Monthly Archives: July 2007

23
Jul

Investment offer from Jude Estrada

Posted by | Categories Byte

Yesterday, I got this from my email inbox:

Subject: INVESTMENT OFFER.
Date: Sat, 21 Jul 2007 10:53:34 +0200
From: Mr Jude Estrada
Reply-To: info_j[OBFUSCATED]l0@yahoo.com.ph
To: [OBFUSCATED]@AWBHoldings.com

48 MILLION DOLLARS INVESTMENT PROJECT OFFER.

Dear Friend,

My name is Mr Jude D. Estrada,The first son of President. JOSEPH ESTRADA, the former President of Philippines located in the South East Asia: My family have a profiling amount which we seek your partnership in accommodating for us 48 Million Dollars. Can you be our partner on this? and also help my family in investment. Only reply if you are interested.

To know more about my father, flee free to read from this news:
http://archives.cnn.com/2001/WORLD/asiapcf/southeast/04/22/estrada.profile/
For further details contact me via my private box: info_j[OBFUSCATED]l0@yahoo.com.ph

Jude Estrada
For the family.
j[OBFUSCATED]l02@yahoo.com.ph

This is either a scam or worse.

23
Jul

Cannibalism at work

Posted by | Categories Ink

To see how cannibals live, Manuel L. Quezon III is live-blogging the carnage.

20
Jul

I’m a resident of Springfield!

Posted by | Categories Journal

Photo Sharing and Video Hosting at Photobucket

20
Jul

Meme attack! (Updated)

Posted by | Categories Journal

Tagged by Grace.

Instructions: Each player starts with 7 random habits/facts about themselves. People who are tagged need to write on their own blog about their seven things, as well as these rules. At the end of your blog, you need to choose 7 people to get tagged and list their names. Don’t forget to leave them a comment telling them that they have been tagged and to read your blog!

A – Age: 29

B – Band Listening To Right Now: The Bloomfields!

C – Career: Technical writer/blogger afterhours

D – Drink or Smoke: One bottle of San Mig Light only, cigarettes are no-no

E – Easiest Friends To Talk To: Talkative ones

F – Funniest Moment: that swing thing

G – Gummy Bears or Gummy Worms: Gummy bears

H – Have a BoyfriendGirlfriend: none

I – In love: Always, but always unrequited

J – Junk Food You Like: Cheese rings

K – Kids: no plans

L – Longest Ride Ever: Baguio

N – Names For Your Future Kids: no plans (just in case, names start with J)

O – One Wish You Have Now: A laptop

P – Phobias: me dying

Q – Favorite Quote: Submission to love does not mean being a door mat. -M. Scott Peck

R – Reasons To Smile: remembering my crush(es)

S – Sleeping Hours: at least 8 hours (10PM-6AM)

T – Time You Woke Up: usually quarter to six in the morning, sleepy by 9 PM

U – Unknown Fact About You: If I tell you, it is no longer unknown

V – Vegetable You Hate: Loads of them, so let’s change this to “Vegetable I Like” -Baguio beans

W – Worst Thing About You: being indecisive

X – X-rays You’ve Had: chest, leg

Y – Yummy Foods: as long as it is not: (1) sour, (2) hot and spicy, (3) both

Z – Zodiac Sign: Libra

And, to hit two birds with one stone, instead of 7 random facts/habits, I list 7 weird things as tagged by Juned. Rules: (i) Each player of this games starts with 6 weird things about you (me). (ii)People who get tagged need to write a blog of their own 6 weird things as well as state the rule clearly. (iii) In the end, you need to choose 6 people to be tagged and list their names.

1. I eat siopao without the siopao sauce, I eat barbecue without sauce, I am not fond of dippings and sauces.

2. I enjoy watching Music Station at Animax. I can’t understand Japanese, but the translation can be fun/funny! Add KBS World to this.

3. I hate don’t like wearing jeans. They are uncomfortable and hot.

4. My fashion sense is at the level of a one-year-old. In short, I don’t have any. I prefer large shirts.

5. Musical preference: 60s music, classical, and J-pop/J-rock. My iPod has them.

6. They always tell me that I am sarcastic. I tell you, it comes naturally. Maybe that’s why I don’t have much friends.

7. I am not good at one-on-one talks. I prefer talking to groups. A politician, yay!

I tag the following (in alphabetical order):

Anyone from Chicken Mafia
Cokskiblue (let’s see how a vlogger deals with memes)
Heneroso
Jeff
Misterhubs
Rocky
Sasha

UPDATE:

Since I was both tagged by Mam Anna and Chuck, I’ll just add one more in the 7 above. So here is number 8:

8. I like hotdogs. I can eat a kilo and I’m still OK.

And I am tagging another one:
Eugene

20
Jul

The 2007 elections post mortem

Posted by | Categories Ink

Two months after the 2007 elections, with senators and congressmen ready to constitute the 14th Congress, we must now take stock of what had happened and what is next for us.

