A couple of weeks ago, I was blown away by Antichamber and told Maribou “dude, you need to play this! This is totally a meta-discussion of gameplaying!” She sat down and did not have the whole “WASD” thing written into her DNA. I realized that the games she played, and that she and I played together, were never ever first person shooters (or, if they were, they were with PS2 controllers). The last time she played a FPS on the computer was when they still used the arrow keys. I realized that there was a lot of video game vocabulary that I’ve picked up and internalized.
So when I started playing Thief, I realized that I had to remap all of the keys… because Thief used WADX and I couldn’t get used to that because, yep, I am a WASD guy.
It’s weird what vocabularies we have without even noticing.
So… what are you playing?
I am playing “reset all my passwords again”.
I got a fairly authentic-looking e-mail this AM, purportedly from Amazon, asking me to rate/review (actual, real) recently-purchased items.
However, it gave the game away immediately, by being addressed to a username that is not associated to my Amazon, nor my e-mail accounts; so it appears someone, somewhere has somehow cobbled together one of my usernames from one site, and some recent Amazon purchase info from another, then sent me a phishing mail hoping to get more info. (Obviously, I clicked on nothing).
I have already contacted Amazon (they confirmed the mail was not from them), but wanted to get this warning out there for everyone else. My passwords had already been changed fairly recently, and are fairly strong ones. And this e-mail looked pretty legit; had they not addressed it to the username they did, my antennae might not have gone up.
If anyone has any ideas how this might have occurred, I am all ears. My first guess was that my e-mail account had been hacked, since this would be the easiest way to access both the other username, and Amazon purchase history, from separate e-mail correspondences, but the account does not appear to have been recently accessed by anyone else but me when I look at the access log to the email acct, and it had a fairly strong, recently-changed password anyway.
Some kind of e-mail interception?
preordered bioshock infinite, playing xcom enemy unknown. which i suck at hard.
glyph that sucks man. any sites you comment on been violated recently?
Honestly, there’s only one other site that I comment on all that frequently.
And even if so, I can understand how they’d get the username/email addy, but not how they are getting actual Amazon purchase history, without either getting into Amazon (which Amazon says has not happened, and I do not see any fraudulent activity) or the e-mail account (again, it does not appear anyone but me has been in there) or else somehow intercepting multiple e-mails in-flight (since some of these would contain the username, and others would contain confirmations of purchases).
dang man. hmmm. do you use amazon on your phone by any chance? or another portable?
would definitely reset the passwords on your wireless network at home, if you have one.
dhex – why do you ask about portables? I believe I have probably used an iPad to access all the sites in question. Are there additional vulnerabilities to the portable operating systems that I am unaware of, beyond the wifi aspect?
Glyph, were these things on a wishlist?
Nope. These were items I had purchased within the last couple months. It’s really disconcerting.
Direct from Amazon, or through Amazon from a third party?
Both (my initial thought was that maybe a third-party seller had been compromised, but there was at least one item on the e-mail that was fulfilled directly by Amazon).
What’s even weirder is that when I hover over the links in the mail, to the items themselves or to rate the items, the displayed links appear to be Amazon ones, at least at the highest-domain level (they show as http://www.amazon.com, followed by the usual strings of gobbledygook.)
I later noticed that there was actually another similar e-mail sent an hour prior, that didn’t even make the mistake of using the wrong username – it was “recommending” purchases (reasonable recommendations, based on similar items I did in fact purchase recently), and the prices on the recommended items appear to be correct (or close enough that they may have fluctuated slightly) when I check Amazon.
These are not the usual half-assed attempts full of misspelled words in comic sans – there is some real sophistication to these mails. Had it not been for that one small mistake (and a lot of people might not even catch that – it IS a username of mine, just from elsewhere) I might never have noticed at all.
The simplest explanation would be my e-mail acct was hacked (though as I said, my password was both fairly freshly-changed, and pretty strong – the usual mix of long string, A+N, upper/lower case, special characters, not the same PW as any other acct) – but from the e-mail acct’s access log, nothing jumps out as “not me” – the logins appear to be coming in on my usual timeframe, and from my state – while this doesn’t entirely rule out hacking, if it was hacked they are really good at covering their tracks.
Couple people suggested my wifi as the avenue of attack, but it was also PW-protected, with a long random string. But I suppose given enough time, that could be brute-forced (an avenue which I don’t THINK would work on the e-mail account, since I would hope that locks after X # of failed attempts within a specified timeframe – at least that is what I would do if I were the e-mail provider). I changed that PW too just to be safe. So far no credit card activity or anything seems off.
EDITED TO ADD: Actually, if the wifi *was* the avenue of attack, that would imply the attacker is close by, so the fact that the logins to my e-mail acct are coming from my timezone/state would be meaningless as far as ruling out hacking. This whole thing is really bugging me.
Are you signed on to an Amazon account?
Could the phishing e-mail just be a template that just points to the signed-in amazon account, thus displaying your info without the phisher actually having any access to it?
Alan – that is an interesting idea. I am not sure if I was signed in when I originally opened the mails or not.
I have never heard such of thing, and am not now signed in, and the e-mails still display the same info; so if they did do this, they scraped/saved the info.
The other day, Zazzy and I were watching a DVD down in the basement because I wanted to ride the stationary bike. We don’t have a dedicated DVD/BluRay down there so we use my old XBox360. She was controlling it but had no idea what to do… “Where is the play button? What is X? What do I push?”
Unfortunately, I couldn’t tell her which button to push because I never thought of it that way… I never thought, “The red X button is on the top…” I always though, “I push that button to do this in this game…” With the controller in my hand, I’d push every button exactly write but I couldn’t even explain it to her because it was all second-nature.
I find the same thing happens with a keyboard since I learned to touchtype. If you asked me where the L button us, I’d have to start pretend-typing to tell you. But when I’m actually typing, I don’t even think twice… the fingers just know where to go.
Ditto for any woodwind instrument. I haven’t played clarinet seriously in decades. Just on the spur of the moment, I would be hard-pressed to tell you the fingering for any particular note. Put if you put sheet music in front of me… the fingers just know where to go. The human brain is an amazing piece of machinery.
We’re getting a much better grip (heh) on how this works in the brain. It’s not really “hand-eye” or “hand-ear” coordination, or what have you.
The eye and the ear are really nothing but cameras and mikes. All that input is staged and filtered. We don’t really think A, B, X or Y button: turns out it’s actually the eye staging commanding the hand. And lots of it doesn’t happen in the brain. It happens in the spine. Same goes for musical instruments: it’s ear staging driving the hand and through the same mechanism. It couldn’t be managed in the forebrain, where we handle conscious decisions, especially what not to do. The brain don’t have the time for such mulling-over. That’s why musicians play scales and intervals, to train up those circuits.
Miles Davis said every wrong note is a half-interval away from a right note.
Hidden object games. They are soothing.
Like “Find the car keys”? I’m playing that one, too.
FAKE hidden object games are soothing. Real hidden objects suck. Good luck with your keys!
My car kxys arx right hxrx, but I can’t find thx “x” kxy!