- Maldoc analysis with standard Linux tools, (Sun, Jul 22nd) July 22, 2018
- BTC pickpockets are back, (Sat, Jul 21st) July 21, 2018
- Weblogic Exploit Code Made Public (CVE-2018-2893), (Fri, Jul 20th) July 20, 2018
- ISC Stormcast For Friday, July 20th 2018 https://isc.sans.edu/podcastdetail.html?id=6088, (Fri, Jul 20th) July 20, 2018
- Reporting Malicious Websites in 2018, (Thu, Jul 19th) July 19, 2018
- 4053440 - Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields - Version: 3.0 January 9, 2018
- 4056318 - Guidance for securing AD DS account used by Azure AD Connect for directory synchronization - Version: 1.0 December 12, 2017
- 4038556 - Guidance for securing applications that host the WebBrowser Control - Version: 1.0 August 8, 2017
- 4033453 - Vulnerability in Azure AD Connect Could Allow Elevation of Privilege - Version: 1.0 June 27, 2017
- 4025685 - Guidance related to June 2017 security update release - Version: 1.0 June 13, 2017
I am going to go ahead and admit it to the internet that I was looking for something quickly last night and did not practice safe searching…. I had multiple tabs open, including my gMail and I was the victim of a cross site scripting attack.
Last night I was looking for a file converter for a document my wife had received from one of her students so that she could open and grade his paper. I had a bunch of tabs open and a google hangout ongoing and did not think to start a new chrome window for my searching, which I typically do. I run chrome extensions like uBlock Origin, and Privacy Badger, and some others. This attack went totally unnoticed to all of the tools I have to monitor my privacy.
When someone notified me I had sent them spam I asked for the view source of the message. It can be found here if anyone is interested. I redacted the email addressees and names,but left the servers and client data present since it is the client data and servers of a spammer, I don’t think they will mind.
In the mean time until I got the above email source data I thought my server where I host linward.net might have been compromised and began scanning it frantically. There were no authentication attempts against it and nothing out of the ordinary in the logs. I changed all passwords on the system and then checked all of the activity on my gmail account. No logins from strange IP addresses and nothing in my sent folder related to the spam activity.
After receiving the header information I was somewhat relieved to see the message was sent from Seoul, Korea using a client claiming to be Outlook 2013. Relieved because I do not live in Korea, nor do I even have a copy of MS Outlook installed on any of my machines especially not 2013.
I wanted to put this out there to see if anyone else had encountered anything like this in their day to day work. It was strange and totally creeped me out, I had not seen an attack like this before in person and I wish I could have isolated the site doing it so I could have notified the host.
It is completely against standard practice for any of us that are even remotely involved in security to admit our mistakes and/or seek assistance form the community. If everyone keeps quiet about every problem that we face, how we will ever make headway against attackers? It is obvious that the attackers are sharing information on tools and attacks. Otherwise we would not see so many copycat scripts and professionally produced malware toolkits out there for download and use to create mayhem. This is me “putting it out there” to everyone else. I was played by a cross-site-scripting attack and I want to inform others so that we can work together on the side of good to combat it and make headway against the attackers. Any suggestions for chrome or other browser extensions to block this kind of attack are welcomed. I can be reached from the contact form on this blog that nobody reads or @lin_ward on twitter.
being weird is ok
I was listening to a podcast that brought up an interesting point. How much energy do we waste trying to see ourselves through the eyes of others? We try to posture and preen ourselves to make as appealing a persona as possible. Instead of all that posturing why not just be ourselves and if that person doesn’t like us for who we really are, then it’s their loss. You don’t need people in your life that you have to put on a mask for. Life is hard enough without trying to remember what personality you have to present to each person that you interact with.
