samadhisoft.com

The details of about 500,000 online bank accounts and credit and debit cards have been stolen by a virus described as “one of the most advanced pieces of crimeware ever created”.

The Sinowal trojan has been tracked by RSA, which helps to secure networks in Fortune 500 companies.

RSA said the trojan virus has infected computers all over the planet.

“The effect has been really global with over 2000 domains compromised,” said Sean Brady of RSA’s security division.

He told the BBC: “This is a serious incident on a very noticeable scale and we have seen an increase in the number of trojans and their variants, particularly in the States and Canada.”

The RSA’s Fraud Action Research Lab said it first detected the Windows Sinowal trojan in Feb 2006.

Since then, Mr Brady said, more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia and Poland.

Security companies recommend that PC owners keep anti-virus programs up to date and regularly scan their machine for malicious software.

The lab said no Russian accounts were hit by Sinowal.

“Drive-by downloads”

RSA described Sinowal as “one of the most serious threats to anyone with an internet connection” because it works behind the scenes using a common infection method known as “drive-by downloads”.”

Users can get infected without knowing if they visit a website that has been booby-trapped with the Sinowal malicious code.

More…

Back on September 18th, 2008, I wrote a piece about a run-in I’d had with David Latimer of the Mesothelioma & Asbestos Awareness Center.   The piece is here: 

The piece itself, and the comments about it, makes for interesting reading so I won’t go into any of the specifics here.  But, I do encourage you to go and have a look.

After the initial burst of comments and E-mail about the original piece, I didn’t think much more about it.

But the other day, more than a month later, as I was looking through my Internet Logs to see where my traffic was coming from, I noticed a really odd pattern.   The second most visited page on my Blog was the piece on the Mesothelioma & Asbestos Awareness Center.

It made me curious why this piece should be so popular so I went digging and was surprised to find that all of the visits to this page on my Blog were coming from IP addresses in the range of 84.109.*.*    For example, one visit might come from 84.109.121.176 while the next might come from 84.109.104.179.   But all of them are coming from addresses that begin with 84.109.

Addresses on the Internet are often owned in ranges or blocks like this. I traced a dozen or more these addresses variations back to their source and they were ALL coming from a single Internet Service Provider (ISP) in Israel.   The ISP is www.bezeqint.net which is located at:

Bezeq International Ltd.
40 Hashacham street, Ramat-Siv
PO Box 7097
49170 Petach Tikva
Israel

When one of the ISP’s customers requests access to the Internet, the IPS issues them one of the IP addresses from the block the ISP owns.   This is why each time someone shows up on my Blog from Bezeq, they have a slightly different IP address.

So, what does it all mean?   Well, most probably Bezeq, the Israeli company, has a customer that has some sort of a deep and persistent interest in the Mesothelioma & Asbestos Awareness Center web page on my Samadhisoft Blog. 

The question. of course, is why is this person so interested?

If you look at the pattern of their visits, it is puzzling what they are doing.   Check this out.  These are all the visits today and yesterday.   All of these came from one of the Bezeq ISP company’s IP addresses:

081102 - 12:23:07 - 01m09s - 2 reloads
081102 - 10:13:52 - 00m50s - 2 reloads
081102 - 09:09:26 - 00m31s - 2 reloads
081102 - 08:50:40 - 00m42s - 2 reloads
081102 - 08:42:55 - 00m??s - 0 reloads (*)
081102 - 08:07:49 - 00m19s - 1 reload
081102 - 08:07:30 - 01m11s - 1 reload
081102 - 07:21:11 - 00m??s - 0 reloads
081101 - 15:59:50 - 00m??s - 0 reloads
081101 - 15:33:59 - 00m48s - 1 reload
081101 - 15:33:19 - 00m52s - 2 reloads
081101 - 15:32:51 - 00m27s - 1 reload
081101 - 15:31:44 - 00m??s - 0 reloads
081101 - 13:49:21 - 00m54s - 2 reloads
081101 - 13:28:56 - 00m26s - 1 reload
081101 - 12:10:32 - 00m51s - 2 reloads
081101 - 09:58:08 - 00m??s - 0 reloads
081101 - 09:14:21 - 00m57s - 2 reloads
081101 - 08:46:52 - 00m47s - 2 reloads
081101 - 08:33:04 - 00m42s - 2 reloads
081101 - 08:04:06 - 00m42s - 2 reloads
081101 - 08:02:37 - 00m35s - 2 reloads
081101 - 07:54:22 - 00m34s - 2 reloads
081101 - 07:03:39 - 00m??s - 0 reloads

- At least one of these visits (*) came through a proxy server based in Saudi Arabia. though its original IP address was still shown as 84.109.*.*.

