Crashed Pips - Computers, politics, emetic trash

Monday, August 18, 2008

Spammety spammety spam.

Filed under: Security — Tags: , , , — Jonathan Rothwell @ 12:47

Spam is one of those things that’s often so bad, it’s good. Today, I received one of those messages. It was sent to the hello@crashedpips.co.uk e-mail address (obviously harvested, from here) and I present the text below:

Dear customers,
Thank you for using our new service “Buy airplane ticket Online” on our website.
Your account has been created:

Your login: hello@crashedpips.co.uk
Your password: passRHK6

Your credit card has been charged for $669.57.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the flight ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
Spirit Airlines

There are multiple reasons why this is dubious.

  1. I never booked a flight, and the idea I would do so with Spirit Airlines is ludicrous. Because they operate in the Americas as an ultracheap airline (a bit like EasyJet in the UK, but without as much orange.)
  2. As Spirit is an ultracheap airline, $669 (even with the current state of the dollar) is excessive.
  3. Printer is mis-spelled printed. It seems unlikely that a medium-size airline (still quite a large operation) would make such a mistake - can they not afford a dictionary?
  4. The ‘invoice’ and ‘flight ticket’ are attached in a ZIP file, apparently. Examination of the zip file reveals - yes, you guessed it - Ticket_N141-SK.exe, which looks suspiciously like a virus. I’ll be sending this off to some antivirus companies for analysis.
  5. They’ve obviously put in no effort with header spoofing whatsoever: the ‘from’ address is kvtgady (at] bradshawplace (full stop) com (address obfuscated to prevent spam to the (possibly) innocent owner of this address).
  6. Yep, the usual “Dear Customers” opening line (surprise, surprise).
  7. This is perhaps the most important point of all. It demolishes the e-mail’s premise in one swipe: I don’t even have a damn credit card. Even if I did, I’d have paid in pounds or euros, rather than dollars. If I did have to pay in dollars, I would have sent the money using a money transfer service or simply by popping a cheque in the post.

For the record, I’ve tried to contact Spirit about this, but the only phone numbers I can find are for their reservations centre, and the only e-mail addresses I can find are for comments on the Web site. If anyone can source a number or address direct to Spirit’s HQ, I’d be very grateful - it’s best the airline knows about this so it can post an advisory in its website.

EDIT: I’ve sent the file to McAfee and its online scanner says it’s spy-agent.bw. An extra .dat file is being issued for this - I’ll see what McAfee’s rules on redistribution are, and if it’s OK with them I might mirror it here for if you’re using a McAfee scanner. Meanwhile, Symantec won’t let me show them the virus unless I pay them money, and Sophos’s process is long and irritating.

The file will now be shredded to protect other machines on my network.



Monday, August 4, 2008

What’s Wrong With This Scanner?

Filed under: Security — Tags: , , — Jonathan Rothwell @ 02:22

I’ve just been told my C: drive is infected by errors in all the .dll files by a free online error and virus scanner I found on the Internet! OMG OMG OMG!

What makes this particularly amazing is that the scanner claims to have found viruses on the C: drive - when there is no C: drive (I’m on the Eee at the moment running Ubuntu). See what I’m getting at here?

However, people do get taken in by these things. I’ve seen it happen before where the Messenger Service in Windows XP has been hijacked, and gullible/inexperienced users have listened to the message, no questions asked. Of course, they don’t read the EULA (who does? they say.)



Thursday, May 15, 2008

We got a live one!

Filed under: Security — Tags: , — Jonathan Rothwell @ 18:44

I’ve just received the most believable phishing scam sent to my inbox to date. It’s still suspicious to ninety nine per cent of users, perhaps, but these things are certainly starting to look more believable.

For those who don’t know what phishing is, you should. It’s when someone purporting to be from a trusted organisation or person (such as, say, a bank) tricks you into giving them your details by contacting you, usually via e-mail. They’ll usually pretend that your account information needs updating, and will usually convey a sense of urgency.

Before clicking on that link, here’s a couple of important things to remember:

 

  • If in doubt, go to the bank’s website directly. That is by opening your browser and then typing its web address into the address bar. You could also phone the bank or go in person.
  • These messages usually try to instil a sense of urgency, with dire warnings such as “YOUR ACCOUNT WILL BE STOPPED IF YOU DO NOT VERIFY YOUR ACCOUNT”.
  • If someone purporting to be from a bank (or purporting to be a bank) e-mails you, automatically be suspicious. Even if you trust the organisation and/or hold an account there, phishing scams are often sent out to thousands and thousands of people at a time, in the hope that some of them will fall for it.
  • Remember, banks will NEVER e-mail you asking for confidential information. They will almost always write to you with regular snail mail, or phone you up and ask you to call them.

