Just a quick note to say that during a recent incident I found spyware that seemed to repeatedly re-infect a Windows XPSP2 system with all the latest, greatest antivirus and antispyware utilities. It would reappear a few seconds after I had removed it with the Spybot S&D utility. I ran Mark’s RootkitRevealer and it reported that the Firefox cache had numerous hidden items in its cache as well discrepancies in the cookie.txt file itself. That was all I needed to realize that clearing the Firefox cache would prevent the re-infection, but it raises the issue of how the browser cache/cookies are set to reinfect a system with malware, yet the anti-spyware doesn’t pick them up in the scan(s). My objective was to get the system to a stable/clean state, but if I have more time and see another case I will dissect the code and see if I can get the spyware utilities to clean more thoroughly.

It always bothered me that the 419 scams in Nigeria seem to be linked to people who say that they are just playing the game of open markets. In other words, attackers ask why they should be blamed if they simply prey on others’ greed.

A new story appeared last Thursday in the Guardian that reinforces much of what was reported a few years ago:

The email scammers here prefer hitting Americans, whom they see as rich and easy to fool: maghas [slang from a Yoruba word meaning fool] are avaricious and complicit. To them, the scams – known as 419 after the Nigerian criminal statute against fraud – are a game.

A “game” that has victims rather than players, hardly can be called a game at all. Instead, it is an example of carefully crafted social engineering that allows attackers to transfer value (from victims to themselves) without proper authorization. The interesting thing about the attack, in this case, is how it uses political or even cultural prejudice to establish credibility.

I presented a report on this with Harriet Ottenheimer at the Central States Anthropological Society’s meetings in 2004. It was called “Urgent/Confidential — An Appeal for your Serious and Religious Assistance” and provided details on the attack taxonomy and social engineering methodologies.

Might be time to publish the paper to help clarify how people remain susceptible and what can be done to reduce the risk.

The Register reports that a teenage girl in England apparently convinced a judge that an ankle-tag would look odd with her choice of clothing, and she therefore was able to easily circumvent the curfew conditions of her bail. One must wonder whether the judge also called for a more effective/discrete tag (is their purpose to be obvious to others?) or just did not really think the teen would recitivate for “grievous bodily harm against another woman”.

The BBC report mentions that the girl said she did not answer the door during her curfew because “she was asleep at the time”, which presents an interesting value map for security:

Fashion > IDTag > Sleep

I posted portions of the following comment on Schneier’s blog today. Thought it deserved a place here as well.

This is an excellent quote, discovered in a Wired story called “Drivers Want Code to their Cars“:

“‘There is really no time in my schedule for sitting around a car dealership listening to some fat guy in a clip-on tie tell me that the problem is my fault,’ [a 2002 car owner] said. ‘Instead of explaining anything to me they just pull out a warranty sheet with a highlighted portion indicating that they don’t cover Check Engine light problems.’

A bill floating through Congress could help people like Seymour by forcing automakers to share diagnostic codes with car buyers and independent mechanics. The Motor Vehicle Owners’ Right to Repair Act would give Seymour the means to determine whether the Check Engine light signaled another gas cap vagary or a major oil leak. The legislation would also allow Seymour to choose an independent — and possibly cheaper — repair shop instead of being forced to go to the dealership.

The legislation argues that consumers own their vehicles in their entirety and should be able to access their onboard computers.”

I think that’s “own” as in “beer”, not speech…

I know it’s a stretch, but imagine personal computer users making the same kind of demand (ok, forget the clip-on tie part). You would have a legal precedent for a “right to repair”, which could be extended to a need for source, no? How does IP get protected when you give away the details needed to make repairs, or should IP rights be placed above the right to prevent harm or even just maintain value for a buyer? More research required.