Vitalsecurity.org - A Revolution is the Solution

This spam keeps getting sillier....

2008-07-23T16:12:00.003+01:00

It really ramps up towards the end there. I dread to think what happened to that poor senile grandpa, too.

Oh wait, the BEST DAY OF HIS LIFE. Carry on.

Doh

2008-07-23T14:09:00.001+01:00

Well, that buggers this up. Guess I'll have to wait a little while longer...

Decisions, Decisions...

2008-07-22T15:43:00.002+01:00

Oh man, so much awesome spam to choose from....

Mylol and the BBC

2008-07-21T19:35:00.004+01:00

Back in January I wrote about something called "Mylol.net" - a teen dating site that gave off some real weird vibes (actually, I first wrote about it waaaaay back in 2006). Well, months later it seems someone at the BBC has gotten wind of the site and gone storming the barricades - not sure you can actually "uncover" a site when it's already as popular and well known as Mylol is, but a little mass scrutiny never hurt anyone, right?

I think it might be time to go back in for a little undercover expose of my own, don't you think?

(Hat tip to the Techmonkeys for pointing me to the BBC writeup!)

Truth or Scare?

2008-07-21T19:28:00.003+01:00

A story has been circulating the last few days (hat tip to Ferg) regarding some dubious racist antics going on in China during the buildup to the Olympic Games:

Bar owners near the Workers' Stadium in central Beijing say they have been forced by Public Security Bureau officials to sign pledges agreeing not to let black people enter their premises.

"Uniformed Public Security Bureau officers came into the bar recently and told me not to serve black people or Mongolians," said the co-owner of a western-style bar, who asked not to be named.

....whoops. However, there are some questioning whether or not this is actually true or not. For my part, when I was out in China I was hit with the "evil white guy" stick at every turn. People were naturally a little perturbed at my appearance as I was the only white guy there for miles around, and they hardly ever saw them in this particular region of Southern China so my presence there obviously brought with it massive forebodings of dread and doom and gloom.

I lost count the number of shops that wouldn't serve us, and hotels that wouldn't let us stay overnight due to "official policy". This last one really sucked when you'd been traveling for seven hours, it was 10PM and you quite literally had nowhere else to go.

There was also one incident where my friend and his uncle took me into some restaurant, and all the customers looked at me like I was waving a gun around or something. A quick, heated exchange between the uncle and a waiter followed, and we were dragged off to a booth well out of sight (with the doors firmly locked) while we ate.

Damn, I'm such an embarrassment - can't take me anywhere, can you?

In case you're wondering what I ate, they brought out a big pot and when the lid came off, they fished out a whole snake bathed in some kind of aniseed smelling sauce and dumped it on my plate.

Epic helpings of fail for me.

China: A Largely Unfocused Ramble

2008-07-15T18:09:00.005+01:00

Here I am, looking bored.

The location would be a really surreal "theme park" (I hesitate to call it that, but...) in mainland China, circa 1999. The idea was, they had weird replicas of all the main tourist attractions throughout the globe, all stuffed into one glorious cavalcade of amazingness.

Unfortunately, it was crap.

Crap, and hideously expensive. So much so, that we couldn't afford to get inside and take a look around. As we'd spent the best part of a day to get there (riding on the back of passing motorbikes whose drivers wore yellow construction worker hats for crash helmets), we thought we should make the most of it so we took a lot of pictures outside, acting like we'd been in.

What does this have to do with anything? Nothing really, except to serve as a nicely random introduction to a ramble about China. See, I couldn't help but notice this post over at the Sunbelt blog (regarding Bruce Schneier and his opinions on Chinese hackers) and felt like I should weigh in, because I like to ramble about China every now and then.

For the most part, I agree with this guy. Nobody really knows what's happening in China, and even an outsider with experience in the mainland itself probably doesn't see the bigger picture. Hell, I hooked up with a lot of hacker-type people while I was there and though I didn't understand a lot of what they were doing at the time, it was clear there were - how can I put this? - multiple versions of the same reality being presented to every onlooker and even every participant. The secrecy that emanated from each individual - presumably for fear of prosecution, or moles, or who-knows-what was so overwhelming that it seemed to get in the way of what they were trying to show you.

Of course, I was the only English speaker and didn't speak a word of Chinese so that probably didn't help, either.

