Security – Page 12 – 37'.news ¯\_(ツ)

March 24, 2013

Spammer Alert: the connection between x-celerated.com and 1stinlinehosting.com

A comment from a reader prompted us to revisit an older post on a spammer with domain name 1stinlinehosting.com. It is apparent that the same spammer also operates x-celerated.com. We should have realized that sooner.

The domain name submitted by reader is mlifeprogression.com and whois information shows the mailing address:

1608 S. Ashland Ave
Chicago, Illinois 6O608

The very same address of a mailbox service used by a possibly fictional Tom Slater of x-celerated.com.

mlifeprogression

If you want to fight the spammers back, consider the followings:

Use SpamCop.net services, support them too by donating to them.
Report the known spammer to Federal Trade Commission

We thank our readers for their contributions.

March 22, 2013

Apple ID Password reset site is back online

After taking down iforgot.apple.com following a serious vulnerability found earlier today. The security vulnerability allows Apple ID password to be reset with only email and birthdate. Accounts with two-step verification is not affected by this vulnerability. Apple took down its Apple ID password reset site to address the vulnerability.

Apple rolled out two-step verification for Apple ID on Thursday March 21, 2013.

March 22, 2013

A thing or two to know about two-step verification for Apple ID

On Thursday March 21, 2013 Apple enabled Two-Step Verification for Apple ID.

Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can:

Sign in to My Apple ID to manage your account.

Make an iTunes, App Store, or iBookstore purchase from a new device.

Get Apple ID-related support from Apple.

HT5570_01-icloud-2stepfaq-001-en

In addition to the Frequently asked questions about two-step verification for Apple ID, there are a few things we found:

One phone number can be authenticated to multiple Apple ID two-step verification.
Not all SMS-capable phone number can be used, such as Google Voice number and Skype.
Apple has listed supported carriers for SMS and two-step verification.
When verification code sent to an passcode-protected iOS device, user must unlock the device first before the code to be displayed.
When verification code sent through SMS to a passcode-protected iPhone, the SMS content might be shown depends on the notification setting.
Nexus 4 running Android 4.2.2 Jelly Bean does not display SMS content when it is passcode-protected (including face-unlock and pattern-unlock).

Apple was expected to beef up Apple ID security after the epic hacking of Mat Honan’s Apple ID and Amazon Account.

March 20, 2013

Spammer Alert: x-celerated.com

UPDATE 4:
This spammer also related to wreese2013@hotmail.com.
The first spam reported to us is coming from ldirect.us domain
Definitely related to thegrapekiwi@gmail.com.
The phone number given as administrative contact 1.5037469135 seems to be used a lot for spam domain names.

UPDATE 3:
This spammer is also related to thegrapekiwi@gmail.com which is in the Register of Known Spam Operation (ROKSO).
Source: The Spamhaus Project

UPDATE 2:
Also related with Xcelerate

cherwo.co.uk (Registered on: 21-Mar-2013)

Domain name:
cherwo.co.uk

Registrant:
EvoMedia

Registrant type:
Non-UK Corporation

Registrant’s address:
PO Box 025250 #52990
Miami
FL
33102
United States

Registrar:
eNom, Inc. [Tag = ENOM]
URL: http://www.enom.com

UPDATE:
Based on recent findings, tslater@x-celerated.com spammer is related to admin@sevenquest.com spammer.

We’ve been getting requests to investigate a particular round of spam emails a few weeks ago. The spam seems to be using domain names with the same registration information.

Administrative Contact:
Xcelerate
Tom Slater (tslater@x-celerated.com)
+1.7733288013
Fax: +1.5555555555
1608 S. Ashland Ave
Chicago, IL 60608
US

Partial list of domains registered with email tslater@x-celerated.com through enom.com / namecheap.com:

abovearrange.co.uk (Registered on: 27-Dec-2012)
acceptgrand.com (creation date: 06-mar-2013)
acceptjust.com (creation date: 14-mar-2013)
acceptmatter.com (creation date: 14-mar-2013)
alongsidethrough.co.uk (registered on: 18-Mar-2013)
appledefine.co.uk (Registered on: 27-Dec-2012)
behindbelow.co.uk (registered on 18-Mar-2013)
buyseem.com (creation date: 21-feb-2013)
consideringplus.co.uk (registered on: 18-Mar-2013)
dowould.com (creation date: 15-mar-2013)
fixuntil.com (creation date: 14-mar-2013)
drawnegotiate.co.uk (Registered on: 27-Dec-2012)
eitherthose.co.uk (Registered on: 07-Mar-2013)
excludingdown.co.uk (registered on 18-Mar-2013)
explainlist.com (creation date: 18-mar-2013)
findgive.com (creation date: 14-mar-2013) *BLOCKED DUE TO SPAM*
fixuntil.com (creation date: 14-mar-2013)
insuredegree.net (creation date: 11-mar-2013)
measureease.co.uk (registered on: 16-mar-2013)
mindget.net (creation date: 11-dec-2012)
needwith.com (creation date: 13-mar-2013)
organiseevent.us (Domain Registration Date: Oct-10-2012)
readeach.com (creation date: 15-mar-2013)
sandez.co.uk (registered on: 21-mar-2013)
sellstill.com (creation date: 13-mar-2013) *BLOCKED DUE TO SPAM*
startenough.co.uk ( Registered on: 09-Mar-2013)
studybehind.co.uk (Registered on: 30-Dec-2012)
succeedthe.co.uk (Registered on: 03-Mar-2013)
talkterm.com (creation date: 15-mar-2013)
teachthree.com (creation date: 13-mar-2013)
telloffice.com (creation date: 06-mar-2013)
usealways.co.uk (Registered on: 03-Mar-2013)
userepeat.co.uk (Registered on: 30-Dec-2012)
yourher.co.uk (Registered on: 07-Mar-2013)
returning-home.info (expired)
iseaadapt.com (expired)
actrevise.com (expired)
adaptpoint.com (expired)

