Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Sophos Exec Catches Raid/Dustin Cook dropping viruses On Usenet

27 views
Skip to first unread message

Anonymous

unread,
Feb 15, 2013, 12:19:49 AM2/15/13
to
Duckfart used one of his old nyms, John Grahms.

He was caught by Graham Cluley, Head of Corporate Communications,
Sophos Anti-Virus

>From the archive:
The Best of Raid [Slam] aka Dustin Cook
aka
Dustin <drop.thos...@raidsplace.org>
aka
Dustin <bughunte...@gmail.com>
aka
Raid[SLAM]Vxr (Claims to have written over 40 viruses)

(Notice how Raid/Dustin Cook/John Grahms says how Grahms is such a
common name in an effort to divert attention from a salient point
unmasking not only his deed, but his own origin. Yes, John Grahms may be
a common name - in the UK, that is. More on this subject another time.
His buddy Pax supplied some interesting info over time.)

http://groups.google.com/group/alt.comp.virus/browse_thread/thread/48d21236bc8ec529/723151bd4b8e4235?hl=en&q=group:alt.comp.virus+author:raid#723151bd4b8e4235
or
http://preview.tinyurl.com/23tm5sb

From: sop...@cix.compulink.co.uk (sop...@cix.compulink.co.uk)
Subject: Re: Irok virus?
Newsgroups: alt.comp.virus
Date: 2000/03/27

In article <0d75eee3.62435...@usw-ex0106-045.remarq.com>,

soho20NOsoS...@hotmail.com.invalid (Raid Slam) wrote:
> > It was posted to several newsgroups but
> >this addy. jgra...@yahoo.com

> Thanks, I've contacted this individual. The person (I don't know
> what sex they are) sent me a few... amusing emails.

I thought John Grahms was one of the pseudonyms you use, Raid?

Did you ask this person who has been posting your viruses to various
newsgroups why he appears to be using one of your pseudonyms?

- --
Graham Cluley, Head of Corporate Communications, Sophos Anti-Virus
email: gclu...@sophos.com http://www.sophos.com
US Support: +1 888 SOPHOS 9 UK Support: +44 1235 559933

<<<<<<< prima facie >>>>>>
==================================================

From: Raid Slam (soho20NOsoS...@hotmail.com.invalid)
Subject: Re: Irok virus?
Newsgroups: alt.comp.virus
Date: 2000/03/27

In article <8bo7ie$jr...@plutonium.compulink.co.uk>,

sop...@cix.compulink.co.uk wrote:
>I thought John Grahms was one of the pseudonyms you use, Raid?

Actually, It's a real name. Quiet popular; Which is why I use it.
Makes it just a wee bit more interesting.

>Did you ask this person who has been posting your viruses to
>various newsgroups why he appears to be using one of your
>pseudonyms?

As I mentioned (I realize you have a reading comprehension
problem) he wouldn't tell me where he got the virus, or why he
was spreading it. And to be honest Graham, I don't really give a
fuck. It's out, ah well.

Btw, what version of unix are you running? (harmless question)

Regards,
Raid [SLAM]

<<<<<<<<<<<<<< voluntary admission of release >>>>>>>>
<<<<<<<<<<<<<< what a psychopath >>>>>
<<<<<<<<<<<<<< prima facie >>>>>>>>>>>>>>>>
=====================================================

From: sop...@cix.compulink.co.uk (sop...@cix.compulink.co.uk)
Subject: Re: Irok virus?
Newsgroups: alt.comp.virus
Date: 2000/03/29

In article <03c5a1aa.94f03...@usw-ex0106-045.remarq.com>,

soho20NOsoS...@hotmail.com.invalid (Raid Slam) wrote:
> In article <8bo7ie$jr...@plutonium.compulink.co.uk>,
> sop...@cix.compulink.co.uk wrote:
> >I thought John Grahms was one of the pseudonyms you use, Raid?

> Actually, It's a real name. Quiet popular; Which is why I use it.
> Makes it just a wee bit more interesting.

Oh okay, I hadn't heard it before you started using it. Odd coincidence
I
thought.

> >Did you ask this person who has been posting your viruses to
> >various newsgroups why he appears to be using one of your
> >pseudonyms?

> As I mentioned (I realize you have a reading comprehension
> problem) he wouldn't tell me where he got the virus, or why he
> was spreading it. And to be honest Graham, I don't really give a
> fuck. It's out, ah well.

But you should care if someone is ripping you off by distributing your
viruses. Isn't that a breach of copyright?

- --
Graham Cluley, Head of Corporate Communications, Sophos Anti-Virus
email: gclu...@sophos.com http://www.sophos.com
US Support: +1 888 SOPHOS 9 UK Support: +44 1235 559933

<<<<<<<<<<<<<< prima facie >>>>>>>>>>

RayLopez99

unread,
Feb 15, 2013, 2:18:35 PM2/15/13
to
On Friday, February 15, 2013 7:19:49 AM UTC+2, Anonymous wrote:
> Duckfart used one of his old nyms, John Grahms.
>

Dustbin's out of control, off his meds, and is going down. Only a matter of time before he self-harms or is taken out by law enforcement.

RL
Message has been deleted

RayLopez99

unread,
Feb 16, 2013, 9:36:57 AM2/16/13
to seal...@osama-is-dead.net
On Saturday, February 16, 2013 6:38:02 AM UTC+2, G. Morgan wrote:

> I don't hold Cluley in that high of regard. He's always a day late and
>
> a dollar short. Which is why I've *never* recommended a Sophos product
>
> to anyone. I'd rather give the business to Norton before them.

Do you like MS Security Essentials? It does not get as high a rating as the paid version of Norton (which scores quite high) but it's pretty good, don't you think?

Certainly would defeat the kiddie scripter Dustin, but it's also good against real hackers.

RL
Message has been deleted

~BD~

unread,
Feb 16, 2013, 12:49:13 PM2/16/13
to
G. Morgan wrote:
> RayLopez99 wrote:
>
>> On Saturday, February 16, 2013 6:38:02 AM UTC+2, G. Morgan wrote:
>>
>>> I don't hold Cluley in that high of regard. He's always a day late and
>>>
>>> a dollar short. Which is why I've *never* recommended a Sophos product
>>>
>>> to anyone. I'd rather give the business to Norton before them.
>>
>> Do you like MS Security Essentials? It does not get as high a rating as the paid version of Norton (which scores quite high) but it's pretty good, don't you think?
>
> At first I didn't like the idea of putting all my "apples" in one basket
> (M$FT). After using it for a while since Avira got too annoying for me,
> I think it's doing a fine job. I've scanned with other engines with the
> disks unmounted periodically and nothing has been missed by MSSE so far.
> The real time protection is fast, it always catches my Nirsoft password
> utilities on a new Dropbox install (before I have time to exclude).
>
> I didn't like it when first released because it bogged down two systems
> I tried it on. Now it seems to be less intrusive than anything out
> there with a great detection rate.
>
>> Certainly would defeat the kiddie scripter Dustin, but it's also good against real hackers.
>
> I don't know how well it does against zero-day stuff, I stay away from
> those sites. I really don't even need a AV program, it's there mostly
> for Usenet links that I click. My everyday surfing would not lead me to
> malware, and I don't take chances with email links if I don't know the
> sender.

Malware traditionally was delivered as an executable or an attachment to
an email. This still happens today, but attackers are have moved on to a
new technique that allows the infection to happen in real-time and over
applications that are not nearly as well controlled as corporate email.

This technique is known as the drive-by-download and begins by remotely
exploiting the target user (such as luring a user into clicking a link
on Facebook that sends the user to an infected webpage). The exploit
runs remotely, and once the user is compromised (usually without any
indication to the user), malware is downloaded in the background.

--
Surely you know this?

Aardvark

unread,
Feb 16, 2013, 3:52:01 PM2/16/13
to
On Sat, 16 Feb 2013 17:49:13 +0000, someone, not the lying, slimy,
cowardly cunt wrote:

> Malware traditionally was delivered as an executable or an attachment to
> an email. This still happens today, but attackers are have moved on to a
> new technique that allows the infection to happen in real-time and over
> applications that are not nearly as well controlled as corporate email.
>
> This technique is known as the drive-by-download and begins by remotely
> exploiting the target user (such as luring a user into clicking a link
> on Facebook that sends the user to an infected webpage). The exploit
> runs remotely, and once the user is compromised (usually without any
> indication to the user), malware is downloaded in the background.

