From The Erbo Files
Tuesday, February 28, 2012


  • Obama belts out "Sweet Home Chicago" with B.B. King, Mick Jagger, and Buddy Guy. I knew Jake and Elwood Blues. I liked Jake and Elwood Blues. I looked up to Jake and Elwood Blues. Barack Hussein Obama, you're no Jake and Elwood Blues.

  • Jamie Zawinski stuck a "Y2K bug" into his popular Dali Clock application...as a prank. Hilarity ensues.

  • Remember those faster-than-light neutrinos CERN supposedly found? Yeah, not so much. It was a timing error caused by a faulty cable. There go all those science-fiction theories...

  • Speaking of things faster than light, Jeff reports that Jimi's Faster Than Light (known to his hoomans and friends as "Dash" ) is now a champion. Way to go, little fluffball! Now here's hoping he doesn't develop a 'tude like his packmate, Ch. Jimi's Admiral Nelson (aka "Aero" )...

  • Must read: Open Letter to Chris Dodd, from ESR. He shoots, he scores! (Bill Quick thinks that, if Dodd and his ilk are smart enough to read this at all, they'll respond by finding a way to co-opt enough technologists to circumvent ESR and those who stand with him. I doubt that's possible, though. Every man may have his price...but if the MAFIAA tries to co-opt me, for one, they'll find my price too high for them to pay...)

  • Another must read: Francis W. Porretto, the Curmudgeon Emeritus, with The Smoking Qur'an. Includes a lengthy fictional scenario in which a President with some balls responds to the deaths of two American soldiers at the hands of an Afghan soldier upset because of the burning of Qur'ans containing communications between extremist fighters. Stephen Graham Sumner should join the list of "ballsiest fictional American Presidents," right up there with James Marshall, as portrayed by Harrison Ford in Air Force One.

  • Somebody here loves that bag of Purina Cat Chow we got her. Maybe a little too much. I'll just let Sabrina tell the story.

  • Some thoughts on indie game development, from David Amador. At one time, I thought I was going to do something like this...I was writing games on my old TI-99/4A in high school. Somehow I don't think Rush Hour on Poway Road would go over very well, even on the Apple App Store or Android Market. Perhaps that's a dream best left by the wayside. (Via JavaLobby)

  • Latest claim from the Glowbull Wormening hysterics: Now it's going to cause humans to shrink, or some malarkey like that. Cue the voice of Peter Gabriel: "This is an announcement from Genetic Control, It is my sad duty to inform you of a four foot restriction on humanoid height..." (From the Genesis song "Get 'Em Out By Friday" )

  • Finnish software company Rovio has been milking its popular Angry Birds franchise for all it's worth; now DailyMobile.se reports that they're working on something else. They lead the article off saying, "At this point Finland is known largely for two things, Nokia and Angry Birds." I take exception to that...what about Nightwish? Or Linus Torvalds? Or kicking Soviet ass in the Winter War? Show some respect, Swedish dudes.

  • Yahoo has decided on a different tack to try and earn money, according to PandoDaily: it's served Facebook with knowledge that they may be infringing on a bunch of their patents. So, not only is Yahoo patent-trolling, they're biting the hand that feeds them; Yahoo News traffic has more than tripled since they rolled out their (annoying, IMHO) Facebook integration. Congratulations, new Yahoo CEO Scott Thompson! Your reputation is about to descend to Darl McBride levels.

  • If a bargain price for an E-reader and a crapton of E-books looks too good to be true, it is probably neither. (Via John Scalzi)

Monday, February 20, 2012


  • Apparently, not only has Google figured out how to bypass security settings in Safari, they've been able to do it in IE as well. Micro$oft has countered by publishing a "Tracking Protection List" that blocks all Google embeds. At least, in Internet Asploder. I'm inclined to respond by saying that anyone who's still using Internet Asploder deserves what they get...and, as a Chrome user, I'm not particularly worried.

  • Interesting factoid from ZeroHedge: by being perceived as hostile towards gun owners, President Obama has helped the firearms industry tremendously by driving record sales of guns and ammo. I'd almost be inclined to think Obama was pulling a Xanatos Gambit and is ready to claim credit for the "stimulus" to the gun industry...but he's probably not that smart.

  • A lengthy but informative piece here on the art of salary negotiation. Via Chris Byrne, who offers some pointers of his own to supplement that article. Sad but true fact: "We [engineers] overwhelmingly suck at it. We have turned sucking at it into a perverse badge of virtue." Sigh...he's right, especially since my own philosophy is closer to "Be thankful you have a job, shut up and do as you're told."

  • Valorna Edgeworth from Second Life and EVE pointed me to the things MakerBot Industries is doing. I'd read about some of their stuff on TechCrunch, this, for instance. This sort of technology will just become more pervasive; what happens, for instance, when it becomes affordable to have your own CNC milling machine in your garage? It almost is, now, if you buy a used one you can adapt to control via a standard PC...

  • And speaking of disruptive technologies, how about a DNA sequencer the size of a USB key? Expensive now, but just wait. The future is now, folks.

  • This Android tablet is available for $139 for a 7-inch model or $250 for a 10-inch model, runs ICS, does not have any bootloader locks or other obstructions, and comes with optional source code disk. Might be worth getting to hack around with. (Via TC)

  • If you haven't followed Ken White's "Anatomy of A Scam" at Popehat, it's worth a read. It's almost a HOWTO for investigating and reporting scammers, using Google, PACER, and court records searches. Suffice to say, the principal scammers in this tale look like they're in a world of hurt...