I kept in touch with a few of them after I left, and indeed used to hang out with a bunch on an IRC channel called "Toshogu" - so called because the main guy had a huge obsession for all things Japanese. I haven't seen any of them online for years, they all basically fell off the face of the Earth and that was the end of that. They probably just got bored with their computers or whatever, but who knows?

Even so, they had some decent connections and I still keep in touch with some of those guys - but even then, it's all a bit twitchy and erratic. The last time I conversed with one of them, he reiterated something that I've said quite a few times - we tend to focus on the great "unknown menace" of all those evil waves of Chinese hackers, but we completely fail to mention the steadily growing Adware industry out there.

I talked about this briefly at one of the ASC Conferences, but in my opinion the "legit" Adware industry over there is going to balloon out and hit us in the face. They've watched how the Western guys did it, and they're going to ape their antics with the added problem of being almost impossible to track down. The "legit" Adware guys likely won't have the hackers problem of the Government breathing down their necks, either - why would they? It's legal and legit, leave us alone! - so they'll be free to do what they do, relatively left alone and out in the open. Indeed, I could see a situation where lots of ex-hackers go down the Adware route as their safest option for dropping crap on PCs and not getting smacked around the head for it.

Aside from that whole "Bruce on China" thing, one of the things that tends to disappoint me is when I see articles about the Chinese using encrypted methods of communication, and proxies, and all the rest of it. Not because I hate proxies or anything - but because the articles only ever mention technological methods of "secret" communication related to computers, like that's all the Chinese have ever known. Like we flew in on magical clouds, bopped them over the heads with TOR and made it all better or something.

Truth is, the Chinese population have done pretty well with secret methods of communication for years. Their history is rich and filled with subtle, hidden meanings and political subversion. Hell, you can trace a line from some of the older martial arts philosophies, right through to Peking Opera and into Chinese cinema for that. Especially throughout the 90s when the threat of the Hong Kong handover to China was imminent - Once Upon a Time in China Part 2, Fist of Legend.....even something as apparently brainless as The Herioc Trio is stuffed full of metaphor and allegory that the clowns in Government would have missed completely.

I would love....love....to see more posts about the many and varied methods used in China throughout the years to get around censorship that rely more on wordplay and less on tech-play. A lot of those more interesting forms of censorship avoidance in China have been handed down from these various non-tech realms and ended up worming their way into the everyday tech-world anyway (like all those people talking about river crabs on forums, for example).

I don't have a nifty closer for this post, so here's a picture of me and some guy with a gigantic melon head lurking in an alley.

Alleyway surprise, originally uploaded by Paperghost.

So this is why UK police can't tackle cybercrime

2008-07-15T11:54:00.003+01:00

....or indeed, anything else for that matter. No idea how new this is, or even if it's real (his equipment looks real enough though), but what an awesome run he has.

Thanks to SB for the heads up ;)

Hiding behind the Blue Screen of Death, and Homer Simpson gets his own Botnet

2008-07-11T20:18:00.003+01:00

Blah blah, slight lack of posts here, etc etc.

However, I come bearing gifts of weirdness. So that's cool, right?

First up, scumbags install a legit screensaver and use it to hide a malware install. Sneaky.

Second - as the title says, Homer gets his very own Turkish Botnet. Anyone with Chunkylover53 on their AIM buddylist will have noticed a steady stream of infection links being pushed via "Away" status messages the last couple of days. The links claim to be for "new, web only episodes of the Simpsons". In reality, you'll get a Rootkit, some malware related to Chinese hijacks and be plonked into a Botnet.

What significance does "Chunkylover53" hold for Simpsons fans, you ask? Well, "Chunkylover53@aol.com" was revealed to be Homers email address in an old episode. A lot of people ran off and added "Chunkylover53" to their AIM buddy list, and now here's Homer, poppin dem' hijack links. What's interesting is that the Username doesn't necessarily have any relation to the email address (in fact, add the EMail address and you don't see ANY infection links - you only see them if you add the Username minus the "@aol.com" part).

However, people added the Username, and infection links are now the order of the day.

Doh.

Oh, I like this one. Give her a raise!

2008-07-10T16:13:00.003+01:00

"While I have sympathy for the rights of intellectual property holders,
businesses should not rely on the surveillance of consumers to protect their
copyright interests. It is not acceptable to allow copyright enforcement to
come at the expense of users' privacy."

