Dreams of Thought

Are dreams thoughts… or are thoughts dreams..

RSS Feed

Archives for computer security

The most difficult captcha there is

5 Comments

I was browsing through the site of a celebrity recently and came across the contact page. I was shocked to find the captcha there. Take a look yourself and be amazed : http://www.gulpanag.net/contact_gul_panag.php

Why would anyone display the captcha as text ready for a bot passing by to read? (It’s even got a nice class – captchas – wrapping it) Is that some kind of a honeypot? Is that a dummy form? Does the site admin feel lonely because no one sends him/her mail and is hoping to at least read spam?

Jun 2, 2009

Hoax mail from “Microsoft”

0 Comments

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner
Director of Security Assurance
Microsoft Corp.

—–BEGIN PGP SIGNATURE—–
Version: PGP 7.1

O61N09JLE94LTDLYEQGYL779BT77V3HNOBDRRHH429ANQMKHZJ2KJTN4SOIHO7Q69
P1T0FUAXM2NETPWIK57I76JW26P06ZMJVM3AALK2EHLW5FLLSD88MJ4CIQ44YUW7G
D6M4BT8E0NMNPMKGKBL44AWDDFFOV6FN3WZUJWQ5IYT3FDUPEE5VEQ9PBJYOSDOSF
2F0TAC0XCOBFL97K2ERH8UMJT6NWTACWT48EE7ODS6RDZP7ENZCRGMAOHYZGE1J70
I8HH2YHXADGTIHCFWLIVBAZCB3B5UQDWN0X==
—–END PGP SIGNATURE—–

This is a better crafted hoax than others out there :) Still quite a few flaws ;) So don’t go and “install” the “update”.

  1. Microsoft “company”
  2. OS Microsoft Windows

A typical update from Microsoft would be something like this : http://www.microsoft.com/downloads/details.aspx?FamilyID=e0bd6fbe-f46e-4961-9a79-49ec77d39439&DisplayLang=en

Oct 12, 2008

Computer Warming – the new risk?!

0 Comments

Happened to come across a pointer in Slashdot to a Wired article.  From the article -

BERLIN — A security researcher has a devised a novel attack on online anonymity systems in which he literally takes a computer’s temperature over the Internet.

The attack uses a phenomenon called “clock skew” — the tendency for the precise clocks in modern computers to drift off of the correct time at slightly different rates, which can be affected by heat.

As I understand it, the basic premise goes like this. It seems possible to identify a computer based on clock skew. Clock skew is unavoidable although most digital systems try their best to reduce it. You change the temperature, you change the clock skew. So overload a particular server suddenly and there is a change in its clock. This means the time stored on that server also changes. Now use timestamps to find the server which has drifted off. This is not the entire story, read more at Wired.

This is a rather roundabout way of doing things. Not really the best way to do it, but what it does show is that such things are possible. Perhaps this concept might be useful in some other context. Personally, I don’t expect such attacks to come in anytime in the future. There are far simpler and effective ways and it doesn’t make sense to use such a complicated method.

Dec 30, 2006