Spammers Corner: Frank from the UK

I think this Spammer appreciated the humor behind my replies. God bless you Frank Mercer and good luck with your $12,500,000 USD.









Evernote EXB File Puts Your Notes At Risk!

Evernote has been a well respected, popular note taking application used my millions of people worldwide for quite some time now. I myself have been a promoter of Evernote and even a paid customer at one time. Keeping this much data from prying eyes can definitely be a  challenge for many companies. In 2013 Evernote’s systems were breached and 50 Million users were forced to change their passwords for precautionary reasons.


I wanted to share a security issue I have discovered with Evernote, not to throw stones at the company, but to spread awareness to help secure the confidentiality of your notes in Evernote.

A few weeks ago, I switched over to a new laptop at work. I was poking around in my Evernote database folder on my system and was particularly interested in my EXB file. The EXB file is stored in the C:\Users\%USERNAME%\Appdata\Loca\Evernote\Evernote\Databases folder and acts as a local replica of your Evernote database. All of your notes are stored in this database. When you update or create a note, that data gets stored in the EXB file and gets synchronized back to the cloud under your account.

So what’s the risk?

Evernote EXB files are stored in plain text. The file is named with your user name with the extension .EXB. For example, if your Evernote user name was JohnDoe1999 then your EXB file would be JohnDoe1999.EXB. What I discovered was that if someone was to get a hold of your EXB file, it’s actually quite simple to access all the notes for that user without even knowing that users Evernote password.

Proof of Concept:
For this example, let’s pretend my Evernote user name is CtrlAltDel, my laptop that has Evernote installed on was stolen, and the person who found it removed my hard drive, connected it to their system and now has full access to the file system.

How does the bad actor get access to my notes?

  1. Install the Evernote client on his computer, register an account and login. Once logged in, Evernote will create a new EXB file for his account name under C:\Users\BadActor\Appdata\Loca\Evernote\Evernote\Databases. Let’s say his account is badguy101.
  2. The bad actor kills the Evernote client and terminates all Evernote processes.
  3. The bad actor renames his EXB file (badguy101.exb) to something else, and copies my EXB file to his database folder.
  4. The bad actor renames my EXB file, to his account name.
  5. The bad actor unplugs or disables his network connection so that when he logs in Evernote will use cached credentials to login.
  6. The bad actor logs in to his account with cached credentials. The Evernote application starts and opens the EXB file which he has renamed to his account which is actually my EXB file.
  7. Once opened, the bad actor can access all of my notes. Of course, encrypted notes will stay encrypted.


I reached out to Evernote to report this issue, but it appears they are already aware of the limitations of the EXB file. The response I got is that your database is stored unencrypted locally and on their server. The connection between your system and their servers is encrypted with a TLS connection and that it’s up to the end user to take precautionary steps to secure their systems to prevent unauthorized access.

So what precautionary steps can you take?

  1. Well for one, don’t install the Evernote client on untrusted or shared systems.
  2. Encrypt confidential notes using the encryption method built in to Evernote.
  3. Move your Evernote database out of the default location, and store it somewhere only you have access to it.
  4. If you’re an advanced user, consider creating an encrypted volume using a tool such as VeraCrypt and move your database to the encrypted volume.
  5. Use the Evernote Web Client only!

Written By: Amardeep Juneja

Bitcasa gives users the finger, discontinues Bitcasa Drive

Bitcasa recently just sent out a notice to all its users that it is discontinuing it’s Bitcasa Drive service for consumers and focusing on business accounts. For those of you not familiar with Bitcasa drive, it actually started off as a Beta product offering Unlimited cloud backup storage at an extremely attractive price. Unlimited storage was unheard of for most cloud storage providers, so I signed up and everything was great. About a year later, things started going south at Bitcasa and they could no longer  afford to offer the “Unlimited” plans. All users were moved to a 1TB plan at the same price, and if 1TB wasn’t enough you could opt for the 10TB plan for an affordable $995 per year…

Well, today was another dark day for Bitcasa. A notice was sent to all users to remove their data within 30 days or lose it forever.

As a customer who paid for the entire year upfront, this really agitated me. So I opened a ticket with their support asking for direction on what was going to happen to customers who paid for the full year upfront.

The response from their technical support manager was that my information was noted and I would be “considered” for a refund in 10-12 weeks.

10-12 weeks to issue a refund? And no guarantee either? This sounded extremely sketchy. After going back and fourth with the tech support manager he basically told me policy is policy and he can’t do anything else.

I am extremely frustrated with the ethics of this company. Just last week one of my  files on my cloud drive got corrupted and their support couldn’t even restore my file for me.

If you are a consumer using the drive service we are all in the same boat. If you are a business that has a subscription with Bitcasa I strongly urge you to take a moment and think about how this company has treated it’s customers.

This has truly been a rainy day for cloud storage.

NetFlow: Monitoring BitTorrent Traffic

Monitoring BitTorrent traffic can be very difficult for Security Admins. BitTorrent traffic can expose your organization to viruses, illegal downloads and copyright infringements. Although it’s difficult to detect and analyze BitTorrent connections flowing through your networks, you can use NetFlow to identify some common BitTorrent ports.


The most common BitTorrent ports are TCP 6881-6889 and port 6969 which is often used to connect to the tracker.

You can correlate the systems connecting to external IP addresses on these ports with the number of connections made. BitTorrent traffic will commonly reach out to over 100 external hosts which help quickly identify this type of traffic.


Spammers Corner: The Timeshare Customer

Finally I found someone who is interested in purchasing my timeshares (I don’t own any timeshares!).




Spammers Corner: Mrs Flora Patrick

I was presented with the opportunity to help many charities recently. As always, I took advantage!

flora 1




flora 4






Spammers Corner: Liberal Party Mail SPAM

What do you do when the Canadian Liberal Party sends you junk mail with a postage paid return envelope?

Send it back to them with some SPAM of your own! #FightSPAMWithSPAM


Spammers Corner: FedEx Delivery

I cannot believe FedEx could not deliver my package! I really needed that treasure map!


Spammers Corner!

Welcome to Spammers Corner. Where the senders don’t matter, and the replies are hilarious!

After watching James Veitch’s Ted Talks video titled “This is what happens when you reply to SPAM email” I’ve been inspired to have some fun of my own.

I’m starting a new section on this blog titled “Spammers Corner” where I respond to SPAM and see what fun I can have.

It’s time to take a stance, and #FightSPAMWithSPAM!

pfSense: How To Selectively Route Traffic Over WAN

As many streaming providers are moving towards blocking VPN providers from their services, you may need to selectively route some of your devices to bypass your VPN provider. In this guide I will show you how to selectively route internet traffic from specific IP addresses in your network over the WAN connection instead of VPN to avoid being blocked by these types of filters.

To start, set a static IP address on the device you wish to selectively route. In this example, my device’s static IP address is

Step 1: Login to your pfSense firewall. Under the firewall tab, select “Aliases”

Step 2: Click the + icon to add a new Alias for your group of hosts that will bypass the VPN. Your alias configuration should look similar to this. Click “Save” when you are finished and apply the changes:






Step 3: Now that we have an alias created, we will now need to create a LAN Firewall rule to route all traffic from hosts specified in the alias over the WAN connection. Select the “LAN” tab, and click the plus sign to create a new firewall rule. Your firewall rule should look like this:







And most important of all, ensure to scroll down and click the “Advanced” button in the gateway setting and select your WAN interface. Save the setting and apply the configuration. Once saved, ensure to move this rule to the top. By doing this the VPN bypass takes precedence over your default “route any to VPN” rule.

Written By: Amardeep Juneja