I found a small cardboard sleeve containing the words “Free Gift Inside!” in my mailbox on Friday. Naturally, I ripped open the package, and inside was a DVD of “Top Truck Challenge ’04” and a Bronze Medallion with the words “FOUR WHEELER” on it. “Wow, this is kinda cool,” I thought, as I examined the case the DVD came in.
The Top Truck Challenge is a yearly contest that Four Wheeler magazine sponsors, that puts the most functional 4x4s and hybrid buggies to the test with several obstacles. Among the obstacles are a big mud pit, tank trap, and mini-rubicon.
I put the DVD on my shelf in the living room with the rest of my collection. “Pretty cool free gift,” I thought.
I was pretty much ready to throw the shredded cardboard carton away, when I noticed there was a few sheets of paper in there. One of them contained a “Merchandise Return Label”, and the other a letter. The usual “Thanks for being a subscriber” line, and then the “…please accept this DVD as a token of our thanks..”
What I didn’t expect, is what the letter continued to say…
It stated that I was free to try the DVD for 30 days. If I kept it, I’d be billed the amount of the DVD, and I would receive a new DVD every month that I could choose to keep or return.
“What the HELL?” I thought. “It’s a stupid TIME-LIFE Book plan, except I didn’t even ask for the plan to start!” I wasn’t happy, mainly because I had almost thrown away the piece of paper that told me that I was going to get screwed every month for the next year.
In able to return the DVD, I needed to return it in the same cardboard envelope they provided (now ripped, torn, and mangled), and attach the “Merchandise Return Label” to the front, as well as check a box “No Thanks” to the rest of their program.
If I hadn’t subscribed to their magazine through Ebay for a 5 YEAR subscription for $4.20, plus $2.95 shipping and handling back in 2002, I’d be REALLY pissed right now.
Revenge, I thought. How could I get revenge on these lowest-of-the-low rip-off artists?
Simple, their DVD didn’t contain CSS Encryption. Read between the lines, and you’ll see where I’m going with that.
I enjoyed the movie, and then sent it back in the mangled cardboard container, at their expense. I’m sure some of my friends will enjoy it in the months to come as well!
… And I kept my Bronze FOUR WHEELER Coin “just for trying it out”.
I got a call from Chris Thompson from the Faribault Daily News on Wednesday, and he wanted to talk with me a little about Internet “phishing”. I guess this is the new “public” term for those companies that E-Mail you, posing as your bank, EBay, or Paypal. I’m sure everyone has received at least some of this type of E-Mail lately.
After the talk, the next day, the paper contained a nice article in it, with a good amount of quotes, straight from my verbal style.
Most people I talk to about computer-related stuff in my work and personal life have only a modest skill level on this stuff. It is scary to most people after I explain to them that who an E-Mail is “from” is completely determined by what they happen to type in their E-Mail program as their name. Slightly more knowledgeable “phishers” can have an E-Mail appear like it came from any certain E-Mail Address (your E-Mail address even, or the President of the United States). Without the knowledge of “E-Mail Headers”, and some knowledge on TCP/IP, the recipient thinks these E-Mails actually come from the person that sent them.
Like the article states, when in doubt, phone the company that sent you the message (to a Phone Number you are certain about) to be sure the message is legit. Most companies offer some sort of Abuse E-Mail address to forward these types of messages to for investigation and reporting purposes.
If you still have Thursday’s Daily News, check it out!
Thursday, December 23, 2004
Beware of ‘phishers’
By Chris Thompson Daily News Staff Writer
FARIBAULT — Internet hackers are spending more and more time “phishing” for your personal information. Phishing is the term coined by hackers who imitate legitimate companies — often financial groups — through unsolicited e-mails and bogus Web sites in an attempt to extract personal information. Responses to the e-mail or information submitted on the Web site often forward the user to another site made to look identical to that of a legitimate financial organization.
Information like bank account numbers, passwords or Social Security numbers are often asked for by requesting the user “update” or “validate” their account information.
According to the Federal Trade Commission (FTC), if personal information is divulged on the bogus Web site, operators can steal your identity and run up bills or commit crimes in your name.
A report by the Anti-Phishing Working Group — an industry association with members including banks, e-commerce providers and online retailers — states instances of bogus phishing Web sites have increased almost 30 percent since July.