The Maguindanao vote was not a dagdag-bawas operation; it was more of an insurance operation with no clear goal in the beginning. The operators at Maguindanao took things slowly, trying to gauge the situation by the hour.

Poll watchdogs-without-teeth Namfrel and PPCRV couldn’t even categorically say if elections happened in that province. What we can safely say is that Namfrel volunteers failed to witness the counting; that the Namfrel copies of the election returns were withheld; the news organizations were barred from witnessing the provincial canvass. And then later it was announced that the province produced a 12-0 sweep for the administration’s Team Unity; other candidates got zero votes, Luis “Chavit” Singson (an Ilocano) topped the polls, voter turnout was 90% – all statistical blips.

As the results from other places began trickling in, things became apparent: (1) most local officials affiliated with the administration won (most of them ran unopposed anyway), with several surprising and not-so-surprising upsets (Panlilio, Custodio, Binay, Lim, Robredo, among others); (2) the House remains in the administration’s side; and (3) the Senate would go opposition, 8-2-2. Also, the last slot in the Senate race is still up for grabs, and that it is possible to snatch it from the opposition. Mike Defensor and Ralph Recto conceded, leaving Juan Miguel Zubiri in the running.

Enter Lintang Bedol.

Remember that (1) Namfrel failed to witness how the Maguindanao vote was counted; (2) Namfrel volunteers failed to get the Namfrel copy of the election returns; (3) later on these returns appeared, but Namfrel refused to count them; and (4) Chavit Singson topped the TU sweep. But Singson was nowhere near the 12th slot; the Maguindano CoC will be useless. So why not lose it?

Which Lintang Bedol did. Or, it was stolen, he said. Everything – election returns, certificates of canvass, anything that would show that Singson topped Maguindanao.

The Comelec went on a field trip, looked for documents at Maguindanao, found the wall copies of the tallies, considered them authentic, and formed a special board to count these. Despite countless objections from opposition lawyers, the special board was like a charging train, unstoppable. Napag-utusan lang po (we were doing as ordered), the special board said.

And voila. Still a 12-0 TU sweep, and Zuburi topped the sweep. Amazing. Poor Chavit, he must be number 26 at the end. Or 27.

As a sidenote, one brave teacher by the name of Musa Dimasidsing cried foul, alleged that it was not a sweep, that non-TU candidates got votes in Pagalungan; he was later shot dead. But he was a man of no consequence for Zubiri and the Comelec, so they did take him seriously; they were not even bothered by his death.

Comelec was about to canvass the Maguindanao vote, Pimentel cried foul, went to the Supreme Court, and botched the job. Comelec was done canvassing the Maguindanao vote and was ready to proclaim Zubiri. Pimentel went to the Supreme Court again, and despite the glaring problems, the Court chose not to disenfranchise the operators. Zubiri was proclaimed.

It was a miracle, and Zubiri was thankful to God and Mama Mary. The Filipino people must be praying at the wrong God.

As in 2004, Maguindanao delivered. This time, the method was more brazen, more obvious, done in broad daylight – no need for phone calls. The operators knew the rule book by heart, and knew how to circumvent each rule. Heck, they did not have to do it clandestinely – no one cares anyway.

The opposition knew they would be cheated, but they don’t know how. The operators knew that what they did in 2004 was a one-time thing; the enemy was prepared and knew what to expect. The operators also knew that they got away with it; why not push the envelop further, and do it right in their noses? They did, and they got away with it.

So what is next? Push the envelop further. How? It depends. Maybe we should return to this topic by January, 2010, when we know who are the presidentiables. There’s a law mandating an automated elections. Hmm…. selling the software perhaps? Or an Easter egg? Or a backdoor?

20
Jul

The terrorists have won

Posted by | Categories Ink

To know why, read the entry and the comments at this blog post.

This should be a good test of the Human Security Act.

19
Jul

Musings on Asus Eee PC (Updated)

Posted by | Categories Byte

I’ve been thinking about the Asus Eee PC, and reading some first hands-on reviews (here and here and here – lucky bastards), the main selling point for this device is still the price.

The Asus Eee PC (Eee for short) has no optical drive. And since Eee comes preloaded with Xandros variant of Linux, I cannot install the PC Suite of my Sony Ericsson m600i, in case I need to connect to the Internet via 3G. My only hope is (1) you can attach an external optical drive via USB, (2) you can boot via the external optical drive and (2) you can install Windows XP via that route.

