Hello and welcome to the Monday, February 2, 2020, 26 edition of the Sands and at Storm Center's Stormcast.

My name is Johannes Ulrich, recording day from Jacksonville, Florida.

And this episode is brought you by the Sands.edu undercredit certificate program in Applied Cybersecurity.

Security.

Last week, I started adding some CAPTCHAs to the Internet Storm Center website.

I had to do it.

I didn't really want to do with CAPTCHAs and such, but we did get a ton of requests.

It's just screen scrape, some pages that are available via APIs and some of our public

data feeds.

So please use those if you need the data or let me know if you're under any problems with

the CAPTCHAs.

It did cut down the load on these particular pages by over 90%. So more

than 9 out of 10 requests to those pages were created by bots. In Diaries today, we had, well,

one from Friday, and that's about a little fishing trick that at least was new to me. So whenever

any company is setting up a simple way to host free web pages, it's often being abused

for fishing. Google Documents, not really an exception here. Google Docs, I think is the

official name. But what Google actually did to prevent some of this is to add a very obvious note to the

bottom of each page that this is host by Google Docs and also links to report

phishing pages.

Well, one of our readers, Charlie, he observed a phishing email that redirected to a Google Docs page that did not

have this notice. And there was a fairly simple trick that was played here. At first, I thought

maybe they played some HTML trick or such to hide it, some style sheet or whatever. Well,

...