Elamb Cybersecurity

Blog

  • ArcSight n00b (Part 1)

    ArcSight

    ArcSight n00b

    ArcSight for dummies.. is a an oxymoron because you cannot do ArcSight and be a dummy.  The system is overly complex with too many moving parts.

    In a world of intuitive interfaces and user friendly complex systems Arcsight is “rocket surgery”.

    The best I can do after 2 years with this log collecting, correlation beast is to tell what I have learned from my attempts at figuring it out.

     

    What the HELL is ArcSight?

    ArcSight is a security information & event manager (SIEM).  It collects security event logs from critical servers, internetworking devices, proxies, firewalls and other core network systems.  So systems like DNS servers, host based intrusion protection systems, intrusion detection systems and DHCP servers.  Usually, these logs are monitored by a security analyst.  You find SIEMs at medium to large organizations that have a lot to lose.  That is to say, they have assets of great value: data, services, information systems.  Since they must be online to conduct business, they may have a high exposure to the Internet and are under regular probing and or attack by numerous “threatsources” (attackers, malware, competitors).

    ArcSight was bought be HP in 2010.  I am told by former ArcSight employees that this affected the quality of ArcSight.  But that is before my time.  The product seems great (aside from minor grievances <cough> Challenge Response Code <cough> and the employees very smart and very skilled.  HP seems to have kept much of the special sauce that makes ArcSight the top SIEM.

    What Are the Components that Make up ArcSight?

    Great question!  The main components of ArcSight (HP ArcSight..) are the following:

    ArcSight ESM – ArcSight Event Security Manager is software for monitoring security events.  It allows real-time view of security events, can take security incidents that may be related to a larger attack and alert the analyst (correlation), it allows historical views of trends on a given network.

    ArcSight Logger – Logger is a log management solution that is designed for high event throughput, long-term storage for rapid data analysis.  It allows the security analyst to type in and ip address (for example, and see how many times that system was attacked or accessed and with what type of packet.

    Connectors – There are a few types of connectors but the main ones are the ConnectorAppliance and SmartConnetor.  A SmartConnector is software that collects event data from the network device and sends it to an ESM or Logger.   The ConnectorAppliance is a hardware solution that allows the management of many SmartConnectors.

    arcsight-n00b

    So if you are new to ArcSight where do you start:

    It really helps to have a background in information assurance/security analysis, networking, Linux and databases.  The learning curve seems to be having some comfort with all of this things.  Usually, IT professionals are very deep in one area and weak in most others.  If you are a true Jack of all trades, then you will like the challenge of ArcSight.  If you don’t have any experience with these things.  There are some other recommendations for ArcSight n00bs:

    – ArcSight Certifications

    – ArcSight Resources

     

     

    Ref:

    SmartConnector Users Guide (2009), Connector Appliance Admin Guide v4.6 (2008), Logger QuickStart v5.2 (2011), ESM v5.2 101, Concepts for ArcSight ESM v5.2 (2012).

     

  • ***scam Facebook Black SCAM**

    facebook black scam
    image of fb black fake ad

    Facebook Black Tagged ???

    So someone TAGGED me with an “I just got Facebook Black!” message.   I was all excited.  YES, Facebook black.   Then I was like.. WHAT HELL IS FACEBOOK BLACK?  Is it a new smartphone released by Facebook?  Is it a new elite Facebook page?  Or maybe Facebook is getting into HD Content & AirPlay Wireless Streaming like Apple TV, Roku and Google TV?

    Googled it:  SCAM, SCAM, SCAM

    Facebook black is not anything but a scam.  It is an aggressive survey campaign that leads to something malicious… I call it SURVEY RAPE.  Yes, that right folks.. ELAMB.ORG created the phrase “Survey Rape”.  Shakespear created 1700 words including gems like “addiction” and “accused”.  I created “survey rape”.. and also “survey rapage” meaning the representation of “survey rape”.

    Anyway, facebook black is a series of surveys designed to trick and forcibly gather data on victims.  Thus the name, “survey rape” a fate worse than death.

