Saturday, January 28, 2012

Solving the DSL<-->WiFi<-->Nook<-->In-Laws Equation

The Valca home is and has been an Amazon Kindle only zone for some time now; thank you very much.

So last year Lavie decided that the E Ink keyboard one (of two) that we had was a bit uncomfortable for her (and not back-lit). She decided to move over to a B&N NOOK Color model. This was in the pre Kindle Fire days so I guess we could tolerate its presence.

The Nook Color served her well enough but when the Kindle Fire came out she had to swing back. It finally arrived last week as a back-ordered Christmas present.

Fortunately, she hadn’t purchased very many books for the Nook so we didn’t deal with trying to see if there were any options for porting her books over to the Kindle. It was an opportunity for a fresh start.

So, she passed her Nook on to her parents a few weeks ago and they loved lot. A lot.

They are on a DSL broadband service, and have a wired XP desktop system. One cable to rule all Internet service. No WiFi except when we stop in for an extended visit and I bring my D-Link DAP-1350 Wireless N pocket router and take over their single network connection for the weekend. Nice but not a permanent WiFi solution.

I suppose we could have just taught them to connect the Nook Color to their desktop via USB and manage it directly but it seemed time to add a WiFi router to their humble network and just do it right.

So that was this Saturday’s “honey-do” and this post is the process we had to go through to upgrade their DSL network and get the hand-me-down Nook color fully transferred over and set up for them.

First Part of the Equation: DSL<-->WiFi

First I picked up a WiFi router. I went with what has become my perennial favorite: DIR-655 Xtreme N Gigabit Router from D-Link 

I’ve had this unit personally for a number of years and is rock solid, has both the “N” and older wireless standards, has a rockin-long range, and is super-easy for configuration. The power was important in this case as the location of their DSL modem is on a second floor above-garage room pretty far away from their usual living areas. The signal will carry all the way downstairs and up. Check. And since it is the model I also own and maintain, I know and am comfortable mucking around in the settings. Makes providing extended support much simpler when a problem arises.

Typically I’ve been able to get away with just unbox, connect, run-wizard from CD config, then go and make some manual setting tweaks afterwards. However, this 2-wire DSL modem was a real headache. I could set up the internal network and WiFi perfectly. Just couldn’t get to the Internet through the DSL modem. Plugged the DSL modem Ethernet back to the PC and it was working, reconnect to the DIR-655 and it wouldn’t'.

Long story short, I eventually figured out that for their particular hardware and provider, I had to do a few more custom tricks.

I had to set the Internet Connection Type to PPPoE and enter their DSL username/password. (I got that from their email client settings.)  D-Link has a nice Emulator for this router to play around with: D-Link DIR-655 RevB Emulator

Then I had to go into the Network Settings and change the router IP Address to use 192.168.1.1 from the default IP address of 192.168.0.1   Turns out that the default IP address was conflicting with the internal Ethernet-facing IP address provided by the DSL router. This was the real trick.

Once I got the network stabilized, I tested the configuration survivability by powering off both the DSL modem and the D-Link (to simulate a power-failure), then powered them back and and made sure the PC could get to the Internet. Check.

This one was actually a DIR-655 RevB model so I then saved my configuration file, downloaded the latest firmware and ran an upgrade. Success. Naturally it lost all of my settings, so I had to upload my saved config file and it was back to normal. Yea me!

More helpful notes I had to find to work out that issue:

So now I had taken care of the DSL<-->WiFi router part of the equation. Next the Nook.

Second Part of the Equation: Nook<-->In-Laws

This actually was almost harder than getting the router added.

Because the Nook was a hand-me-down, Lavie had it configured with our WiFi settings, her name, and the account information. She said she didn’t mind if her parents just kept it that way and we just change the billing information on the account. However, she had followed bad password security and used the same information she has used on several other of her on-line accounts. I needed to break that clean.

The rub was that Lavie had already purchased some books for her dad under her Nook account and I didn’t want to loose them. What I wanted to do was to figure out if/how I could transfer the B&N account she had set up over to them and remove Lavie’s information and add-in theirs.

Here’s what I had to figure out doing to keep the original Nook account (and purchased items) but swing it fully over to the in-laws “clean”. Note this was a serious trial-n-error process that took almost two-hours longer than it should have (by my reasoning). This is the “clean” version and from what I later read on the web, seems to be the only way currently I know of to “transfer” a nook from one email/owner to another one while preserving the purchased items.

Note: Lavie didn’t have any files or items on her Nook that were not already associated in her Nook account (like manually installed music/videos/pictures/stuff) so I didn’t have to deal with the loss of those in this process. If you have those on your nook and want to preserve them, you probably want to off-load/copy them to your PC first before beginning this process. Again, this assumes everything you want to keep is safe and and associated in the B&N account you will be restoring from. YMMV. So you were cautioned, so you were warned.

