The previous month is:
The next month is:
3 March 2005
Updated: email stats.
Spamassassin 3.0 has finally been trained up again so my inbox is relatively clean. You can see the percentage shifting out of Inbox and into Spam (which is back at ~75%).
4 March 2005
Global DNS cache poisoning attack?
We are currently investigating a report from several sites that indicate users being re-directed to malware sites. At this time it appears to be a DNS cache poisoning attack (not a spyware, adware, or browser hijack) and we are seeking more information.
Popular domain names such as google.com, ebay.com, and weather.com are being directed to the following servers. Of course when connecting to these servers, “bad things” (tm) will happen, so don’t go to them.
123xxl.com (18.104.22.168, 22.214.171.124, 126.96.36.199)
abx4.com (188.8.131.52, 184.108.40.206, 220.127.116.11)
If your site has been affected, please submit the following information:
1. When the attack was first noticed and whether it is still occurring.
2. What DNS server software you having facing the Internet. This information will be kept in strictest confidence.
3. If you identified any other sites that users were being re-directed to (besides the ones listed above).
Updates will be made to this diary as we find out more information.
Update at 23:40 UTC
There appear to be two issues at hand. The first is the DNS cache poisoning. At this time, it appears to be affecting Symantec firewalls with DNS caching. If you recall, there was a vulnerability back in July that made these products very succeptable to DNS cache poisoning. Some victims have responded that they applied the patch, but were still affected. So this could be a different vulnerability or the patch didn’t work properly. Maybe someone at Symantec could enlighten us?
The second issue is the ABX toolbar spyware that gets loaded onto the machine when visiting the target servers. This appears to happen using an ActiveX control. Users running Windows XP SP2 or a web browser that does not support ActiveX will probably not get hit with the spyware if they visit the server.
Unfortunately, information on the ABX toolbar spyware is very limited at this time and it doesn’t seem to be detected yet by the normal toolset of spyware/antivirus tools.
In the meantime, we have been working to get the IP addresses and DNS servers supporting this attack shutdown. Some of the IP addresses are already blackholed.
7 March 2005
In this section, I’ll present a (somewhat more realistic) few methods that I consider worthy of devoting the time required to create instructions, either because they have a particular benefit or just because I like the way they look.
10 March 2005
Excellent… Roshambo Rampage:
Welcome to Roshambo Rampage, the only source for online, networked games of Paper-Scissors-Rock that we’re willing to allow ourselves to be aware of.
For centuries, perhaps longer, people who wanted to play ‘Paper-Scissors-Rock’ (also known as ‘Rock-Paper-Scissors’ or ‘Rock-Scissors-Paper’) have suffered from the debilitating limitation of having to be in the same room with their opponent. With our completely unpatented Send-O-MailŪ technology, though, such tragedies are a thing of the very recent past.
It’s pretty darn simple. Just enter your own e-mail address and the e-mail address of the person you wish to challenge below, along with your choice of attack strategies. (We won’t use the e-mail addresses for anything, or give them to anyone else.) The challenge will be sent, and your opponent will have two days to respond. You will be notified of the winner. May God smile upon the favored.
17 March 2005
New, shiny phone! You know what that means - time to hack the photos.
18 March 2005
The new V3 Razr is really shiny, but there was all this pesky Cingular branding on it that just didn’t sit well with me. So, I decided to put my buddy icon on the outer flip and remove all the Cingular icons from the main menu.
Taking the logo off the front:
- create your replacement graphic file (96x80x8 gif).
- download and install p2kman: http://anton.tbg.ru/files/p2kman.zip
- unzip program
- plug in the v3 via USB cable. open the flip.
- install the drivers in the drv directory.
- start p2kman.
- backup the files in the system folder.
- cl.gif is your target. replace it with your new graphic.
Once the connection is established with the phone, replacing the branded icons is pretty easy. Grab some replacement files and drop them in the system folder.
And there you have it.
24 March 2005
I’m still somewhat in shock; my second cousin Phil passed away suddenly this past weekend. I met him at my grandmother’s funeral, and he came to my wedding.
I wish I’d known him better.
YPSILANTI — Philip David Breckel, age 54, of Ypsilanti unexpectedly passed away Saturday, March 19, 2005, at his home.
He was born July 5, 1950, in Tecumseh to August and Dorothy (Williams) Breckel. Philip was a 1968 graduate of Adrian High School. Philip served in the U.S. Air Force from 1968-1972, where he did a three-year tour of duty in Frankfort, Germany. He was involved in the Civil Air Patrol and Boy Scout Troop 32 of Birdsall. Philip retired from the Ford Motor Co. Saline plant, in February 2004.
In addition to his mother, he is survived by his brothers, Steven Breckel of Phoenix, Ariz., and Allen Breckel and his wife, Kathryn, of Adrian; a sister, Carol Tesch and her husband, Tim, of Adrian; nieces and nephews, Jennifer Breckel of Antioch, Calif., Kayla Breckel of Phoenix, Ariz., Katie and Christopher Breckel, Amy Watson and Gwen Elliott, all of Adrian; two great-nieces and one great-nephew. He was preceded in death by his father, August H. Breckel, Jr.; and a sister, Linda J. Kruse.
Funeral services will be held on Saturday, March 26, 2005, at 1 p.m. at the Anderson Funeral Home in Adrian with Pastor Daryl Etheridge officiating. Burial will take place at Brookside Cemetery in Tecumseh, with full military rites conducted by the Tecumseh American Legion Post #34 and the Tecumseh VFW Post #4187. Visitation will be held on Friday from 2-4 and 6-8 p.m. at the Anderson Funeral Home.
Memorial contributions may be made to the American Heart Association or the charity of the donor’s choice. Envelopes are available at the Anderson Funeral Home.
31 March 2005
Merrystar’s at 30 days and counting; not that that number isn’t burned into my brain, because it’s not, but because I made the mistake of installing a countdown clock into Firefox so I see it every time I look at a web page. May 1. And then the rest of my life after that. I hope I get to sleep sometime.
Too busy to post much these days, or post, or answer my personal email, or surf the web, or do anything other than play a few rounds of theraputic games and then read some Old English grammar texts to fall asleep and do it all again tomorrow. The Old English is more necessary than you know.
So this is why everyone told me to get as much sleep as possible before the baby arrives.