Do you know who you are?

GAT circa 1995

The above photo was taken in the backyard of my house sometime around 1995 at one of the infamous 617 barbecues known as Grillathon. There are some people in that pic who are now rather famous in certain circles. There are a LOT of people who where at the BBQ who have gone on to bigger and better things within the infosec industry. There are even more people from the same 617 area who now head security departments at fortune 100 companies, hold high level positions at DOD, who hold millions of dollars of VC money in the palm of their hand.

Some have embraced their past, they openly admit who they associated with, and wear it almost as a badge of pride. Others actively hide away from it. They want no mention of their past associations or that they even once used a handle. <gasp> I’m not talking about admitting to past crimes or other transgressions. There is no need to say you pownd an entire country in 1998 (who didn’t), no, I’m just talking about admitting who you were, and who your friends were. I don’t understand why this scares some of us so much.

It is one thing to not advertise certain facts but its another to actively go out of your way to dissociate with your past, and it pisses me off. We all know who you are and who you were, do you?

Speaking of 617, you may have noticed Lady Ada (Limor Freid) on the cover of Wired this month (April 2011). One of dozens of people from the late nineties 617 BBS scene to go on to huge success. I’d love to make a list of people who where in the scene then and where they ended up but I suspect it would upset a lot of the people who are hiding their past.

I might do it anyway. I would be afraid of leaving people out, remind me who was around 617 back then and where they are now. If you were around back then and think making such a list would be a bad idea, let me know that to. I may not listen to you, but I might. Depends on how pissed I get about it.

PC Protect

Internet scams are a dime a dozen from pop ups for fake anti-virus software packages to cleverly designed phishing websites that look exactly like your banks login page. Internet criminals will try just about anything if they think they can get away with it. Today I think I ran into what I think is a totally new scam that definitely involves your land line telephone, and I am pretty sure it involves the Internet, but I’m not sure.

The telltale sign that you have been had is a monthly charge on your telephone bill for $19.99 for something called “PC Protect”. Now a business of any measurable size is going to a have a phone bill such that an additional charge of $19.99 is going to be barely noticeable and I suspect that this is exactly what whoever is doing this scam is counting on. Thankfully the company I work for has an eagle eyed accountant and when she spotted the extra charge she quickly brought it to my attention and asked what it was. I had no idea, but with a name like “PC Protect” my spidey sense started tingling immediately.

A quick google search turned up a snazzy one page website (which I can no longer seem to find) full of web 2.0 goodness that looked like it was just there to sign people up to some sort of anti-something service. At the bottom of the page in the tiny tiny fine print there was a statement about how people could dispute charges by calling a number. Well, obviously we called. The first time they claimed to be from quizrocket DOT com (no, I won’t actually link to the site) the second time they claimed to be usprizedraw DOT com. We complained about the charges and they basically said tough, that our employee John Smith authorized the charges. So we called Verizon who easily agreed to remove the charges.

All well and good but the question remains how did these people get the company phone number and an employee name to ping it to? Obviously I had a talk with John. John is one of those rare people who ‘gets it’ mostly from an IT perspective. He told me that he never visited either of those sites or any other site even remotely close to it, doesn’t use facebook, doesn’t fill out online quizzes and when he buys stuff online for the company he uses a fake phone number (Like I said, he ‘gets it’).

If it was anyone else I would probably just say he filled out a form somewhere and got phished, which is still possible. Or there may be undetected malware deep inside his machine that I haven’t found yet. (I will take a closer look soon). Looking closer at the company info I quickly started going nowhere, fake company names, with fake addresses etc…

I will be looking closer at this stuff over the next few days. If you have heard of PC Protect or if anything else in this sounds familiar let me know. In the meantime keep a close eye on your phone bills.

WordPress is Installed

I figured if I’m going to do this blogging thing I should get some real software instead of editing an HTML file by hand. Not that I mind writing raw HTML but this is so much easier and has all these cool nifty features like comments and stuff. So I’ve just installed this today, I’ve moved over all the old posts and I will be moving over everything else as well but it may take a few days weeks so things will be changeing.

I have HNN Back!!!

I am very very happy about this. <danceofjoy> I finally own hackernews.com again! </danceofjoy> many many thanks to Dave for keeping watch over the domain and not gouging me to transfer it over. (Dave, I owe you many beers!) Now just because I have the domain doesn’t mean I am going to resurect HNN or anything it is just good to have things back to where they belong. For now hackernews.com will just point here.

Merry Christmas!

Dildog threw his annual Christmas bash with all of the usual suspects and a few unusual ones. Tame by L0pht party standards but hey, we’re all gettin’ old. The Vegtable of Death actually stopped looking for dead people long enough to grace us with his presence. The Fish of Tweet was still 5K miles away but still thought of. Mudge had his new girly girl and I don’t think I saw a drink in his hand all night, WOW!

Defcon

Blackhat and Defcon were as trippy as I thought it would be. Rather tame by Defcon standards but then I think they say that every year. Not much in the way of muli-colored hair or scantily clad women, but definately more women than I remember. KP was pimpin’ out the Defcon badge which I must say was pretty cool. Had a beer or two with Jericho at the Silohette bar at Ceasers and talked about his work on the OSVDB. and of course reminised about the old HNN days. It was good see Tan, although some of the stories he told me about what he has been up to over the last few years were scary to say the least, still good to diss the old @Snake fiasco. And of course Mudge, still drunk, not sure if things will ever be the same there but at least we’re talking. Unfortunately other people can’t seem to deal with the real world and like to pretend it doesn’t exist, whatever. I just wanted to say hi.

First Post

OK, so now that I am blogging, not that I wasn’t blogging before they called it blogging, what the hell do I write about? HOPE is coming up but I doubt I will be in attendance, to much work. I may head off to Defcon this year, that will be a trip. Been five years or so since I have seen any of those folks.

If anyone asks me to create a MySpace page I will seriously bitch slap them.