Is This A Scam - Part II

This publication has been a long time coming, but for some reason, it always has gotten put on the back-burner in lieu of a "more interesting" story. After reading a news article out of Chesapeake, Virginia today, which was February 22nd, I realized that this was an article that needed to be written. So, this is:


Is This A Scam - Part II

The trigger for this post was actially an article I read which referred to a gentlemen who was contacted and told that he owed the IRS money, and that he needed to pay or "the police will come."

636173109841874978-iTunes-card.JPG

Let's first address the fact that we are in full swing of IRS scams. It's terrible that people choose such a time to profit off of others, with so much sensative data, but I guess you could say hackers don't exactly have the highest moral standards. That being said, DO YOUR TAXES AS SOON AS POSSIBLE. Do not wait. The longer consumers wait to file their taxes, the better the chance of having your identity stolen. Now I'm not try to scare you, but let me put it in this perspective...if you wanted to steal people's IRS information, what would be the best time to do it? April 5-14th most likely. Plus, the longer hackers operate, the more likely they are to get caught, so hackers typically will try to infiltrate a system and get out in a small amount of time, so file your taxes as soon as you can.

Now I want to get back to the main reason behind this post - the scam portion of the story I mentioned in the opening paragraph. If you read my last post, I mentioned a scam that happened right in Corvallis, Oregon, and quite frankly, is occurring all over the country. 

Scammers are contacting "customers" and explaining the to them that "they may be in trouble with the police if they don't give (insert amount of money) to (insert company name ie: IRS). In order to do this, the scammer almost always has the customer do one of the following: go to a Western Union and wire the money, buy gift cards then give the scammer the gift card number on the back, or the scammer sends a check for an amount more than requested, you then wire back the excess amount of money.

I spoke with a customer that I was working with last night who said, "Who would fall for that?" I responded, "Apparently quite a few people."

Just be cautious when you receive phone calls and keep these in mind:

  1. NEVER WIRE SOMEONE MONEY OR BUY GIFT CARDS TO "SETTLE DEBT"
  2. Apple, Comcast, Microsoft, or the IRS will NEVER call you because of a "hacked account." Apple, Comcast, and Microsoft will email you (most likely); the IRS will send you a letter
  3. If it sounds fishy, it probably is.
  4. Get a second opinion. That's why I'm here! Give me a call (541.714.5880) or an email (stuart@crashsecurity.com) about what happened, because 99% of the time, I'll know within the first two sentences (just because I've seen these types of issues so many times).

Please spread this to your friends, as I know this has been an issue of my town of Corvallis.

Be safe out there, and get your taxes done early!

-Stuart

macOS Annual Update Is Planned Obsolescence

Welcome to my battle with Apple and their operating systems.

Ever since OS X 10.7 Lion, which was released on July 20, 2011, Apple has released one operating system each year, leading us to 2017, when Apple released their most recent operating system, macOS 10.13 High Sierra on September 25, 2017.

Release date of each operating system located in far right column

Release date of each operating system located in far right column

One thing that has been nice is the fact that we've seen something new every year, with new features, new functionality designed to make your experience better, and everything in between. 

This idea, however, does have many downfalls, and it is not discussed nearly enough. It seems to be that only people interested in Apple's security see the flaws.

See, the entire reason behind new operating systems is not just to have cool, new features. It should be largely in part to making the operating system, and its fundamentals, better. Better by being more secure, harder to exploit flaws, more testing prior to release, etc., etc. 

This is not how we've seen Apple react in the past seven years, with the rushing out of operating systems. Because of this, we've seen horrifying flaws in the operating system that allow unauthorized root (administrative) access simply by clicking an empty box three times. Even worse, Apple's macOS doesn't provide a bug bounty program, which the majority of high-end companies due. This means that if you are a security penetration tester or researcher, and you find a flaw in a system, you disclose it to said company following the proper disclosure guidelines, and they pay you for finding an issue. Apple doesn't have that program, which means that if you've spent time finding a bug in Apple's operating system, there is very little incentive to go through the proper disclosure methods. This is why some of Apple's serious flaws have just been exposed via social media.

Again, these are very fixable problems for Apple. Provide a bug bounty program, and focus more on the quality of the new operating systems instead of quantity. Quality over quantity every time!

Let's take a look at Windows, whose operating systems seem to be much more exploitable than Apple's operating systems. They released, arguably, their most stable operating system, Windows 7, in October of 2009. Many, many companies and end-users still use this operating system today. Windows 10 was released in July 2015, closing in on three years ago. Microsoft, although issues with operating systems, partially due to how hard they are targeted by malicious content, only releases operating systems, roughly every three years.

Apple is always striving to "raise the bar," according to CEO Tim Cook. However, what they are doing instead, is rushing out incomplete, hastily thrown-together operating systems that are loaded with issues.

So why does Apple do this? Is it simply because they are trying to "raise the bar?" No, I don't think that for one minute.

I'm sure many people, who own iPhones especially, have heard the phrase "planned obsolescence." It's a frightening term when you think about it. The idea is, in this case, that Apple rolls out new products and operating system each year with the idea that your device, which may be only two years old, is approaching obsolescence. In Apple's eyes, and this is 100% accurate, hardware, whether it be an iPhone, iPad, MacBook, iMac, or anything else, is considered obsolete after five years passed the release date. An example is that computer constructed in 2011 are now considered obsolete. Now that may not be a big deal, except when it comes to getting your device serviced by Apple. Obsolete machines no longer have parts created by Apple, which means Apple will no longer service them. It's sad, depressing, and surprising for a Fortune 500 company. You don't see this in any other company, that comes to mind, that does this.

Screen Shot 2018-02-11 at 6.04.53 PM.png

In an anonymous poll conducted, consisting both of end-users and people employed in the information security sector, over 75% of people surveyed believe that the quick, almost unreasonably fast production of Apple products is due to this idea of planned obsolescence. Whether this is true or not, Apple should at least respond to that accusation, as I am definitely not the first person to propose this.

I used to think that Apple just wanted to continue to roll out products, and because of their enormous product line, they had to quit production of certain pieces of hardware. The more I look at it, and the more I study the Mac operating system, the more I believe that planned-obsolescence is actually a large reason for this bizarre reasoning behind releasing operating systems and Apple hardware each year. What they should do instead, is try to be certain that users can't unlock App Store preferences without administrative privileges. This is what happens when products aren't properly tested and ran through extreme vetting processes before their release. Yes, they release a public beta, but I don't think that's enough when the engineers only had a year to make it.

I worry that Apple's planned obsolescence may one day be its downfall. It's operating system is still, in my opinion, the most complex and stable operating system, when compared to different Unix operating systems like Linux, or when compared to the Windows platforms. If you've had issues with your computer, please let me know. I'd be happy to speak with you about it!