    Facebook black similar to some other facebook scams first tag you to get your attention.  Once you take the bait, the hook is clicking their facebook black ad.  After that, the attackers use a Javascript file to create a new Fb page on your account and you are redirected to a malicious website.

     

     

  • Filipino Cupid Success

    Filipino Cupid Success

    Written by: Matt 🙂 ** for you, baby**

    In 2011, I submitted an article to elamb.org about how I was scammed on Filipino cupid.

    http://elamb.org/filipino-cupid-filipino-heart-american-scammed/

     That article was accompanied by an article by the actual woman that scammed me:  http://elamb.org/filipino-cupid-filipino-heart-scam-ring/

    Even though the interaction was built on lies, it actually start to turn into a relationship, a relationship that ended with her apologizing and me finding it hard to trust.  Its was a lot of heartache for both of us.  The good that came out of it was that we decided to warn others against that treacherous path we chose.  We of course broke up and she eventually paid me back.

    Since that time things have changed a lot.  I have had filipino cupid success.  Not only did I find true love but I found the woman of my dreams.  A woman that is not only beautiful but someone who has become my best friend and someone who is apart of me completely.  I did not think such a thing was possible.  But here it is.  Even though I make an average income, I feel wealthy.  Its like I have found a castle full of riches.

     So I have been thinking how could I have found this person sooner.. what tips could I give to help others find a good woman and AVOID all that mistakes I made:

     TIPS:

     asking money dating site1.  She Asks Money.  If the lady you meet online is asking for money, this is a pretty good indication that she is all about money.  Because of the poverty and the environment that is provides no legal, religious, moral or financial support of single mothers, MANY filipinas turn to asking, begging or scamming money from dating sites.  Some even make a living from this alone.  If her family is struggling, her priority is to them.  And its very understandable, but understand that because of this situation you are someone she just met.  You are a means to help her family who she would die for.  So lying to you is easy.

     So how do you determine who just really needs help and who is scamming?  You CAN NOT.  But from my experience, the ones that do not ask for money are serious.  All the ones that asked for money were no good.  If the money stops, they leave.  Its one thing to just ask for money but its another to pretend to be in love to get money, that is actually worse than a Gold Digger.

    rule #1:  Just don’t give money.  Giving out money is NOT the way to filipino cupid success.

    pitty dating2.  Victim stories.  This is usually tied to money.  They will tell you a terrible story about disease, death or accidents in the family.  Or they will say that their baby needs milk.  Keep in mind that you have NO WAY of know what is the truth from online chats.  They are telling you this story so that you feel pity and ask them if they need help (money).

     Ask yourself, 1-If they are in such a bad situation, why are they on the Internet?  In fact, how can they afford electricity and Internet in the first place?  2-WHY in the world would someone go on a DATING site to get pity?  Shouldn’t they get help at a church or friends or family or some sort of organization.  Don’t listen to victim stories.. you are on a dating site to find love not to become a charity organization.

     3. She will not get on video.  If he keeps making excuses to not be seen on video then she not who she says she is.  In fact, it might not even be a SHE.

     Filipino Cupid Success4.  Listen to her past.  Assuming she did not ask for money, did not try to receive charity from pity and you like what you see on video, then the next step is to get her to talk about herself.  Find out about her past relationship to see what kind of behavior she has in her life.  A person establishes habits that are more set the older they are.  Assume those habits are there to stay and ask yourself, “can I live with that?”

    5.  Is she compatible with you?  Determining compatibility takes time.  Do you enjoy talking the her?  Does she like talking to you?  Do you feel comfortable and happy interacting?  Do you have arguments?  Can they be resolved?  Whatever the attraction it should be way beyond just sex.

    I would also say that once you find the right one, you both should lose the desire to stay on dating sites.  When it is really good, dating sites lose their appeal.  You just don’t want to go there anymore.  There is no reason too.

     Through all the heartbreak, and all the crazy scams on filipinocupid.com, the filipino cupid success I have now has definitely made it worth it all.  I just hope you can be smarter than I was about it.  NOT giving money based on sob stories making sure she is who she says she is with VIDEO and then finding the right one.

