Archive for the ‘Trojans’ Category

Final Post

October 2, 2009

No – I’m not dead yet!!

This is a final post at Tigerstail.wordpress.com because I am tired of seeking knowledge and bitching about that which is. It is time to use my skills to develope the solutions to all of the problems I have discovered.

Join Me at jimmicap.wordpress.com

Advertisements

IE8 Privacy is an Oxymoron

September 20, 2008

I could have said that the IE8 privacy function is a lie or a joke but I happen to like the word oxymoron. In my preliminary tests I was acting as if my life and future depended on my online privacy and didn’t bother doing a comparison. I found my surfing history in cache memory, that Ccleaner didn’t wipe the cache memory information and that there was a hidden system file called PrivacIE (pronounce that “Priv A C”) which contained a hashed index.dat file which was untouchable. Not a bad find for a quick survey. I did a preliminary test against Firefox 3 automatically wiping all privacy data on closing and found a few lingering cookies which Ccleaner seemed to wipe out but no cache memory of the sites I visited.

I sort of find a hashed index.dat file (in a folder called PrivacIE) and a record of my surfing history in cache memory an insulting and direct compromise of the promise of real internet privacy.

If anyone cares about the method, I’ll do a post on it.

Live Linux CD -Dead Computer

February 19, 2008

It appears that linuxcrayon has the gift of prophecy or maybe just hard earned knowledge. I was using a Live CD to track the code on some disgustingly evil sites. Even though it was a Live CD on a minimal machine (no hard drive), I’m still in the habit of monitoring netstat to see who’s monitoring me. Now I was a little surprised to find that I had probes from carnivore and a couple of corporate spies watching me surf crap.

I wasn’t too worried as every time I turned the machine on it came back as a brand new machine with no tracks. On a regular machine with permanent programming, the Spyware is there the moment you turn the machine on so it’s pretty hard to find out where you caught the crap once you’ve got it. With a Live Linux CD, every day is a new machine with no history so you can start surfing while watching netstat and see where you get your invaders. If you miss it today you can try again after . Trust me, if you pick up military strength malware on a regular machine, you can never shake the crap so it’s tough to track it to the source.

Well pride about my cleverness came right before my fall and the knowledge of Linuxcrayon was predictive. I was using a Knoppix operating system and a Firefox browser and it started getting unstable. I switched to a DSL (Damn Small Linux) operating system and their proprietary version of Firefox. The stability lasted a few days and I thought that it was a malware injected into memory much like the Firefox Browser update which occurs every time you start-up a Live Linux CD and open the browser. But then everything went to hell.

I could no longer enter the Bios on start-up, Flashing and resetting the BIOS didn’t help and the system would not operate off line. So what ever damage was being done was permanent and not due to imbedded software. Then the machine just stopped working. Post card says my CPU is fried.

Well this noble machine had been through a lot. It started life as a windows machine which was slammed during the trial as I investigated various evidence sites which were still online. I gave the hard drive the lots wife tratment and replaced the CD drive and tried to rebuild it as either a windows machine or a LInux box to no avail. It was unstable. As a medium for running a live CD, the machine hung on for another 3-4 months doing reconisance on a lot of shit sites. and publishing the results. It was on this machine that I discovered Google Dorking 4 Kiddie Porn and exposed sites which should be Hacked to death.

Just for laughs, I have purchased a couple of motherboards and hope to return this box to active duty.

Why use a Virtual Machine?

February 9, 2008

Well their is good news and bad news about simple Virtual Machines. At it’s simplest, a virtual machine is just a live Linux CD on an old computer without even a hard drive. The one I’m currently using has a motherboard with a fried BIOs and an embedded Trojan but Linux does not rely on the BIOS and Trojans rarely are cross platform.

With a live Linux CD, you don’t need a storage area and with a gig of RAM, you can quickly surf without worrying about porn loaders or malware of any sort. The nice thing is there is no permanent record in hidden index.dat files or in log files written in geek. Shut the machine down and everything you did is gone including all cache files of images, cookies and history. Since possession of weird shit is the major crime and the easiest to prove with the un-erasable hidden files on your hard drive, you avoid that trap. Unbelievably, your hard drive holds a near permanent record of your surfing history and a copy of every image you have ever seen whether on purpose or not.

