Government Remotely Disables Software on Personal Computers



The FBI remotely disabled software installed on privately owned personal computers located in the United States.

If this isn’t controversial, it should be.

The software is presumed to be malicious, having been accused of stealing account information and passwords from hundreds of thousands of people.

Does that make it less controversial?

Hundreds of thousands of computers have one less bot on them. That’s certainly a good thing. Hundreds of thousands of computer owners had their computers remotely manipulated by law enforcement. Is that a good thing? A dangerous precedent?

Interesting, for sure.

Update: Gary Warner has an excellent write-up.

Your package has arrived.

I’m impressed by this scam e-mail:
Return-path: <tracking@ups.com>
Reply-To: <tracking@ups.com>
From: UPS Shipments <tracking@ups.com>
Subject: Your package has arrived!
Date: Thu, 2 Dec 2010 14:31:34 +0000
To: Undisclosed recipients:;
Dear client<br />
Your package has arrived.<br />
The tracking# is : 1Z45AR990*****749 and can be used at : <br />
<a href="http://www.ups.com/tracking/tracking.html">http://www.ups.com/tracking/tracking.html</a><br />
The shipping invoice can be downloaded from :<br />
<a href="http://thpguild.net84.net/e107_files/cache/invoice.scr">http://www.ups.com/tracking/invoices/download.aspx?invoice_id=3483273</a> <br />
<br />
Thank you,<br />
United Parcel Service<br />
<p>*** This is an automatically generated email, please do not reply ***</p&gt
UUCLJNFYSDMJENHSLBIXJFGSUGKCVUTDYVBOGM


I’ve snipped the delivery related headers (not interesting) and *’d out a bit of the tracking number. The links are intact.

What is interesting is that when rendered as HTML, the message contains valid URL's for all visible text, including the tracking URL. If click on the tracking URL and paste in the tracking number, you'll get some poor dudes house in Florida. If you click on what appears to be a valid link to an invoice, you have the opportunity to download what I assume is an interesting payload. (But alas, the golden hour has passed - those how amuse themselves by downloading interesting payloads will have to amuse themselves elsewhere.)

The finance people I know never met an invoice they didn't like. I'd imagine that for them, the temptation to click is overwhelming.

It’s not hard to make a case for reading mail in plain text.

BTW - Most bloggers mangle potentially hostile URL’s prior to publication. This blogger presumes that the readers of this blog are smart enough to know what’s safe and what isn’t.

OS X Adaptive Firewall Automated Blacklisting

OS X Mini Server comes with an incarnation of 'ipfw' as its built in kernel firewall. Configuration of ipfw in an IPv4-only world is pretty simple. The Server Admin GUI covers the basics. The details are in /etc/ipfilter.