Confusing the Scammers

What’s the 4191 on Win XP?

I’ve gotten probably five phone calls from some Asian company (I’m guessing India or Pakistan) about my PC being infected with spyware.

The senior technician wanted me to download a program called “teamview” so he could diagnose my problem.

I asked for their information. Here is what he gave me:

Computer Maintenance Company
Frank Rogers
800.778.8162

Call and ask for Martin.

The 800notes info on this number.

Since it appears that barfing out WHOIS information willy-nilly might get me in trouble, I’ll leave this so others can look it up, themselves.

http://www.teamviewer.com
http://www.ammyy.com/en/

I called the 800 number Frank Ro/d/gers gave me, and got a completely different company name.

I really don’t know how much of their time I wasted, butl…..

“What version of Microsoft Windows is my PC running?”
“Open Internet Explorer, and go to…”
“I don’t have Internet Explorer>’
“…”

I think I’ve managed a promise that they won’t again call my cell number. I’m skeptical.

Followup to the last

In line with what I was bitching about last week, my friend Mike posted this to Facebook. (I met Mike through Orkut, which, amazingly, Google has let survive.  I guess it’s still big in Brazil and India….  I’ll post this to G+, but I don’t know who’ll notice., or how long it’ll be there)

Much like the endless collapsing malls, this is something else where nobody will assign responsibility for allowing it to collapse.

My wife read me a story yesterday from a British publication about how bad the bridges into New York City were getting.  That’s been news in Tidewater for years.

I’m starting to think the world actually did end sometime around 1994.  Nobody got the memo, thouh.

Reflective

I’d say this would pair nicely with Matt Sharp’s Thoughts From A Slow Train, but that’s not available on YouTube…..

Sunday afternoon, we were watching some of Bourdain’s Parts Unknown best-of episode. He had some interesting things from Detroit last season. Much has been made of the deterioration of Detroit, but little seems focused on how to actually bring it back. I have my own ideas about how to revive urban life, but they’d require changes even the politicians who run on CHANGE are unwilling to consider.

Still, it’s not just the industrial-era bastions of American might that are collapsing. There’s plenty of nasty suburbia that people have let die the last couple of decades. Who’s overseen that? Your kids are busy occupying Wall Street, when you’re grinning mightily at how your 401k is doing.

Rest comfortable in that, y’all. Thinking of what you’ve let slide into ruin might give you a headache. No, you can’t have your Aleve back. Not yours, desipite whatever the commercial on NBC Nightly News says. Oh, but the 1964 World’s Fair was so neat! yeah, about that.

Taking the time to investigate why things are the way they are is too tough. Better break out the Tylenol, again; you switched to that today, remember?  Cluetick:  it’s not the CEOs.  Yes, they’re getting incredibly rich.  Why?  You own the shares, and every time they tick up a penny unexpectedly, they get paid — outrageously, in some cases.

Do I really have a point with this? Yes, but I don’t think most people would care. Oh well. So, I’ll just go away, and leave whoever’s reading with this…..

image

Heartbleed

I saw this on the full disclosure list Tuesday, but didn’t think much of it.

Yes, a lot of sites are affected. Yes, there’s potential for account hijack. Do you need to panic, as is HuffPo’s advicepanic? No. (And I’ll spare teh soliquily about how their operation make MSNBC and Fox look like bastions of crediblity….)

My understanding is that this was a bug that popped up sometime in the past couple of years. Surprisingly, if you’re running old stuff (or Microsoft nonsense) server-side, you’re unaffected.

It’s something that unless the sites were using the vulnerable version, and you changed your password while they were using the buggy version, and someone happened to be hijacking your session when you changed your password, then you might be vulnerable.

Do the math on the probabilities.

I’ll spare the schadenfreude about the commercial sekurity products affected because they used a buggy verison of OpenSSL, though *cough*McAfee*cough*Barracuda*cough* the temptation is tough to completely pass up.

Not-so-lazy Sunday

I’ve been looking around, applying for work, and so on. It’s Sunday, I’m by myself. And maybe that’s why I’m mildly amused that my CMS tells me, “howdy.” (It’s a bit like it sent me a smiley. I LOVE smileys.)

Part of what I’m working through in figuring out what I want work-wise, is health care. Part of my frustration recently has been dealing with having to change insurers as I involuntarily change employers. Because I was sick of paying an incredible amount for COBRA from the last company’s plan, I bought private insurance. So far, I’m happy with it. I don’t have to go on whatever “employer-sponsored” program whenever I do find a gig.

I also looked at private plans on the individual market, and ones offered through my auto and property insurance company. I ended up choosing something else due to local ubiquity, and, ultimately, cost. (To speak to that, the plans I ultimately ended up choosing for health, dental, and vision were cheaper than just health and dental from my auto and property insurance company.)

I’ve long speculated that the PPACA (Patient Protection and Affordable Care Act) aka “Obamacare” (what a terrible abbreviation, and nickname, by the way) would ultimately result in the death of “employer-sponsored” coverage. This implies that’s already happening. So, my calculation is to find a company paying into a private exchange that offers my insurer, or pay out-of-pocket until I can choose a plan offered in an exchange whoever I’m working for that week pays in to.