    I found the love of my life on filipino cupid, a dating site.  Its something that is way beyond words.  We have been together over a year and have met several times.    Together we have been traveling the world living a dream..

    Good luck.

  • Is it my baby? 6 Hints that Its NOT yours

    Is it my baby?

    Author: Bry@nt5

     

    is it my baby is it my baby or is it a trap

    This goes beyond a mere scam.  So perhaps this is not the right site to put this on.  Whatever the case, here is my story.

    She got pregnant and said it was mine. When I voiced my doubts and the possibility that it could be someone else’ she claimed with absolute certainty that it was mine and there was no way it could be another man’s child. 10 months later I found out the truth!

    During the pregnancy, I had accepted it. For months during the pregnancy I thought this baby was mine. I provided money, emotional support and anything she needed. Then I got the DNA results back.. it was not mine. And I think she knew damn well it was not. She just strung me along the whole time for money.

    Looking back, I can honestly say that it was my OWN FAULT. I ignored all the warning signs of how desperate this person was, how much of a complete liar she was, and I only got suspicious when babies delivery date did not quite add up with the dates of possible conception.

    Of course, the best evidence on whether the baby was mine or not was DNA. But there were some signs that should have given me hints.

    Here are some hints by the numbers:

    #1. Delivery Date is Off

    is it my baby untra soundWhen she got the first ultrasound, the doctor said that the baby was due one month earlier than it should be from the first time we had sex.  One thing to keep in mind is that an ultrasound gives the doctor a very good indication of when then baby should arrive and when she had her last period  They can definitely be off and if there is any doubt its a good idea to have a second opinion from a different doctor.  In my case, she had the baby, it was even earlier than the date she should be due.  More information on the accuracy of ultrasounds here: http://www.babyzone.com/pregnancy/prenatal-care/uses-accuracy-of-ultrasound_79973

    I calculated the days over and over using “due date calculators”:

    https://www.google.com/search?q=due+date+calculator

    #2. Delays DNA Test

    is the baby mine - DNA testingHer first response to a DNA Test was to be pissed off about it. She over reacted a lot when I mentioned it.  And it was only when I insisted that she agreed but only if SHE could control the process of having it done.  When I denied her that control, she delayed getting the DNA samples from the baby for months.

    *When I finally got the results of the DNA test, she said she sent the wrong sample.  Since there is no denying DNA evidence, someone who is not sure will be very reluctant about a DNA test.  If she was sure it was my baby, she would not hesitate.

    #3. Baby does not look like me

    is it my baby?
    The baby had red hair. NO ONE in my bloodline has red hair.

    I guess this is pretty obvious.  If the baby does not have any of your features, you have a right to ask questions.

    In my case, the baby did not quite look like me. In fact, the baby did not fully look like my race.

    After I was sure she had lied, after I got the DNA results I wanted to How and Why she did it. And you know I think there were many reasons. These reason also add to the hints to be mindful of.  Those reasons are also big indicators of motives and intention.  Is this the kind of person who would do something like trap you with a baby.

    #4. She is a SLUT

    she put out a LOT its not my baby baby
    she is easy.

    In the end I found out that she had slept with many guys and actually she did not know whose baby it was.  She wanted to find meaning, affection and intimacy by giving her body up to many men. But she was also driven by revenge. Her boyfriend cheated on her so she wanted to fuck other men to hurt him. How do I know? Some she told me. But I also caught her chatting, and calling them, texting and flirting before, after and once… even during sex.

    #5. She is Incredible LIAR

    she lied about the baby
    liar. mother.

    Yet another hint of that the baby might not be mine was all the lying.  If she thought there was no way I would know what she was doing then she would lie.  She started lying so much that she would forget what she said before to follow up on her own lies.   Example, I Googled her and found her on dating sites (profiles still up and active recently).  She said she was not searching on the dating sites anymore. She told me she was no longer involved with her exes but eventually I found out everything she said was a lie.  What shocked me most about it was how she spoke with such conviction in every lie.  It was as if she believed her lies.