No 3G = dialup. Crap. Making tambay at Robinsons malls is an expensive option, travel-fare wise.

I wish they have maximized the screen. I don’t have the need for speakers, they are useless anyway.

As for the measly flash drive storage, it’s not a problem for me. Since this is just a mobile computer for me, multimedia is not essential. Maybe a few megs of MP3s just in case. I am not sure if a music player software is included.

The reviews all point out that the keyboard is no good for long typing; geesh, short blog posts he he.

Hopefully, this device will land here in the Philippines. I am holding off getting Nokia E61i (E90 is out of the question, period) and a laptop just for this. Asus, please?

UPDATE:

It seems that PC Corner knows more about the pricing.

19
Jul

On writing malware descriptions

Posted by | Categories Byte

Like any business, antivirus companies compete with each other. They do cooperate on several fronts (like information and sample sharing), but primarily they are competitors. And since they are purveyors of information, too, they don’t have a standard when presenting information.

AV companies present malware descriptions in rather different styles. They also differ on how to suppress information. Viruslist.com is Kaspersky’s blog, and in its post, it laments how a lack of standards in presenting information is harmful to everyone (and manages to hit competitors in the process is a bonus – alright, Kaspersky).

The malware in question is the ransomware GPCoder. I am linking the descriptions here:

Symantec – Trojan.Gpcoder.E
Trend Micro – TSPY_KOLLAH.F
Computer Associates – Win32/Kollah.AB
Kaspersky – Virus.Win32.Gpcode.ai
McAfee – GPCoder.h

The dilemma here is what information to disclose and not to disclose. And if you are going to disclose, how and how much?

Removing parts of a URL does not make sense. I think the rationale for URL blocking is to disclose information but not that much. Why disclose the URL at all? In the said blog post, Kaspersky was able to show the URL blocked by Symantec and Trend Micro by comparing the two descriptions. Now this is a lucky break, but just the same, the purpose for such partial disclosure is defeated.

(Why disclose URLs and email addresses? To inform IT security personnel on what URLs/email addresses to block. Why not disclose URLs? To prevent stupid users from accessing the URL/sending messages to email addresses.)

If you want to block URLs in the description, I think it is safer to block the left side portion, before the domain extension name. For example, in http://sample-domain.domain.com/file/file.ext, blocking or obfuscation should be http://{BLOCKED}.com/file/file.ext.

Or better yet, do not publish the URL. Makes more sense. Besides, displaying an obfuscated URL doesn’t add much to a description, isn’t it?

And please, AV companies: standardize. Heck, you cannot even agree on a single name for the same malware.

19
Jul

Forms of phishing

Posted by | Categories Byte

In the last episode, you have tested yourself if you can spot phishing at its face or not. This post will discuss the forms of phishing and their combinations.

Note that this is not a comprehensive discussion.

The goal of a phisher is to get your login credentials. That is usually a user name and a password. To do this, a phisher can do several things: (1) fool you into giving your user name and password, and (2) sniff your credentials without you knowing it.

The first form of phishing involves an elaborate way of fooling a person. It is usually done by sending an email asking the user to log on to the phishing site. Depending on the phisher, it can be convincing or an obvious phish. Under this scenario, a phisher spams a fake email purporting to have come from a known Web company (like eBay or PayPal). The email is a social engineering trick to force you to click on a given link. This link is masked so that on first inspection, you won’t realize that the URL is not as what it seems. Clicking on the link will divert you to an authentic looking Web site. When you enter your user name and password, the phisher gets your credentials.

In order for this method to work, the email must be convincing enough for the user to click on the link. Also, since the attack is via spam, this is a hit-or-miss affair. The phisher will have no idea if the recipient has an account for that Web company.

Now there is such a thing as a targetted attack. This scenario is scary because the phisher knows you have an account, and the fact that the phisher knows your email address means your online security has been compromised. Note the conjunction. The implication is grim, though this scenario is very rare.

The second form is more insidious. It invariably involves a malicious software (malware) commonly known as spyware. A spyware is a program that attempts to collect information about a computer user. It can do a lot of things to gather whatever information it needs. Most common is to sniff network packets, or monitor Web surfing habits of a user.

For example, the Bancos or Banker family of spyware are notorious in information stealing. Most of them monitors whatever Web sites a user views. When a user views a bank Web site, it can either display a spoof login page – a phish – or intercept the data that is submitted when a user logs in. You will probably never know that you have been compromised.

18
Jul

On writing

Posted by | Categories Journal

The challenge in writing is for you to push further when you had already pushed hard so far, to squeeze from a lemon where nothing can be squeezed anymore.

The challenge also is when to stop, when to revise, and when to accept.