Going to attribute that copy/paste job any time soon?



--
"I grabbed a pile of dust, and holding it up, foolishly asked for as many
birthdays as the grains of dust, I forgot to ask that they be years of
youth. "
-Ovid (Publius Ovidius Naso (20 March 43 BC – AD 17/18))

David H. Lipman

unread,
Feb 16, 2013, 4:49:25 PM2/16/13
to
From: "Aardvark" <aard...@aardvark.uk.tc>

> On Sat, 16 Feb 2013 17:49:13 +0000, someone, not the lying, slimy,
> cowardly cunt wrote:
>
>> Malware traditionally was delivered as an executable or an attachment to
>> an email. This still happens today, but attackers are have moved on to a
>> new technique that allows the infection to happen in real-time and over
>> applications that are not nearly as well controlled as corporate email.
>>
>> This technique is known as the drive-by-download and begins by remotely
>> exploiting the target user (such as luring a user into clicking a link
>> on Facebook that sends the user to an infected webpage). The exploit
>> runs remotely, and once the user is compromised (usually without any
>> indication to the user), malware is downloaded in the background.
>
> Going to attribute that copy/paste job any time soon?

Yepper. Plagiarized w/o attribution.

http://www.paloaltonetworks.com/cam/malware/#prevent --> "Preventing Malware
Infection" under section... "Preventing the Drive-by-Download"



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Aardvark

unread,
Feb 16, 2013, 6:49:07 PM2/16/13
to
On Sat, 16 Feb 2013 16:49:25 -0500, David H. Lipman wrote:

> From: "Aardvark" <aard...@aardvark.uk.tc>
>
>> On Sat, 16 Feb 2013 17:49:13 +0000, someone, not the lying, slimy,
>> cowardly cunt wrote:
>>
>>> Malware traditionally was delivered as an executable or an attachment
>>> to an email. This still happens today, but attackers are have moved on
>>> to a new technique that allows the infection to happen in real-time
>>> and over applications that are not nearly as well controlled as
>>> corporate email.
>>>
>>> This technique is known as the drive-by-download and begins by
>>> remotely exploiting the target user (such as luring a user into
>>> clicking a link on Facebook that sends the user to an infected
>>> webpage). The exploit runs remotely, and once the user is compromised
>>> (usually without any indication to the user), malware is downloaded in
>>> the background.
>>
>> Going to attribute that copy/paste job any time soon?
>
> Yepper. Plagiarized w/o attribution.
>

I'd gathered as much, David.

> http://www.paloaltonetworks.com/cam/malware/#prevent --> "Preventing
> Malware Infection" under section... "Preventing the Drive-by-Download"

You've just done the job that should really have been done by the
plagiarist himself.

David H. Lipman

unread,
Feb 16, 2013, 6:59:51 PM2/16/13
to
From: "Aardvark" <aard...@aardvark.uk.tc>

> On Sat, 16 Feb 2013 16:49:25 -0500, David H. Lipman wrote:
>
>> From: "Aardvark" <aard...@aardvark.uk.tc>
>>
>>> On Sat, 16 Feb 2013 17:49:13 +0000, someone, not the lying, slimy,
>>> cowardly cunt wrote:
>>>
>>>> Malware traditionally was delivered as an executable or an attachment
>>>> to an email. This still happens today, but attackers are have moved on
>>>> to a new technique that allows the infection to happen in real-time
>>>> and over applications that are not nearly as well controlled as
>>>> corporate email.
>>>>
>>>> This technique is known as the drive-by-download and begins by
>>>> remotely exploiting the target user (such as luring a user into
>>>> clicking a link on Facebook that sends the user to an infected
>>>> webpage). The exploit runs remotely, and once the user is compromised
>>>> (usually without any indication to the user), malware is downloaded in
>>>> the background.
>>>
>>> Going to attribute that copy/paste job any time soon?
>>
>> Yepper. Plagiarized w/o attribution.
>>
> I'd gathered as much, David.
>
>> http://www.paloaltonetworks.com/cam/malware/#prevent --> "Preventing
>> Malware Infection" under section... "Preventing the Drive-by-Download"
>
> You've just done the job that should really have been done by the
> plagiarist himself.
>

BD likes to quote Butts and idolizes him. It makes sense he'd emulate him
by plagiarizing too. :-(

FromTheRafters

unread,
Feb 16, 2013, 9:21:14 PM2/16/13
to
It happens that ~BD~ formulated :
I've got lots of those PDF vector downloaders.


~BD~

unread,
Feb 17, 2013, 2:13:05 AM2/17/13
to
What did you make of this statement made by Graham?

"My everyday surfing would not lead me to malware.."

Do you think he was serious? (He runs a computer business!)

Do you agree that his statement was wrong?

--


Aardvark

unread,
Feb 17, 2013, 8:36:55 AM2/17/13
to
So I'd noticed.

> It makes sense he'd emulate
> him by plagiarizing too. :-(

Now you mention it...

FromTheRafters

unread,
Feb 17, 2013, 10:06:08 AM2/17/13
to
on 2/17/2013, ~BD~ supposed :
Anecdotal.
>
> Do you think he was serious? (He runs a computer business!)

Yes.
>
> Do you agree that his statement was wrong?

Yes, but he can only go by his own experience or by second hand
experience of any clients he may have had that got malware by 'doing
something stupid'.

*Any* page visited *might* have a redirect to a server hosting an
exploit kit. At the time one visits such a site one *might* be
susceptible to one of the vulnerabilities being exploited by the site
and have malware downloaded and executed without much of any indication
that something bad is happening.

Both times I was hit by ransomware it was obvious something was amiss -
it takes a long time for the pinlady script (plugindetect) to run as
compared to the normal amount of time it takes for a page to load
completely. About 85 to 90 percent of the BlackHole script is
plugindetect. Then, the PDF exploit (which worked on my machine) takes
a long time to get through two layers of decoding and two layers of
compression just to reveal the deobfuscation script which reveals yet
another deobfuscation script which reveals the heap spray and partially
encrypted shellcode that runs the actual exploit.

Id say that the delay on my machine was almost a whole minute, so I
knew I was being exploited and my machine was pretty much unresponsive
until the trojan downloader was done downloading and executing the
ransomware (the FBI has locked your computer).


~BD~

unread,
Feb 17, 2013, 10:57:03 AM2/17/13
to
Well it's nice to know that I have learned *something* over the past few
years, albeit mostly by reading about the problems *other* folk have
had! ;-)

> *Any* page visited *might* have a redirect to a server hosting an
> exploit kit. At the time one visits such a site one *might* be
> susceptible to one of the vulnerabilities being exploited by the site
> and have malware downloaded and executed without much of any indication
> that something bad is happening.

That's exactly as I understand matters!

> Both times I was hit by ransomware it was obvious something was amiss -
> it takes a long time for the pinlady script (plugindetect) to run as
> compared to the normal amount of time it takes for a page to load
> completely. About 85 to 90 percent of the BlackHole script is
> plugindetect. Then, the PDF exploit (which worked on my machine) takes a
> long time to get through two layers of decoding and two layers of
> compression just to reveal the deobfuscation script which reveals yet
> another deobfuscation script which reveals the heap spray and partially
> encrypted shellcode that runs the actual exploit.
>
> Id say that the delay on my machine was almost a whole minute, so I knew
> I was being exploited and my machine was pretty much unresponsive until
> the trojan downloader was done downloading and executing the ransomware
> (the FBI has locked your computer).

How did you recover from the situation, FTR?

--

FromTheRafters

unread,
Feb 17, 2013, 11:30:04 AM2/17/13
to
~BD~ wrote :
Both times I was able to reboot and get MBAM running before the
ransomware took hold. The first time I did it in "safe mode" and the
second time "safe mode" seemed to also be affected by the ransomware
and I was able to run MBAM in normal mode. The reason I didn't just
reimage is because I was running Ethereal and trying to see the
resulting traffic. Reimaging wouldn't allow me to investigate the
episode, but as it turned out I couldn't see the logs anyway.


~BD~

unread,
Feb 17, 2013, 11:57:38 AM2/17/13
to
FromTheRafters wrote:
> ~BD~ wrote :

[....]
>> How did you recover from the situation, FTR?
>
> Both times I was able to reboot and get MBAM running before the
> ransomware took hold. The first time I did it in "safe mode" and the
> second time "safe mode" seemed to also be affected by the ransomware and
> I was able to run MBAM in normal mode. The reason I didn't just reimage
> is because I was running Ethereal and trying to see the resulting
> traffic. Reimaging wouldn't allow me to investigate the episode, but as
> it turned out I couldn't see the logs anyway.

