That box you are in is not as big as you think it is

Feb. 10th, 2010 08:22 pm
maradydd: (Default)
I'm an independent professional who runs her own company and does some consulting on the side. Who exactly am I supposed to rip off on Steal Something from Work Day?

Protip: learning to negotiate better is the very definition of "don't get mad, get even."

(h/t [livejournal.com profile] mellowtigger)
  • Current Mood: cynical
Tags:

New malware vector: short-circuit victims' rational thought with fake IRS notices!

Oct. 3rd, 2009 11:19 pm
maradydd: (Default)
I'm not quite smart enough to do real malware analysis like [livejournal.com profile] foxgrrl does, but ever since the days of the "I Love You" virus, I've been tremendously amused by the social-engineering tricks that malware authors use to trick victims into opening their payloads. Tonight I received one that struck me as especially clever: a fake "Notice of Underreported Income" letter with a link to a page where the target (my company) is prompted to download an .exe which purports to be the tax statement. The page -- which is now down, and I'm sorry I didn't get a screenshot -- is a well-done mockup of the IRS' own site, but it's actually a PHP page hosted on www.irs.gov.vdsl.im. Ha ha!

I saved the offending .exe and ran it through a decompiler. From the sheer number of CryptoAPI symbols and symbols related to Windows file handling present, I'm guessing it's some kind of "encrypts your whole hard drive" ransomware. There are also several other symbols, such as BuildImpersonateExplicitAccessWithNameW, which suggest that the original source language was Delphi. (Aside: why the hell is Delphi such a popular language among malware authors? Some of the most eye-poppingly awful source I've ever seen -- in a 2004-era issue of 2600, amusingly -- was somebody's attempt at a rootkit written in Delphi. The author waxed rhapsodic about how great it was that a Delphi compiler could be had for free on a CD-ROM that came with some magazine that was on the stands at that time. This further cements my opinion that malware authors these days are nothing more than a combination of the worst aspects of script kiddies and cut-and-paste wannabe programmers. If you're trying to write something for Win32 without access to Visual Studio or one of those other closed-source compilers, either learn cygwin/MinGW or get off my lawn. Amateurs.)

More than that I do not know, as figuring out what a program does from its representation in assembler is beyond me. If any of my Faithful Readers want a look at it, I'll be happy to send them a copy.

And, of course, if you receive what appears to be a threatening email from the IRS, take a close look at the links in the message, and examine the email headers as well. (In this particular case, an email that was really from support@mail.irs.gov would not have a Return-Path header of scubaedrs530@shatneresque.com. It's also important to look at the Received headers -- particularly the last one, as this will tell you what IP the message originated from. In this case, it came from 95.58.33.236, which looks to be a metro broadband network in Kazakhstan. Again, not the kind of place the IRS is likely to be sending anything from.)

ETA: [livejournal.com profile] patrickat rightly points out that the IRS does not send official tax correspondence via e-mail, so you don't even have to look at the headers to know that a letter like this isn't legit.
  • Current Mood: amused
Tags:

PSA: I am old-fashioned and stuck in my ways

Jul. 30th, 2009 09:31 pm
maradydd: (Default)
What's the deal with people using Facebook messaging in lieu of email these days? I don't understand this phenomenon, and I don't like it.

Just so everyone knows: I rarely use Facebook. My account there exists only because I needed one to do some development there for work. It might look like I use Facebook, but that's only because I have my Twitter client set up to push messages to Facebook (in point of fact, I set this up when I configured the client and promptly forgot about it, and was then surprised to get a mess of Facebook status replies). If you send me a message via Facebook, whether by scribbling on my Wall or sending a private message, assume that I either won't see it at all, or won't see it for a week or more.

I have three email addresses. One is my personal email, one is my work email, one is a dumping-ground account that gets a whole lot of mailing list traffic that I really don't have time to read. Where do you think Facebook notifications go? If you guessed the third one, hurray, you win a No-Prize. Those itty-bitty status notifications get drowned in a sea of bug reports and developer chatter, maybe three to five percent of which I actually read. Stuff gets batch-deleted every week or so, and it's easy for the only indication that a Facebook message has arrived to get lost in the noise.

"But, Meredith," I hear you say, "why not just point notifications at an address you actually check?" Simple enough: like Bartleby the Scrivener, I would prefer not to. I don't like the interface, application-layer protocols riding over other application-layer protocols is a stupid implementation choice, and if you think I trust Facebook with my private data, I've got some beautiful oceanfront property in Luxembourg I'd love to sell you. I'm twitchy enough about gmail. I expect to have control over my email, and anything I expect to have control over lives in a place where I can shred(1) it if the need arises. Data on Facebook is not data I own, plain and simple. (Neither is data on gmail, for that matter. Or LiveJournal, but I've got enough time invested in this blog and the community it's part of that leaving would be a hassle, so I censor myself, and hate myself for doing it.)

If Facebook someday decides to set up an SMTP gateway, so that I can reply directly to your.shortname@facebook.com, then perhaps I'll change my mind. I doubt that will ever happen, though; they're heavily invested in their walled garden and don't seem too inclined to change that. (Perhaps I could have done something about it if I'd taken that job there, but I'm pursuing academic goals instead, and that door is closed. If you're reading this, Larry, I genuinely am sorry; I think I would have enjoyed working with you, but I have to follow this dream.)

This is a facet of today's Internet that worries me. On the one hand we've got Web 2.0 sites like Twitter, Flickr and Amazon publishing data and providing services via openly documented formats that I can read, use, and mash up any way I like ... and on the other, we've got Facebook and MySpace building extremely large ghettos on top of privately documented protocols that lock users into set patterns of behaviour. I don't like this. It stifles my creativity and harshes my mellow. It might be a nice-looking ghetto ... but it's still a ghetto.

/me sighs. Should I implement SMTP in the Facebook dialect of Javascript? I probably could; some psychopath (and I mean that as a compliment) deployed IPv6 over Social Networks there, and if my steel sieve of a memory serves, SMTP can be modeled with either the same computational mechanism as IPv6 or a weaker one. I expect it's feasible, but I don't expect to like it. (Besides, it'd be a hell of a way to ship out lots and lots of spam. I'm sure Facebook would appreciate that.)

So, yeah. If you want to send me a private message and actually have me read it, suck it up and send me an email.
  • Current Mood: cranky
Tags:

Profile

maradydd: (Default)
maradydd

September 2010

S M T W T F S
   1234
567891011
12131415 161718
19202122232425
26 27282930  

Syndicate

RSS Atom

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags