Skip to main content

Posts

Showing posts from April, 2011

Government Remotely Disables Software on Personal Computers

The FBI remotely disabled software installed on privately owned personal computers located in the United States.If this isn’t controversial, it should be.The software is presumed to be malicious, having been accused of stealing account information and passwords from hundreds of thousands of people. Does that make it less controversial?Hundreds of thousands of computers have one less bot on them. That’s certainly a good thing. Hundreds of thousands of computer owners had their computers remotely manipulated by law enforcement. Is that a good thing? A dangerous precedent?Interesting, for sure. Update: Gary Warner has an excellent write-up.

Your package has arrived.

I'm impressed by this scam e-mail:
Return-path: <tracking@ups.com>
Reply-To: <tracking@ups.com>
From: UPS Shipments <tracking@ups.com>
Subject: Your package has arrived!
Date: Thu, 2 Dec 2010 14:31:34 +0000
To: Undisclosed recipients:;
Dear client<br />
Your package has arrived.<br />
The tracking# is : 1Z45AR990*****749 and can be used at : <br />
<a href="http://www.ups.com/tracking/tracking.html">http://www.ups.com/tracking/tracking.html</a><br />
The shipping invoice can be downloaded from :<br />
<a href="http://thpguild.net84.net/e107_files/cache/invoice.scr">http://www.ups.com/tracking/invoices/download.aspx?invoice_id=3483273</a> <br />
<br />
Thank you,<br />
United Parcel Service<br />
<p>*** This is an automatically generated email, please do not reply ***</p>

UUCLJNFYSDMJENHSLBIXJFGSUGKCVUTDYVBOGM
I’ve snipped the delivery related headers (not interesting) and …

Add Robert Half to the Epsilon Breech Fiasco

On my work e-mail:

Today we were informed by Epsilon Interactive, our national email service provider, that your email address was exposed due to unauthorized access of their system. Robert Half uses Epsilon to send marketing and service emails on our behalf. We deeply regret this has taken place and any inconvenience this may have caused you. We take your privacy very seriously, and we will continue to work diligently to protect your personal information. We were advised by Epsilon that the information that was obtained was limited to email addresses only. Please note, it is possible you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties. We ask that you remain alert to any unusual or suspicious emails. As always, if you have any questions, or need any additional information, please do not hesitate to contact us customersecurity@rhi.com. Sincerely, Robert Half Customer Care …

OS X Adaptive Firewall Automated Blacklisting

OS X Mini Server comes with an incarnation of 'ipfw' as its built in kernel firewall. Configuration of ipfw in an IPv4-only world is pretty simple. The Server Admin GUI covers the basics. The details are in /etc/ipfilter.

Along with the 'ipfw' firewall comes something called 'Adaptive Firewall'.  OS X's "Network Services Administration" indicates that this adaptive firewall 'just works':
Adaptive Firewall

Mac OS X v10.6 uses an adaptive firewall that dynamically generates a firewall rule if a user has 10 consecutive failed login attempts. The generated rule blocks the user’s computer for 15 minutes, preventing the user from attempting to log in.

The adaptive firewall helps to prevent your computer from being attacked by unauthorized users. The adaptive firewall does not require configuration and is active when you turn on your firewall.
Apparently my Mac Air is doing something to annoy the Adaptive Firewall on my mini. After a day of running…