Monday, December 31, 2018

Where does XP lurk?

Recently at a station waiting for a train, a screen showed something different than the usual. Here is the picture.


Good old Windows XP, lurking in the shadows. While this is not likely to be a critical system, this raises the question of how many of these old OS are still out there, running important services such as healthcare, government or financial applications.

Monday, September 10, 2018

The Computer As Crucible

The Computer as Crucible: An Introduction to Experimental MathematicsThe Computer as Crucible: An Introduction to Experimental Mathematics by Jonathan M. Borwein
My rating: 4 of 5 stars

Mathematics is that domain of science that is usually thought to be purely of the mind, but increasingly computers are helping mathematicians by identifying sequences, providing insights into complex systems, assisting with proofs and much more. This book gives a small peek into how the machines are, nowadays, been used and how.

Written in a clear style with numerous examples, the book reads easily and quickly and makes frequent references to other publications, often written by one of or both the authors. In addition, each chapter ends with a few exercises, some of which I have found to be rather challenging.

While this is probably not a book you will read to get a good grasp on "computer assisted mathematics", it is an interesting introduction to it.

View all my reviews

Tuesday, May 1, 2018

Spammer can ruin my life! Or can he now?

Recently, I got a message from a spammer (order (at) creativegrowers.com) who claimed he or she could ruin my life. Here is the message for your enjoyment.
Good day...

Do not regard on my English, Im from Japan.I installed the virus onto your device.At present I thiefted all privy background from your device. Furthermore I got some more evidence.The most important evidence that I received- its a videotape with your self-abusing.I put virus on a porn web site and after you downloaded it. As soon as you picked the video and clicked on a play, my malware at once set up on your system.
After adjusting, your web camera made the video with you wanking, additionally software captured exactly the video you chose. In next few days my deleterious soft found all your social media and email contacts.

If you need to delete the records- pay me 540 usd in BTC(cryptocurrency).
I provide you my Bitcoin wallet address - 1Ph5bArH1nN2HVKLLnKE3UB4ZstoEb8Gfc

You have 24 h. to go after reading. As soon as I receive transfer I will destroy the compromising forever. Other way I will send the video to all your colleagues and friends.

The source of the message is 167.99.44.161, which is on Digital Ocean. Furthermore, the message headers tend to indicate that the site "creativegrowers[.]com" got compromised and is spewing spam.

Blockchain.info shows that at least one payment was made to that address, for a total of 0.03 BTC on 2018-04-30, which represents a bit short of $300. Has someone fell for that scam? Is this something else? Anyway, I will keep an eye on the transaction to and from that address.

Thursday, April 12, 2018

Alienvault and Squid-Access logs

While playing with OSSIM and Squid, I found that the logs were not processed: though they were correctly received by the sensor and they appeared in /var/log/alienvault/agent/agent.log, I did not see any event being created or appearing in the server.

Whenever ossim-agent was restarted on the sensor, a message appeared in /var/log/alienvault/agent/agent.log at the first event received. This message ended with "Plugin sid not a number". In the line above that one, which contained the event as parsed by ossim-agent, indeed the plugin sid value was "TCP_TUNNEL".

In /etc/ossim/agent/plugins/squid.cfg, there is a translation table between the status (TCP_HIT, TCP_MISS, ...) and a numerical value. This translation does not exist for TCP_TUNNEL.

After adding it with the next available value to the translation table in squid.cfg and restarting the agent, the TCP_TUNNEL events generated by Squid appear as "Generic event" in Alienvault OSSIM. The rest of the data (source IP, destination IP, hostname et al.)

The same happened with the message TAG_NONE. Adding it to the corresponding plugin fixed the issue.

Thursday, January 18, 2018

Landscape

Brand Luther (book)

Here is a review by Jean: https://www.goodreads.com/review/show/2137840523