More.

Technical hitch

2008-07-08T23:22:00.003+01:00

I just noticed a bunch of recent posts have vanished along with the entire "Conferences" category and one or two other bits.

I'll try and get them back, but for now, if you strain hard enough you can probably hear me swear in fifteen different languages.

Nice Gimmick...

2008-07-08T18:03:00.002+01:00

....Hello Kitty Antivirus.

I predict a case of "Hello Ebay" as obsessive fans try to snag a copy...

EPIC FAIL FOR ALL

2008-07-04T08:14:00.007+01:00

"The reality is though that in most cases, an IP address without additional information cannot (identify you)." Google Public Policy Blog

Wow, that came around and bit everyone on the ass, didn't it?

Such a cacophony of disasters, I'm not sure what to roll my eyes at first - the mass treasure trove of data hoarded under the stairs, or Viacoms grab for the cookie jar.

Maybe it's the fact that the Judge ruling over this case is about six thousand years old and clearly wouldn't know what an Internet was if it hit him in the face, which I strongly suspect is about to happen.

The EFF blog has an update where Viacom claim they don't intend to go harassing individual Youtube users, but we've seen stuff like this enough times to know everything has a huge potential to go entirely tits up further down the line.

Samwell sums this up far better than I ever could:

Online Gaming: Safety for Kids

2008-07-02T18:54:00.002+01:00

Above, you can see pretty much my entire gaming collection. If there's an alien army to conquer, I've conquered it. A fleet of dragons to vanquish? They're extinct now. Wave after wave of evil WW2 Nazis to shoot in the face? Taking a dirt nap. And so on.

I can't help be mortified when I see an article like this, though, where scumbag paedophiles are using videogame technology to get online and groom kids. Of course, systems like the XBox 360 have parental controls and lockouts and stuff, but the problem is - how many parents actually know how to use it? Mostly, those bits of paper get thrown aside while little Jimmy whips out his newest toy and starts shooting aliens in the face.

Well, in general most gaming companies whose consoles can go online are pretty responsible with regards information aimed at keeping the kids safe and all that jazz. Here's some useful links I have for anyone with kids who play online with consoles. If you have any suggestions (assuming the comments are working) feel free to throw them in and I'll add below.

* First off, XBox Dad. A good blog with useful info. In particular, this entry regarding webcam settings might be helpful.

* Here's how you manage all the parental control stuff on XBox machines.

* This is a great site - Gamingwithchildren.com. I won't blab, just check it out. Good stuff.

* If you have a Wii and are currently throwing yourself around the house to the strains of Wii Fit, then you might want to check out the Wii Parental Controls page. You can even restrict the content that appears in the browser, which I must admit I had no clue you could do.

* Playstation is a bit of a pain in the butt, because if you go to their FAQ page it dumps you into some horrible mess of frames and it's impossible to link to anything. This article on USA Today seems to be accurate though, and covers settings for both PS3 and PSP which is a handy addition. The article dates back to 2006, but as far as I'm aware the information is still correct.

Now if you'll excuse me, it's time to go conquer some alien scum...

Mid-Week Spywareguide Roundup

2008-07-02T18:26:00.002+01:00

Not many posts here at the moment, because I'm finishing off a couple of possible conference talky-thing submissions. Plus, I haven't been able to log into my blog account, Haloscan comments are goosed (again) and I'm still finishing off that last Postbag.

However, no such problems over at Spywareguide with a veritable blog rampage. Let's do this thing:

* Bizarre Forum Spam and An Old Classic: Two for the price of one, first some weird spam and second, ye olde email scamme. Not very inventive, really.

* Credit Card Hack Pack: What's that? People like faking cc dets online? Oh. Better not let them get their hands on this, then.

* The Time, The Place: I think this has the potential to be a gigantic social network disaster. How about you?

* My Name....is......Neo! : Nothing to do with the films, but click here and read about some crummy infection from China, all the while pretending to punch people in the face and hang out with chicks in rubber dominatrix gear.

* Fast Track to Botnet Central: My colleague writes about a Botnet thing he found. Clicky.

* The Angry Spamtool: What a charming and delightful name this tool has.