We all do this to some extent but to what end? I think really most of us do this thinking we are making ourselves more appealing to those we are interacting with, but maybe we are just coming off like weirdos. It is impossible, without just flat out asking, to know what another person is thinking. Beyond that, how do you really know they are telling you the truth? If a person I already perceive is a weirdo starts asking me what I am thinking about them I am going to tell them whatever it takes to make them go away. Having witnessed a lot of this behavior recently is really off putting. If I did not admit that I was guilty to some extent of this same behavior I would be a complete hypocrite, which I am sure that I am, on many things, just not this behavior anymore (or maybe any less we all lie to ourselves about what a great job we are going with “insert behavior/diet/task here”). I made a pact with myself to be more real around people and deal with the consequences of that rather than try and manipulate the interaction. Since making a concerted effort to really just say what I want to say, not what I think people want to hear, I have seen some interesting results.
By nature I am an introvert. It is not true to say that I don’t “like” people, I just like them in smaller quantities and time frames than some other people might. People are still extremely important to me and I fiercely loyal my friends. To me, close friends are just like family and I love and cherish both groups in much the same way. As an introvert I am a student of observation. Once a scoring system is established for people watching where we can play for points and keep score, I am going pro. It is a pass time that I can enjoy anywhere sitting quietly and just observing. Being in meetings at work, or services at church where I occupy the sounds / projection booth (which makes me invisible), or just watching awkward social interactions between my other nerdy friends is always interesting. I can see a conversation start and just watch the jousting between the parties involved trying to feel each other out and find common ground where the can establish parity, and then being the bragging to establish dominance. Next time you meet a stranger slow down, listen more than you speak, and see if you observe a common thread in the way new acquaintances are formed. First the commonalities be it people, place, or thing and then the quest to establish a hierarchy about that shared interest. There doesn’t have to be a winner you know…
I propose a new paradigm. Introduce yourself “Hi I am Lin, and I am an complete Fanboy for TopGear” and when they start to tell you how much more they know about the show, or whatever you are sharing an interest in, just let them go. Listen and converse without jousting and trying to find an angle where you can share you deep insight into nerdy nonsense. One of my lifelong best friends and I recently went to a hacker conference that we had both always wanted to go to. It was an amazing experience. We had so much fun just hanging out together and meeting new people. This social situation I was explaining up to this point was in TURBO mode. All of the hackers all wanting everyone to look at me look at me I am king of the Nerds! What does it really matter? Why not just enjoy all of the information sharing and events? Anyway all of this is just a long way to say – you can’t really know how you look through someone else’s eyes so quit torturing yourself over it. Be yourself and if people don’t like who that is then you don’t need them in your life.
Everyone has their quirks and we all feel that our own special brand is the strangest most potent form the world has ever seen so I won’t get into that argument here, but I feel if people can love me just the way that I am; then they are special people and deserve that I treat them in a reciprocal manner. The hardest part about becoming a grown up is learning to deal with your discomfort in your own skin. I say becoming, and not being, a grownup because I don’t think I have *made* it yet. The constant process that over time, hopefully, yields comfort in your own skin is painful and takes time. However, I hope the end results is worth the time and effort. Maybe nobody is every fully comfortable with who they are hiding it just becomes easier. Each and every day I assume today is going to be the day they discover I am a fraud and march me right out of my life. I don’t have it all together, I don’t have it all figured out, and maybe that awareness and discomfort is what keeps me on my toes and trying harder. The certain fact of the matter is that I don’t have it all figured out. We all need to spend less time looking down at our personal distraction devices and more time interfacing with people around us. It is ok to have some quiet now and then. I constantly see people walking around with headphones in during supposedly social situations. Is this a ploy to keep the world out, or to keep themselves from dealing with their own thoughts?
Is everyone else out there feeling these same things? Are we all stumbling through life constantly, introspectively, examining the minutia of life , or am I just as weird as I think that I am? Those are the questions I want answers to. Does everyone have an inner monologue constantly running though all of the details of life? If so what does it say, how do you slow it down or shut it off or even just take a break. Mine does not give me a moments rest. There is a never ending list of things to do, places to go, and stuff I want to say or experience. Maybe I am overly introspective and as weird as I feel sometimes. Do we all feel alien from time to time?
