Category Archives: Uncategorized

The Bot that Stole Christmas

Dr Evil Dont be evil evil Bots Gone Wile

So far, this winter has been a wonderland of bot scams! Bot elves are mining at warp speed to steal your holiday cookies. Don’t let these sneaky thieves steal your Christmas cheers or profits!

These latest holiday hijinks are spoofing everyone from Wall Street to Main Street. The Xindi botnet will generate $3 billion from advertisers by the end of December.  Xindi’s pockets will be jingling with all those impression pennies. There are roughly 6-8 million corporate computers infected with this Grinch. The fix? A list of IP addresses to not advertise on.  That is not a solution.

If CAPTCHA was a headache, iCAPTCHA is a migrane. Instead of the world typing 200M CAPTCHA’s a day, iCAPTCHA requires the user to authenticate twice, using an illegible word and choosing 1 of 2 “language learning” answers. Avoid the headache altogether with NoMoreCaptchas.

If Chipotle didn’t have enough issues with e-coli, check out the Chipotle human resources in-denial of security article.  HR at Chipotle was using an email domain as a response called chipotle@chipotlehr.com a domain owned by IT guy Michael Kohlman. Realizing what a threat this was, Kohlman offered to donate the domain to Chipotle. Sadly they were as interested in protecting sensitive personal data as they are the quality of their food. They rejected his offer stating they didn’t see it as a threat.

A round of holiday cheers to Rohit Dua from LinkedIn India for fixing a cross site script (XSS) vulnerability within the LinkedIn help forums!

Beware if you are looking to make merry with a Tinderoni, the Tinder of China called TanTan recently reported a “man in the middle” gathering private user information such as password, location, preferences, and personal data.

If you don’t want to be loaded down with coal in your holiday stocking, or find out a bot Grinch has stolen your Christmas cookies, protect yourself with NoMoreCaptchas or Secure Ad using BioChronometrics.

Wishing you all a safe and bot-free holiday season 🙂

 

eCommerce Fraud Gone Wild

credit card fraud unlimited shopping

This past Sunday, I decided to take a relaxing stroll.  The air was crisp, the birds were chirping, families were decorating their houses for Halloween.  But the scariest sight to behold was inside my local Trader Joe’s!  Lines to check out ran the length of the store, people were angry, kids were screaming, Moms were stressing, ice cream was melting.  I’d never seen such chaos. I figured it must be the end of the world and nobody told me.  People must be stocking up on everything right?  Beer, vodka, tequila, you know – the essentials for the end of the world 🙂  So I grabbed my groceries and waited, and waited and waited … in a line that would not budge.  I asked the checker, why the long wait?  He said, “We got the New Chip and it takes forever to process.”  Instead of a swipe, the new cards “EMV” which stands for EuroPay, MasterCard, and Visa takes a push-and-wait 35 to 40 seconds for verification.  Is this push-and-wait the doom of plastic and the cataclysmic shift to mobile wallet payments?

At the point of sale (POS) machine, I noticed the “Android Pay” logo.  I had used the Google Wallet a few months earlier at Rite Aid, but it was limited on the stores that accepted it.  Google also re-branded the Google Wallet to Android Pay to make it sound like Apple Pay.  Today was my lucky day, I had an opportunity to try out Android Pay 😀  I pulled up the app and selected my electronic credit card of choice and gently put my phone against the POS machine.  In 2-3 seconds the cashier was looking at me in amazement and couldn’t believe how fast I paid. As he handed me my receipt, I thought “Wow, plastic is history!”

Flashback a few weeks ago prior when I was purchasing tickets on EventBrite they added Android Pay to the payment options.  I usually chose PayPal because it’s much faster than wasting my time on the web checkout entering CVV codes and my credit card info.  So I decided to give Android Pay a try.  With a few clicks, I was done.  Wow, “fast and completely painless!”

Because of the speed and security of electronic wallets, consumers will adopt electronic wallets very quickly in the next few years. The in person retail fraud will drop and most fraud will be in cyber space with eCommerce sites that use “card not present”.   With the introduction of eDNA, eCommerce sites can reduce their fraud by authenticating the user on the site or mobile device for a purchase. eDNA is a new technology that is derived from BioChronometrics which is passive user authentication based on a users behavior such as type, text, click, or swipe.  Message me if you need help with the flood of eCommerce fraud.  It’s not the end of the world, just the end of plastic!

WordPress Bot Prevention

sxx_aksimet_nomorecaptchas LNKD

Recently a WordPress exploit was discovered for the very popular Akismet spam comment blocking plugin.  Akismet uses a white/black list type of technology to determine bad comments.  The cross site script (XSS) vulnerability was used in the comment section of a WP site by using a malicious script designed for converting emoticons to graphical icons.  Is there a way to prevent this?

WordPress sites are very common and most are used by small bloggers and businesses to have a very professional looking presence on the web.  This site uses WordPress.   A thing most people forget is that WordPress is open source and one of the most widely used content management system (CMS) on the internet.  The internet is HUGE.  What this means is WordPress is highly targeted by various types of hacker exploits.

These exploits are usually conducted by automated bots that go to WordPress sites.  Because of the bots, it’s very important to have anti bot technology on your site.  If you want to test out some anti bot technology check out NoMoreCaptchas with a FREE 6 month commercial trial.  Code NOBOTS15

Thank You Very Much!!

Ad Tech: Don’t Be Evil

dr_evil_dont_be_evil_evil 700x400

Google was a pioneer in introducing a feature every advertiser wanted, highly specific target marketing. It was  cheaper than TV ads.  Programmatic advertising became very profitable for advertisers, publishers, and exchanges. Everybody drank the ad-tech Kool-Aid. The biggest casualties of all that Kool-Aid today are the independent publishers. Is ad tech evil?

