Sunday, November 30, 2008

Is Cameroon The Next Nigeria?


Going over the statistics for the Proxy List, I noticed a new trend. Over 27% of my unique users come from Cameroon. In fact these folks (Cameroonis?) have taken the top spot from the USA and pushed Spain down to #3 (I never did look into why Spain was so fond of proxies but they were always there at the #2 spot consistently).

Although I have been shown to be out of the loop on hardware issues, I'm generally well-informed when it comes to security. And my own Web site. I think.

So I hit up Google on the subject and found this story. Here is a telling excerpt:
Scamming has become a very lucrative business among youths, especially among university students most of whom have either abandoned studies or graduated and are jobless. Through this new-found medium of getting easy wealth, youths now drive posh cars and own the latest design of mobile phones. In the small University of Buea community, there is a new group of affluent youths who inundate bars on a daily basis and stay all day long in cyber cafes, luring and defrauding gullible people.

Arguably, scamming is one of the most booming and ‘admired’ industry that employs thousands of youths throughout the country. Police sources revealed to The Post that internet scamming greatly tarnishes the image of the country, eroding its credibility. Meanwhile, The Post learnt that it is difficult to charge and prosecute scammers since it is difficult either for the victims (most or all of whom are foreigners) to come to Cameroon and make claims in court or show evidence that they were defrauded by one individual or the other.
Also I found this recent article concerning cheap Internet availability in Cameroon. Check out the vid on that page for "Super Camerooni".

Whether this is a new development or just under-reported, it's news to me. I know the security lists have been mum on the subject (419 scams are usually brushed off, there's never any new info). Perhaps all African scammers are labelled "Nigerian" just to save column space. Regardless, Cameroonis are hitting the list like a red headed stepchild at Kroger's (local joke, I think). Scammers need proxies. I have proxies, which, for the most part, I have stolen from scammers (the database has nearly a million proxies - mostly dead - that came from a single scammer site).

Does that make me an accessory? I hope not. If it does I'd like a percentage for my trouble, thank you.

Saturday, November 29, 2008

Chase Down Mr. Hinky Dink

I've been going over the stats for the Proxy List and noticied a growing trend in search engines referrals. It used to be I'd get hits for mundane stuff like "proxy Houston" or "proxy list no codeen" and the like.

Now, they're searching for little old me!


Awww... isn't that sweet?

CoDeeN-Free AT LAST

Things have changed slightly on The List. I have finally kept my original "CoDeeN-Free" promise. The servers are there, but have been moved into three text files. One has all CoDeeN servers, another has just USA CoDeeN servers, and the last has only non-USA servers.

I moved them because most were found on the same day and since the list is sorted by "date found" they took up about 4 contiguous pages. And besides, no one really likes them and they're generally avoided.

In fact, some Rat Bastard CoDeeN server operator in fucking POLAND bitched to my ISP because I pulled five lousy pages off his server! FIVE LOUSY PAGES! Maybe 8K max! Creep! Run a PUBLIC PROXY and WHINE when THE PUBLIC uses it? Utter nonsense. Die, bitch!

Useless.

Plus, this fucker's proxy is all over the Web. (Check this out as well.) Why pick on Hinky?

What really pissed me off is that this is a network torn off from NeoStrada, which is where a lot of the UT cheatzors come from.

Anyway, I put his address somewhere where it won't be used again (by me), but I left it in the CoDeeN list just to piss him off.

Eat that!

Another DEAD Hitachi Drive

I used to be fond of Hitachi drives. I have an ancient 4G SCSI Hitachi that never gave me any problems (in fact, come to think of it, I've never had a problem with a SCSI drive). Their IDE line of hard drives ("Deskstar") are a different story completely.

As it turns out, I was the out of the loop on this one. I didn't get the memo.

These suckers are notorious. Who knew? There was, in fact, a class action suit filed against IBM because of them and techies have been calling them "Deathstar" drives for years (and I thought I had just now cleverly made that up).

NOW they tell me.

It was about a year ago that one of these suckers brought down BOT House. It was months before I could recover the data. And that was a fluke.

I had, unwisely, bought two of these damned things. The other I installed in a Windows XP system for my kid, Rinky Dink. That particular drive died last week. This turned out to be good timing since he was coming home for Thanksgiving. He dragged his whole system home for Dad to fix. (He also brought his bride-to-be, the future Twinky Dink, home with him. Nice girl. She knows the wireless password now, so she's part of the family whether she likes it or not. Unfortunately, she's a Mac user.)

