ddrueding
Fixture
Where are you getting Aerons for only $500?
Something Random
- Thread starter ddrueding
- Start date
Where are you getting Aerons for only $500?
timwhit
Hairy Aussie
My neighbor down the road (on my same county road) that has Comcast is 1000' away. I live less than a mile from US Rte 6 and less than 1/4 mile from State Road US 2. These are main thoroughfares. There are already poles down my street for other utilities but Comcast stops 1000' away. The quote they gave me shows that they need to run 8000' of underground bored cable. I find that very hard to believe unless they need to bore 7000' feet into the earth before they run the line 1000' horizontally. I am still waiting for the assholes to explain why that is.
I have been going round and round and round again with them since May. I called Comcast before I even put an offer on the home and they assured me we were serviceable. I've given up on Comcast residential so Comcast business is my last resort. They gave me hope but now it sounds like more of the same as residential. I should have known when I sent them an inquiry on 9/23 and I got an automated email back saying someone would contact me within the hour. They contacted me back just last week. 1 hour vs. over 2 months?? Go go Comcast customer service. Jerks.
Mercutio
Fatwah on Western Digital
They need to go the extra 7000' down because of course Comcast's internets come from the fiery pits of hell. Duh.
sdbardwick
Storage is cool
Is that area under a local franchise agreement (Indiana stated phasing those out starting in '06)? If so, complaining in writing as a residential consumer to the franchise authority will at least get some attention from Comcast, and a more detailed and reasoned examination of the situation. If not a local agreement, then you are probably SOL, as the new regulations are crappy from a consumer POV.
The actual Internet service is hard to beat, I'll admit that. I am sorely missing it. Their local office along with their customer service, sales, technical, and surveying departments can all burn in the fiery pits of hell as far as I'm concerned. They tell lies, they never call back, and the front line customer service reps are completely useless.
I've asked about that and was told that their agreement is with the Indiana Regulatory Commission out of Indianapolis. That might be a lie too but I can't find anything that says otherwise.
Oh, and I did contact them and all they did was forward my concerns onto Comcast. Gee, thanks.
Mercutio
Fatwah on Western Digital
The Aeron Side Chair can actually be had for under $300, but they don't look that comfortable to me and I've never liked full size Aerons anyway.
Mercutio
Fatwah on Western Digital
Of course, she's inquiring about BUSINESS service to her home, which is probably regulated differently. Also, this is Indiana, a state that's right up there with Texas and Kansas in terms of commitment to building a regulation-free Objectivist utopia.
sdbardwick
Storage is cool
This is moot in the instant case, but as a general rule when dealing with regulators, if you can choose between characterizing yourself as a business customer or as a consumer, always pick consumer.
Nitsirk originally tried with the residential side of Comcast, and my (now obviated) advice was to take that role when interacting with the regulators.
ddrueding
Fixture
I love the full-sized units. I've purchased three over the years, with the cheapest being about $800 for the PostureFit and about $950 for the executive. The OfficeMax special chairs at the house are starting to fail after a decade, and I'd love to pick up a pair.
CougTek
Hairy Aussie
The local stores around your place probably puff the prices when they see you coming because they know that you're made of money.
Mercutio
Fatwah on Western Digital
I don't understand why people pay that for them. I don't think they're any more comfortable than any other chair.
I do want a mesh back and seat though because I think it'll age better.
I do want a mesh back and seat though because I think it'll age better.
Oh, I hate those chairs. They must fit lanky Scandinavians or chubby little grandmothers or something, but not me.
I remember years ago when the Aileron chairs were on a wave of popularity all the yuppies wanted one.
I remember years ago when the Aileron chairs were on a wave of popularity all the yuppies wanted one.
ddrueding
Fixture
I guess they just fit my frame better? I love the things. I've fallen asleep in them for 6-8 hours and woke up without being sore. The mesh is perfect for remaining cool and dry for prolonged periods. The two at home are also right in the middle of the living room, so appearance is a thing.
ddrueding
Fixture
Other than groceries I haven't been in a physical store in nearly two years. I know "personalized pricing" is coming to online stores soon, but I don't think its here yet.
timwhit
Hairy Aussie
I think he is joking.
Mercutio
Fatwah on Western Digital
I've just encountered a malware application that appears to use a Flash exploit to
1. Install new user accounts on an infected Windows machines. The accounts are hidden from the Windows login screen but visible from User Management. So far I've seen "app", "user" and "db."
