November 2006

Bad passwords for SSH

security, technology / /

From Christian Seifert’s “Analyzing malicious SSH login attempts” (SecurityFocus: 11 September 2006):

First, we analyzed the login names that were used on the login attempts. During the sample period, there were 2741 unique account names ranging from common first names, system account names, and common accounts to short alphabetical strings captured by the system logger. Of those, the 15 account names used most often are shown in Table 1. This table shows accounts that usually exist on a system (root, mysql), accounts that are likely to exist on a system (guest, test), as well as common first names (paul). Then Figure 1 shows the distribution of valid and invalid account names that were used.

Account Name Number of login attempts
root 1049
admin 97
test 87
guest 40
mysql 31
info 30
oracle 27
postgres 27
testing 27
webmaster 27
paul 25
web 24
user 23
tester 22
pgsql 21

Table 1. Top 15 account names among 2741 attempts.

Next, we looked at the passwords used in the login attempts. The attackers tried a range of passwords with most of the account names. In total during our analysis, they attempted to access 2741 different accounts and used 3649 different passwords. Not all passwords were used with all accounts. The passwords ranged from account names, account names with number sequences, number sequences, and keyboard sequences (like ‘qwerty’). There were a few more complex passwords used with seemingly random letter and number sequences or common substitution passwords (like r00t or c@t@lin).

Table 2 shows the top 15 passwords used in malicious login attempts.

Password Number of login attempts
123456 331
Password 106
Admin 47
Test 46
111111 36
12345 34
administrator 28
Linux 23
Root 22
test123 22
1234 21
123 20
Mysql 19
Apache 18
Master 18

Table 2. Top 15 passwords attempted.

Bad passwords for SSH Read More »

More on Fordlandia

business, history, politics, technology / /

From Mary A. Dempsey’s “Fordlandia” (Michigan History: July/August 1994):

Screens were just one of the Yankee customs transported to Fordlandia and Belterra. Detroit physician L. S. Fallis, Sr., the first doctor sent from Henry Ford Hospital to run the Fordlandia medical center, attempted to eradicate malaria and hookworm among Brazilian seringueiros (rubber gatherers) by distributing quinine and shoes. The quinine was accepted but shoes were an unwelcome novelty. It is an exceptional photo that shows the shirtless seringueiros, machetes in hand, shod only with floppy rubber-soled sandals; their children went shoeless. The jungle dwellers also found Fordlandia’s two-family homes hopelessly hot and ugly and the idea of bathrooms repulsive. Even today, plumbing is a rarity in the jungle.

At the same time, Ford’s 6:00 A.M. to 3:00 P.M. work schedule was unpopular with plantation employees accustomed to slashing trees several hours before dawn, then resuming the work at sunset for piecemeal pay. But the promise of free housing and food, top-notch health care for the workers and their families, and a salary of thirty-seven cents a day—double the regular wage—kept the seringueiros on the job. …

Generally, the company-imposed routine met hit-and-miss compliance. Children wore uniforms to school and workers responded favorably to suggestions they grow their own vegetables. But most ignored Ford’s no liquor rule and, on paydays, boats filled with potent cachaca—the local sugar-can brew—pulled up at the dock. Poetry readings, weekend dances and English sing-alongs were among the disputed cultural activities. …

Former Kalamazoo sheriff Curtis Pringle, a manager at Belterra, boosted labor relations when he eased off the Dearborn-style routine and deferred to local customs, especially when it came to meals and entertainment. Under Pringle, Belterra buildings did not contain the glass that made the powerhouse at Fordlandia unbearably hot, and weekend square dancing was optional. Alexander said Henry Ford balked at building a Catholic church at Fordlandia—even though Catholicism was the predominant Christian religion in Brazil. The Catholic chapel was erected right away at Belterra. …

Alexander said of the long-closed but impeccably maintained facility that once boasted separate wards for men and women, thirty nurses, a dentist, three physicians and a pharmacist, who also administered anesthesia during surgery.

More on Fordlandia Read More »

Henry Ford’s debacle in the jungle

business, history, politics, technology, weird / /

From Alan Bellows’s “The Ruins of Fordlândia” (Damn Interesting: 3 August 2006):

On Villares’ advice, [Henry] Ford purchased a 25,000 square kilometer tract of land along the Amazon river, and immediately began to develop the area. …

Scores of Ford employees were relocated to the site, and over the first few months an American-as-apple-pie community sprung up from what was once a jungle wilderness. It included a power plant, a modern hospital, a library, a golf course, a hotel, and rows of white clapboard houses with wicker patio furniture. As the town’s population grew, all manner of businesses followed, including tailors, shops, bakeries, butcher shops, restaurants, and shoemakers. It grew into a thriving community with Model T Fords frequenting the neatly paved streets. …

But Ford’s effort to transplant America– what he called “the healthy lifestyle”– was not limited to American buildings, but also included mandatory “American” lifestyle and values. The plantation’s cafeterias were self-serve, which was not the local custom, and they provided only American fare such as hamburgers. Workers had to live in American-style houses, and they were each assigned a number which they had to wear on a badge– the cost of which was deducted from their first paycheck. Brazilian laborers were also required to attend squeaky-clean American festivities on weekends, such as poetry readings, square-dancing, and English-language sing-alongs.

