Monday, December 4, 2017

Apple Phishing Email - Receipt for your payment

For the record, this is an Apple phishing email attempt that is recently going around. What to do?  Report them, goto bottom of page.


From : Apple Inc. <appleid-suspicious@notification.accountsupportactivity-suspicious-youremail-access-account-locked13043043434webappsemailmail.account.live.mail.com>

SubjectReceipt for your payment.
       
         
         
          Thanks for your purchase


Invoice: #73822

Dear Customer,

Your credit/debit card has been successfully charged. Your order will now go to credit approval for fraud screening.

Order #: 
73822
Status #: 
Confirmed
Product #: 
Pokémon GO, 5201 PokéCoins
Order Date #: 
12/4/2017 9:12 AM
Order Total #: 
$73.91


Having second thoughts? You're free to cancel your order instead (Cancel Order)

Cancel Order points to evil link....(stripping away outlook safelink wrapper)
http://ow.ly/zorB30gZHK3
Sincerely,
iCloud Customer Service

Note: This email will serve as an official receipt for this payment.

 
You can update your email address or cancel order at anytime. Simply log in to our website.

To ensure delivery of our emails to your inbox, please add eService@online.apple.com to your address book.

Please do not reply to this email. If you have questions, please log in and use the secure email function located in the Contact Us section of the website.

Privacy Policy | Security Statement


How to tell this is a Phishing email ?


  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the apple.com site then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Report phishing emails to Apple 

Forward the email to abuse@icloud.com. This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.
Posted by metadataconsulting (profile) at 12:00 PM 0 comments

Thursday, November 30, 2017

HTML1412: Malformed comment. Comments should start with


If you getting the following error in IE

HTML1412: Malformed comment. Comments should start with "<!-- "

from https://msdn.microsoft.com/en-us/library/mt744327

Here is the cause


<input id="MtpsDevice" type="hidden" value="Default" />
<![CDATA[ Third party scripts and code linked to or referenced from this website are licensed to you by the parties that own such code, not by Microsoft.  See ASP.NET Ajax CDN Terms of Use – http://www.asp.net/ajaxlibrary/CDN.ashx. ]]>

Here's the solution


<input id="MtpsDevice" type="hidden" value="Default" />
<!--[CDATA[ Third party scripts and code linked to or referenced from this website are licensed to you by the parties that own such code, not by Microsoft.  See ASP.NET Ajax CDN Terms of Use – http://www.asp.net/ajaxlibrary/CDN.ashx. ]]-->

Posted by metadataconsulting (profile) at 6:00 AM 0 comments

Wednesday, November 29, 2017

How to fix logging into Mac as root with no password



























Apple, this is Windows 95 bad 

 A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password.

 The security bug can be triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings.

 If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen, too.

 From http://www.theregister.co.uk/2017/11/28/root_access_bypass_macos_high_sierra/

So Mac heads don't lend your computer to anyone until you fix this.


 How the bug works!

 Step 1 | Open the macOS system preferences window
Step 2 | Go to Users & Groups
Step 3 | Click the lock icon in the bottom-left corner of the window
Step 4 | Type "root" in the username field
Step 5 | Place the cursor in the password field

Step 6 | Press the Unlock button repeatedly until the user is created and you get in
How to Fix it!

CHANGING ROOT PASSWORD ON MACOS HIGH SIERRA

Step 1 | Launch System Preferences
Step 2 | Select Users & Groups
Step 3 | Select Login Options
Step 4 | Select Join next to Network Account Server
Step 5 | Select Open Directory Utility
Step 6 | Click the lock and enter your password to make changes
Step 7 | In the menu bar of Directory Utility, select Change Root Password
Step 8 | Create a strong, unique password


Posted by metadataconsulting (profile) at 6:00 AM 0 comments
Subscribe to: Posts (Atom)