Tickets for the annual Burning Man festival in the Nevada desert are hot supplies, with over 80,000 people registering for the latest release of 40,000 tickets.
This festival started as the burning of a wooden figure on a beach on the summer solstice in 1986 has currently grown to a yearly event that attracts tens of thousands of people. In the last few years, the event has become increasingly popular among the Silcon Valley set, with attendees with Larry Page, Sergey Brin, Elon Musk, Jeff Bezos and Mark Zuckerberg.
Unfortunately thousands of fans who pre-registered to buy tickets but weren’t able to get through the online queue in time, a flaw in the ticketing website permitted some crafty hackers to hack the system in order to jump to the front of the line.
After tickets for the occasion sold out in an hour last Wednesday, Burning Man acknowledged that some people had cut in front of others unfairly when the online sale opened.
In a blog post the next day, Burning Man said about 200 people broken a backdoor in the ticketing website to get to the front of the queue. It guaranteed genuine ticket buyers that the organization was taking steps to address the problem by canceling the fake ticket purchases.
The good news is that we can track them down, and we’re going to cancel their orders. The tickets from those orders will be made accessible in the OMG Sale in August. Of course, steps are being taken to prevent this from happening again in upcoming sales.
Burning Man organized the online sale as “first come, first served,” with a limit of two tickets per person, and required potential buyers to pre-register to receive an email with a link to access the ticketing site. To manage the online sale of the 40,000 existing tickets for the 2015 festival – at $390 a pop – Burning Man used the ticketing organization Ticketfly.
As reported by Wired, expressive the URL for the waiting room permitted people to purchase tickets ahead of the start of the sale at 12:00 p.m. PST – while everyone else had to wait until the start time and click a button to enter the queue.
The type of fault that let the cheaters generate the waiting room URL is known as an insecure direct object reference, a coding vulnerability that allows an attacker to bypass approval and access resources directly by modifying the value of a parameter.
On Monday, February 16, 2015 EFCC arraigned one Imeh Albert Akpan, director of Commodore Aviation Services before Justice D. K Senchi of the FCT High Court sitting in Apo, Abuja, on a two-count accuse bordering on criminal breach of trust and obtaining by trick.
Akpan allegedly changed the sum of N25 million meant to be used as security for a loan obtained from a new generation bank to individual use.
According to the complainant, the suspect lured him into investing his monies on a project that was not possible. He confirmed that all efforts to recover his money were unsuccessful.
Count one of the charge reads: “that you, Imeh Albert Akpan, being the director of Commodore Aviation Services, a short time in July 2004 dishonestly transformed to your own use the sum of N25 million being proceeds of a Platinum Bank Cheque No. 0093207 that was meant to be used as a security for a loan, issued by Samha Dayekh for and on behalf of Alhaji Bashir Dalhatu and you thereby committed an offence different to Section 311 of the Penal Code Law Cap 532 Laws of the Federation of Nigeria (Abuja) 1990 and punishable under Section 312 of the same Law.”
When the charge was read to the accused, he pleaded not responsible.
In view of his plea, counsel to EFCC, Fatima A. Gwaram urged the court to fix a date for trial to commence. Justice Senchi admitted the accused to bail in the sum of N10m (ten million naira) and two surety in like sum.
The case has been adjourned to April 14, 2015 for hearing.
The Enugu International Airport is another 419 on the Biafran Igbo citizens of Nigeria because there is yet nothing international about the airport. It is an informative note that late President Umaru Yar’Adua was the one who in 2008 approved the upgrading to the International status in line with his administration’s policy that each geopolitical zone will have at least one international airport.
In 2009, the Federal Executive Council approved the N4.13 billion for work on the airport which includes extension, asphalting and marking of the runway. The old runway was extended by 600 meters long and 60 meters width. In 2009, the airport was temporarily closed for work and those wishing to take the route were diverted to Sam Mbakwe Airport Owerri.
The Federal Government had invested $870 million in airport infrastructure, which includes the remodeling of the terminals and other security equipment. If the Federal Government invested N139 billion Naira to upgrade 11 airports around Nigeria and Enugu Airport got only N6 billion budgetary. It is very less budget compare to other airports. And President Jonathan had said that a new international terminal for the Enugu Airport will cost N13 billion Naira.
The question is, has any funds been committed to construct the international terminal. Is there any budgetary allocation for the terminal for the year 2015? The answer is negative. Therefore the Enugu Airport project is a 419.
The Turkish Airlines signed agreement in principle as announced by Vice President Sambo a year ago but fled back to Greece after inspecting the equipments on the ground. If that airport is truly international airlines like Virgin Atlantic Airways, British Airways, Emirates Airlines will play the route, but for now all overtures from certain quarters to tempt these carriers to Enugu have failed unhappily due to what they termed poor quality infrastructure. In January, 2015, no airline from Europe, America, Asia and Middle East have landed or taken off from Enugu International Airport.
