Skip to main content

Posts

Dell, how I hate thee (let me count the ways)

A Dell "feature" that appears to be designed to force customers to use only Dell parts reduced the speed of a set of SSDs one of my customers installed on their rack-mountable R900 server by a factor of 1000. Before I get into this, there are some provisos. This server was using Linux kernel 2.6.32. The SSDs involved are Samsung 850 Pro SATA-style solid state disks. SSD is not quite ready for prime time in the 2.6.32 kernel; NVMe support was first added in 3.3, TRIM wasn't available at all until 2.6.33, and a ton of other things we all take for granted like the device mapper are part of the 4.* kernel. Consumer-level Samsung drivers bring their own issues. Despite what the knuckle-heads on Reddit have to say about the topic, the Linux kernel still blacklists queued TRIM functions from every Samsung SSD in the 8** series. As of the latest Github commit as of this writing for kernel 4.8 queued TRIM still doesn't work for these devices. More importantly, the R900 ...

Building a new gaming PC (with some digs about NZXT)

Never let it be said that I do not support the aspirations of today's young people. My contribution to the next generation was helping a local teen build out a high powered gaming PC. It was my first time installing a closed-loop liquid cooling system (the  Kraken x61 ).  Building a gaming rig. Notice how decades of IT work has resulted in a Quasimodo hunch The highlights of the PC included the following:     - Intel i7 6700K CPU     - NZXT  Kraken x61 liquid cooling system     - Nvidia GeForce GTX 1080  graphics card     - ASUS Z170-E motherboard     - NZXT S340 case     - Corsair Vengeance LPX DDR4 RAM     - Samsung EVO 850 SSD     - EVGA Fully Modular GQ 650W power supply During build-out I encountered two issues that weren't the result of my own fumbling, shaky hands. One of these issues I think is forgivable and the other is not. The ASUS 7170-E ...

Pandora account compromise warning message

Here is a copy of the email I was sent by Pandora to inform me that my account was compromised kindof but not really and it was totally not their fault. This is somewhat old news (I received this email July 6th) but the more copies of this online the better, IMO. There are a number of things about this email that irritate me. First of all, the email is so incredibly vague that I have absolutely no idea what happened. Someone, somewhere posted my Pandora username (email address?) on the internet along with, presumably, one of the bazillion passwords associated with it. Who posted this information? Why? Where was it taken from? Was it stolen from one of Pandora's infrastructure providers? If what Pandora implies in the email is true - that the compromise is completely unrelated to Pandora in any way - why are they sending me this email? Does Pandora scour the internet for the email addresses and account names of its many users? If Pandora had no responsibility for this ...

Stay classy, Microsoft

Someone more cynical than myself might think that Microsoft's sudden 66% decrease of OneDrive storage space is a bait & switch - give away the space for free until users become dependent, than take it away, threaten to delete it, forcing those who have become accustomed to the free service to pony up and pay.

Media, "Experts", too quick to assign responsibility for DNC hacks

I'd like to tell you a story. Its a story that doesn't particularly make me look very good. It was at a point in my career where I still had a lot to learn, and like many young people I thought I was smarter than I was. But its a true story and there is an important point to it, so I'm telling it here even at the risk of looking a bit like a schmuck. To tell the story, we have to go back in time. The year was 2006. There were still movies in the theaters that didn't have a single comic book character in them. George W. Bush was still best known for destroying the middle east and not for his adorable stick-figure self-portraits. No one that worked outside of telecommunications or that didn't wallpaper their house in aluminum foil believed that the NSA was wiretapping everyone and everything. And I had just received a promotion. I was working within the primary data center of an internet service provider. The company I was working for had a tiered engineering...

Reporters never open infected Wikileaks attachments

Since I've published my findings on malware in the GI Files Wikileaks file dumps and my subsequent attempts to encourage Wikileaks to label such malicious content , I've repeatedly been told by a variety of "Security Experts®" that no one will open infected attachments from email file dumps. I plan on writing a post on how assumptions about user behavior are frequently inaccurate, and how assumptions based on the behavior of Wikileaks researchers analyzing email dumps based on the typical behavior of normal email users is particularly prone to failure, but for now I'll just leave this here: Has anybody's InfoSec experts advised abt wisdom of opening WikiLeaks sound files? Are we all just downloading Russian malware like morons? — David Fahrenthold (@Fahrenthold) July 28, 2016

524.dat & chrome_patch.hta [UPDATED]

    A few minutes ago I clicked a link to an article and I noticed something fishy. The new site attempted to automatically redirect my browser to this:     This piece of garbage phishing page didn't even wait for me to be suckered by their super-convincing download link, and used a setTimeout() call to try to force my browser to download something called `9901224839027/1469890408944162/chrome_patch.hta`.      Here is chrome_patch.hta as it is seen in the wild:     And here is chrome_patch.hta after we apply deobfuscation 101:     As you can see, chrome_patch.hta downloads a .dat fie `17/524.dat` and creates an executable `g2924808f66985de3a9ad1e3d743e0d.exe` before providing victims with a reassuring "Update completed" window.     I've been seeing similar versions of this same method to force users to swallow the 524.dat payload, like this:     I've found some complaints as ...