News archive December 2015 - Koos van den Hout

Archive by year: 1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020

2015-12-18 (“It’s kind of like I’m maintaining civilization. Believe me, a lot of people complain about HOAs, but...) 4 years ago
Google+Koos van den Hout : A 'favourite' subject among (US) radio amateurs: Home owners associations. In this story it seems some HOAs think all their rules and regulations are what keeps civilization going.

My house has a deed restriction that I allow my neighbours and the phone company passage over the last 30 centimeter of my land. Nothing about the outside of my house. Yet civilization has not fallen apart around us.
2015-12-16 Suspect 'invoice' mail showing an interesting error 4 years ago
The flood keeps coming, this time with an interesting error:
Dear Customer,

Our records show that your account has a debt of $295.{rand(10,99)}}. Previous a
ttempts of collecting this sum have failed.

Down below you can find an attached file with the information on your case.

[-- Attachment #2: SCAN_INVOICE_99193061.zip --]
I guess the spammer had a bit of a problem with the spamming macro language!

The .zip file contains
  Length      Date    Time    Name
---------  ---------- -----   ----
    22333  2015-12-16 20:27   invoice_GeL0XY.js
---------                     -------
    22333                     1 file
Which is a really obfuscated javascript.

Tags: , ,
2015-12-16 Suspect 'invoice' mails keep coming 4 years ago
It is a whole flood of suspect mails this week, mostly trying to be an invoice or sometimes order confirmation. Containing .xls files, .doc files, or javascript or java applet.

I don't have the environment to research these completely but I expect them all to contain some form of malware aimed at the Windows operating system.

Tags: , ,
2015-12-15 (HamTV will be used for ARISS contacts, and Goonhilly earth station will be used to receive the video...) 4 years ago
Google+Koos van den Hout : HamTV will be used for ARISS contacts, and Goonhilly earth station will be used to receive the video in England. The story also suggests to me that all contacts will be direct (no telebridge) so chances of receiving them in northern Europe will be good.
2015-12-15 Een nutsbedrijf moet een ding doen, en dat heel goed doen 4 years ago
Bij het invullen van de meterstand op de website van Vitens, onze waterleverancier:
Wilt u de nieuwsbrief met interessante ontwikkelingen binnen Vitens en van onze nieuwe producten en diensten per e-mail ontvangen?
Nee, jullie zijn een nutsbedrijf, een waterleverancier. Ik wil dat jullie je aan de waterleidingwet houden en vooral geen rare commerciële avonturen beginnen. Ik vond het ook al verdacht dat de incassovoorwaarden het hadden over 'geleverde producten en diensten van Vitens' in plaats van 'levering van water'.

Tags: ,
2015-12-14 Next suspect mail flood: "Invoice 14 12 15" from "Thunderbolds Limited" 4 years ago
And the next flood of suspect e-mail messages:

This message contains 2 pages in PDF format.

[-- Attachment #2: fax00163721.xls --]
[-- Type: application/vnd.ms-excel, Encoding: base64, Size: 105K --]

[-- application/vnd.ms-excel is unsupported (use 'v' to view this part) --]
Probably more malware droppers. It seems some botnets are in great need for new systems to abuse.

Tags: , ,
2015-12-14 Suspect mails "FW: Scan from a Samsung MFP" 4 years ago
Multiple e-mail messages the last hour or so with:
-----Original Message-----

Please open the attached document. It was scanned and sent to you using a
Samsung MFP. For more information on Samsung products and solutions, please
visit http://www.samsungprinter.com.


This message has been scanned for malware by Websense. www.websense.com

[-- Attachment #2: Untitled_14102015_154510.doc --]
[-- Type: application/msword, Encoding: base64, Size: 123K --]

[-- application/msword is unsupported (use 'v' to view this part) --]
I don't have the means to research the .doc file completely but when I get unsollicited office files it can only be malware.

Update: I'm not the first to notice this: New Word malware: FW: Scan from a Samsung MFP - mxlab who researched the file and indeed found malware.

Tags: , ,
2015-12-13 Trying to squeeze in some radio hobby when propagation is cooperating 4 years ago
This weekend I wanted to play some radio but it was hard to find time and cooperating propagation. At the moment propagation seems very limited and it only happens during the hours the sun is up for the amateur bands I am active in (20 meter and 10 meter).

On Saturday it was rainy most of the day which ment the roof was wet and my signals weren't getting out when I got around to trying. I had enough incoming signals and had nice overviews on PSK reporter but nobody heard me when I had time to call/answer.

On Sunday it was dry and I made five PSK31 contacts, and one SSB contact. After sunset the 20 meter band dried up quickly for me so I hung out the endfed to try my luck on 40 meter. Calling CQ in RTTY mode on 7051 MHz got spotted on the reverse beacon network but nobody answered. What frequency on 40 meter is good for PSK31 varies, but the only frequency where I hear/see it active is 7.040 MHz which is currently outside the frequency range I'm allowed to use.

