The Ultimate Ethical Hacking Boot Camp

The Ultimate Ethical Hacking Boot Camp

World famous cyber security expert, ethical hacker, author and former U.S. Marine, Bryan Seely. Seely is known for intercepting calls to the United States Secret Service and FBI by hacking Google Maps in early 2014, but rather than spending time in prison he was called a hero and moved on to bigger and better things. A few months later, he found an exploit in LinkedIn and helped the company resolve it.

Learn Ethical Hacking from a world famous Ethical Hacker who has professional endorsements from people like Mark Cuban Billionaire tech entrepreneur, Star of Shark Tank, and the legendary cybersecurity expert John McAfee.

Seely “thinks entirely out of the box, and has consistently looked to leverage his skills for the good of society,” McAfee said in a statement.

This course is jam packed with content and will take an absolute beginner in cybersecurity & ethical hacking from zero to being able to actually hack wireless routers, crack passwords, and understand the reasons why those things work. You will be getting live video demonstrations, lectures, and in some video’s ill be on camera explaining something.

We talk about the process of hacking, from gathering information in the Recon phase to more involved looks at our targets in the scanning phase. Enumeration and System hacking bring the basic “hacking process” to a close, but that is not the end of things, far from it.

Many of today’s large hacks and data breaches that you see all over the news are the result of very clever & persistent social engineers. Social Engineers figure out that you can’t always hack the machines, and sometimes it’s much easier to hack the unsuspecting person using the machine. Learn valuable skills in conducting Social Engineering Penetration Tests as well as how to protect against social engineering attacks.

You are going to enjoy the demos in the course as they will walk you through the whole process and not just the highlights. You can follow along with every single demo and make them into practice courses for yourself.

in just a few hours, you will already be figuring out new ways to use the software tools and tricks I have shown you and come up with new things to try. It is kind of addicting once you get into it.

I can’t promise a prestigious job right out of the gate, but I can promise you that you will learn way more in this course than you thought was possible, and you will want to learn even more.

Get rid of the mystery and learn what real hackers know. If you are excited at the idea of being an ethical hacker, then there is no better place to start than right here.

Did Uber Just Make a Huge Mistake?

Did Uber Just Make a Huge Mistake?

A couple of months ago it was reported that Uber Technologies Inc. acquired a portion of Microsoft Corp.’s Bing mapping unit. What they acquired was about 100 Microsoft employees (they offered them jobs) from the image acquisition, data analysis and processing departments, as well as a data center in Colorado, cameras, software and certain pieces of intellectual property.

What I found to be a bit concerning was that these engineers and the other things that Microsoft ended up selling were responsible for producing Bing Maps. Actually its more than just a little bit concerning. Based on my research, I believe that Bing Maps is a dangerous product for consumers and that it should not be used at all. If Uber bought more than just some of the infrastructure and people from Bing maps, then the products and services that Uber offers in the future might have seriously negative consequences for consumers and ultimately taint the reputation of one of Silicon Valley’s most promising companies.

Bing Maps, like Google & Apple, provide an online map which allows users to get driving directions, look at satellite and street images of houses and landscape as well as look up destinations and businesses throughout the world.  Anyone can give driving directions, but most companies have struggled to figure out how to properly integrate the phone book with an online map product.  What Bing has completely neglected is the verification of the data that they publish and that means that consumers are at a huge risk of being the victims of fraud, not to mention that legitimate small business owners lose revenue due to competing with SEO experts, scammers and criminals.

Feel free to replicate my results if you choose. I am going to run a simple search for a few businesses on Bing Maps (http://www.bing.com/maps/)

I typed in:  locksmith seattle.  The results on the left hand side should represent the most relevant businesses based on that search.  Google, Bing and other search engines guard their ranking methods very carefully, but typically it has to do with keywords, geographic location and user reputation (reviews etc).

Here is a screenshot of what I found for Seattle.

 

I checked these top 10 results against the Washington State Business License website and found that out of the 10 results, only two of these ten are real companies. If you look at the results it’s kind of obvious isn’t it?  The top result is literally the word “Locksmith.”  Have fun trying to trademark that business name.  If you go down the list, the first company that was even a “maybe” was result number 5 “Emergency Locksmith”.

If you type in that trade name into the search results you get 8 possible results with the keywords emergency & locksmith.  Except the fact that 7 of them are expired, and none of which are located in Seattle. The one that is not expired is owned by someone out of state with a very long list of other trade names that suggest he has many listings like these with multiple names to dupe consumers and give the illusion of choice.