Thanks for explaining.

Have you subsequently re-imaged or re-installed the OS on that machine?

--

FromTheRafters

unread,
Feb 17, 2013, 12:45:09 PM2/17/13
to
~BD~ used his keyboard to write :
Yeah, I do that quite often.


~BD~

unread,
Feb 17, 2013, 1:34:50 PM2/17/13
to
You are a very wise man indeed! :-)

--

Message has been deleted

~BD~

unread,
Feb 18, 2013, 3:38:15 AM2/18/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>> My everyday surfing would not lead me to
>>> malware, and I don't take chances with email links if I don't know the
>>> sender.
>>
>> Malware traditionally was delivered as an executable or an attachment to
>> an email. This still happens today, but attackers are have moved on to a
>> new technique that allows the infection to happen in real-time and over
>> applications that are not nearly as well controlled as corporate email.
>>
>> This technique is known as the drive-by-download and begins by remotely
>> exploiting the target user (such as luring a user into clicking a link
>> on Facebook that sends the user to an infected webpage). The exploit
>> runs remotely, and once the user is compromised (usually without any
>> indication to the user), malware is downloaded in the background.
>>
>> --
>> Surely you know this?
>
> Don't be an idiot. My "everyday" surfing are known good sites. If I
> decide to roam the unknown, I have a security protocol I follow that
> will render any malware useless on the permanent OS I use.
>
> I run a VM if I'm going to investigate malware.

Did you not read what FTR said?!!!

<quote>

*Any* page visited *might* have a redirect to a server hosting an
exploit kit. At the time one visits such a site one *might* be
susceptible to one of the vulnerabilities being exploited by the site
and have malware downloaded and executed without much of any indication
that something bad is happening.

</quote>

You've not kept up to date with what the bad guys have been doing,
Graham. You need to do some research (or ask me!).

<quote>

Cybercriminals are increasingly using drive-by downloads to distribute
malware without end users knowing something bad has just landed on their
machine--until it's too late. Here are six ways IT departments can
protect end users from the productivity sink and potential data loss
that drive-by downloads create.

</quote>

http://www.cio.com/article/699970/6_Ways_to_Defend_Against_Drive_by_Downloads

How Drive-by Downloads Attack

Drive-by downloads work by exploiting vulnerabilities in web browsers,
plug-ins or other components that work within browsers, says Peck. And
they can take place a number of ways. For example, you can be innocently
cruising the Web when you happen upon a site that downloads malware onto
your computer. The site could have been set up by cybercriminals,
specifically for the purpose of infecting people's computers, or it
could be a legitimate website that cybercriminals compromised through
existing vulnerabilities in the site.

Dasient, a company that makes software to prevent Web-based malware
attacks, notes that nearly 4 million web pages across more than 400,000
websites are infected with malware each month.

--

~BD~

unread,
Feb 18, 2013, 3:55:48 AM2/18/13
to
~BD~ wrote:

> You've not kept up to date with what the bad guys have been doing!

FYI .......

Botnets for rent, criminal services sold in the underground market

(by paganinip on February 14th, 2013)

Cyber criminals are offering malware-infected-hosts, also known as
loads, in a model of sale that proposes the monetization of bots
activities through its rent of the compromised systems.

Of course the services offered are totally customizable, clients can
choose the type of malware that infects the victims and their geographic
location, it is possible rent US-based malware infected hosts or machine
in European Union.

Security expert Dancho Danchev in a post on Webroot threat blog revealed
newly launched underground service offering access to thousands of
malware-infected machine for upsetting prices, a thousand US-based hosts
costs $200 meanwhile for a thousand EU-based hosts price varies between
$60/$120, and the price for a thousand international mix type of hosts
is $20.

http://securityaffairs.co/wordpress/12339/cyber-crime/botnets-for-rent-criminal-services-sold-in-the-underground-market.html

--
Message has been deleted
Message has been deleted

~BD~

unread,
Feb 18, 2013, 6:03:09 PM2/18/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>> You've not kept up to date with what the bad guys have been doing,
>> Graham. You need to do some research
>
> No I don't. I'm aware of what's out there. My regular setup has MSSE
> running (just in case). I said I probably *could* run without an AV and
> have no problems. I know I could. I wonder how people actually fuck
> their machines up, I try to deliberately on occasion and it takes
> forever visiting some really nasty pRon sites (and warez sites).

Is that where you found 'Tub Girl'?!!!!

That was a real eye-opener into your character, Graham.

> Wanna make it interesting? A bet? I'll make a fresh install of Windows
> 7 / 8 or XP (with updates) but no AV program, and use Firefox/Chrome -
> or a Chrome variant for a week without clearing the cache or history
> (for proof). Hell, I'll even let you pick the browser, anything but IE
> and the OS too - XP or Win 7/ 8.
>
> Then I'll upload the entire image for you and as many 3rd party's to
> analyze to their heart's content. All OS logs will be kept intact in
> case you think I installed then uninstalled a AV proggy. I'll even keep
> the machine running so the uptime logs will show no funny business (like
> if I used a Linux boot disk to clean the system). 168 hours of uptime,
> and as many sites as you want to be convinced (within reason, I'm not
> going to surf 10 hours a day for you) - I'd say around 300 unique sites
> are fair, sound about right? I pick the sites, obviously.
>
> If there is ONE instance of malware or a virus I'll pay you $200. If
> not, you pay me $200.
>
> We can keep the money in escrow with Jenn's Paypal account, we both
> trust her. If you accept, you pony up the funds (and I will too) before
> I start. I'm not doing all this and then get screwed by a welcher.
>
> You willing to put your money where your mouth is?

Not right now - I've got to buy another monitor!

> *** Feel free to give me a counter-offer if mine isn't acceptable, I
> can't wait to take your money.
>
>> (or ask me!).
>
> BWAHAHAHAHAHAHAHAHAHAHAHAHA!!!!!!!
>
> Thanks for the belly laugh!!

YW! Part and parcel of being here is for the fun of it! :-D

--

~BD~

unread,
Feb 18, 2013, 6:17:27 PM2/18/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>> ~BD~ wrote:
>>
>>> You've not kept up to date with what the bad guys have been doing!
>>
>> FYI .......
>
> Blah, blah, blah....
>
> I told you, I can surf without an AV installed and catch nothing.
>
> Take my $200 bet, or up it to more - $500??
>
> and/or...
>
> I'll make a site that's guaranteed to fuck-up your Mac. If it does, you
> pay me - if not, I pay you. Sound good? Use all the precautions you
> want, I'll need you to click ONE link.

Methinks you don't have the skilz to do that all by yourself! Are you
going to buy a 'package' on the Dark Net?

> I get to port-scan your IP ahead
> of time to make sure the port I want is still open.

You may port-scan my IP *now* if you wish. It sounds as if you have done
it previously - have you?

What *IS* my IP, btw?

> Plus, I want to be logged into your machine while you do it
> (TeamViewer/LogMeIn) no commands will be issued on the session, it's
> just proof for my benefit that you're doing what I asked.

I think I told you that I once let Peter Foldes have access to my
machine with Team Viewer. Andrew Taylor also 'popped-in" as an
instructional treat! ;-)

> I get to
> laugh my ass off and screen record the whole thing. Also, I want a
> second machine of yours recording your face (and the Mac screen in the
> background) when it happens! Skype is good, I'll talk to you while
> you're having a heart-attack.