When I popped it out and looked at it, I noticed his drive and the BOT House drive were manufactured almost exactly a year apart. And they died almost exactly a year apart. We both got about three years out of them. Very suspicious, since they had a 3 year warranty (coincidence? I don't think so!).

Lucky for him, Dad doesn't do Thanksgiving (being an atheist as well as a vegetarian), so I took another Busman's Holiday to fix his system. Since it died the week before I had time to pre-order a Western Digital 160G replacement drive.

I would've gotten a larger drive but all they (TigerDirect) had were... that's right... Hitachi drives! In fact it seems IDE drives are going the way of CRT monitors. They were outnumbered 4:1 by SATA drives. You probably won't be able to buy IDE drives this time next year. Stock up now because the price of Old Tech always goes up (with the exception of those CRT monitors).

Plan A was to GHOST the drive and fix the OS after getting a clean copy.

There was no Plan B.

I know there are some excellent Open Source alternatives, but I'm an old hand at GHOST'ing, although I haven't used it on a daily basis since the late 90s. I first encountered it in 1996 when it was called "General Hardware Orientated System Transfer".

"Orientated". That always irritated me, from the moment I saw the version 1.0 startup screen. The correct term is "Oriented", dickwad. English, motherfucker, do you speak it? Stupid shit. What a joke.

And that joker laughed all the way to the bank after he sold GHOST to Symantec.

I have version 8.3 (c. 2005) and 7.5 (c. 2000). I started with 8.3 since it was written after Windows XP and it didn't seem wise to use a version that pre-dated XP by a couple of years.

That was my first mistake. 8.3 simply hung trying to read the drive ("hung" is not the right word, it infinitely reset the drive and showed no sign of ever stopping). I dropped back to 7.5 and the same thing happened. I started playing with command-line switches and had better luck, but it would copy about 13% of the drive and die. I did this until about 4AM Thanksgiving morning, when I finally hit on the right combination:

GHOST -NTIC -FRO -BFC -IA -OR
I finally got past 13% so I let it run and hit the sack. When I woke up it had an hour to go. I spent the time playing UT (and getting slaughtered). When it was finished it had found a total of 64 bad blocks.

I booted it up, Windows ran CHKDSK, rebooted, and... everything was fine!

Except I had an 80G drive image on a 160G disk. The command line options I used precluded resizing. I used gparted to do the resizing, which got slightly complicated because the data drive was on an extended partition. Extended partitions can't be moved and I needed to do that because some idiot (me) only allocated 20G for the C: drive and Rinky was constatntly running out of space on it. That required backing it up, resizing the system partition to a comfortable 60G, creating a 100G data partition, and restoring the data.

I was done by about noon Thanksgiving morning.

Still, those 64 bad blocks are a concern. Who knows what was on them? Apparently not the OS or it would never have booted. So far everything seems OK, and the application that was nearest and dearest to Rinky's heart (World of Warcraft) was on the data partition, which survived intact.

So we have a Happy Ending for all concerned and I have learned a Valuable Lesson (Google before you buy anything). If you have a Deathstar, back it up now.

Wednesday, November 26, 2008

Lean Sock Puppets

sock puppet (noun) : a name or identity used online to deceive others and that is often used to direct praise or attention to oneself. (From Merriam-Webster's Open Dictionary)

Anyone who has spent any hard time in a corporation or bureaucracy knows that there are certain management fads that make the rounds. There is no escape. It's going to happen and it usually happens for a reason.

For our previous CIO, whose job it was to reorganize the IT department it was Who Moved My Cheese.

Back then, if you were a middle manager and didn't have a copy of the book prominently displayed somewhere in your loser cruiser or on your desktop, you could end up being branded as some sort of corporate insurgent. It was everywhere. The most faithful always carried a copy with them to meetings to spread the faith whether they believed it (or read it) or not.

The latest CIO is proselytizing The 7 Habits of Highly Effective People.

Ugh. Not again. The less said about that nonsense, the better. That crap has been making the rounds for almost twenty years now.

But this isn't about cheese or habits or CIOs. It's about IT Security and the CSO.

A few months back, the CSO sent us this link (don't bother reading it, it is crap) to an article on "Lean Security" and noted we would be hearing more about it in the months to come.

