetic. We didn’t vote, we didn’t get politically active the way people had in the 1960s with the civil rights movement and the protests against the Vietnam war. We didn’t serve the way we had in WWII, we didn’t work together the way we had in the Great Depression. After 9/11, the government’s siren call to citizens asked us simply to continue shopping and to report suspicious neighbors. We were ill-informed, checked out, and would put up with anything.

But this was never what I saw and heard around me in America. Americans want to be masters of their own fates. The great ideas about what it means to be an American are around self-determination, work, and responsibility — both individual and civic. If Americans were checked out of the political process, it was because the process had failed them — not that Americans had stopped being the democratic people that Alexis de Toqueville found himself oddly smitten with in the 1830s.

This wasn’t apathy; this was at least the perception of disenfranchisement, if not disenfranchisement itself. We knew our votes didn’t really count, and that protests wouldn’t change anything. From where I was sitting, the Body Politic fell quiet in frustration and disgust, not apathy. The people were seething in impotent silence.

In this way, the sudden fire that seemed to light up the #occupations and those around them didn’t seem strange at all. The first month of the #occupation has gone from one protest to thousands, from a few people drawn in by a counter-culture magazine called Adbusters, which originally proposed the idea, and the online collective, Anonymous, which shortly thereafter jumped on board. Now labor unions, professional associates, student groups and veterans groups have joined in.

It’s gone from being mocked by major media to endorsed by several top Democratic lawmakers. The occupiers have had a range of responses from the cities they “occupy”, from hundreds of arrests during violent clashes in Boston, New York, and Chicago to a city council resolution in support of the movement in Los Angeles. Police in several cities have confiscated the protestors’ possessions — repeatedly so in San Francisco — but every major occupation cleared out has begun to rebuild within hours.

Commentators of all stripes and strata are talking about the #occupation now. Some lavish praise, some jeer and others chime in to suggest bullet points for a manifesto. But no one is calling the occupying protestors apathetic. And no one is ignoring the very loud “No!” that has swelled up from the street since Sept. 17.

Continue reading “In a Single Month, the Occupation Became a Force” Embeds With #Occupy and Anonymous

I’m Quinn Norton, and for the next few months I’ll be your guide to the #OccupyWallStreet (#ows) protests as they move across the internet and the world.

I’ll be staying on top of the latest big news for Threat Level as best I can in the #occupations all over America and the world, but more than that I’ll be bringing you analysis of the methods and the meaning of the #occupation. I’ll be traveling to many sites and staying with the protestors. I’ll be talking with the police and city officials, and a few of those being protested.

I’ll see if the protests can survive the change of seasons, and if they can, explain how they manage it. I’ll be reporting from General Assemblies and describing the successes and failures as people try to use urban space, the tools of the network, and each other, to create new ways of running a society as well as reform the old ones. I will tell the stories of the people on the ground and on the net engaging in this long-shot experiment to change everything.

During the same time I’ll cover a separate but not unrelated phenomenon: the rise of Anonymous. I’ll be writing a concise history of the lulzy collective, and will explain their social structure and the patterns of their values. I’ll document their exploits and raids as they arise, but I will never seek to unmask any Anons.

The point of Anonymous isn’t whether or not you know who they are, but that who they are individually doesn’t matter. I’ll be exploring how that works, and how, counterintuitively, this kind of anonymity coupled with an institutional sense of humor have made them players on the global stage. I’ll be visiting irc channels and Scientology raids, political protests and 4chan. I’ll be interviewing anons, those who study them, and those they come into conflict with.

It might seem odd that I’m covering #occupy and Anonymous together, but it’s not. Both #occupy and Anonymous are each examples of a new kind of hybrid entity, one that breaks the boundaries between “real life” and the internet, creatures of the network embodied as citizens in the real world. As one member of The Pirate Bay explained on IRC, “We prefer afk (away from keyboard) to irl (in real life). This is real life.”

Over the next weeks and months, I’ll look to discover just how real it can become.

Our New Web Browser Extension to Warn When Outdated Software is Being Used

We are always looking for ways how we can help to improve the security of the web. One of the basic security measures that needs to be taken to keep websites secure is keeping the software running on them up to date, as newer releases often contain security fixes and enhancements.

The developers of web software have done a lot to make that easier by providing messages in the software that the websites is in need of update and making the update process easier. Even with this there is still many website running outdated versions of that software.

When we are in touch with people running websites whether they are potential clients, people we are contacting to let them know their website has been hacked, or for some other reasons, we make sure to let them know if we see they are running outdated software that needs to be updated. We only reach a limited number of people so to increase awareness that outdated software is running on websites we have created a new web browser extension, named Meta Generator Version Check, to make it easier for others to see when there is outdated software running a website.

