KatsBits Community

Recent Posts

11
FAQ on games, gaming & IT / Seiko 5 Field Sports Counterfeit/Fake
« Last post by kat on April 29, 2023, 09:48:37 AM »

Ever wondered what's inside a 'replica' Seiko 5 Sport's (Field Sports) watch from China? As it happens, not a lot.

First things first, how do you tell the difference between counterfeit Seiko 5 Fields Sports and the real thing.

Notwithstanding the price difference - $20 versus $200+ (assuming the buyer hasn't been truly conned, Ed.) - it's immediately apparent by the fit and finish, the initial tell being the sharp edges around the casing, barely polished out flashing from what is a stamped part. The dial of the fake has flat printed numbers whereas, depending on the model, they should stand slightly proud of the surface, so too will the branding and logo.

The back, while it might be stainless steel as is the true Seiko, the wrench grommets on the fake are poorly defined. Taking this off however, is where the lack of magic truly sucks all the light from the room, its little more than a collection of thin plastic parts and small circuit board with a battery - the one of two metal parts are primarily springs and retention brackets.

The dial facia is stepped, the minute marker being a band glued in place with crazy glue. The date and day wheels are thin printed plastic. Taken as a whole it's remarkable something with so many critical parts are made from relatively fragile plastic - if the watch works it's likely to have a very short shelf life as a result.


12
Blog / SCAM ALERT: Nord VPN Brand Ambassadorship Inquiry
« Last post by kat on April 22, 2023, 02:20:03 PM »
Similar to the previous Nike brand/sponsorship scam, another one addressed to YouTube creators, claims to be from Nord VPN Technology brand ambassador program. Sender is a throwaway GMX (German) account/address with no other Corporate or individual identifiers. Needless to say if the message doesn't come from the nordvpn.com domain it's a scam.

Quote
Dear YouTuber,
 
I hope you're having a great day today. We at Nord VPN Technology are impressed by the quality of content on your YouTube channel, and we think that a joint venture between our brands could be beneficial for all parties involved.
As a well-established software company in the industry, we are always looking for novel ways to engage with our target audience. Your YouTube channel has caught our attention due to the imaginative content you produce.
 
We are excited about collaborating with you to promote Nord VPN products to your subscribers. We have a collection of materials available for your use which contains comprehensive information about our products and services.
You can gain access to this compilation by using the password: [password]
Web Link: [URL to anonymous file sharing dropbox]
 
If you are available, we would be delighted to discuss this opportunity further with you. We're eager to hear your feedback, and we can't wait to receive you in the near future.
 
 Respectfully,
 
Victoria
Nord VPN Systems
13
News / Texture Blending using Vertex Colour (Simple)
« Last post by kat on April 19, 2023, 03:05:49 PM »

"Texture Blending using Vertex Colours (simple)" https://www.katsbits.com/codex/vertex-color-blending/ taking a look at mixing or blending materials using vertex colours/painting in Blender. Example available.
14
Blog / SCAM ALERT: Medical Exploitation Bitcoin Scam
« Last post by kat on April 19, 2023, 01:17:17 PM »
Capitalising on people's sense of charity and generosity, especially when it involves matters of health, is another avenue for scammers to bait their targets into handing over cash in the form of bitcoins. No details, other than the use of a throw-away email address, so there's absolutely no way to verify the claims made.

Given that there are a number of services available for eBegging, it goes without saying that receiving an email requesting financial aid to cover medical or surgery costs, should be deleted without response as a scam (notwithstanding the same email will be received from multiple email addresses being an obvious clue as to the nature of any messages).

Quote
Hello, I apologize for bothering you,
but I'm not sure how to get out of the difficult situation I'm in.

Maybe you could help me. I need an urgent liver transplantation,
and the surgery costs a lot of money for me.
To be precise, I need [amount needed].

I would greatly appreciate any amount you can contribute.
If you're unable to help, I apologize once again.

My bitcoin wallet: [bitcoin address]

You can buy bitcoin here [bitcoin vendor]
or choose another payment service (google search phrase "buy bitcoin")

Thank you so much for taking the time to read this,
and please take care of yourself and your loved ones, especially your family...

Scam Bitcoin Addresses
  • bc1qdnjffh9tpmphuex2pknqg3yeq4g0xvfm2ag53w
15
Blog / SCAM ALERT: Nike YouTube Creator Sponsorship
« Last post by kat on April 15, 2023, 10:04:49 AM »
Not quite sure what a Nike sponsorship of a Blender 3D content creator channel is all about except perhaps Nike taking the creators word for it they're wearing their branded clothing and footwear, even though it's never shown on-screen; "yes Nike, totes wearing the clothing and footwear rite niow!".

Were this a legitimate request, the Creator would be mentioned by name (if publicly available) or at the very least, referred to by their YouTube Channel name and come from an email that doesn't terminate in a domain name that cannot be found.

Sender: *@nikepr.store (dead).

Quote
Dear YouTube creator,

We hope this message has caught you in good health. We are writing to you on behalf of Nike, one of the world's leading clothing and footwear companies. Our team has been impressed with the excellence and engagement of your YouTube channel, and we would like to offer you an advertising partnership with us.