“It’s a really hard deal because some of the e-mails that come out to people are quite realistic,” said Brian Klier, network/data services technician for the Faribault School District. “I guess the best piece of advice I can give is if in doubt, call the company and ask.”
Klier said it is not only home computer users that receive the solicitations for personal information.
“I see a lot of it coming through the (school) district so it’s as big a problem in the district as it is for me at home.”
Phishing e-mails and Web sites often use the exact logos and information found on a legitimate financial Web site, and a computer user can be easily misled by the copied site.
Klier — who monitors unsolicited e-mail for the district and works with the district’s e-mail system — said important information should never be sent through e-mail.
“The thing about e-mails … is there’s no way to tell just by looking at who it’s from, if the message really came from them or not,” Klier said.
If you think you have received a phishing request, it can be forwarded to the FTC for investigation at spam@uce.gov.
— Chris Thompson can be reached at 333-3132 or cthompson@faribault.com.
DVD Writers have become somewhat of an irritation for me over the last few weeks. Namely, the inability of any of the “popular” DVD Authoring products to produce any audio at all, when the project is complete.
I use a nice Canon ZR-20 Mini-DV Camcorder, along with Adobe Premiere 6.5, to produce professional looking video productions. I always create an .AVI file in Raw DV format as the final output. It is never a problem to convert this into any other format, such as DivX, Windows Media, etc.
…Until I tried to make a DVD out of it.
I tried MyDVD, TMPGenc DVD Author, _____, and NOTHING, I mean NOTHING I tried produced any output in the AUDIO_TS directory. After previewing the DVD Image file with Windows Media Player? As you might expect, absolutely no frickin’ audio.
The program that actually works?
Roxio Easy Media Creator 7. It doesn’t do as good of job encoding MPEG-2 as TMPGEnc Plus/Xpress does, but as far as authoring goes, I haven’t found anything easier to create titles, menus, and do simple editing on a video production. Not only that, but it burns well on a LaCie External Firewire DVD+R DVD Burner.
Do you have a GPS Receiver? How would you like to go on a treasure hunt to find hidden items in your local area? Check out http://www.geocaching.com. I will have more information on local hunts right here.
What is Geocaching?
Geocaching (pronounced geo-cashing) is an entertaining adventure game for GPS users. Participating in a cache hunt is a good way to take advantage of the wonderful features and capability of a GPS unit. The basic idea is to have individuals and organizations set up caches all over the world and share the locations of these caches on the internet. GPS users can then use the location coordinates to find the caches. Once found, a cache may provide the visitor with a wide variety of rewards. All the visitor is asked to do is if they get something they should try to leave something for the cache.
So what’s the big deal? You gave me the coordinates so I know where it is. Seems pretty easy.
It is deceptively easy. It’s one thing to see where an item is, it’s a totally different story to actually get there.
What is usually in a cache?
A cache can come in many forms but the first item should always be the logbook. In its simplest form a cache can be just a logbook and nothing else. The logbook contains information from the founder of the cache and notes from the cache’s visitors. The logbook can contain much valuable, rewarding, and entertaining information. A logbook might contain information about nearby attractions, coordinates to other unpublished caches, and even jokes written by visitors. If you get some information from a logbook you should give some back. At the very least you can leave the date and time you visited the cache.
Larger caches may consist of a waterproof plastic bucket placed tastefully within the local terrain. The bucket will contain the logbook and any number of more or less valuable items. These items turn the cache into a true treasure hunt. You never know what the founder or other visitors of the cache may have left there for you to enjoy. Remember, if you take something, its only fair for you to leave something in return. Items in a bucket cache could be: Maps, books, software, hardware, CD’s, videos, pictures, money, jewelry, tickets, antiques, tools, games, etc. It is recommended that items in a bucket cache be individually packaged in a clear zipped plastic bag to protect them.
Are there Geocaches in Southern Minnesota?
Absolutely! Actually, the majority of geocaches around this area are found in the rural parts of counties. There is a lot of them around the area! Here’s a link to the latest list of Minnesota geocaches: http://www.geocaching.com/seek/nearest.aspx?zip=55021&dist=100
I am interested! How do I sign up to find out more about geocaching?
Who is this Guy? Well it’s me, Brian. I’m 25 years old and live in a small Southern Minnesota town called Faribault.
These are pictures from where I work. My office is at the Faribault Middle School. (Left: The Media and Technology Department’s Growing Office. Middle: Front Entrance of Middle School. Right: The Technology Center, where most of the new technology is piloted [pardon the old picture].)
