Elcomsoft Forensic Disk Decryptor

I recently read an article about a product called Forensic Disk Decryptor from Elcomsoft. This thing can access Bitlocker, PGP, and TrueCrypt volumes. It does this by grabbing the keys required to decrypt the data. There are three main ways the software can grab the key: from RAM, a hibernation file, or through a FireWire attack.

Note that you need to use some other third party tools for some of these attacks. For exampl, you need to use a separate tool to get a RAM memory dump for the program to scan. Also you need some extra software to mount a Firewire attack.

The fun part of this is that once you get the key, this software will mount the encrypted volume as a drive letter in unencrypted format. It will also not modify the encrypted volume it is cracking. This is access without a trail. The software looks like it costs a couple hundred bucks. There has been some discussion about this release. Most of the talk hinges around the fact that they are really just mining the keys. Once you have those keys, accessing the encrypted data is really not much of a hack.

Bureau of Prisons

Recently I went to the bookstore to do a little Christmas shopping. In the corner of the magazine section I spotted a stack of 2600 magazines. Ahh I remember reading those diligently in the past. They have such a good feel to them. I bought a copy and am half way through the thing. I need to actively pace myself so I don't read it cover to cover in one sitting.

So far the most interesting article was on the Federal Bureau of Prisons. The author describes the hoops inmates need to jump through to get computer access. They need to pay for it. Pay for the time. Pay for each page printed. You cannot email anyone directly in prison. You must go through a proxy where your correspondence is monitored and approved on an email by email basis.

Of course the author described some of the details of the systems used to provide net access to prisoners. LOL. Looks like he found a few holes to avoid payment and/or censoring. He had better be careful. I think he gets released soon. No need to further delay his release for something small such as hacking the printer.

This perspective helps me realize how lucky we have it. I often grumble about having to change the printer paper or toner. Or I need to occasionally reboot the wireless router to get back on the Internet. If you are in prison, you got to do a lot to be able to get even restricted access to the net.

Bribing Cops in Central America

This weekend I read an insightful blog post by John McAffee. His post is a guide to travel. John lives in Belize, a country in Central America that borders on the Carribean. This is the same John McAffee that founded McAffee Associates, the antivirus company. Recently McAffee has been in the news as a person of interest in a murder. But let's get back to the travel guide.

Appanrently it is business as usual for the police to shake down travelers in Central America. And the use of bribes to get past these cops is also common practice. John has a bunch of tips to ensure you stay alive and stay out jail. One key point he makes is for you to stay in your vehicle at all times. That applies even if a cop tells you to get out of the vehicle.

Another theme John reiterates is to stay calm, smile, and negotiate. Cops may try and distract you to plant some drugs in your vehicle. Even that should not phase you. One somewhat radical recommendation from John is to smile, wave, and slowly drive away from the cops. Strangely enough, he says this works a lot of the time.

John calls the bribes "documentation". That is, the cops ask you for documentation. They are actually using that as a code for a small bribe so you can be on your way. I found it hilarious that John often uses some technical manual with a $20 bill stuffed in it as his official travel papers. He says most of these cops can't even read. But they know and appreciate the greenbacks.

You should go to John's blog and reading all the details and scenarios for yourself. This may come in handy if you find yourself on travel in a third world nation.

Hiding Email Transmissions

I just learned of an interesting way to send and receive emails with someone that makes the transmission almost impossible to detect. What you do is share the username and password to a Gmail account. Then you compose an email, but do not send it. That keeps the email in your drafts folder. The recipient then just logs in and checks out the latest draft message. They can then either edit that draft, or delete it and start a new draft. Sneaky huh?

I found out about this hack because General Petraeus of the US military used this technique to communicate with his mistriss. Sneaky devil. Terrorists have used this technique as well. Your email client never actually sends the email over the wire via email protocol. The message just sits on some server. The method is not foolproof. They figured out Petraeus' antics while investigating a crime. He was outed.

Rot-13 Job Posting

Today I spotted an apparent job posting over on Reddit. At first I thought the posting was written in a another language. Upon closer inspection, I figured they were just doing some encryption on the posting. The giveaway was the job title "Fravbe Fbsgjner Ratvarre". They put "Senior Software Engineer" in parentheses next to that job title.

