Something Random

Nitsirk

What is this storage?
Joined
Mar 7, 2007
Messages
45
Nits was one of my students. She has a house that's just a tad too far from actual civilization. Which, in my estimation, is that place where one can't get cable internet.

My neighbor down the road (on my same county road) that has Comcast is 1000' away. I live less than a mile from US Rte 6 and less than 1/4 mile from State Road US 2. These are main thoroughfares. There are already poles down my street for other utilities but Comcast stops 1000' away. The quote they gave me shows that they need to run 8000' of underground bored cable. I find that very hard to believe unless they need to bore 7000' feet into the earth before they run the line 1000' horizontally. I am still waiting for the assholes to explain why that is.

I have been going round and round and round again with them since May. I called Comcast before I even put an offer on the home and they assured me we were serviceable. I've given up on Comcast residential so Comcast business is my last resort. They gave me hope but now it sounds like more of the same as residential. I should have known when I sent them an inquiry on 9/23 and I got an automated email back saying someone would contact me within the hour. They contacted me back just last week. 1 hour vs. over 2 months?? Go go Comcast customer service. Jerks.
 

sdbardwick

Storage is cool
Joined
Mar 12, 2004
Messages
609
Location
North San Diego County
Is that area under a local franchise agreement (Indiana stated phasing those out starting in '06)? If so, complaining in writing as a residential consumer to the franchise authority will at least get some attention from Comcast, and a more detailed and reasoned examination of the situation. If not a local agreement, then you are probably SOL, as the new regulations are crappy from a consumer POV.
 

Nitsirk

What is this storage?
Joined
Mar 7, 2007
Messages
45
The actual Internet service is hard to beat, I'll admit that. I am sorely missing it. Their local office along with their customer service, sales, technical, and surveying departments can all burn in the fiery pits of hell as far as I'm concerned. They tell lies, they never call back, and the front line customer service reps are completely useless.
 

Nitsirk

What is this storage?
Joined
Mar 7, 2007
Messages
45
Is that area under a local franchise agreement (Indiana stated phasing those out starting in '06)? If so, complaining in writing as a residential consumer to the franchise authority will at least get some attention from Comcast, and a more detailed and reasoned examination of the situation. If not a local agreement, then you are probably SOL, as the new regulations are crappy from a consumer POV.

I've asked about that and was told that their agreement is with the Indiana Regulatory Commission out of Indianapolis. That might be a lie too but I can't find anything that says otherwise.
 

Nitsirk

What is this storage?
Joined
Mar 7, 2007
Messages
45
I've asked about that and was told that their agreement is with the Indiana Regulatory Commission out of Indianapolis. That might be a lie too but I can't find anything that says otherwise.

Oh, and I did contact them and all they did was forward my concerns onto Comcast. Gee, thanks.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
Is that area under a local franchise agreement (Indiana stated phasing those out starting in '06)? If so, complaining in writing as a residential consumer to the franchise authority will at least get some attention from Comcast, and a more detailed and reasoned examination of the situation. If not a local agreement, then you are probably SOL, as the new regulations are crappy from a consumer POV.

Of course, she's inquiring about BUSINESS service to her home, which is probably regulated differently. Also, this is Indiana, a state that's right up there with Texas and Kansas in terms of commitment to building a regulation-free Objectivist utopia.
 

sdbardwick

Storage is cool
Joined
Mar 12, 2004
Messages
609
Location
North San Diego County
Of course, she's inquiring about BUSINESS service to her home, which is probably regulated differently. Also, this is Indiana, a state that's right up there with Texas and Kansas in terms of commitment to building a regulation-free Objectivist utopia.
This is moot in the instant case, but as a general rule when dealing with regulators, if you can choose between characterizing yourself as a business customer or as a consumer, always pick consumer.

Nitsirk originally tried with the residential side of Comcast, and my (now obviated) advice was to take that role when interacting with the regulators.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
The Aeron Side Chair can actually be had for under $300, but they don't look that comfortable to me and I've never liked full size Aerons anyway.

I love the full-sized units. I've purchased three over the years, with the cheapest being about $800 for the PostureFit and about $950 for the executive. The OfficeMax special chairs at the house are starting to fail after a decade, and I'd love to pick up a pair.
 

CougTek

Hairy Aussie
Joined
Jan 21, 2002
Messages
8,729
Location
Québec, Québec
I love the full-sized units. I've purchased three over the years, with the cheapest being about $800 for the PostureFit and about $950 for the executive.
The local stores around your place probably puff the prices when they see you coming because they know that you're made of money.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
I don't understand why people pay that for them. I don't think they're any more comfortable than any other chair.
I do want a mesh back and seat though because I think it'll age better.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Oh, I hate those chairs. They must fit lanky Scandinavians or chubby little grandmothers or something, but not me.

