A little something about everything

internet marketing and website development made simple..

User Data Breach at Amazon.com today, Notice: Important Information about your Amazon.com Account

If you're wondering why you are receiving more spam then usual this could be part of the issue.

Seems amazon.com account emails were disclosed by mistake recently.

Here is the Notification:

Sender:

Amazon.com <no-reply@amazon.com>

Header Info:

Received-SPF: pass (hidden: domain of bounces.amazon.com designates 54.240.13.69 as permitted sender)
 client-ip=54.240.13.69
Received: from a13-69.smtp-out.amazonses.com ([54.240.13.69]) by hidden with
 ESMTPS (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521); Tue, 27 Nov 2018 14:43:50 -0600

Subject:

Important Information about your Amazon.com Account

Here is the message:

Hello, We’re contacting you to let you know that our website inadvertently disclosed your email address due to a technical error. The issue has been fixed. This is not a result of anything you have done, and there is no need for you to change your password or take any other action. Sincerely,Customer ServiceAmazonPlease note: this e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message.

It appears that, ($om3o1dP@$$w0rd), is your password. You might not know me and you are most likely wondering why you're getting this e-mail, right?

So I've had several clients call me with these questions; what is this?, do I have a virus?, is my account compromised?, what should I do?

First off, if you are still using the password in the email go change your passwords! Its also a good idea to use separate email address for work, personal finance and social media sites.

What is this?

These emails are being sent by scammers that have come into possession of compromised social media databases that included your email, unencrypted or poorly encrypted passwords and other info such as contacts. 

Do I have a virus?

Perhaps but its not related to this email. Scan your system with a reputable antivirus scanner.

Is my account compromised?

If you are still using the same email address and password for any website, device or application then yes! you should change your password immediately. 

What should I do?

Don't send the scammers anything, never send them money no matter what. Check your accounts for weak password and update them. Always use https and verify you are on the correct website. Don't share anything on social media that you don't want people to know, its not secure and at some point it very well could be used in the next database breach to try and extort money from you.

Here is the email example,

Subject Text:

somee-mail-address-you-used@social-media-site.compromised:$om3o1dP@$$w0rd

Body Text:

It appears that, ($om3o1dP@$$w0rd), is your password. You might not know me and you are most likely wondering why you're getting this e-mail, right?

in fact, I put in place a malware on the adult videos (porno) web site and you know what, you visited this website to have fun (you know very well what I mean). During the time you were watching videos, your internet browser started out functioning as a RDP (Remote Desktop) which provided accessibility to your screen and web cam. and then, my software programs obtained all of your current contacts from your Messenger, Outlook, Facebook, in addition to emails.

What did I really do?

I produced a double-screen video. First part shows the recording you're seeing (you have a good taste haha . . .), and 2nd part shows the recording of your web cam.

what exactly should you do?

Well, in my opinion, $1100 is really a fair price for your little secret. You will make the payment by Bitcoin (if you don't know this, search "how to purchase bitcoin" search engines like google).

Bitcoin Address: [some scammers bitcoin address] (It's case sensitive, so copy and paste it)

Very important:
You've one day in order to make the payment. (I've a completely unique pixel within this e mail, and at this moment I know you have read through this email message). If I do not get the BitCoins, I will certainly send your videos to all of your contacts including relatives, co-workers, and so on. Having said that, if I get the payment, I'll destroy the recording immidiately. If you want evidence, reply with "Yes!" and i'll certainly send out your videos to your # contacts. It is a non-negotiable offer, that being said don't waste my personal time and yours by responding to this message.


 

maxview Storage Manager - Error message: Login Failed: Internal Error Occurred

This can be caused if you've changed your administrative account user to improve security on a server.

In order to resolve this issue you will need to stop the max view services in this order:

Then edit cimserver_planned.conf in your maxview storage manager, default path is:

C:\Program Files\Adaptec\maxView Storage Manager\pegasus\cimserver_planned.conf

open with text editor and alter the line from

enableAuthentication=true

to

enableAuthentication=false

It may look something like this: 

save and exit the conf file.

Now start the maxview Storage Manager services in this order:

Now you can login with your admin account correctly.

 

Exploitable LDAP server used for an attack: Microsoft Active Directory / Exchange Server

You've just received notice that your Active Directory server is being used as part of a wide scale dDoS attack. Here is how you can fix it.

Go to the firewall settings on the active directory server or reported server IP and look for the following rules.

  • Active Directory Domain Controller - LDAP (TCP-In)
  • Active Directory Domain Controller - LDAP (UDP-In)
  • Active Directory Domain Controller - LDAP for Global Catalog (TCP-In)
  • Active Directory Domain Controller - Secure LDAP (TCP-In)
  • Active Directory Domain Controller - Secure LDAP for Global Catalog (TCP-In)

For each of these alter the rule by choosing the Scope tab and entering only IP addresses that should have access to LDAP information. For example, Microsoft Exchange Servers within your network that need access to LDAP.

For assistance securing your network or if you are looking for hosted exchange services check out Area51.mn.

 

Using a SSL Certificate for RDP

Create and install a certificate using IIS or import a pfx file, the cert can be SHA256 or whatever you want.

Open your Cert Manager,

  • Run/open "MMC"
  • File, Add/Remove Snap-in, Certificates, OK
  • Expand the folder with your cert (generally Personal, Certificates)
  • Right Click the Certificate, Open
  • Details tab, near the bottom choose thumbprint and select the HASH VALUE
  • remove the spaces from the HASHVALUE
  • open a Command Prompt with elevated privileges
  • run the following command using your SSL cert's thumbprint hash value in place of "HASHVALUE" remove the quotes.
    • wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="HASHVALUE"
  • It should say "Updating property(s) of ...
  • then it should say .. update successful

That's it, you're done.