News archive June 2005 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020

2005-06-28 (#) 14 years ago
Went to the Utrecht PGP keysigning party 2005 today. Had quite a number of cases of putting a face to an e-mail address (and associated things like open-source projects). Now the interesting thing is checking the pgp key statistics for my key 0xF0D7C263.

Tags: ,
2005-06-28 (#) 14 years ago
You may be a child of the eighties if . . . . .. contains too many things that sound familiair. A Dutch version might even be scarier.

Tags: , ,
2005-06-22 (#) 14 years ago
Found the MaxiMog, a project by Applied Minds. A vehicle with very nice specs (and probably a very nice pricetag). This vehicle reminds me a lot of the expedition vehicle described in the book The Lost World by Michael Crichton (and shown in the the movie The Lost World). Source: Wired news article about Applied minds.

Tags: ,
2005-06-17 (#) 14 years ago
Some further tests show that the gps still isn't too briljant in getting a fix when only part of the sky is visible (what I think is described in brochures as 'canyon view'). That does not help with testing at home where I put the antenna on some windowsil. Maybe time to find a newer gps (usb or serial) for warbiking and start using this one for a gps time reference.

Tags: ,
2005-06-15 (#) 14 years ago
I added a NiCd battery to my gpskit hoping that would improve its performance and shorten the startup time. In a few tests sofar (after a night charging the battery and leaving the antenna out so it could receive full almanac data) it looks like things are working better now. Biking home to work with the warbike setup gave me locations for all access points. New NiCd batteries of the right specs were not available, but an old 386sx mainboard was kind enough to donate one.

Tags: ,
2005-06-10 Another paypal scam 14 years ago
On a whim I decided to follow this one..

It linked to http://www.login-paypal-world.com
Interesting reply from whois:

No match for "LOGIN-PAYPAL-WORLD.COM".

But the gtld nameservers are more helpful:

login-paypal-world.com name server pdomns2.msn.com.
login-paypal-world.com name server pdomns1.msn.com.

And it points at:

www.login-paypal-world.com has address 65.54.132.254

Which is hosted by.. microsoft.

OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: 65.52.0.0 - 65.55.255.255
CIDR: 65.52.0.0/14
NetName: MICROSOFT-1BLK
NetHandle: NET-65-52-0-0-1
Parent: NET-65-0-0-0-0
NetType: Direct Assignment

Yeah, abuse@microsoft.com. I'd like a usable answer to my previous queries.

Anyway. Asking for it:

$ lynx -head -dump http://www.login-paypal-world.com
HTTP/1.1 302 Found
Connection: close
Date: Fri, 10 Jun 2005 16:30:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P:CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-AspNet-Version: 1.1.4322
Location: http://213.136.105.66/www.paypal.com/account/index.html
Cache-Control: private
Expires: Sat, 01 Jan 2000 08:00:00 GMT
Content-Type: text/html

Later the forward stopped, but the page at the redirect is still up.

A nice redirect to 213.136.105.66 where they have built a complete mockup
of the paypal login page, with all the right buttons pointing at the right
places at paypal.

213.136.105.66 is at afrinic..

inetnum: 213.136.105.0 - 213.136.105.255
netname: AVISONET
descr: ISP Cote d'Ivoire
country: CI
admin-c: ZJ59-AFRINIC
tech-c: AE496-AFRINIC
status: ASSIGNED PA

Some ISP in Cote d' Ivoire (sometimes home to a certain kind of people
from Nigeria with interesting financial propositions)

$ lynx -head -dump http://213.136.105.66/www.paypal.com/account/index.html
HTTP/1.0 200 OK
Date: Fri, 10 Jun 2005 17:03:20 GMT
Server: Apache
Last-Modified: Thu, 05 Aug 2004 16:15:48 GMT
ETag: "341d4-29f6-41125d34"
Accept-Ranges: bytes
Content-Length: 10742
Content-Type: text/html
Age: 17017

The submit is to

http://213.136.105.66/www.paypal.com/account/loginsubmit.php
which redirects to

http://213.136.105.66/www.paypal.com/account/loginsubmit.htm

This page looks like an 'error in your login data' page and asks for the
same login/password again. Funny is that they forgot to copy a pixel from
paypal or forgot to point at the right one, giving 404 errors and a somewhat
distorted page (in firefox).

$ lynx -head -dump http://213.136.105.66/en_US/i/scr/pixel.gif
HTTP/1.0 404 Not Found
Date: Fri, 10 Jun 2005 21:53:46 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1

The page submits the data to

http://213.136.105.66/www.paypal.com/account/processing.php

Which redirects to (this is a pattern..)

http://213.136.105.66/www.paypal.com/account/processing.htm

Which gives an advert for a new 'immediate Paypal payment' option.

Another 'continue' button, which gets (using an 'onload' form)

http://213.136.105.66/www.paypal.com/account/agreement.htm?Continue=Continue

with a bit about updated terms and conditions (loads of legalese. I did not
check for 'you just gave us access to all your paypal funds, thank you
very much' hidden in there).

And next comes up a page
http://213.136.105.66/www.paypal.com/account/pp.htm?Submit=Submit

(hey, I never clicked on one of those 'yes, I agree'
buttons..) asking for every last detail such as social security number,
mother's maiden name, drivers license, credit card number and pin for the
credit card. They do their identity theft seriously!

Oops, forgot to fill in the form. Wow, there is a real check for a CC number
in it (16 digits) and other checks for pin lenght, the works. I was not
in the mood to find nonsense values for those. So I asked for the handler at
http://213.136.105.66/www.paypal.com/account/login.php

which redirected to

http://213.136.105.66/www.paypal.com/account/Complete.htm

which says...

"Your information submitted successfully! Your information will be
reviewed shortly."

And a link to 'paypal home' at the real http://www.paypal.com/

Makes me wonder where all that information is sent..

the form name used is 'mailbomber' and a google search for 'paypal' and
'mailbomber' shows that this is a well-known script for paypal account
phishing.

Tags: , ,
2005-06-09 (#) 14 years ago
Google sightseeing has links to great finds on the sattelite images at google maps. The one I find the nicest to see is Cheyenne Mountain Operations Center, aka Norad (what they call themselves). I remember Norad from the movie Wargames.

Tags: ,
2005-06-06 (#) 14 years ago
New kismet log views online. Last friday biking house - work and back (in the rain). Slight variations in the route I took (uh oh, signs of wardriving addiction showing up) to find new ones. Funny thing is I start to recognize the kind of buildings that will have lots of access points: student houses and new apartment buildings.

Tags: ,
2005-06-02 (#) 14 years ago
Had another go at finding the ideal combination of drivers and patches for my laptop and wireless network scanning, and got it fixed. Documented it right away, getting the orinoco 0.13e drivers to work on the dell latitude c640 laptop.

Tags: , , ,
2005-06-01 (#) 14 years ago
Warbiking home yesterday evening. Had to fiddle a lot with the gps unit to make it find itself. On the way home kismet discovered 191 wireless networks (the other 18 on that list are clients seeking their network) and managed to map the location of 173 of them. I fiddled a bit with waypoints in gpsdrive (seems it can't display 173 waypoints at the same time) and managed to create maps of the access-points found. Map 1, Map 2, Map 3.

Tags: ,


, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.46 2019/10/20 15:42:02 koos Exp $ in 0.019443 seconds.