Uh-oh. In my mind that meant "here come the budget cuts, kiddies!"

I dutifully read the article and before going beyond the second paragraph I got an erie feeling of déjà vu.

I knew I had read it before, but something was different. The subject had come up in the late 90s, but back then it was "Lean IT". As I read on I became convinced that the author had simply recycled the "Lean IT" article by searching for "IT" and replacing it with "Security".

It was an astounding epiphany. "What now?" I asked myself. Was this going to be the Next Big Thing industry-wide? In order to answer that I created - what else? - a Google News Alert for "Lean Security".

The were very few hits over the next few months, and nearly all of them pointed back to the same article the CSO had provided a link to. That settled the "industry-wide" question in my own mind. There was no buzz. Anywhere.

The CSO never mentioned it again.

This brings us to the sock puppets. It turns out there's a Lean Enterprise Institute. They've been responsible for distributing this crud for over 11 years. It figures. They even have a Lean Forum, and that's where my most recent Google Alert came from. It pointed to this thread, which goes like this:

Sock Puppet #1: I've read several articles of applying LEAN principles to security operations. Can anyone suggest additional readings? Just a really interesting concept for me. Thanks!

Sock Puppet #2: It makes sense. Security is just another process, with a specified outcome.

Sock Puppet #3: I'd be happy to discuss this topic with you. I have co-authored the original article on applying lean principles to security and will continue a series of columns in Security Technology & Design Magazine for the next 10 months.

Oh, brother. Nothing stands out like a self-serving clusterfuck.

Saturday, November 22, 2008

CSO PWN3D!!!!


Here's a little bedtime story about Life in Hinky Dink's Security World.

Back in the Old Days, when l33t H@X0Rs and scriptkidz wrote viruses just for lulz and masssive IT butthurt (as well as worldwide credz) and had no clue how to make The Big Bucks pimping juicy 0day hax for e-gold, anti-virus companies used to send out newsletters enumerating newly discovered lulzware.

Back then (c. 2001-2005), people used to like to make the Security Team look bad by being better informed about such matters. We had to stay one step ahead, ready with a risk assessment at the drop of a hat. It was simple. In those days, viruses and worms travelled from East to West. Some guy in Hong Kong would go to work at 8AM, open an email, get infected, and begin the process of spewing lulz all over the Intertubes. By the time 8AM rolled around to New York City, most of Europe and Asia would be already infected and the security mailing lists would be well ahead of the anti-virus vendors (it was a funny time - all the "security experts" on those lists got hit the hardest and were generally the most butthurt of them all).

Scanning the lists and sending out local alerts became part of my job. If something was serious enough an email would be blasted to the entire IT department. Since this tended to make otherwise only mildly neurotic server room Trevs completely shit their pance and go into Full Panic Mode, it was avoided as much as possible. It was more important to keep them calm and focused. Otherwise they'd get so scared they wouldn't come back from lunch. For days (I'm not kidding).

At the very least, I would email the security team just to keep them informed. The same went for security patches and the like. It was extrememly important to keep on top of things. It still is.

That was then, this is now. Anti-virus companies can't keep up with the malware anymore and they don't send out alerts (in fact, AV is hardly any defense anymore). The Security mailing lists are just short of useless. The oneupsmanship is gone, mostly because now it's all about patches and the server room Trevs hate patching. As far as they're concerned patches don't exist and they never heard anything about them.

And instead of three people in the Team, there are now nine security droids. Most of them are newbs, and will freely admit it. And with minor exceptions they appreciate the "heads up" email I - used to - send.

Everyone except His Nibbs, the Chief Security Officer.

To be fair, the CSO gets a lot of email and it causes him unbearable butthurt. It's so bad he's just now answering emails from last May (again, totally serious). In this respect he is an extremely poor communicator. I'm convinced he does this on purpose for "plausible deniability", but a large part of the problem is all his responses must be perfect in every detail, the right font, the right bullet, the right signature, pertinent hyperlinks, etc. so it takes him the better part of an hour to respond - masterfully - to a single e-mail.

It was no big surprise that the Directive came down to "Stop Discussing Things In Email". The Team didn't stop. We simply refrained from cc'ing him. This worked very well, the CSO was oblivious, and everyone was happy, until one day His Nibbs got a hard-on for a huge, steaming pile of Microsoft SHIT called SharePoint.