The number of character in each word lined up. Then I saw that the letters E and then R were mapping to the same letters in the encrypted version. Wait. E went to R and R went to E. By golly, this is ROT-13 encryption, a very simple cipher.

The company is looking for what looks to be a junior developer (despite the title of senior software developer). They also want a PHP/Java/.NET hacker. That does not sound like me. Plus the salary is too low. However I found their ad pretty cool. Other Redditors were not as amused as me with the job posting encryption.

Movies API

I am taking an Advanced JavaScript class at the local community college. To tell you the truth, this class sucks. I am just not learning JavaScript, let alone advanced JavaScript. Nevertheless, the final project seems interesting. We need to implement a movie rental system like Blockbuster or Redbox. The real coup is that we are using a movie API from Rotten Tomatoes (which is a brand of Flixster).

To use their API, you need to obatin a key. This is done by registering. You will get a long alphanumeric string that must accompany every API request you send over the web. You are limited to 10 calls a second, and 10k calls a day. But that is enough to play around with. I love that you can send in a query and get all this movie data.

The movie data is returned in a JSON format. That is really easy to parse with JavaScript and jQuery. Here is an example of the JSON file you get back. They also provide some sample JavaScript code. If you are going to use this service, I have a couple hints for you. The default query results set is 30. So if you send in a query and do not specify the number of movies, it will give you the details for up to 30 movies. It will also tell you how many movies in total match your query. You can control the amount of movies returned with a parameter. However they limit the amount to 50 max per request.

There are a lot of terms of service you need to abide by. But this is a great source of tons of movie data. Yee-haw. I know our final project for the college class is going to rock with this data source. Maybe I will post the link to our final project here. I know my friends want to take a look at my Redbox killer.

Universities Compromised

A group known as Team GhostShell has extracted a ton of student information from universities across the world. They even got to pretigious universities such as the ivy league schools in the USA. The hackers claim this was done to protest high university tuition rates. Not sure why they went after the personal information of students enrolled their though. Wouldn't you think they would target school officials or something?

Apparently the hackers used good old SQL injection to retrieve the data. Independent sources say as many as 36k student records were exposed. Some of the information was publicly available. However other data such as date of birth was also exposed. I checked out GhostShell's Twitter feed. They hit over 100 schools with their attack. I am now reminded that they shared their "findings" on PasteBin.

There is a Way

A developer called me up and asked whether I could access the database. I did a quick check. Nope. So I told him that I could not. Upon hearing that, the developer declared that there was no way to do his work. He then gave up. What? That can't be it. At the very least you got to tell someone else and have them resolve the problem.

I decided to do a little digging. The way I knew there was no database access was that I tried a "tnsping". That command checks to see if the database can be contacted. I got back an error that the target host or object does not exist. Now that might mean that the actual database was down. However I tried accessing the database from another machine and found that it was up and running.

So I dug a little deeper. We configure our workstations to use a tnsnames file to resolve database aliases. I ensured that we were using the configuration file that that DBAs set up. Then I made sure that file existed. So far so good. Finally I checked that our database alias was in that configuration file. It was.

Next I looked at the configuration data for our alias. The config file just translates the alias to a domain name and a port on that machine where the database listens. I tried a regular ping of the domain name of the server. Bamm. My machine could not resolve the domain name. Well I found out the IP address of our server. When I plugged that into a local copy of the config file, the door was opened. Full access to the database.

The problem must be some sort of Domain Name Server issue. Ping cannot resolve my well known domain name. Time to get the network guys involed. I don't even have to bother my DBA team.

Chess Cheating

Just read this story about a high school kid. He was good at chess. Then he went to some camp. After that, he started winning tournaments like a champ. He got to his state's final competition. This guy was spanking players well above his chess rating. What the heck was going on?

They interviewed one of his opponents. The opponent was some sort of kid grand master at chess. He said that when he played this high school kid, he was hanging on for dear life due to the aggressive onslaught of attacks on the chess board. How could a kid rise up in chess skill so fast. Well it turns out the boy was cheating.

The chess rules allow you to bring in a PDA to record your chess rules. You are only allowed to run a certain chess move recording program. That program has been certified as being able to take over the PDA and ensure no other programs (that might be used to cheat) are running. Turns out this kid was somehow able to get around it.