This sounds like *real* fun! :-D

> We'll do the camera/screen-sharing work ahead of time, it will give me
> time to setup a multicast so everyone here can watch together. Until
> the screen sharing app on your Mac goes black at least - then we can all
> just watch the web cam on the XP PC and the aftermath of you frantically
> pushing buttons. ;-))

You really should be hard at work instead of planning all this
tom-foolery, Graham! Mind you, it does sound like fun - I'll consider
whether or not to play along - *I* have got the time ..... but not the
extra monitor needed right now! ;-)

--

David H. Lipman

unread,
Feb 18, 2013, 6:26:16 PM2/18/13
to
From: "~BD~" <~BD~@nomail.afraid.org>


>>>
>>> Malware traditionally was delivered as an executable or an attachment to
>>> an email. This still happens today, but attackers are have moved on to a
>>> new technique that allows the infection to happen in real-time and over
>>> applications that are not nearly as well controlled as corporate email.
>>>
>>> This technique is known as the drive-by-download and begins by remotely
>>> exploiting the target user (such as luring a user into clicking a link
>>> on Facebook that sends the user to an infected webpage). The exploit
>>> runs remotely, and once the user is compromised (usually without any
>>> indication to the user), malware is downloaded in the background.
>>>


For those on; alt.privacy.spyware and alt.2600 where this thread was taken
out of context and whose groups were added on a Cross-Post

News:BbadnZF_3MYBW4LM...@bt.com

The above, written by BD, was plagiarized w/o attribution.

http://www.paloaltonetworks.com/cam/malware/#prevent --> "Preventing Malware
Infection" under section... "Preventing the Drive-by-Download"



~BD~

unread,
Feb 18, 2013, 6:59:07 PM2/18/13
to
David H. Lipman wrote:
> From: "~BD~" <~BD~@nomail.afraid.org>
>
>
>>>>
>>>> Malware traditionally was delivered as an executable or an
>>>> attachment to
>>>> an email. This still happens today, but attackers are have moved on
>>>> to a
>>>> new technique that allows the infection to happen in real-time and over
>>>> applications that are not nearly as well controlled as corporate email.
>>>>
>>>> This technique is known as the drive-by-download and begins by remotely
>>>> exploiting the target user (such as luring a user into clicking a link
>>>> on Facebook that sends the user to an infected webpage). The exploit
>>>> runs remotely, and once the user is compromised (usually without any
>>>> indication to the user), malware is downloaded in the background.
>>>>
>
>
> For those on; alt.privacy.spyware and alt.2600 where this thread was
> taken out of context and whose groups were added on a Cross-Post
>
> News:BbadnZF_3MYBW4LM...@bt.com
>
> The above, written by BD, was plagiarized w/o attribution to:-
>
> http://www.paloaltonetworks.com/cam/malware/#prevent --> "Preventing
> Malware Infection" under section... "Preventing the Drive-by-Download"

@David H. Lipman (Usenet Net Cop extraordinaire!)

Thank you for correcting my mistake which, as you know, was simply an
oversight. I do also appreciate the interest you have shown in the subject.

Do you agree that 'modern' malware can run on modern,fast, computers
without detection by the computer user? Frightening, isn't it?

--

Aardvark

unread,
Feb 18, 2013, 7:41:28 PM2/18/13
to
On Mon, 18 Feb 2013 23:59:07 +0000, the lying, slimy, cowardly cunt wrote:

> David H. Lipman wrote:
>> From: "~BD~" <~BD~@nomail.afraid.org>
>>
>>
>>
>>>>> Malware traditionally was delivered as an executable or an
>>>>> attachment to an email. This still happens today, but attackers are
>>>>> have moved on to a new technique that allows the infection to happen
>>>>> in real-time and over applications that are not nearly as well
>>>>> controlled as corporate email.
>>>>>
>>>>> This technique is known as the drive-by-download and begins by
>>>>> remotely exploiting the target user (such as luring a user into
>>>>> clicking a link on Facebook that sends the user to an infected
>>>>> webpage). The exploit runs remotely, and once the user is
>>>>> compromised (usually without any indication to the user), malware is
>>>>> downloaded in the background.
>>>>>
>>>>>
>>
>> For those on; alt.privacy.spyware and alt.2600 where this thread was
>> taken out of context and whose groups were added on a Cross-Post
>>
>> News:BbadnZF_3MYBW4LM...@bt.com
>>
>> The above, written by BD, was plagiarized w/o attribution to:-
>>
>> http://www.paloaltonetworks.com/cam/malware/#prevent --> "Preventing
>> Malware Infection" under section... "Preventing the
>> Drive-by-Download"
>
> @David H. Lipman (Usenet Net Cop extraordinaire!)
>
> Thank you for correcting my mistake which,

I mentioned it soon after you made your 'mistake', cunt.

> as you know, was simply an
> oversight.

Yeah, cunt. Right. As David said, you were probably emulating your idol,
Butts the plagiarist.
Message has been deleted

~BD~

unread,
Feb 20, 2013, 6:17:22 AM2/20/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>> You may port-scan my IP *now* if you wish. It sounds as if you have done
>> it previously - have you?
>
> Yes, when you gave me permission to do so.

OK - My memory is not what it was! :-)

Do you recall if you found open ports?

>> What *IS* my IP, btw?
>
> Fuck if I know, I can't decode your posting-host in the headers.

That's a good thing!

> I'll take your sorry excuse for lack of a monitor as a "no". You know
> 2nd hand monitors are really cheap, right? I bought a 19" LCD for $50
> at a pawn shop a year ago. CRT monitors are pretty much free if you
> look around on the curbs - they are being thrown away all the time. A
> 2nd hand store will have a nice 21" one for $10 or so. Check it before
> you buy it though (using one of their computers for sale).

I appreciate your advice Graham. Thank you. I'll let you know what
transpires. I've been looking to see if I could get the desktop PC to
show it's pictures on a laptop screen but whilst it seems that it's
possible, it's not easy to accomplish (nor without cost!).

Btw, did you *really* scan Annexcafe as you reported a few days ago? If
so, would you let me see the report you mentioned?

--

Message has been deleted

~BD~

unread,
Feb 20, 2013, 9:00:58 AM2/20/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>> G. Morgan wrote:
>>> ~BD~ wrote:
>>>
>>>> You may port-scan my IP *now* if you wish. It sounds as if you have done
>>>> it previously - have you?
>>>
>>> Yes, when you gave me permission to do so.
>>
>> OK - My memory is not what it was! :-)
>>
>> Do you recall if you found open ports?
>
> I didn't scan every port (65,000 of them). There were no anomalies in
> the "popular" ports used for exploits.
>
>>>> What *IS* my IP, btw?
>>>
>>> Fuck if I know, I can't decode your posting-host in the headers.
>>
>> That's a good thing!
>
> Yes, it is.
>
>>> I'll take your sorry excuse for lack of a monitor as a "no". You know
>>> 2nd hand monitors are really cheap, right? I bought a 19" LCD for $50
>>> at a pawn shop a year ago. CRT monitors are pretty much free if you
>>> look around on the curbs - they are being thrown away all the time. A
>>> 2nd hand store will have a nice 21" one for $10 or so. Check it before
>>> you buy it though (using one of their computers for sale).
>>
>> I appreciate your advice Graham. Thank you. I'll let you know what
>> transpires. I've been looking to see if I could get the desktop PC to
>> show it's pictures on a laptop screen but whilst it seems that it's
>> possible, it's not easy to accomplish (nor without cost!).
>
> Sure it is. Temporarily hook up the working monitor and configure
> Remote Desktop, or Logmein or Teamviewer. Then just remote into your
> "headless" PC.


I might need a bit more help with that! :-(


>> Btw, did you *really* scan Annexcafe as you reported a few days ago?
>
> Yes.
>
>> If so, would you let me see the report you mentioned?
>
> I posted it. It's a .pdf in a .zip file with a password.
>
> Message-ID: <r0tuh89brotnvvv5b...@Osama-is-dead.net>
>
> I just went to the site and it's gone... fuck.
>
> Here it is again:
>
> http://www.filedropper.com/annexcafeaffecteditems
>
> Get it quickly - they must delete items not picked up in "x" amount of
> time.
>

I've got the file - NOW I need the password! *Please*?!!

*Thank you* Graham. :-)

--

~BD~

unread,
Feb 20, 2013, 9:11:58 AM2/20/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>> >G. Morgan wrote:
>>> >>~BD~ wrote:
>>> >>
>>>> >>>You may port-scan my IP*now* if you wish. It sounds as if you have done
>>>> >>>it previously - have you?
>>> >>
>>> >>Yes, when you gave me permission to do so.
>> >
>> >OK - My memory is not what it was!:-)
>> >
>> >Do you recall if you found open ports?
> I didn't scan every port (65,000 of them). There were no anomalies in
> the "popular" ports used for exploits.


Thanks Graham. May I email you about this matter?

If so, to which address, please?

