Archive

Mariah Carey is NOT dead

Screenshot_2016-05-15-16-52-00_kindlephoto-22024032

Mariah Carey is the latest celebrity to be picked by scammers for a hoax death.

Links to these hoax sites announcing a celebrity death are posted around Facebook, Twitter as linkbait to websites used to trick people into installing malware, complete surveys and so on. Often with prompts like complete this survey to prove you are hunan, install this app to view content etc.

If you see a news announcement like this DON’T share it. Go to a reliable news source like Channel 4, Sky News, Huffington Post, Yahoo News etc. The death of a well known celebrity will be all over the news sites.

Spam E-mails

We have been made aware that spammers are sending out spam emails with fake headers which make it appear that the emails have come from an ERS Web Solutions account. These spammers are based in Hong Kong and Mainland China.

We never send unsolicited special offers for anything especially not for any medications.

If you have received any of these emails we are sorry, it wasn’t us and if we could put a stop to them we would.

Facebook Stalker Apps

We’ve mentioned before on our Facebook page, Twitter feed and on our blog that the functionality needed for an app to tell who your Facebook Stalker, Top Profile Visitor, Who’s Spying On You etc is not available. Some of these apps have been used to spread malware or promote malware spreading apps or websites. They could also cause friction in relationships and cause untold misery.

Facebook Stalker

Facebook has never made it available and have said on numerous occasions that they have no plans to ever make it available.

Facebook have said

Can I know who’s looking at my Timeline or how often it’s being viewed?

No. Facebook doesn’t let you track who views your profile or your posts (ex: your photos). Third-party apps are also unable to do this.

Clear enough?

So please don’t install these Facebook stalker apps, ever. Not even “just for fun” and report the app.

WordPress Cross Site Scripting Exploit

Researchers from Finnish company Klikki Oy have released a video and proof of concept code for an exploit, which allows a hacker to store malicious JavaScript code on WordPress site comments. This affects all WordPress versions including the latest version 4.2. This is a zero day exploit that could be used by hackers at any time.

If a hacker posts a comment which is greater than 64K (65,535 characters) which gets approved, for example by having a previous comment approved and the page is visited by someone with admin rights then malicious code could be run including setting up a new admin account for the hackers to use.

CloudFlare, a content delivery network that caters for around 5% of internet traffic said it had seen malicious emails sent out by hackers trying to point people to a compromised WordPress site hosted by Bluehost. It appeared they had been taking advantage one of the flaws in older versions of WordPress.

ERS Web Solutions has checked, verified and secured all the websites that it is responsible for. All databases have also been individually checked by a human to ensure that no malicious code or user logins had been generated by hackers.

A statement has been released by the WordPress development team The WordPress team was made aware of a XSS issue a few hours ago that we will release an update for shortly. It is a core issue, but the number of sites vulnerable is much smaller than you may think because the vast majority of WordPress-powered sites run Akismet, which blocks this attack. When the fix is tested and ready in the coming hours WordPress users will receive an auto-update and should be safe and protected even if they don’t use Akismet.

Ways to keep Safe

As WordPress is used to run around 22% of all websites on the internet, and around 60% of websites where the Content Management System[?] (Source: w3Techs web technology surveys). It will always be a target for hackers.

Use Akismet which checks comments and puts them in the spam comments section.
Use a reliable host, we recommend Names.co.uk.
Restrict comments to a few hundred characters for example using Greg’s Comment Length Limiter
Don’t user an obvious user name such as admin.
Most Important Of All Keep WordPress and Plugins Updated

Reference: https://wordpress.org/news/2015/04/wordpress-4-2-1/

http://wptavern.com/wordpress-4-2-1-released-to-patch-comment-exploit-vulnerability

Facebook Security Guides

Facebook has created eleven new guides to it’s privacy and security settings.

These guides are interactive and very visual in style and include topics like hacked accounts, phishing, how you are protected and spam. They are part of the privacy basics tool that was launched by Facebook back in November.

It’s good to see Facebook trying to educate users about using privacy tools, choosing sensible passwords etc. The sheer size of people using Facebook makes it difficult to educate people. Many people still wont pay attention – in 2014 the three most popular passwords were 123456 (unchanged from 2013), password (unchanged) and 12345!

Tony Hart Death Reports

There are a large number of posts travelling round Facebook regarding the death of the UK television star and artist Tony Hart announcing he has just died.

Tony Hart has died. However he died in 2009, so the just died isn’t correct.

http://news.bbc.co.uk/1/hi/uk/7836112.stm

Every few months there will be reports of a celebrity dying. Make sure you confirm that a death of a celebrity from a reliable source before sharing.

Leave a Reply

Your email address will not be published. Required fields are marked *