I remember years ago when the Aileron chairs were on a wave of popularity all the yuppies wanted one.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
I guess they just fit my frame better? I love the things. I've fallen asleep in them for 6-8 hours and woke up without being sore. The mesh is perfect for remaining cool and dry for prolonged periods. The two at home are also right in the middle of the living room, so appearance is a thing.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
The local stores around your place probably puff the prices when they see you coming because they know that you're made of money.

Other than groceries I haven't been in a physical store in nearly two years. I know "personalized pricing" is coming to online stores soon, but I don't think its here yet.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
I've just encountered a malware application that appears to use a Flash exploit to

1. Install new user accounts on an infected Windows machines. The accounts are hidden from the Windows login screen but visible from User Management. So far I've seen "app", "user" and "db."
2. It seems to install a JRE if one is not present. I can't ABSOLUTELY verify this, but I did the user setup on the four infected machines I've seen and I know I didn't put Java on them and I don't think the users are smart enough to do it.
3. Install a Bitcoin mining application. On a couple of the machines where there has been more than one user account I've observed that each user account has its own copy of the bitcoin mining app (jhprimeminer) installed.
4. AV software - Kaspersky (normally the king of paranoia) - finds nothing. Rootkit scan finds nothing. Malware scans find typical malware craps (Conduit etc) but nothing serious. I didn't break out every tool I could possibly use to figure out what was going on, but I'm really not surprised at all to encounter someone using malware to pad out their bitcoin mining.

I was alerted to the matter because the machines were "slow as shit" and making way more noise than usual. Needless to say, I'm going to wipe and reload those machines, but from what I can tell everybody who had an issue was playing a Flash-based bubble popper game.
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,359
Location
Gold Coast Hinterland, Australia
@Merc, so where is the failure?
1. Yet another Flash exploit?
2. The web-browser sandbox didn't exist? Or was easily bypassed?
3. The user were running with admin privileges? (eg needed to create user accounts, registry modification (to avoid the login screen), install a JVM, start services). Or was there some sort of privilege escalation exploit as well?
4. Allowing applications to run from %AppData% or %TEMP% or %TMP%? (typically used as initial jumping off point for malware that is downloaded via JavaScript, Flash, embedded in DOCs, ZIPs, etc).
5. UAC turned off?
6. Improper firewall setup? (no prompting for unknown outbound traffic).
7. Trusting AV software?
8. PBKAC?
9. All of the above?
10. ???
11. Profit? (for the miner)...
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
Flash Exploit is my my best guess. These users were using up to date Chrome, which suggests up to date Flash. The game seems to have been the point of intersection. They don't have Acrobat and they didn't have Java.

These are users with Admin rights on their own machines (they're laptops and that would be a total PITA to lock down). UAC is on as are Microsoft updates and ninite for most other stuff. These are people who have a hard time with the concept of printing to a non-default printer and have to be reminded about the right mouse button, so it's unlikely any of them would go do anything as disruptive as all this.

The machines in question use Kaspersky AV + (paid, auto-updating) Spybot Immunizations and Adblock Plus for security.

It looks like the heavy lifting exploit is all run from its own administrator-level account. The jhprimeminer.exe was simply sitting in the \Downloads folder for the newly created account. It wasn't running out of a temp directory. There wasn't really any attempt to hide the application, other than having "show processes from all users" and checking to see what the hell those user accounts were. The Windows firewall does not appear to have been molested, which probably just means that jhprimeminder uses port 80 to do whatever it does.

So I'm looking at some kind of malware or rootkit or something that's able to exploit enough different issues that it can seemingly create new admin level user accounts and execute arbitrary applications from there. It's particularly weird if it's working from a web browser and since it does very little to cover its tracks.

As I said I'm just going to scrub those machines, but there's so many bad things happening with that that it really looks like a total breakdown of both the browser and the OS security model.
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,359
Location
Gold Coast Hinterland, Australia
Nuking them from orbit is obviously the only way to be sure...

But I think you certainly highlighted the points of failure...
1. Users with admin rights...
2. Code can execute from %AppData% (This is were Flash has read/write access to in it's default setting)...

And this probably wasn't even a hard to develop exploit (even if there was one), but rather the actions of compromised software (the game was itself the trojan and delivery mechanism). And the users setup (see 1 and 2), simply allowed all this to happen, as if it were regular software doing it's thing...

