Category: Security

Blueface won't let me make outgoing calls

I have an account with Blueface – Blueface is a VOIP provider. For €19.99 per month I am supposed to get 1,000 minutes of calls to over 20 countries. All good, so far. The only issue is that for some bloody reason, at the end of every month my credit is deleted and I can no longer make outgoing calls.

Two problems here, in the first place, I should be able to carry the unused minutes I have paid for over into the next month and second, since I have signed a direct debit form, the money should go out of my account, pay for the next month and there should be no interruption to my service.

Come on guys, get with the program or lose a customer. Fast.


I received the following email from Blueface support:

can you switch off the modem and ATA for 30 secs and then switch them back on and leave them for 5 mins.
if it still doesn’t work thrn let me know.
everything is connected fine and your ATA is registered on our server.

Of course that tells me nothing. I tried turning both the router and ATA off several times today and that didn’t fix it then – why was this time different?

Users are 'stupid' – Microsoft

I wrote a post over a year ago about how I deal with PCs which have become infected with malware (viruses/trojans/worms/rootkits, etc.):

what I do, is to re-install the OS – more often recently it is XP, turn off System Restore, install XP SP2, Microsoft Anti Spyware, Spybot, Adaware, and AVG… or consider formatting the PC.

It seems that I was on the money with that advice – eWeek are reporting today that Mike Danseglio, program manager in the Security Solutions group at Microsoft said at an InfoSec conference in Florida yesterday:

When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit

Malware is becoming more difficult to detect because malware writing has become a big business. The people who write these malware programs now do so for profit. They write programs which allow them to use infected machines (to send spam, for instance) and they sell their services to companies who want use infected machines. The more machines they control, the more money they can make. It is therefore in the malware writer’s interest that the malware be as unobtrusive and difficult to detect as possible.

Danseglio said:

We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,

This is similar to my observation that malware can hide in the System Restore volume and can re-install themselves after a scan is run.

The one place where Danseglio and I disagree fundamentally is in the apportioning of blame. Danseglio said:

Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity

Personally, I believe that if the software allows people to be fooled into clicking on a phishing link (and some of the phishing emails I have received have been extremely convincing), then it is the software which is stupid and not the user.

Exploit code released for Firefox vulnerability

According to Brian Krebs blog on the Washington Post, exploit code has been released for the latest Firefox and Netscape vulnerability. To protect yourself against this code either 1) buy a Mac or 2) update your version of Firefox to the latest version – available here.

The exploit code appears to allow an attacker to take remote control of infected PCs – it is interesting to see a serious exploit for Firefox being released, finally – we are far more used to seeing these kinds of exploits being released for internet Explorer!

Microsoft releases critical fixes

Overnight Microsoft released 3 critical, 1 important and 2 moderate fixes for Internet Explorer and Windows. The vulnerabilities patched allow remote code execution, denial of service and local elevation of privilige. Any internet Explorer and/or Windows users are strongly advised to patch their systems with these upgrades.

More info and updates available here.

Cisco harass security worker

Bruce Schneier has posted a fascinating story about Cisco’s harassment of a security worker called Michael Lynn:

Lynn was going to present security flaws in Cisco’s IOS, and Cisco went to inordinate lengths to make sure that information never got into the hands of the their consumers, the press, or the public.

Cisco threatened legal action to stop the conference’s organizers from allowing a 24-year-old researcher for a rival tech firm to discuss how he says hackers could seize control of Cisco’s Internet routers, which dominate the market. Cisco also instructed workers to tear 20 pages outlining the presentation from the conference program and ordered 2,000 CDs containing the presentation destroyed.

In the end, the researcher, Michael Lynn, went ahead with a presentation, describing flaws in Cisco’s software that he said could allow hackers to take over corporate and government networks and the Internet, intercepting and misdirecting data communications. Mr. Lynn, wearing a white hat emblazoned with the word “Good,” spoke after quitting his job at Internet Security Systems Inc. Wednesday. Mr. Lynn said he resigned because ISS executives had insisted he strike key portions of his presentation.

A copy of Michael Lynn’s presentation is now available here.

Spamming can seriously affect your health!