Here is another result that I found interesting.  There is a business called “Locksmith Locksmith” in Seattle, and it has the same phone number as “Emergency Locksmith” which is just below it in the search results. This is a pretty tell tale sign that someone is submitting multiple business names to manipulate the rankings as well as Bing not having suitable validation or verification methods.

Could these 8 fake results be the work of the most unimaginative small business owners on earth?  Unfortunately that is not the case. These are “fake” business locations, designed to rank highly on the search engines that will then bring in more calls to the locksmiths that end up answering the phones.  Some of these organizations are just a few people, others are entire criminal organizations that make quite a lot of money.

I ended up writing a book (Cyber Fraud: The Web of Lies) about this entire subject that was available on Amazon for about a month. I am making some edits to the book and hopefully re-releasing it later this year.

When you call the number of one of these comapnies, you get connected to a representative or service provider who then comes to your house or car or office to assist with your lock related problem. Simple transaction.  The problem is that guy (or gal) is typically not licensed or bonded or insured or even paying taxes.  Many times they scam their “customers” with bait & switch scams promising 15$ service fees and then charging customers 200$ or more. Here is an undercover video by Jeff Rossen of the Today Show that exposes locksmith scammers. Other times they rob customers with duplicate keys they made for them.

These 8 fake companies might just forward to the same company who found a way  to dominate the search results.  The might forward to 8 individual scammers. Who knows.  I don’t have the time to call each one and have them show up, and even if they did, I doubt they will take very kindly to me asking for ID or conducting an investigation.  I also don’t have time to try and flag all of these locations as spam because seo experts and the criminals who hire them put them up faster than one person can remove them.

If you are wondering about other cities or business types, the bad news is that this is very widespread.  I recently looked at the top ten results for Locksmiths, Plumbers, Garage Door Installers, Moving Companies, Air Conditioning Repair, and even Bail bonds and found that they are all just as bad. Also,  I checked the results in San Diego, Seattle, Los Angeles, Houston, Dallas, New York City, Miami and found that they are all just as bad.   There are many more categories that these criminals manipulate, and its not just confined to these cities.

Do you feel safe knowing that the search results on Bing Maps are this unreliable?  

Are you willing to take the gamble on 1 or more of these companies hoping that they don’t scam you?  They are being dishonest from the very beginning so I don’t see why they would stop anytime soon.

Worst of all, it’s not just confined to Bing. I think every mapping website deals with these scammers in some degree, and based on my research over the last year, Yelp seems to have the least amount of spam / fake business data but that doesn’t mean its not there either.  WhitePages.com, SuperPages.com and Bing Maps are the absolute worst based on the evidence I have seen and it is my recommendation that consumers stay far away from these websites.  The people you call or meet via these sites are not hardworking small business owners. These are criminals and scammers, and I can say that with a very high degree of certainty.

The reason I know  is because I used to work for one of these scammers. You can read more in an article that was just written by Drew Atkins for the Seattle Business Magazine titled “This Hacker Wears a White Hat”.  At one point my boss had a network of over 3000 fake auto glass companies that were listed on Google Maps, Apple Maps, Bing, CitySearch, Whitepages and more. Many of them are still there. Many of which with fake reviews and a lot of them dominate the search results. As the article mentioned me saying, my old boss just broke $10 million a year in revenue that is all sourced through these methods.

I am not proud of my past. But I can use that knowledge to try and fix the problem. I would love nothing more than to work for a company and get paid to track down these criminals every single day. I would love that as much as Kanye West loves Kanye West.

When I heard that Uber was buying Bing Map’s assets, it made me wonder what they actually ended up buying. Are they buying the business data as well? The verification process? The backend setup?  We don’t really know.  I really hope not.

We do know that Uber probably has some cool products in the works, seeing that they are planning on buying self driving cars in the future and in all likelihood will be competing with Amazon by offering a delivery service at some point.  What happens when they start including these illegal and fraudulent results in their product offerings?  I have loved Uber from the first second I downloaded the app, and think that they do a lot of things that other companies should emulate. I just hope that they didn’t acquire Bing’s business data, because it would be easier to start from scratch than to try and sort the wheat from the chaff.

If you have any questions about anything in this article, feel free to reach out to me on Linkedin or  Twitter or email 

Cyber Fraud: The Web of Lies

Cyber Fraud: The Web of Lies

In my new book, Cyber Fraud:  The Web of Lies, I expose the massive but poorly understood problem of Internet fraud.  Specifically, fraudulent companies that cheat customers and steal business from legitimate entities through various dirty tricks.  I know these tricks because I used to work for a company that made millions per year in one industry alone:  auto glass repair.

