Tuesday, November 29, 2016

Permanent Solution To Calendar Spam Attacks!

--

Over the US Thanksgiving holiday weekend, I was bombarded with two further Calendar spam rat attacks foisting fraudulent flotsam from China. I happily dispatched them with the previously prescribed method, no dangerous 'decline' required.

But better yet! Yesterday (11-29) Sean Gallagher of Ars Technica posted a permanent solution to Calendar spam rat attacks that works the charm. It shoves off spam 'invitations' (infestations) into the Mail application instead, where the crapulent assaults will be forced through your spam filtration system, killing them dead. 


√ Spam rat exterminated.



How to stop the wave of Apple Calendar invite spam
Deleting them just encourages them—and confirms your address is live.
Sean Gallagher, Ars Technica, 2016-11-28

Here is my slightly simplified set of instructions. Note that this must be performed on a desktop/laptop computer. It will not work using iOS!


1) Sign in (log in) to your iCloud account at:


https://www.icloud.com




2) Click on the Calendar icon.



3) When your Calendar page is loaded, look down at the bottom left for the gear symbol. Click on it and choose 'Preferences'.




4) In the Preferences sub-window, click on the 'Advanced' tab.




5) In the bottom section of the 'Advanced' window, labeled 'Invitations', you'll see the default radio button setting is 'In-app notifications'. Click instead 'Email to ...' your iCloud email address. (Ignore 'Use this option if...).



6) Click 'Save' in the bottom right.


No more 'invitation' infestations into your Calendar. But note! Any legitimate Calendar invitations will also be sent to your email account. Therefore, be careful when perusing your email to watch for invitations you'd like to accept. In Mail you can choose to have them added to your Calendar.


When you receive spam rat 'invitations' in Mail you can simply mark them as 'Junk'. More garbage from the same spam rats should in future be flung into your 'Junk' without your having to ask.


Reporting Calendar 'Invitation' Spam:


I had a chat with tech support over at SpamCop.net about Calendar 'invitation' spam. They kindly declined to recode their spam reporting website software to accept this new spam variety and instead referred me to another organization that might take up the challenge. But the fix Sean Gallagher provided solves the problem. I can in future toss off 'invitation' spam to SpamCop directly from Mail.


Remaining problem, iCloud Photo Sharing spam:


Sadly, there is no similar preference fix to stop iCloud Photo Sharing spam. That one is Apple's burden to solve.



--

Friday, November 18, 2016

The New Spam Rat Vectors:
Calendar and Photo Sharing

--

Today, I ran into one of the new spam rat vectors. Without any approval on my part, a two day event was shoved into my Calendar for today and tomorrow. It came from a persistent source of spam that attempts to foist ads for fake Chinese Ray-Ban sunglasses before my eyes. I've received (and reported to SpamCop.net) quite a few of their spam emails. Now they're using this new vector to get attention. How they pulled off the spam is new to me! The thing was sent via my iCloud.com account.

It should be easy to Delete anything inserted into the macOS Calendar. Right? That's the intuitive thing to do. Apple of course provide that option if you use the contextual menu while clicking on the spam calendar event. Except it's NOT delete at all. We're forced to either 'Cancel' and keep the spam or 'Decline' the event. When we 'Decline' the event, this is the same as shouting to the spam rat 'HEY! I'M A LIVE BODY! SPAM ME SOME MORE!' That's the very last thing we want to do. The spam rats will spam us further as a direct result of hitting 'Decline'.

The only recourse available is to ignore the Calendar spam. It will sit there in your Calendar forever. I hate that.

Result: Apple has inadvertently allowed a spam vector we cannot avoid! That has to end. I'll be sending Apple a kindly request to end this madness immediately. I'll also be corresponding with SpamCop.net to see if they can incorporate the reporting of such spam into their system. At the moment, their interface has no idea what to do with this kind of spam, despite the URL for the spam rat being incorporated in the 'Invite' code.

Meanwhile, similar spam is reported to be infesting iCloud Photo Sharing. Another great one Apple. :-P

Thankfully, there is a solution to this stupid spam problem in Calendar. I've provided some links to articles with the solution below. Sadly, there is not yet any solution the stupid spam problem in iCloud Photo Sharing. The best you can do is turn off iCloud Photo Sharing. When a solution arrives or Apple get their act together, I'll post again.

If you can read Dutch, this is the first website to figure out how to kill off the stupid spam problem in Calendars:

appletips, 2016-11-08

Both 9TO5MAC and TechTimes have provided translations of the solution as well as discussion:

9TO5MAC, 2016-11-09
Performing the steps below will move the spam invitation to a separate calendar, and from there, that calendar can be deleted. Thus, removing the spam invitation without having to hit “Decline” on the actual notification. . . .
Anu Passary, Tech Times, 2016-11-09
Any Solution For iCloud Photo Sharing Spam?The only option is to turn off the feature completely. To do so follow these steps: . . .
~ ~ ~ ~ ~