    #6. Mentally/Emotionally Unstable

    is she crazy?
    crazy. with baby

    I asked her about her past relationships. She told me terrible stories of all the terrible things that happened in each one.  She told me about domestic violence, and attempted suicide. Since she could never be honest with herself it was ALWAYS someone else who was at fault.  Someone else was the reason for every problem and she could not own even one. In the end, she was alone and desperate and willing to do anything to keep me.

    Women who try to trick guys into taking responsibility for a baby that is not theirs is more common than I thought.

    I foolishly had unprotected sex with a woman I knew was unstable. I used the “pull out method” but weeks later she was saying she is pregnant and that “it MUST be yours.”

    For some guys whether the kid is his or not won’t matter. But to a man willing to take responsibility for his actions no matter what… you are the coveted and often over looked “good guy”.  She more than likely was in love with a “bad boy” and she will be smart enough by this time to tell the difference so she will see you coming a mile away.  I realize that a woman that could pin that kind of responsibility on a guy that is good to her is both ruthless and desperate or just desperately in love and willing to be ruthless.   For guys that are willing to do the right thing, just make sure you are not being deceived while you attempt to doing the right thing.  And really, if the child is yours but had to question her honesty and faithfulness maybe you want to just care for the child and leave her ass alone.

  • Social Network Phishing

    I was a victim of social network phishing. Someone got my password and started emailing my friends. This is the story of how it happened.

    In 2008, I started working as a Internet cafe attendant. Believe it or not, computers and the Internet were still kind of new to me… I just had not used them much. I began learning more and more of all the things you can do via the Internet. On my free time, I started browsing online, used yahoo messenger and registered on friendster and tagged.com.

    Later on I met guys and one of those sites. One in particular was named Mark from Europe. According to his profile picture, he Was good looking so I started getting interested of him. We exchanged emails on the site. Mark asked for my yahoo id. I gave it to him and started talking in yahoo messenger. While we are talking, he requested my webcam so I opened it to let him see how I look. When I asked him back to view his webcam, he had excuses and said his cam doesn’t work.

    After some time of talking, he introduced a site telling me that he had an account there and that it is similar as tagged.com where we met. He said that if I open the site then I will be able to see a picture of him there. He sent the link to me (I don’t recall the name of the site). When I opened it up it was requesting my email address and a password in sign up. So i told him this seem strange on why I have to sign up to see his picture. He said that that it is necessary to get access inside the site for his profile. So i typed my email address in it and a password. After that i still couldn’t get in to the site that he was sharing. When I put in all the information, the site didn’t seem to work. So I told him this. He said try again ‘darling’ because maybe you had some errors in typing the informations. So I again typed my email address and at that time ‘with the same password’ that i use from my email address. After the second try, a profile of another man showed up with personal informations about him ,a different descriptions and a different picture too of an Indian guy now.’ So I realized right away that he was fooling me. I got angry and told him that I knew that he was scamming me by using a fake profile on tagged.com where we met. I told him and that ‘I dont like Indian people.

    By that time, I told him to delete remove me from his contact list I will do the same. He kept buzzing and gone crazy apologizing to me.

    The next day, I signed in on my yahoo id while I am at work. It suddenly signed me out. I was confused why it was happening. I signed in and tried many times and for a while i get signed out again. So I decided to make another yahoo id and added few yahoo ids of the people that i recall. I informed them that I am using the new one temporarily because it seems like my other id was messed up. Then one of my filipino friends was surprised and said that ‘she was talking to me a while ago’ and confused too why I kept asking her to signed up for some “strange site”. She had the idea in her mind that it wasnt me because while talking to our native language, the person who is pretending to be me would reply only in english and talks all about the site to convince her but she didn’t do it.

    When i heard all of it. I had the answers already and it was not yahoo that was really messed up but there was someone that hacked my yahoo id’. I quickly checked my email, went to the “Account Settings”, change the password and it went back to normal again. Thankfully that i was able to retrieve it because I had important files there.