Via Loic


Russia’s Biggest Spammer Brutally Murdered in Apartment

Vardan Kushnir, notorious for sending spam to each and every citizen of Russia who appeared to have an e-mail, was found dead in his Moscow apartment on Sunday, Interfax reported Monday. He died after suffering repeated blows to the head…

Under Russian law, spamming is not considered illegal, although lawmakers are working on legal projects that could protect Russian Internet users like they do in Europe and the U.S

For more info on Kushnir, see the WikiPedia entryhere.

Russian police are now saying that Kushnir’s death was a robbery gone wrong and was unrelated to his spamming – see here for more.

Shoot to kill policy fundamentally flawed

The recently exposed UK “shoot to kill� policy appears to have been discreetly introduced into anti-terrorist procedures in 2003, after then-Metropolitan Police Commissioner Lord Stevens sent teams to both Israel and Sri Lanka to study how they dealt with suicide bombers.

On Sunday, Lord Stevens said in the News of the World:

There is only sure way to stop a suicide bomber determined to fulfill his mission: Destroy his brain instantly, utterly. Which means shooting him with devastating power in the head, killing him immediately. Anywhere else and even though they might be dying, they may still be able to force their body to trigger the device

The procedures would remain in place, Sir Ian Blair the current Police Commissioner, insisted:

there is no point in shooting at someone’s chest because that is where the bomb is likely to be.

There is no point in shooting anywhere else if they fall down and detonate it. It is drawn from experience from other countries, including Sri Lanka. The only way to deal with this is to shoot to the head

The policy had been “reviewed and reviewed” for many months and was a national one, not just for London, he said.

Jack Straw, the Foreign Secretary, also defended the policy. He said it was essential police were able to deal effectively with the threat of a suicide attack.

That all sounds quite reasonable (especially to me seeing as I am pale skinned, freckled and red-headed!).

However, as Bruce Schneier points out, now that the terrorists know about the shoot to kill policy, all they have to do is change their detonators to explode when someone lets go of the trigger – or as Bruce himself puts it:

This policy is based on the extremely short-sighted assumption that a terrorist needs to push buttons to make a bomb explode. In fact, ever since World War I, the most common type of bomb carried by a person has been the hand grenade. It is entirely conceivable, especially when a shoot-to-kill policy is known to be in effect, that suicide bombers will use the same kind of dead-man’s trigger on their bombs: a detonate that is activated when a button is released, rather than when it is pushed.

Shoot to kill doesn’t increase security – it decreases it – innocent lives are put at further risk as demonstrated so effectively this week. Also, right about now, if I were a mugger/rapist/whatever, I know that any call by me to “Stop, Police” will net me a very compliant victim, thank you very much.

According to reports in the Times and the Guardian, Jean Charles de Menezes the Brazilian shot dead by London Police in the Shoot to Kill incident, was neither wearing a bulky jacket, nor did he vault the ticket barrier. From the Times article:

Vivien Figueiredo, 22, said police told her that he was wearing a lightweight denim jacket and not some bulky coat that could have hidden an explosive belt underneath. Detectives also claimed immediately after the shooting that Mr Menezes had refused to heed shouted warnings by armed police and vaulted the ticket barriers at Stockwell Tube station.

Now police say that he used his travelcard to gain access to the station.

Mrs ESTHER ROBERTS – is a scammer!

I received the following 419 scam email yesterday:

Address:Avenue 44 Rue 12 Treichtown
Lot 87 Marcory Cocody 1863
Abidjan,Cote D’Ivoire,West Africa

Respectfull one,

Good a thing to write you. I have a proposal for you-this however is not mandatory nor will I in any manner compel you to honour against your will.

I am MRS.ESTHER ROBERTS,46 years old and the wife of late MR.ROBERTS MARTINS. My late husband was a highly reputable and respectful business magnet in our country and other West African countries during his days.

It is sad to say that he had passed away last year.I had my first and only son Elvis when i was 26 years old and as at then we were happily married.Before his death on September 22 2004, he called me before he died and told me that he had a sum of 19.700,000 US DOLLARS (NINETEEN. SEVEN MILLION USA DOLLARS)kept in a security company in (AFRICA) for safe keeping for me and my son for us not to suffer after his death.

