Technology – Page 30 – Frank Leonhardt's Blog

New Botnet?

Over the last 24-hours I’ve intercepted several emails containing malicious attachments in .zip files. There’s nothing odd about that, expect these are coming from ‘clean’ IP addresess.

Is this a new Botnet, spreading fast?

Yesterday the subject was “your mailbox has been deactivated” and they pretended to come from the IT support team at your domain name. If you don’t have an IT support team it’s a bit of a giveaway. The message continued:

We are contacting you in regards an unusual activity that was identified in your mailbox. As a result, your mailbox has been deactivated. To restore your mailbox, you are required to extract and run the attached mailbox utility.

Best regards, technical support.

Today they’ve got the subject “Payment request from , where the company varies.

The full text is:

We recorded a payment request from "" to enable the charge of $ on your account.


The payment is pending for the moment.
If you made this transaction or if you just authorize this payment, please ignore or remove this email message. The transaction will be shown on your monthly statement as "".

If you didn't make this payment and would like to decline it, please download and install the transaction inspector module (attached to this letter).

The interesting thing is that none of these have come from IP addresses that are currently listed as part of a botnet, known spam sources or anything. They’re completely clean. I’ve no proof that the two attacks are related, but I’m suspicious.

If anyone has more parts to the jigsaw, please share them with a comment.

2-November-0925-November-09

Cleaning an LCD Monitor or TV

I needed to clean a large LCD screen today. My usual recommendation for such things is to us a soft dry cloth (preferably microfibre), and to do it gently so as not to crack the glass. But this screen had a stubborn smear – possibly caused by a hand being wiped across. It had the appearance of a water mark of some sort – mineral deposits left by a cloth or tissue dampened with tap water perhaps?

The soft cloth wasn’t going to shift it, so a liquid was called for. But what?

You certainly don’t want to use use alcohol based cleaners on the delicate plastic of an LCD. It might be okay on some, but if it’s not you’ll trash it permanently. So a quick trawl of the web found me the favoured recipe, and everyone’s consistent about it distilled water plus vinegar, mixed 1:1. Any everyone’s wrong!

Vinegar is a great cleaner, and I use it for lots of things. But the idea of a 50% solution is a big warning – how strong is the vinegar to begin with? It’s too precise a recipe using imprecise ingredients. I tried it nonetheless, and ended up with a smear covering most of the screen rather than the original area I was trying to clean.

Time for some home cooking, and the solution is simple. Distilled water, a bit of vinegar and a small drop (no more) of washing up liquid (detergent). This lifted the deposits into suspension or solution on contact. The other trick you need to use is a double cloth – wipe off immediately after wiping on, before it has had a chance to dry.

I used soft kitchen paper towels for the process, but I thought the monitor was made of fairly hard plastic. A micro-fibre cloth would be safest if you’re not sure.

31-October-0914-February-13

Spammer without a Motive

Anyone who knows what I’m about will have guessed that I’d take an interest in the spamming attempts on this blog site. And indeed I have. However, a couple of weeks ago I had a slew of comments for which I can’t deduce a motive.

They took the form of meaningful comments to half a dozen posts – the sort of thing you’d normally let through even they they didn’t add any useful knowledge. They were also well written, by someone who clearly spoke English. But they didn’t add up.

The author purported to be an American cleric, and the comments were written from that viewpoint. However, they didn’t smell quite right – there were a few slips that suggested they weren’t written by a west-coast American priest. Investigation revealed they were, in fact, sent from a computer in Manchester or thereabouts.

So what’s the game? Well there were no links or other nasties in any of the posts. The web site of the poster (which may well have been blocked anyway) was a religious blog in the USA, but it hadn’t seen any activity since mid-2006.

Could this person have been creating an identify for a sock-puppet? Well having waited a couple of weeks, the name hasn’t appeared anywhere else. It could be that the poster failed to convince anyone, but the Internet is a big place and most blogs aren’t posted by computer security experts.

The only explanation I can think of is someone trying to create an identity with enough rights that subsequent posts could get through unmoderated. This would have taken a great deal of further work, especially as the email address provided was an anonymised temporary one.

So, I’m still stumped!

Some of the comments were quite funny, so I might let them through anyway and see what happens.

21-October-0925-November-09

Scam.co.uk

Scan Computers has been around for some time, and they’ve always been tricky when it comes to faulty goods (I have a pile of DOA hard disks on my shelf to prove it). Now they’ve gone a step worse. Their latest wheeze is to add ‘installation insurance’ to your order without you knowing about it. There is a check-box, but it doesn’t always seem to stick and to make it trickier they don’t add it as an invoice line, they add it to the tax and shipping.