What should have been suspicious is a kid with just a good rating all of a sudden starts playing like he is Bobby Fischer. That just does not happen. They also interviewed some of this kid's previous coaches. They knew he was okay, but nothing like a Bobby Fischer. In fact, a past opponent had complained that it felt as if the dude was cheating. They just could not find any evidence of it before.

In the end, a judge was called into the state competition match, took possession of the PDA, and found a rogue program being run. Here is the funny part of the story. The kid said this was the first time he cheated. Yeah right. The moral of the story is to trust but verify.

Careful When Reverse Engineering

I was making some scheduling changes. This amounted to some crontab entry modifications. I do thing very rarely. It happens maybe once or twice a year at most. I took a look at the current settings. Needed to changes some tasks to run on Tuesday instead of Wednesday.

Now I don't know the crontab entry syntax by heart. When memorize that when you can look it up? At this point I also figured why look it up if you can reverse engineer it by looking at some entries. I saw some existing entries that run on Tuesdays. Then I saw some existing entries that run on Wednesdays. The first difference I noticed was that the Tuesday jobs started with a 0 on the crontab line, and the Wednesday jobs started with a 1.

I figured this was simple. Just change the first digit to a 1 and you move the job to Wednesdays. However I had a nagging feeling in my stomach. Why would they define Tuesday as 0? Shouldn't 0 represent the start of the week? That would make Sunday be represented by 0. Or if they were really weird, maybe Monday could be 0. But not Tuesday.

I decided to look up the cron docs. Oh snap. That first parameter is minute of the hour when the job is supposed to fire. Parameter number 5 on the line governs the day of the week when the job is kicked off. Good thing I did not rely too heavily on my weak reverse engineering skills. The moral of the story is to look stuff up unless it cannot be easily Googled.

The 10x Programmers

There is a myth that there exist some "ten times" programming. They can write code at ten times the productivity of normal programmers. They are rare. But it is said that they exist. Today I read a post that tried to debunk this myth.

Okay. Everyone is entitled to their opinion. Some guy produced an equation that looked complicated. Then he wrote a simple code snippet to solve the equation. The moral of the story was that problems that look hard are actually easy. The ten times programmer is really working on somthing easy.

I almost was fooled. Then I started reading the comments on the post. There were a lot of errors in the implementation of the code snippet to solve the problem. Oh snap. I guess this guy is not a ten times programmer. And it takes a ten times programmer to solve the tough equations. Bamm.

NSA Jobs for DEF CON People

The National Security Agency (NSA) is looking to hire some of the competant attendees of the DEF CON conference. They are particularly interested if you win any of the DEF CON competitions. I personally have never attended DEF CON. But I get the impression that you get a badge of honor if you do with a challenge. These must be some peeps with elite skills.

The NSA are doing some forward thinking here. They are trying to attract the people with th e right skills. They also understand that DEF CON hackers might have a shady past. Apparently that will not necessarily disqualify you from a job at the NSA. You just need to be a US citizin.

I would hope that having a government job at the NSA might pay higher than other government jobs. They probably do some interesting work for sure. Check out the NSA link.

Hacker School

I currently use the local community college to keep up with programming technology. But lately I have been considering alternative methods to learning. I've been keeping an eye on the so called hacker schools that seem to be popping up. Maybe it is time to try one of these out.

I was interested in the hacker school called Hacker School mostly because it is free of charge. However you need to attend in person in New York City. Don't think I can afford to be away from work for the two and a half months it takes to complete the training.

Bloc is a school that is new to me. It has the benefit of being online. I can enroll from the comfort of my own home. However the thing costs $3500 for the two month experience. In the big scheme of things, that is not a huge amount of money. But I don't think I can talk my employer into footing the bill from Bloc hacker school. LOL.

The school with the most buzz is Code Academy. It is the worst of all worlds though. You must attend in person at the Chicago campus. It also costs $6000 to attend. Those two strikes mean that I will most likely not attend. To see a tabular comparison of the different offerings, you can check out the following page on Bloc. I would take the stats with a grain of salt. It is hosted on Bloc after all. Still a good start.

eCommerce Hack Day Challenge

Dwolla and Etsy are teaming up to put on an eCommerce Hack Day. On Hacker News, someone asked WTF is that? Apparently it is a hackathon specific to the eCommerce industry. You can attend as a developer or designer. If you choose developer, a challenge is made to you. There is a puzzle in the source code for the Hack Day web site. Solve the challenge and you get free admission.