The way to read the list above is like so:   If the line says

081101 - 08:02:37 - 00m35s - 2 reloads

It means that on 2008, November, 1st @ 8:02:37 I had a visit to my page that was 35 sec long and the Mesothelioma page was reloaded by the viewer twice.

It is an odd pattern, no doubt.   They come in directly to the Mesothelioma page again and again and stay anywhere from 30 seconds to a little over a minute and then depart.  They may or may not reload the page once or twice during their visit.  Yesterday, November 1st, they visited the Mesothelioma page like this 16 times.  Today, they had made eight visits by midday.

Perhaps, they are visiting the page to make it look popular?   Perhaps, but it makes no sense to me because the only folks who would care are the Mesothelioma lawyers and this page is very likely more of a liability that an asset to them.

The only other reason I can think why someone would be visiting it so much is if they are trying to work out how to attack the page and take it down because it is a problem for someone.

I don’t know - it is all a mystery.   But, something a bit stinky and mysterious is going on.   Stay tuned, I’ll post more if I learn anything more.

Over 95 Percent of Comments Filed at Agency Demand a Free and Open Internet

WASHINGTON - JULY 17 - Tens of thousands of public comments supporting Net Neutrality flooded the Federal Communications Commission before the close of the agency’s official inquiry yesterday. In a landslide, well over 95 percent of the comments called for rules that prohibit phone and cable companies from discriminating against Web sites or services.

People from different backgrounds, living in every corner of the country, demand this basic Internet freedom. Internet users from all 435 congressional districts used SavetheInternet.com’s online tools to send personal messages to the FCC.

“I am living the American dream because of Network Neutrality — my games have been used in thousands of schools all over the world,” says Karen Chun, a single mother and owner of a successful online educational games business. “Without Net Neutrality, my little Web site would have been consigned to oblivion because I wouldn’t have been able to pay the fees the ISPs want to charge.”

Net Neutrality supporters include a broad range of small business owners, students, churchgoers, bloggers, political candidates, educators and activists who say that protecting Net Neutrality is fundamental to their family life, work and interests.

“In rural America, the Internet is very important in staying informed,” wrote Charles and Carol Swigart of Huntingdon, Pa. “We read several national newspapers every day to get the news our local paper does not thoroughly cover. All persons who publish on the Internet should have an equal opportunity to have their voices heard.”

Kelly Jones of Portland, Ore., told the FCC that “corporations are not, and have never been, qualified as gatekeepers to American communication and growth. If the FCC believes in true democracy, it must ensure that broadband providers do not block, interfere with or discriminate against any lawful Internet traffic based on its ownership, source or destination.”

Sens. Byron Dorgan (D-N.D.) and Olympia Snowe (R-Maine) — co-sponsors of the bipartisan “Internet Freedom Preservation Act” — sent a letter to FCC Chairman Kevin Martin urging the FCC to reinstate Net Neutrality rules.

“We see that thousands of people have submitted comments describing how a free and open Internet benefits consumers and telling you the discriminatory practices planned by their Internet service providers would substantially harm their online experience,” Dorgan and Snowe wrote the chairman. “We hope you take note of these thousands of public comments\nurging you to protect Internet freedom.”

In 2005, the FCC removed the rules that had guaranteed Net Neutrality since the Internet’s inception. The heads of the biggest phone and cable companies have repeatedly stated plans to discriminate against Web sites that don’t pay extra fees to get higher quality service and faster speeds.

More than 1.6 million people and 850 groups from across the political spectrum have called for the FCC and Congress to reinstate Net Neutrality.

The Commission opened its Net Neutrality inquiry in March, asking for comment on why a neutral Internet is important; how phone and cable company efforts to discriminate against content online affect everyday lives; and whether the agency should enforce rules that would prohibit such discrimination.

“Once again, the public has sent a clear mandate to Washington: Protect Net Neutrality,” said Timothy Karr\, campaign director of Free Press, the group that coordinates the SavetheInternet.com Coalition. "Internet users want competitive and affordable services. They don’t want phone and cable companies to manipulate the free flow of information and distort the Web’s level playing field. Now, the FCC must heed demands from people of every walk of life and enforce full Net Neutrality.”

- To the original at CommonDreams.org:

- I wrote earlier on this subject here: &

- And Bill Moyers did a wonderful piece here on press freedom and net neutrality:

- Thx to Michael M. for directing me to this piece.

- I’ve often wondered why Spam is such a problem. If you polled the computer using public, I have no doubt that 80% plus would say it is a big problem and something should be done. So, it is a non-partisan issue. And yet, and yet, nothing gets done.

- And many Spam ads can be tracked back to someone. If they are selling insurance, sex pills, prostitution or real estate, there has to be a track back pathway so interested customers can find the spammer and reward them with a purchase.

