Deepfakes have been around now for a while but it seems that people are still failing to understand how easy and fast it is to fake any kind of information. This is just a quick summary and a reminder that e.g. screenshots of people’s tweets should not qualify for a newspaper neither screenshots about SMSes or emails for evidence in court.
Continue reading “What can be faked, anyway? Mostly anything”How to scam 26 thousand people with “LEAF Healthcare” face masks that don’t exists
Well, this is surprisingly easy to do with simple marketing and photo-manipulation, and then you’ll have about 4.4M USD out of which 3.3M USD is currently frozen by the Indiegogo crowdfunding platform, which is still quite a lot of money. The point is, that with simple fact checking a lot of this damage could’ve been avoided, and many future legal processes.
Continue reading “How to scam 26 thousand people with “LEAF Healthcare” face masks that don’t exists”Using TOR browser to investigate geofenced phishing sites
Geofenced, country-specific phishing websites are becoming more common which makes investigating those websites harder, especially when the investigator has no direct access to files or the server where the website is located.
Continue reading “Using TOR browser to investigate geofenced phishing sites”5 different ways to counter Cloudflare DDoS protection
Cloudflare is a company known very much for its great DDoS protection services which are able to mitigate great attacks against online services, technically by providing such service with a reverse proxy technique which also hides the IP address of the server behind the reverse proxy.
In this post, I’ll describe some of the most common pitfalls end-users of this service face. Hopefully, this information helps some OSINT researchers, journalists, and sysadmins to secure their websites.
Continue reading “5 different ways to counter Cloudflare DDoS protection”Finnish Institute for Health and Welfare (THL) shares your COVID-19 letter complaints with an insecure direct marketing company
Finnish Institute for Health and Welfare (THL) has asked SSM Suomen Suoramainonta to deliver a letter about the best practices against the COVID-19. However if you never received such a letter like I didn’t, you could’ve complained about it in the address provided by THL in their own blog post. Unfortunately I think I’m going to pass this one. This is mainly because of 3 reasons.
Continue reading “Finnish Institute for Health and Welfare (THL) shares your COVID-19 letter complaints with an insecure direct marketing company”Geolocating SSIDs and why you should not share funny WIFI names around your place
…because it’s really easy to find your location just based on your funny screenshot. Let’s see how and with code samples. To do this, we’re using the wonderful, open wardriving database WiGLE.
Continue reading “Geolocating SSIDs and why you should not share funny WIFI names around your place”Let’s review app security: FinPandem – Crowdsourced COVID-19 heatmap
At the moment of writing this post it has been ~9 hours since FinPandem released a demo video of their product, apparently developed by Tarento (Indian, Finnish and Swedish company, who knows where the app is developed ) and Coredo.
Continue reading “Let’s review app security: FinPandem – Crowdsourced COVID-19 heatmap”Microsoft’s fight for junk mail is a privacy risk
I was trying to see if I comply with Microsoft email sending policies today. Apparently I’m doing perfectly fine according to the 5 points containing list, but the 5th option is a little concerning.
Continue reading “Microsoft’s fight for junk mail is a privacy risk”Abuse potential of some vending machine mobile payments in Finland
Mobile payments based on SIM card information + the IP address of the user have been used in Finland a few years, but some of the implementations don’t look so good.
Continue reading “Abuse potential of some vending machine mobile payments in Finland”Automating domain drop catching with Python
Has someone ever ‘taken’ your expired domain or has someone forgot to renew it ever, and then somone ‘took’ it? Unless you’re a celebrity or you’ve very strong trademark product, chances are that either you’ve to pay a large sum of money to the current owner of the domain, or wait for the domain to expire.
Continue reading “Automating domain drop catching with Python”