.:Computer Defense:.

Those of you that have been following SpamMailBag.com will have noticed the large number of rather disturbing emails that have been coming in. They are all addressed to the same address and I'm not overly sure if somebody is using this address out there to add it to lists, or if the spambots have just stumbled across it.

As I said, a number of these emails are rather disturbing, due to their nature I am tempted to remove them... that would however, defeat the purpose of the site. I am, however, storing duplicates of these emails. Should any authorities be interested in the mail headers, feel free to contact me at ht [at] computerdefense.org.

Peace,
HT

I had a lot of great plans for this weekend... I'd get away from computers for bit and get outside. Enjoy a nice weekend and get some fresh air... Of course, everytime you plan something, something else happens... in this case I got sick... and since the wet stuff has been falling, I'm trying to avoid venturing out. I decided that since I had some free time that it was time to check out Mike Murray's Hacking the Mind presentation from HOPE. I pulled up the slides, downloaded the MP3 and away I went. Because I didn't know where the slides linked with the audio before listening I occasionally feel slighly behind and had to click ahead to catch up, but for the most part the talk transitioned nicely from slide to slide.

It was rather interesting to listen to and follow along with. The presentation itself is around 30 minutes long with another 20 or so minutes of Q&A included in the audio. I rather enjoyed the one of the intro quotes:

“By reading this, you have already given me control over a tiny slice of your mind.”

Since the presentation is dealing with hypnosis and the human mind, and it's relation to hacking, it isn't overly technical, it does, however, depend on some prior knowledge of buffer overflows, format string attacks and data-driven attacks (Injection, etc). The relation of those exploitation methods to the human mind gives those with knowledge on vulnerabilities and exploitation a bit more insight into the world of hypnotism.

There's a hypnotist performing around the corner in an hour and a half and if I find the energy (and some cough drops) I'm going to head over and check it out, see just how much of the presentation comes into play as he performs his on stage hypnosis.

The presentation is definately worth the time, so check it out and enjoy yourself. After all, that's the point... isn't it? At the same time you should add Murray's Blog to your daily reading list. Some interesting stuff comes across it.

Peace,
HT

Yet another phishing email... these guys are cleaver... I'll give them that, a few things could have made this a much better attempt but I'm not going to point out their mistakes to help them out... instead, here's yet another email to be on the lookout for.

Dear PayPal Member, This email confirms that you have paid LWPELECTRONICS (sales@lwpelectronics.com) $474.99 USD using PayPal. This credit card transaction will appear on your bill as "PAYPAL LWPELECTRONICS*". PayPal Shopping Cart Contents Item Name: BRAND NEW NOKIA 8800 CELL PHONE Quantity: 1 Total: $474.99 USD Cart Subtotal: $454.99 USD Shipping Charge: $20.00 USD Cart Total: $474.99 USD Shipping Information Shipping Info: Bill Chang 202 N Magnolia Dr. Saco, ME 04072 United States Address Status: Unconfirmed If you haven't authorized this charge, click the link below to cancel the payment and get a full refund. Dispute Transaction

Thank you for using PayPal! The PayPal Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page.

PayPal Email ID PP120

Quite well done, no? Oh well, it's there for your viewing pleasure (Disclaimer: Don't be an idiot and provide information to any of the links you follow in it).

Peace,
HT

Those little words... I wonder if one day we'll hear them being used by the defense in a murder trial.

Defense Lawyer: Your honour, it's hardly the defendants fault. He was on hold with Rogers and the computerized female voice just kept telling him that his call was important and that he should remain on the line. I'm sure you've experienced this voice for yourself. The victim just happened to stumble into the defendants office at minute 176 of the wait for support... for this reason we'd like to plead temporary insanity.

Judge: There's no need... I've been in that situation before... I'm waiving all charges, this case is dismissed.

This may seem a little far fetched but I don't think it is. Tonight we had a power outage. Not the end of the world, but it was a pain in the ass. It lasted 5+ hours. I say 5+ because at hour 5 the battery died on the laptop (leaving us with nothing left to do in the house) so we ventured to a midnight matinee. When we returned, the power was finally back on.

So, how does this power outage relate to a comment on the Rogers "helpful" phone system. Well, the power went out at about 7:15pm, we'd just ordered a Pay-Per-View movie (The Pink Panther) at 7pm. Here we are 10 minutes into the actual movie (after I buy my movie, Rogers makes me watch 5 minutes of previews for other movies they are now showing) and I'm without power. I decide I'll call Rogers... they let you cancel a PPV X minutes in and I figure in this case they'll quite easily refund me the $4.99 or give me a credit.

