brett's logjam

It seems I need to periodically learn this lesson over and over again: I can play the excellently done, open source Battle for Wesnoth, or I can be a productive member of society. Not both.

Updated: email stats.

Spamassassin 3.0 has finally been trained up again so my inbox is relatively clean. You can see the percentage shifting out of Inbox and into Spam (which is back at ~75%).

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System - Current Infosec News and Analysis:

Global DNS cache poisoning attack?

We are currently investigating a report from several sites that indicate users being re-directed to malware sites. At this time it appears to be a DNS cache poisoning attack (not a spyware, adware, or browser hijack) and we are seeking more information.

Popular domain names such as google.com, ebay.com, and weather.com are being directed to the following servers. Of course when connecting to these servers, “bad things” (tm) will happen, so don’t go to them.

www.7sir7.com (217.160.169.87)
123xxl.com (217.160.169.87, 207.44.240.79, 216.127.88.131)
abx4.com (217.160.169.87, 207.44.240.79, 216.127.88.131)

If your site has been affected, please submit the following information:
1. When the attack was first noticed and whether it is still occurring.
2. What DNS server software you having facing the Internet. This information will be kept in strictest confidence.
3. If you identified any other sites that users were being re-directed to (besides the ones listed above).

Updates will be made to this diary as we find out more information.

SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System - Current Infosec News and Analysis

Update at 23:40 UTC

There appear to be two issues at hand. The first is the DNS cache poisoning. At this time, it appears to be affecting Symantec firewalls with DNS caching. If you recall, there was a vulnerability back in July that made these products very succeptable to DNS cache poisoning. Some victims have responded that they applied the patch, but were still affected. So this could be a different vulnerability or the patch didn’t work properly. Maybe someone at Symantec could enlighten us?

http://securityresponse.symantec.com/avcenter/security/Content/2004.06.21.html

The second issue is the ABX toolbar spyware that gets loaded onto the machine when visiting the target servers. This appears to happen using an ActiveX control. Users running Windows XP SP2 or a web browser that does not support ActiveX will probably not get hit with the spyware if they visit the server.

Unfortunately, information on the ABX toolbar spyware is very limited at this time and it doesn’t seem to be detected yet by the normal toolset of spyware/antivirus tools.

In the meantime, we have been working to get the IP addresses and DNS servers supporting this attack shutdown. Some of the IP addresses are already blackholed.

Ian’s Shoelace Site - Shoe Lacing Methods:

In this section, I’ll present a (somewhat more realistic) few methods that I consider worthy of devoting the time required to create instructions, either because they have a particular benefit or just because I like the way they look.

Via jwz: Battlestar Galactica Audio Commentary.

Excellent… Roshambo Rampage:

Welcome to Roshambo Rampage, the only source for online, networked games of Paper-Scissors-Rock that we’re willing to allow ourselves to be aware of.

For centuries, perhaps longer, people who wanted to play ‘Paper-Scissors-Rock’ (also known as ‘Rock-Paper-Scissors’ or ‘Rock-Scissors-Paper’) have suffered from the debilitating limitation of having to be in the same room with their opponent. With our completely unpatented Send-O-MailŪ technology, though, such tragedies are a thing of the very recent past.

It’s pretty darn simple. Just enter your own e-mail address and the e-mail address of the person you wish to challenge below, along with your choice of attack strategies. (We won’t use the e-mail addresses for anything, or give them to anyone else.) The challenge will be sent, and your opponent will have two days to respond. You will be notified of the winner. May God smile upon the favored.

New, shiny phone! You know what that means - time to hack the photos.

The new V3 Razr is really shiny, but there was all this pesky Cingular branding on it that just didn’t sit well with me. So, I decided to put my buddy icon on the outer flip and remove all the Cingular icons from the main menu.

Taking the logo off the front:

1. create your replacement graphic file (96x80x8 gif).
2. download and install p2kman: http://anton.tbg.ru/files/p2kman.zip
3. unzip program
4. plug in the v3 via USB cable. open the flip.
5. install the drivers in the drv directory.
6. start p2kman.
7. backup the files in the system folder.
8. cl.gif is your target. replace it with your new graphic.

Once the connection is established with the phone, replacing the branded icons is pretty easy. Grab some replacement files and drop them in the system folder.

And there you have it.

I’m still somewhat in shock; my second cousin Phil passed away suddenly this past weekend. I met him at my grandmother’s funeral, and he came to my wedding.

I wish I’d known him better.

YPSILANTI — Philip David Breckel, age 54, of Ypsilanti unexpectedly passed away Saturday, March 19, 2005, at his home.

He was born July 5, 1950, in Tecumseh to August and Dorothy (Williams) Breckel. Philip was a 1968 graduate of Adrian High School. Philip served in the U.S. Air Force from 1968-1972, where he did a three-year tour of duty in Frankfort, Germany. He was involved in the Civil Air Patrol and Boy Scout Troop 32 of Birdsall. Philip retired from the Ford Motor Co. Saline plant, in February 2004.

In addition to his mother, he is survived by his brothers, Steven Breckel of Phoenix, Ariz., and Allen Breckel and his wife, Kathryn, of Adrian; a sister, Carol Tesch and her husband, Tim, of Adrian; nieces and nephews, Jennifer Breckel of Antioch, Calif., Kayla Breckel of Phoenix, Ariz., Katie and Christopher Breckel, Amy Watson and Gwen Elliott, all of Adrian; two great-nieces and one great-nephew. He was preceded in death by his father, August H. Breckel, Jr.; and a sister, Linda J. Kruse.

Funeral services will be held on Saturday, March 26, 2005, at 1 p.m. at the Anderson Funeral Home in Adrian with Pastor Daryl Etheridge officiating. Burial will take place at Brookside Cemetery in Tecumseh, with full military rites conducted by the Tecumseh American Legion Post #34 and the Tecumseh VFW Post #4187. Visitation will be held on Friday from 2-4 and 6-8 p.m. at the Anderson Funeral Home.

Memorial contributions may be made to the American Heart Association or the charity of the donor’s choice. Envelopes are available at the Anderson Funeral Home.

Merrystar’s at 30 days and counting; not that that number isn’t burned into my brain, because it’s not, but because I made the mistake of installing a countdown clock into Firefox so I see it every time I look at a web page. May 1. And then the rest of my life after that. I hope I get to sleep sometime.

Too busy to post much these days, or post, or answer my personal email, or surf the web, or do anything other than play a few rounds of theraputic games and then read some Old English grammar texts to fall asleep and do it all again tomorrow. The Old English is more necessary than you know.

So this is why everyone told me to get as much sleep as possible before the baby arrives.