  1. Take your Nook (the one you want to change the owner name/email account info on) and go into the settings and find the option to Unregister/Erase your Nook. Do this first. Really. BEFORE you do ANYTHING ELSE. It sounds serious and I guess it is, but that’s how the Nook rolls.
  2. Once your Nook is reset, log into your B&N account from the BN.com page. If you can find the login link on the page. Seriously. I was using Chrome and it took me ten minutes to realize that tiny gray bar (which perfectly matches the address bar gradient and bookmark text in Chrome at the very top of the page) with the tiny text is the login location. Sheesh. Hey B&N. Can you make it a bit more obvious please?
    vhpdjerp.ve1
  3. Now change your name in the account. I changed it over from Lavie’s name to the in-law’s.
  4. Change to your new email address in the account. Changed from Lavie’s to the in-law’s.
  5. Change the password if you desire…I did so desire and changed to a complex full 15-character (most allowed by B&N) password.
  6. Change the Shipping/Billing addresses as needed. Now set to the in-law’s.
  7. Change your secret challenge question if needed. Selected and changed as picked by the in-law.
  8. Update the associated credit card information. Definitely the in-law’s here!
  9. Etc.
  10. Once all the account information is updated to the way you want it and saved, make sure you can successfully log-in/out of the account. Good? Great.
  11. Next fire up the now reset Nook and go through the setup process from scratch.
  12. Accept the Terms of Service.
  13. Set the Time Zone.
  14. Connect to a WiFi network. It found the WiFi network I had earlier got working, I fed it the secure passphrase and it connected perfectly and strongly.
  15. Register the Nook. (I passed it the updated email address from above and the new password.)
  16. It Registered and identified perfectly as the in-law’s nook now.
  17. Yea me!
  18. We went to the Library and told it to refresh and all the books previously associated with the account flowed back down and “installed” without any issue.
  19. I then went to the applications and downloaded the waiting previously purchased/associated apps. Perfect!
  20. The Nook was now fully theirs.

Equation Solved: DSL<-->WiFi<-->Nook<-->In-Laws

We spent another hour or so going though the list of free NOOK Books at Barnes & Noble. We found a good selection of mystery and history classics to keep them both occupied for the next couple of months. Pop also found a good old-west history book to purchase as well. It was good training process and confirmed the purchase/credit-card association with the account worked.

Mission accomplished, five hours (and one super-awesome BBQ baked-potato for lunch) later, the equation was solutioned.

Additional Notes:

  • Daughter hovering over your shoulder on the back of the couch while you have your laptop and the Nook balanced on your lap troubleshooting. Like a vulture lurking. Not helpful.
  • Daughter making organic microwave popcorn and snuggling up munching away while you have your laptop and the Nook balanced on your lap troubleshooting. Also not helpful.
  • Daughter not asking once to borrow your laptop to check out the WiFi and Facebook while you are troubleshooting. Very helpful and appreciated.
  • Sense of patience and humor from all participants; self, daughter, in-laws. Very helpful.
  • Extended road-trip to in-laws up and back with daughter on beautifully clear and cool day through the east-Texas pines lined country roads. Priceless.

Final thoughts.

Lavie had successfully set up her Kindle Fire just fine by herself (thank-you-very-much) so I didn’t get to participate in that except for applying a smokin-hot DecalGirl skin she had picked out for her Kindle (my hands are super-steady for such things). She had also picked up screen protector but turns out that it is a full edge-to-edge cover which would cause issues with the DecalGirl skin on the front (which frames the blacked-out display edge portion). I suggested trimming it down so it fits inside the DecalGirl border but she passed on that for now…so it remains uninstalled at the moment.

Alvis and I both have the WiFi-only version of the E Ink Kindle model and we love them. Light, super-durable, and the charge lasts a long time.

Last night Lavie did ask me to copy some songs from her iTunes playlist to the Kindle Color. You can do it a few ways, apparently most popular is to upload music from your PC/Laptop to the Amazon Cloud Player service. What I ended up doing was to connect Lavie’s Kindle Fire directly to my PC (which holds our iTunes library) via USB, then opened iTunes, opened her play-list, sorted it by album, then I selected a song, hit the three key-combo “Ctrl-Shift-R” which opened up the location of the file itself on the library, selected any additional songs in her playlist from that album, copied, then pasted them in the Music folder on her Fire. Repeat as needed.  It was a bit slower but got the job done. All of them appeared to be in the compatible .m4a format and I didn’t find any .m4p that would not have been supported.

She was jammin…though I left her to work out creating a new playlist from those songs directly from within the Kindle itself.

Adding photos/videos would be the same process, locate on your PC, drag/drop into the correct folder on the Kindle when it is attached via USB and shows as an external storage device. Piece-o-cake.

Based on the (admittedly still limited) time I spent on both the Nook Color and the Kindle Fire, I found the Kindle Fire was more to my liking. I could navigate around the Nook Color and it was pretty intuitive (never did get around to reading any manuals on either one) but I did like the “hand-feel” of the Kindle Fire better. And the navigation just subjectively felt better to me on the Kindle Fire than the Nook.

Since I am (for now) a hard-core Kindle E Ink format lover, the extra bells-n-whistles of the Kindle Fire haven’t captured my eye yet, so I cannot comment on app-support and performance of videos/games/applications between the Nook Color and Kindle Fire.

The other think I noticed while helping set up the in-law’s Nook was the apparent lack of easily found free E Books directly within the B&N Nook store. Searching for E-books at B&N was a super-pain as well. In the end I had to do a Google Search to find this “all-in-one-place” location for Free NOOK Books.