Watch out.

They’re still using a premium rate telephone number (without the required Ofcom warning) as their sole contact method if you have query about this extra charge. Incidentally, if you want the standard rate number for them it’s 01204 474747.

Nonetheless, I’ve sent them an email asking for an immediate recharge, or I’ll put a dispute on it with the credit card company. Let’s see what happens.

It’s a shame when this happens, because the people at Scan are basically very decent and helpful when you do manage to contact them, and they’re the place to go for high-end graphics systems. Like many companies, it seems they have someone in the money-making department dreaming up such schemes in the short term, and hack-off the punters long-term. Although this was less than 0.5% of the order value (it was only applied to some cooling fans – the big stuff wasn’t covered anyway), little things like this do get noticed and create a bad feeling – and everyone has a choice. Continue reading “Scam.co.uk”

19-October-0918-November-09

Saga of Sunon fan in Acer PC

As regular readers might remember, when IBM’s PC division became Lenovo I got worried, and bought a few Acer machines to see if they were any good. Their backup was dreadful, so I stuck with Lenovo. As is the way of things, one of the samples ended up as my main PC and has been purring along ever since. Until this morning.

It showed all the symptoms one would expect of a dead PSU. That is to say, the mains lead was live but the PC wasn’t.

Luckily the PSU is pretty standard and I had a spare on the shelf, but while I had the case open I gave the fans a twirl. I didn’t expect to find a problem as the machine ran silently, but to my amazement the CPU fan was ceased. Completely solid. I couldn’t shift it.

I removed the heat sink to get the fan off, and saw to my disgust that it was a special with a built-in thermistor and a fourth wire on the cable.

Computer case fans generally have two or three wires. If it’s just two it’s simple, a +ve and GND. The third wire is a spin sensor: usually yellow wires give a pulse as the fan completes a revolution and this the motherboard (or fan controller) can sense the actual fan speed. A white third wire generally indicates either spinning or ceased up completely. The type you need depends on the complexity of your control system.

The fourth wire, if there is one, tends to be for controlling the fan speed. There are basically two ways to vary the speed of the fan – vary the voltage or modulate it. Varying the voltage can be a bit tricky: dropping a voltage generally means converting it to heat somewhere along the line, and this is best avoided. Pulse Width Modulation, on the other hand, is great. You keep the voltage the same but you turn it on and off. If it’s off for 50% of the time and on for 50% of the time you’re only getting half the power to the fan, so it’ll turn half as fast (gross simplification, but you get the idea). The pulses, of course, have to be fast. Switched mode power supplies work using the same principle.

Naturally I had a box of fans, but none of them supported pulse-width modulation. I pretty much knew that before I looked. Never mind, I though – I’ll run a standard fan at a fixed speed and be done with it. Foiled again! This fan is 20mm thick whereas every other 80mm fan is 25mm thick. And the extra 5mm matters, because it won’t fit on the heat sink otherwise.

The fan in question is a Sunon FMD1208PKV1-A. Decoding this shows that it’s a FMD series, 12V, 8cm, 20mm thick and so on but doesn’t say whether it’s a ‘special’ – that could be what the –A is all about as Sunon do make special versions for OEMs.

It’s actually quite a fancy fan – maglev bearing and other leading-edge refinements. According to its data sheet it can shift more air with thinner blades than most of the competition. Hmm. It’s not like the case is so cramped that 5mm had to be shaved off the thickness of the fan!

A quick trawl revealed that RS Components (Radio Spares to my generation) stocked the beast, for about €30. Sorry, RS, but I don’t do Euros and certainly don’t have 30 of them to spend on a fan.

Com-Com, who recon they carry spares for most servers, advertised the part but you have to call them for a price. So I did. They don’t actually have any, but could get a box of 100 if I really wanted them that badly. Well they are nice fans and 100 would keep me going a long time so I enquired as to the price – £1500. They’re nice fans, but not that nice. The bloke there suggested I call Acer to see if they can sell me a spare. Calling Acer “Customer Services” is bad for my blood pressure, and has never resulted in anything good – basically some fool reading from a script that appears to have inadvertently been designed put you off buying anything for Acer ever again.

Next I tried running the box without a fan, as it clearly hadn’t had one for a while. The CPU temperature was hovering around 70C, which is a bit hot. In-spec, possibly, but not the best way to ensure it has a long and healthy life.