As this year winds down and next year starts off like a sprint I want to take more time to spend with my friend and family and enjoy that time that I can be as much “me” as I dare to be with no filter and no judgement. We all need safe spaces like to practice letting our guard down and freeing ourselves of this constant desire to position the most “attractive” versions of ourselves to everyone that we encounter. To break this down to the most basic of aspects – that is the version of ourselves that God sees and he still love us. We should learn to love the real us, to love it enough to let it out and not care if it isn’t the perfectly packaged personality that the world wants it to be. We are called to love other people and if we don’t know how to love ourselves and embrace all of our own quirks and weirdness how do we loves others with all of their hangups. It is a tough dichotomy we are presented with, but it is not insurmountable. Love yourself, love others, overlook the small hangups we all have, and enjoy your holiday with family and friends.
Something to talk about…
I finally figured out something involving technology that I can write about, and remain employed. It isn’t that I haven’t had anything cool to talk about in the last year. The problem is, I am not allowed to talk about my job on the social medias… so there’s that. I have had all kinds of cool things to talk about over the last year it just wasn’t something that I could share with the world. My newest hobby is actually an old hobby. I have been working on video editing for my church. It is something that I have not been working on intently since I was in high school. Way back in the olden days (the late 90’s) I worked after school doing video editing. I have used iMovie and some of those tools over the years here and there, but in the last 2 months I have been in it every week editing the weekly sermon and making video bumpers for different events here at the church. Creating digital media has never been my strongest skill so it is making me stretch to work at coming up with ideas. Here is a link to the YouTube Channel we have started. Really the editing portion of it has been pretty easy chop off the front and the back and then upload it to youtube and embed it into the website. It has still been fun. I am also working on creating some new motion graphics for the bumpers on the sermons. Here is the first one I have done. I download Motion from Apple to get me started. This is my first project I am working now on some more loops to welcome people and announce events. I will most them here as I get them worked out.
It has actually been really fun to get away from the engineering side of things and be creative. At first I was dreading it, but now it has become an outlet. To learn about how Motion works (I am by no stretch an expert) I found some cool videos to get my started and I went from there. Here are some of the videos I watched to get reintroduced to video editing on Macs.
33 today – another year in the books
I haven’t been posting as regularly as I would like lately. The last few months have been a blur. It seems that everything has been changing in the last year and then the last few months it ramped up even more. In the last year we (my little family) have experienced some major challenges and been through some changes and battles that we never saw coming.
Both my wife and I have switched jobs in the last year, for me just in the last 3 months. Today marks 3 months at my new job and I am really enjoying it. I have been learning a completely new area of IT and I have enjoyed the challenges of being stretched in new ways. I miss many of my friends and co-workers that I have spent years getting to know, but this was a change that was in the best interest of my family. I am home every night and have an amazingly regular schedule that allows me to attend soccer practice and swim practice and many of the things I just couldn’t get home for early enough previously. My wife is teaching at a new school that she loves, her second year starts tomorrow, as well as Ayden’s. They are loving it there and are both growing in new and different ways. Jamie is teaching subjects that she hasn’t taught before and Ayden is amazing me more each day with how he soaks up and retains everything.
However, it hasn’t all been unicorns and rainbows. I lost two grandparents in the last few months and that has weighted heavily upon us. A big part of why we have never left the town that we are from is out families. Jamie and I are both extremely close with our families and losing two grandparents so close together was really hard on all of us, especially Ayden.
The other dramatic change has been that in the last year Jamie and I have taken up serious focus on our health. I have lost 50 pounds since this time last year and I have never felt better. All 3 of us are participating in 3 5K events is just as many months. It is going to be a fun time, which is never something I would have said about exercise previously, but it is fun because we are all doing it together.
