Detecting a distributed reflected DNS attack

The other night as I was getting ready to sleep, I received an email from the host of my personal Linux VPS saying that I had exceeded my monthly transfer quota. I didn’t pay much mind to the warning, as the excess transfer was insignificant, and at that time I was too tired to care. I closed my email, got into bed and fell asleep.

Lessons learned from a hacked Twitter account

If you follow @WebSpy on Twitter, you would have received a very strange Direct Message (DM) from us yesterday. Something along the lines of “rofl this you?” or “you’re on this vid!” or “I found you on here!”

Unfortunately, the WebSpy Twitter account fell victim to a phishing scam, and as a result sent phishing spam to all our Twitter followers. We are embarrassed by the incident and we apologize to all of our followers, especially the ones that clicked the link in the DM and were caught by the phishing scam themselves.

Here’s a rundown of the event in the hope that it will help others know what to look out for.

Notes on E-Security Development

Today, I had the pleasure of attending Western Australian Internet Association’s first (out of four) breakfast events. The main topic on the agenda was E-Security and a panel of expert, representing commercial, government and educational bodies, were there to shed a light on the latest developments.