When I first got my Kindle, right on the Amazon Kindle pages I found this Amazon.com: Free Book Collections: Kindle Store link. In no time flat I had downloaded almost twenty amazingly awesome classics from literature, philosophy, religion, and reference. All free. I’ve since moved on and expanded my collection to include many additional eBooks I’ve found scattered on the net including some great ones in PDF formats and I have made a number of eBook purchases for the Kindle as well. That smooth and awesome experience jumping into the Kindle right-out-of-the-box probably helped solidify my personal leanings towards the Kindle platform. I’m sure there are lots of additional Nook-compatible ebook formats and ways you can get them to your Nook, but for the in-laws, having in-store access to locate and select-to-download-direct to their Nook has a lot of appeal.

I’ve got a lot of great Kindle resource links saved and building for a GSD Kindle post…along with some cool technical and for/sec bits related to the device I have found as well. Hopefully that will come soon.

Anyway, hope this helps someone else trying to get their DSL <-->WiFi<-->Nook<-->In-Laws equation to balance out and solution properly.  Now I remember why I found Calculus so challenging. It was a real love/hate relationship and this turned out to be very much the same.

Cheers!

--Claus V.

Posted by Claus at Saturday, January 28, 2012 3 comments
Labels: , , , , , , ,

Sunday, January 22, 2012

The GSD Curmudgeon says “Get off my Yard you Dang Kids!”

Sigh. I’m getting old.

I recently read a post at ReadWriteWeb by Scott Fulton, III Mozilla's Plan for Keeping Firefox Relevant in a Post-Browser Web.

That day I became dangerously close to becoming the old technologist guy equivalent of the “You kids get off my lawn!” guy we all probably know.

What is Mozilla doing to my beloved Firefox of the near and dear “future”?

  • HTML5 runtime functionally support (for driving in-browser, non system proprietary, web-apps).
  • Extending cloud-based services.
  • An on-line identity management system called “BrowserID”. (How it works)
  • and more stuff imagined and planned.

That left me grumbly then John Paul Titlow at ReadWriteWeb posted this Mozilla: We're About to Grab More Data About You, But Here's How We'll Keep It Safe.

Mozilla has some big plans up its sleeve in 2012. The non-profit open source foundation is planning some features for its Firefox Web browser and beyond that will require greater access to user data. In a blog post, the organization explains exactly how it intends to use and handle that data. In short, very carefully.

The blog post John Paul references is up at Mozilla Privacy Blog: Mozilla to Offer New User-Centric Services in 2012.

While I recognize and appreciate the very challenging work that browser developers have (not just at Mozilla), I think I’m grumbly for two primary reasons here with Mozilla.

First, I was a very early adopter of Firefox. It was quicker than IE. It was slimmer (memory and feature bloat) than IE. It was more secure than IE. And I could plug all kinds of things into it (Add-Ons/Extensions) to customize it with only those features and capabilities that helped make my experience on the Web better. If I didn’t need it, I didn’t' install it and thus kept the Firefox browser lean and mean.

I really do “get it” with the coming exciting wave of “web-based apps” and running them in your browser and the security it will now bring (think JavaScript/Flash). It’s the next “big” evolutionary shift for the Internet. Really. Who of us really still think of the Internet as being just a super-large reference library and world-wide town-square/market anymore? It’s now a world-wide commercial mall and entertainment center. Really. Oh sure, you can still go down that wing none of the hip kids hang out at and find the pubs where the old-timers hang out, a few plain coffee-bars where the wanna-be journalist “bloggers” hang out and trade stories of yore, and maybe go into that virtual bookstore of arcane knowledge and technical minutia that some of us still love. But really. None of the cool companies and consumers come down this way. They demand different things. Better things. A new paradigm of interaction and operation.

Sigh.

So the browser needs to change to keep up. Bigger, more embedded features. Probably faster. Probably louder too with base-boost and kickers. Hopefully the security alarm on it will be better too.

Secondly, my bones ache every time a new ID management system comes out that gets closer to being a cloud-based requirement. I know, it’s for my own good their doing it. Really. I’m so much safer having more and more of my user data off-loaded to the Webs and Clouds. Clearly the higher and higher it goes away from me the safer and safer and harder and harder it must be for the underground dwellers to grab it. Right? What? Oh, I have to just “trust” everyone “out-there” with my user data and All-In-One credentials and stuff. I’m sure everyone will be honorable and diligent in keeping my account and passwords and user data safe and secure. Nobody ever gets their customer’s account/password information lost to hackers, or on a laptop, or on a USB stick anymore, or via a network traffic hack. Right? That was just in the “old-days”. These new solutions are really, really safer.

I get it. I do. And I appreciate everyone working so hard to keep Firefox and my web experience so much more safe, more secure, and more powerful than ever before. I appreciate modern AC over running a fan past a block of ice to cool my house. Really. And who doesn’t like the convenience of a cellular smart-phone over a plain-old copper analog line service wired into your house?

My browser is growing up, and the world it is living is changing as fast as it is.

Sigh.

I still use (and probably will) Firefox as my personal “production” web-browser of choice. It works for me and my way of being productive.  That said, when I’m surfing the web, give me Chrome. I guess I have to still drive the daily commuter into work and back, but yeah, on the weekends I like to pull out the latest sports car for tooling around the highways and byways and back roads.