So on one hand you get some element of protection but on the other hand there is still information being conveyed to anybody that wants to spy on you. First, at the local level we have the FBI’s ability to spy on every private citizen in America. The powers of Carnivore and Echelon to track all of your surfing activity whether wired or wireless are incredible. I wouldn’t bet that a keystroke logger won’t work on a virtual machine. After all, my virtual machine uses an older version of Firefox which accepts an update and installs it in RAM. Not much different than accepting a keystroke logger with “ET call home” capabilities which would report on all of your surfing habits, emails, and instant messages. Since wireless intercepts are up close and personal and Carnovor is nestled at your ISP level, I’m not even sure that a proxy will help to hide your surfing activity because the spying is already done by the time you request reaches a proxy. (a keystroke logger even defeats encrypted URL’s)

This is one of those classic Mexican stand-offs. You will be observed and unless you are actually making kiddie porn or building bombs, I doubt that anybody would really want to explore spy technology at a trial because the Government’s technical capabilities of information gathering is probably being illegally used. It’s far easier to trash your machine, get you to a repair shop, and let you self incriminate as the courts have ruled that you have no expectation of privacy when you take a machine in to get it repaired so any evidence on the machine can be used to set you up. This is the biggest advantage to virtual machines- they dont go to repair shops.

While there is no evidence on your machine that you are engaging in dangerous activity, never assume there is no evidence at all.

I got a little bolder on my virtual machine and found out just how much information can be gathered from a virtual machine which allows cookies. (If you don’t allow cookies, you can’t explore many sites and as soon as you allow them there is information being transfered.)

Please check the comment section for an intelligent bit of information from linuxcrayon.

Kolmic.com, The Family Tree

January 12, 2008

For most people finding evil sites is tough and even after you get a browser hijack or a URL redirect from your Browser, you’re never quite sure what site infected you. Now my perspective is somewhat different, I have my list of known kiddie porn sites which exist by consent of the government and also associated law enforcement honeypots. I periodically go to these sites and check the source code to find out who the face page is linking to. It seems that all the control is usually from one master computer with face URL’s gathering their feeds and images from that master. When one feed site gets so famous that it is blocked by crapware protection, they switch to the next site. Right now everyone concerned with cnomy.com or Kolmic.com for crapware should also start blocking malkm.com at the firewall level.

Finding these associations is fairly easy once you know the starting point.

If your a sex starved teenage you might dream of multiple partners at:

Orgy.com where the source code shows the javascript and pictures come from Kolmic.com

Hell, you might even dream of multiple orgies at:

Orgies.com where the source code shows the javascript and pictures come from Kolmic.com

If your too young to dream of orgies, you may just want to see naked people at:

naked.com where the source code shows the javascript and pictures come from naked.com and a pop-up comes from kolmic.com

Now these are all tame sites so you might want something more raunchy at:

raunchy.com which redirects to freetube.com with a pop-up from Kolmic.com

Now at one point, the source code for kolmic.com showed scripts and pics from cnomy.com so it’s not surprising that:

femalesex.com also redirects to freetube.com with a cloned pop-up of kolmic from cnomy.com

If you can’t spell, orgie.com used to redirect to raunchy.com but now:

orgie.com redirects to freetube.com

Siteadvisor.com confirms the link between orgie.com and ranuchy.com

So what is the future bad boy on the block to serve our nation at war. My money is on malkm.com based on information obtained from Lolitacj.com which was one of two sites that sent Charles Stephano to jail. When you check siteadvisor.com for lolitacj.com it says it links to kolmic.com yet when you go to:

lolitacj.com, the source code is from malkm.com while the cloned pop-up of kolmic shows cnomy.com source code.

A quick check of malkm.com shows it is connected to erotika.ru and the list of entrapment sites continues to grow.

There are many branches of this tree with crooked roots.


Even Will Smith should be able to decide that kolmic.com was designed by evil people.

Born to Be Bad – Will Smith, Kolmic and Hitler.

January 7, 2008

Will Smith started quite a controversy when he said that he believed that all people are intrinsically good and because he used Hitler as an example the argument degenerated without thought. Well Mr. Smith, I beg to differ and I use as my argument the Internet which I doubt that you know too much about.

Internet usage seems to be dominated by the concept that people do bad just because they can and only do good when they want to. Christ, I might say that that concept even includes Government sites which have a tendency to politicize every fact for political correctness or to dissociate blame. I mean who can possibly believe the psycho who designed the online war game for young people using actual Army equipment interfaces to recruit people. No one could believe this site was designed to do intrinsic good for the nation unless you believe that the use of Gaming addicts as soldiers is the highest and best use of these compulsive children. On the civilian side, what psycho would want to take down Norad for bragging rights or open the secrets of NSA to the world just to prove it can be done?

