This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

The scammers just keep getting dumber...

Got this email today:
Good Day Dearest One Dear !! I am Madam.Sonia Zuru I am a widow being that I lost my husband,my husband was a serving director of the Cocoa exporting board until his death.He was assassinated by the rebels following the political uprising, before his death he made a deposit of Six Million Five Hundred Dollars ($ 6,500,000.00) here in Ouagadougou Burkina Faso in one of the Security Company,he intended to buy a Cocoa processing Machine with the fund.I want you to help me for us to retrieve this fund and transfer it to your account in your country or any safer place as you will be the beneficiary and recipient of the fund which we will use for joint investment in your country.I have plans to do investment in your country, like real estate and industrial production.This is my reason for writing to you. Please if you are willing to assist me and my only Daughter Linda Zuru, Telephone REMOVED Thanks and best regards . Madam Sonia Zuru
I've never priced a cocoa processing machine, but something tells me over $6 million is a little excessive. I'm also kinda disappointed. $6.5 million is pocket change compared to the scams I used to receive. I know the economy is tough right now, but it's not like these scammers are actually offering real money. Add a few more zeros to that and you might perk my interest.

Surely this is a legit lottery email and not a scam...

This email just showed up in my inbox...

Subject: .YOUR EM,AIL HAS WON,N
Date: Wed, 18 Apr 2012 20:55:19 +0200
It has finally come to our notice that you have not claimed your winning price. We want to verify if truly you are the owner of the email address that has won the 2012 Microsoft Email lottery draw. Because we have sent the winning notification to your address but you did not write back.

If you are the owner of the email address that has won the Email lottery, we advice you claim your winning price as quick as possible to avoid losing it, as the lottery program might come to an end within the next seven days or next week.

Best Regards.

Dr. Clinton W. E. Bateman (Coordinator M.S. Lotto)
Tel: +44-703-184-1863 +441212880874
EMAIL: infomsloto@mslot-agent.info.ms

Surely this is a legitimate email, right?

What if your hardware was infected with a virus?

It's not becoming uncommon to see viruses once again infecting the boot sector of a hard disk, in order to maintain their infection of a system.  There have even been reports of viruses infecting the BIOS, capable of maintaining infection after a full harddisk wipe.

But what if your actual hardware had an infection permanently programmed in?  It's not unheard of for consumer electronics such as digital photo frames to be manufactured and sold with malware installed at the factory.  What if the actual hardware design included a piece of malware designed to fail at a certain date/time or even phone home?

While the chances of this occurring are unlikely, it's still a possibility.  Chances are that if a piece of hardware were modified that significantly, it would most likely be deliberate actions of a well funded organization, with malware rivaling that of Stuxnet or Duqu.  This organization would need to do a lot more than just infect a USB stick - the organization would need someone on the inside of the manufacturing process to implement any hardware based malware, and most likely would be government funded.  This malware would be well beyond the complexity of Stuxnet or Duqu, as it would be malware written at the physical hardware layer, incorporated into the equipment.

The applications for such a piece of malware are very limited.  While espionage would be a likely candidate, it would be ill advised - any malware which would "phone home" from the physical layer would be detected by network monitoring tools, and the hardware would be taken out of service.  Once the physical "defect" was uncovered by researchers, a bulletin would be issued worldwide to discontinue use of that device.

A more likely application of hardware based malware would be sabotage.  Deliberately design a device to fail at a specified date/time.  Consider this scenario for a minute...what would happen if half the switches running the Internet backbone would fail simultaneously?  Communication would be severely crippled.  Then apply this one step further to hardware such as digitally controlled water pumps, generators, dam controls... Simultaneous failure of multiple components on a nationwide or global scale could have disastrous consequences.

While the likelihood of this being detected at a manufacturer level is relatively high, thanks to quality control processes, if a hardware based piece of malware were missed by a manufacturer, or intentionally introduced by a manufacturer under direction of its government, once a piece of hardware leaves the factory, hardware based malware would be near impossible to detect until it was too late.

Ultimately, this raises the question of "how well do you trust your manufacturers?"  Are you having a local, trusted manufacturer you've dealt with for years build your equipment, or do you outsource your manufacturing to the cheapest supplier overseas who you've never even met face-to-face?

In a world where best practices such as configuration management and configuration standardization are becoming key, should a piece of hardware based malware be created, configuration standardization may ultimately be our own downfall.

Unfortunately, much like Stuxnet and Duqu, it's no longer a question of "if" hardware based malware will appear, but "how soon"...

Warning: Potentially Malicious "Unfollow" Twitter App

Twitter users have recently begun receiving spam claiming to be an "unfollow app" capable of telling you who has stopped following you on Twitter.

Since this "app" is being advertised via spam, it should of course be treated as suspect.