  • PandoDaily: Stop Trying to Make F-Commerce Happen. Seriously? "F-commerce" meaning "commerce via Facebook"? That's as bad as "m-commerce" meaning "commerce via mobile," maybe more so. Whoever thought to call it "F-commerce" should be F-slapped around. (FuckedCompany.com: Never forget!)

  • CBS, which now owns Paramount, is putting Star Trek: The Next Generation out on Blu-ray starting this year with Season 1. I just got the "teaser" disc with three restored episodes, and boy, do they look beautiful. Any TNG fan should have it, particularly as one of the remastered episodes is "The Inner Light" from Season 5, universally acknowledged as being one of the best TNG episodes ever, and one of four Star Trek episodes to win a Hugo. The only drawback is, the episodes were all filmed in 4:3 for the TV sets of the day, and so appear pillarboxed on a modern HD set. (JMS was thinking ahead when he filmed Babylon 5 in widescreen...)

Thursday, February 9, 2012

I got an odd E-mail from an old friend of mine the other night; no subject line, a number of other people on the To: line, and the text body consisting of just one thing: a URL from a site with a .cz domain (the Czech Republic).  Anyone who's been on the Internet for more than a week should either have alarm bells going off in their subconscious at this point, or shouldn't be allowed out without a keeper.  Best hypothesis: her machine or E-mail account was compromised somehow and is sending this mail out as an attempt to infect others.


Actually clicking on a link you get in an E-mail like this is about as wise as wandering down Skid Row, grabbing a hypodermic needle from a random junkie you find passed out on the sidewalk, and jamming that needle into your own arm. Fortunately, I have some techniques that are the equivalent of working from behind leaded glass and fishing at it with tongs, namely, using the wget command on a Linux box to fetch the contents at that URL to a file without executing it, and then using a text editor to open the file, again without executing it.


The contents of that first file I pulled from behind that URL were roughly like this:


<head>
<script type="text/javascript" src="(another Czech URL)"></script>
<meta HTTP-EQUIV="REFRESH" content="0; url=(a URL in Russia)">
</head>

Right away, it's obvious someone's trying to play games. That <meta> tag is trying to force the browser to read from another site almost immediately. Trying to pull from the Russian site, however, got no results; the site returned no data and timed out.


But what about that JavaScript?  Pulling it revealed some other trickery:


if (top.location.href==self.location.href) {
document.writeln('(an entire HTML document, pretty much)');
}
document.write('<script type="text/javascript" src="(a Google Analytics JavaScript URL)"></script>');
document.write('<script type="text/javascript" src="(a URL loading a script with the same name, but from a Czech site)"></script>');

More deliberate obfuscation, and what looks like an attempt to hijack Google Analytics, perhaps to make the site seem more popular than it is. (Any function declared in the presumably-legit Google Analytics script, but then re-declared in the Czech script, would use the latter definition.) The document being written in that first document.writeln() call contains a lot of obfuscation, too. (The most obvious obfuscation was that it was written all as one line, defying easy viewing; I had to pass the script text through fold -80 to get it into a state where I could read it.) It has a lot of CSS styles, both in an embedded stylesheet and inline; many of the styles are marked as !important, meaning they override any built-in stylesheet the user has set up in the browser. (This could also be a trick to divert attention from the rest of the contents of the file.) Some of the links in this file have code like this attached to them:


onmousedown="javascript:void(myImage = new Image());void(myImage.src = \'(a PHP URL with some query string parameters)\');"

This is pretty obviously click-tracking. Ignore the use of an Image object here; the important part is to generate a GET from the browser to that URL whenever someone clicks down on the link. There's also more conventional calls to a JavaScript function urchinTracker from within onClick handlers.


There are some foreign-language strings visible in the text, too: a quick check with Google Translate found that they were, indeed, in Czech, reading something like this:



  • Sports betting on the Internet - Get up 1000 Kc!

  • Original gifts and gadgets for men and women!

  • ACTION! From November 14, 2011 fantastic prizes domain!

  • Mona furniture co. - furniture and special offers with 40% discount

  • Dedicated server for 450 Kc

  • Download and send files for FREE!

  • File download FREE!


Various sales pitches, in other words. ("Kc" is most likely the abbreviation for the Czech koruna, the local currency.)


To sum up: Classic spam E-mail, with a lot of deliberate obfuscation to try and evade spam-detection schemes. And who knows what other stunts this site is likely to pull, with all that garbage in the way?


I sent an E-mail to my friend warning her that her machine had been compromised, and she should either check it out or get it checked out. This would be a good time to point out that downloading and running just two programs will clear up almost any malware installed on a Windows system: Malwarebytes, and Spybot Search & Destroy. Also, make sure your antivirus is up to date. The More You Know.™


"Surfing safety."
"Keep breathing."
Roadkill and Y.T., Snow Crash, Neal Stephenson

 
 
Copyright © 2012 Eric J. Bowersox, All Rights Reserved.
Made with Roller and Bootstrap. Social media icons by icondock.com.
Any and all trademarks used in the above text are owned by their respective owners.

Connect on Social Media

[About.me] [Facebook] [Twitter] [LinkedIn] [Google+] [Quora] [/.] [Pandora] [GitHub] [Amazon.com] [E-mail]

Calendar

« October 2019
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today

Search


Recent Entries


Recent Comments


Erbosoft Blog Network

Blogroll


Categories


Feeds


Admin Controls