This is part two of an on-going series detailing my investigation of the service providers behind Anon-IB, a revenge-porn site where men post sexually explicit images of local women and underage teens in threads organized by state, county and city, often including personal details of the victims. I also detail malicious cyber activity being allowed by these same providers and make an effort to bring their complicity to the attention of relevant parties. Part one can be found here.

Quasi Networks Reaches Out (of the blue)

Early last week I published part one of this on-going saga of disgust and corporate apathy, but what happened a few weeks prior to that is what accelerated my interest in Quasi Networks and resolved me to eventually just call them out publicly.

On October 3, their ‘abuse team’ (which appears to be just one guy) contacted me, seemingly at random, saying they understood I had some complaints about one of their clients and to contact them and they would look into it. The odd part is that I had not contacted them previously from this email account and their reaching out to me was essentially unsolicited and not specific to any complaint I had sent them. Continue reading “Part 2: Anon-IB, Quasi Networks, and the Exploitation of Women”

 

This article is the first part of a series of articles I am publishing about my dealings with a cesspool on the internet and my colleagues and my coordinated attempts to bring it to the attention of various network peers, internet policy organizations, law enforcement, and victims of attacks originating from there, as well as raising general awareness. This gets dark quickly, as we will be discussing topics such as local revenge porn in a town near you, child pornography, bank account phishing, and other cyberattacks.

Anon-IB and its Abuse of Women and Teens

Several weeks ago, an old classmate brought to my attention an anonymous image board called Anon-IB. The image board acts as a hub for the sharing of revenge porn and slut-shaming: people from around the country request and share sexually explicit photographs taken of ex-girlfriends, hacked or stolen mobile phones, or other personal caches they have accumulated, which they refer to as ‘wins’.

Revenge porn sites are a thing many are now aware of, but what makes this one different is the website has separate boards dedicated to each state; locals from various cities, my hometown of Jacksonville included, create local threads for their city where they and others can post and request nude images or videos of local young women, without the victims’ knowledge or consent, often by name and including other personally identifiable details. Continue reading “Anon-IB, Quasi Networks and the Exploitation of Women”

 

For the last two weeks it seems my mind and time has been consumed by PCI DSS, the Payment Card Industry Data Security Standards, a document written by the PCI Security Standards Council. The Council’s founding members are American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc. At the time of this writing the current version which I reference throughout this article is v3.2 published in April 2016. References are available at the bottom of this article.

I am going to recap some recent experiences I had with PCI compliance and small/medium-size businesses (SMBs) in the central Illinois area. Continue reading “Credit Card Security Practices in Rural Illinois”

 

Last night I answered a question from journalist Micah Lee via Twitter where he was looking for the easiest way to make Tor run as a service in Windows. The question is answered in the Tor Project’s FAQ, but I felt the instructions were a little lacking for someone that is non-technical, hence the reason I decided to write this.

Running Tor as a service separately from the Tor Browser has several benefits, most of which is that Tor continues running even when the browser is closed. This lets the user utilize Tor for other services, such as (but not limited to) instant messaging, email, or remotely accessing other computers through the Tor network. It also gives the user easy control over the service, as starting, stopping, restarting, and disabling a service is a trivial matter. Continue reading “Running Tor as a Windows Service with the Tor Browser Bundle”

The post, titled “Why I won’t recommend Signal anymore,” piqued my interest as I spend a lot of time evangelizing Signal to virtually anyone I interact with, for reasons which I have spent several years discovering. I immediately thought, “What did this guy discover that I’ve so blatantly missed?” and read through the article.

Unfortunately, there were no real revelations as the points the author raises have been well discussed publicly by Open Whisper Systems (OWS) and Moxie Marlinspike (Moxie) and seem to omit quite a bit of perspective in Moxie’s and OWS’ stances on the issues and also the threat model Signal is assuming with their users.

I’m going to provide some brief background on Signal, Open Whisper Systems and Moxie Marlinspike, then head straight into my response, point-by-point, offering additional context on each issue raised by the previously mentioned author and my thoughts and findings when researching these issues. Continue reading “Managing Security Trade-offs: Why I Still Recommend Signal”