    Its been a big lesson to me. Not to just talk to anyone who are totally strangers without even knowing them well first or seeing them.

  • ATM Card Value is $500,000.00 USD ** SCAM**

    FROM THE DESK OF MRS THERESA EWING
    DIRECTOR,INTERNATIONAL REMITTANCE
    FOREIGN OPERATIONS DEPT,
    HSBC – BANK PLC,
    Response should be directed to Email: hsbcatmcardcentercash102@yahoo.com.hk
    Good Day,
    In line with the United Nations millennium development goal to eradicate poverty and hunger by the year 2015 i am directed to inform you that your payment verification and confirmations is completed, Therefore we are happy to inform you that arrangements have been concluded to effect your payment as soon as possible in our bid for transparency.
    It is my pleasure to inform you that ATM Card Number: 5428050011004432 have been approved in your favor, The ATM Card Value is $500,000.00 USD
    (FIVE HUNDRED THOUSAND UNITED STATE DOLLARS). This funds is been awarded to you from the United Nations millennium development goal and they are doing this to eradicate poverty and hunger by the year 2015 and you are require to give 30% of the funds to the less privileged around your environment.
    You are advised that a maximum withdrawal value of $5,000.00 USD is permitted on withdrawal per day and are duly Inter Switch so you can make withdrawal at any location and ATM Center of your choice.
    We have concluded delivery arrangement with the ups courier services. Please note that the UPS Courier Company is fully insured by Nicon Insurance Corporation.
    NOTE: A MAN NAMED MR.ERIC SAMUEL CAME TO OUR OFFICE SAYING THAT YOU ARE DEAD AND HE IS YOUR NEXT OF KIN ,HE SAYS YOU HAVE NO CHILDREN AND SO THEREFORE YOU MADE HIM YOUR BENEFICIARY, HE SAYS WE SHOULD PAY HIM YOUR $500,000.00 USD (FIVE HUNDRED THOUSAND UNITED STATE DOLLARS). in YOUR HSBC ATM MASTER CARD, BUT WE NEED TO CONFIRM IF TRULY HE IS SAYING THE TRUTH AND IF NO RESPONSE IS GOTTEN FROM YOU IN 48 HOURS FROM NOW WE WILL ASSUME HE IS SAYING THE TRUTH AND PAYMENT WILL BE MADE TO HIM,PLEASE CONFIRM IF YOU ARE DEAD OR ALIVE NOW.
    Kindly be inform that you are to provide a delivery fee of $95 USD for the effective delivery of your package to you as the delivery charges and please also be informed that the delivery will be made to your address in 48 hours (2 days) after the confirmation of your payment for delivery, as you know the delivery fee receipt will be attach on your payment delivery documents to avoid being delayed by customs.
    Kindly provide the details below for delivery.
    1. Valid delivery address:
    2. Country:
    3. Name:
    4. Mobile Number:
    5. Phone Number
    6. Occupation:
    Treat urgently and note that your ATM Card is ready and available for dispatch to you.
    MRS THERESA EWING
    E-mail: hsbcatmcardcentercash102@yahoo.com.hk
    HEAD OF INTERNATIONAL REMITTANCE DEPARTMENT FOR UNITED NATIONS

  • Where to find a job: Call Center Support

    Working as a Call Center Agent
    In every profession we choose no matter what it may be there are always a pros and cons. One of the pros of working at a technical support call center is that it does not require any certification from school or degree. In the Philipines, the age limit is 18 years old above. As long as you can speak English very well and know how to use a computer, you are qualified.

    Training
    Once you are hired, most call center companies conduct a free training. This training can take two to three months. Once the training is complete you can work either as technical support or customer service representative.

    Career Promotion
    Promotion is this industry is not hard, as long as you are knowledgeable of the position and have performed well in your previous position, promotion is possible. Depending on the company, you can get promoted in as early as 6 months unlike other regular day jobs where you have to be employed for 5 years or more to be considered for a higher position.