Oh I like a challenge. I am ignoring the fact that most hackathons are free. In fact, they usually try hard to recruit you. They should really be paying you. But all that aside, let's see what this challenge is about. Here is a comment I see in the HTML:

So you want to develop at EHD? Sweet. Now all you have to do is figure out how to make this code snippet work, and you'll get a personal invitation to EHD. $.ajax({ url: '/{010010010110110101000001010010000110000101100011011010110110010101110010 in ASCII}', data: { action: 'getCode' }, success: function(response) { } });

Okay. That long sequence is binary. They want me to convert this to ASCI, eh? I check and the number of digits are a multiple of 8. Great. Those are all bytes broken up into 8 bits. I translate the binary to decimal. Then I look up the decimal values on an ASCII chart. Now I have a secret password. Now what?

Ooops. Looks like I am not a web hacker (or an eCommerce hacker). Can't give up this soon though. Appears to be some type of AJAX call using a GET. Umm I don't know AJAX. That's some API to make things update on a web page. I try creating a web page with just that code and the secret password filled in. No luck. This is harder than it seems. It is also a call to beef up my web skills fast.

One final note. I initially heard about this challenge through an article on Beta Beat. To tell the truth, I don't know who they are. But shout out to Beta Beat anyway.

Mini vMac

I heard about a new Android app which emulates an old Mac Classic computer. The program is called Mini vMac. I decided to do some research on the project. Everything seems to have started back in the 1990s. Phillip Cummins created the vMac project. It was a Macintosh hardware emulator. A simpler version called the Mini vMac was created to emulate the Mac hardware.

Recently the Mini vMac for Android was released. It emulates the hardware for a Mac Plus computer. You got to supply the ROM image on a disk file. You also need to supply the actual Mac OS. This program is distributed for free under the GNU GPL. Upgrade to the Mini vMac II for $2. This upgrade emulates a Mac II. You can run 68k Mac apps on this paid version.

If you want to really go large, I hear the Basilish II is a more powerful Mac emulator. It emulates the 68040 Mac. This program can run up to the Mac OS 8.1. The Mac vMini only supports System 7. Then again the Mac vMini can be fun. There was plenty of shareware and freeware from the old days such as Core War, HyperCard, and Risk.

Flame Malware


I read this rant about some malware called Flame being lame. This article was served up by F-Secure. The more I read, the more I liked Flame. This is no weak one trick hack. They got all kinds of stuff in their program. They should. The footprint is apparently huge.

Flame does SSH and SSL. It also runs code written in Lua. Flame can scan the files on your hard drives such as Word documents. It then extracts snippets of those files to pass back to a human for review. That way they can hone in on the valuable files without having to transfer lots of data.

Not only does Flame transport back document snippets, it sticks them in a SQLLite database. Oh yeah. Flame also does some other tricks like turning on your microphone and recording you. It will use GPS info from camera images to figure out where you are in the world. Flame will connect to your Bluetooth phone to grab your address book off your phone.

Flame replicates it messaging data on your USB sticks. It detects when you detect the malware, and then tries to hide itself. Flame also intercepts and hacks Microsoft updates. The list goes on. Sure some of these techniques might have been used before. But Flame is the juggernaut.

Not sure what the hell F-Secure is talking about. Flame is not lame. It rules. It owns.Maybe F-Secure is embarassed that Flame was out there undetected for years. Heh.

PwnedList

I was going to write a post about passwords being hacked. As I tried to log into my Blogger account, I found that somebody changed my password on me. The irony! Luckily I had set up some methods to recover my account. Whew. Who know what was going on with my account.

I do software development for my company. Not involved in security for my firm. We somehow got our systems hacked. What was the response? Now we need to change our passwords frequently. Oh snap. Security fail. It is almost comical.

There was a cool service set up by some security folks. This is the PwnedList. They collect email addresses that have been compromised by hackers. Those addresses are fed into their databases. You can easily look up whether your own email has been hacked on their site.