--

BurfordTJustice

unread,
Feb 20, 2013, 10:25:29 AM2/20/13
to

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:XcGdnSOO4PwzRLnM...@bt.com...
As if you two don't now...LOL

Message has been deleted
Message has been deleted

Aardvark

unread,
Feb 20, 2013, 12:16:46 PM2/20/13
to
On Wed, 20 Feb 2013 11:06:06 -0600, G. Morgan wrote:

> ~BD~ wrote:
>
>>> Sure it is. Temporarily hook up the working monitor and configure
>>> Remote Desktop, or Logmein or Teamviewer. Then just remote into your
>>> "headless" PC.
>>
>>
>>I might need a bit more help with that! :-(
>
> RTFM ! LogMeIn and TeamViewer are very straightforward. Using Remote
> Desktop is a little harder with a Mac -> PC unless you install Windows
> in a VM on the Mac. Being that both units are on the same network it's
> very easy.
>
>>I've got the file - NOW I need the password! *Please*?!!
>>
>>*Thank you* Graham. :-)
>
> It contains sensitive information, including a master password! This
> guy didn't cover his ass very well. It also has a lot of Cold Fusion
> code that you'll not understand.
>
> What's the password to the .pdf worth to you? Hell, just have Dusty
> crack it for you... he's stated it's easy - let him prove it.

LOL. For a few horrible moments, I thought you were just going to give
him the fucking thing. :-)

~BD~

unread,
Feb 20, 2013, 12:31:21 PM2/20/13
to
> You may learn to use MacGPG to communicate privately. ;-)
>
> https://www.gpgtools.org/

Is that the link that is going to write off my iMac?

I'd like to know before I click on it!

> My public key ID is in my header. Send me an encrypted message and I'll
> send back the password.

That may take a while. I'm a busy boy! ;-)

--


~BD~

unread,
Feb 20, 2013, 1:02:31 PM2/20/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>>> Sure it is. Temporarily hook up the working monitor and configure
>>> Remote Desktop, or Logmein or Teamviewer. Then just remote into your
>>> "headless" PC.
>>
>>
>> I might need a bit more help with that! :-(
>
> RTFM ! LogMeIn and TeamViewer are very straightforward. Using Remote
> Desktop is a little harder with a Mac -> PC unless you install Windows
> in a VM on the Mac. Being that both units are on the same network it's
> very easy.

I've got the 'headless' Desktop directly connected to a laptop running
XP with a VGA cable http://en.wikipedia.org/wiki/VGA_connector

No need to involve the iMac at all!

I've had a quick play with Remote Desktop but without success.

>> I've got the file - NOW I need the password! *Please*?!!
>>
>> *Thank you* Graham. :-)
>
> It contains sensitive information, including a master password! This
> guy didn't cover his ass very well. It also has a lot of Cold Fusion
> code that you'll not understand.

That's an interesting observation. Gregory Gooden is a *real*
'PROFESSIONAL' who has been doing this 'stuff' for over 20 years. It
says so here: http://www.annex.com/main.cfm

"We offer professional grade web hosting services with a lot of features
that the "other guys" can't match. We house our own servers (and yours)
on multiple (beefy) internet feeds in different geographic locations."

However .......

You have insinuated that he's not very good at his job! <shock!>

> What's the password to the .pdf worth to you? Hell, just have Dusty
> crack it for you... he's stated it's easy - let him prove it.

I just want the 'good guys' to win, Graham!

You've no doubt read what Beauregard T. Shagnasty said about Annex?

<quote>

Examining the annex.com web site might indicate that its owner is also
lacking clues about how to write a site that gets much above that "0"
rating. It is, first thing I notice, very slow to respond (even on my
high-speed cable). Superfluous JavaScript. Last millennium style code.
The web hosting plans are about twice as expensive as the norm - for a
good deal less service than the norm. For example, my web site host's
Basic plan offers 40 times the monthly transfer rate and 15 times the
storage, for half the price of annex.com's Basic plan. :-/

</quote>

http://groups.google.com/group/alt.computer.security/msg/b0215eafa5d4c377?hl=en

--
Message has been deleted
Message has been deleted
Message has been deleted

~BD~

unread,
Feb 20, 2013, 1:37:38 PM2/20/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>>> https://www.gpgtools.org/
>>
>> Is that the link that is going to write off my iMac?
>
> No. I have not made that for you yet. You have to put up the cash
> before I do any work.

Ah! That's good. You know, of course, that what you proposed to do would
land you in jail, don't you?!! ;-)

--

BurfordTJustice

unread,
Feb 20, 2013, 1:49:40 PM2/20/13
to

"G. Morgan" <seal...@osama-is-dead.net> wrote in message
news:605ai8pn9gkiomh51...@Osama-is-dead.net...
~BD~ wrote:

>> https://www.gpgtools.org/
>
>Is that the link that is going to write off my iMac?

No. I have not made that for you yet. You have to put up the cash
before I do any work.
--
Yea, you need cash. you are not working again but playing on usenet.
Mean while your eyeball deep in debt grows...
Time to call mum again??

FromTheRafters

unread,
Feb 20, 2013, 2:22:00 PM2/20/13
to
~BD~ formulated the question :
No, it's called "pen testing" and it's perfectly legal within certain
parameters.


Aardvark

unread,
Feb 20, 2013, 2:26:34 PM2/20/13
to
> I figured that, no password for you!

LOL.

~BD~

unread,
Feb 20, 2013, 3:53:23 PM2/20/13
to
I don't agree!

I read here: http://en.wikipedia.org/wiki/Penetration_test

G. Morgan was considering *destroying* my iMac remotely.

I have no doubt that he could (probably) do that - if he did, he'd go to
prison. What he says/does is being monitored!

There *is* a public record of his planned action! :-)

--

Bear

unread,
Feb 20, 2013, 4:08:38 PM2/20/13
to
~BD~ <~BD~@nomail.afraid.org> wrote in
news:s8CdnWjGcY1eqrjM...@bt.com:
David I'm hoping Graham was simply having a funny moment when he posted
that message about hacking your Mac!

Jax :)
--
Bear Bottoms
http://bearware.info

~BD~

unread,
Feb 20, 2013, 4:15:45 PM2/20/13
to
I hope so too!

He knows full well that such threats are recorded and could be used in
evidence against him! ;-)

--

mark lewis

unread,
Feb 20, 2013, 10:43:01 AM2/20/13
to
+ User FidoNet address: 1:3634/12.42
~> I've got the 'headless' Desktop directly connected to a laptop
~> running XP with a VGA cable
~> http://en.wikipedia.org/wiki/VGA_connector

you're trying to connect two outgoing ports together... that won't work... the
VGA on the laptop is for an external monitor or projector... so is the one on
the desktop...

)\/(ark
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA) +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

Aardvark

unread,
Feb 20, 2013, 4:58:38 PM2/20/13
to
On Wed, 20 Feb 2013 12:24:12 -0600, G. Morgan wrote:

> Aardvark wrote:
>
>>> What's the password to the .pdf worth to you? Hell, just have Dusty
>>> crack it for you... he's stated it's easy - let him prove it.
>>
>>LOL. For a few horrible moments, I thought you were just going to give
>>him the fucking thing. :-)
>
> Lol... nope.
>

:-)

> I'll send it to you if you're interested. You'll be able to make sense
> of it at least.

Frankly, mate, I'd sooner watch paint dry than learn much more than I
ever wanted to know about wherever it is. Aumha? Annex? I haven't really
been paying attention as it's just the boater's same old, same old. I
tend to skip over a lot of his shit when he starts rambling about his
obsessions.

~BD~

unread,
Feb 20, 2013, 5:02:54 PM2/20/13
to
Hello Mark

I have no doubt that you are 100% correct! :-)

Perhaps I'll just wait for a replacement monitor. Take the easy route!

In the meantime, I'll make do with my iMac!

--

Message has been deleted

Aardvark

unread,
Feb 20, 2013, 6:43:16 PM2/20/13
to
> Not if you gave me permission. It's a bet, dimmy.

He likes to let his inner moron out a few times every day just air it,
mate.

:-)
Message has been deleted

~BD~

unread,
Feb 20, 2013, 6:49:28 PM2/20/13
to
> Not if you gave me permission. It's a bet, dimmy.

I'm not sufficiently dim to give you *permission* to do harm to my
hardware!!!

Might someone, possibly, have put my Dell monitor out of action - just
as you had suggested that you would destroy my iMac?

--

Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted

~BD~

unread,
Feb 20, 2013, 7:15:42 PM2/20/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>> G. Morgan was considering *destroying* my iMac remotely.
>
>
> Depends on your definition of "destroying". It would be quite difficult
> to destroy any hardware. I was thinking more along the lines of
> destroying (or make it incredibly hard to recover) data on the disk. You
> do have a full backup image to restore everything back to normal, right?