With that out of the way, here’s the e-mail:

Note that Mac OS X Mail didn’t render this as HTML, but other e-mail clients may well do, adding to the realism.

The text talks about ‘enhanced security measures’, which are, in fact, real. More and more banks have started giving you the option of having a Chip and PIN machine connected to your PC to add an extra layer of security to online transactions.

However, the website this links to actually looks incredibly realistic by phishing standards: it ties in relatively well with NatWest’s real site (leaving our site) and could certainly fool the novice computer user.

Note: I seriously discourage anyone from following the link in a phishing e-mail. It can do all sorts of things such as fiddle with your browser, and worse. I was going in because I wanted to demonstrate what a phishing site would look like, and because I was using a secure web browser (Safari).

Of course, there are ways to just irritate the phishers using this page.

As soon as our hypothetical gullible computer user has entered his/her account number, he is asked for his PIN and password. Alarm bells should be starting to ring here. Remember that this e-mail has arrived out of the blue, and has sent you to a site that is now asking for your password and PIN number.

If the user was gullible enough to enter his information here, the site next asks him for - wait for it - HIS DEBIT CARD NUMBER. Anyone with half a brain should realise that the bank should have your debit card number. It shouldn’t ask for it if you try to log in.

After this, quite cleverly, the phishing page redirects to NatWest’s real latest offers page (leaving our site) having captured Joe Gullible’s personal information. That information will now be sold on a seedy website somewhere for around £8. (That is around US$15.)

So, the moral of the story? Don’t believe everything you receive in an e-mail. Simple as.



Monday, April 28, 2008

Sneaky Grisoft advertising

Filed under: Security — Tags: , — Jonathan Rothwell @ 11:22

Interestingly, this seems to be advertising AVG’s paid security solution, AVG Internet Security, conveniently omitting any mention of the new version of AVG Free.



Saturday, February 9, 2008

Unsubscribe? My foot

Filed under: Security — Tags: , — Jonathan Rothwell @ 18:12

Spam often contains an ‘unsubscribe’ link that allows you to ‘remove your address from the mailing list’. Rubbish. It only proves the Email address is active.

You didn’t think the spammers would actually kindly refrain from emailing you, would you? No. Now we’ll put that to the test.

This is a widget showing the inbox of a Mailinator address - it was empty at 1810GMT today, and has been ‘unsubscribed’ from the mailing list using this address.

I fully expect it to be filled with spam by tomorrow: quite interestingly, the message displayed after unsubscribing said “my address has been removed” - whereas it should never have been on the list in the first place.



Monday, December 3, 2007

Insult spam?

Filed under: Security, Software — Tags: , , , , — Jonathan Rothwell @ 13:36

Spam

I’d like to share with you the text of some comments left on various articles on this blog today, which were very quickly thrown to the (Akismet) dogs.

NO NO NO! You are barking up the wrong tree mate! Most if not all the items which you have put shame upon are great!!!. HOW dare you. you insult me!

Your ideas aren’t very great, as a matter of fact, they won’t work. Sorry but I think you should reconsider most of your ideas.

壞主意!這無疑是個壞壞壞!你是不是一個很好的人,我不喜歡你,你侮辱了我!

I have no idea what this last quote means - if anyone can speak Japanese, you are invited to leave a comment (in English) on this post.

Приятель что вы о! BBC + ОИС = MI5? в россии даже нет имени мы получить эти каналы! Но, с другой стороны некоторые ваши рассказы довольно хорошие на iphone один очень верно! не в том, что ive даже рассматривать характер.

This one appears to be in Russian.

Crashedpips.com ist der schlimmste Website, die ich je gesehen habe, die nicht auffällig oder interessant, und es nützlich ist.

A quick translation on the Dashboard reveals this this is roughly equivalent to:

Crashedpips.com is not remarkable or interesting the worst Website, which I saw ever, those, and it is useful.

At least get the bloody address right!

OMG what a insulting website. Do you ever plan to write some positive on this website. I feel so stringly about my views i have decided to create a wikipedia for your crashed pips!! ENJOY.

The only people I think I could have insulted on this website are spambots, Microsoft, conservatives, George Bush and New Labour.

Either way, this Wikipedia article that was supposedly created does not, in fact exist.

Is this a new type of WordPress spambot? Has anyone else had similar experiences?



Tuesday, November 20, 2007

Not the government’s fault

Filed under: Politics, Security, The News — Tags: , , , , — Jonathan Rothwell @ 22:48

BBC Newsnight has just confirmed that the data on the optical disks which were lost by Her Majesty’s Revenue and Customs was not encrypted.

It just serves as a reminder that there’s a sucker born every minute. And, of course, this has given ammunition to certain right-wing newspapers against the government.

But, in reality, is it really fair to blame the government? It’s like blaming the Headmaster because your child hung himself with his tie at school. The buck stops with the idiot who sent it in the post instead of simply sending it down the line to the Government. It’s certainly not an excuse for the Tories to use in Parliament.