So I had a closer look. The fan can’t fit far enough down the heat-sink due to its thickness – it fouls the fixing posts. However, it’s held on to the heat-sink with a pair of off-set brackets, and these are reversible. If you swap them over the fan will just about clear the fixing posts once they’re screwed down. That’s the key…

Remove the heat-sink, fan and brackets. You then have to replace the heat-sink and screw it down – the screws will be inaccessible with the fan in place. Then re-fit the brackets the wrong way around (swap them over). It’s a fiddle, but you can screw the fan onto the brackets with the heat-sink in position – well the outer two anyway. The inner two could probably be managed if you were keener than I was.

A standard three-pin fan plug will fit the 4-pin connector on the motherboard; just push it over the appropriate three pins and avoid the one the blue wire would have been connected to.

Although the fan is now offset by nearly an inch, the CPU is really cool – about 25C. The down side is that it’s always running full-blast and it’s a tad noisy. Does anyone know where I can get a FMD1208PKV1-A with a PWM wire cheap?

12-October-0914-February-13

New Trojan scam

Earlier this evening I intercepted a single instance of a new Trojan malware ploy, which may be of interest.

Unlike most of these scams, this one was written in good English and sounded very plausible. It was sent directly to a mail host and was pretending to come from the administrator of that host, stating that the mail server was going to be upgraded on a specific date in the near future and the SSI(sic) certificate was going to change. It instructed the recipient to download an update for the (supposed) Windows PC you were using, and this would install he new certificate. It used a mangled URL that looked like it came from the mail hosting provider.

These people are using ‘clean’ IP addresses to send from so they won’t appear in lists of known spammers. The URL for the download (1ssl-cert.net) was freshly registered, and this was the only thing about it that an automated spam detector would have noticed.

A lot of people may be fooled by this. Watch this space.

11-October-0922-July-10

Micro Men – Acorn vs Sinclair

The BBC has, for once, come up with a one-off programme I actually enjoyed – Micro Men. It’s screening now (several times) on BBC4, and if you were around at the start of the micro computer era you really should watch it. It looks like it was made for us nerds.

It deals with the rivalry between Sinclair and Acorn in the UK home computer market. Okay, it takes a lot of liberties with events and totally ignores the rest of the industry – the best you can say is that it’s fiction based on history. But if you look beyond that, the background detail was completely amazing. And I’m not just talking about having the correct covers on the issues of PCW, although this was nice to see.

For a start, look at the posters on the walls – they’re spot on. Then look at the electronics they’re playing with in the lab. That’s either the guts of a real Acorn Atom or it’s a very good reproduction, even though the chips, which would have been more interesting, are hidden on the reverse. The software on the shelves at WH Smith looks like the real thing, in the real packaging.

In the closing scenes, where Chris Curry and Herman Hauser are discussing where it all went wrong, the whiteboard behind them contains the instantly recognisable design goals of the Acorn RISC Machine (ARM). Even the briefcases the men from the ministry carried – I bought one just like that in 1978 and I’ve still got it!

Someone was obviously paying a great deal of attention to such detail, and I didn’t see anyone mentioned in the credits who could have supplied it. But could it have been Roger Wilson, the genius I’ve always believed to be behind Acorn/BBC BASIC? He featured prominently in the depiction of the Acorn team, whereas Andy Hopper was nowhere to be seen; although this is perfectly reasonable from a dramatic sense

Roger Wilson has subsequently changed to Sophie Wilson, and I got a call from an old friend claiming that she appeared (unaccredited) in a cameo role as the barmaid. I never remember meeting Roger Wilson in person, so can’t tell, but it’s plausible when looking at it again.

The final scene, where Clive Sinclair drives a C5 down a runway only to be overtaken by two lorries, one from Microsoft and one from HP is obviously symbolic of the thrust of the whole film. Romantic, but wrong, of course. We’d all been using microcomputers with Microsoft software for a couple of years before either Sinclair or Acorn came on the scene with their ultra low-cost offerings. Like most people I knew, we avoided the newcomers because they were too cut-down an unsuitable for general nerd activities – particularly interfacing to things. And their manufactured PCBs used hairline copper tracks that were covered in solder-resist – difficult to rework.

Acorn and Sinclair started too late, and ended up building the machines we all wanted in 1980. By 1984 the bulk of computers were being sold not to enthusiasts, but users wanting pre-packaged software running CP/M or MS-DOS – and the Apple Macintosh was on the scene showing the way forward. The Mac booted into user-mode whereas previous machines started with the BASIC programming prompt.