To start with, I got my first career-field job as a Network/Data Services Technician with Faribault Public Schools in June 1997. My responsibilities are to maintain the enterprise network (which was installed in 1997), troubleshoot and repair PCs and Macs, and provide consultation to staff about computer hardware and software. I work 11 months out of the year. I really enjoy working here. It’s my dream — getting paid for something I enjoy doing. You can check out the website I designed for the district at http://www.faribault.k12.mn.us. You would not believe how much I have learned by working here!
Gunshot Alley, Faribo Town Square. Notice the graffiti on the wall near the edge of the photo.
The first job I ever had was at National Business Systems, which I worked for over 2 1/2 years as a Data Entry Operator part-time after school. I left many friends here, but I tried to stop in from time to time of course. NBS’s office closed here in December 2002, but it turns out that I get to see my old friends more than ever now — I meet up with them once a month for lunch.
The picture above is “Gunshot Alley”, to get into the back door of NBS. The name “Gunshot Alley” comes from several experiences we’ve all had here. One time, at quitting time (7:30 p.m.), I walked out into the alley and about halfway to the car, I could have sworn I saw a flare being shot into the air close-by. When I got back to the car, the car right beside mine had the passenger-side door left open, with NOBODY else around. I was also hearing other noises like leaves crunching under footsteps. The next day, the building maintenance worker had reported an attempted break-in at a utility entrance not unlike the one I was parked near. Hmmm… really makes you wonder!
My Education and Other Interests
I went to the Faribault Schools all the way from Kindergarten to 12th grade. Starting my Senior year of High School, I took classes at South-Central Technical College. I graduated from there in 1997 with a 3.5 GPA. I took the “Electronic Business Machine Technician” course, which consists of Computers, Networking, and Electronics Technology. I designed and created the website for them when I was there.
I am a changed person. I want to live life to its fullest. I want to be more independent. I want to be better at more things.
I’ve learned many new things over the past several years. I learned how to ride a motorcycle (alright, sort of), learned how to get my hands in grease fixing cars and trucks, and I got into snowmobiles and ATVs. I’m also an FCC-licensed Amateur Radio Operator, and I’m a member of the local radio club. During the summer, I assist local law-enforcement as well as the local National Weather Service office by spotting severe thunderstorms and tornadoes for Skywarn. Many weather warnings you hear on TV come from spotters from Skywarn. My amateur radio callsign is N0QVC. Listen for me on APRS on 144.39 or on the six-meter ham band. I also occasionally monitor the local two-meter repeater, 146.79.
This month, I am writing an article on Wireless Network Security. After working with 802.11b Wireless over the past few months, it is simply amazing how many simply keep their wireless network open for anybody that passes by!
Wireless equipment is now very affordable, and many people with technology in their homes and businesses are going out and purchasing equipment to build wireless networks. Are the majority of the people installing this equipment aware of the security risks with plugging it in without exploring your security options? The answer is absolutely NOT! Many “wardrivers” find that it’s very easy to simply take a laptop with a wireless network card, and use somebody’s Internet access — because 75% of wireless networks don’t use even the most basic security features offered.
Wardriving
I define Wardriving as the mobile roaming around a geographic area with a computer and Ethernet-compatible wireless networking equipment to determine available access points, or points where access to a wired network can be gained.
More simply, wardrivers drive around in cars with a laptop with a wireless network card and try to find places that use wireless technology.
If you’ve ever watched the movie “Wargames” with Matthew Broderick in the 80s, or were actively involved in hacking or even cracking 10 years ago, you may be acquainted with software to dial a range of phone numbers with your MODEM to find computers to “login” to. When the Internet wasn’t as popular as it is today, “wardialer” software was usually the first step to find computers to “play” with. The term “wardriving” was chosen because it describes the “roaming” to find networks, and a good number of “wardrivers” will attempt to gain access to these resources.
Evaluating your own Wireless Network
(coming)
My Security Advice
Please be aware that this is only my opinion, and that I’m not responsible for any accidents or damages by following it. If you want a more tailored, custom solution for your residence or business, please contact me directly.
Fully understand your coverage areas. KNOW how far your wireless network reaches.
