Ramblings & ephemera

Eavesdropping with your cell phone

From David S. Bennahum’s “Hope You Like Jamming, Too” (Slate): …innovative industrial spies, who have several neat new tricks. These days, a boardroom Mata Hari can purchase a specially designed cell phone that will answer incoming calls while appearing to be switched off. In a business meeting, she could casually leave her phone on the […]

How an email account without passwords can be good for security

From Robert X. Cringely’s “Stream On“: Mailinator is ad hoc e-mail for those times when just maybe you don’t want to use your regular e-mail address. Say you are snitching on the boss, buying inflatable people, or want 32 different PayPal accounts. Just tell someone—anyone—that your e-mail address is fatman@mailinator.com or skinnykid@mailinator.com, or clueless@mailinator.com or […]

The email dead drop

From the L.A. Times‘ “Cyberspace Gives Al Qaeda Refuge“: Simplicity seems to work best. One common method of communicating over the Internet is essentially an e-mail version of the classic dead drop. Members of a cell are all given the same prearranged username and password for an e-mail account on an Internet service provider, or […]

Laundering a car’s VIN

From Bruce Schneier’s Crypto-Gram of 15 October 2003: Precision stripping: criminal steals car, chop shop strips car completely down to chassis, chassis dumped on street, cops tow chassis away, chassis sold at auction, criminal buys chassis, chop shop reattaches parts. Result: legitimate car that can be legally sold used. The VIN has been ‘laundered’.

Jeff Bezos on the differences between gifts and choices

From Jeff Bezos’s “We are What We Choose: Remarks by Jeff Bezos, as delivered to the Class of 2010 Baccalaureate” (Princeton University: 30 May 2010): What I want to talk to you about today is the difference between gifts and choices. Cleverness is a gift, kindness is a choice. Gifts are easy — they’re given […]

The origin of the word “munge”, “hack”, & others

From Steven Levy’s Hackers: Heroes of the Computer Revolution (Penguin Books: 2001): 23: The core members hung out at [MIT’s Tech Model Railroad Club in the late 1950s] for hours; constantly improving The System, arguing about what could be done next, developing a jargon of their own that seemed incomprehensible to outsiders who might chance […]

Malware forges online bank statements to hide fraud

From Kim Zetter’s “New Malware Re-Writes Online Bank Statements to Cover Fraud” (Wired: 30 September 2009): New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report. The sophisticated hack […]

Various confidence scams, tricks, & frauds

From “List of confidence tricks” (Wikipedia: 3 July 2009): Get-rich-quick schemes Get-rich-quick schemes are extremely varied. For example, fake franchises, real estate “sure things”, get-rich-quick books, wealth-building seminars, self-help gurus, sure-fire inventions, useless products, chain letters, fortune tellers, quack doctors, miracle pharmaceuticals, Nigerian money scams, charms and talismans are all used to separate the mark […]

Crazy anti-terrorism plans that worked

From a Special Operations officer quoted in Tom Ricks’s Inbox (The Washington Post: 5 October 2008): One of the most interesting operations was the laundry mat [sic]. Having lost many troops and civilians to bombings, the Brits decided they needed to determine who was making the bombs and where they were being manufactured. One bright […]

How the Storm botnet defeats anti-virus programs

From Lisa Vaas’ “Storm Worm Botnet Lobotomizing Anti-Virus Programs” (eWeek: 24 October 2007): According to an Oct. 22 posting by Sophos analyst Richard Cohen, the Storm botnet – Sophos calls it Dorf, and its also known as Ecard malware – is dropping files that call a routine that gets Windows to tell it every time […]

How con artists use psychology to work

From Paul J. Zak’s “How to Run a Con” (Psychology Today: 13 November 2008): When I was in high school, I took a job at an ARCO gas station on the outskirts of Santa Barbara, California. At the time, I drove a 1967 Mustang hotrod and thought I might pick up some tips and cheap […]

A botnet with a contingency plan

From Gregg Keizer’s “Massive botnet returns from the dead, starts spamming” (Computerworld: 26 November 2008): A big spam-spewing botnet shut down two weeks ago has been resurrected, security researchers said today, and is again under the control of criminals. The “Srizbi” botnet returned from the dead late Tuesday, said Fengmin Gong, chief security content officer […]

Social engineering a bank robbery

From Ernesto Londono and Clarence Williams’s “Md., D.C. Banks Duped By Phony Cash Courier” (The Washington Post: 12 January 2008): And on Thursday, about 9:30 a.m., a man dressed as an employee of the security company Brink’s walked into a Wachovia branch in downtown Washington and walked out with more than $350,000. The man had […]

Cloned trucks used to commit crimes

From Brian Ross’ “Fake FedEx Trucks; When the Drugs Absolutely Have to Get There” (ABC News: 18 January 2008): Savvy criminals are using some of the country’s most credible logos, including FedEx, Wal-Mart, DirecTV and the U.S. Border Patrol, to create fake trucks to smuggle drugs, money and illegal aliens across the border, according to […]

How the Greek cell phone network was compromised

From Vassilis Prevelakis and Diomidis Spinellis’ “The Athens Affair” (IEEE Spectrum: July 2007): On 9 March 2005, a 38-year-old Greek electrical engineer named Costas Tsalikidis was found hanged in his Athens loft apartment, an apparent suicide. It would prove to be merely the first public news of a scandal that would roil Greece for months. […]

Craigslist “everything is free!” scams

Robert Salisbury From “Man scammed by Craigslist ad” (The Seattle Times: 24 March 2008): The ads popped up Saturday afternoon, saying the owner of a Jacksonville home was forced to leave the area suddenly and his belongings, including a horse, were free for the taking, said Jackson County sheriff’s Detective Sgt. Colin Fagan. But Robert […]

Synchronization attacks at fast food drive-through windows

From Bruce Schneier’s “Getting Free Food at a Fast-Food Drive-In” (Crypto-Gram: 15 September 2007): It’s easy. Find a fast-food restaurant with two drive-through windows: one where you order and pay, and the other where you receive your food. This won’t work at the more-common U.S. configuration: a microphone where you order, and a single window […]

A wireless router with 2 networks: 1 secure, 1 open

From Bruce Schneier’s “My Open Wireless Network” (Crypto-Gram: 15 January 2008): A company called Fon has an interesting approach to this problem. Fon wireless access points have two wireless networks: a secure one for you, and an open one for everyone else. You can configure your open network in either “Bill” or “Linus” mode: In […]

To solve a problem, you first have to figure out the problem

From Russell L. Ackoff & Daniel Greenberg’s Turning Learning Right Side Up: Putting Education Back on Track (2008): A classic story illustrates very well the potential cost of placing a problem in a disciplinary box. It involves a multistoried office building in New York. Occupants began complaining about the poor elevator service provided in the […]

A cheap, easy way to obfuscate license plates

From Victor Bogado da Silva Lins’ letter in Bruce Schneier’s Crypto-Gram (15 May 2004): You mentioned in your last crypto-gram newsletter about a cover that makes a license plate impossible to read from certain angles. Brazilian people have thought in another low-tech solution for the same “problem”, they simply tie some ribbons to the plate […]