You know, I was a very early adopter of Chrome. It was quicker than Firefox. It was slimmer (memory and feature bloat) than Firefox. It was more secure than Firefox. And I could plug all kinds of things into it (Add-Ons/Extensions) to customize it with only those features and capabilities that helped make my experience on the Web better. If I didn’t need it, I didn’t' install it and thus kept the Chrome browser lean and mean. In fact, I hear from the Google Chrome Blog that Chrome is about to get more Speed and Security with pre-rendering of pages and enhanced URL and file-download checking. What’s not to like about that!

I gotta admit, high-school senior (these kids again!) Danny Stieben’s timely post at MakeUseOf blog probably sums it up right: Why It Eventually Won’t Matter What Browser You Use [Opinion].

It won’t. Honestly. It just won’t. Time to face the music and admit I’ve got to adopt the new (browser/web) core “technology” design model and landscape or I’ll become irrelevant and end up spending the rest of my days in that dilapidated and decaying wing of the New Web Mall hanging out with the other curmudgeons and making fun of those really dorky guys and gals still using AOL web-mails, web portal home-pages with their IE 5/6 and Firefox 3 web-browsers. Seriously? Who uses those anymore?!! Get a clue.

Here. Spin a wheel and take a pick. Take one. Use one. Just don’t become friends or companions. Someone’s bound to change and the relationship will sour, and there will be a new favorite.

The GSD Curmudgeon ends with these moving and inspiring words of wisdom and perspective on the whole thing.

Great Motivational Speech - It Just Doesn't Matter - YouTube

Ok…soap box away. We will now return to regular GSD programming.

--Claus V.

Posted by Claus at Sunday, January 22, 2012 5 comments
Labels: , , , , , , ,

On The Usefulness of a Pleasant Desk

vn4044ma.5rwI can’t believe I’ve been blogging now (fairly) consistently since 2005. I’ve gone from a peak posting rate of 311 posts in 2007 down to a low of just 40 posts last year in 2011.

Finding the time to blog has grown more and more challenging and I hope the quality and depth of many of my posts has grown over the years as well.

The last two years in particular have been a personal frustration as I have attempted to grow more “present” with my family and community while dealing with the tremendous workload presented in my “real” job that has meant longer hours, later hours, and technical challenges that have conspired to keep my technical processing brain-core on overdrive.

All that said, the biggest problem I had, however, hasn’t been a lack of inspiration, or of time, or of material.

I seriously believe it was the lack of a good desk and by extension, a good workspace.

See, from 2006-2009 a good part of my primary blogging hardware was based on desktop computers at home. First an old Gateway and later a small-form-factor barebones home-build kit.  Both these systems were kept in a nice desk that was located in our library/laundry room.  So I could hole up in the space, have few interruptions, and focus on writing, and blogging, and blogging. Lots of productivity.

In 2006 Lavie bought our first laptop. Then in 2007 Lavie won a Gateway laptop and it became her new laptop and the first one became a backup family pc.  Then in 2009 Lavie  picked up a larger laptop for herself and I took over the Gateway laptop as a secondary system while Alvis took over Lavie’s first one. Though I continued to patch and upgrade the SFF desktop pc I used, the Gateway laptop really became my primary home computing device and blogging platform. And in late 2010 I finally obtained my own "dream" notebook.

I sincerely believe the shift from using a desktop pc (at a desk) to a laptop (wherever) is what led to the biggest hit on my blogging production.

When I sit at a desk I have a productive mindset. When I’m in one of the chairs or couch in our living room I can blog, but it doesn’t feel as natural as just “couch-surfing” the web. I find it hard to build and maintain a writing rhythm if I’m anywhere but in front of a desk.

Since the girls REALLY wanted me to me more present with them and not hidden off in our library area, and I had a laptop, it was very seldom that I found myself in our study and my desk--and in a productive blogging mindset.

I’ve been trying to find a solution to the problem for some time. Unfortunately, the desk in the library while not large, just didn’t seem to lend itself to either our living room décor or function. So I’ve just coped, and the blogging rate has suffered.

vco4im4v.wovLast week I found a cheap trestle-style mini-desk that was perfect in color, style and size for the living room. With minimal rearrangement I was able to place it in the living room along with a nice matching traditional wooden chair with a faux-leather seat cushion. It was a great pairing.  While not my favorite in terms of style, it was a perfect pairing of form and function (and price) so I struck while the iron was still hot.

That weekend saw the slew of postings which has almost brought to half-as-many as all I did last year.

Now I have my own elegant and relaxing workspace again to use my laptop at; but still be “present” with Lavie and Alvis after work or on the weekends.

Now the story should end there.

However this weekend Alvis and I finally swapped got around to swapping our desks. These are not to be confused with the new one above.

See, Alvis has been using a large French-country style desk in her room for her homework/TV/laptop/crafting needs.  It is a beautiful desk that has an attached shelving unit over it. Meanwhile my desk (the one in the library I have mentioned already) is an Ikea special with a simple solid wood frame, a side-caddy for a desktop PC and a small pullout drawer that held all those misc. USB cables and PC hardware bits that accumulate.

Alvis in her artsy/interior-design-y mode decided she needed to “open up” the space in her room and swap desks. This way she has more physical room (since mine is smaller) and gain a desk that is more work-bench-like for her crafting. It will also work better for her new machine-sewing hobby and crafting system.

So yesterday we set to work clearing off our desks and emptying them of their contents. Lots of cables to re-manage, lots of missed-dust to remediate. And the desks were swapped.