Enable WAP. I know, I know, it’s not a perfect solution, but the encryption offered by WAP will keep the script-kiddies away, and the vast majority of “crackers” will not attempt to play with your network if you are encrypting it. Did you know that the MAJORITY of wireless networks don’t enable encryption AT ALL? Simply put, it takes a lot of traffic on your network and a wardriver within constant radio range of your wireless network to break your WEP codes. If your access point and wireless network cards support 128-bit encryption, enable it. If not, then enable the 64-bit/40-bit encryption. Don’t use cards without encryption! Oh, and please pick a key that will be difficult to guess.
Change the default passwords on your access points! Do this as soon as you get it online! Lists of default passwords for many brands of access points are easily available from the Internet, and you could have your encryption disabled or your access control lists changed even from clients on your internal network!
Disable DHCP on your network segment with your access point. If a wardriver that has the intent on accessing your network is in your coverage area, and you’re not running encryption (or your key has been hacked, a pretty rare occurrence), they can simply release their current IP Address, and renew a lease with your DHCP Server, giving them an IP Address on your private network. Yes, that’s right, your PRIVATE network. If you have a firewall device or NAT device on your network, it will be INEFFECTIVE against this kind of attack.
Enable Access Control, whenever possible. Access control allows you to DENY access to your wireless network to all computers, except those in a specific list of MAC addresses that you choose. Even if your WEP encryption is compromised, “crackers” will need to know a MAC address of an allowed client to gain access. It’s very possible they’ll have to pull a “Kevin Mitnick”, or capture packets moving back-and-forth from your wireless clients, run a denial-of-service attack to shut down one of them, and poison the ARP Cache of your router to be successful. Not for your run-of-the-mill “cracker”.
Don’t broadcast your SSID. If your access point has an option to shut off SSID Broadcasting, use it. You’ll have to make sure the SSID set on both your access point and wireless clients match, but this should be the case already!
For an even higher level of security, consider giving your wireless users no access to your private network at all, without connecting and authenticating through a virtual private network (VPN).
Software
NetStumbler — The Most Popular freeware for Wardriving hands down. Works with Windows 95, Windows 98, and Windows 2000. Support for Windows ME and XP is coming. Their forum is an awesome resource, but please, read the FAQs and do searches before posting! Many of the members have participated in DefCon 10’s Wardriving Contest, and are probably among the most knowledgeable on 802.11 security that I know.
Ethereal — This is a freeware Packet Sniffer utility. You need a Wireless NIC that works in promiscuous mode (Sorry Orinoco Users).
Check out the Tech Briefing on the W2Knews web site for a nice write up on the state of Home Automation. The author compares the state of Home Automation in the present, to the computer industry in the early 80s. Is Home Automation going to become as common as computers our in the household right now?
From the March 14, 2002 edition of “W2KNews” Magazine…
The State Of Home Automation
Last week I went to Orlando and visited the Electronic House Expo. Very interesting. It reminded me of the early PC shows in the eighties — small, just a few large and lots of small players, and no standards to be found. A telling tale was the guide I found for a coming expo in Seattle, the www.connectionsconference.com guide had a standard for every letter in the Alphabet.
A whopping 26 different “industry standard” organizations have thrown themselves in the alphabet soup fray, varying from Bluetooth to HomePlug, HomePNA, UPnP, WAP to X10. It’s dizzying! But everyone agrees it will soon become an 8 Zillion dollar industry. Sound familiar? MS-Dos, CP/M or DR-Dos, anyone?
There are a few big names trying to establish some sort of order, like for instance the UPnP (Universal Plug and Play) Forum promotes TCP/IP-based seamless proximity networking for the home and the office. They have their mission statement on a website and are backed by an impressive list of 450 outfits including Microsoft, General Electric, Intel and practically all major hardware manufacturers. I learned at the show that GE is building Windows XP embedded in their intelligent home devices. http://www.w2knews.com/rd/rd.cfm?id=020314TB-UPNP
But there are also many other groups, take the HomePlug Alliance as an example. These people are committed to making home networks using your existing powerlines are reality. They compete head-to-head with the HomePNA that tries to do exactly the same thing over your existing phone lines!
This new market looks like a large roulette table at the moment. There are a lot of players from different industries (IT, Power companies, Telecom, Appliances) that have all different starting points and agendas. All of them are placing their bets on the table, with many players betting on more than one number and signing up for several of these standards alliances. The problem is of course that all this stuff needs to interface with each other and there lies the rub. Faites vos jeux! The issue is that there is no real “killer app” that will drive this industry. Entertainment comes close but just by itself is not cutting it, and Home Office is a second potential killer app but also not powerful enough to drive full home automation.