For those interested in the code buried behind these spam abominations, here is what I received (with personal and potentially dangerous data removed, as indicated in italic brackets):
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Apple Inc.//Mac OS X 10.12.1//EN
CALSCALE:GREGORIAN
BEGIN:VEVENT
TRANSP:TRANSPARENT
DTEND;VALUE=DATE:20161120
LAST-MODIFIED:20161118T134030Z
ORGANIZER;CN="黄周朝":/aMjUwNTI0MjYwNzgyNTA1Mqtter-QwRgjzoGWqFbNhgT2wV1SrD6
 t8E_Di4m4H-sa/principal/
UID:7F700ED9-2C8B-DE19-5648-34298F6E1BD9
DTSTAMP:20161118T134034Z
DESCRIPTION:[URL of spam rat removed] $19.99 Ray-ban&Oakley Sunglasses Onli
 ne.Up To 80% Off Sunglasses.Compare And Save.
SEQUENCE:0
X-APPLE-TRAVEL-ADVISORY-BEHAVIOR:AUTOMATIC
SUMMARY:$19.99 Ray-ban&Oakley Sunglasses Online.Up To 80% Off Sunglasses
 .Compare And Save. [URL of spam rat removed]
DTSTART;VALUE=DATE:20161118
CREATED:20161118T141038Z
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at gmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at hotmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at yahoo.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at gmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at gmail.com]
ATTENDEE;CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RS
 VP=TRUE:mailto:[Victim at icloud.com]
ATTENDEE;CN="[Victim]";CUTYPE=INDIVIDUAL;EMAIL="[Victim at icloud.com]";PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RSVP=TRUE:/aMTEyMDgzMTQxM
 TIwODMxNG5OQKIRBVWuL0Ah_fCetZ3Z3V61ZwF1SPf_pZtFhpme/principal/
ATTENDEE;CN="黄周朝";CUTYPE=INDIVIDUAL;EMAIL="[Nonsensical email address]";PARTSTA
 T=ACCEPTED;ROLE=CHAIR:/aMjUwNTI0MjYwNzgyNTA1Mqtter-QwRgjzoGWqFbNhgT2wV1S
 rD6t8E_Di4m4H-sa/principal/
BEGIN:VALARM
X-WR-ALARMUID:BCE20FBE-0652-41A3-9224-A9C3E37720AA
UID:BCE20FBE-0652-41A3-9224-A9C3E37720AA
TRIGGER:-PT15H
X-APPLE-DEFAULT-ALARM:TRUE
ATTACH;VALUE=URI:Basso
ACTION:AUDIO
END:VALARM
END:VEVENT
END:VCALENDAR
The victim email addresses were apparently copied and pasted alphabetically from a distributed spam-it list. The victim IDs in this case all started with 'derek'-something. The victim email addresses were not exclusive to iCloud, as I've indicated above.

So Apple! What's with the sloppy attention to security lately? Wake up! You're making Google look good. And that's bad.


--

Monday, November 7, 2016

Apple's iOS App Store Faceplant:
Infiltration of Hundreds of Fake Apps

--

Faceplant:

An unintentional result of a risky or stupid activity whereby a person becomes fully inverted from the normal upright position while one or more parts of the face impact the ground simultaneously with the full weight of the body.

A faceplant (also face plant) is like doing a handstand except with no hands so all that's left is your face.

~ ~ ~

Apple is in the midst of an unprecedented faceplant whereby a reported hundreds of FAKE apps have been steadily infiltrating the iOS App Store. This of course is NEVER supposed to happen. Preventing this from happening is the single biggest point of using the iOS App Store. Consider the safety reputation of the Apple iOS App Store severely damaged. This is shameful of Apple. Consider me disgusted.

Below, I've posted links to relevant articles. I'll post further links if this situation worsens.

Fake shopping apps are invading the iPhone
New York Post
James Covert, October 30, 2016
... A slew of knockoff shopping apps have quietly infiltrated Apple’s App Store in recent months, looking to lure unsuspecting iPhone owners with bogus deals on everything from jewelry to designer duds.

The fake apps mimic the look of legit apps — and have proliferated since this summer, experts said.

It didn’t help that earlier this month, Apple introduced search ads in its App Store. The fake apps are buying search terms, it would appear, to increase their exposure to consumers.

The crooks are looking to tap into the fast-growing market for mobile sales, which last year leaped 56 percent to $49.2 billion, according to comScore. . . .

Beware, iPhone Users: Fake Retail Apps Are Surging Before Holidays
New York Times
By Vindu Goel, November. 6, 2016
Hundreds of fake retail and product apps have popped up in Apple’s App Store in recent weeks — just in time to deceive holiday shoppers.

The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.

“We’re seeing a barrage of fake apps,” said Chris Mason, chief executive of Branding Brand, a Pittsburgh company that helps retailers build and maintain apps. He said his company constantly tracks new shopping apps, and this was the first time it had seen so many counterfeit iPhone apps emerge in a short period of time.

But there are serious risks to using a fake app. Entering credit card information opens a customer to potential financial fraud. Some fake apps contain malware that can steal personal information or even lock the phone until the user pays a ransom. And some fakes encourage users to log in using their Facebook credentials, potentially exposing sensitive personal information.

The rogue apps, most of which came from developers in China, slipped through Apple’s process for reviewing every app before it is published. . . .
~ ~ ~

Be safe out there kids! At the moment, Apple doesn't have your back. (-_-) zzz

--