[00:00:01] Good morning friends It is Monday, April 29th and this is security on the bayou.
[00:00:05] Let’s get things kicked off today with an article from SC Magazine U.S. by Doug Olynyk credentials stuffing bigger and better than ever. Obviously credential stuffing has been around for a long time but Recorded Future issued a report this week talking about the resurgence of it for a few reasons. One of them is automation which makes perfect sense we’re automating everything these days and not just the automation here but they have developed not they procure Recorded Future has not but the bad guys have vellum some tools that can do multiple sites at once. So not only are you just hitting one you’re hitting a bunch and you’re doing it very fast and you’re automating it. So you’ve seen a resurgence in it so much so that a single account that used to sell for ten dollars is now down to a mere one or two dollars. It’s very interesting that this has come back and this has been seen in the wild if you will so go check out this article recorded feature also called out a few different tools that have been used some interesting names of these tools obviously you can tell where they came from by the names but also some prices. There is one on here, private keeper that sells for forty-nine rubles Russian rubles which is a approximately 64 cents. So not exactly a high barrier to entry on this.
[00:01:26] OK next from ZDnet we have an article entitled Google boots major Android app developer from the store from conducting massive ad fraud. This one is by Charlie Osborn. So they kicked out over 40 apps by a Chinese developer over the weekend. And here let me get I want to make sure I get this right. The name of the company or the developer is Deo global which is in part owned by Baidu so a very big connection there for this developer. So they ripped a bunch of their applications off the Google Play store for using adware and you know essentially click fraud within the adware within the application so it was quite a few it ended up being at the end of the day over 100 applications that were they removed with 600 million installs. That’s quite a few. I’m sure they made a few bucks on that deal. Global released a statement, of course, they’re quote-unquote sorry and you know they’re going to look into their practices. But we know how that goes.
[00:02:27] So next a crash course in card shops by Josh. I apologize Jeff. Josh I to get this wrong Lefkowitz this is an interesting article this isn’t necessarily going to make you a expert on carding and how the underground card shops work but it’s a great primer. You’re all human so you understand good customer service that that part won’t come as a surprise here they do refunds you know there are all kinds of different things but I think what I really enjoyed about this article is some of the terminology and abbreviations and tallies that are used for instance B I N bank identification number and then also like the difference between a dump versus a card. So and then obviously CSP which I previously knew. Card not present fraud which is very common. And so it’s in some good detail here I recommend you read this as all sort of prime you on you know some things that are going on especially in the financial services or you know you work for one of these companies. Take a look at this it should be hopefully something you already know but added to your toolbox of tools.
[00:03:38] And then the last one for the day on a bit of a lighter note this one actually came up last week chose to skip over it but I think it came back up on my feed so I had to bring it back up. This one’s by Matt Novak on Gizmodo dot com. Lime scooters hacked to say sexual things to riders in Australia. Obviously lime is not very happy about this but frankly, I find it pretty funny. Like here’s one of the sayings. “Don’t take me around because I don’t like to be ridden” which is you know a little silly. Let’s see here. When customers ended a ride with the hacked scooters the voice box said “no where you go” according to yet another video posted before lime learned about the hack and then this is what they said. It’s not smart it’s not funny and it’s akin to changing a ringtone. I also find changing people’s ringtones very funny so nice try and then they tried to play to the maturity of people which we all know will not work. So very interesting article once again on Gizmodo to calm your laugh of the day in the hacking world. Thank you for joining us.
[00:04:45] This is his man security on the bayou April twenty ninth. Monday.