In the meantime, if I land on with a company that doesn’t pay into an exchange that offers my plan, or retains an old-school setup, I’ll have to try to see if I can get some sort of salary increase to support my decision not to use their benefits.

Also, if there’s something where I don’t need to work full-time, the employer can pay in proportionally based upon how much I’m working. (If I’m only working half-time, the employer only contributes half of what they’d normally contribute….)

Decisions, decisions.

What else have I been doing? Learning about Linux KVM, and trying to decide how to address this site, and HR Geeks.

Speaking of which, I should go put up the meeting info on 757.org.

So Much This

It’s pretty rare when you run across a sekurity mastar who gets it. But, this is one of the best things I’ve read in a long time.

(Hattip to Drew, who told me about the FD reboot.)

I guess my sense of amazement at the pitiful state of the industry should wane over time. It hasn’t. The mastars keep getting more letters after their names, and bigger salaries. (I’ll set aside the fact that I have met CISSPs who are unable to parse, much less write, a script to manually patch and secure a Windows box….) Meanwhile, various vendors’ products render many solutions nearly unusable.

This one is along the lines of what I’d planned to speak on at Shmoocon 2013. I was writing my CFP response, and got to counter arguments I didn’t think I could easily refute. Are you really securing things if you have to increase the attack vector to use a tool? Are things more secure if you have to install Java and Flash for a tool to work? How about .NET?

It’s wrong of me to think such things; I should just shuttup, and improve my Minesweeper skills.

Narrowcasting

This thing about Firefox’s CEO and OK Cupid came up on a friend’s Facebook feed. Longer, testier, description of the nontroversy here.

Most of my searching shows that Firefox is somewhere shy of 20% market share.

“If a tree falls in the woods, and there’s nobody there to hear it, does it make a sound?”

(Setting aside for a moment that unless you’re in a vacuum, it always makes a sound. I had a slickieboy BD guy look at me quizzically when I refuted his “perception is reality” assertion by asking if that tree ever failed to make a sound… “PERCEPTION IS REALITY!!!1!”)

So, of those eighteen percent of people browsing with Firefox, how many will visit OK Cupid? Of that fraction of a fraction (Sup, dawg?), how many will be outraged by what this guy gave money to?

I’m reminded of William & Mary’s most famous alumnus (since Darren Sharper figured out that, unlike Spanish Fly, roofies actually work….) on Crossfire years ago. In a country with more than 300,000,000 people, how can a show with average viewership of less than 500,000 be hurting America? Nobody’s watching.

Headdesk

LMGTFY for those of you who don’t know……

I said snidely this morning that for some, your LinkedIn connections are the second most important factor in determining your competence (after the number of store-bought Minesweeper certification initials following your name).

This evening I got a message from a recruiter saying that based on my LinkedIn profile, I’d be a perfect match for an open position she’s trying to fill.

What’s the position?
1. It’s a four-to-six month contract, and;
2. It’s in Saudi Arabia, and;
3. It’s a JANITOR job.

What. The. Actual. Fuck?

I asked Barbie, as obsequiously as possible, to let me know what in my profile made me a fit for her slot. So I don’t show up like that in any other search. Perhaps there’s some disjointed phrase I could use to make people think i’m an empty-suit no-talent suck up.

But I really don’t look that sharp in a tie.

Instead, I’ll keep busy messing with my embedded Linux stuff to replace the wheezing PCs I have, and lower my electric bills.

*sigh*

What's Old Is New

In technology, perhaps, certainly not with me.
I’ve been plunking around with some old hardware and software as of late. I have absolutely no idea where the Pentium D board I had is. I can’t remember if I gave it away. Maybe I’ve just misplaced it.
So I’m messing with QEMU/KVM stuff on this other incredibly old setup. It’s not working as well as I’d like, but if I can get it close enough to do what I came to do…
I think I unsubscribed from all the NetBSD mailing lists I’d been tracking. With the decision to use something else for users, there’s no need, I guess. I still do like NetBSD an awful lot. As I’ve said many times, when I first used it, my response was, “Is this all there is?” Yeah, that’s all there is. And it’s everything you need. It behaves exactly the same way, regardless of the hardware you’re using.
I also find myself missing Usenet today. Don’t know why I have a hankering to mess with INN. Bleh.

What’s Old Is New

In technology, perhaps, certainly not with me.

I’ve been plunking around with some old hardware and software as of late. I have absolutely no idea where the Pentium D board I had is. I can’t remember if I gave it away. Maybe I’ve just misplaced it.

So I’m messing with QEMU/KVM stuff on this other incredibly old setup. It’s not working as well as I’d like, but if I can get it close enough to do what I came to do…

I think I unsubscribed from all the NetBSD mailing lists I’d been tracking. With the decision to use something else for users, there’s no need, I guess. I still do like NetBSD an awful lot. As I’ve said many times, when I first used it, my response was, “Is this all there is?” Yeah, that’s all there is. And it’s everything you need. It behaves exactly the same way, regardless of the hardware you’re using.

I also find myself missing Usenet today. Don’t know why I have a hankering to mess with INN. Bleh.