- Like many things in our society, nothing gets done if there’s no profit in doing it. Or, nothing gets done if the ones doing the bad deeds have big bucks on the line and can lobby against or obfuscate the issue. I know I’m getting to be like a broken record on this issue but societies need to preserve and use their power to limit business/profit making interests when necessary for the good of the people in that society.

- So, the next time your mail box is full of Spam, ask yourself why such a huge non-partisan issue is not being dealt with here in the US.

- This article is about an effort France is mounting to try to control Spam. I wish them luck but it is such an international issue that I think they will simply succeed in driving their spammers offshore to pester them from there.

————————————–

On Thursday, the French government launched “Signal Spam”, an anti-spam platform created in association with public entities and private companies, such as Microsoft. Internet users will be able to report spam messages by mailing them to this platform which will act as a centralised monitor of spamming activities. The platform will generate a blacklist and help initiate prosecutions against spammers.

“Signal Spam” acts as a spam repository or notification platform. There are two ways to report spam. First, the internet user can copy and paste the spam in an online form on the website of “Signal Spam”. Second, any (French-speaking) internet user can register with the platform and install a plug-in compatible with the following mail clients: Microsoft Outlook 2003 and 2007 (the user will need to install “Microsoft Visual Studio 2005” and “Redistributable Primary Interop Assemblies”) and Mozilla Thunderbird 2.0. Once installed, the plug-in allows users to notify spam to the platform by using the dedicated icon in their mail client. “Signal Spam” will then analyse the message, and if its spam status is confirmed, will then blacklist the e-mail and IP address of the sender. According to Rasle , the tool was developed by John Graham-Cunning , an internationally recognised expert who has created the open source POPFile email filtering program.

“Signal Spam” will also be able to contact users and transmit information to authorities such the French data protection authority, the Commission nationale de l’informatique et des libertés or CNIL, and the Police in order to initiate prosecutions. Data will also be shared with Internet Service Providers (ISPs) to help them in their anti-spam efforts.

More…

A friend of mine recently asked for some advice on how to start a Blog and so I thought I’d write a piece on the subject.

You’ll find it here:

This is how, by the way, this Blog is done.

Enjoy!

For my New Zealand friends who read this site, I recommend you take a look at the following posting from one of your best and brightest.

Rod Drury has written a paper entitled, “Securing our Digital Trade Routes” and it makes some strong and appropriate suggestions with regard to what New Zealand should do about reforming its telecommunications structure - if it doesn’t want to get left at the back of the pack with the third-world nations.

I highly recommend it.

Here’s the link to his post and the paper:

I report some of the spam I receive - especially any connected with the banks I use. Today, I wanted to report one which originated from a yahoo E-mail address and I didn’t know where to report it to. In the course of trying to find out, I discovered a great web site which has compiled a ton of E-mail addresses to which you can report many kinds of spam. I suggest you bookmark it - it is a great resource.

http://spamlinks.net/track-report-addresses.htm

And, since we’re on the topic of Spam, isn’t it amazing that you could ask virtually anyone who spends time on the Internet if they think Spam should be outlawed and they would say ‘Yes’. And yet, and yet, we apparently have no effective laws and prosecution against it. Our national representatives find time to slip in every pork-barrel measure they can but, as a group, they cannot unite against an annoyance that 99% of their constituants would like to see banned. It really makes you wonder.

I wrote a series of articles (here: , , & ) while I was in New Zealand about the hassles I had with Telecom, the NZ company that has a monopoly on the country’s Internet infrastructure and which has that structure pretty tangled up.

I had problems from day one with their Go Large service. Skype wouldn’t work there without the voice stream being so chopped up that it was unusable and my DSL line would drop me repeatedly every 10 minutes or so and then automatically reconnect me. After two weeks or so of major pain, I found a work-around (I had to slow my modem/router down by half so the DSL equipment in their exchange wouldn’t drop me). I never did get Skype to work well. After a month and a half, Telecom finally fixed my DSL drops problem and I could boost my modem/router speed back up to nominal. Skype was a disaster the whole time and probably still is.

A lot of people complained and Telecom was polite when you talked to them but glacial in terms of actually doing or admitting anything. Well, the other shoe’s finally dropped as you see in the following article:

————————————————–

Telecom forced to refund broadband customers

Broadband users on Telecom’s Go Large service are in line to receive a refund of at least $130.

Telecom has announced today they are crediting customers of the service for monthly plan charges incurred since last December because of a problem with the management of customer downloads under the plan.

More…

Do you have a router in your home network? Many people do because they’ve either bought one at the store or, when they’ve gotten DSL installed, the installing company gave or sold them one. If you do, you should read the following.

I’m going to cut to the bottom line here for those who just want the beef without all the trimmings. If you have a router in your system and you haven’t changed its default from-the-factory password and you pass secret data over the Internet (things like bank account passwords), then you are taking a big risk!