One of the key components that scammers use to climb the search result rankings is fake reviews.  Though every search engine’s algorithm varies, each places a high premium on positive reviews, and uses fake negative reviews to denigrate the competition.  The result is that a fake company that knows what it’s doing can rise to the top of local search results in a matter of hours.

When I released the book a couple weeks ago, I had no idea what the reaction would be.  So imagine my overwhelming surprise when the rave reviews for Cyber Fraud:  The Web of Lies starting pouring in on my website, www.seelysecurity.com.

Great reviews can make or break a business, and the book business is no different. Here now is just a smattering of the feedback I’ve gotten on the book from some amazing sources.  It’s completely and utterly unbelievable.

See what all the fuss is about.  Order Cyber Fraud:  The Web of Lies today.

 

 

 

 

 

The Mother of All Android Hacks

The Mother of All Android Hacks

Users of the popular Android operating system are all vulnerable to “the mother of all Android vulnerabilities” in which a simple text message can give hackers complete control of your phone.

The worst part, is that you don’t necessarily need to open the text message for the hackers to gain control of your device. This flaw was uncovered by security firm Zimperium, and the text message contains a video file. In the code for the video file is a string of malicious code that then activates once received. You don’t even have to watch the video to have your phone taken over.

Long story short is that if hackers send out this malicious code to every Android phone right now, they could gain access to your phone.

Zimperium has stated that the flaw has not been exploited by hackers, yet.

Google has been notified has is working on a fix. The amount of devices affected is astronomical. This bug affects any device running Android in the last five years, according to Zimperium.  In 2015 alone, more than 1.1 billion devices will be shipped, according to industry analysts IDC.

If you have an Android device, update it now!

This is quite similar to the recent iPhone text message hacking story from a few weeks ago.

Change your Skype Password Now! Like right now.

Change your Skype Password Now! Like right now.

Users all over the internet are reporting that their accounts are experiencing some weird behavior. Apparently Skype accounts have been getting “spoofed” and Microsoft is recommending that all users change their passwords ASAP. Here is the link to the Skype Forum 

Instead of a hard to remember password, you should use a passphrase. 
For example:  Mycatdoesnotenjoyplayingthebongos!2015.
The first reports were posted in skype / microsoft help forums. Others confirmed that their accounts also sent such messages all by themselves.
“My account sent out the same message OP describes. The message was sent at 2345 UTC on 01-07-2015 to all contacts. As a precaution, I changed my Skype password on a different machine. I also checked whether anything strange was accessing the API, but this did not appear to be the case,” one user explained 3 weeks ago. Source
 Microsoft is fully investigating and the only advice or recommended action right now is to change your password.
So go change your password right now.
Why are you still reading this.
Seriously.
Hackers Threaten to Expose 40 million Members of Ashley Madison

Hackers Threaten to Expose 40 million Members of Ashley Madison

AshleyMadison is the most recent victim of hackers as Brian Krebs of Krebsonsecurity.com has reported late last night.

The hackers identified themselves as “The Impact Team” and posted a small sample of the data that they stole from AshleyMadison’s parent company, Avid Life Media.  Avid Life Media also owns “Cougar Life” & “Established Men.” The Impact Team also demanded the permanent takedown of AshleyMadison & Established Men with the penalty for non-compliance being the full release of names, addresses, and sexual fantasies of all 37+ million users.

The reason that Impact Team seems to be upset is over AshleyMadison’s “Full Delete” feature which is supposed to erase all traces of a users profile from their servers. The service costs $19, and according to the hackers, does not do what it promises. AshleyMadison apparently raked in $1.7 million in revenue in 2014, which is a lot of money for a service that does not do what it is stating to do.

The hackers were pretty clear about all of this by saying:

“Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the hackers continued. “Too bad for ALM, you promised secrecy but didn’t deliver. We’ve got the complete set of profiles in our DB dumps, and we’ll release them soon if Ashley Madison stays online. And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.”

If the Impact Team does in fact have all member / employee data from AshleyMadison, then the ball seems to be in their court and AshleyMadison is going to have one hell of a time trying to stay online. Imagine the famous / powerful people that might be members of this website that are going to be very nervous about the release of their private information, let alone confirmation of membership on the website.  Depending on how powerful they are, there might be a lot of back-channel pressure upon AshleyMadison’s leadership.

There are a couple things I know for sure.
1. I would not want to be the leadership of AshleyMadison right now. Also, I would never want to be in a leadership position at a website like this. Their sole purpose is to facilitate cheating on your spouse.

2. Being a member of this site sounded like a bad idea when the commercials first started airing a few years ago. Now that is 100% confirmed to be a bad idea.