Alvis’s (new-to-her) desk fit perfectly and holds a small LCD TV that doubles as a second monitor for her laptop. The solid wood surface is more firm for crafting and the lack of a overhead shelving system means she can now feed large lengths of fabric easily across the surface. She did add a small wire-baking-rack to the side of it for storing supplies. Now she has space galore in her room reclaimed.

My (new-to-me) desk is in the study. My second LCD monitor is tucked in a corner when I do decide to work back there and need a second monitor. (I decided it just didn’t fit the living room décor or small desk added there.) It has a USB keyboard/mouse combo as well on the slide-out tray just in case. The (now long-since disconnected until I eventually get around to using it as a SAN server option-1 option-2) SFF PC is tucked away in the side-caddy. The real plus has been getting all my technical books and manuals off the stacks in the library floor and nicely organized in the over-desk shelves. I’ve also got my network hardware (switches/routers) and external hard-drives nicely sitting in their “cubbies” as well. It looks downright nice.

Funny how these things work out…I finally find the perfect desk to get me out of the library, get crazy-productive again (and make both my girls and me harmoniously happy). And the very next weekend I end up creating the super organized and comfy writing-desk/computing-workbench in the man-cave library.

I guess that’s just how we roll around here.

So long-story-short, it’s neither a matter of here or there. Simply expect more blogging this year from the GSD ranch.

--Claus V.

Posted by Claus at Sunday, January 22, 2012 0 comments
Labels:

Saturday, January 21, 2012

Interesting Malware in Email Attempt - URL Scanner Links

Last weekend I spent some time with extended family helping confirm for them that their on-line email account got hacked and had been used to send some malware-linking spam emails to users in their contact list.

Yesterday our family email account was on the receiving end of someone -- possibly -- who fell victim to an email account hack as our email address was amongst several others included together receiving the email. I say possibly as none of us recognized the sender’s email address and it wasn’t in any of our address books. Possibly our along with the other’s email addresses had been harvested somehow and this was a fake spamming account. The “show-as” name was definitely non-standard and used some letters that related to that in the subject line.

It was pretty evident to me this was probably a dangerous site to go to, but being curiously-minded, I couldn’t pass up the chance to do some detective work.

The email originated from a yahoo mail account.

The Subject line was baited “ACH Transfer Canceled…” and the display name in the email address contained the letters “NACHA.”

ACH is meant to refer to the “Automated Clearing House” which handled financial transactions in the US overseen by the NACHA.  To most Americans, I’m betting these acronyms mean very little and they would be more taken with a sudden urge to grab some NACHOES instead. Maybe Europeans would be a little more anxious emails purporting to come from ACH and NACHA. I digress.

First thing I looked at was the message header. Lots of goodies there. We can follow the bounce between the yahoo mail sender to our ISP’s email servers. Times/dates of transmission.

Since this was a Yahoo mail account, it appears the header may actually contain the IP address of the the location the mail account was logged into from. This is the first time I have seen this so I need to do more research. The IP associated with this particular email is located in France.

The website IP Address Locator has lots of good tools for locating IP addresses as well as a feature that allows a copy/paste/analyze of email headers.

The content of the email was very thin, a single line with all the text ran together. There is a URL link markup there, however it misses getting all the characters. Hmm.

Toggling between the different modes of viewing email content in Thunderbird reveals odd results. If I look at it in original html mode I see a single line of text with an hyperlink in the middle.

If I view it in simple html most of the text is the same but a few characters are different.

If I view it in plain text, there is nothing showing.

Hovering over the hyperlink displayed shows a URL shortner link. Hmm. Set that aside for a moment.

So I back and look at the full header view again and find this in the message body:

Content-Type: text/html; charset=ISO-8859-5
Content-Transfer-Encoding: base64

Ah! So I copy/paste that large text block that follow that into this base64 online encoder / decoder and get a binary file to download! 

(More regarding content encoding methods here Content-Transfer-Encoding - MSDN, here The Content-Transfer-Encoding Header Field via freesoft.org and here Decoding Internet Attachments - A Tutorial by Michael Santovec.)

Opening that binary file in Notepad++ reveals the html code with the same actual URL embedded.

Guessing here they are using base64 coding for the content to try to get around email scanners.

OK, so let’s check out that URL.

Turns out it is using Google’s own URL shortning service: Google URL Shortener.  More info here. Google URL shortener - Web Search Help

Turns out this is a pretty cool choice from both sides of the security fence. By appending the URL with “.info” at the end of a Goog.le shortened URL we can find out the stats from Goo.gl URL shortener (Google Groups)

This is good from an attacker standpoint as they can easily monitor their success rate on the nibbles of this hook and any “hits” to the actual URL. Researchers can get info as well by monitoring the same info and how fast/long the “click-through” may happen.

h0j5wpnx.2up

Neat isn’t it?

Now that I’ve got the actual long URL that this points to, we can start tossing the URL at some on-line link analysis/scanner tools.

VirusTotal shows both TrendMicro and SCUMWARE.org report the long URL as a Malware/Malicious site.

Quttera reports it as serving up a suspicious javascript content via HTML page code.