Then we got a new Directive, "Start Discussing Things In Sharepoint".

OK, fine. I moved my "alerts'n'stuff" to the SharePoint Discussion Board. Only there was one problem: when you discuss something it sends everyone in the Team an email notifying you of the new discussion. When someone joined into the discussion, everyone got another e-mail. Net effect: no change in the amount of e-mail you received.

Frankly, this is configurable. You don't have to do it and there are other ways (RSS) to get some kind of notification. So then Mr. CSO had a Bright Idea: we would vote on whether or not to turn off e-mail notifications. The "Or Not's" won.

Honestly, I think most of the Team voted it down because the CSO was such a whiner about e-mail. (Note to CSOs who may be reading this: Democracy does not work in your favor. Whether you like it or not - and most do - you are a Dictator. So start acting like one and stop being a Whiny Little Bitch.)

After that, Yet Another Directive came down from the CSO: "Only Discuss Things That I Want To Discuss On The Discussion Board".

That immediately put an end to all discussion, all email notifications, etc. The crickets moved in and the Discussion Board promptly died. Not only did he not want to discuss anything, but the things he wanted to discuss amounted to nothing but Boring Shit. Plus he used it as a venue for new Directives, which, in his perfect and sublime mind, require no discussion. Who would dare argue with the CSO? Problem solved.

Naturally, the Team went back to e-mailing each other without cc'ing the CSO. "Fuck that noise" was the general consensus.

Noticing the Discussion Board traffic dropped down to nothing, and thoroughly annoyed by the all chirping crickets, the CSO decreed SharePoint should be expanded to include Blogs.

Therefore, New Directive: "Discuss Things I Don't Want To Discuss In Your Blog" or, more aptly, "Put That Shit Somewhere I'll Never Have To See It".

OK. Fine.

I became a reluctant, but prolific, Corporate SharePoint Blogger, starting out with a series on Why You Shouldn't Blog At Work Or Anywhere Else (there are no guidelines, no policy, no list of "Do's and Dont's", nothing). I made certain all my blogs were simple Cut & Paste articles. No original content whatsoever, with proper attribution and a link to the original whenever possible. I don't "say" anything and I'm going to keep it that way until these bozos can tell me what kind of trouble I'm getting myself into.

So that goes on for a few days and one morning I get a call from the CSO. It seems the CFO got her panties all in a bunch about the Pentagon getting infected with a virus and he wanted to know what the Hell was going on.

"Oh," I said, nonchalantly, "DIDN'T YOU READ MY BLOG? I WROTE ABOUT THAT TWO DAYS AGO."

PWN3D!

Wednesday, November 19, 2008

Public Health Videos

As you know, I'm quite fond of myslef. And justly so. I have written before about setting up Google Alerts for "mrhinkydink" and I'm still getting them. It doesn't - usually - creep me out as much as it did in the beginning but today I got a "hit" I was slightly dumbfounded by. It seems someone collected my entire body of work at YouTube and decided they were public health videos.

Here's a screen cap for posterity just in case they discover the error of their ways.



Very curious. I figure it must have been the Recombo DNA video, which I created for my tinfoil hat e. coli theory from last year.

Either that or last year's celebration of National Handwashing Week or my dissertation on towels, hotels, and MRSA tipped them off that I was some sort of health guru.

Whatever the reason, I'm honored.

I think.

Sunday, November 16, 2008

ATI Drivers: The Never-Ending Battle

I really thought I had it hammered.

I removed "everything Apple" (iTunes, Bonjour, QuickTime, etc.) from my system and UT99 stopped crashing.

For about a week.

Then it started up again, so I gave in and downloaded the ATI Radeon Driver-of-the-Month (dated last Thursday) and installed it. Usually this is guaranteed to lose me forty five minutes of my life.

Not this time. It was more like three hours and a dozen or so reboots and fucking around with the Windows XP registry.

But it did work. UT stopped crashing. I played several rounds at BOT House and EXP3 and was very satisfied that the system was stable again. I might even put that Apple crap back on.

Then... I noticed something.

My CD and DVD drives had vanished. They had the "yellow piss stain of shame" in Device Manager and they didn't show up in Windows Explorer.

Fan-fucking-tastic.

I did the usual: uninstall and let Windows rediscover them, reboot, and... nothing.