Ashley Madison has an “affair guarantee” that guarantees that members will have an affair. In a round about way they succeeded, now that 100% of their members are now completely screwed.

 

10th Man Manifesto

The Seattle Mariners are, objectively, one of the least successful franchises in Major League Baseball.  They are one of two teams never to play in a World Series.  Through 2014, they have the third lowest winning percentage among Major League franchises; trailing only the Rays and the Padres.  And, perhaps most viscerally for Mariner fans, their 13 year postseason drought is the second longest in the sport.

At the same time, fan engagement in the Mariners is similarly stagnant.  While the level of fan interest is harder to quantify, attendance figures have dwindled steadily over time as the team has struggled.  And the numbers don’t tell the story of how many fans at the ballpark are there for the overall experience rather than to do all they can to help the team win.  It is easy to mock fan excitement for gimmicks such as the Boat Races, the Hat Trick, or even the dancing grounds crew.  But such gimmicks are enjoyed all over baseball.  What is damning is not that those events are popular, but that the noise they generate is not consistently matched during game action.

Meanwhile, the Seattle Seahawks have enjoyed recent success unparalleled in its history, and in the history of all but a handful of teams.  That success has coincided with what is generally understood to be the loudest fan base in football, and one of the best.  It is accepted as fact that Seahawk fans not only root for their team’s success; they are an active part of achieving that success.  Seahawks fans have come to be known as the “12th Man” or just “12’s”.

These facts beg the question:  why are the fan bases of these two teams – next door neighbors – so different?  One could simplistically posit that it is simply a function of success; the Seahawks are good, so the fans support them.  The Mariners are not, so the fans do not.

However, this explanation is at best unsatisfactory, and at worst circular.  It is generally accepted that an engaged fan base can have a direct impact on a team’s success on the field.  Of course, it is at most a fraction of the impact that is had by the players, coaches, and front office.  Alas, sports fans have no control over any of those factors.  Fans can only impact the results on the field in one way; their level of engagement.

As the Mariners begin the second half of the 2015 season, their performance is once again disappointing.  The sports narrative focuses on the number of days until NFL training camp and where to cast blame for this season’s failures.  As Mariner fans, we have the option of accepting this narrative, and thereby perpetuating the cycle of disappointment and failure that has permeated the team and its fans for the last decade.

But Mariner fans have another option.  We can choose to increase our level of engagement to match our engagement in the Seahawks.  We can choose to accept that we have an option to be a direct part of our baseball team’s fortunes every bit as much as those of our football team.  Indeed, we can acknowledge that, in at least some small way, we already have played a direct part in its fortunes.  The term “home field advantage” has been an oxymoron at Safeco Field.  Divvy up that “blame pie” however you want; just make sure to leave a slice for you and your fellow fans.

I propose that we, the Mariner fans, choose to take the first step toward reversing the fortunes of our team.  I propose that we, the fans, choose – one by one by one – to do all we can do to increase the chances that the Mariners win home games by virtue of our actions.  That we model ourselves after the Seahawk fans who congregate down the street (many of them, of course, are us) and the fans of other baseball franchises whose engagement helps their teams succeed on the field.

To that end, I propose the following 6 direct actions that the fans begin implementing immediately, upon the team’s return to town on July 24.  These are just one fan’s initial suggestions.  They are intended to generate interest and discussion; not to dictate your actions.  Hopefully refinements and completely new and better ideas follow.

  1. Begin identifying ourselves as “the 10th Man” or “the 10’s”. This is not a new idea; there is a Facebook page already devoted to the idea.  There hasn’t been a post on it in two months.  That’s telling.
  2. Impose the “two strike” clap for all of our pitchers; not just one of them.
  3. There is a baseball axiom that “momentum is only as good as the next day’s starting pitcher”. Mariner fans have a unique level of access to the opposing team’s starting pitcher before every home game.  A metal fence and no more than five feet separates that pitcher’s pre-game preparation from fans free to engage with him in a direct way.  There are numerous options for this.  I am not proposing that fans be uncivil (we have a Code of Conduct, after all).  But there is no reason why fans could engage in a pre-game ritual designed to distract him.  We could engage in monk-like chanting.  We could throw around a giant (fake) fish, like they do in Pike’s Place Market.    Anything.  It can’t be less effective than nothing.
  4. Yankee fans are known for their “roll call”. In the top of the 1st inning, the bleacher fans chant the name of every defensive player, along with the rhythmic clapping (you can close your eyes and imagine them saying “Der-ek Je-ter, CLAP CLAP CLAP-CLAP-CLAP).  While the clapping is and should remain theirs, there is no reason Mariner fans could not acknowledge of their players at the beginning of each game.  Perhaps a simple 2-3 syllable chant (“SEE-ger…SEE-ger.”)  Give the fans a moment of connection with each player.
  5. Commit to higher levels of noise during game action, designed to inspire our team and intimidate the opposition.
  6. Sign the Petition at seelysecurity.com/10thman to add your voice to the list of Mariner fans who are ready to do their part to bring greater success to their team.

