Here’s an interesting twist on the old Internet Pharmacy scam… we’ve all gotten those emails offering to sell us various pharmaceutical products without the need for a pesky prescription.  Now, I’m assuming that all of the readers of this blog are smart enough to keep their credit cards in their wallets and hit delete.  However, there are apparently enough dimbulbs out there to keep these guys in business.  They order the pills and get… real drugs?  expired drugs?  fake drugs?  Who knows?

Well the scammers have come up with a new way to extract further profits from the stupid… according to a news release from the US FDA, version 2.0 of the scam now comes with a twist.  After taking an order for Rx free drugs, the scammers apparently come back for a second round – they call the purchaser posing as FDA agents or other law enforcement types and threaten the mark with fines, arrest, deportation, property searches and the like.  The “agents” then tell their victims to provide a credit card or wire transfer the money to pay their fines and avoid further trouble.

This is the kind of thing that makes me wish I was unafflicted by a conscience… seems a lot easier than working for a living…

If you get hacked because you clicked on a link about Brittany Murphy shuffling off this mortal coil, you most probably deserved it.    Just saying.

We shall bring the Great Satan to its knees... kill Twitter! Bwah hah hah!

As you know, the entire world was paralyzed a few days ago when Iranian hackers took down Twitter.  Rather than finding out what their friends were having for dinner, people logging in to the web site got a message from one third of the axis of evil which proved that the level of English language instruction in Iranian schools is still better than that of most US public schools.

Now that we have begun the long road of recovery from this truly global tragedy, it is important to see what security lessons we can learn from it.  It seems that the attack was pretty simple – the minions of Khomeini simply logged in to the DNS provider that provides the translation from “www.twitter.com” to the numeric IP address of their servers and instructed the DNS servers to send traffic to their server, which hosted their replacement home page.  The attackers used valid credentials, which were probably filched from a compromised email account or document swiped from Twitter servers.  The lesson here?  Guard those user names and passwords and don’t use the same password for all of your accounts!

I know… passwords are a real pain in the ass and trying to remember a different password for each site is just about impossible.  However, I have found an answer to this issue… LastPass is a web site and browser add in which allows you to store an encrypted copy of your passwords “in the cloud” and which can automagically log you in to web sites via its browser extensions for Firefox, IE, Safari and Chrome.   When you start your browser, you type in one password to decrypt the password files and you are set to go.   You can use 2 factor authentication on untrusted machines to further secure your precious passwords. Check out this series of screencasts for more information on how the system works.

I have been using LastPass for a while now and have found it to be be a breeze to use.  Basic service is free; by paying $12 per year, you can get access to a bunch of premium features, which provide access on mobile devices like the iPhone, Blackberry and Android based phones.

The main question is… are these guys trustworthy?  My research says yes… intercepting the data between my computer and LastPass showed no evidence of funny business – and the vendor even tells you how to conduct your own test in their FAQ.

I’m using LastPass, and I’m prettay, prettay paranoid..

The saddest thing about this story is that as a cat owner, I can half believe the guy.  This is just the kind of thing that *my* cats would do if I didn’t make with the treats.