    Technical Support Rep
    In my current job I work as a technical support representative at one of the most competitive companies here in the Philippines they provide telecommunication and Internet connection, so my task is to receive a calls everyday assisting customers every time they have a concern regarding on their Internet connection or their telephone connection. We assist in basic computer troubleshooting in order to restore the customers connection, however when we cannot restore the connection, we do reports to make a coordination to our field technicians to check their connection thru outside facility like in the network or either in the cables in our outside facility.

    CONs
    Its nice to serve the customer in some way. But unfortunately we receive calls from very upset or irate subscribers who have not had their connection restored in a long time. Customers also get upset about recurring problems with their Internet connection. After a couple of days of having no connection or bad connection the customer wants to call and take their anger out of the Technical Support Rep.

    Sickness & Health
    Certain illness can have an effect on Technical Support calls. But in a large technical support center you cannot leave your station even if you have illness’ like Laryngitis, Tonsillitis, Kidney problem or UTI. You can go to the restroom during your break time and you have to work even during holidays and most specially if the account, project or program pulls out their business from your company, you will either be forced to resign or to transfer to another account.

  • Travel expense and visa fee scam

    Travel expense and visa fee scam

    One common scam is the “Travel expense and visa fee” scam. How it works is that the scammer establishes a need for the potential victim to give money for a plane ticket to the location of the victim. The need is established by some sort of incentive. For example, they scammer will lie about how they feel about the victim to create false relationship (romance scam). Sometimes the scammer will tell the victim that their has been an emergency and they need money to travel. Once the money is wired to from the victim to the scammer (usually via Western Union, MoneyGram, Xoom or other methods), the scammer takes the money and runs.

    Travel expense and visa fee scam
    In this scam the scammer will say that he/she wants to visit you but doesn’t have enough money to pay for his/her plane ticket and travel expenses. They will then suggest that you send them the money so they can purchase a plane ticket. Shortly later they will tell you they need additional money for a passport, visa fees, transportation to the airport and miscellaneous expenses. In some cases they will also tell the victim that the visa requirements state that they need to have a certain amount of money in their bank account so they can proof to the immigration official that they have sufficient funds for their visa. Some scammers will show fake copies of plane tickets, visas or other documents to make the travel plans appear to be authentic. After wiring the money the victim waits at the airport patiently with a bunch of flowers for his/her love of their life to arrive. Only when all passengers are off the plane and the scammer doesn’t show up do they realize that they’ve been scammed. In order to avoid these scams never send money for any travel related expense, instead make it clear that you will travel to meet them AFTER you have spent considerable time chatting to them for many months. Also, make it clear that you will never send any money to anyone you meet online. If the person is genuine they should be very happy that you will travel to meet them, if they are a scammer and sense that they will never receive any money you will probably find that they disappear as soon as they realize they will never receive any financial benefit from communicating with you.

    filipinocupid/filipinoheart

  • by: Will Cochran
  • Your Email (optional): lady.cool59@yahoo.com

    • Message from a scammer:
    hello honey i will like you to sen dme 8000$ for passport and visa so taht i will come to your country and you can marry me

  • fake family fake kids real scam

    Scammers create a believable story that brings you into caring about them and their made up situation. They are exploiting the open and trusting nature people usually have. Once they have your care and attention, they can get what they want from the victim.

    *From Reader*

    Message Body:
    kelrobs99@yahoo.com and his fake kids email codypeter64@yahoo.com he clamed to b an engeineer for company only took two weeks for him to ask for money.. he found me on face book claimed to b from New York.. so sad ppl have to b liars and cheats this is where he wanted me to send money to rolland.i. owarume. address no 44 idiaregbe street delta state nigeria names he used where kelvin robert kelvin peter roberts for hi kids cody and nonna peter

  • Fiancee Scam

    Fiancee’ Scam

    by: INOU

    • Regina Sechico Ramirez .. Dipolog area Pinan, Philippines Mulitiple fiancee’s. Meet and greet of couse. Think your the only one. But has many and of course requests money for food, medicine, legal fee’s any and everything she can, playing on your affection and belief your the love of her life. She took me or thousands and another man for tens of thousands.