» Home > 2013 >

Monthly Archives: October 2013

Fake Dropbox password reset

Wednesday, October 23rd, 2013 | Mark Bedford | Comments Off on Fake Dropbox password reset

There are reports of a recent spam campaign that tries to deceive Dropbox users in to resetting their passwords but instead leads to malware. Dropbox, which is a popular cloud storage service who sometimes do in fact reset users’ passwords when they haven’t been changed for a while. They DON’T send an advisory email though, instead at their website they require a password reset before linking a new computer, phone, tablet, or API app on their web site.

The spam has quite a convincing message along the lines of

Hello <user>
We have a warning in our system that you recently tried to login in to Dropbox with a password that you haven;t changed long time already. Your old password has expired and you’ll need to create a new one to log in.

Please visit the page to update your password

Clicking on the link takes the user to a suspicious looking page hosted in the .ru (Russian domain) that tries to pass itself off as a Microsoft site with several downloads for non Microsoft browsers. All very suspicious.

So if you had followed our tips on how to detect phishing emails you would have caught on to their ruse and saved yourself some grief.

Patching Java

Monday, October 21st, 2013 | Mark Bedford | Comments Off on Patching Java

Oracle have settled on a quarterly patch period for not only their database products but also Java. I have yet to decide if this is good or bad as I really would like to see a shorter update period to reduce to time that the unpatched vulnerability exists in the wild. The release notes are here for 7u45

The schedule is
14 January 2014
15 April 2014
15 July 2014
14 October 2014