We believe that your channel fits our guidelines and desired audience, and we are interested in presenting our products and services to your subscribers.

We have prepared a sample ad to show what kind of content we want to present to your audience.
The ad talks about some of the features of our latest clothing and footwear collections and how they might appeal to almost everyone on the globe. We believe that our partnership will be mutually beneficial, as we can benefit your viewers and draw attention to our brand at the same time.

We are willing to discuss advertising compensation because we understand the importance of fair compensation for content creators. Our team is available to answer any questions you may have about the proposal, and we look forward to hearing from you.

Thank you for your time and attention. We appreciate your work and look forward to working with you in the future.

Our best wishes to you,
Astron.

On behalf of Nike

Отписаться от рассылки
16
Blog / Re: SCAM ALERT: Bug/Vulnerability Bounty Blackmail (Beg Bounty)
« Last post by kat on April 10, 2023, 02:11:31 PM »
A typical example of a Beg Bounty (bug bounty) scam email;

Hi Team,
I am an independent security researcher and I have found a bug in your website   [website/domain]

The details of it are as follows:-

Description:  
This report is about a misconfigured SPF record flag, which can be used for malicious purposes as it allows for fake mailing on behalf of respected organizations.

About the Issue:
As i seen the SPF and TXT record for 
[website/domain]
which is:

DMARC Policy Not Enabled

As u can see that you Weak SPF record, as valid record should be like:-

DMARC policy enabled

What's the issue:
As u can see in the article below the difference between soft-mail and fail you should be using fail, as Soft-mail allows anyone to send spoofed emails from your domains.
 
Attack Scenario: 
An attacker will send phishing mail or anything malicious mail to the victim via mail: 
[website/domain email]
Even if the victim is aware of a phishing attack , he will check the origin email which came from your genuine mail id 
[website/domain email]
so he will think that it is genuine mail and get trapped by the attacker.
The attack can be done using any PHP mailer tool like this:-

<?php
$to = "VICTIM@example.com";
$subject = "Password Change";
$txt = "Change your password by visiting here - [VIRUS LINK HERE]l";
$headers = "From: 
[website/domain email]
";mail($to,$subject,$txt,$headers);
?>

U can also check your SPF record form: 

[link to 3rd-party service-checking tool]

Reference:
[link to 3rd-party article lending 'authority' to the report]

Have a look at the digital ocean article for a better understanding!

Waiting for your reply.

Regards,
[bug/beg bounty scammer].


[images included below captured from above linked tool, referencing the parent domain name, to lend 'authority' to the report]



[image of 'fake' email using locally changed "From" address]

17
News / Install AMD Radeon ProRender for Blender
« Last post by kat on April 09, 2023, 09:22:23 AM »

"Install AMD Radeon ProRender for Blender" https://www.katsbits.com/codex/prorender/ - taking a look at installing and enabling AMD ProRender as an alternative render engine for Blender...
18
Blog / SCAM ALERT: Bug/Vulnerability Bounty Blackmail (Beg Bounty)
« Last post by kat on April 05, 2023, 03:46:28 PM »
Unsolicited Bug Bounty Blackmail

There's another relatively new fear marketing [1]/blackmail email scam doing that rounds in which someone claiming to be an *cough*ethical white-hat hacker*cough* sends an unsolicited report, from an anonymous email account, stating they've found "critical" website or email service bug(s) or vulnerability(ies) and wants a reward for bringing them to the victim's attention (essentially exploiting legitimate 'bug bounty' schemes with what is euphemistically referred to as a 'beg bounty').

Initially reports tend to relate to common website iframe (x-frame bypass), or email (DNS service, DMARC, SPF or DKIM) issues that can be discovered using tools freely available online [2], potential misconfigurations that might make it easier to spoof an email or gain unauthorised third-party [3] use of, or access to, services or content they wouldn't ordinarily be able to; malicious users (re)hosting webpage content within an iframe plastered with adverts from which they earn click-revenue (click-jacking) for example, or email spammers able to access mail servers to send unsolicited junk or mass-mailings from an address they don't actually control, often without the service owner's knowledge.

While these can be legitimate concerns they can thankfully be dealt with in any number of more fruitful ways than the type of unsolicited Bug Bounty Blackmail (beg bounty) that typically escalates in severity once the scammer knows they have a responsive target or victim; over time the scammer reports more bugs alleged to be increasingly severe, that only they can fix or provide information for, while demanding greater and larger rewards, or else [4].

Messages like this are a 'crap-shoot' for their authors however, as they are often little more than edited copy/paste boiler-plate texts or templates downloaded from internet, modified with the victim's details swapped in using a script that pulls the information from a scraped of harvested mailing list.

Needless to say, if there are concerns about the veracity of the bug or vulnerability disclosed, the best course of action is to get in touch with a business or professional that can check what's reported, and advise or action it appropriately.

In other words, a genuine, professional, security consultant wouldn't send a poorly written email, from an anonymous Gmail, Hotmail or other throwaway account, absent contact and/or business information, demanding payment for something, never mind a response.