Here’s why: If you visit a website wherein someone has installed malicious JavaScript code, this code will execute invisibly on your system - you won’t see a thing. And you just have to merely visit the web site - nothing else - no opening of files, no clicking of links or anything else - you just looked at it and then left. If you visit such a web site, you’ll never even know that this JavaScript code executed. And, if you visit such a site and your router’s password is still the factory default, you could be toast.

The JavaScript that invisibly executes will reach through your local network into your router (it gets into the router because it knows the password) and reprogram it so that it uses a different DNS server than the one you should be using. This kind of an attack is called Pharming.

Well, so what does that mean to you in plain English? DNS servers on the Internet are responsible for translating web site names like www.citibank.com into IP addresses like 123.456.789.123. These IP addresses are how each computer on the Internet is uniquely identified and differentiated from all of the rest. When you type in ‘www.citibank.com’, your system asks a trusted DNS server out on the Internet to translate it into an IP address and then once it has that address, it begins to chat with that computer. Getting the right number back from a trusted DNS server is critically important because it is your guarantee that you are really talking to the computer you think you are.

- What the hackers do is they change the identity of the DNS server in your router so the next time you need a web site name translated to an IP address, you unwittingly go to their DNS server system rather that the trusted one you’ve been using. Most of the time, this bogus DNS server will give you back good accurate data because it is biding its time. But, when you type in a specific web site name like www.bankofamerica.com, it recognizes it and the IP address number it returns to you is not the one for Bank of America but rather a number that takes you to their computer which is all setup to pretend to be a Bank of America computer system. Their computer will look exactly like the real Bank of America system and you will type in the passwords that give you access to your accounts and BAM, they will have them. I think you can work out what might happen next.

This kind of an attack is called Pharming and it is fairly new.

So CHANGE THE DEFAULT PASSWORD ON YOUR ROUTER and save yourself some grief. If you do on-line banking and you don’t, sooner or later you are going to chance across one of these dangerous web sites and you’ll never even know it until your bank account’s are cleared out.

Here are links to two on-line articles on this subject: &

And, in case you are less than computer literate, here’s a link that takes you to an explanation of what a router is and what a DNS Server does

Oh, and one other important point. If you do change your router’s password, change it to something that isn’t easy to guess and that you’ll remember. You may need to get into your router for something else in the future and you’ll feel pretty silly if you are blocked by your own forgotten password.   But, maybe safe and silly is better than not-silly and … broke .

<miss manners rant on>

I get a lot of E-mail from friends and sometimes my correspondents will copy a whole bunch of us at once. Well, in many cases, when I see this, I cringe because they are committing a huge faux pas - which I know they are unaware of.

Consider these two E-mail headers:

To: jim@abc.com; mary@xyz.com; john@123.com
Cc: marty@yahoo.com; Ollie@hotmail.com
Bcc:
Subject: bad E-mail security

-and-

To: dennis@samadhisoft.com
Cc:
Bcc: jim@abc.com; mary@xyz.com; john@123.com; marty@yahoo.com; Ollie@hotmail.com
Subject: good E-mail security

In the first header, the sender is unwittingly sharing the E-mail address of every person he’s written to with everyone else on the list. Now, in the early days of E-mail, no one would have cared much. But now, privacy has become a real issue in all of our lives. I sometimes get E-mails with the addresses of dozens and dozens of people I don’t know this way. People whose E-mail addresses I really have no business having or knowing unless they care to share them with me.

Lucky for us, our E-mail programs have a way to allow us to send E-mails to many people at once without making all of their E-mail addresses public to all of the others. It is called the Bcc field where ‘Bcc’ means ‘Blind Carbon Copy‘. In the second header, above, I’ve sent my five E-mails to the same five people but now when they receive them, none of them will be able to see the other’s E-mail addresses. All they will know is that they received a copy of an E-mail I apparently sent to myself.

This can be useful in another way too. Consider the following E-mail header:

To: myboss@bigcorp.com
Cc: personel@bigcorp.com
Bcc: max@bigcorp.com
Subject: cubicals are evil

So, here I’ve written a letter to my boss and I’ve copied it to personel as a cover-my-ass move. But, in addition, I want to fill my friend, Max, in on what’s going on but I don’t want anyone else to know that Max is in the loop. In this case, Max will get a copy of the E-mail and no one else will be the wiser.

Now, sometimes the Bcc option is not displayed for you when you are writing an E-mail. It’s there, you just have to find out how to make it visible. In Microsoft’s Outlook E-mail program, when you are writing an E-mail and you have the new E-mail open on the screen, pull down the View Menu and you should find a menu item called ‘Bcc field’. Put a check mark in front of it to turn the Bcc field on.

<miss manners rant off>