Strangely enough, my own email was not listed as compromised. That just means nobody included my email and password in some data dump online. Good to know,.

Keylogger Comparisons

I was reading an article on how to use your GPU to crack passwords. There was an advertisement on that site for the "Top 10 Keyloggers of 2012". I could not help myself. I had to check out that list. Five different products were listed and compared. I wondered whether this site was just an advertisement for the product listed in the to position. I decided to do some research on the products listed.

Let's talk about cost. IamBigBrother comes in at the bottom for $29.99. Next is SpyAgent at $69.95. Then WebWatcher and Spector Pro go for $97.00 and $99.95 respectively. I did not consider Content Protect in any comparisons since it does not seem to really be a keylogger.

Next let's look at awards. WebWatcher and Spector Pro were PC Magazine editor's choices. I don't know whether the editor's choice award is worth anything. But I do know and somewhat trust PC Magazine. SpyAgent is allegedly ranked number 1 with KeyLogger.org. Sounds legit.

How about what I actually get, and what upgrades come with the product? Specto Pro claims unlimited upgrades. That just sounds suspicious. SpyAgent will ship you a CD-ROM, provide 1 year of free major upgrades, and free minor upgrades. That sounds like a very legit type of upgrade. WebWatcher had a shaky option of seeling you a 1 year reinstall capability for downloaded. It costs an extra %9.95. That's just a fail.

Spector Pro takes 5 minutes to install. SpyAgent claims to install in under 1 minutes. Advantage SpyAgent. SpyAgent also touts its help documentation and lifetime support. You can't count those nice extras out. IamBigBrother provides a free trial. Sounds good. I am almost tempted to try out a free trial myself.

Anatomy of a Keylogger

I read this insane article about how a hacker figured out the antics of a keylogger. You should read the whole account over on Spiderlabs. The main breakthrough was when he downloaded and ran the malware in a safe environment. This allowed him to track the rogue program connecting to an FTP server. He spied on the net traffic to discover the username and password the malware used to FTP things up to the owner's server.

That is when the real ownage began. He was able to log into the FTP server and search around. Further tracking involved finding out the license used for a commercial keylogging app, and typing that back to a real person's name. Oh this is so cool. This just goes to show you that when you have the right skills, you can figure all kinds of things out.

I am just curious why the guy did not play any tricks on the keylogger. If you got access to their site, you could reverse the roles and hijack the script kiddies.

Building a Bot

I have been surveying a bunch of iPhone apps recently. There goes my monthly data charges. Previously I had heard about this game Bejeweled. But I never tried it out until now. The thing is very fun. I have the version called Bejeweled Blitz. Recently I read a tutorial on how to build a bot to win at Bejeweled. Winning means scoring a whole lot of points I guess.

The first decision to make in building the bot is choice of language. Personally I would use C or C++. However the example bot I saw was built with AutoIt. This is a language from Microsoft for creating macros for automation. I think the syntax of AutoIt is kind of like Visual BASIC.

Once you have chosen a language, you need to be able to read Bejewled icons on the screen. Before that you got to figure out the coordinates of the upper right hand corner of the window. Then you must determine the spacing of the icons in the Bejeweled window. The smart breakthrough was to figure out the location on an icon you can test to determine its color.

So far we have been dealing with the easy stuff. Next you need to come up with some Artificial Intelligence to choose the best icons to swap in order to maximize Bejeweled profits. Personally I think you should first swap icons near the top of the screen to ensure the bottom opporunities do not get shifted. However if the bot is considering all possibilities, it should look for longer combos and perhaps double combos.

Bejeweled is so fun that I might just have to try writing a bot to play it for me. The easiest way to do this would probably be to get a version of Bejeweled running on my PC where I have better control of the environment.

Demoscene Alive and Well

I have been watching videos of some 2012 demoscene entries. A lot of them were great. However two of them really stole the show. In fact, they won their respective contests. These are 64kb entries. That is, the code fits in 64kb of memory. They do a lot with a little.

First up is Proton-K by Kewlers. They got a rocket flying out in outer space. The beginning could be a scene right out of Star Wars. I like how the camera rotates around the rocket, causing the light from the sun to be briefly eclipsed. There are some neat effects on the rocket's surface as some weird energy light balls pass through the rocket.