Yes - I do! :-)

--

~BD~

unread,
Feb 20, 2013, 7:17:04 PM2/20/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>>
>> I have no doubt that you are 100% correct! :-)
>>
>> Perhaps I'll just wait for a replacement monitor. Take the easy route!
>>
>> In the meantime, I'll make do with my iMac!
>
> Why don't you temporarily connect the monitor to the XP machine and
> install LogMeIn on it? When it's up and running you can remote into it
> easily with the Mac.
>

It's late. I don't understand how to do that! :-(

Best if I go to bed now!!!

--
Message has been deleted
Message has been deleted

Aardvark

unread,
Feb 20, 2013, 7:24:02 PM2/20/13
to
On Wed, 20 Feb 2013 18:01:48 -0600, G. Morgan wrote:

> Aardvark wrote:
>
>>On Wed, 20 Feb 2013 12:24:12 -0600, G. Morgan wrote:
>>
>>> Aardvark wrote:
>>>
>>>>> What's the password to the .pdf worth to you? Hell, just have Dusty
>>>>> crack it for you... he's stated it's easy - let him prove it.
>>>>
>>>>LOL. For a few horrible moments, I thought you were just going to give
>>>>him the fucking thing. :-)
>>>
>>> Lol... nope.
>>>
>>>
>>:-)
>>
>>> I'll send it to you if you're interested. You'll be able to make
>>> sense of it at least.
>>
>>Frankly, mate, I'd sooner watch paint dry than learn much more than I
>>ever wanted to know about wherever it is. Aumha? Annex? I haven't really
>>been paying attention as it's just the boater's same old, same old. I
>>tend to skip over a lot of his shit when he starts rambling about his
>>obsessions.
>
> It's not terribly interesting, but surprisingly insecure. U/N's and
> P/W's in clear text, plus cross-site scripting is open on one page.
> Inject the Javascript code of your choice and it will run on the
> Annexcafe server. I probably should email the site owner about it.
>
> Who is in charge there?

LOL. Are you asking *me*, mate? I haven't the foggiest idea and care even
less.

~BD~

unread,
Feb 20, 2013, 7:26:02 PM2/20/13
to
G. Morgan wrote:
> Aardvark wrote:
>
>> On Wed, 20 Feb 2013 12:24:12 -0600, G. Morgan wrote:
>>
>>> Aardvark wrote:
>>>
>>>>> What's the password to the .pdf worth to you? Hell, just have Dusty
>>>>> crack it for you... he's stated it's easy - let him prove it.
>>>>
>>>> LOL. For a few horrible moments, I thought you were just going to give
>>>> him the fucking thing. :-)
>>>
>>> Lol... nope.
>>>
>>
>> :-)
>>
>>> I'll send it to you if you're interested. You'll be able to make sense
>>> of it at least.
>>
>> Frankly, mate, I'd sooner watch paint dry than learn much more than I
>> ever wanted to know about wherever it is. Aumha? Annex? I haven't really
>> been paying attention as it's just the boater's same old, same old. I
>> tend to skip over a lot of his shit when he starts rambling about his
>> obsessions.
>
> It's not terribly interesting, but surprisingly insecure. U/N's and
> P/W's in clear text, plus cross-site scripting is open on one page.
> Inject the Javascript code of your choice and it will run on the
> Annexcafe server. I probably should email the site owner about it.
>
> Who is in charge there?


The site owner is Gregory Gooden

Surely you knew that - or could easily have found out!

See: http://www.annexcafe.com/about.cfm

I think, though, that is a VERY old photograph!

When I contacted him about an iframe on his site, I got short shrift!

I do think, though, that you *should* tell him about any insecurities
you have detected.

--

Aardvark

unread,
Feb 20, 2013, 7:25:56 PM2/20/13
to
LOL.'Late' has fuck-all to do with it.

Aardvark

unread,
Feb 20, 2013, 7:27:15 PM2/20/13
to
> I could do it all remotely for you. I'll need passwords for the XP
> machine and your router.

Did I just hear the 'boinnnggggg!' sound of one of his hinkies popping
up, mate?

:-)

~BD~

unread,
Feb 20, 2013, 7:42:45 PM2/20/13
to
Aardvark I know feeds mice to pet snake(s)

I wonder if he likes cats as much a Gregory?!!

http://staff.annexcafe.com/ggooden/

--

He won't click on the link though! BWaaahahahaha!

FromTheRafters

unread,
Feb 20, 2013, 8:17:54 PM2/20/13
to
~BD~ wrote on 2/20/2013 :
> G. Morgan wrote:
>> ~BD~ wrote:
>>
>>> G. Morgan wrote:
>>>> ~BD~ wrote:
>>>>
>>>>>> https://www.gpgtools.org/
>>>>>
>>>>> Is that the link that is going to write off my iMac?
>>>>
>>>> No. I have not made that for you yet. You have to put up the cash
>>>> before I do any work.
>>>
>>> Ah! That's good. You know, of course, that what you proposed to do would
>>> land you in jail, don't you?!! ;-)
>>
>> Not if you gave me permission. It's a bet, dimmy.
>
> I'm not sufficiently dim to give you *permission* to do harm to my
> hardware!!!

Does your iMac have a TPM chip?
>
> Might someone, possibly, have put my Dell monitor out of action - just as you
> had suggested that you would destroy my iMac?

*Highly* unlikely, IMO.


Eagle

unread,
Feb 20, 2013, 11:11:31 PM2/20/13
to
G. Morgan got busy and wrote :
> ~BD~ wrote:
>
>> G. Morgan wrote:
>>> ~BD~ wrote:
>>>
>>>> G. Morgan wrote:
>>>>> ~BD~ wrote:
>>>>>
>>>>>>> https://www.gpgtools.org/
>>>>>>
>>>>>> Is that the link that is going to write off my iMac?
>>>>>
>>>>> No. I have not made that for you yet. You have to put up the cash
>>>>> before I do any work.
>>>>
>>>> Ah! That's good. You know, of course, that what you proposed to do would
>>>> land you in jail, don't you?!! ;-)
>>>
>>> Not if you gave me permission. It's a bet, dimmy.
>>
>> I'm not sufficiently dim to give you *permission* to do harm to my
>> hardware!!!
>
> I wasn't talking about hardware. I suppose I could do a low-level disk
> format, if you allow it.
>
>> Might someone, possibly, have put my Dell monitor out of action - just
>> as you had suggested that you would destroy my iMac?
>
> No. Not that I've ever heard of.

<rubbing eyes in disbelief> lol

--
Eagle
Since light travels faster than sound, some people
appear bright until you hear them speak.


~BD~

unread,
Feb 21, 2013, 3:27:44 AM2/21/13
to
> Come to think of it, you said you plugged two OUTPUTS into each other...
> You may have fried the monitor that way. How the hell did you manage to
> hook it up? You would need a gender changer to do that. IOW, go out of
> your way to fuck it up.


I'm not properly awake yet, but .......

My Dell Desktop was connected to the Dell monitor with a blue VGA cable
when - suddenly - I had no picture (just a pale green pattern effect
which slowly changed). At first I thought it was a failure somewhere in
the computer but eventually unplugged all cables from the monitor and
moved it for better access.

When I plugged in *only* the power cable and switched on, I still didn't
have the multi-coloured 'set-up' picture. My diagnosis? Monitor failure!

I pondered on whether or not I could simply plug the 'now loose' end of
the blue VGA cable into the socket on the laptop and somehow use the
laptop screen to see the output of the now headless desktop.

As it has been pointed out, The VGA socket on the laptop is designed for
'output' only! Doh! <smacks forehead>!

HTH

--

The laptop is still working!!! ;-)

~BD~

unread,
Feb 21, 2013, 3:35:46 AM2/21/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>> G. Morgan wrote:
>>> ~BD~ wrote:
>>>
>>>> G. Morgan wrote:
>>>>> ~BD~ wrote:
>>>>>
>>>>>>> https://www.gpgtools.org/
>>>>>>
>>>>>> Is that the link that is going to write off my iMac?
>>>>>
>>>>> No. I have not made that for you yet. You have to put up the cash
>>>>> before I do any work.
>>>>
>>>> Ah! That's good. You know, of course, that what you proposed to do would
>>>> land you in jail, don't you?!! ;-)
>>>
>>> Not if you gave me permission. It's a bet, dimmy.
>>
>> I'm not sufficiently dim to give you *permission* to do harm to my
>> hardware!!!
>
> I wasn't talking about hardware. I suppose I could do a low-level disk
> format, if you allow it.

