Author: Olly

  • Your online footprint

    This post is going to probably be quite contradictory, as I have posted online about my life for the last 15 years, but ya know…

    Be careful what you post online.

    I know that’s an obvious statement really, but I am blown away daily at how blind some people seem to be in regards to their online privacy. Posting about their every movement, checking-in to every place they visit and generally documenting their entire existence to the public. If you remove the internet from the mix and just wandered about phoning your mates up saying “Hey I just walked into the doctors” and then 30 mins later rang the same mate up and ask them for their opinions about your recent visit to the doctors – you would soon lose friends and get locked in the looney bin. Yet add the internet back into the mix and this is now considered perfectly normal behaviour.

    We all start off life way more trusting than we should be, when we are younger we go through life without thinking about privacy and what people may be able to find out about us online when we’re older – I mean you’ve only got to look in the press to see how an individuals online past can destroy their future. James Gunn is a recent victim of this, and a day doesn’t go by where at least one news outlet is dragging up old Tweets from Donald Trump’s past.

    So what should you do to keep yourself safe?

    Thankfully, most social networks now have half decent privacy controls, mainly due to how much this has all been in the news – but regardless of that, most of them make it fairly easy to review and modify your settings, so follow the steps below and hopefully they will help you stay on top of your online privacy.

    1. Don’t sign up to every social network in the world. Many people have an account on everything, and this is a very easy way to forget what you have and leave huge piles of sensitive data littered all over the internet. If you stop using something, close your account.
    2. Don’t allow anyone and everyone to connect to you. With Facebook you can set it so only friends fo friends can find and add you. Twitter lets you lock down your profile and other networks have similar controls. Be mindful of how you have these settings configured.
    3. Continually review your settings. Make a point of going in once a month to check your settings, as app updates, policy changes and reinstallation of certain apps can wipe these settings and before you realise it, every post you make is publicly searchable again.
    4. THINK before you POST. Why are you posting that image? What is the actual reason? Does the world need to know you visit Costa coffee every morning at 8:37am? The answer is probably “I dunno” or “No”.
    5. Try and think ahead. Some of the stuff Ben Bradley MP posted about may years ago came to bite him on the ass recently, also as I stated earlier – many people are constantly in the news due to things they said a lifetime ago – so when you’re posting your next status update, think “Will this come back to haunt me?” and if the answer is “Yes” or “Maybe” – then walk away from the computer.

    To conclude, dont be a dingbat & think before you post.

    Konichiwa.

    PS I posted this article using Gutenburg, I only actually posted this so I could try it out but I think the article came out ok anyway ๐Ÿ™‚

    PPS Gutenburg is pretty cool ๐Ÿ™‚

  • WHOIS GDPR – What is going off?

    Urgh. Another GDPR post I hear you cry?

    Well this one is specifically about WHOIS information changes since GDPR came into force.

    (Note: If you’re unsure what GDPR is then go here)

    So in a nutshell, GDPR has been brought in to protect an individual’s right to data privacy. No longer can we be auto opted into newsletters and stuff. Sounds decent and for an individual, its a great move.

    HOWEVER GDPR only applies to B2C – NOT B2B.

    That means that if you sell to the public, then you need to adhere to GDPR.ย If you sell to other businesses then it doesn’t really change anything.

    You can imagine my surprise when I did a whois lookup and saw this;

    The Data Validation aspect of these reports is new, and its replaced the section that used to list our company details. Useful info if you are trying to find who owns a domain name.

    But, it seems since GDPR NOminet have taken the decision to remove all registrant info from the whois – just in case! This was confirmed by a Nominet employee to me today;

    Thank you for your email. You are correct that you used to be able to hide you details on the WHOIS if the domain name was not being used for commercial purposes, however this option was based on the use of the domain name and not the registrant name itself. With the introduction of GDPR, the decision was made to redact all the registrant data from the WHOIS. This decision was made to redact all details in the first instance to avoid any individual names being disclosed in error. There can be cases where individual's names are incorrectly classified as companies and vice-versa. With this in mind, the same policy was applied across all .uk domain names, irrespective of the registrant type. This policy was taken to consultation in advance of being implemented. It is still possible for all registrants to opt-in to the WHOIS database to display their details if they would like to do so, it is just that we are no longer publishing these details without their explicit consent. This policy may be reviewed periodically going forward. If you need anything further, please do contact us on +44 (0) 1865 332233, or by email at support@nominet.uk.

    Hmmm..

    So “just in case” someone registered a domain wrong, you removed this extremely important and useful piece of info from every UK Whois?

    So now domain squatters are actually protected?

    What do you think of this move from Nominet? Do you feel this gives squatters an advantage?

     

  • Email Phishing Scam – uk-c.co – Very sneaky!

    Despite me going back to normal style blogging, I can’t help still being interested in attempted internet scams.

    A customer at work has asked me for help as they spotted a phishing scam that used their domain name, and upon closer inspection I spotted something I had not seen before. Perhaps this scammers undoing!

    I have changed the domain name to safeguard my customer.

    The emails read like this;

    Subject: Settle up this payment
    Date: Mon, 21 May 2018 13:14:53 +0200
    From: Kevin Playwright <kevin@playwright.me.uk>
    Reply-To: Kevin Playwright <kevin@playwright.me.uk-c.co>
    To: accounts@playwright.me.uk

    I need you to process a faster payment for a new beneficiary, payee details attached.

    I will send the documents once i’ll be at my desk.
    Leave a reply once completed or in case you get any problem while setting it up.

    Regards,
    Kevin Playwright.

    Sent from my iPhone

    The email is flawed in a few ways, firstly there is no-one called Kevin in this organisation, and secondly, there is certainly no-one called Kevin who carries the surname which happens to be the same name as the organisation Kevin is supposed to be part of.

    The next point which my customer didnt notice, was the reply-to address. As regular readers of my scam blogs will know, this is one of the first things I check as this often leads straight back to the crook!

    Usually, if the reply-to address isn’t the same as the send address (IE email account fully hacked) then it will be completely different – but in this case it was a hybrid!

    Let’s take a closer look at those email addresses.

    kevin@playwright.me.uk <- Sending address
    kevin@playwright.me.uk-c.co <- Reply-to address

    Notice the bit at the end of the reply to address?

    If we reverse that to make a domain name, the extension is .co and the bit before that, before the next dot is uk-c – which means that this email address is fake, but has been created to fool you into thinking you are replying to the original sender.

    Their domain is: http://uk-c.co

    If you visit it, you spot that its a mail server;

    They can apply this scam to any UK email address;

    test@domain.co.uk-c.co

    It would be so easy to miss.

    Be careful peeps, if something doesn’t feel right STOP and pick up the phone. Call the person who emailed you, call your IT mate, comment on one of my blogs – just dont brush it off as nothing.

    Stay safe peeps.

    PS I’ve reported them to ICANN hopefully they have their domain taken off them.

  • The Tim Westwood Challenge

    Ok, so since re-hosting the Original Tim Westwood Soundboard, we’ve been onย  a bit of a Westwood ting!

    DJB found every westwood album ever, hosted on his very own soundcloud (what a legend!) so we have started from the top and are working our way through every single Tim Westwood album since 2001.

    Heavy hit, after heavy hit.