The runway and aircraft hangers are always busy whenever there is rainfall and many times passengers have to remove their shoes, fold their trousers to walk up the tarmac for boarding. Many Igbo’s who expected to connect from their different overseas destinations to Enugu were disappointed during the Christmas season of 2014 and will still be disappointed by December 2015 because there is no proper plan to provide the South East an international airport. This Enugu International Airport is a different 419 on the Igbo nation and the airlines have dismissed the international status of the airport as a scam. When the emperors decide to actually give us an l airport the volume of activities, flights and passenger traffic will prove it- what we have is another International airport 419 on the Igbo nation and some fools are still celebrating.
Diminish Pirker, a retired Austrian writer set out for some lost at the end of May not long from now and is assumed dead. Police think he may have submitted suicide in the wake of being hit hard by a Nigerian Spam. Relatives think he may be attempting to find the money.
Diminish Pirker is the previous leader of the ORF local news studio in Carinthia, Austria. The retired writer was clearly reported lost on May 22. As indicated by police there are no intimations to his current whereabouts and he has not been seen since that date. Police have now discharged an announcement to say they accept that Pirker may be dead.
Representative for the police, Roman Hahslinger says that the police accept Pirker may have committed suicide in the wake of losing all his cash in 2013. Pirker obviously succumbed to a Nigerian black money scam, overall known as the “wash” scam, where criminals convince simple exploited people to provide for them cash for chemicals, as far as anyone knows to be utilized to wash cash that has been painted black to maintain a strategic distance from traditions location. In real certainty, the notes are black, certified receipt measured bits of paper and not the genuine thing.
For Pirker’s situation, he obviously traveled to Paris a year ago to watch an exhibition of the alleged “cash cleaning machine,” was persuaded by the con and after that sold his home in Carinthia to have the capacity to send a lot of cash to the offenders in Nigeria. He additionally sold his mother’s apartment in Caritas-Franziskusheim in Klagenfurt – Luise Isabella Pirker had evidently passed away at 94 years old in mid-January. A house on Lake Ossiach was obviously sold to raise cash for the Nigerian Spam.
When Pirker vanished from Vienna, on the day preceding his 70th birthday, he had been proclaimed bankrupt. His relatives conjecture that Pirker may have left to head out to Nigeria to attempt and find what had happened to all his cash.
South Korea is looking to expand a Stuxnet-like virus in order to do just what that earlier cyberweapon did in 2010: attack an enemy’s nuclear facilities. Stuxnet is widely believed to have been formed by the US and Israel to attack Iran’s nuclear facilities.
South Korea’s long-term plan includes developing malware to cripple North Korea’s missile and atomic services, information, along with fortifying its psychological warfare ability to paralyze the origin of a cyberattack.
In spite of those obligations, more than a dozen members of the cyber command’s psychological warfare unit have been under inquiry by military prosecutors for allegedly posting politically charged mail online against the opposition camp and its applicant ahead of the 2012 vote.
At any rate, even if South Korea manages to both generate a cyberweapon on par with Stuxnet and to impose a cone of silence and/or confusion around its own potential whistleblowers, the country might well have to deal with their Stuxnet-like weapon’s Stuxnet-like side effects.
When the engineer cut off his computer and took it home, Stuxnet was let out of its cage, didn’t notice that it wasn’t in an Iranian nuclear facility anymore, and blithely continued to infect SCADA systems, eventually infecting an undetermined amount of computers – estimated to be in the series of tens of thousands of computers around the globe.
Stuxnet was primarily designed to sabotage industrial machinery. Duqu looked to be designed for espionage, mainly information connected to industrial systems – potentially information that could fuel future attacks similar to those of Stuxnet.
In additional words, if South Korea recreates Stuxnet, there’s reason to fear that it could unleash a whole fresh Pandora’s box full of related malware.
UK retailer Tesco has been forced to suspend 2,239 customer accounts after a list of email addresses, passwords and Clubcard voucher balances was posted online.
The list of user information, dumped on a popular text sharing site on Tuesday evening, was at first thought to be fake until some Twitter users started testing username and password combinations, discovering that they did indeed job.
A little number of users also contacted the BBC, via email addresses published as part of the dump, to confirm that their accounts had been suspended.
The security breach does not appear to have come from Tesco’s end though. The supermarket giant said the information must have been compiled by taking user particulars obtained from breaches at other websites – presumably users who had reused email addresses and passwords across multiple accounts.
Though it is not known exactly where the client details came from at this time, you don’t have to look very far to see examples of where the crooks could have got hold of at least some of the data.
In October Adobe admitted that cyber criminals had appropriated account details for 38 million of their customers.
Some Tesco.com users told the BBC that Clubcard vouchers they had earned had been stolen, though the amounts reported were quite small.Tesco announced that it would offer replacement vouchers to all of those affected.
So let this serve as a timely reminder to use different, difficult passwords for every account that you have online. or else, once one is compromised, all of your accounts become vulnerable.
Hacker group NullCrew claims to have broken into Comcast’s servers today, exploiting a vulnerability reported in December 2013, but not patched.Over the weekend of 01 February 2014 the hacker group also claimed credit for performing a SQL injection attack against telecom supplier Bell Canada.
Bell170They were able to access account login and password information for more than 22,000 little industry customers of Bell’s internet service.The attackers allegedly contacted Bell client support two weeks before the disclosure.