With the web browser extension installed, each time a web page finishes loading the extension checks the web page’s source code for a meta generator tag. The one for the current version of WordPress looks like:

<meta name="generator" content="WordPress 3.2.1" />

After reading that, the extension then provides a warning if it detects one of the following software is running on the website:

  • WordPress versions prior to 3.2.1
  • Joomla 1.0 and Joomla 1.6
  • Mediawiki versions 1.16.4-1.13 (earlier versions do not contain a meta generator tag)
  • vBulletin versions prior to 3.8.7
  • TYPO3 versions prior to 4.3
  • Movable Type versions prior to 4.37, 5.06, and 5.12
  • Melody versions prior to 1.0.2

Looking at that list you might notice that there is a fair amount of software missing. The limitation of checking the meta generator is that not all software produces one and some of those that do, do not provide a tag that allows us to identify what version is running. In other cases only partial version information is given. For Joomla, this means the extension can warn about websites running Joomla 1.0 and 1.6, which are no longer supported, but for Joomla 1.5 and Joomla 1.7 there is no indication if they are running the current version of those, as of yesterday they were 1.5.24 and 1.7.2, or an older version.

Another issue we have found as we looked to add checks for more software is that the supported versions of software are not always easy to find. We would recommend that software developers make sure that they prominently display what versions of their software are supported so that people looking for that information can easily find it.

If you see that we are missing a check for software that provides the required information in the meta generator tag please let us know so that we can include that in the extension.

While it would be possible to have the extension do a more intensive check to determine what version of software is running on website, using information not available in the meta generator tag, this would in most cases require requesting additional files when each page is loaded and would provide information that is not being made available by the web page itself.

We currently plan to update the extension to warn that software is outdated a month after a subsequent version has been released or support has ended for a version. For severe security vulnerabilities the extension may e updated sooner provide an earlier warning.


The main use for the extension is to be alerted that websites that you are visiting are running outdated software so that you can let them know that they need to update it or if they are your client you can do the update yourself.

It also could be useful in looking at who you considering doing business with or what software you might use on your website.

If a web host isn’t keeping software on the frontend of their website updated, it is reasonable to be concerned that they might not be taking proper security measures for their hosting clients as well. After checking just a few web hosts we found that both Just Host (3.0.3) and IX Web Hosting (3.1) were running outdated version of WordPress. It is also interesting to note that homepage of IX Web Hosting’s website has security seals from both McAfee Secure and something called Ecommerce HackerShield (which appears to something created IX Web Hosting’s parent company) claiming the website is secure despite the outdated software, with known security vulnerabilities, running on a sub-domain of the website and linked directly from the homepage.

For software, an example of something that might be concerning that we just noticed with a piece of software that we run on our website, Piwik, is that their website is still running WordPress 3.0.4.


A version of the extension is now available for Chrome. A version for Firefox is currently pending a review from Mozilla. The Firefox version has some limitations in comparison to the Chrome version due to current limitations of the Mozilla Add-On SDK, as the Add-on SDK is further developed those limitations will also go away. A version for Safari will not be released until Apple modernizes their enrollment process for Safari Extension development.

You can also find a web-based version of the tool here.

Is Running Outdated Software Always a Security Concern?

Outdated software is not automatically less secure than a newer version, it would only be more insecure if it contains a security vulnerability that does not exist in a newer version. Often new releases include fixes for security vulnerabilities or security enhancements. There is also a possibility that changes have been made in a newer version that removed a security vulnerability that was not known to be security vulnerability at the time. To be safe it is a good rule to update the software even if the developers have not warned of vulnerabilities in prior versions. To keep things simple we have decided that the extension will warn if outdated version is running instead providing a warning only when we know an old version contains a security vulnerability.

Is Including a Meta Generator a Security Concern?

With software that includes a meta generator tag there are often people claiming that it makes websites less secure, this is especially true when it comes to WordPress.  We previously discussed the issue in detail in regards to WordPress. The summary of that is as follows: The bad guys are not generally checking the meta generator tag and they usually don’t even check if you are running the software they are trying to exploit. On a daily basic there are attempts to exploit software that is not and has never been on our website. Because the bad guys attempting to exploit vulnerabilities do not bother to check what version of software you are running the website, you will get hacked if you are running a version with that vulnerability even if you managed to completely hide the version running. Finally, if someone wanted to find out what version you are running they could do that even if you remove the meta generator tag.

With our new extension we think it makes even more sense to include a meta generator tag as it increases the usefulness of the tag by letting people inform others they have outdated software running on their website that needs to be updated.