The spam uses multiple redirects to fool scanners:

First Redirect Destination Analysis:  (Clean)
https://www.virustotal.com/url/7ad5fc516c4a9a4689de1e5de82c90681bb95f998c2ff1a0bfce180324d44fbb/analysis/1334255656/

Second Redirect Destination Analysis: (Potentially damaging content per Websense Threatseeker)
https://www.virustotal.com/url/dbfafb76973527e77be5e8e15f30ea7734b4a6cffed2d403c32fff16c69adf34/analysis/


At the very least, this is most likely a scam to get social networking impressions.  Chances are fairly high, however, that this could be malicious software.

If you receive any spam advertising this (or any other app), report the account to Twitter and they will deal with it accordingly.

I've been losing about 1 lb per day thanks to @ZipFizzCorp

I've been losing about a pound per day by slightly changing my diet and switching from soda to bottled water plus ZipFizz.

First, a little about me.  I'm a computer security professional, and rarely have time to leave my desk.  I don't exercise nearly as often as I should (barely ever), simply because I don't have the time.

For about a month now, I've changed my diet to try to lose weight, and it's working!  I recently started tracking my weight, and I'm losing about a pound per day.

I'm not going to lie, ZipFizz is not some miracle drug or anything of the sort...I did have to alter my diet as well as switch to ZipFizz.

My diet before ZipFizz:
I never have time to eat breakfast in the morning, because I've got to get to work and don't have time.  Because of this, I normally eat lunch around 11 am.

To keep me going during the day, I drink a lot of caffeine.  I was drinking two 20 oz sodas during the work day.  That's 550 calories, and 156g of carbohydrates.  That's 50% of your daily allowance for carbohydrates for a 2,000 calorie diet!

On top of all this, I normally eat a microwave meal at about 400 calories, 41 carbohydrates.  I usually have a bag of chips with my meal, so that's 160 more calories and 15g more carbohydrates.  Sometimes I'll even eat a mid-afternoon snack, doubling those values.

So, totaling all this up, I've consumed BEFORE I go home for dinner:
1270 calories (63.5% of daily allowance for 2,000 calorie diet)
212g carbohydrates (70% of daily allowance for 2,000 calorie diet)


Then when I got home, I would eat a large dinner with my wife, drink MORE soda, and greatly exceed the number of calories, carbs, and sugars I should be taking in.


Now:
I still don't have time to eat breakfast, so I still eat lunch around 11 am.

I switched from 2 sodas per day to 2 ZipFizz with bottled water per day.  That's 20 calories, and 4 carbohydrates total.  But I've still got the same amount of energy, and can keep going all day long without feeling tired.

I switched my microwave dinners to something with less calories, 350 calories instead of 550, but more carbohydrates (55g). I cut out the the bag of chips with my meal.

Finally, I eliminated my afternoon snack and replaced it with "chewable adult multivitamins" which look like gummy bears, and taste "decent".  These have 50 calories, 11g carbohydrates.

Update: Added nutritional information for the multivitamins.

So now, during the day I'm consuming the following:
420 calories (21% of daily allowance for 2,000 calorie diet)
71g carbohydrates (24% of daily allowance for 2,000 calorie diet)

And the best part about it is, I haven't had to change how much I exercise or how much I eat for dinner. The only change I've made in the evenings is switching to diet soda instead of regular.

The weight loss has been slow but steady, and I feel healthier.

I encourage you to give ZipFizz a try as an alternative to coffee or soda, especially if you need to lose some weight.

You probably are questioning if ZipFizz paid me to type this blog post.  They didn't.  Ask them.
I wrote this blog post because like many people in the IT field, I have a weight problem, and I want to do something about it.  I want to help others do something about it.

Disclaimer: I'm not a physician, this is not medical advice, not responsible for what you do with this information.  Consult a doctor before making serious changes in your diet.

Sony BRAVIA TV Datagram Flooding Denial of Service

Here's an interesting vulnerability...

Who would have thought you'd need to worry about your TV being subject to an attack?

A vulnerability has been reported in Sony BRAVIA TV, which can be exploited by malicious people to cause a DoS (Denial of Service).

Source: Secunia Advisory SA48705

Project Beekeeper - A Mobile Honeypot Project

I'm proud to announce my latest research project, Project Beekeeper.

In this project I will be creating a mobile "hotspot" and taking it to public locations, keeping track of how many people connect at each location over a period of time.

I won't be scanning them when they connect, simply recording their system/phone name and MAC address, and collecting statistics.

I'll be using a rooted HTC T-Mobile G1 running Android 1.6, which is no longer connected to a wireless carrier.

This will all be made possible by Barnacle Wifi Tether, a great piece of software which is available on Google Play.

Why am I in Computer Security? Ask the U.S. Commerce Department

Should we ever get to the point where the computers we use present more risk than provide value, it will undoubtedly be time to unplug them.

I could write a very lengthy article on why I am in the computer security field.  But I'm not going to.

Instead, I'm going to link to a news article about the U.S. Commerce Department's Economic Development Administration.  This is what I want to help prevent from happening. 

Computer Virus Plunges Government Agency Into Dark Ages