* Social Networking - When it all goes horribly wrong: I couldn't make a direct link to the PCWorld article for some reason, so go here to get to it. Apologies. Blame Blogger, it sucks.

* Your 419 Mail Roundup: Scam emails! Yay!

Now if you'll excuse me, I have to gimp around with Powerpoint and complain about Blogger some more.

Here comes a big plate of suck

2008-06-27T17:41:00.003+01:00

I love me some useless "see lots of secret stuff on Myspace" nonsense. Whether it's lines of code, programs or websites, 99% of them are rubbish.

Here's one I saw being pimped on a site the other day:

Click to Enlarge

See if you can spot the faintly comical screwup in the next screenshot:

Click to Enlarge

.....hahaha.

There's quite a few sites out there like this one, and all of them eventually just dump you on a page imploring you to download Firefox. However, it seems they can't even get that right, because on all of the sites I've seen so far there's no download link to click.

Did I hahaha yet?

Mid-Week Spywareguide Roundup

2008-06-25T21:52:00.000+01:00

Is it that time again already? Let's get the show on the road then...

* Cash on Collection? Not Anymore, Perhaps: A look at how changes to EBay (namely, forcing you to accept Paypal payments even when you want your item to be cash on collection only) is providing a nice little opportunity for scammers to RUN AWAY WITH YOUR MONEY, HAHA. Of course, it all depends on the buyer being naive enough to let the scammer arrange their own courier so it isn't the end of the World. Yet.

* Another Site asking for MSN Login Credentials: Man, these sites are all over the place at the moment. Nice scam-ring someone has going on here, isn't it?

* Seen In The Wild - The Guinness Book of Records Chain Letter: It's not often you get to see one of the more well known chain letters in the flesh (assuming by "flesh", I mean "paper") so click here and look on in amazement at some bits of paper. And an envelope, also made out of paper.

* Mixing a Real World Infection With a Mass Mail Hoax: Completely bizarre. People take factual information about Storm Worm, mix it up with a well known EMail hoax, confuse a bunch of entirely separate Snopes.com articles then forward the mess on to about six bajillion people.

* Haven't Seen This Before: I'm really curious about how this works - reminds me of some sort of Net Nanny for forums. Anyone out there heard of it?

* 419 Scam Mails: An extremely distasteful "Robert Mugabe" scam is probably the pick of the bunch this week. Click here for scam mails galore.

I had a real snappy closing line, but I forgot it. Doh.

My head, it hurts

2008-06-25T07:32:00.003+01:00

I just spent a while trawling through Bebo profiles for signs of spam, phish and other general scumminess.

Imagine my dismay, then, when I realised my brains were dribbling out of my head due to seeing endless comments on pages like.....

.
.
.
.
.
WHAT?

I think I'm going to have to invest in one of these. And maybe a Klingon dictionary.

Whoops, there goes my breakfast

2008-06-24T16:11:00.003+01:00

Using twelve year olds to promote penis enlargement? Classy...

Warning! This black screen means your laptop is DOOMED!

2008-06-20T20:07:00.002+01:00

...or at least, that's what someone I know thought. They asked me to take a look at their daughters laptop because (gets a bit vague) "....it isn't loading or something, and she can't go on her MSN and I'll have to send it back etc etc".

So I take a look, expecting the usual grim death scenario with sparks flying and Malware lurking and all that jazz.

/ Laptop boots

// I see the "PC didn't shutdown correctly last time" message against the wonderfully imposing LOL YOUR PC IS BROKE black screen, with a couple of options underneath

/// I select "Use last good configuration" thingy

/// Shutdown laptop, reboot......laptop works fine

Bam, problem solved in a minute or less, saving them endless amounts of hassle and gimpery getting a replacement.

That says to me the standard white text on black screen page telling you about safe mode, last good configuration and all that jazz isn't user friendly enough. Well, we all know it probably isn't, but nobody ever seems to mention it. Just a thought, but if it looked more like a regular Windows screen and less like something that says HANDS OFF, ONLY IT GUYS CAN TOUCH THIS NOW OR IT'LL EXPLODE there would be a lot less machines being sent back and forth between collection depots.

I demand Microsoft sort it out now, or I'll moan about it for a bit. Then stop.