Next up is Gaia Machina by Approximate. I love the scene where the wind blows on the windmill and grass. Hot graphics to say the least. Some weird alien looking legs move through the nature scene. Then just when you thought you had seen it all, the strawberries light up. Freaky good.

Sometimes when I am creating an intro scene for one of my apps, I feel like I am a demoscene participant. I got to make a lot happen in a small amount of time with little code.

Wallhacks and Other Game Cheats

I read an intro article on hacking games via DirectX over at AltDevBlogADay. The essence of the techinques is to intercept the game calls to the DirectX API. Then you can substitute your own evil code in there. The most common of such hacks is the wallhack.

For the wallhack, you wait until a call is made to DirectX with the enemy's position. Then you literally draw a wall around them on the screen. I guess that traps the enemy in the wall. They can't get you or shoot you. Pwned.

Another hack you can do with an enemy location is to draw them a different color. For example, you could highlight all the bad guys in red. This will allow you to visually detect them easier, and shoot them up. Now doing things such as this might get you noticed. And if the game cops catch you, you might be banned. So you need to be sneaky. But that is a story for a future post.

Making Wordpress Fast

I read a detailed account on Ewan's blog on how to set up Worpress to handle 10M hits a day for minimal cost. Part of the instructions are installing software you need for any Wordpress setup: Ubuntu, MySQL, PHP, and Wordpress itself. What is the meat behind the speedup trick? Well it appears to be a combination of some products to accelerate Wordpress usage.

You want to have Nginx for high performance HTTP to start with. Then you add in Varnish, which is an HTTP accelerator. Varnish puts stuff in virtual memory and uses threads to speed things up. Then you add the W3 Total Cache plugin to Wordpress. It uses compression, and as the name implies, caching to really speed things up. It claims to increase the Wordpress throughput a massive 10 times.

One fact I found interesting was the use of Blitz to measure the speed gains. Blitz simulates a lot of users downloading pages from you web site. This all seems the domain of a skilled system adminstrator working on a shoestring budget.

Keygen Details

A rogue virus made it so that I needed to restore my computer to factory settings. I am still reinstalling all my apps. One of the apps kept complaining about a registration key. I ignored it for a while, but it was annoying. So I broke out a key generator.

The main thing of interest with the keygen is that it required me to put in my name. It appears the key is somehow tied to the name. Go figure. The authors of the key generator were able to detect this dependency and add it to their programs.

Can anyone decipher the foreign characters in the image I posted? I am assuming it means cool key generator.

No Laughs for LulzSec

Fox News has reported that five members of LulzSec have been arrested. They have been charged with conspiracy. The arrests include members who go by the code names Kayla, Topiary, Pwnsauce, Palladium, and Anarchaos. Not sure if these are the top dogs in LulzSec, or if this is the entire crew.

The breakthrough happened last year when LulzSec leader Sabu was arrested. His real name is Hector Mansegur. Apparently he has been cooperating with the FBI to arrange the sting on the rest of the members in the group. Now that these peeps are all behind bars, I wonder if the resources will turn toward capturing the greater Anonymous members.

404 Not Found Nginx

My laptop was seriously hijacked recently. Every time I did a Google search, clicking on search results sent me to some other random search site. I could not actually view the search results. When I tried to open the search result items in another tab, I got a page with a "404 Not Found Nginx" page.

I started to do some investigating. Another laptop using the same router as me was fine. This must have been local to my laptop. Then I checked out the hosts file. The thing is usually hidden. But I found some commands to make the file viewable and editable. Nope. That was not how they were intercepting the links.

I ran a bunch of antivirus and antispyware programs. None of them helped. Then I started to run other more agreesive removal programs. The last one made my computer unusable. I could not even restore back to a savepoint. Had to reset the thing to the factory defaults.

Not sure how these spammers took control of my browser. The same thing happened when I used the Chrome browser. I could not directly go to some other Google sites as well. I know these spam pages I was directed to would make some money for the perpatrators.

