This Week In Security: Your Car’s Extended Warranty, Seizing The Fediverse, And Arm MTE

If you’ve answered as many spam calls as I have, you probably hear the warranty scam robocall in your sleep: “We’ve been trying to reach you about your car’s extended warranty.” That particular robocalling operation is about to run out of quarters, as the FCC has announced a nearly $300 million fine levied against that particular operation. The scammers had a list of 500 million phone numbers, and made over five billion calls in three months. Multiple laws were violated, including some really scummy behavior like spoofing employer caller ID, to try to convince people to pick up the call.

Now, that record-setting fine probably isn’t ever going to get paid. The group of companies on the hook for the amount don’t really exist in a meaningful way. The individuals behind the scams are Roy Cox and Aaron Jones, who have already been fined significant amounts and been banned from making telemarketing calls. Neither of those measures put an end to the problem, but going after Avid Telecom, the company that was providing telephone service, did finally put the scheme down.

Mastodon Data Scooped

There are some gotchas to Mastodon. Direct Messages aren’t end-to-end encrypted, your posts are publicly viewable, and if your server operator gets raided by law enforcement, your data gets caught up in the seizure.

The background here is the administrator of the server in question had an unrelated legal issue, and was raided by FBI agents while working on an issue with the Mastodon instance. As a result, when agents seized electronics as evidence, a database backup of the instance was grabbed too. While Mastodon posts are obviously public by design, there is some non-public data to be lost. IP addresses aren’t exactly out of reach of law enforcement, it’s still a bit of personal information that many of us like to avoid publishing. Then there’s hashed passwords. While it’s better than plaintext passwords, having your password hash out there just waiting to be brute-forced is a bit disheartening. But the one that really hurts is that Mastodon doesn’t have end-to-end encryption for private messages. Continue reading “This Week In Security: Your Car’s Extended Warranty, Seizing The Fediverse, And Arm MTE”

Hello, And Please Don’t Hang Up: The Scourge Of Robocalls

Over the last few months, I’ve noticed extra calls coming in from local numbers, and if you live in the US, I suspect maybe you have too. These calls are either just dead air, or recordings that start with “Please don’t hang up.” Out of curiosity, I’ve called back on the number the call claims to be from. Each time, the message is that this number has been disconnected and is no longer in service. This sounds like the plot of a budget horror movie, how am I being called from a disconnected number? Rather than a phantom in the wires, this is robocalling, combined with caller ID spoofing.

Continue reading “Hello, And Please Don’t Hang Up: The Scourge Of Robocalls”

Find A Way To Stop Robocalls To Grab This $50k Prize

Here’s a challenge tailored to our community if we’ve ever seen one. You know those delightful unsolicited prerecorded calls you get from time to time? They might be political, but they also come from companies trying to sell you vinyl siding, or promising improvements in your business. Well they’re against the law in many cases, and complaints to the Federal Trade Commission have been piling up. So now the FTC is offering a $50,000 bounty to anyone who can find a way to block the calls.

It’s called the Robocall Challenge and you’ve got until January 17th, 2013 to get your entry submitted. The great thing is, this doesn’t need to be a fully working solution. Your entry may be: “proposed technical solutions or functional solutions and proofs of concept “. Even better, you retain ownership of the solution even if you win. This type of recognition will surely have telco related companies beating a path to your door.

Of course if you do have a solution, we’d love to hear about it¬†too!

[Thanks Filespace via WCPO]