Encryption and Passwords for the Dummies at the Inland Revenue

Filed under: Politics, Security, The News — Tags: , , , — Jonathan Rothwell @ 18:33

So, Her Majesty’s delightful Revenue and Customs have now got into a bit of a pickle - they’ve lost 25 million people’s confidential information.

And, it appears that HM Revenue and Customs won’t tell us whether or not the data was encrypted, for ’security reasons’. Well, that generally means, ‘they aren’t’.

So, put simply, a huge cock-up.

However, it would have been made a lot better if the data had been encrypted - in other words, scrambled to make it impossible to read without a ‘key’.

So, if they weren’t encrypted, why not? And, what’s more, why the hell were they sent through the insecure postal system, and not either a) delivered by hand or b) delivered over at least two encryption methods by running a cable between the HQ of HMR&C and the Audit Office?

Nevertheless, most people reading this (well, if they have children) will be concerned about whether or not to worry about it. Well, chances are you don’t.

However, there are some common-sense rules concerning passwords etc - basic stuff, which is really important.

  • If you’re using a blank password, for goodness’s sake CHANGE IT!
  • If you’re using an easily-guessed password, such as password, open, security etc., change it.
  • If it contains you or your children’s date/s of birth, change it.
  • If it contains you or your children’s names, change it.
  • If it’s the same as your username, change it.
  • If it’s shorter than 12 characters, change it.
  • If it only contains letters or only contains numbers, change it.
  • If you haven’t changed the password for more than three months, change it.
  • If you’ve given it to someone, then you’re a twit. Change it.
  • If you see any unusual transactions on your statement, tell the bank and change it.

Common sense tells you most of these things, and you might think ‘it won’t happen to me!’. Tough luck, mate. The Bad Guys are out there to get you, and while we can’t stop government staff being so stupid, we can put in some common sense protection to avoid being affected.



Saturday, October 20, 2007

A Car Alarm For Your Laptop

Filed under: Apple, Macintosh, Security — Tags: , , — Jonathan Rothwell @ 15:20

I really like this idea. Put simply, you use your MacBook’s remote to ‘lock’ the computer. Then, when the motion sensors built into the machine sense movement (these are normally used to slow down the drives when the machine’s turned on its side) an alarm goes off, and the iSight camera takes a picture of the intruder.

Genius.



Friday, October 19, 2007

Your Phone Is A Computer. So is your toaster, your alarm clock…

Filed under: Apple, Communications, Security — Tags: , , , , , — Jonathan Rothwell @ 19:26

Steve Jobs has announced that the iPhone will be getting its own SDK by February. Why is it taking so long, you may ask? Well, there’s a very simple explanation for that, which I can do best by quoting from Steve’s press release.

It will take until February to release an SDK because we’re trying to do two diametrically opposed things at once—provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc. This is no easy task. Some claim that viruses and malware are not a problem on mobile phones—this is simply not true. There have been serious viruses on other mobile phones already, including some that silently spread from phone to phone over the cell network. As our phones become more powerful, these malicious programs will become more dangerous. And since the iPhone is the most advanced phone ever, it will be a highly visible target.

This surprised me - I thought the fact that the iPhone is effectively a programmable computer was widely known, and that if it’s a programmable computer, it’s automatically susceptible to viruses.

Obviously, I was wrong.

These days, computers are everywhere. They’re in your toaster (for controlling how brown you want the toast), in your TV (for decoding the digital signals), in your alarm clock (to allow for complex alarm patterns), and, thanks to the wonders of RFID, in your drink can, in your clothes, in your DVD, and so on.

Now, by and large, these chips are safe (except for RFID, which I will go into at a later date) because they have no external input unless the devices are physically disassembled and then connected to an input device. And the virus can’t spread unless there’s a connection between the machines, either physical or wireless. Mains power doesn’t count.

However, a phone makes things more complicated. This is because a phone communicates with other phones (through the GSM cell network) and, in cases, to normal personal computers (when accessing WAP web sites, and when using Bluetooth).

Because these phones are programmable using the same languages as computers (Java in particular), this makes phones susceptible to viruses in Java. If a virus is written in the iPhone SDK language (which I would assume will be Carbon or Cocoa, Mac OS X’s main programming languages), then it can easily infect the phone and others around it (if it’s programmed to spread).

The only ways to stop these viruses are to close the platform entirely (using only the manufacturer’s apps) or to build safeguards into the programming language (or SDK in this case). That is what Apple are quite rightly doing.

But, in the end, the bottom line is… you can’t escape the computer.



Powered by WordPress 2.7 Comments are the responsibility of their respective author. The Rest © 2007-2009 Jonathan Rothwell, unless otherwise stated.