Finally, we have spent a lot of time this year with our friends. We have made new friends and had some friendship attrition as people have grown and changed. If anyone knows me well, you know how important my friendships are to me and I take them seriously. If I call someone my friends it doesn’t mean I would call them for dinner, it means I would call them to help bury a body. We have rekindled some old friendships and made some new ones that I hope last a lifetime. My granddad used to say if you can make if your whole life and be able to count yourself as having 5 great friends you were really blessed. We are beyond blessed and it means a lot to have these people in our lives. To Jamie and I friends are synonymous with family and we are blessed to have such a large family.
Anyway that is all for now I hope to be able to get more time to post as I get more into the groove with this new job.
Helpful WordPress Plugin
I have been using a free WordPress plugin to track unauthorized attempts to login to my WordPress instance. It is called “Limit Login Attempts” and can be found here: http://devel.kostdoktorn.se/limit-login-attempts. It comes configured to allow for 4 bad logins before blocking an IP address for 24 hours. I set mine up this way and watched over the next few days as the same IP tried every day and got blocked every day. At least this user is persistent, not smart, but persistent.. and noisy. Anyway, I have now moved the lockout time to 9999 hours (the max the box would allow for) just so I get less emails about this attacker.
Once you configure the “Limit Login Attempts” plugin it will send you a nice email reminder when it blocks someone that looks like this one below:
Each time I see this email it just warms my heart, maybe I’m a little bit broken…
I could also edit my .htaccess file to block him/her, or the entire country the IP is originating from. However, that would cut into my fun of watching what is going on. That is what this is about anyway, my entertainment. There is a great site to help you write and edit .htaccess files that can be found here: http://incredibill.me/htaccess-block-country-ips there are some more specific tuning resources to be found here for .htaccess http://www.netmagazine.com/tutorials/protect-your-wordpress-site-htaccess
Another option is to limit your logins based on the originating IP address (this is a smart idea). If you are on the go as I am often connecting from your phone, home, and or work this is not your best option as the rules will get long and messy. It would also be “recommended” to disable or hobble your admin account. I set my admin account to a basic read only account and used a complex password generator so if you can get into that account, it’s yours read all you want, but no posting.
Screenshot of the Plugin and it’s Logs, click on images for a larger view.
MySQL Backup and Restore
I was having a time moving my blog from one database server to a newer one at my hosting company that had more space and was reportedly faster. After banging around for a bit I found it was most easily accomplished from the command line using only two commands. These technique requires access to your web host via SSH, and some knowledge of the *Nix command line.
mysqldump –host=server.name –user=user.name databasename -p > filetocreate.sql
You will be prompted for the password which you can enter. The file will be output into the folder you are currently in. After this completes you can upload the file to your new database host with the following command:
mysql –host=new.server.name –user=user.name -p databasename < fileyoucreated.sql
Again you will be prompted for the password which you can enter and the database will be streamed to it’s new location. Once that is done backup wp-config.php and then pop into your wp-config.php and update the database name, username, database host name and password. Cross your fingers and open the site back up to see the results, your mileage may vary. Drop me a message if this doesn’t work for you.
As anyone that knows me already knows I am ADHD personified at times. However, that is not what this post is about it is about another form of ADHD (Active Defense Harbinger Distribution) which a Linux distribution that provides honeypot services and a whole lot more. There is some questionable legality in parts of the whole lot more, so I am just experimenting with the honeypot features. I forwarded a few ports to it on my home firewall so I can watch and see who is scanning me. This distribution is capable of tracking back to a hackers source, but until more legal precedents are set I will be content just to know who is scanning me.
If you want to download it for yourself you can get it here, but be warned some of things in the package could get you into trouble, take care what you make public to the internet: http://sourceforge.net/p/adhd/wiki/Home/
It was created by some of the security minded folks that are creating inroads into offensive countermeasures: http://www.sans.org/course/offensive-countermeasures-defensive-tactics-work
Raspberry Pi – VPN & Proxy
Like a lot of people I purchased a Raspberry PI when they were all the rage about a year ago. Initially, I was super excited like everyone else about this piece of hardware that was going to change the world and bring affordable computers to everyone – fast forward a year – my Pi was sitting on my desk staring at me and I felt guilty for not putting it to better use. Several of my friends had used theirs to start programming projects or a XBMC servers. I am not much of a programmer and I already have Roku boxes on all of my TVs so it basically got booted up from time to time to show others that it was a tiny device that could hook to an TV with an HDMI port and surf the web… not earth shattering stuff.