Anubis: Analyzing Unknown Binaries provided a deeper review of the URL by capturing Windows system events in a virutal sandbox system. It accesses the Windows registry, mucks with some keys, created a cookie, reads the autoexec.bat file, mods some files and maps dll’s to memory and appears to try to download more stuff. The report is available in HTML, XML, PDF, and TXT formats.  Also, they offer a traffic.pcap file to download so you can examine the network traffic generated and perform any NFA you want to do.  This site/tool rocks from a depth of information standpoint.

urlQuery gives some more report feedback when it is sandboxed. Lots of Java script stuff. Another strong URL analysis reporting site.

Trying it a few more times changing the browser type/java version/flash version gets different results and the URL serving code reflects all kinds of different IP’s each time so that long URL seems to be hosted at a dynamic IP host allowing it to bounce around (serving up HTTP redirects) and serve up the malware code depending on platform from all over the place making it harder to track down the source.

urlQuery actually identified the network traffic code as being detected as Blackhole exploit kit v1.2 HTTP GET request.  Another clue.

I tossed the pcap file I got from Anubis into NETRESEC NetworkMiner. Nothing very interesting but my Microsoft Security Essentials alerted when the HTML page was reassembled by NetworkMiner and quarantined the file. It identified the page code as being Exploit:JS/Blacole.AR. (MS’s way of saying “blackhole” I suppose…)

Here are a series of links regarding these kinds of email spam threats in general as well as Blackhole info in particular as it relates with email spam campaigns, if you are curious.

I doubt this is the last our email inbox will see of these things, but the whole process has been quite fun to follow.

I’ve decided to leave out links/images of the actual email and the header-code/URL (short/long) but have passed it along to a number of security-spam websites in case it is of use.

A long time ago I had a list of URL-testing sites to feed a URL into to see if they were safe or not.  Most seem to have gone away, however the following forums had a number of new ones worth bookmarking. Hat tip to “PROROOTECT” for the legwork!

Here is a combined and cleaned up list based on the collective work there from PROROOTECT in both places and at least one or two I’m tossing in and a few from those lists I removed that seem dead/redirected incorrectly.  PROROOTECT does make a great point that the effectiveness of these vary, so a “bad” URL in one may come back as “clean” in another. So it’s best to run your URL through multiple sources.

Note, these are URL/web-page scanners. They are a bit different than on-line file-scanners/sandboxes used to analyze malware samples. Though a few seem to come pretty darn close with the depth of their reports/analysis.

Not “necessarily” ordered in order of usefulness.

PROROOTECT’s suggestion to use an online URL screenshotting service to capture the displayed URL safely is some good outside the box thinking. Kinda a “look-before-you-leap” thing if all the above items pass OK.

Fun trip if it wasn’t so serious…

--Claus V.

Update: I meant to add this in to the original post but got sidetracked. A recent Digital Forensics Case Leads post has mention of a super-fantastic investigation/forensic report involving anonymous emails. This is must-read material, not just in terms of the investigative methodology but also the way the report was composed and presented. Very clearly done!  I’m keeping a saved copy of the report for future reference; both technically and as a report template. From the post via the link above:

University of Illinois recently released a detailed investigation report (PDF) regarding anonymous emails allegedly sent by its Chief of Staff to the University's Senates Conference. The report is an interesting read, and also serves as a potentially useful model for those looking for report samples and templates.

Posted by Claus at Saturday, January 21, 2012 2 comments
Labels: , , , , , , , ,

Friday, January 20, 2012

Thoughts on a Plan to Drop POTS: Pros/Cons

zlb033yl.aj5

cc image attribution: “smashed phone” by Solarbotics on Flickr

Right now the Valca home has had a POTS/landline phone nearly forever. We got the copper during our engagement house-setup period. As newlyweds it was our technological lifeline to the social world.

Eventually we bought our first PC (an old Gateway skyscraper tower model), signed up for dial-up, and were rockin the Interwebs. Communication shift begins.

Later, Lavie was the early adopter of new tech with a cell phone.  We’ve stuck with the same provider, though it has been gobbled-up a few times leaving us with the current super-cellular provider. Shift again.

Then I got a cell phone as well. Not shifting, dancing now.

And then Alvis earned the responsibility of getting a cell phone.

Hello Family Plan. Now it’s like we are socially square-dancing with technology.

Cable broadband arrived so the dial-up was ditched and high-speed coax rules now. Social communication on a high-speed rail-line service. Whoopee!

All through time, good old POTS has remained present.  It seemed relevant during the Hurricane Ike event a few years ago and we had to evacuate from the house for a number of weeks. Electricity was out but since we had an answering machine connected, we could dial our POTS number to check for power.  When the answering machine eventually picked up again, we knew power had been restored.

Yet with Lavie still not working and the cost of living marching ever upward, we continue to look for ways to cut costs but the belt is pretty tight as it is.

Since we already have cable service (digital TV + Internet) I looked at adding the VOIP option, but once the introductory rate wears off in about 6 months, the price jumps and the savings diff is minimal. And when the cable service is out, everything is out. Too many eggs in one basket for my comfort in this one.

The POTS phone provider does have a super-simple plan (not that we have much at all on our current POTS plan) but the price (once you add in all the add-on charges and govt regulatory fees) isn’t that much less that what we are on now.

Now Alvis REALLY REALLY REALLY wants to upgrade her cell phone to an iPhone (which requires a data plan by our carrier). Not a problem but that’s another added cost to the budget.