The little publishers lose again.  The independent publishers don’t have the branding of Time or The Wall Street Journal with highly legit traffic.  These small publishers are the people that use GoDaddy and have a WordPress blog.

Another factor affecting the small publishers is the growing trend of ad blockers.  We even see the dark side of ad blockers receiving kickbacks for letting paid ads in.  Ad blocking is said to have up to 150-200 million users and growing.

With the invention of BioChronometrics, advertising fraud (click, impression, and display) has become an unnecessary evil!  If you want to discuss how to get 100% human traffic for your site, please message me using my anti-bot contact form here.

Craigslist and Concert Ticket Fraud

Craigslist scams biochronometrics

Ticket scams.  We’ve all been to concert’s and had to buy tickets from scalpers because robots keep buying tickets on Ticker Master the day they are released.  Usually I buy tickets at the event minutes before the event.  But, sometimes I get a ticket by checking on Craigslist a few days or weeks before.   Although most tickets on Craigslist are legit, there are some bad apples.

If you do a basic Google search you will get all kinds of results for “Craigslist Fraud” which show 19,700 news search results.

rsz_craigslistfraudbiochronometrics

Most recently a fellow by the name of Mark Tracy was charged by the Chandler PD for ticket fraud nationwide.  Whatever tickets were hot, such as the Taylor Swift concert, there he was swindling away.  Police have now charged him with fraud.  But what are some things these social sites like Craigslist can do to eliminate or minimize the current fraud situation for concert tickets?

Most people take the usual precautions and are aware of “cash only” scams.  Some scammers will even ask you to wire money or bank account details.  These are tall tale signs to look elsewhere.  Common sense should always be used buying tickets on the secondary market of Craigslist.

Beyond the typical precautions, the perpetrator could be blocked from Craigslist via BioChronometric eDNA.   Once the scammers eDNA is stored, the site becomes impenetrable, discouraging the fraudsters from using it.  Craigslist would then be a safer place for artists, customers, and ticket sales.

 

 

Facebook, One Billion Users or One Billion Bots?

AshleyMadisonFacebookbot users billion

 

Facebook just announced they have one billion users logged on.  That’s quite impressive.  Facebook is a power house social network with users.  But as we’ve seen previously, there’s alot of bot activity on Facebook.  Everybody is wondering how Facebook came up with the “One Billion Facebook Users” that were logged in.

As mentioned before, we can make your social network human with no bots via BioChronometrics.

Bots Gone Wild on Wall St.

bots_gone_wild_on_wall_st DDOS

The Dow plunged over 1,000 points today.  At the open the market proceeded to rally then sell off several times thru out the day.  Computer traders known as high frequency traders (HFT) were having a field day.  The retail public on the other hand using typical online broker dealers like TD Ameritrade, Scottrade, and Interactive Brokers for order entry were slowing to a crawl.  Some couldn’t even log into their accounts.  Orders and fills were delayed up to 10-20 minutes before getting a report.  I wouldn’t be surprised if this login issues was a DDOS attack on them.

Looking at this from a security breach point of view, was this really a typical flash crash or was this an attack on exchanges and online broker dealers from cyber attackers at the user login? The steps involved:

  1. Flash out exchanges via quote stuffing
  2. Disable retail investor login via DDOS attack
  3.  Run wild

Below is a display of the volume from last Friday vs. Monday’s open in the first 10 minutes of trading.  The market began to do massive volume through out the day.  Nanex has some great stats of the quote stuffing and algos going crazy.   As always, we probably won’t hear much from this for awhile.

BotsGoneWild on Wall St

Airbnb Horror Story

airbnb horror story biochronometrics edna

The New York Times put out an interesting article about an Airbnb Horror Story.  This has elements of a Hollywood horror film except it really happened.

Mix Hostel with new tech and we have an Airbnb horror story.  A 19 year old gets traumatized by a transgender Airbnb host with sexual demands and later survives by using reverse psychology.  After the horrific event.  Airbnb is taking better precautions on directly phoning the police when events like this happen.

“We realize we can learn a lot from this incident and we can do better,” Mr. Papas said by email. “We are clarifying our policies so that our team will always contact law enforcement if we are made aware of an emergency situation in progress. Safety is our No. 1 priority, and we want to get our hosts and guests as much help as possible.”

The article then ends with precautions to take when using Airbnb such as:

  1.  Family/friends should have the host address accessible.
  2.  Carry a global phone with emergency number access.
  3.  Study Facebook profiles.

Other than these Mickey Mouse solutions, the host should be completely eliminated off the Airbnb network so this doesn’t happen in the future from the same person.  But, how would Airbnb do this?  For one, the host’s BioChronometrics eDNA can be used to eliminate access to Airbnb sites or it’s mobile apps.

 

Mission Authentication: Rogue Bots

Ethan  walk gait analysis biochronometrics

In the recent movie Mission Impossible: Rogue Nation, the team had to penetrate multiple layers of security to achieve their goal.   Some were recognizable and some were new.

Voice recognition, handwriting, secret phrases, and x-ray gait analysis are new layers emphasized that retina and fingerprint matching are no longer enough. This fact was reiterated in the real world at the Black Hat USA conference in Vegas.

At the Black Hat USA conference, the Apple Touch ID prints were stolen and couldn’t be changed once copied.  Easy to capture, steal, copy, and continue to use without the user having any control, fingerprint biometrics can now be added to the list of easy targets for hackers.

BioChronometrics on the other hand, cannot be hacked or spoofed in any way.  If you are in need of authentication, let me know.  A basic level is seen here on this site at the user login.

HRT OxfordBiochronometrics NoMoreCaptchasWeAreHuman