He also said that the security company does not know the content in the safe Box.He decleared it to the company as family treasure and used my son’s name ELVIS to Deposit the Box as his only child for next of kin. He also explained to me that I should seek for a foreign partner in a country of my choice where I will transfer this money to and use it for investment purposes,so that me and my son will not suffer in the near future.

I want you to assist me in retrieving this box from the security company and then transfering the box to your country or any country of your choiceand act as a beneficiary of the fund in the said box, and also to make use of the fund in the box for an investment purpose on a very lucrative and profitable business ventures in your country or any country of your choice.
I am just a widow and a refugee in a country i don’t have family nor friend and i really don’t know what to do.Now I want you to assist me in retrieving this box that contains this fund and transfering it to you in your country. This is because I have suffered a lot of set backs as a result of incessant political crisis in my country LIBERIA and even here in Ivory coast.The death of my husband actually brought sorrow to my son and i.

Dearest one,I am in a sincere desire of your humble assistance in this regards .Your suggestions and ideas will be highly regarded.

Now permit me to ask these few questions:-
1. Can you honestly help me as your sister or partner?
2. Can I completely trust you?
3. What percentage of the total amount in question will be good for you after the money in the box is in your possesion?

Please,Consider this and get back to me as soon as possible on this my private e-mail

Thank you so much.And God bless you

Best regards,

& son Elvis? – I love it! Now we know where he has gone to.

Esther’s email address is in case anyone wants to scambait her.

Out of Office reply policies

I saw a post on David Smalley’s blog about Microsoft Exchange Server Out of Office Replies. In his post David mentions that in Exchange server 2000, Out of Office Replies (OOR’s) are not sent outside of the Exchange organisation, and he goes on to explain how you can configure Exchange to allow OOR’s to go outside of the your organisation.

While this behaviour by Exchange would appear to be a bug – there is a good reason behind it – it is for protecting the privacy of your Exchange users. It is entirely possible to spam a company (or more likely companies), do automated searches for Out of Office Replies, cross reference them with phone book entries, and then burglarise houses secure in the knowledge that “Sally is on holidays in Bali until the 15th!”.

Out of Office Replies like these will also tell any cracker that this person’s logon will be unattended for the next x days so they can merrily ring the helpdesk saying “I have lost my password, can you re-set it for me?”

Also, OOR’s will reply to ‘normal’ spam mails, confirming the email address as a live one.

From an IT/security point of view, it is preferable to maintain the current situation of OOR’s not going beyond you Exchange organisation but I can see that from a client service point of view this might not be acceptable.

If you do need to allow OOR’s in your company, then you really need an OOR policy document and as we are rapidly coming into holiday season, you need to make all your staff aware of it asap for their own protection.

Staff shouldn’t say how long they are out for nor why they are out. They shouldn’t include their sig file as this gives away too much information (Job Title for instance – the more senior the position, the more likely (extended) travel is involved), and they should include the name of an alternate contact along with the main company number (but they shouldn’t include the job title of the alternate contact).

The following is an example of a reasonably safe and yet informative Out of Office Reply:
“Thank you for contacting me – unfortunately I am away from my email right now but I will reply to you on my return. In the meantime, if you need some assistance, please call John Doe at 555 1234.”

The podcast of this post is available here thanks to Pete Prodoehl whose comment on my last post explained how I could use to upload podcasts to the Internet Archive without the 24 hour wait!

Apple to move to Intel x86 architecture?

I spotted a story on this morning which said that Apple are going to move away from IBM PowerPC chips to Intel supplied x86 chips for their computers. The article goes on to say that this will be officially announced at Apple’s Worldwide Developer Conference in San Francisco on Monday by Steve Jobs.

Robert Scoble predicted this two weeks ago and was disbelieved at the time despite having his own version of Deep Throat!

But, I don’t want to say anything because then Steve Jobs might sue me to find out my sources.

Apple is reputed to be moving away from IBM due to supply problems (and the difficulty in creating a G5 for PowerBooks has to be an issue as well).

Apart from the issues this raises for developers, I would be concerned that this will raise security issues for Mac owners. My concern arises from the fact that malware and spyware often can’t run on a Mac due to its non-x86 architecture – this security advantage will be done away with if/when Apple shifts to the x86.