Baseball players are human beings; human beings are affected by their environment.  Anyone who claims that fans cannot have an impact on the game are not basing their beliefs on evidence or common sense.

Some might ask whether the team “deserves” this level of engagement.  You are, of course, free to answer that question in the negative and go about your day.  Arguably, sports as a whole receives far more attention than it deserves.  But ultimately, we choose to be fans not for the teams we root for, but for ourselves.

It follows that choosing a higher level of engagement for the Mariners would be a gift not primarily to them, but to each other.  Will it help?  It won’t hurt.  It will make the games far more fun for the people there and for the fans unable (or unwilling) to attend in person.  And statistical probability dictates that, sooner or later, the Mariners will be good again.  Do you want to be one of the fans who sat back with his arms folded until the winning came, or do you want to feel like you helped bring about the franchise’s change of direction?  I would prefer the latter.

That’s why I’m signing first.  And I’ll be at the game on July 24th in my home jersey with the number 10 on the back and the name “FAN” above it.  Join me.

Brian Muchinsky

Brian Muchinsky is a lifelong baseball fan.  He is an attorney in Bellevue and the co-author of Cyber Fraud:  The Web of Lies, available on Amazon.

The Case That Gives Google the Right to Steal

Google’s stock price is up over 16% today.  Good for them!  And good for their investors.  Don’t be evil.

There are plenty of reasons to be bullish on Google.  And one of them is that they are legally allowed to profit on bullsh*t.  OK, be slightly evil.

It’s a well-kept secret that commercial information on the Internet is subject to basically zero legal regulation.  So while TV stations, radio stations, newspapers, and other “old media” can be held liable for publishing false information, Google, Bing, and other search providers CAN’T.

The result is that Google and its smaller competitors have the right take money for ads that they KNOW ARE FALSE.  Some of the most offensive ads are “bait and switch” schemes, like offers for a $19 locksmith service that get jacked to $300 when the locksmith gets out to your location.

A brave guy and legitimate locksmith named Mark Baldino thought that the situation was unfair.  He notified Google and others about false ads and asked the search engines to take the ads down.  When they refused, Baldino took them to Court.

If you imagined a stirring jury trial filled with impassioned pleas for justice, keep imagining.  The case was basically thrown out of court.

Why, you ask?  Great question.

The answer is Section 230 of the Communications Decency Act of 1996.  The main thrust of the law was designed to help keep pornography offline.  I think you know how well that fight went; in fact, those parts of the law were ruled unconstitutional not long after enactment.  (And fetishists of all stripes have a safe home online to this day.)

But this little nugget from the federal legislation survived:

“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

On its face, this isn’t necessarily a poison that costs the American taxpayer and honest citizens billions of dollars a year.  But unlike beauty, bad laws are not skin deep.  And that’s exactly what this law winds up doing.

In throwing out Mark Baldino’s case by claiming that Google had immunity from all liability under Section 230, the Court ruled:

“This immunity extends to all information posted that does not originate with the defendant as an information content provider.  A publishing website is immune under the CDA even when given notice that it has published false informationAlthough editorial discretion might be feasible for the traditional print publisher, the sheer number of postings on interactive computer services would create an impossible burden in the Internet context.”

So:  even if Google KNOWS IT IS PUBLISHING FALSE INFORMATION, and for which it is PAID MONEY, Google CANNOT be sued for propagating that false information.

Ladies and gentlemen, the United States Congress!

Baldino has appealed, and hopefully he can get the decision overturned.  But the problem isn’t that the Court’s ruling is wrong; the problem is that the Court appears to have correctly applied existing law.

The laws need to be changed.  Until they are, commercial information on the Internet is rife with scams that threaten your finances and your physical safety.

I break down the problem in plain terms, and tell you exactly how you can avoid being victimized, in my new book, Cyber Fraud:  The Web of Lies.  Read the first chapter for free, or order a copy, at www.cyberfraudtheweboflies.com.  I also do personal appearances.  Book signings, weddings, bar mitzvahs:  have your people call my people.

Oh, and be sure to by Google’s stock yesterday.  And while you’re in that time machine, please go back to 1996 and tell Bill Clinton not to sign the Communications Decency Act.  Or hire Monica Lewinsky.