So I tried something else: JT-65 since I did hear the JT-65 tones above 7.076 MHz. The software was readily available via the Ubuntu ham radio software repository: wsjtx. It took me a bit of work to configure it to use hamlib via localhost: I can select the right rig type (NET rigctl 2) but I can't select a network host. Entering 'localhost' gave me a 'connection refused' error which I did not expect. I used strace to find out and the connection was only attempted to ::1, the IPv6 localhost where rigctld does not listen. I entered 127.0.0.1 as port and CAT control (controlling and monitoring my radio) started working. I saw some activity, and even tried answering a CQ call, but my answer was not received.

JT-65 takes time: transmitting a message of maximum 13 characters takes around 50 seconds(!). A full QSO including signal reports takes at least 6 minutes, it's really not a mode for chatting or for fast contacts. On the other hand: it is a weak-signal mode, JT-65 can dig up signals deep from the noise!

Tags: , ,
2015-12-12 (The RF Interference Before Christmas caused by The Lights Before Christmas!) 4 years ago
Google+Koos van den Hout : The RF Interference Before Christmas caused by The Lights Before Christmas!
2015-12-08 (Monitoring Christmas) 4 years ago
Google+Koos van den Hout : Monitoring Christmas
2015-12-07 News selection that doesn't agree with me 4 years ago
Lately I have been annoyed a few times by the selection of news that makes the headlines on television and in the newspaper. This may be due to the selection I follow (NOS journaal and de Volkskrant) and my issues with current politics (how their actions will be framed in the news seems to be much more important than the long term effects).

Two recent news stories where I wanted a lot more information than my news sources wanted to give me were the damaged bridge in Weener and the flooding in parts of northern England.

The world wide web to the rescue, where I can find other news sources and a lot more information about things happening around the world.

Damaged bridge in Weener (Germany): Flooding in northern England. Noticeable to me was that visiting the BBC website at www.bbc.co.uk gave me a redirect to www.bbc.com which seems to stay away from news about England. Using news.bbc.co.uk gives a better result. In general it seems when some foreign news attracts my attention it is better to find web sources than to wait for the Dutch news to get a hint.

Tags: , ,
2015-12-04 Overzicht geschiedenis PA0FBK antenne 4 years ago
Ik heb een apart overzicht gemaakt van mijn ervaringen met de PA0FBK coax antenne. Aangezien ik over die antenne begonnen ben in het nederlands dat maar volgehouden. Andere dingen over amateur radio schrijf ik meestal in het engels.

Tags: ,
2015-12-02 Geluksrelatie spam 4 years ago
Ineens een opvallende stijger in de spam die me opvalt: geluksrelatie.nl die spam stuurt alsof je op een andere manier contact had gezocht met een vrijgezelle dame en het handig is als je verder contact zoekt via die site. De logica dat die dame dan wel de ontvanger kan benaderen maar toch via die site zou moeten werken ontgaat me een beetje. Voorbeeld:
Bedankt voor je reactie ik ben wel wat laat met reageren maar dat komt omdat ik het erg druk had de afgelopen tijd. Ik probeer je daarom nu nog even te bereiken via dit mailtje. Aangezien ik enorm veel reacties had gekregen op mijn oproep heb ik besloten om mezelf [1]hier in te schrijven. Buiten het feit om dat je met mij in contact kan komen zijn er nog [2]veel meer mensen die op zoek zijn naar een serieuze relatie want we willen toch allemaal gewoon gelukkig zijn? Ik kan wel een heel verhaal op gaan hangen maar als je echt serieus bent en je wil contact dan weet je hoe je mij kunt bereiken.
Opvallend is dat hier weinig klachten over terug te vinden zijn, eentje maar via trustpilot als negatieve review van netground.nl.

Tags: ,
2015-12-01 Malware linked to recent Brussels lockdown 4 years ago
It must take a special kind of evil to try to spread malware under the guise of information about the recent Brussels lockdown. From the e-mail message:
Federale Politie
Commissariat de Police
Directorate of the special units (DSU)
Sir,
We kregen een terreuralarm met betrekking tot uw zakelijke omgeving.
Worden geadviseerd om de beschermende maatregelen (SECURITY TIPS) als gehecht aan jezelf, je bedrijf volgen en uw gezin beveiligd
.................................................................................................................
Monsieur,
Nous avons eu une alerte terroriste concernant votre secteur d'activité.
Être conseillé de suivre les mesures de protection (Conseils de sécurité) tels qu'ils sont joints pour vous garder, votre entreprise et votre famille fixée
Best regards,
Catherine De Bolle,
General Commissioner
Commissariat de Police
Rue du College 1,
1050 Brussel, Belgium
P: 032 2 515 71 86
E: commisioner(a)polfed-fedpol.be
With some shady files attached. Scanning them with virustotal gives that the .zip file contains the Java/Adwind malware.
Read the rest of Malware linked to recent Brussels lockdown

Tags: , ,


, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: morenews.cgi,v 1.46 2019/10/20 15:42:02 koos Exp $ in 0.021981 seconds.