Spam calendar invites from 16700700.com

Anyone else’s calendar getting completely spammed with invites from 16700700.com or 35700700.com ?

screen-shot-2016-11-09-at-15-02-48

 

If you are, you are not alone – my calendar has been absolutely crammed with them. As far as I can tell there is no malware or anything security-wise that I have done to allow access to my calendar, it would appear that anyone can invite themselves to any calendar – an obvious security issue.

screen-shot-2016-11-09-at-15-06-45

Its easy to remove them, by right-clicking and choosing Decline, but shortly after doing this for a single item on my calendar it was absolutely inundated with them, so don’t do that! By declining you notify the person that it is a valid email address for the calendar.

 

Update: 14th November 2016 – Apple engineers have got back to me letting me know that they are working to resolve the issue as it is a huge issue affecting lots of Apple iCloud accounts and that they have seen a sudden increase in the requests over the past 2 weeks. On other more worrying news I now have bogus photos requests too.

The most important things you should do is: Change your iCloud password to something new, and turn on 2-factor authentication for your account.

Essential viewing for web developers

Every now and again I come across some amazing videos on YouTube that I think are relevant to all web developers. One author (video blogger? – not sure what they are called) who is particularly brilliant is Tom Scott. He wonderfully articulates how web technologies and their exploits happen, and how to ensure that you don’t fall in to the same traps as many systems/sites out there.

One of Tom’s most brilliant videos is his explanation of how a self-re-tweeting tweet worked and how to ensure that you don’t have the same issues on your text boxes when writing their contents back out to the screen.

Essential viewing videos for development teams:

Tom Scott – Cracking Websites with Cross Site Scripting – Computerphile

Tom Scott – Hacking Websites with SQL Injection – Computerphile

Dr Mike Pound – Advanced SQL Injection

Tom Scott – Cross Site Request Forgery – Computerphile

Tom Scott – How Not To Store Passwords

Tom Scott – Hashing Algorithms and Security

 

If you are a developer, and have any suggestions of videos that should be added to this list, please add a comment with the URL!

Firefox browser now blocks Adobe Flash by default

mozilla_firefox_logo

Adobe Flash is now blocked by default on all Windows and Mac versions of the Mozilla Firefox web browser. Is it high time that Adobe finally consigns Flash to the outdated technologies bin? Is this one security flaw too far? How great would it be if Adobe instead devoted their efforts to developing tools for HTML 5 and CSS to achieve similar moving vector functionality that attracted web developers to use Flash in the first place.

Following in the footsteps of Apple (in which Steve Jobs wrote a then controversial open letter in 2010), Mozilla is yet another company who has publicly raised serious concerns with the lack of security and widely documented bugs in Flash.

Mozilla has unearthed evidence showing that the bugs in Flash were being actively used by criminal groups to exploit users and install malware and ransomware on their machines. At present the exploits were limited to FireFox installed on Windows PC’s.

Flash Plugin Blocked

On their support pages Mozilla said that the block would remain until Adobe releases an updated version to address known critical security issues. A similar block has been built in to the Apple Safari browser since version 7 in 2013.

My verdict: It’s time to pull the plug on Flash once and for all. Come on Adobe, think to the future instead of frantically patching the past!