One of the more jarring cultural differences was Henry Ford’s mini-prohibition. Alcohol was strictly forbidden inside Fordlândia, even within the workers’ homes, on pain of immediate termination. This led some industrious locals to establish businesses-of-ill-repute beyond the outskirts of town, allowing workers to exchange their generous pay for the comforts of rum and women. …

Workers’ discontent grew as the unproductive months passed. Brazilian workers – accustomed to working before sunrise and after sunset to avoid the heat of the day – were forced to work proper “American” nine-to-five shifts under the hot Amazon sun, using Ford’s assembly-line philosophies. And malaria became a serious problem due to the hilly terrain’s tendency to pool water, providing the perfect breeding ground for mosquitoes.

In December of 1930, after about a year of working in a harsh environment with a strict and disagreeable “healthy lifestyle”, the laborers’ agitation reached a critical mass in the workers’ cafeteria. Having suffered one too many episodes of indigestion and degradation, a Brazilian man stood and shouted that he would no longer tolerate the conditions. A chorus of voices joined his, and the cacophony was soon joined by an orchestra of banging cups and shattering dishes. Members of Fordlândia’s American management fled swiftly to their homes or into the woods, some of them chased by machete-wielding workers. A group of managers scrambled to the docks and boarded the boats there, which they moved to the center of the river and out of reach of the escalating riots.

By the time the Brazilian military arrived three days later, the rioters had spent most of their anger. Windows were broken and trucks were overturned, but Fordlândia survived. …

In 1933, after three years with no appreciable quantity of rubber to show for the investment, Henry Ford finally hired a botanist to assess the situation. The botanist tried to coax some fertile rubber trees from the pitiful soil, but he was ultimately forced to conclude that the land was simply unequal to the task. The damp, hilly terrain was terrible for the trees, but excellent for the blight. Unfortunately no one had paid attention to the fact that the land’s previous owner was a man named Villares– the same man Henry Ford had hired to choose the plantation’s site. Henry Ford had been sold a lame portion of land, and Fordlândia was an unadulterated failure. …

Be that as it may, Ford’s perseverance might have eventually paid off if it were not for the fact that scientists developed economical synthetic rubber just as Belterra was establishing itself. In 1945, Ford retired from the rubbering trade, having lost over $20 million in Brazil without ever having set foot there.

Henry Ford’s debacle in the jungle Read More »

Clarke’s three laws of prediction

tech in changing society, technology / /

From Wikipedia’s “Clarke’s three laws” (2 November 2006):

Arthur C. Clarke formulated the following three “laws” of prediction:

1. When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.

2. The only way of discovering the limits of the possible is to venture a little way past them into the impossible.

3. Any sufficiently advanced technology is indistinguishable from magic.

Clarke’s three laws of prediction Read More »

My reply to those “You sent a virus to me!” emails

security, tech in changing society, technology / /

On Saturday 17 April 2004, I received the following email from someone I didn’t know:

> Hello,
>
> I am not sure who you are but our security detected a Netsky virus in an
> email that you sent. Whether a personal message or a spam, please make
> attention to the fact that you are spreading viruses and have your systems
> checked. Also, when a virus is detected the message does not get through so
> we have no idea who you are or the nature of your message.

My reply

I really wouldn’t bother sending these messages out, or you will find yourself with a full-time job.

Virtually every modern virus spoofs the sender of the email address of the sender. In other words, the virus scans the infected computer for email addresses, and then picks one for the TO field and one for the FROM field. Someone that has both of our email addresses on their computer is infected, and the virus chose your email address for TO and my email address for FROM. That is the extent of it. Unfortunately, we have no way to knowing who really is infected, so emailing the person who appears to have sent the email is a complete waste of your time.

Finally, I could not be infected, as I do not use Windows. I use Linux, which is impervious to the glut of viruses and worms that infect Microsoft’s poorly-coded operating system.

My reply to those “You sent a virus to me!” emails Read More »

My late May, 2004

commonplace book, true stories / /

From the email archives:

On Sunday 30 May 2004 11:32 pm, Jerry Hubbard wrote:
> How is everyone? Hope the storms did not harm anyone.

My basement flooded twice, my tenant’s kitchen had water streaming in through the window frame, our backyard fence was blown down, the umbrella on our deck was blown off the deck into the yard while flipping the table over, and I found a dead cat in the alley (which I buried in our back yard).

Oh, and my car needs a new transmission: $1900.

Other than that, a typical week.

My late May, 2004 Read More »

Best Denise quote ever

overheard / /

We went to see Troy last week. At the end of the movie, the Trojans drag the Trojan Horse into the city. They party, celebrating what they think is the abandonment of the war by the Greeks, and everyone collapses into a drunken stupor. Cut to the waiting Greek ships, hidden a few miles away, just waiting for the signal. Later that night, the sides of the horse slowly open, and out clamor the Greeks who were hidden inside.

DENISE (sincerely): Oooh … I knew that was going to happen!

Best Denise quote ever Read More »