Hinky’s Proxy Obsession

I have released my Secret Sauce recipe.

I really got tired sitting on it for so long and the manufacturer didn’t seem interested in talking to me, but I’ve been using it 24×7 ever since I found the damned thing last October.  For a long time I considered keeping it as a private hack, because it works so well and it’s so easy to hack into other tools.

The last time I did this, they patched it within thirty days.  This time around they treated me like a potted plant, and there may have been a good reason for that.  I’m not entirely certain it’s 100% their problem.  It could be a Microsoft issue.  If so, they’re screwed to a flat board until Microsoft decides to do something about it or a viable work-around is found.

Anyway, the days are numbered for this one.  It’s not going to work forever.  But I’ll keep hacking away at it.

The third time’s the charm.

Four days of proxies on the front page!

We are living through hard times, boys and girls!  So hard that even the Dinkster himself had to rely on a PHP proxy to do his forum haunting (thank you Baron Munchausen!).

It’s been a rough week on other fronts as well.  I got caught up in McAfee’s mess back at the Salt Mine.  Not only am I the local Network Nazi, but I also manage McAfee’s crappy AV for the entire enterprise.  Luckily that day (Wednesday) I was telecommuting via RDP back-tunneling (over obfuscated-openssh on Cygwin) so I was not in the thick of things.

I was “in the cloud”, as it were.

I was also wise enough never to have installed Service Pack 3 on my Salt Mine PC, so I was one of the lucky ones.  For a variety of reasons, I never trusted it.  I was almost ready to apply it once IE 7.0 came out, but then I heard there was no roll-back to IE 6 on machines with SP3, so I passed.  I have it on all the XP machines here on DinkNet, but I use different AV.

And that was an odd thing.

I have Microsoft Security Essentials (MSE) on my main box and that morning it died.  Very mysteriously.  The little green system tray icon was just plain gone and when I went to restart it from Control Panel, Services the system told me it could not be found.

This was before the news came out that the whole thing was due to a turd dropped on the world by McAfee, so I was quietly sweating bullets.  Had some bug followed me home?  Or crawled through my other covert tunnel, OpenVPN?  I switched boxes while I re-installed MSE on that system.  Then I rebooted it and performed a full scan.  Nothing.

And “nothing” doesn’t mean shit these days, with fast-mutating bugz like Zeus floating around the Interwebs.  The virus definitions you get today are for crap that has been around for months.

While all this is going on I get a call from my sprog, Inky Dink, and it turns out he’s having AV problems too!  And I know damn well he doesn’t run McAfee because I personally installed MSE on his system!

What the motherfucking fuck was going on here?

But it turned out Inky had been victimized by one of those scareware AV programs.  I pointed him to malwarebytes.org and he took care of it himself later that evening.

Again, all this time we had no idea it was a McAfee problem.  What was I to think?  AV software was dying everywhere as far as I could tell from my small corner of the Universe.  Was it cyberwar?  Was the the “Digital Pearl Harbor” the trade press has been crying about for the last four months?  Was Google’s January hack the warning shot?

No.  It was ludicrous.  It had to be a series of coincidences, so I kept my mouth shut during the Salt Mine phone conference.

Other people were not so cautious.  They started spreading all sorts of FUD.  All it takes is one jerk to read one unsubstantiated claim on one Internet forum and as soon as that happens he’s sending e-mail out to everyone and his brother and the next thing you know you’re in full chickens-with-their-heads-cut-off mode.

Luckily even though that particular jerk (our very own local security wannabee) made an idiot of himself that day and cooler heads prevailed.  The only thing he damaged was his own credibility.

By about 10:30AM that morning the news finally came out and we went into Full Damage Control Mode.  When the dust cleared, about 25% of our systems were down.

McAfee later stated it only affected one half of one percent of their customers.  Do tell.  Maybe they based that number on the phone calls they got that day (“All lines are busy, please hold!”).  Maybe they thought it was just rubberneckers that took their site offline.

And WTF happened?

This event was curious in that the update that caused this mess arrived early that day.  Normally, and I admit I haven’t checked in some time, we get that update between 11:30AM and 2:30PM EST.  The timestamp on the files said they came in at 4:37AM.  Why?  Did their QA department in Bangalore (or Shanghai or whatever) take off early that day?

If McAfee’s Legal Department gets their way – and there is no doubt in my mind it will get its way – we may never know what happened.

Columbus, Ohio – March 22, 2010 – Mr. Hinky Dink, a Big Time Security Professional™ today released an analysis of the spread of the Koobface worm. Based on an exhaustive study of his database of over two and a half million open Web proxies collected over two years, Hinky’s findings demonstrate where the most vulnerable social networking users can be found.

“With more losers piling into social networking sites this trend is very likely to continue,” said Hinky. “This study highlights the cities with the most gullible users on the Internet. This study will no doubt help cybercriminals, script kidz, and Cameroonian puppy scammers target their next online marketing campaigns.”

View the complete report here.

I finally put the system on a UPS.  Or rather, the system “the system” runs on, since “the system” is a virtual machine running inside an XP box.

A few weeks ago, the battery died in my main UPS.  So, being the idiot that I am, I ran out and bought another UPS.  A few days after that I learned that UPS’s don’t die.  Batteries die, generally after three to five years.

I did not know that.

So I priced replacement batteries, found them to be relatively inexpensive, and resurrected the “dead” UPS.

Since I’ve lived in this dump I’ve seen two extremes of power failures.  The maximum has been 48 hours (thanks to Hurricane Ike).  The minimum has been something less than a second.  And the minimum occurs much more often than the maximum or anything in between, especially around late May when people start turning on their air conditioning and the power company starts switching the “dumb” grid around (or whatever it is they do).

And generally those little quickie power outages happen about an hour after I leave the house and head out to the salt mines, resulting in at least eight hours of no page refreshes and no new proxies.

And one pissed off Hinky.

Even when I am here, the XP box chokes when it comes back online because it has a dead CMOS battery that I just can’t seem to bother to replace, although in my experience changing a battery has never fixed a CMOS problem.  It always requires a new motherboard.

That’s the main reason I don’t bother changing it.  I don’t want to buy a new motherboard.

There are a few bugs to work out, like how to turn the VM back on if the power comes back on at the last second.  But until that happens, I’ll probably ignore it.  Then, I’ll fix it.

And it will never happen again.

My electric company decided to upgrade our house and installed a “smart grid” meter early this morning.

Of course, it killed the proxy project for most of the day.

Things are back on schedule now.