Paperghost Postbag Part 1

2008-06-20T16:39:00.003+01:00

Wow, I got a lot of questions this time round - thanks to all that submitted one. Due to the answers being quite long, I'm splitting these up so if you're not answered below, you'll be in Part 2. In no particular order, here we go...

Do you ever wish you'd stayed working in the arts, or wonder what you might have ended up doing if not working in security? Jim

I think I would rather beat myself to death with my own face than have continued to work in the arts, to be perfectly honest. It was pretty crappy back in the 90s job-wise, and it's even worse now. I sometimes meet up with people who I did my Art Degree with, and they're doing pretty well but the majority have fallen off the radar completely. One guy does pencils at DC Comics, another puts on some pretty big exhibitions, and one guy I did art school with was in the Zutons for a while (he's left now, though).

But yeah, glad I'm not doing it, and not sure what I would have done otherwise. I nearly did Astrophysics at Uni instead of Art, but I'm terrible with numbers so I probably would have ended up one of those guys with crazy theories about cheese that nobody cares about.

The one thing I would have liked to kept up with is the music composition. I still dabble in that (and painting) occasionally, but I'm probably quite rusty now. The problem is, my social circle isn't really made of up of people working in IT - is that weird, or normal? I've no idea...it's made up of people who paint sheep purple and make performance art and write comics and do music for videogames. So all the time, there's that faint whisper from the Dark Side - "join us...." and it all looks like so much fun.

But.....not gonna happen. I'm perfectly content to watch them run round doing all the stupid stuff while I get into the exhibition openings for free and drink all the cheap wine.

I do have a few canvases that need finishing though....

YOU SUCK Putz

You're right, I do suck. I suck at being a douchebag, unlike you. Next.

Suppose I wanted to work for you (I do, but I have no expectations, I'm just saying). What course would you say to take at Uni in order for me to make myself useful in a couple of years? I've been a lurker on forums like Spywareinfo for years and I've been cleaning boxen for longer - and getting paid for it. But I'm sort of the good-guy equivalent of a script kiddie - I take the stuff you and others find or make and clean boxen with it. I want to step up my game.

Where do I go from here? Programming? Serious IT/Security courses?
Derrill

Wow, there's a tough one.

In some ways, I'm effectively a full time weblog content producer, with the research done prior to that forming the basis for the pressure applied to the bad guys in shutting them down permanently. So much of it only uses the infection files found as a basic starting point, and those are passed off to some of my fellow researchers while I go about doing the face punching and pressure-whipping-up and all that stuff.

With that in mind, I'd often look at security jobs posted before I started doing this full-time, and refuse to believe any of them would actually have taken me on board due to them usually starting out like this (random example):

Degree in computer science or equivalent experience.
Solid x86 assembly and C/C++ programming skills.
Solid understanding of networking and Windows system internals.
Experience in reverse engineering including using disassemblers and debuggers is mandatory.

....that's me out of the game right there, isn't it?

I just wonder if a lot of jobs (certainly in terms of research roles) are perhaps too restrictive in what they're asking for - or at least, the kinds of positions that are maybe crying out to be filled up don't actually exist yet.

Of course, you can counter that the above criteria are more along the lines of a Malware reverse engineer type guy, rather than a "go looking for stuff / research what you find / write about it" type of guy - but to counter that, can someone show me where the "go looking for stuff / write about it" jobs are advertised? Or at least, the security jobs that DON'T list extremely specific IT qualifications? It's all very well saying they'll likely "negotiate" or whatever, but in real terms, nobody missing any or all of the above is going to bother applying for it.

I think there's room for everybody, personally, but (just like the conference circuit), there seems to be a lot of lag and reluctance to change. Long gone are the days where "security researchers" are forever chained to a never ending stream of IT qualifications. Is that a good thing or a bad thing? No idea, but that's where we are anyway.

The security arena (definitely in terms of antispyware or whatever) has greatly expanded in the last few years with people working forums who are pretty much doing what they do full-time anyway (hasn't CastleCops been an actual registered business entity for some time now?), bloggers like myself who have somehow fallen into the industry full time and others who maybe lack formal qualifications in IT but do some amazing work regardless - and I do wonder how they progress / break into these new areas with nothing advertised for them that they can realistically apply for anyway.

