I really wanted to title this post Praying For The World right now, but I don’t want to take away from the tragic events that have happened in both Lebanon and Paris. I learned of the events that unfolded in Paris, while browsing Google News yesterday. My mind wouldn’t stop thinking about the loss of life. How could anyone simply shoot randomly at people in a crowded concert hall? I for one, will never understand this. I’ve never had the pleasure of visiting Paris, but I am certainly praying for anyone and everyone that was effected by those cowards yesterday.
I learned of the suicide bombers in Lebanon when my fiance got home from work. She is Lebanese American and she quickly let me know that the incident that happened in Paris was directly related to the suicide bombings that occurred in Lebanon on Thursday. This simply tore at my heart. You kind of feel as if you can’t do anything about it. I’m 34 years old and I was born and raised in Los Angeles. I have been fortunate enough not to of ever witnessed any events like this during my upbringing here.
These cowardly attacks kind of bring me back to the 9/11 days. Regardless of who is responsible for these cowardly attacks, tragic events like this will bring the world even closer together. The goal is not to let the evil consume your way of life, the goal is to see the light in the darkness start from a spec and grow into a glaring beam. I was happy to hear that Paris banded together that night and some took to the streets to MARCH. This is the perfect example of what I meant by seeing the light in darkness.
There’s not much else to say, but I am praying for both Lebanon and Paris right now.
I’ve been on vacation for the last week. I had the pleasure of visiting one of the most beautiful cities that I have ever seen. That city is Vancouver and I can understand why some Americans are actually moving to Canada. Heck, we even met one working at a Pizzeria who did just that. There is something special about Vancouver, that I can’t really put into words, so I’ll just share the following picture with you.
This surreal picture was taken at Stanley Park in Vancouver. I snapped the photo with my Samsung Galaxy S3, but you’d never know it. If you haven’t had the chance to visit Vancouver, definitely make sure to put it on your bucket list.
We finally chose a new logo for our new startup. I want to thank all of you who were involved in the process. Some of you don’t like 99designs and I completely respect your opinion, but I couldn’t be happier with the final results. All of you were able to get us to this point. I’ll post more about the logo selection process a little later.
Last but not least, make sure to join us for the next Southern California Domainers meetup which will take place on November 14th. You can learn more about the time and location of the meetup here. I hope all of you are having an amazing weekend!
When I see phishing emails, the cybersecurity engineer side of me wants to see what is making it tick. I’m calling this a new phishing email, because it actually made it past the spam filters in my gmail account and it also looked quite official. You can see the screenshot of it here:
I don’t advise people to do this next step, but I went ahead and clicked on it to see if I could learn more about the resource behind it. What I found was a compromised WordPress site. This brings me to an entirely new topic, which I will discuss in a post on a later date. When I clicked the link in Google Chrome, the browser warned that it was a phishing attack, unfortunately that wasn’t the case with Firefox. Here is what Google Chrome presented me with:
Here is what Firefox presented me with: (Please keep in mind I used a VM that I have setup solely to test things like this to visit the compromised URL. You never know what can be downloaded to your system when visiting a compromised site.)
Recognize this page? In the Cyber Security world we call this a phishing campaign landing page. The typical person might actually see it as a legitimate Google login screen. Notice how the URL doesn’t make any sense? Well that’s because the compromised WordPress site is actually hosting the page.
I’m sure you can imagine what could happen next. An unsuspecting user might actually move forward with the process. Now let’s dig a little deeper here by looking at the original email message in its entirety. To save your eyes, you can actually download the original email message here. Now don’t worry, this is just a text file!
After looking at the text file, the following things stood out to me:
I know of domainit.com and fortunately I know one of the founders of the hosting company. I am in the process of connecting with him over getting this compromised email server taken care of. The individuals behind the phishing campaign are using the ESMTPS protocol to send these malicious emails.
I know my eyes are good, but I was able to use the Google Apps Toolbox Messageheader tool to validate my findings. This confirmed that mail3.domainit.com was indeed the server where the email originated from. Here is another screenshot:
The next step for me is to report this phishing campaign to the company which is currently hosting the exploited website. I traced this back to Bluehost and I am sure they will be happy to hear from me!
On another note, this is why I enjoy being a Cyber Security professional. I was actually able to help a domainer buddy’s company and reduce the potential chance of these Cyber Criminals taking advantage of anyone with this particular campaign. I’m glad I am working from home today, otherwise I might not of been able to do this.