I decided that my Pi needed to find new life as a part of my network. I went to http://www.raspberrypi.org and downloaded the newest version of their operating system referred to as Raspbian “wheezy” – it is based on Debian Linux which I regularly use in my job as a security administrator. However I use it mostly to launch Nessus scans from or NMap hosts with. NMap the Pi can do… Nessus not so much. I recalled some articles I had read on LifeHacker.com about using the Pi as a VPN / Proxy to put your traffic behind. Ok, I travel quite a bit so this could be my use case. I am not knocking LifeHacker, I am a regular reader of their articles and have found it to be tremendously useful resource. However their material on making the Pi into your web proxy was referencing specific versions of software that made the article useful, but not especially helpful to someone new to using the Pi or Linux.
Well now that I am into this post, we should probably flash back to the beginning and start with a Pi that is dead, lifeless, and sitting on a shelf. First we will need an operating system. The one I mentioned above is the way to go for this project. Once it is downloaded it needs to be uncompressed to SD media. There is a great guide to be found here – http://elinux.org/RPi_Easy_SD_Card_Setup – what this guide doesn’t readily mention, and that it took me about 20 minutes to figure out, is that if you have fat fingers (guilty of ham hands here) it is easy to accidentally “lock” the SD card and make it read only. The GUI tools that load the OS do not warn you of this fact. I only discovered this after I got fed up with the GUI and went to do the command line route. First command I type it tells me that the destination is read-only. After I removed my palm from my forehead and flipped the switch I returned to the path of the GUI. This only takes a few minutes and once it is done boot up the Pi for the first time.
What none of the guides told me, but I quickly figured out on my own is that the Pi doesn’t always start up correctly the first time. If you don’t see any video on the screen unplug the power, reconnect all of the cables, and re-insert it. When the Pi boots for the first time it will give you a menu to reset the password for the Pi user (it defaults to raspberry). It also allows you to enable the SSH server – do this, and it allows you to say if you do or do not want to GUI to start at boot. I went ahead with it starting but I may turn this off later as I am mostly using this guy for VPN and Proxy. I want to conserve as many CPU cycles as I can to devote it to passing my VPN packets. Once the Pi is up and running the rest of this can be done from your workstation it needs no monitor on the Pi just an SSH session. To get the IP Address use the Terminal shortcut on the desktop of the GUI, or from the Terminal that it boots into if you did not enable the GUI, -and at the Terminal type ifconfig to get the ip address of the Pi. Make a note of this address we will need it for the following steps.
Using SSH – if you are already an avid SSH user skip to the next paragraph, if not stay with me I am going to give you two simple ways. On a Mac open your terminal – shortcut way is Press Command and Space start typing the world terminal and hit enter. This will bring up a strange white box that will feel foreign to many Mac users. In the terminal type – ssh pi@ip address of your raspberry pi – it will prompt you to accept the key just hit Y and enter the password you changed in the boot menu or enter raspberry if you forgot to change that default password. On a Windows machine there is no default SSH client so you need to download a client. The client that I recommend is putty and can always be found here – http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html – putty has a GUI enter you Pi’s ip address, username, and password and get connected.
Now – we now have a fully functional Pi that is running Linux and providing us with a shell via SSH. The next two commands you are going to be typing in your sleep and wishing that every operating system that you use contained – sudo apt-get update – and once that completes – sudo apt-get upgrade. These two wonderful commands will scour the internet repositories for updates and then apply them in the second step, this keeping your Pi running with the newest software available.
I know this seems like a lot, or maybe I am just wordy. Now we are ready to continue on. There are 3 files we need to download that we are going to need later.
