SSL and internet security news

pornography

Auto Added by WPeMatico

Reasonably Clever Extortion E-mail Based on Password Theft

Imagine you’ve gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it’s for isn’t very valuable. How do you use it? You convince the owners of the password to send you money.

I recently saw a spam e-mail that ties the password to a porn site. The e-mail title contains the password, which is sure to get the recipient’s attention.

I do know, yhhaabor, is your password. You may not know me and you’re most likely thinking why you’re getting this email, right?

actually, I actually setup a malware on the adult video clips (pornographic material) web site and you know what, you visited this web site to have fun (you know what I mean). While you were watching videos, your web browser began operating as a RDP (Remote Desktop) having a key logger which provided me accessibility to your display and web camera. after that, my software obtained your entire contacts from your Messenger, social networks, and email.

What exactly did I do?

I created a double-screen video. First part shows the video you were viewing (you’ve got a fine taste ; )), and 2nd part displays the recording of your webcam.

What should you do?

Well, I believe, $2900 is a reasonable price for our little secret. You will make the payment through Bitcoin (if you don’t know this, search “how to buy bitcoin” in Google).

This is clever. The valid password establishes legitimacy. There’s a decent chance the recipient has visited porn sites, and maybe set up an account for which they can’t remember the password. The RDP attack is plausible, as is turning on the camera and downloading the contacts file.

Of course, it all fails because there isn’t enough detail. If the attacker actually did all of this, they would include the name of the porn site and attached the video file.

But it’s a clever attack, and one I have not seen before. If the attacker asked for an order of magnitude less money, I think they would make more.

EDITED TO ADD: Brian Krebs has written about this, too.

Powered by WPeMatico

Facebook Fingerprinting Photos to Prevent Revenge Porn

This is a pilot project in Australia:

Individuals who have shared intimate, nude or sexual images with partners and are worried that the partner (or ex-partner) might distribute them without their consent can use Messenger to send the images to be “hashed.” This means that the company converts the image into a unique digital fingerprint that can be used to identify and block any attempts to re-upload that same image.

I’m not sure I like this. It doesn’t prevent revenge porn in general; it only prevents the same photos being uploaded to Facebook in particular. And it requires the person to send Facebook copies of all their intimate photos.

Facebook will store these images for a short period of time before deleting them to ensure it is enforcing the policy correctly, the company said.

At least there’s that.

More articles.

EDITED TO ADD: It’s getting worse:

According to a Facebook spokesperson, Facebook workers will have to review full, uncensored versions of nude images first, volunteered by the user, to determine if malicious posts by other users qualify as revenge porn.

Powered by WPeMatico

Technology to Out Sex Workers

Two related stories:

PornHub is using machine learning algorithms to identify actors in different videos, so as to better index them. People are worried that it can really identify them, by linking their stage names to their real names.

Facebook somehow managed to link a sex worker’s clients under her fake name to her real profile.

Sometimes people have legitimate reasons for having two identities. That is becoming harder and harder.

Powered by WPeMatico