2. It seems to install a JRE if one is not present. I can't ABSOLUTELY verify this, but I did the user setup on the four infected machines I've seen and I know I didn't put Java on them and I don't think the users are smart enough to do it.
3. Install a Bitcoin mining application. On a couple of the machines where there has been more than one user account I've observed that each user account has its own copy of the bitcoin mining app (jhprimeminer) installed.
4. AV software - Kaspersky (normally the king of paranoia) - finds nothing. Rootkit scan finds nothing. Malware scans find typical malware craps (Conduit etc) but nothing serious. I didn't break out every tool I could possibly use to figure out what was going on, but I'm really not surprised at all to encounter someone using malware to pad out their bitcoin mining.
I was alerted to the matter because the machines were "slow as shit" and making way more noise than usual. Needless to say, I'm going to wipe and reload those machines, but from what I can tell everybody who had an issue was playing a Flash-based bubble popper game.
1. Install new user accounts on an infected Windows machines. The accounts are hidden from the Windows login screen but visible from User Management. So far I've seen "app", "user" and "db."
2. It seems to install a JRE if one is not present. I can't ABSOLUTELY verify this, but I did the user setup on the four infected machines I've seen and I know I didn't put Java on them and I don't think the users are smart enough to do it.
3. Install a Bitcoin mining application. On a couple of the machines where there has been more than one user account I've observed that each user account has its own copy of the bitcoin mining app (jhprimeminer) installed.
4. AV software - Kaspersky (normally the king of paranoia) - finds nothing. Rootkit scan finds nothing. Malware scans find typical malware craps (Conduit etc) but nothing serious. I didn't break out every tool I could possibly use to figure out what was going on, but I'm really not surprised at all to encounter someone using malware to pad out their bitcoin mining.
I was alerted to the matter because the machines were "slow as shit" and making way more noise than usual. Needless to say, I'm going to wipe and reload those machines, but from what I can tell everybody who had an issue was playing a Flash-based bubble popper game.
Chewy509
Wotty wot wot.
@Merc, so where is the failure?
1. Yet another Flash exploit?
2. The web-browser sandbox didn't exist? Or was easily bypassed?
3. The user were running with admin privileges? (eg needed to create user accounts, registry modification (to avoid the login screen), install a JVM, start services). Or was there some sort of privilege escalation exploit as well?
4. Allowing applications to run from %AppData% or %TEMP% or %TMP%? (typically used as initial jumping off point for malware that is downloaded via JavaScript, Flash, embedded in DOCs, ZIPs, etc).
5. UAC turned off?
6. Improper firewall setup? (no prompting for unknown outbound traffic).
7. Trusting AV software?
8. PBKAC?
9. All of the above?
10. ???
11. Profit? (for the miner)...
1. Yet another Flash exploit?
2. The web-browser sandbox didn't exist? Or was easily bypassed?
3. The user were running with admin privileges? (eg needed to create user accounts, registry modification (to avoid the login screen), install a JVM, start services). Or was there some sort of privilege escalation exploit as well?
4. Allowing applications to run from %AppData% or %TEMP% or %TMP%? (typically used as initial jumping off point for malware that is downloaded via JavaScript, Flash, embedded in DOCs, ZIPs, etc).
5. UAC turned off?
6. Improper firewall setup? (no prompting for unknown outbound traffic).
7. Trusting AV software?
8. PBKAC?
9. All of the above?
10. ???
11. Profit? (for the miner)...
Mercutio
Fatwah on Western Digital
Flash Exploit is my my best guess. These users were using up to date Chrome, which suggests up to date Flash. The game seems to have been the point of intersection. They don't have Acrobat and they didn't have Java.
These are users with Admin rights on their own machines (they're laptops and that would be a total PITA to lock down). UAC is on as are Microsoft updates and ninite for most other stuff. These are people who have a hard time with the concept of printing to a non-default printer and have to be reminded about the right mouse button, so it's unlikely any of them would go do anything as disruptive as all this.
The machines in question use Kaspersky AV + (paid, auto-updating) Spybot Immunizations and Adblock Plus for security.