The internet is full of very twisted people. I casually included Kolmic.com on a list of sites that couldn’t be explored using Google Hacking techniques and immediately people stated flocking to my sites with Kolmic as the search term. Seems I stumbled on Kolmic in my research on American Kiddie Porn and I do mean I was lucky to make the connection to Government supported kiddie porn sites.

On the surface, they are a dramatic success story. They are touted at killerstartups.com as a new search engine. Quantcast.com ranks the site as being 314 in the world while alexa.com ranks them at 1917. IPwalk.com shows them hosting 11,650 domains. Their daily traffic is over 150,000 people per day.

These are incredible numbers considering the site was only organized about 8 months ago and the ownership of this fantastically successful organization is secret with a stealth registration. The IP information suggests Boston but a more realistic guess would put them in Houston working with Everyones Internet.

So what’s bad about a fantastic success in only six months, other than the direct connection to domestic kiddie porn and law enforcement honeypots. It seems that this brand new site is already attracting complaints about URL redirection, start page hijacking and other techniques common to the porn industry and image loading to unsuspecting surfers. One very complete analysis can be found in the comment section of McAfee Site Advisor by phantazm.

Obviously Kolmic.com was a site born to be bad by people with very evil intentions who hide anonymously in cyberspace because of the cowards they are.

Too bad Mr. Smith, there really are some fucking evil people in this world.

Screwing up XP!

January 6, 2008

I’ve sort of been suggesting that part of the reason that Vista has not been universally accepted is because Windows XP is a mature, sable and secure operating system which has no need for a replacement except perhaps in the gaming community. There are many independent companies that understand the system and are writing independent security software to defend you against Virus, malware and to secure your privacy against unwanted preservation of sensitive data or images.

The truth is you can do a pretty good job of defending your machine by using Firefox as your browser with settings that insure your privacy and erase all surfing history. Naturally, you can back this up with Ccleaner and an independent antiviurus and your in pretty good shape. You may want to use your traditional XP search function to check for cookies that may have been missed and to check the images in all hidden and back-up files. After everything unwanted has been eliminated, defragment your system and overwrite your unused space with a seven pass disk wipe.

From what I know of forensics, that is probably enough to prevent the repairman at your computer repair shop from reporting you to Homeland Security and may be enough to prevent recovery of images and files after you reformat your hard drive. (However, if it were my freedom at stake, I would give the drive the Lot’s wife treatment and buy a new drive.) Overall, I am fairly well convinced that XP is a defendable operating systems for mere mortals that follow a set routine and pay attention to security.

Since this belief is probably true, it leaves, Microsoft and the government out in the cold when you choose to observe their nefarious connections. No, you cannot stop unwanted predators from connecting to your machine and probing you but you can keep your machine clean enough that there is little there to find. Now with Vista, this is clearly not the case. There are back-ups of everything as the default and many are complaining that that use of Vista will be a one way ticket to jail or unemployment as your total computer use is an open book.

So what is the answer for Microsoft and the Government to threats from a protectable XP operating system? Simple, introduce an unavoidable SP3 service pack. I mean I avoided the upgrade for IE7 forever or at least until there were so many vulnerabilities that were left unplugged until I down loaded it even though I use Firefox. I suspect avoiding SP3 will eventually leave me so exposed that I will have to do it and ultimately upgrade myself to a system as unknown and undefendable as Vista. Once this happens I may as well switch to Vista.

Oh well, shit happens.

Resistance is Futile, Knowledge is Soporific!

Screw Google or Scroogle

January 1, 2008

It’s kind of hard to ignore the best search engine in the world and there are two serious contenders for allowing this option. First, is Ask.com which for the time being is committed to not keeping your individual search records. Keep in mind this is a publicly traded company which would not want to piss off Uncle Sam so there are economic limits to how much they will invest to defended your right to privacy. With Google-ites making asses of themselves relative to site filtering and screwing over the people in China, it doesn’t take much of a corporate investment to look a little better and that’s what Ask.com has done. Still, there is the issue of search quality.

When you put yesterdays title (Bin Laden, Google and the CIA) in Ask or Google nothing is returned. When you put “Is Google Spying?” in the two search engines, The Tigerstail post is number 2 in Google and does not appear in Ask.com. It would appear that Ask has to do a little better job of crawling the Web and creating a database if they are going to compete with Google.