The client service representative clearly didn’t understand the gravity, nor did they escalate to someone who did.
From what we can tell the similar thing happened when NullCrew hacked Comcast.It appears that Comcast, the largest internet service provider in the United States, uses Zimbra as an inside communications platform.
NullCrew exploited an unpatched safety vulnerability to gain access to usernames, passwords and other responsive details from Comcast’s location.They posted the purloined data on pastebin and taunted the industry on Twitter.
Sometimes it appears there is nothing we can do to protect ourselves, but in this case I think there is a valuable lesson.NBCComcast170The vulnerability exploited by the attackers was disclosed and set in December 2013. While that isn’t forever ago, it is enough time that it could have been remedied.
None of us can assume that it will take time, particularly 60 days, for criminals to determine they can take benefit of flaws in our programs.We may have had the luxury of waiting 30 or even 120 days in the past, but today we must continue an accurate and up to date inventory of all software that is deployed and patch it immediately.
Facebook. Image courtesy of ShutterstockSocial networking behemoth Facebook revealed last week that it had 757 million every day active users (DAUs) during December 2013, a year-on-year increase of 22%.
New figures from the company’s fourth quarter earnings report show 1.23 billion monthly active users (MAUs) during the similar month, of which 945 million accessed the service through mobile.
According to the company’s own 10-K filing, the answer would seem to be “no” due to the reality that a large number of accounts may, in fact, be false.
While these numbers are based on what we believe to be reasonable estimates of our user support for the applicable period of measurement, there are inherent challenges in measuring usage of our products across big online and mobile populations around the world.
Facebook estimates that between 4.3% and 7.9% of its monthly active users were individuals signing in with more than one account, despite the fact that duplicate accounts are against its terms of service.
A further 0.8 percent to 2.1 percent of monthly users are believed to have been using misclassified accounts, used to represent something other than a real human customer, i.e. accounts created for pets, businesses or organisations.
Some 0.4 to 1.2 percent of accounts are said to be ‘undesirable’ because they have been created to violate Facebook terms of services by, for example, being used to send spam messages or new types of malicious links or content.
Put together, this would suggest that between 5.5% and 11.2% of all accounts on Facebook are either spare, malicious or otherwise ‘fake’.
Based on Facebook’s own figures, this means that anywhere from 67 up to 137 million monthly users are not as they may at initial seem.
Facebook believes there may be some geographical differences in the use of duplicate or false accounts though. Interestingly, it believes that the more developed markets in the US and UK are less prone to ‘fakes’.
Facebook also admitted that due to such restrictions, other figures, such as client age data, may not be entirely accurate.Whether the number of fake accounts is growing or shrinking is hard to say due to the fact that Facebook has now chosen to present a range of variables.
Previously, the company’s first earnings report gave a more precise figure of 8.7%, which equated to 83 million financial records.
The FBI has announced that one of the most important creators of the SpyEye banking malware kit has pled guilty in an Atlanta, Georgia court.
Aleksandr Andreevich Panin, a Russian national, admitted to being one of the main developers and distributors of the banking malware, planned to cooperation PCs and connect them to botnets of equally backdoored systems.
The most important purpose of the hijacks was to harvest banking login details through various methods, and feed data back to its operators. Later versions also targeted Android phones.
Panin’s making formed the basis of a main marketable enterprise, with the malware sold to over 150 consumers through underground cybercrime forums.
These clients then ran their own operations, connecting them infecting upwards of 1.4 million systems and stealing huge amounts of cash from compromised bank accounts – one operator alone is thought to have scooped up over $3 million in just six months, and over 10,000 bank financial records are thought to have been accessed in 2013 alone.
The inquiry hinged on the seizure of a command-and-control server in the Northern District of the US state of Georgia in early 2011. Following this, undercover FBI agents contacted Panin to buy a copy of his malware, reported to be advertising for between $1000 and $8500.
This led to a 23-count indictment being brought in December 2011, top Panin and Bendelladj. Bendelladj was picked up at an airfield in Thailand en route to Algeria, and extradited to the US in May of 2013.
Panin made the mistake of taking a flight between through Atlanta airport, and he was under arrest there in July 2013. His guilty plea was entered on 28 January 2014, and he is scheduled for sentencing in April 2014.
At least four other arrests have been made in link with Panin and SpyEye, in territories as well as the UK and Bulgaria.
The FBI also credit fellow law enforcement agencies in Australia, the Netherlands, the Dominican Republic and Thailand, making for another major universal case showing impressive cooperation across borders.
This success seems to challenge the current gripes of a top UK lawyer, who complained that police don’t make sufficient effort to combat cybercrime and banking fraud.
is dedicated to all the hardworking people who have
been scammed by the spammer or 419 scam frauds. Although
our site concentrates on providing awareness of Nigerian
419 spam (scam), scam baiting, advance fee fraud,
scam phising, also we deal with other types of fraud
such as letter spam, e-mail scam, lottery spam as
well. You can go through our scam baiting tips, it
is just amazing way to deal with the spammer or scammer.