1. The installer for Hamachi http://secure.logmein.com/labs
If you haven’t used logmein before – be ashamed be very ashamed. Instead of going to the download page you will be presented with a login page. Login, open the link again and then you will see the LogMeIn Labs page. Click on Hamachi for Linux which at the time of this writing is in Beta. Hit learn more to see the list of software versions. The one I had the best success with was the file under ARM (processor type in the Pi) that ends with .tgz This is a tar file that is to be downloaded to your workstation and then copied to the Pi and installed from.
2. The installer for Webmin (an admin tool that comes in handy)
Go here http://webmin.com and click on Debian Package there is only 1 webmin package for all processor types it is not picky. Once it downloads it is time to get installing.
Open your favorite secure ftp client I prefer Cyber Duck on the Mac and WinSCP on the windows platform. Configure the client to connect to the Pi the same way you connected using SSH – we are using the same service on the Pi and the same basic protocol just some different features that it offers. The folder you connect to by default is the home folder of the Pi. When you connect via SSH or SCP you will be presented this folder first for whichever user you authenticate as. It is a good practice to create a folder here for storing your files. I usually go with source, but call it whatever you like. Just right-click and create the new folder, dragging your files over and dropping them into the newly created folder.
After the file copy completes. We can install the Hamachi VPN service. Back in the LogMeIn webapp you can access Networks, and My Networks. This is where you create and name your Hamachi Free VPN connections – up to 5 computers. It is best to create for our purposes a Mesh network topology and add you laptop or other computers that you want to proxy/VPN traffic on. Knowing your login name and network name will be very important shortly.
To get the Hamachi client extracted and installed first return to your SSH session and navigate to your software install directory use cd source or whatever you named it. CD stands for change directory in Linux, Mac, and Windows. The command is similar in all of them. You can use cd .. to back up one level or pwd (Mac and Linux) to know exactly where you are in the file system. Inside of the source folder you will see logmein-verison number information-armel.tgz. This is the file we will need type sudo tar –xvf and the .tgz filename. We use sudo to run commands as the root user – similar to administrator on a Windows machine. Tar is used to expant the tarball file we are working with. Once the process returns you to the prompt use ls to see what you have created and cd to move yourseld into the new folder. When you do ls now there are several files, the one we are interested in is install.sh to execute this file use the command sudo ./install.sh to start the install. If you did’t already know using the tab key on the keyboard will autocomplete filenames and commonly used commands in most operating systems.
The install will complete and we are ready to join our Hamachi network. First run sudo hamachi this will show you that the Hamachi program is running and connected. Next is sudo hamachi attach “email address you use for LogMeIn” and hit enter this will set your Pi to reference your LogMeIn account, next use sudo hamachi join “Name of the network you created”. This will prompt your for your Hamachi network password, if you it great, if not no problem. Return to the LogMeIn portal and to the My Network section and you will see the new machine at the top of the list. If you haven’t altered the default hostname of the Pi it will appear as raspberrypi. Edit it and move it into your Hamachi network. It should rapidly appear in the Hamachi window on your laptop or desktop.
Now we are ready to install the proxy server. This part is a breeze do to the amazing apt command. Simply type sudo apt-get install privoxy and hit enter. This will install the software and configure it. We only need to make one minor change once the install completes. Answer Yes to any question that pop up during the process. Once you are returned to the command shell type sudo hamachi to view your hamachi IP address, write it down we are going to need it in the next step.
The privoxy service needs to know that it will be contacted on it’s Hamachi IP address. We can define this behavior in the config file for privoxy using nano, a simple text editor for Linux. There is the more powerful vi, but this is for beginners not seasoned Linux veterans. First use this command cd /etc/privoxy/ to take us to the privoxy files use sudo nano config to open the config file as the root user (so that we have rights to change it). We have to find the space that needs editing so the simplest way is to hold down control and press w for the search command and search for localhost:8118 – go to the line below this one and mirror the syntax of the line above with localhost like this:
listener-address hamachi ip address:8118
The space between the listen-address directive and the Hamachi IP address is a tab not a space to enter it that way. The 8118 is the TCP port we will be using to connect with. Once you have the edit in there properly control X to exit and answer Y for yes to save and exit.