Based on speculation, to archive what you've described is not very hard:
1. Compromised Flash game drops executable/shell code into %AppData%.
2. The executable/shell code is run, which:
a. Creates the new accounts.
b. Changes to those accounts (via the Windows su mechanism).
c. runs wget (or similar inbuilt mechanism) to download the miner application.
d. modifies the registry to auto-start the mining applications on reboot.
e. starts the mining applications.
f. changes back to the original user...
g. cleans up it's initial payload that was delivered via the Flash game...
3. Miner profits...

None of the above is really that hard, especially via a Powershell script... (or even CScript, or one of the older scripting engines). It doesn't even have to be an executable, which may be how it got past the AV. (I don't think most AV solutions really scan for scripts these days, so is a weak point, yep that rights, they mostly only scan for MZ/PE COFF executables, not shell scripts by default).
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
Mine might be even more "out there" because I want to be able to reach very high altitudes. That might require a HUGE gas bag the size of a supertanker. Or perhaps a hybrid design which has two envelopes. The normal one is for flying at regular altitudes. It has the capability to expand in volume maybe a few dozen times to enable very high altitudes. The gondola of course would need to be pressurized. I'm thinking how relaxing it might be living in comfort at about 100,000 feet, looking out at a black sky and seeing the curvature of the Earth. Not quite outer space, but close.

This is of course going to be an issue. At only 5500m (18,000ft), the volume of the lifting gas needs to be double what it is at sea level. In order to make a quick stop on top of Mt Everest would require a volume three times larger than sea level. The durability/reliability I want pretty much dictates a rigid outer shell/skeleton protecting many inner envelopes. The original zeppelins suffered envelope failure at 3000 feet.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
And a big thank you to Merc and mubs for actively contributing to this community long enough to accumulate 18,000(!) and 4,000 posts, respectively!
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
Yup. I posted a bunch more times. I do that here. :)

Anyway yeah I probably know a dozen girls who would be THRILLED to get a Slave Leia Pony. I actually just ordered a Clone Wars birthday cake for one of my friends anyway.
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,865
Location
Michigan
So apparently "Maggie" managed to open a Pinterest account with my e-mail address. You can't submit a request to close it without filling in a bunch of fields like, first name, last name, account name (like I know this...), if you use a computer, phone, etc to access it. The browser you use, and other nonsense.

Unfortunately, I can't confirm that I gave them honest answers. :twistd:
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
So apparently "Maggie" managed to open a Pinterest account with my e-mail address. You can't submit a request to close it without filling in a bunch of fields like, first name, last name, account name (like I know this...), if you use a computer, phone, etc to access it. The browser you use, and other nonsense.

Unfortunately, I can't confirm that I gave them honest answers. :twistd:

Interesting. You'd think that there would be an e-mail authorization step before account creation. I probably would have started with "forgot password" and started deleting from there.
 

Stereodude

Not really a
Joined
Jan 22, 2002
Messages
10,865
Location
Michigan
Interesting. You'd think that there would be an e-mail authorization step before account creation. I probably would have started with "forgot password" and started deleting from there.
Supposedly Facebook has an e-mail authorization step, but my e-mail has gotten signed up a few times despite that.

In the bottom of the Pinterest e-mails there's a "Didn't sign up for Pinterest? Please let us know!" link that takes you to a page that tells you roughly how to fill out their help form. After you fill out the help form with all the required fields and submit it they send you a confirmation e-mail and tell you to reply to it to confirm ownership. So far nothing else has happened, so who knows if I got the membership associated to my e-mail canceled / closed or not.
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
Someone used my email to sign up for CareerBuilder. He was looking for a menial job in the New Jersey area. I was able to take control of the account, however, getting it closed was extremely difficult.
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,747
Location
Horsens, Denmark
I've heard that (for identity theft protection) even if you don't plan on traveling internationally you should get a passport because it is easier to apply for a first one than apply for a replacement. Perhaps proactively registering for these services is a decent way to defend against this stuff?
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
There are too many websites out there to register for.

Maybe I should work on an app that automagically registers for everything that it knows about.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
Someone used my email to sign up for CareerBuilder. He was looking for a menial job in the New Jersey area. I was able to take control of the account, however, getting it closed was extremely difficult.

There's a dude in Montana or North Dakota who keeps trying to sign up for Facebook and some other services (Christian Mingle and Plenty Of Fish) using an email address that's registered to me. We have the same surname but we aren't related. If I had any idea how to actually contact him I would, but this guy is such a moron he doesn't even know his own e-mail address, and the only thing I really have is an IP block. The only reason I have THAT is that a few of the services give me the IP used during registration.

Of course, there's no way for me as a non-user to tell those services not to allow registrations from my e-mail address.
 
Top