Since our cellular plan covers all three of our phones, mobile-to-mobile calls are free, we have a family unlimited text plan, and we also get free nights/weekend calls, our mid-range minute package hardly gets used. It shameful to see how few minutes we actually can get to apply to our monthly minute package. Seriously.  Dropping to the next lower (lowest) family minutes package only nets us a $9.99 savings. Not enough to cover a data plan addition.

Today I had a brainstorm and am pondering the following.

If we drop our POTS line (~$65 “savings”) and port our “forever home” number over to a 4th cell phone, and add that to our Family Plan for an additional $9.99 monthly charge, even with additional monthly fees we are like saving at least $40/mo.  Any simple free phone would do, or I may be able to use an older (but still very nice and rock-solid) digital cell phone I had upgraded from with our same carrier and hung on to.

Pros:

  • We keep our same home # (assuming it can be ported to a cell service).
  • Don’t have to notify family, friends, vendors, everyone we do business with.
  • $ saved each month or at least break even (see next bullet).
  • Alvis gets her iPhone + data plan (and maybe Lavie too) and we break even.
  • Minute usage may increase but most calls to family & friends tend to already be mobile-to-mobile anyway, or during the unlimited nights/weekend period.
  • Home phone comes with us in a disaster/evacuation.
  • Can donate all our POTS-based phone technology handsets to the needy (if anyone will even take them).
  • Not tied to a bundled cable service so even if cable goes out, our home # should still work.

Cons:

  • Power goes out for an extended period of time, charging could be an issue if left at the house.
  • Maybe our home number couldn’t be ported…then what?
  • Transition/porting period could be a hassle.
  • Hope we don’t loose the charger.
  • Cell phone service/signal may be spotty in different parts of the house.
  • Can’t have multiple phones conveniently scattered around house to reach for easily when it rings (wall jacks appear to be a dime-a-dozen in our home).
  • Get locked deeper in with a already super-duper-mega cellular provider.
  • Would allow funding of iPhone takeover of Valca home and Apple becomes even more entrenched in our lifestyles…not necessarily a bad thing…just an observation.
  • Cost to replace phone higher if accidently dropped in loo or boiling pasta water while talking over stove cooking. Bad.

Any Grand Stream Dream blog readers out there done the dirty and dropped your copper/POTS for a pure-cellular experience?

The POTS provider is sure to tell us the world as we know it will end and “bad me” for contributing to the demise of POTS

What were your experiences?

Got any advice or see any Pros/Cons I’m missing?

Thanks,

--Claus V.

Posted by Claus at Friday, January 20, 2012 4 comments
Labels:

Monday, January 16, 2012

The Password is…

Last week we got a call from one of Lavie’s cousins. She and her husband had suddenly began getting phone calls from concerned friends as well as strange “undeliverable” email notices.

Mysteriously, at least one email had been sent from their on-line email account to all the recipients in their contacts in batches of ten or so.  Some folks had told them their own security apps had alerted when they tried to follow the link in the email.

It was pretty apparent to the couple that “something” was amiss with their PC but exactly what, they weren’t sure. They had already downloaded a second anti-virus tool and scanned their system with nothing found. They decided to call me to see if I could help them. I recommended they change the password and any security challenge questions immediately which they did, then arranged for a house-call the following day.

I already had a clue on what probably occurred, but went though my full checklist of items as I assessed the system. No rouge processes, no unexpected auto-start items. Additional security scans came through with flying colors.

Then I turned my attention to their email account.  This particular email provider (unfortunately) doesn’t provide any IP-based user sign-in event logging like some other main-stream web-mail providers do. That would have provided golden information.

What we did have is one overlooked original email in the “Sent” folder showing a mail time of 8:15 PM Wed night.  Neither of the couple reported being logged in on the system (or the email) at that time so it seemed fairly certain that is when the event occurred.

I mailed that to myself to look into the URL more later.

They use IE 9 and the system was fully patched. Flash and Java were outdated, but not too bad.

Based on my survey and additional questioning, it appears to me that someone had “hacked” their account using some kind of brute-force attack on their account, quickly they had composed at least one email containing a single URL to everyone in their address book.  I couldn’t find any evidence of a persistent threat on their system, and based on their feedback, I doubted a cross-site-scripting vulnerability had occurred.

For the really curious, here is a link to the urlQuery (free online URL scanner) findings from that particular URL I found: urlQuery scan result. Turns out that particular link leads to a compromised (?) website serving up fake AV scanner malware via some JavaScript code.  That is why some recipients of the email were likely getting alerts when they visited the site. Sneaky.

Turns out hacking email accounts and appropriating them (even “non-maliciously”) for spamming is big business and a common event for many web-citizens.

This couple -- it turns out -- had been using a very weak password so it fell probably pretty fast.

Turns out weak passwords remain a common plague.

ISC Diary | Analysis of the Stratfor Password List is another clear warning of this danger.

Steve Ragan posted a simply amazing Report: Analysis of the Stratfor Password List which has crazy fascinating data on passwords and just how weak most of them were, along with his own password cracking work to show just how easy these fall.  See also: Researchers find many weak Stratfor passwords -Naked Security.