So I call... I'm using a cell phone as we have VoIP in the house, no power means no phone. My phone call lasts 5 minute, we're in the basement and the signal fades. In those 5 minutes I was told that if I wanted french, I should say french, asked what I was calling about (Cable TV, Wireless, etc) and then asked for a category inside the first division (Pay Per View, Technical Support, etc). Then it wants my phone number. I say my phone number 5 times... not once does it get it correct... and then the signal faded.

The second call lasted 20 minutes (that should have been more than enough time to obtain a credit... wrong!) I entered my phone number correctly this time, and then provided the last 3 digits of my postal code (Weird, I always though that C was a letter not a digit). Interesting Side Note: You can run up somebody's cable bill by knowing the phone number associated with their cable account and the last 3 "digits" of their postal code by providing that information and then automatically ordering PPV movies. So, I'm in the
PPV menu, thinking ok I can get a refund... nope. It just starts reading off upcoming PPV movies and telling me I can order them. I press 0 frantically and it tells me to wait while they connect me to someone. I ended up waiting, while the annoying voice repeated the same thing over and over again, until the cell phone battery died. Needless to say I wasted more time than was worth the 4.99 credit, luckily the power was out and I don't feel so bad. I'm going to email Rogers at some point to see if they willingly provide the credit... if they don't, I'll be providing the email discussion here; if they do provide one, I'll let you all know.

So how does this fit into the topics of this blog... it does't have to... it's mine and I wanted to write this... but it does. It made me think back to a simpler time, a time when you could call tech support and speak to the person you wanted to speak with... no automated systems, perhaps at most a receptionist who transfered your call, no one has a system like that these days... everything is automated and it's not necessarily a good thing. It makes me think of the commercial where the guys on the phone with one of these wonderful automated systems and the voice over talks about providing the greatest system of all for phone support... a person. I realize that Rogers wants to have that fancy 1 - 888 - ROGERS - 1 number but I'd settle for dialing 1 - 888 - ROGERS - 2 if it meant I could talk to a person about Cable TV right away instead of dealing with that lousy voice prompt.

Peace,
HT

On occasion in the past, I've had the opportunity to work with CA's products. I've seen eTrust in all it's horridness... fail time and time again when attempting to clean a virus infested machine. As a little project at my former employers, I placed an unpatched XP Machine on a residence network... There were plenty of viruses and malware flying around and I wanted to see exactly what I'd catch.... This was to help find the best AV solution to recommend to the students.

While I can't say exactly how many infected files appeared on the system ( It was thrown into the wild, not a controlled environment). I can tell you that eTrust definately didn't have the best results.

While it wasn't the worst solution... it definately wasn't the best, far from it in my opinion... Now Pest Patrol Online looks good... however it was primarily registry keys and so forth...

Anyways... this was just some background into why it's "Oops, We Did It Again...". So we've established that in the past CA has had an awful AV solution... Now we see on ISC that CA released a signature the other day that detected lsass.exe as a virus and removed it... Where were the quality control implementations on that one... Users of the product are stuck without W2K3 Servers booting... This is a huge problem in my books. I wouldn't be happy with CA if they were my vendor right now.

Thankfully they have released fix instructions but for some companies the damage may have been done and this may be too little too late.

Peace,
HT

PS: Those of you interested in seeing the remainder of my research.... or getting access to the malicious binaries I pulled off the system for comparison scans with modern AV (this test was done in 2004) signatures... send me an email at ht [at] computerdefense.org.

While I was reading varies sites, I came across an interesting article on Scobleizer, Robert Scoble's blog. It seems that Microsoft intends to hardwire the startup sound in Vista. That's right... you have no say... you can't disable it, you can't turn it off... even if your audio is muted... this sound will still play. They say the solution to this is to turn down/off your speakers... This seems like an annoyance to me. The one thing Microsoft has never been able to do is come up with half-way decent sounds... They're usually fairly awful.

I'm generally fairly supportive of Microsoft. I have a buddy who loves to attack and bash Microsoft for their privacy concerns and legal practices and I usually defend them, but how do I defend this... I own the computer, I should have complete control over it... One of their excuses is that they've done this with the X-Box... There's a big difference between a PC and a Gaming Console.

I really hope that Microsoft reconsiders this... Not only will they lose a good chunk of the IT population over this... geeks want control. They'll also, IMO, lose corporations... I think that SLED 10.1 will become much more interesting.  Who wants an office where every morning 100 machines play the same annoying, crappy sound... I, for one, would not enjoy it.

Hopefully this doesn't go in the final release.

Peace,
HT