What they didn’t realise was that we were never going to become a nation of computer programmers, we were going to become computer users. And the rest is history.

8-October-0918-November-09

Outlook Send and Receive Dialog

If you’re having problems with Outlook insisting on showing you a send/receive dialog even when you have checked the box to hide it in future the solution seems to be simple. Go to the View menu and make sure “Status Bar” is ticked at the bottom.

It appears that if there is no Status Bar to display progress, Outlook will display the Send/Receive dialog regardless of the preferences you’ve set.

If this doesn’t work for you, please leave a comment below.

1-October-0918-November-09

UK Keyboard for DOS under Vista

Hat’s off to Microsoft – they have maintained backward compatibility through numerous operating systems since 1981. Even Vista can run ancient DOS applications, although Microsoft doesn’t go out of its way to explain how.

Are you having problems with DOS programs where the keyboard doesn’t always come up with the right symbols? This is because DOS programs under Vista are assumed to be using an American keyboard layout. To change this you have to dig a bit.

There’s an equivalent to AUTOEXEC.BAT called AUTOEXEC.NT in C:\WINDOWS\system32. This won’t be news to many, it’s been around for a while. From inside this you can load the appropriate keyboard driver in the same way as you did under DOS – i.e. keyb uk

Except you can’t – they’ve renamed keyb kb16. Good name, eh?

So to get a UK keyboard back I’ve found that adding the line:
kb16 UK,850,C:\windows\system32\keyboard.sys
to

C:\windows\system32\autoexec.nt

does the trick. If you’re in some other country, you could try your two-letter country code in place of UK. 850 refers to the code page.

The probably works with Windows 7. Now that I’m just getting used to Vista.

7-September-0925-November-09

I killed the computing press.

In the 1980’s and 1990’s there were a lot of interesting companies producing interesting bits and pieces related to the world of computing, and a lot people were interested in hearing about them. By about 2000, computers had become commodities, as expected. There are obviously far fewer manufactures, and their products tend to be pretty much the same. They’re mostly bought by people as tools, and most computer users wouldn’t recognise a bus controller even if it ran them over.

Not only have I stopped reviewing computer parts, I’ve stopped reading such reviews. Until now. Right now I want to read a review of current colour laser printers. Why? I want to buy one, of course, and I don’t know which one to pick.

You see, unlike PCs, it does matter which printer you choose because you want to produce the best possible output. This is something that can be tested objectively and subjectively by an independent human; you won’t be able to decide it by looking at the competing specifications. And speaking of specifications, they’re probably not going to be entirely honest when it comes to other metrics, so there’s not substitute for some standard test prints and a stopwatch.

I rang a friend from the Golden Age who should have known, and asked where the reviews were to be found now that Personal Computer World had folded. I was shocked at what I learned. Apparently the decline of the computer press is far worse than I feared. Not only has PCW disappeared, but PC Magazine is no more (in Europe) and the remainder are fading away. There’s no advertising revenue. And it’s all my fault! Yes – I haven’t even bought a computer mag in years. How could I have bought anything through reading adverts? Or reviews?

But reviews are essential. Without them, how can anyone decide what’s good and what’s not? Where are the reviews? If anyone can tell me, then please do.

I was directed towards cnet – founded by some ex-VNU types, apparently. Also, to my surprise, Trusted Reviews They do know a bit about what they’re reviewing, but I suspect, having read some of them, that there aren’t many big guns on the staff to provide context. In fact I do wonder about there being much in the way of staff at all. Staff cost money and there’s precious little of that around for journalism. And no, there were no comparative reviews of current printers to be found.

Other on-line reviews are written by users. There’s always danger they’ve been written by idiots, but either way, they’re necessarily ill-informed. If I were to review a printer now, I’d be ill-informed too. I’d need to have seen most of the printers out there in order to appreciate the good and bad points relating the the review’s subject, and that’s not going to be the case with a user.

User reviews are either full of praise or damming. Most people spending their hard-earned money on something are hardly likely to say they made the wrong choice. They’ll believe they’ve bought something good – if not they wouldn’t have handed over the dosh in the first place. They start off biased. Only if the item fails to deliver will they refrain from gushing praise in it’s direction. Instead, they’ll utterly condemn it, being furious with the supplier and manufacturer for having conned them.

So given that professional reviews are still needed, what’s the business model going forward?