I still think the best way for someone without (perhaps) the required IT skillset to break into the industry is to simply set up a site and start writing about it. I'm not saying "if you build it, they will come" or whatever but it does tend to get results. As soon as you go public, you immediately begin to tap into that elusive and never-ending source of information, tipoffs and anonymous emails asking for help - the general public. Many, many things I've written about that went crazy started with some random person that decided to say "Hell, this sucks, can you do something about it"?

And of course, that's the rub - doesn't matter where the "find" comes from, because ultimately you still have to do something with it, and about it.

That's what makes a story, and that's what forces it to run in the direction you want it to go in. Everything after that is irrelevant. The good guys win, the bad guys lose and we all ride off into the sunset with ten girls on each arm. I think. Actually, I appear to be missing some of the girls.

So yeah, I personally would advise anyone who doesn't perhaps have the big list of IT qualifications to hand to go do some blogging. For better or worse, nothing gets you noticed more quickly and if you do good things, good things tend to happen back. Who knows, you might even be able to leapfrog that whole pesky "need six thousand bits of paper" necessity altogether. Of course, if you're that way inclined anyway an IT degree is always going to be useful. I'd love to go into more detail on those but as I graduated something like 8 years ago in the field of painting crap pictures I'm probably a little out of touch in that regard :)

And for anyone out there feeling like they're in the same boat, I've been kicked in the teeth lots of times too. I remember a few years back when CNET were looking for some new security writers on all those blogs they had, and someone suggested I send them my info. I got a reply back a few days later with a spectacularly awesome "Sorry, but you're not what we're looking for at this time" brushoff.

A few days later, I nailed something on Digg, Slashdot and about a million other sites and I LOL'D. Take that, dismissive editor woman.

Are you aware of the positive effect and impact you have in the day to day carnage you wreak on people who sorely need it?

I've heard you talk about the future potential disasters you've hopefully helped to prevent by taking proactive action NOW, rather than leaving it for law enforcement and other entities to fix (which we all know wont happen in 99% of all the kinds of individual instances youve written about). So i guess you are aware of it. but i wanted to make you aware of specifics, in case you dont get any of those.

one of the sites you shut down a while ago was responsible for completely destroying a dedicated server i own. they messed up my business, hurt my income and nobody cared or was interested to do anything about it. then you randomly waded in and shitcanned every last one of them, their sites, their forums..everything. it was joy. it was elation. it was feeling like finally, SOMEBODY cared enough to fight the good fight and give me some sense of closure against an unnasailable opponent who randomly woke up one morning and decided to make my life more difficult than it already was.

put simply, it was absolutely f*****g wonderful.

from the darkest recesses of my heart, thank you - and know that i would pick up the nearest weapon to hand and jump into the deadliest of fights on your behalf. you might have an idea of the positive impact of your work, but perhaps not of the direct effect and loyalty you've likely inspired in more capable people than i.

just wanted to let you know. Anonymous

uh......wow? Not much I can add to that really, but thanks - always nice to know someone, somewhere got a real and healthy dose of satisfaction out of what goes on in these here backwoods. I sometimes get emails along these lines, but I can't say I've had one this euphoric at the annihilation of some assclowns that sorely needed it.

I'm also faintly intrigued by the notion of my own personal army of weapon wielding Ninjas.

Thanks to everyone who sent in a question, and the second batch will be answered either tomorrow or Monday. Of course, I'd prefer to do it Monday so you can all bear arms and start practicing in the garden...

Your poor-taste spam for the day....

2008-06-19T13:32:00.002+01:00

....I love how if the Eiffel Tower being smashed to pieces isn't shocking enough, they throw in some Ralph Lauren just in case.

Paperghost Postbag - Final Call for Questions

2008-06-19T10:10:00.001+01:00

Hmm, doing better this time! Drop a line here, and I'll hurl out some answers tomorrow or whatever.

Mid-Week Spywareguide Roundup

2008-06-18T23:44:00.000+01:00

My, a lot to wade through this week. The internet obviously becomes more craptacular with every passing week. Fire up the Link-o-Tron 3000....

* An Interesting Development: In which a pretty big and well known underground forum decides to close shop. Why? No idea. Curious farewell message, though.

* Spoof Phonecall Rearranges Recipients Phone Number: Wow, there's a mouthful. Anyway, if you know of a device that can do this, feel free to pipe up.