A brief Sony password analysis - Troy Hunt’s Blog

Your Top 20 Most Common Passwords - Tom’s Hardware

And just over the weekend there was this: Zappos customer info is breached. Change your password now! [Updated] - TechBlog via Chron.com

What is one to do? This maybe?

z0sfabbn.qeg

xkcd: Password Strength (see also xkcd: Password Reuse)

If you want a quick way to assess the complexity/strength of the passwords you may have stored in your web-browser or some Windows applications, check out the Password Security Scanner freeware tool by NirSoft.

Some highly recommended online locations to check your current password strength against are:

Coming up with a truly secure and complex password can be a major task for some folks. And the web has no dearth of fantastic advice on the subject of what defines a strong password and how to create one.

From SophosLabs via YouTube

And just today, Lifehacker released a super-cool mega-graphic on password selection

Use This Infographic to Pick a Good, Strong Password - Lifehacker

Troy Hunt did a series of great, in-depth posts on password selection and science that are must-reads. I’m liking Troy’s writing and analysis and his blog has been added to my RSS must-read feed list.

Those last two points are my takeways, that nothing is more frustrating that internal application or external website password policies that are weak by design and force me to use a short password. And that the best password is one so damn complex there is no way I can remember it, even under duress.

I prefer to use the longest password the site/application will accept based on character count. (By the way…seriously guys, place your password policy and field limits up front to make this easy to figure out!)

How do I come up with one? I use two tools, a portable password manager application that stores the passwords in an encrypted container and a utility to generate randomized gobbly-gook passwords. In fact, many of the first item include the second item as a built in feature.

I linked to some of the GRC random password generators earlier but these other free portable password generation tools are great:

  • Password Guru - CEZEO Software generates complex and secure passwords with rule filters for length and special characters.
  • Password Generator - Gaijin Software - can generate up to 1000 passwords at once with advanced rule filters. Also includes a password checker to test password strength.
  • Password GeneratorXP - I’ve been using an ealier version of this app for a very long time. Latest version is 1.5 updated in December 2011.  Can generate random passwords up to 99 characters long! Rules allow character inclusion/exclusion and supports special symbols. Super app.
  • PWGen - Open-Source Password Generator for Windows using AES and SHA-2 crytography methods. Can support passwords with up to a crazy 20,000 length, can be fed a wordlist includes file if you prefer, can exclude “ambiguous” characters (like o and 0, l and 1, etc.). It can create up to 1,000,000 passwords at a time based on your rule patterns, or a single password instantly. The included manual file is great reading regarding password security in general and not just the program operation itself.
  • PassworG - Free password generator software - pretty simple to use but strong password generator that might be easier for some folks to use.

So how do you manage these complex passwords?

Pick at least one tool from each category and learn to use them, then use them always.

And for those of you who say “Claus, put all my wicked crazy passwords (from PWGen) in an encrypted database password manager (KeePass) and stick them on my USB drive for fast access? What if I loose it?”

I suppose you could create a TrueCrypt encrypted file, then put the encrypted KeePass data base inside it…

Just be sure you select a different crazy complex random password for each of them.

And put them in another password manager for safekeeping in case you forget.

Cheers!

--Claus V.

Posted by Claus at Monday, January 16, 2012 0 comments
Labels: ,

D7 - Wicked Scary Tweaking tool

I love windows tweaking tools.  I’ve got a large collection of them reaching back into my XP days forward into Windows 8.

Couldn’t live without most of them.

However, I’ve finally met one that just downright scares me. Seriously. I’m still sitting on it wondering if I really want to get behind the wheel of this one (yeah, I do!).

D7 project from Foolish IT

First take a look at a ton of screenshots via this Addictive Tips post: D7 Is All-In-One System Backup, Maintenance, Repair & Tweaking Tool.

From the D7 homepage:

D7 is a tool for PC technicians to aid in many tasks and provide a uniform procedure for technicians to follow.  It has many capabilities and many uses including but not limited to:

  • offline and live malware removal assistance via many internal and 3rd party tools
  • automatic download/extraction of 3rd party tools on demand when missing
  • repairing Windows after malware removals
  • general PC maintenance
  • offline and live registry editing with mass search & delete features
  • offline and live data backup
  • CPU/RAM stress testing
  • information gathering and quality assurance uses
  • OS Branding
  • IP/DNS configuration + backup & restore
  • shortcuts to frequently used Windows components
  • quick access to frequently used Windows tweaks
  • numerous right-click context menu (in Windows Explorer) features for working with files and directories
  • wrappers / one-click execution options for frequently used command line tools
  • synchronization of Malware Scan definition files
  • automatic updates of all your favorite 3rd party tools via Ketarin
  • offline application of password removal tricks enabling you to gain access to password protected live systems
Too much to list here, right now at least. 

And then it is accompanied by this warning that I usually just merrily ignore on most tweaking tools but gives me great pause with D7."

“THIS TOOL IS INTENDED FOR EXPERIENCED PC TECHNICIANS ONLY, NOT FOR "END USERS."  This tool can be very dangerous and destructive if you don't know how to use it properly, or are inexperienced in malware removal techniques.” 

Need more info before jumping in?

Pics and Vids via D7 page

Online Manual via D7 page

According to the author it is fully portable but there are some considerations. Please see the SETUP section of the online manual for a good understanding.

It’s a simply amazing tool for advanced sysadmins and PC techs.

Wield it with caution!

Dragons lurk here…

--Claus V.

Posted by Claus at Monday, January 16, 2012 0 comments
Labels: ,
Subscribe to: Posts (Atom)