Flying People

How do you get people to fly around in the air above New York City? You create some remote control air planes that looks like humans. I was checking out some blog posts by Giles Bowkett when I saw this video. It is pretty freaky how real the planes look. I might have been disturbed if I were driving on the bridge while these "people" were flying above.

At first I thought this was just some guys with a wild side project. By the end of the video, I figured out this was some sort of promotional stunt for the movie Chronicle. That still did not take away from its awesomeness. In the middle of the vehicle I saw some type of octagon shaped vehicle floating in the sky. I wondered whether this device helped control the planes. Nope. Later I figured it must be some sort of aerial camera to shoot the planes and peoples' reactions.

FBI File on Steve Jobs

Now this is something you got to see. The people over at MuckRock have petitioned the FBI to share their files on Steve Jobs. Wouldn't you know it? The FBI had a file on him. It is back from 1991, when he was a potential candidate for a presidential appointment. So they had to do an investigation on Jobs' character.

They provide his place of birth (San Francisco), his date of birth (02/24/1955), as well as his social security number (549-94-3295). They even show his birth certificate number (55-075100). Apparently social security numbers of dead people are not closely guarded. They are actually shared to prevent identity theft of dead people. Go figure.

There were some funny tidbits in the FBI file. Jobs listed that he was never fired, or quit after being told he would be fired. Many people were interviewed as to the character of Jobs. some called him a "deceptive individual". Others stated that "his moral character was questionable".

You should head over to MuckRock yourself and check out the PDF of the files. Much personal information was redacted. But it is a very interesting read.

Lifestyle of Megaupload's Founder

There has been a lot of buzz about the takedown of Megaupload. Today I read up on the history of its founder Kim Schmitz. This guy has a lot of aliases. His handle is Kimble. He had his name legally changed to Kim Dotcom (LOL). He also had a passport with the name Kim Tim Jim Vestor (WTF?).

Kimble was a self proclaimed German hacker. He founder a security company called Data Protect. Kimble made some cash when he sold most of the company. He was convicted of insider trading when hyping then selling shares of another company.

Kimble is a big boy. He is 6 foot 4 or mote. He once produced a video called Kimble Goes to Monca. It hyped up his extravagant lifestyle with fast cars and hot women. Not all of Kimble's image is hype. He did create his Megacar luxury car system, which unfortunately did not sell well. He also formed a group of hackers to combat terrorism.

Kimble seemed to have got around a bit. He moved to Thailand for a while, where he created a bunch of companies. Most recently he tried to move to New Zealand. There were problems obtaining property. The country apparently does due diligence on its visitors. Let's circle back to the beginning. Megaupload actually made money with its premium download offering. Investigators estimate that since its beginning, the company has brought in $175M. That's no joke. It seems the guy is pretty much history now.

Pervert Hackers

I keep reading about this hacker dude who was able to spy on girls' video cameras. He somehow found a way to take over their computers and turn their web video cameras on. The bad boy caught girls stripping and pleasuring themselves and all kind of other goodies.

The cops got onto the perp when he started blackmailing his victims. He tried to get them to make sex videos for him or something. WTF? Dude should have just got his jollies spying the girls. He even said he was onto a new hack that would enable the video camera without the camera light coming on.

Instead the feds busted in and nabbed the guy with all his computer equipment. Turns out the dude was a victim of a drive by and ended up in a wheelchair. Didn't matter. The judge thew the book at him. Scum gotta pay, disabled or not.

Win 7 Internet Security 2012

I was browsing some web site when all of a sudden my computer got hijacked. There were all kinds of annoying pop ups and programs running. They all seemed to be related to "Win 7 Internet Security 2012". I knew something was fishy when I tried to used Internet Explorer and Chrome to visit Google. This malware stated that Google was a rogue site. LOL.

I could not run any programs such as Windows Explorer. The Win 7 Internet Security 2012 app would come up instead. This thing was throwing out all kinds of buzzwords. It said my computer got hacked. It also said I was a victim of identity theft. How did this thing get installed without me running a program?

I went on another computer and did some research. Apparently this malware intercepts browsers and any executables. There was a full set of instructions on how to remove this evil malware over at Bleeping Computer.

The manual removal instructions seem to have done the trick. Right now I am running a full virus scan with Malware Bytes Anti-Malware. A quick scan already found some probs with my laptop.