Tag: Security

Blueface won't let me make outgoing calls

I have an account with Blueface – Blueface is a VOIP provider. For €19.99 per month I am supposed to get 1,000 minutes of calls to over 20 countries. All good, so far. The only issue is that for some bloody reason, at the end of every month my credit is deleted and I can no longer make outgoing calls.

Two problems here, in the first place, I should be able to carry the unused minutes I have paid for over into the next month and second, since I have signed a direct debit form, the money should go out of my account, pay for the next month and there should be no interruption to my service.

Come on guys, get with the program or lose a customer. Fast.


I received the following email from Blueface support:

can you switch off the modem and ATA for 30 secs and then switch them back on and leave them for 5 mins.
if it still doesn’t work thrn let me know.
everything is connected fine and your ATA is registered on our server.

Of course that tells me nothing. I tried turning both the router and ATA off several times today and that didn’t fix it then – why was this time different?

Users are 'stupid' – Microsoft

I wrote a post over a year ago about how I deal with PCs which have become infected with malware (viruses/trojans/worms/rootkits, etc.):

what I do, is to re-install the OS – more often recently it is XP, turn off System Restore, install XP SP2, Microsoft Anti Spyware, Spybot, Adaware, and AVG… or consider formatting the PC.

It seems that I was on the money with that advice – eWeek are reporting today that Mike Danseglio, program manager in the Security Solutions group at Microsoft said at an InfoSec conference in Florida yesterday:

When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit

Malware is becoming more difficult to detect because malware writing has become a big business. The people who write these malware programs now do so for profit. They write programs which allow them to use infected machines (to send spam, for instance) and they sell their services to companies who want use infected machines. The more machines they control, the more money they can make. It is therefore in the malware writer’s interest that the malware be as unobtrusive and difficult to detect as possible.

Danseglio said:

We’ve seen the self-healing malware that actually detects that you’re trying to get rid of it. You remove it, and the next time you look in that directory, it’s sitting there. It can simply reinstall itself,

This is similar to my observation that malware can hide in the System Restore volume and can re-install themselves after a scan is run.

The one place where Danseglio and I disagree fundamentally is in the apportioning of blame. Danseglio said:

Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity

Personally, I believe that if the software allows people to be fooled into clicking on a phishing link (and some of the phishing emails I have received have been extremely convincing), then it is the software which is stupid and not the user.

Out of Office reply policies

I saw a post on David Smalley’s blog about Microsoft Exchange Server Out of Office Replies. In his post David mentions that in Exchange server 2000, Out of Office Replies (OOR’s) are not sent outside of the Exchange organisation, and he goes on to explain how you can configure Exchange to allow OOR’s to go outside of the your organisation.

While this behaviour by Exchange would appear to be a bug – there is a good reason behind it – it is for protecting the privacy of your Exchange users. It is entirely possible to spam a company (or more likely companies), do automated searches for Out of Office Replies, cross reference them with phone book entries, and then burglarise houses secure in the knowledge that “Sally is on holidays in Bali until the 15th!”.

Out of Office Replies like these will also tell any cracker that this person’s logon will be unattended for the next x days so they can merrily ring the helpdesk saying “I have lost my password, can you re-set it for me?”

Also, OOR’s will reply to ‘normal’ spam mails, confirming the email address as a live one.

From an IT/security point of view, it is preferable to maintain the current situation of OOR’s not going beyond you Exchange organisation but I can see that from a client service point of view this might not be acceptable.

If you do need to allow OOR’s in your company, then you really need an OOR policy document and as we are rapidly coming into holiday season, you need to make all your staff aware of it asap for their own protection.

Staff shouldn’t say how long they are out for nor why they are out. They shouldn’t include their sig file as this gives away too much information (Job Title for instance – the more senior the position, the more likely (extended) travel is involved), and they should include the name of an alternate contact along with the main company number (but they shouldn’t include the job title of the alternate contact).

The following is an example of a reasonably safe and yet informative Out of Office Reply:
“Thank you for contacting me – unfortunately I am away from my email right now but I will reply to you on my return. In the meantime, if you need some assistance, please call John Doe at 555 1234.”

The podcast of this post is available here thanks to Pete Prodoehl whose comment on my last post explained how I could use Ourmedia.org to upload podcasts to the Internet Archive without the 24 hour wait!

How to pick any lock in seconds

Lockpicking is the art of opening a lock without damaging it or using a key – and recently lockpicking has become a sport with clubs and championships. Who knew?

One such club is TOOOL (The Open Organisation of Lockpickers). One of the founding members of this organisation is Barry Wels whose video on how to open a Kensington laptop lock with a toilet roll and a pen have gained him a lot of notoriety lately.

In a similar vein, Barry gave a talk at the Physical Security Workshop at 21st Chaos Communication Congress (21C3) in Berlin where he demonstrates a new technique for opening just about any physical lock in seconds. The technique is called the bump key method and a pdf explaining the bump key method is available here.

The talk is now available online and makes for scary viewing – be warned though, it is over 600mb so if you want to view it you will need a decent Internet connection.

Hat tip to Eric Marvets on whose blog I first saw a reference to this video.