It looks like the heavy lifting exploit is all run from its own administrator-level account. The jhprimeminer.exe was simply sitting in the \Downloads folder for the newly created account. It wasn't running out of a temp directory. There wasn't really any attempt to hide the application, other than having "show processes from all users" and checking to see what the hell those user accounts were. The Windows firewall does not appear to have been molested, which probably just means that jhprimeminder uses port 80 to do whatever it does.
So I'm looking at some kind of malware or rootkit or something that's able to exploit enough different issues that it can seemingly create new admin level user accounts and execute arbitrary applications from there. It's particularly weird if it's working from a web browser and since it does very little to cover its tracks.
As I said I'm just going to scrub those machines, but there's so many bad things happening with that that it really looks like a total breakdown of both the browser and the OS security model.
These are users with Admin rights on their own machines (they're laptops and that would be a total PITA to lock down). UAC is on as are Microsoft updates and ninite for most other stuff. These are people who have a hard time with the concept of printing to a non-default printer and have to be reminded about the right mouse button, so it's unlikely any of them would go do anything as disruptive as all this.
The machines in question use Kaspersky AV + (paid, auto-updating) Spybot Immunizations and Adblock Plus for security.
It looks like the heavy lifting exploit is all run from its own administrator-level account. The jhprimeminer.exe was simply sitting in the \Downloads folder for the newly created account. It wasn't running out of a temp directory. There wasn't really any attempt to hide the application, other than having "show processes from all users" and checking to see what the hell those user accounts were. The Windows firewall does not appear to have been molested, which probably just means that jhprimeminder uses port 80 to do whatever it does.
So I'm looking at some kind of malware or rootkit or something that's able to exploit enough different issues that it can seemingly create new admin level user accounts and execute arbitrary applications from there. It's particularly weird if it's working from a web browser and since it does very little to cover its tracks.
As I said I'm just going to scrub those machines, but there's so many bad things happening with that that it really looks like a total breakdown of both the browser and the OS security model.
Chewy509
Wotty wot wot.
Nuking them from orbit is obviously the only way to be sure...
But I think you certainly highlighted the points of failure...
1. Users with admin rights...
2. Code can execute from %AppData% (This is were Flash has read/write access to in it's default setting)...
And this probably wasn't even a hard to develop exploit (even if there was one), but rather the actions of compromised software (the game was itself the trojan and delivery mechanism). And the users setup (see 1 and 2), simply allowed all this to happen, as if it were regular software doing it's thing...
Based on speculation, to archive what you've described is not very hard:
1. Compromised Flash game drops executable/shell code into %AppData%.
2. The executable/shell code is run, which:
a. Creates the new accounts.
b. Changes to those accounts (via the Windows su mechanism).
c. runs wget (or similar inbuilt mechanism) to download the miner application.
d. modifies the registry to auto-start the mining applications on reboot.
e. starts the mining applications.
f. changes back to the original user...
g. cleans up it's initial payload that was delivered via the Flash game...
3. Miner profits...
None of the above is really that hard, especially via a Powershell script... (or even CScript, or one of the older scripting engines). It doesn't even have to be an executable, which may be how it got past the AV. (I don't think most AV solutions really scan for scripts these days, so is a weak point, yep that rights, they mostly only scan for MZ/PE COFF executables, not shell scripts by default).
But I think you certainly highlighted the points of failure...
1. Users with admin rights...
2. Code can execute from %AppData% (This is were Flash has read/write access to in it's default setting)...
And this probably wasn't even a hard to develop exploit (even if there was one), but rather the actions of compromised software (the game was itself the trojan and delivery mechanism). And the users setup (see 1 and 2), simply allowed all this to happen, as if it were regular software doing it's thing...
Based on speculation, to archive what you've described is not very hard:
1. Compromised Flash game drops executable/shell code into %AppData%.
2. The executable/shell code is run, which:
a. Creates the new accounts.
b. Changes to those accounts (via the Windows su mechanism).
c. runs wget (or similar inbuilt mechanism) to download the miner application.
d. modifies the registry to auto-start the mining applications on reboot.
e. starts the mining applications.
f. changes back to the original user...
g. cleans up it's initial payload that was delivered via the Flash game...
