Gooligan Infects Older Versions of Android

Read an update from CheckPoint Software on Gooligan. This is some malware that compromises Google data access. You get infected by downloading fake apps onto your Android device. This affects versions 4 (Ice Cream Sandwich, Jellybean, Kit Kat) and 5 (Lollipop) of Android .

The kicker is that the fake apps come from third party app stores. You would not find these in the Google Play store. I see that there are a couple of themes in the fake apps that infect you:
  • Sex stuff (sex photo app, sex cademy app, and sexy hot wallpaper)
  • Games (HTML5 games, snake, slots mania)
  • Tools (wifi enhancer, GPS, youtubeplayer, calculator)
The apps download a rootkit. Then they do nasty things such as download other apps and even rating them on Google Play. The fix is to get some antivirus software pronto. And prevent it in the first  place by steering clear of third party app store. You never know what you are getting.

Crooks Getting Smarter

I logged into an old email account of mine recently. Saw a spam message from a few years ago. The thing was really good. Official looking return address at the top. No grammatical errors. Lots of specific numbers cited. Bitmap signature. Link to an official web site. Damn.

The real question is why are they sending me this spam? Are they trying to get some personal details out of me for a further hustle? Seems like a lot of hard work went into crafting this email. The only things that were sketchy were that the contains were all contained in a jpeg image, and they were telling me I won a lottery that I did not enter.

Crooks are getting better at running their scams. Watch out and warn your peoples.

The Cisco Command Line Interface

I have been digging in deep lately, trying to learn networking basics. Down at OSI layer 2. Studying how switches work in minute detail. Moving up to understand how routing works at OSI layer 3 as well. There is a lot going on.

Got access to a simulator. I can pretend to log into Cisco switches and routers. Access them through a command line interface (CLI). The problem is that there is a whole language I got to learn. It also feels like a wonky version of MS-DOS.

Just when I thought all was lost, I got ahold of a "cheat sheet" full of Cisco commands. I was off to the races ... until I discovered the cheat sheet was locked. It was distributed in the form of a PDF. But the file had security turned on, and I could not even print out the damn thing.

Well PDFUnlock came to the rescue. My file was a small one. PDFUnlock let's you break the password for free online. That's a good URL to have if you get into a bind like I Was. All right. Watch out world. I am gaining networking power as we speak.

First Hackathon

I attended my first hackathon tonight. One of my instructors told me about it. The goal was to solve problems using Python. You were actually allowed to use any programming language. But they encouraged you to try out Python. I started learning it earlier this year until I found out I needed to look for a new job. Only wrote one program at work in Python that ended up only serving as a prototype. Luckily I did work through some problems on my own. Was just a little rusty.

My instructor and I were unsure what to expect from the night. Normally you would think some company would try to get you to develop products for them for free. Yes there was a corporate sponsor. Yes they provided pizza and soda. No we did not have to develop products for free. We had a bunch of problems to solve. The problems were from a web site.

The problems were grouped by difficulty. I could not finished all the easy ones. Never even got to the hard ones. You would receive more points the harder the problem was. There were a bunch I attempted but failed at. There was no penalty for guessing the answers. However if you guessed too much, they would limit the time you had to wait to enter another answer.

I had some initial trouble because I could not get my laptop to connect to their free WiFi. They started the contest when I could not even log in online. I ended up using one of the desktop computers they had. Luckily it had Python 2.7 installed on it. Had to download Notepad++ to inspect some data files they provided.

My score got me into the top ten for a good portion of the night. But the new kids on the block stepped up their game during the last few minutes. I bombed my last question and got power passed, leaving me out of the top 10. So I did not qualify for any prizes. My instructor thought the best strategy was to attempt the difficult problems and claim the big points. The only problem was that he got stuck on the first hard problem he tried. His score suffered.

The prizes were things like tee shirts and Python programming books. Top prizes included Rasberry Pi kits. Not too shabby. The handle of the dude who won first place was GOD. He looked like he belonged at the top of the hackathon. I might do one of these again in the future. Got to mix up my own strategy for maximizing points achieved.

Hackers Take Over Car Remotely

Just read an interesting Wired article on some hackers that know how to take over a Jeep Cherokee. They found some vulnerability in the Jeep's Internet access that let's them control the car and do bad things. See how Andy Greenberg got into a panic when he lost control of his Jeep.

And its not just the Jeep Cherokee. Some Cadillac and Infinity vehicles are at risk as well. The guys that found the loophole shared the info with the manufacturers. But they are also going to present their findings to the public (without the low level code to hack the car chipsets).

The uproar in the comments of the article is that they hacked a Jeep that was cruising down the highway. Can you say dangerous? The real danger is that your own car might get taken over in the future. I think I will keep my old Chevy 1991 pickup truck. No computers in there to take over.

Learning from Copy Protection

Just read a sweet article on how someone got past Math Blaster disk copy protection. Math Blaster apparently was some game or educational software for Apple computers back in the 1980s. Their disk would not copy using any of the standard techniques.

I got to give it to the author. They kept at the investigation for months it seems. Wow. I say you could learn a thing or two from the techniques Math Blaster employed. There were multiple levels of protection going on. Levels within levels to be exact. The encryption also seemed to take advantage of some bugs in the tools that crackers used to get past the copy protection.

Turns out the company made a decent bit of coin from selling Math Blaster. Maybe some of that was due to the copy protection preventing the program from getting out there too quickly. One weird thing I read about in the article was Advanced Demuffin. Who names these things?

E-Book Project

I have been downloading Kindle books for some time now. Normally I pull them down to my Kindle reading program on my PC. Most of the books were free when I got them. However I bought a few of them that I really wanted. Now I want to do something to organize these books. I do have a folder system in my Kindle program. But I want something better.

I figured I could maybe set up a database to store all the details. This would require me to scrape the Amazon web site for info. How do I grab all the book titles and find their pages. Well first I started with the books I downloaded. Since I run Windows 7, then seem to be stored in location C:\Users\\Documents\My Kindle Content.

The books are stored in an AZW format. Some say that is Amazon Word format, which is the MOBI format with high compression. They might have DRM on them. Or they might not. The DRM, if present, locks the book to the device ID. I imagine the locking only works on real Kindle products, not my Kindle reading program.

I did realize that every time I download a book, I have Amazon send me an email which I catalog. Bingo. Those emails have the book name and link to the book on Amazon. Now I got to dump all those emails out, read them into my database, and code up a Amazon site crawler. This is going to be a very fun project. Feels like my roots ... writing programs to grab stuff off the web.