You can also compare it with a bunch of rivals that all eye a large chunk of loot, and everyone is positioning, weaving and bobbing to be in the best spot to start reaping those zillions. The divergence of all these different technologies has been closely followed by Microsoft and obviously they want to play a major role in this whole game. However, there are some other powerful (pun intended) players that are opposing that with all their might and hate to see MS move into their turf.
Admittedly it is a challenge to make all this work together:
Wired and wireless networking
Distributed Audio and Video
Home Theater
Security / Closed Circuit TV
Secure internet access
Lighting control
Heating, Ventilation and Air Conditioning control
A whole bunch of other stuff that will be here “Real Soon Now”
And have all of that available from one console and a non-tech enduser that needs to control all of that. Can you see the potential support nightmare?
So, what does a techie do who wants to start automating their home? Well, from what I see, there are a few options. The low-end is X10 which if you implement it well will work fine but is slooow. There are a few other standards, LONworks and CEBus. These are faster and definitely more advanced. Simplifying it big-time, they are 2-way as opposed to X10 which is just one-way. X10 devices cannot answer back after they receive a command.
And then there is UPnP. Think local network neighborhood on your home server, and ALL your home devices show up, from the fridge to the air conditioner to all the lights to the garage door as well as the other PCs, printers and wireless devices you may have. Sounds cool doesn’t it? Too bad it is still a while before we will see it, for the moment it is vaporware. The stacks are not even released but are supposed to see the light in Q2. I would not expect any consumer devices until 2003.
At the Expo, the latest thing that everyone seemed to push was video over CAT5E. In other words, the sales reps were saying, “you do not need that cumbersome and expensive coax anymore”. There may be a point to that, but you don’t know what killer app will emerge which would need mega-bandwidth. Not having the coax would be a real problem at that point. So, the solution is to “flood-wire” (a term I picked up at the show) your home with structured wiring so that you are prepared for any kind of thing that will surface.
You can start with X10 if you want, and upgrade later to a new standard which will certainly come. From what I understand, they will be backward compatible. I would stick with the large players as these have the best chance to survive the coming consolidation and inevitable shake-out period. The largest and oldest player in the home security bizz is HAI, and their OmniPro II is a pretty powerful piece of gear which even comes with an Ethernet port. I decided I’m going to get one myself. For structured wiring and X10 stuff I would check out Leviton at: http://www.w2knews.com/rd/rd.cfm?id=020314TB-Leviton
Watch this space for information on the public release of MailTalk, “The E-Mail Reader that talks”. This mail program, designed for sight-impaired individuals, sends and receives E-Mail using very little system resources. Matter of fact, it’ll run on any DOS-based IBM Compatible with a Sound Blaster compatible sound card. And it’s distributed as freeware! Until I get more information on the web, feel free to E-Mail me if you are interested.
> Hey all, > > Currently I’m using an evaluation > copy of Microsoft ISA Server, but when that runs > out I’m probably going to want to switch to a > hardware solution to connect my LAN to the > Internet over DSL. I know the Linksys routers are > the most popular, but they also were the first > ones on the market. Has anyone looked at the SMC > or other broadband routers and compared them to > the Linksys? Any > opinions? > > _–Will–_ http://www.inside-corner. > com http://www.mp3.com/hypnoticsuggestion
Will,
How many users are you supporting on your LAN? Is this an “in-home” LAN, or a business LAN?
If it’s an “in-home” LAN with a small amount of users, may I suggest trying Internet Connection Sharing, which is built into Windows 98SE, Windows ME, and Windows 2000? I am currently using an evaluation copy of Windows 2000 Advanced Server on my server, and I have Internet Connection Sharing setup to share the Cable connection. This piece of software uses an IP masquerade to make computers on your LAN appear as one computer to the remote network, as far as TCP/IP addressing is concerned…
And best of all? Internet Connection Sharing is a free solution. I have been very happy with it so far, with a total of 4 computers accessing the Internet. Can’t beat the bang for the buck!
I got a call from Chris Thompson from the Faribault Daily News on Wednesday, and he wanted to talk with me a little about Internet “phishing”. I guess this is the new “public” term for those companies that E-Mail you, posing as your bank, EBay, or Paypal. I’m sure everyone has received at least some of this type of E-Mail lately.