Same story over and over, "Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)"

It was getting late, so I went to bed. After my first cup of coffee the next morning I had a moment of crystal clarity:
"GOOGLE IT YOU FUCKING USELESS MORON!!!"
The first hit did the trick and I got my drives back.

Take this as a lesson: "Google first, fuck around second!"

It seems this is a very common problem although why a video driver update would affect IDE drives baffles me (although I am easily baffled these days... probably due to the early onset of Alzheimer's).

Then, while bitching and whining about this problem on a message board, someone pointed out there was an option: Omega Drivers. It turns out some clown with too much time on his hands has been tweaking the ATI reference drivers for a few years (he also does NVidia and 3dfx).

That was news to me.

I downloaded the "latest" (January '08) Omega driver, but decided against installing it because all the tweaks seem to be centered around the Catalyst interface, which I despise and never install (and yes I did install it as part of the troubleshooting process - it didn't help and only contributes to an extra long login process while it does... whatever it does).

I might be compelled to try it out if someone can give me a testamonial. The research I did indicates all the performance "enhancements" are subjective and anecdotal, but if they helped you out, let me know.

UPDATE

The ATI Driver-of-the-Month crashed, so I installed the Omega driver. It crashed too, but the system recovered with only a screwed-up desktop resolution (and brightness/contrast/gamma) when I quit UT.

Also, there is no Catalyst driver whatsoever, so it's not as bad as I thought.

Saturday, November 01, 2008

How To Be A Creepy Internet Stalker Dude


A while back, I went to my local Microcenter and stumbled across a bin full of cheap ($5.97) USB Webcams.

I have this thing about cheap (upper limit: $19.95) USB Webcams. I have a whole collection of them. They all suck, and I expect them to suck, but I can't stop buying them.

So I bought one, took it home, plugged it into the nearest Linux box I could get my hands on, and the sucker worked!

This is unheard of. The next day I went back and bought five more (I'd include a link for these things but even the manufacturer - Sakar - doesn't seem to know they exist). Since then I've been researching ways to use them and learned a whole lot of Things I Didn't Know About USB Webcams And Linux, even though I've been banging my head against the wall on just this very subject for over three years now.

And so begins a series of blogs on what I've learned.

But what if you don't have a Webcam, USB or otherwise? Why, use someone else's!

This subject has been beaten to death on the security front since the heyday of the X10 cam (remember those wonderful popup ads?), so I don't feel compelled to issue a Hinky Dink Security Advisory on it. But the fact is, people are silly enough to leave Webcams up 24x7 in their living rooms, bedrooms, front windows, etc. ever since they started selling these things.

Consider this scene of domestic bliss (left).

I've been watching this cam for about a year now (they eventually mounted that large screen TV over the fireplace). I have the URL saved as one of my favorites and whenever I get bored I tune in to see what's going on.

I honestly think they forogt they had a Webcam, but it's been moved at least once in the last six or eight months, so somebody knows it's there.

Perhaps their housekeeper (right) moved it. This was the original position of the Webcam.

Am I creeping you out yet? Sometimes I creep myself out with this shit, but when they put the big screen TV on the wall (it took forever) I showed it to my wife (Pinky Dink) and she only gave me a mildly dirty look.

A mildly dirty look, mind you.

In fact we watched the progress of the TV installation together (we're getting one sooner or later and were interested in how complex the operation was - we have since decided not to go with a wall mount).


How do you find these gems? You should know this one by now. It's GOOGLE of course, silly! There are a number of different brands of Webcams that identify themselves by the URL required to access them. The most famous is this simple search:

allinurl: axis-cgi

You will get thousands of hits. And then, suddenly, Google will decide you must be either a virus or a Creepy Internet Stalker Dude and will stop sending results.

Well, that's only one brand. My wireless Webcam uses a different URL, so I decided to search on it. Here it is:

allinurl: aview.htm

You will get about four hundred or so hits from that (IE only - you will need to download the ActiveX component - if you're comfortable with that). Linux users should search on jview.htm, which is the Java version (but beware... it's painfully slow). The jview version will also work with Internet Explorer but don't bother. You will find that both aview and jview are available on the same camera, but you get different search results depending on which URL you use when you Google it.

There you have it. If you stumble upon my friends with the chubby housekeeper and the big screen TV, take it easy on their bandwidth. I'm fond of those people. It takes me back to a time when I was a young and stupid newlywed myself.

Ah, the memories.