Footnotes:

1: Fear marketing or fear appeal is a form of manipulative marketing that uses fear as a means of persuading the target into taking action they might not otherwise engage in, the blackmail then being the threat of consequence if a 'reward' or payment for action/disclosure is not paid.

2: For more on x-frame bypass see here https://www.google.com/search?q=X-Frame-Bypass+check, for more on SPF, DKIM, DMARC configurations check here https://www.google.com/search?q=spf+dkim+dmarc+check

3: Spoofing email addresses does not require unauthorised service access; the address emails appear to be from, the 'From' address or identifier displayed in an email's header, is just a text string that can be an email address, a person's name or other label, and can be altered in Outlook or other email client.

4: Unless a server or service is significantly compromised scammers are not 'hacking' services but instead taking advantage of knowledge deficits and 'social engineering' techniques to coerce compliance from the victim.
19
Guest Posts & Articles / 5 Casino Game Design Ideas From World's Top Online Casinos
« Last post by kat on March 29, 2023, 10:21:17 AM »
[Sponsored]

5 Casino Game Design Ideas From World's Top Online Casinos


When it comes to online casino game design, the world's top online casinos have a lot to give. From unique themes and innovative gaming mechanics to cutting-edge graphics and beautiful soundtracks, these casinos are constantly pushing the envelope to create an exciting gambling experience for players. Here are some of their most popular game design ideas that you can draw inspiration from:

Gamification

Gamification is a concept that has been gaining traction in the online casino industry. It involves incorporating gaming elements into the overall user experience, such as leaderboards, achievements, and rewards. This helps create captivating and enjoyable surroundings for players, leading to increased loyalty and commitment. By introducing gamification elements into their platforms, casinos are trying to provide players with a more immersive experience that encourages them to stay longer and play more often. It can also help casinos attract new customers by providing them with incentives such as bonus points or free spins when they reach certain levels or complete specific tasks. Ultimately, gamification is an effective way for online casinos to increase customer engagement and loyalty while also providing an enjoyable gaming experience for their users.

Storytelling

Another sought-out technique used by top online casinos is storytelling through their games. By incorporating an engaging narrative into slot machines or other types of games like puzzles, developers can make them more compelling by giving players a sense of purpose as they follow through the story arc. This can make the game more memorable and intriguing, which is essential for attracting new players. Storytelling through games can support creating a stronger connection between players and the brand of the casino as they become invested in the story being told. Stories can be used to introduce new characters or themes that add variety to a gaming experience. By introducing these elements, online casinos are undoubtfully differentiating themselves from other providers and attracting more customers.

Innovative gameplay mechanics

Online casinos are always trying their best to stay ahead in the competitive field of gambling by providing new and exciting gameplay mechanics. One of the best methods to do so is by giving players new bonuses and promotions that can get activated during the game. For instance, with just the right move in the game, you can win free spins, go to the next level or get access to new features. There are also mini-games and multiplayer options. But the best move an online casino can make is to introduce a new game, something completely different and rewarding such are virtual reality slots or live dealer games. With these games, you can feel like being in a land-based casino while still being at home and conversing with other players and dealers. Another great idea for improving gameplay mechanics is adding leaderboard rankings and extra rewards for loyal players. 

Visual appeal

Of course, no matter how great a game's mechanics may be, nobody will want to play it if it doesn't look appealing. That's why top online casinos invest heavily in creating beautiful visuals that help draw people in and make them feel immersed in the world they've created with their games.

Visual appeal can make or break an online casino, from the bright colors of a slot game to the detailed graphics of a virtual card table. Quality visuals are essential for keeping players engaged and excited about playing your games. With the right design, you can create a world that is inviting and exciting for your players to explore.

The best online casinos also understand that visuals must be optimized for different devices to ensure they look good on all types of screens. This means ensuring all images are sharp and clear, no matter what kind of device they're being viewed on. A great mobile experience is essential if you want people to keep coming back again and again.

Sound design

Music is an integral part of people's lives, and many experiences elevated motivation while listening to music during different kinds of work. Game developers are using that fact to the fullest by incorporating just the right sounds at particular moments in the game. The rule of thumb is that the music should always fit the theme of the game and alleviate the overall atmosphere. For example, in a slot machine game, sound effects could be used to indicate when a player has won or lost a spin. In card games such as blackjack or poker, sound effects could tell when it's time for the dealer to deal cards or when it's time for players to make their bets. Background music can also be used in online casino games to create an exciting atmosphere and keep players engaged. Music should be chosen carefully so that it doesn't become too repetitive or distracting from the gameplay itself.

In conclusion, it is important to take inspiration from the world's top online casinos when designing casino games. Look for trends in gaming and apply them to create innovative, engaging, and exciting new experiences for players.

20
News / Toolkit - Bubble Pipe + Particle + Pose
« Last post by kat on March 27, 2023, 08:47:39 AM »

"Toolkit - Bubble Pipe + Particle + Pose" https://www.katsbits.com/codex/toolkit-bubble-pipe-particle/ - taking a more comprehensive look at making a bubble pipe mesh (see "Toolkit - Accessory + Particles" for basics) with custom placed particle effect plus custom pose - there are a few steps involved depending on how the Accessory was originally made.