Now we need to restart the privoxy service – sudo service privoxy restart will take care of it from the command line. Most Linux services can be restarted so that they can affect changes to config files without the need for a reboot unlike some operating systems… windows. Now with the service restarted configure one of your browsers to use the Hamachi IP address as the proxy IP and enter the port as 8118. If you can connect to the internet you are now browsing across your VPN, but for a real test you are going to have to leave the comfort of your computer room to test it.
The final step for this article is to get WebMin installed. This is a great little utility for administrating Linux machines. It would be most helpful to set a root password. By default on Debian machines they do not use the root account much. To set this password use sudo passwd root and follow the prompts to set this password. Make note of it and keep it safe. Move back to the folder where we put the install files cd /home/pi/source/ as in my previous example. To start the webmin install sudo dpkg –I webmin-version-number.deb This will start the dpkg (debian package utility) installing the .deb (debian package) installing but it will not complete. There are several other files that WebMin needs to run. We are going to cheat and have the operating system find them for us. Once the WebMin installer errors out there will be several missing packages. I picked one called apt-show-versions (it doesn’t really matter which) and entered sudo apt-get install apt-show-versions after this completes I ran sudo apt-get –f install this command will find the dependencies for installed software and install them. When it competes it will tell you the login URL for your webmin instance. You can use the Hamachi IP just don’t forget the HTTPS:// in the front and the port :10000 at the end of the URL. When presented with the WebMin login page give root for the username and the password that you configured earlier in this paragraph.
Now you have a handy utility machine that can be accessed safely from virtually anywhere that you have internet connectivity. As I use the Pi more I hope to create more post showing how I am making use of my ultra cheap computer to make my computing more fun.
Social Engineering Call
So this afternoon I got a call from a strange number – 248.562.1268. When I answered it was an Indian fellow who told me he was calling from tech support to help my computer. He said the last time my computer went online that it downloaded a virus and he wanted to help me fix it. At this point my day was made. I have been hoping that they would call me because I wanted to see what website they were directing unsuspecting users to. He told me I needed to be in front of my computer, which I wasn’t, so that he could help me. I got a scrap of paper and took notes and pretended to play along. He wanted to know what version of windows I was running before we got started. I said Windows 7 so he would keep going. First he wanted me to hold down the windows key and press “r” on the keyboard, this is the shortcut for the “Run” box on Windows. He phonetically spelled out “prefetch” so I played along and he said all of the files in there were virus files and to delete them all. Next he said to type “eventvwr” which launches the Windows Event Viewer. I said ok I have it open. We wanted me to scroll through the even viewer for the first red icon I could find I said I found one. He asked for me to read the number out beside it. I just said a random number, I said 5000. He says this is a very grave situation you have 5000 virus files on your computer. I will have to connect remotely to take care of the situation. In my opinion they would be doing a great job in building confidence with a user that was unaware of what they were doing. This call lasted almost 10 minutes before I was even to the exploit part of the call. Of course a lot of that was me saying “huh”, “what” and “could you say that again”. We spoke two very different dialects of English. He wanted me to visit www.360pcsupport.com at this point I could not go any further as I did not have a computer handy, nor was I about to visit it…. so I said I am very sorry I have another call on the line please call back later. So far he has not called me back but I really hope they do. I want to see where else he wanted to take me from one of my sandboxed workstations. If anyone else gets a call from them please let me know I want to see if there are any other links I need to add into our web filtering system to block. This was way too much fun.
Amazing Slow Motion Photography
I saw this linked from an article I was reading and had to share it. It is some pretty amazing slow motion if you like that kind of thing. Turn the resolution up all the way and watch full screen.