Phew! I don't think that will be necessary! ;-)

>> Might someone, possibly, have put my Dell monitor out of action - just
>> as you had suggested that you would destroy my iMac?
>
> No. Not that I've ever heard of.

I felt that was *highly* unlikely; the failure did occur, though at
*exactly* the same time as I made a right click on my mouse!

Just thought I'd ask an expert! :-)

--

I can't remember exactly what I was doing at the time! :-(

~BD~

unread,
Feb 21, 2013, 3:47:24 AM2/21/13
to
FromTheRafters wrote:
> ~BD~ wrote on 2/20/2013 :
>> G. Morgan wrote:
>>> ~BD~ wrote:
>>>
>>>> G. Morgan wrote:
>>>>> ~BD~ wrote:
>>>>>
>>>>>>> https://www.gpgtools.org/
>>>>>>
>>>>>> Is that the link that is going to write off my iMac?
>>>>>
>>>>> No. I have not made that for you yet. You have to put up the cash
>>>>> before I do any work.
>>>>
>>>> Ah! That's good. You know, of course, that what you proposed to do
>>>> would
>>>> land you in jail, don't you?!! ;-)
>>>
>>> Not if you gave me permission. It's a bet, dimmy.
>>
>> I'm not sufficiently dim to give you *permission* to do harm to my
>> hardware!!!
>
> Does your iMac have a TPM chip?

I learn new things from you almost every day! ;-)

http://en.wikipedia.org/wiki/Trusted_Platform_Module

No TPM chip - not as far as I can determine anyway, There is, though, an
encryption facility. You may like to read about it here:-

http://support.apple.com/kb/ht4790

>> Might someone, possibly, have put my Dell monitor out of action - just
>> as you had suggested that you would destroy my iMac?
>
> *Highly* unlikely, IMO.

That's good to hear! Thank you, FTR. :-)

--

~BD~

unread,
Feb 21, 2013, 4:51:56 AM2/21/13
to
Eagle wrote:
> G. Morgan got busy and wrote :
>> ~BD~ wrote:
>>> G. Morgan wrote:
>>>> ~BD~ wrote:
>>>>
>>>>> G. Morgan wrote:
>>>>>> ~BD~ wrote:
>>>>>>
>>>>>>>> https://www.gpgtools.org/
>>>>>>>
>>>>>>> Is that the link that is going to write off my iMac?
>>>>>>
>>>>>> No. I have not made that for you yet. You have to put up the cash
>>>>>> before I do any work.
>>>>>
>>>>> Ah! That's good. You know, of course, that what you proposed to do
>>>>> would
>>>>> land you in jail, don't you?!! ;-)
>>>>
>>>> Not if you gave me permission. It's a bet, dimmy.
>>>
>>> I'm not sufficiently dim to give you *permission* to do harm to my
>>> hardware!!!
>>
>> I wasn't talking about hardware. I suppose I could do a low-level disk
>> format, if you allow it.
>>
>>> Might someone, possibly, have put my Dell monitor out of action -
>>> just as you had suggested that you would destroy my iMac?
>>
>> No. Not that I've ever heard of.
>
> <rubbing eyes in disbelief> lol
>

What are you surprised by, Eagle? <raises eyebrows?

FYI

It is certainly possible for malware to cause serious hardware damage.

Let's have a look at some theoretical (for now) but practically possible
examples which I've been able to dig up from my reading:

* Put your graphics card into a mode with very high refresh rates or
resolutions which are beyond the capability of your monitor. It's very
likely that you will have to write off at least an older monitor.

* Turn off (or turn down) the fan speed control on your cpu/hard
drive/system fan. Under certain circumstances this could cause
overheating and probably permanent damage to the cpu.

* Let the drive attempt to address areas which do not physically exist,
damaging the internals of that same drive.

* Clear your CMOS settings or change them; over-volt your ram, for
example, or overclock certain options on that level. This may do
considerable damage.

* Flash your BIOS so you can't boot anymore. You would have to get a new
chip at least.

* Overwrite/corrupt your CDROM or DVDROM.

* Overwrite the config/firmware of your router/access point for your
Bluetooth or WiFi. May kill your mobile phone.

As to your router, I could probably think of something, but hey, you are
lucky: this is not what malware writers are usually after.

Paul

http://forum.kaspersky.com/index.php?showtopic=43825&hl=hardware+damage

--
I have no doubt that Dustin will know this to be true! ;-)

BurfordTJustice

unread,
Feb 21, 2013, 7:54:22 AM2/21/13
to

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:s8CdnWjGcY1eqrjM...@bt.com...
FromTheRafters wrote:
> ~BD~ formulated the question :
>> G. Morgan wrote:
>>> ~BD~ wrote:
>>>
>>>>> https://www.gpgtools.org/
>>>>
>>>> Is that the link that is going to write off my iMac?
>>>
>>> No. I have not made that for you yet. You have to put up the cash
>>> before I do any work.
>>
>> Ah! That's good. You know, of course, that what you proposed to do
>> would land you in jail, don't you?!! ;-)
>
> No, it's called "pen testing" and it's perfectly legal within certain
> parameters.

I don't agree!

I read here: http://en.wikipedia.org/wiki/Penetration_test

G. Morgan was considering *destroying* my iMac remotely.

I have no doubt that he could (probably) do that - if he did, he'd go to
prison. What he says/does is being monitored!

There *is* a public record of his planned action! :-)

--
Why would you even think for a second he has the skills to do as he said.
If his skills were that good, would he be eyeball deep in debt??

BurfordTJustice

unread,
Feb 21, 2013, 7:56:05 AM2/21/13
to

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:cJydnTUzUpiU_LjM...@bt.com...
LOL


~BD~

unread,
Feb 21, 2013, 8:43:25 AM2/21/13
to
G. Morgan wrote:
> ~BD~ wrote:
>
>> Bear wrote:
>>> ~BD~ <~BD~@nomail.afraid.org> wrote in
>>> news:s8CdnWjGcY1eqrjM...@bt.com:
>>>
>>>> FromTheRafters wrote:
>>>>> ~BD~ formulated the question :
>>>>>> G. Morgan wrote:
>>>>>>> ~BD~ wrote:
>>>>>>>
>>>>>>>>> https://www.gpgtools.org/
>>>>>>>>
>>>>>>>> Is that the link that is going to write off my iMac?
>>>>>>>
>>>>>>> No. I have not made that for you yet. You have to put up the cash
>>>>>>> before I do any work.
>>>>>>
>>>>>> Ah! That's good. You know, of course, that what you proposed to do
>>>>>> would land you in jail, don't you?!! ;-)
>>>>>
>>>>> No, it's called "pen testing" and it's perfectly legal within certain
>>>>> parameters.
>>>>
>>>> I don't agree!
>>>>
>>>> I read here: http://en.wikipedia.org/wiki/Penetration_test
>>>>
>>>> G. Morgan was considering *destroying* my iMac remotely.
>>>>
>>>> I have no doubt that he could (probably) do that - if he did, he'd go to
>>>> prison. What he says/does is being monitored!
>>>>
>>>> There *is* a public record of his planned action! :-)
>>>
>>> David I'm hoping Graham was simply having a funny moment when he posted
>>> that message about hacking your Mac!
>>>
>>> Jax :)
>>
>> I hope so too!
>>
>> He knows full well that such threats are recorded and could be used in
>> evidence against him! ;-)
>
> I wouldn't do anything unless you gave me explicit permission and you
> know the potential outcome. That's the bet, you risk money and a fucked
> up machine - or win money if I fail.
>
> You will *have* to click on a link you know may cause harm. The link
> will specifically have a warning to that effect, in fact it will read
> "do not click this link". The URL will be private, and hidden behind a
> password protected page so no others can accidentally click it. You
> assume the risk if you want to bet.
>
> You will give me written permission (in public) before any of this is
> done. It's not illegal to do a pen test when the owner asks for it. In
> fact, companies pay lots of money for white-hat "hackers" to try and
> gain access. It helps them identify weaknesses in the network so it can
> be corrected before a "bad guy" beats them to it.


I accept what you say, Graham. :-)
--

FromTheRafters

unread,
Feb 21, 2013, 10:19:41 AM2/21/13
to
~BD~ explained on 2/21/2013 :
Saying no to the wargames then?

Too bad, it would almost be of interest to all of the groups involved.