* Your 419 EMail Roundup: Yes, more 419 scam mail thingies. I'm definitely making this into a regular fixture, because some of these things are comedy gold. Also, serious business. Etc.

* Photobucket and NeTDevilZ: Ooh, I smell Interweb drama! Will Photobuckets explanation be enough to satisfy hordes of confused Photobucket users? Who knows. At any rate, more here.

* EBay Computer Checks, Coming Soon: Just in case you haven't seen these messages yet.

* Facebook Phish: Ye Olde Myspace Scam continues to bleed into other Social Networking sites. Oh noes.

Bonus Link #1: Facebook Chat and Unified Communications.

Bonus Link #2: Opinion - Shift Happens. Wayne Porter, rocking out on your internet.

This is why we're all doomed

2008-06-18T19:53:00.002+01:00

....yes, of course it is.

Full trainwreck here.

Office Space, Minus The Stapler

2008-06-18T15:03:00.000+01:00

A week or so ago, I threw in a little tour of some of our research team offices. I thought I might lob in some screenies here of the place I usually do my work in. Let's start off with what I like to affectionately call "Crapheap City".

All the PCs I have fried, burnt, melted, blown up and otherwise killed until dead are left here to rot. Eventually I throw them out, or try and salvage some of their innards but for the most part, once I'm done testing on them, they're toast.

Not that I have a thing for pushing my PCs until they're a burning heap, you understand.

Next to Crapheap City, is one of my bookshelves. When downtime hits - as it invariably does - it's always handy to keep a selection of books to hand. There's a fairly random assortment on display that I've attempted to categorise, but mostly it's a jumbled mess.

Here's the Batman shelf. It has a lot of Batman action going on, in case you hadn't already noticed. Favourite cover? Well, it has to be this one:

Mmm, blood flingingly awesome. Doesn't he look happy beating someone to a pulp? Over here, I have me some Superman stuff. Anyone who cannot see the inherent awesomeness of a dude who can sit on clouds is insane.

Elewhere, there's quite an extensive Mahler section, which has taken quite a long time to put together. Hey Gustav, do you approve?

....jeez, no need to look so grumpy about it.

As we wander up the stairs, the first thing anybody who enters the office will see is this:

I love that postcard. I've no idea where I got it from, but I rather like the imminent promise of total and utter annihilation it brings with it. Not bad for 49p.

Top of the stairs, and we have a large foam hand proclaiming the glories of Mooney Suzuki. Finally, we reach our destination to see an old friend - Blasta Bling Bitch!

Yay, Blasta! She's still ticking over (after nearly having burnt the place to the ground not so long ago), but I'm pretty sure she'll need to be replaced soon. Will she earn a place in Crapheap City?

Oh, no. I think she's earned the full-on Star Trek 2 funeral complete with bagpipes and being fired off into space and stuff. We shall see. Next to Blasta, I have a handy peg thing for hanging all my Conference talky badge doodahs on:

I particularly like the one I had to write myself because they ran out of badges (I forget which one that was).

Hanging above Blasta, I have this odd plastic horn thing that I picked up at an M.I.A. concert a while ago:

In case you're wondering, it has "FIGHT ON!" scrawled around the faintly antagonistic-looking photograph. Well, it was either that or a Hooters calendar.

Finally, to Blasta's left we have the essential set of tools required by any security researcher who experiences the odd bit of downtime on a digital stakeout of doom:

HARDCORE GAMING FTW.

Not all my gaming equipment is on there (it's missing a 360, an Atari, a few Dreamcasts and a TurboGrafx-16, to name but a few) but the more observant out there will notice the Sega Saturn hiding at the bottom, copious amounts of Nintendo consoles and a few generations-worth of Playstations at the side there.

Yes, my research lab is a fire hazard waiting to happen.

I don't have any goats either, which is something I'm not too happy about. Finally, if you peer into the TV screen above - because I'm fully aware the first thing some crazy people will do when confronted with a TV in a picture is have a look at the reflection for potential embarrassment - you won't see me taking the picture while butt naked. However, you will see (if you squint) a canvas propped against the wall. I still paint canvases sometimes, and this one will probably be finished sometime in 2011 at the rate I'm going.

Anyway, here endeth the tour. I think this is the part where I'm supposed to call last orders and throw you into the street, but my arm hurts and you look pretty big so I'll just wait in the corner till you leave.

Thanks.