One of my acquaintances told me today of an innovative scam.
So this friend of mine posted an advertisement for renting her apartment out on craigslist. As soon as she posted the ad, an email response came that looked absolutely legitimate.
The respondent claimed that he was a professor in the UK and would be visiting the US on a sabbatical. He even listed a phone number for contact as well as gave some very legitimate looking references. The respondent also said that he wanted to rent the apartment in about 1 months’ time. So far all good. My friend contacted the respondent over the phone and there was nothing odd about the conversation.
In the subsequent conversations, the respondent requested my friend to collect delivery of the furniture for his apartment (which he had indicated that he was going to rent). The respondent said that he would send a check to her and she should then collect the delivery of the furniture and pay the furniture company out of her own pocket. The respondent even sent in a personal check to my friend in advance. She deposited it and sure enough, the amount showed up in the bank account. But what had her spooked out, was how could someone give away a check to some one just like that. For some reason, due to a weird hunch, she decided that she was not going to engage in any financial transactions on the behalf of someone who was sitting hundreds of miles away who she barely knew. In the end, it was this hunch that saved her from losing the money.
So the respondent (thinking that my friend had agreed to undertake the transaction on his behalf) gave her the phone number and information of the furniture company. My friend googled the furniture company but could not find anything. Moreover, the furniture company would not even pick up the phone. This put my friend in doubt over the dubiousness of the potential renter. As it turned out, that the check bounced a couple of days later and if she’d paid the furniture company it might have been used as a way to steal money from my unsuspecting friend.
I guess what could be interesting to know here is that if there was a legitimate phone number (say from Google voice) and a legitimate website (which costs a few dollars for a month now), then my friend could have possibly been duped.
This serves as a reminder to us of the reality of the world we’re living in where scammers are looking for an opportunity to dupe us.

I finally got a new home for my blog.  www.rajatswarup.com will be my new homepage.   In the coming days, I’ll continue blogging while also improving the look & feel of my website.  Any suggestions would be appreciated.

Dell had this program called Dell Vista Express Upgrade as a part of which once you pay for your XP Pro you become eligible for a Vista upgrade. The interesting thing was it was an introductory offer and they would ship the DVDs upon Vista’s release if we activated the upgrade. I did activate the upgrade but I did not receive my DVDs until a few days but when I eventually did it was a “Dell Vista Upgrade Assistant DVD”. What was even more interesting was that this DVD was not even an installation DVD (with no warnings on it that it was not the OS installation itself which I assumed all along). It was just a DVD because Dell likes sending DVDs to users! So I contacted Dell about the OS when I couldn’t boot up the OS and they said that no wonder…this is not the OS. So I asked them where’s the OS and the customer care went “you should have it”! Now if they didn’t ship it and I didn’t receive it (although I paid Dell for it), who should have it! They tell me Microsoft has it. It just seems illogical that the person who I pay for the software would not be the one to ship it out to me. The Dell Resolution specialist called today and said there’s nothing he could do. They have my money, they didn’t ship out the DVD…and so be it! Do what you can! That’s just the worst ever case of customer care I’ve ever seen!

I have been a subscriber to this magazine’s electronic edition since the past year. However, they’ve only sent me one copy of the magazine till date. The cost of the yearly subscription was $79 or something which makes it an extremely expensive magazine…1 issue for $79…that’s ridiculous!
All my efforts to contact monika.drygulska@hakin9.org or marta.ogonek@hakin9.org have been futile! I would like to discourage anyone who pays for this.
Has anyone else experienced this kind of sloppy service with Hakin9?
Update 06/23/2009:
Hakin9 finally contacted me, after I emailed them (again) based on Chris John Riley’s suggestion. They provided me with the missing issues. Better late than never Hakin9! Thanks!

This week I got the CREA certification to add to my list of CISSP, CEPT, Visa QSA. This certification required a good practical and conceptual knowledge of reverse engineering. The certification requires a good working knowledge of components such as IA-32 assembly language, malware reversing, expert level knowledge of IDA Pro, OllyDbg, HiEW, Dumpbin etc., PE File header, repairing packed and compacted binaries, using system level reversing etc. The exam was good and tested on the concepts of the reverse engineer.

I finally got the Certified Expert Penetration Tester (CEPT) with a good score on the practical. There were two parts to the certification : an objective multiple choice written test and a practical. To qualify one needs 70% on the written and 70% on the practical portion of the test.
The written test was not too challenging if you follow the material taught at the InfoSec Institute’s Advanced Ethical Hacking course, however, the practical made up on the lack of challenge. The practical involved writing an unpublished stack overflow exploit for a real-world commercial software of IACRB’s choosing, a format string exploit for a custom application and writing a patch for windows binary to subvert registration mechanism on the binary. One could write the exploit in the form of a python script (that I chose), a shell script , a perl script or a binary written in a language of our choosing. The solution could be quite flexible when it came to the choice of language for writing the exploits.
Personally speaking, this was a great learning experience for me and I plan to continue learning in the interesting field of vulnerability development!