Scroogle.org sounds almost too good to be true. They run a proxy service that deletes all Google cookies and logs. They do the search for you at Google, strip all identifying features and return the answer. The are a non profit organization and have extremely limited onsite information about them or their creators. Of course they return the same results as Google but this does not always have to be the case. Google could spend a lot of time and money to screw Scroogle.org but for now they seem to get you the best anonymous results possible. Since I trust nothing and do a lot of rechecking of information, I doubt that I’ll be the one they fail when Google screws them. BUT, you never know who that one will be.

For now, Scroogle seems to give the same search as Google without the advertising and that might be their downfall.

Bin Laden, Google and the CIA

December 31, 2007

Starting about a year ago, credible sources started claiming that Google was feeding information to the CIA. Now I’m not sure why any jackass would even waste a baying breath denying such a rumor when it’s so obviously true. Sans Teaches several courses on Google Hacking and Johnny Long has written several books on the topic. As early as 1999, NATO started publishing an Open Source Intelligence Handbook and by 2002 had issued a separate publication on exploiting information on the Internet. Only the most stupid Google apologist would bother denying that the CIA uses the largest database on the planet to gather information and probably pays them to teach people how to do it.

Now the issues of information filtering, diminished page rankings and generally interfering with your rights is a little more debatable. Two of the four freedoms defined by President Roosevelt were freedom of speech and freedom from fear particularly of an oppressive government. Google used to brag that they had no censorship but as previously discussed they are de-listing pages from the Internet based on complaints without the existence of a Legal Cease and Desist orders. Also, they consented to censor content for the Chinese version of Google including sites only mildly critical of the central government indicating that the have the capability of censorship and the corporate will to do it if paid enough. Their new policy acknowledges that they will engage in censorship to assist law enforcement, obey regulations and as a matter of policy which covers darn near any reason in the world.

It would appear that this policy extends to publishing false listings for controversial anti-government documentary movies.

Now what brought all this to mind was yesterday I told a little Joke about bin Laden and George Bush over at the FatSavage Blog and amazingly a search engine picked it up and it became my most popular single day post. It was so popular that I jumped to number 59 on the listing of most popular WordPress Blogs. Today not a single person reached “My Apologies” by way of a search engine.

Go figure!!! Is my sense of humor being filtered to protect an almost totally tasteless Web or is this just old fashioned censorship?

Is Google Spying?

December 30, 2007

Seventy seven percent (77%) of Google Users are not aware that Gogle is spying on them and neither was I.

I tried researching the topic but didn’t find much information. I knew that Google used email filters and linked advertising to the content so that when Cousin Ed told you that Auntie Mame died, your email might include an advertisment for coffins and flowers. While that may be cool technology, I avoided it by avoiding a Gmail account.

Even after I read accounts that I would be 92 when my Google cookie expired and their new privacy policy would delete all records after 2 years unless requested to retain them longer by law enforcement, I wasn’t terribly concerned. I mean I have seen the use of Google Cookies which contain my IP, Hotmail account, my surfing habits to other sites and all my porn cookies so fore warned is fore armed and defend yourself. After all these are browser side records and can be erased and wiped when you close your Browser (with quite a bit of effort).

All this changed when I had the need to sign up for an email account under my own name instead of Mr. Daimon, fatsavage or other ficticious names. I cleverly opted out of email advertising so I could avoid coffin offers when my mother dies and did a minimal sign-up with minimal information even avoiding address and location. I didn’t think much about it and only used it for commercial activity under my own name. I only signed up with GoogleTalk to track my email because that’s faster than signing in on their web page and going to their rather slow site only to find you have no mail.

Last week I had the need to sign up as a Google Developer so I paid more attention to their site. Seems there is a button in the upper right that allows you to sign in to Google and that happens rather automatically when you sign in to GoogleTalk or at least it did for me. It showed I have an account and a history which I know I never signed up for.

The history has been keeping track of me more or less since the day I signed in for my Gmail account. It is the default option which you have to work to turn off. Naturally, I checked my history and was appalled. I’m doing a Sans Security Course and am looking up various penetration tools. I am also blogging about some pretty nasty sites. Of the hundreds of searchs I do a day, my Google history only registered the ones which make me out to be a pervert or a security risk.

Of course, I deleted the records but all that means is that I will no longer see them. They already have my IP, my email account, cookies from all accounts, the record of cookies from sites visited etc. I really didn’t accomplish anything by turning off their blatent record keeping. They still have all the rest and have publically stated they will keep it for two years.

It would appear my only real option is to stop using their services. To many that would be a tough choice, but if they have already blocked access to your site and Ask.com is doing a pretty good job of searching and you have no commercial revenues from the web, I can’t think of a serious downside.