LogMeIn Security Update

This one surprised me today.

LogMeIn sending me an email, that was already a surprised since I do not recall creating an account there, but the most surprising was the text in the email saying "download this certificate". Any semi-knowledgeable person would know that certificates are on servers and just work. You do not specifically download them.

Also, as a server administrator, if it were truely a fix for Heartbleed, man! That company was S.L.O.W.

The two URIs in the email would say one thing and be something completely different. Both would send you to a hacked WordPress website:
http://easyrecipeswith.com/wp-includes/SimplePie/Net/logme.php

Message-ID: <0KI2D4OB.1688695@righthemisphere.com>
Date: Tue, 28 Oct 2014 15:14:08 +0100
From: "LogMeIn.com" <auto-mailer@logmein.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: <contact@halk.m2osw.com>
Subject: October 28, 2014 LogMeIn Security Update
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Dear client,

We are pleased to announce that LogMeIn has released a new security certificate.

It contains new features:

The certificate will be attached to the computer of the account holder, which will prevent any fraud activity
This SSL security certificate patches the "Heartbleed" bug discovered earlier this year

Download the attached certificate here https://secure.logmein.com/update/cert_client.php. Update will be automatically installed by starting it.

As always, your Logmein Support Team is happy to assist with any questions you may have.

Feel free to contact us by visiting https://secure.logmein.com/contactus/

Submitted by Alexis Wilke on Tue, 10/28/2014 - 14:16

Add new comment

The Scam Pages of Alexis Wilke

Number of Scams

LogMeIn Security Update

Recently added scams

Recent blog posts

Legal