Eagle

unread,
Feb 21, 2013, 10:52:42 AM2/21/13
to
~BD~ brought next idea :
Why would anyone want to do all this to a monitor?
It makes better sense if the monitor just shorted out from use and age,
don't you think?
The best deals for a monitor would be on ebay. That's where I got this
20" flat screen LCD, and paid $125.00 for it.

--
Eagle
Going to church doesn't make you a Christian any more than standing in
a
garage makes you a car.


~BD~

unread,
Feb 21, 2013, 11:57:45 AM2/21/13
to
I didn't say that anyone *did* do it, Eagle - I asked why you were
surprised by FTR's response to me! Please answer that query. TIA.

> It makes better sense if the monitor just shorted out from use and age,
> don't you think?

I don't know what caused the failure. It was just a little odd that it
occurred at *exactly* the same point in time as when I clicked my right
mouse button (on what, I cannot recall).

> The best deals for a monitor would be on ebay. That's where I got this
> 20" flat screen LCD, and paid $125.00 for it.

Hey! I took your advice and won an eBay auction this very day!

http://www.ebay.co.uk/itm/Dell-E171FPb-17-LCD-Monitor-Gray-/290863359493?ViewItem=&ssPageName=ADME%3AB%3AEOIBSA%3AGB%3A3160&item=290863359493&nma=true&si=x6TWy5tXjW5265o2I1FEtO1FoGw%253D&orig_cvip=true&rt=nc&_trksid=p2047675.l2557

Or http://goo.gl/vNuSC

It's an exact match to the original! Thanks, Dave Eagle! :-)

--

Eagle

unread,
Feb 21, 2013, 12:57:42 PM2/21/13
to
~BD~ pretended :
Cool. So you paid about $30.00 for it? [17 pounds and 6 pounds to ship]

~BD~

unread,
Feb 21, 2013, 1:06:27 PM2/21/13
to
Eagle wrote:
> ~BD~ pretended :
[....]
>
> Cool. So you paid about $30.00 for it? [17 pounds and 6 pounds to ship]

Just a little more - Are you dyscalculic, Eagle?

The postage is ᅵ9.00!!!!!! ;-)

--

Good word that!

BurfordTJustice

unread,
Feb 21, 2013, 3:24:14 PM2/21/13
to

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:V86dndxenMCUz7vM...@bt.com...
LOL That makes us so happy! Well Done ole Chap.

~BD~

unread,
Feb 21, 2013, 3:42:09 PM2/21/13
to
Eagle

I asked why you were surprised by FTR's response to me! Please answer
that query. TIA.

--

~BD~

unread,
Feb 21, 2013, 4:35:17 PM2/21/13
to
BurfordTJustice wrote:

>
> --
> LOL That makes us so happy! Well Done ole Chap.
>

Jolly good! :-)

Btw, T I N U

Eagle

unread,
Feb 21, 2013, 8:38:50 PM2/21/13
to
on 2/21/2013, ~BD~ supposed :
I took a guess, Dave. I was fairly close!

--
Eagle
I'm supposed to respect my elders, but it's
getting harder and harder for me to find one now.


Eagle

unread,
Feb 21, 2013, 8:39:18 PM2/21/13
to
~BD~ got busy and wrote :
> Eagle
>
> I asked why you were surprised by FTR's response to me! Please answer that
> query. TIA.

What did FTR say?

--
Eagle
If I agreed with you,
we'd both be wrong.


Message has been deleted
Message has been deleted
Message has been deleted
Message has been deleted

~BD~

unread,
Feb 22, 2013, 4:53:30 AM2/22/13
to
Eagle wrote:
> ~BD~ got busy and wrote :
>> Eagle
>>
>> I asked why you were surprised by FTR's response to me! Please answer
>> that query. TIA.
>
> What did FTR say?
>

Ooops! *My bad* as you might say!

It was a response you gave to G.Morgan, *not* FTR, which I wanted you to
expand on.

Here's the MID: Message-ID: <mn.a4bb7dd2b6...@gmail.com>

http://al.howardknight.net/msgid.cgi?STYPE=msgid&A=0&MSGI=%3Cmn.a4bb7dd2b6887b22.128701%40gmail.com%3E

>> Might someone, possibly, have put my Dell monitor out of action -
just as you had suggested that you would destroy my iMac?
>
> No. Not that I've ever heard of.

Eagle then said ....... " <rubbing eyes in disbelief> lol "

I'd appreciate you explaining what prompted that comment from you.

Cheers! Have a great day! :-)

D.

--

Aardvark

unread,
Feb 22, 2013, 6:22:27 AM2/22/13
to
On Fri, 22 Feb 2013 03:18:52 -0600, G. Morgan wrote:

> ~BD~ wrote:
>
>>G. Morgan wrote:
>>> Aardvark wrote:
>>>
>>>> On Wed, 20 Feb 2013 12:24:12 -0600, G. Morgan wrote:
>>>>
>>>>> Aardvark wrote:
>>>>>
>>>>>>> What's the password to the .pdf worth to you? Hell, just have
>>>>>>> Dusty crack it for you... he's stated it's easy - let him prove
>>>>>>> it.
>>>>>>
>>>>>> LOL. For a few horrible moments, I thought you were just going to
>>>>>> give him the fucking thing. :-)
>>>>>
>>>>> Lol... nope.
>>>>>
>>>>>
>>>> :-)
>>>>
>>>>> I'll send it to you if you're interested. You'll be able to make
>>>>> sense of it at least.
>>>>
>>>> Frankly, mate, I'd sooner watch paint dry than learn much more than I
>>>> ever wanted to know about wherever it is. Aumha? Annex? I haven't
>>>> really been paying attention as it's just the boater's same old, same
>>>> old. I tend to skip over a lot of his shit when he starts rambling
>>>> about his obsessions.
>>>
>>> It's not terribly interesting, but surprisingly insecure. U/N's and
>>> P/W's in clear text, plus cross-site scripting is open on one page.
>>> Inject the Javascript code of your choice and it will run on the
>>> Annexcafe server. I probably should email the site owner about it.
>>>
>>> Who is in charge there?
>>
>>
>>The site owner is Gregory Gooden
>>
>>Surely you knew that - or could easily have found out!
>>
>>See: http://www.annexcafe.com/about.cfm
>>
>>I think, though, that is a VERY old photograph!
>>
>>When I contacted him about an iframe on his site, I got short shrift!
>>
>>I do think, though, that you *should* tell him about any insecurities
>>you have detected.
>
> Nahh...
>
> If he wants to know what I discovered he can contact me. I don't have
> time for a hothead using CFM when a MVP would use ASP.
>
> Too many acronyms!

The fucker is really desperate for someone, anyone to get in touch with
the guy, mate, eh? If you had done it, can you imagine the amount of
interrogation for every little detail of your communication you would get
from the boater?

I think your choice to leave well alone is the right one, because
otherwise you'd never hear the end of it.



--
"I grabbed a pile of dust, and holding it up, foolishly asked for as many
birthdays as the grains of dust, I forgot to ask that they be years of
youth. "
-Ovid (Publius Ovidius Naso (20 March 43 BC – AD 17/18))
Message has been deleted

Aardvark

unread,
Feb 22, 2013, 6:59:23 AM2/22/13
to
On Fri, 22 Feb 2013 05:49:48 -0600, G. Morgan wrote:

> Aardvark wrote:
>
>>The fucker is really desperate for someone, anyone to get in touch with
>>the guy, mate, eh? If you had done it, can you imagine the amount of
>>interrogation for every little detail of your communication you would
>>get from the boater?
>>
>>I think your choice to leave well alone is the right one, because
>>otherwise you'd never hear the end of it.
>
>
> No doubt. I only scanned it for my own benefit, curiosity. I didn't
> even let the scan finish, still got a 48 p. report though.

So some random site is extremely badly put together, mate. Who, apart
from the boater, really gives a shit? I certainly don't, and I assume
neither do you.

BurfordTJustice

unread,
Feb 22, 2013, 7:09:25 AM2/22/13
to

"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:4cOdnXB0ENmIDrvM...@bt.com...
--
Awwwww I feel for ya...does it hurt??

Tubulointerstitial nephritis and uveitis (TINU syndrome)

Eagle

unread,
Feb 22, 2013, 9:50:33 AM2/22/13
to
After serious thinking ~BD~ wrote :
OK. I was amazed at the thought of destroying a monitor like that from
long distance. I just couldn't see how that could possibly be done
Dave, OK?
Do you think a monitor could be sabotaged from long distance?
It is loading more messages.
0 new messages