The domain x-celerated.com was registered through DreamHost:

Registrant Contact:
x-celerated.com Private Registrant x-celerated.com@proxy.dreamhost.com
A Happy DreamHost Customer
417 Associated Rd #324
Brea, CA 92821
US
+1.7147064182

x-celerated

We informed DreamHost of our findings on x-celerated.com, and we received a reply:

Unfortunately, we provide neither hosting services, nor email services, for any of these domains. The same is true for x-celerated.com, for which we are only the
registrar.

We looked into the address of Xcelerate’s Tom Slater. It is a mailbox service by Earth Class Mail in Chicago.

A Virtual Presence In Chicago
Street and PO Box addresses available:

Street Address
1608 S Ashland Ave.
Chicago, Illinois 60608-2013
Just $14.95 per month in addition to Monthly subscription fees
Will-call pickup not available

PO Box
PO Box 803338
Chicago, IL 60680-3338
Included in your monthly subscription fee

We cross referenced the phone number 773-328-8013 and the addresses from Earth Class Mail. We found a domain using Earth Class Mail service and the phone number 773-328-8013.

Administrative Contact:
TruTech
Mike Young (admin@techtru.com)
+1.7733288013
Fax: +1.7733288013
PO Box 803338
Chicago, IL 60680
US

The domain techtru.com was registered through enom.com / namecheap.com on August 27, 2012.

We called the number 773-328-8013 and we got the automated voicemail:

You’ve been forwarded to the voicemail for *text to speech voice* “xcelerate”.

It seems that Xcelerate is a shell company for the spammer to hide behind.

Spoofing the sender’s email address can be done. In this case Xcelerate / x-celerated.com is highly likely to be involved. Consider the following patterns:

The Domain Names are registered through enom.com / namecheap.com
Each Domain Name is composed of two English dictionary words that seemed to be randomly chosen
Registration info of the Domain Names are the same
The Domain Names are recently registered / created
The voicemail for 773-328-8013 mentions “Xcelerate”

If you would like to fight these spammer, use services like SpamCop.net and report them. SpamCop.net provides free service; we encourage you to subscribe to their service for a nominal fee. After all, they are providing a great service.

——-

Disclaimer:
We use SpamCop.net service.

March 19, 2013

Apple Releases iOS 6.1.3 build 10B329

Apple releases iOS 6.1.3 build 10B329

About iOS 6.1.3 Software Update
This update contains improvements and bug fixes, including:

Fixes a bug that could allow someone to bypass the passcode and access the Phone app

Improvements to Maps in Japan

For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222.

March 19, 2013

SpywareBlaster 5

SpywareBlaster 5 was released on March 1, 2013. Head out to BrightFort.com to download the latest version of SpywareBlaster. I do recommend people to get the Auto Update, for a small fee to support the developer.

Glad to know BrightFort (formerly JavaCoolSoftware) no longer distributes SpywareBlaster through download.com.

SpywareBlaster 5

March 15, 2013

Apple Releases OS X 10.8.3 Build 12D78

Apple released OS X 10.8.3 Build 12D78 on Thursday March 14, 2013. This update also includes Safari 6.0.3 for OS X Mountain Lion.

mountain-lion-hero

OS X Mountain Lion Update v10.8.3 is available through Software Update or Apple Support Download page.

The ability to redeem iTunes gift cards in the Mac App Store using your Mac’s built-in camera

Boot Camp support for installing Windows 8

Boot Camp support for Macs with a 3TB hard drive

A fix for an issue that could cause a file URL to quit apps unexpectedly

A fix for an issue that may cause Logic Pro to become unresponsive when using certain plug-ins

A fix for an issue that may cause audio to stutter on 2011 iMacs

Includes Safari 6.0.3

iMac-late-2012-10.8.3-12D78

In addition to OS X 10.8.3, Apple also releases:

MacBook Pro Retina SMC Update v1.1
Security Update 2013-001 (Lion) Client and Server
Security Update 2013-001 (Snow Leopard) Client and Server
Boot Camp Support Software

Safari-6.0.3-and-Security-Update-2013-001