3. Miner profits...
None of the above is really that hard, especially via a Powershell script... (or even CScript, or one of the older scripting engines). It doesn't even have to be an executable, which may be how it got past the AV. (I don't think most AV solutions really scan for scripts these days, so is a weak point, yep that rights, they mostly only scan for MZ/PE COFF executables, not shell scripts by default).
ddrueding
Fixture
This is of course going to be an issue. At only 5500m (18,000ft), the volume of the lifting gas needs to be double what it is at sea level. In order to make a quick stop on top of Mt Everest would require a volume three times larger than sea level. The durability/reliability I want pretty much dictates a rigid outer shell/skeleton protecting many inner envelopes. The original zeppelins suffered envelope failure at 3000 feet.
ddrueding
Fixture
And a big thank you to Merc and mubs for actively contributing to this community long enough to accumulate 18,000(!) and 4,000 posts, respectively!
ddrueding
Fixture
Mercutio
Fatwah on Western Digital
Yup. I posted a bunch more times. I do that here. 
Anyway yeah I probably know a dozen girls who would be THRILLED to get a Slave Leia Pony. I actually just ordered a Clone Wars birthday cake for one of my friends anyway.
Anyway yeah I probably know a dozen girls who would be THRILLED to get a Slave Leia Pony. I actually just ordered a Clone Wars birthday cake for one of my friends anyway.
mubs
Storage? I am Storage!
Good you're noticing these things, Dave, you'll make your little girl a good dad!
mubs
Storage? I am Storage!
A Very Happy New Year to All! May it be filled with robust health, abundant joy and great prosperity!
ddrueding
Fixture
I'm actually pretty happy about Disney picking up the Star Wars franchise; now the question "Who is your favorite Disney princess?" has a good answer: Leia!
mubs
Storage? I am Storage!
Bozo
Storage? I am Storage!
That's great!!!
Stereodude
Not really a
So apparently "Maggie" managed to open a Pinterest account with my e-mail address. You can't submit a request to close it without filling in a bunch of fields like, first name, last name, account name (like I know this...), if you use a computer, phone, etc to access it. The browser you use, and other nonsense.
Unfortunately, I can't confirm that I gave them honest answers. :twistd:
Unfortunately, I can't confirm that I gave them honest answers. :twistd:
ddrueding
Fixture
Interesting. You'd think that there would be an e-mail authorization step before account creation. I probably would have started with "forgot password" and started deleting from there.
Stereodude
Not really a
Supposedly Facebook has an e-mail authorization step, but my e-mail has gotten signed up a few times despite that.
In the bottom of the Pinterest e-mails there's a "Didn't sign up for Pinterest? Please let us know!" link that takes you to a page that tells you roughly how to fill out their help form. After you fill out the help form with all the required fields and submit it they send you a confirmation e-mail and tell you to reply to it to confirm ownership. So far nothing else has happened, so who knows if I got the membership associated to my e-mail canceled / closed or not.
ddrueding
Fixture
I'm quite happy that I don't use an @hotmail/yahoo/gmail/att/whatever domain for my addresses, it is far less likely that someone would enter my address by accident.
A friend signed up very early and got commonfirstname.commonlastname@gmail.com and gets hammered by friends of other people who have that name.
A friend signed up very early and got commonfirstname.commonlastname@gmail.com and gets hammered by friends of other people who have that name.
timwhit
Hairy Aussie
Someone used my email to sign up for CareerBuilder. He was looking for a menial job in the New Jersey area. I was able to take control of the account, however, getting it closed was extremely difficult.
ddrueding
Fixture
I've heard that (for identity theft protection) even if you don't plan on traveling internationally you should get a passport because it is easier to apply for a first one than apply for a replacement. Perhaps proactively registering for these services is a decent way to defend against this stuff?
timwhit
Hairy Aussie
There are too many websites out there to register for.
Maybe I should work on an app that automagically registers for everything that it knows about.
Maybe I should work on an app that automagically registers for everything that it knows about.
Mercutio
Fatwah on Western Digital
There's a dude in Montana or North Dakota who keeps trying to sign up for Facebook and some other services (Christian Mingle and Plenty Of Fish) using an email address that's registered to me. We have the same surname but we aren't related. If I had any idea how to actually contact him I would, but this guy is such a moron he doesn't even know his own e-mail address, and the only thing I really have is an IP block. The only reason I have THAT is that a few of the services give me the IP used during registration.
Of course, there's no way for me as a non-user to tell those services not to allow registrations from my e-mail address.
ddrueding
Fixture
And if you were to create an account on those services, he would just hit the "I forgot my password" button over and over....