So, about that order I "placed"...

June 27, 2014

Since we run multiple filters at work that do a good job that block spam and malware infested email, I am always interested in what makes it through the defenses as opportunites for improvement.

Take, for instance, an email I received tonight about a supposed order I made.

Hmmmm...I ordered something today with my VISA with email containing my email from a .ru email address (for those not familiar, .ru is Russia). They are so kind to send me an invoice of my order in an attachment, which happens to be a .html file (web page code, again if you are not familiar).

Looks legit to me.  :) — Looks legit to me. :)

Okay. I know, suspicious file....must send it over to virustotal.com and see if it detects anything in the file.

Suspicious email, suspicious attachment, but comes up clean...what gives?

Let's open up the html code in a text editor and see what is going on....

Fortunately, we have other tools to try to get a better handle of what is going on. Submitting the file to malwr.com (run by the ShadowServer folks), we see there is really more than meets the eye.

There is definitely something malicious about this email. Time to throw it into a virtual machine and try to analyze safely. In my linux machine, opening the .html file opens this up....

Double extensions....PDF to make the end user believe he is downloading a copy of the invoice to read in Adobe, but is it? .scr extensions are often used for Screen Savers in the Windows world, or as an extension for a script.

Let's pop the URL that we downloaded the file from and see if protection is up to date?

Only one URL scanner showing this as malicious

Moral of the story is if it waddles like a duck and quacks like a duck, it is probably a duck, and this duck will make your system sick. Never click on unexpected attachments or links in email without verifying from source.

If you have questions about a file, don't hesitate to use tools like VirusTotal and Malwr for them to analyze and help security companies improve their tools with malware samples.

Comment

I tried to see soccer as...

June 26, 2014

..."the beautiful game," but to be honest, it is tough to see. While the games can be exciting, and the precision of many ball strikes, but there are many things that is hard to overlook.

1. The insistence of calling it football. I guess technically it is, but when it wa originally formed it was called association football to differentiate it from other "footballs" like rugby football and American football. It is just another football sport, not THE football.

2. FIFA. It is hilarious how inept/corrupt this organization is. Where can we start?

- Qatar 2022. Who the heck thinks it is a good idea to play soccer in the desert? No infrastructure, no grass, lots of bribes from the oil money.

- Add in ingredients such as match fixing, player bribes, blind refs, biting, etc and get more drama than a WWE event.

3. Flopping. These players flop around the field worse thatpn a fish on a line. You are supposed to be men. Don't fake an injury on the slightest touch.

Socce...can't love you. But I can watch with some enjoyment...kinda like hockey.

Comment

ACA numbers in a meme

April 19, 2014

So...the President wants to tout his "Obamacare" number?

Comment

Small Town High School Reunions

February 15, 2014

Nothing says small town like having your 25th class reunion at the Moose Lodge. I had missed both my 10th and 20th for different reasons (birth of child, wedding anniversary), but it is hard to get up from 1000 miles of travel each way for a dinner with at the Moose. I can only hope that a family reunion is that weekend to make it even worthwhile to travel.

Screen Shot 2014-02-15 at 5.30.20 PM.png

Comment

Data breaches galore

January 25, 2014

Over the past 40 days, we have seen a lot of information regarding data breaches. Starting with the announcement of the Target breach, the following breaches have been confirmed.

Target - 40 million cars plus up to another 70 million ids/emails, etc.
Neiman Marcus - 1.1 million cards
Michaels?
Snapchat (I know, not card related, but still affects 4.6 million users)

There is also a report from January 13 that this may be the tip of the iceberg, as 3 more may yet to be announced, and the FBI on January 23 indicated that many more may be coming.

What does this mean? First of all, if you shopped at any of these stores during the time that each store had announced, then watch your bank statements for unauthorized transactions. Work with your financial institution to replace as needed.

As for after the breach, I believe that this may be a tipping point with regards to EMV in the United States, and perhaps debit cards in general. EMV (also known as Chip and PIN) is a standard where each card has a chip on it in addition to the magnetic stripe. The card is swiped and a PIN is entered that needs to match the chip within the card 3 times or the card is locked. This method is used in Europe primarily and has been recently introduced in Canada, but is not foolproof either (add the fact that it migrates the liability from the financial institution to the end user).

Secondarily, I believe that the use of debit cards will decline (with an equivalent increase in credit cards and/or cash based on the consumer) as people's fear increases that a compromised debit card will lead to a lengthy personal situation as the financial institution works through the fraud and eventually restores the consumers money. People have already moved to a cashless society, but they will need a platform they have trust in.

Comment

ACA (Obamacare) failure in motion

October 30, 2013

The hits just keep on giving. Remember, you were told that you could keep your insurance if you wanted.

But what has come of the truth?

But they forged ahead anyway, even with major failures just before launch.

To be continued....

Comment

Is the #Shutdown designed to infuriate the public?

October 5, 2013

...or is it just a stupid failure where the administration attempts to "barrycade" the public from the open air monuments, through the orders of the Office of Management and Budget (OMB). Let's take a look at the incidents that makes the administration look petty and irrational.

Barrycades at WWI Memorial (very limited), WWII Memorial, Vietnam Memorial, Lincoln Memorial, Jefferson Memorial, National Mall, Iwo Jima Memorial, MLK Memorial, etc. Some of these were created and funded by private funds and costs the government nothing to keep them open. And these people must be critical to government function?
Trying to block access to Florida Bay? I guess we can't have access to the ocean?
Harry Reid's irrational comments about funding the NIH for children with cancer?
Shutting down of government websites, including "We the People."

Just because the Republicans and Democrats can't play nicely, the White House and OMB just choose to punish the populace with these petty and petulant displays of disdain for the American public. President Obama, tear down these "barrycades".

Comment

Intemperate Thoughts