Pages

Saturday 31 October 2015

Back to Binsted

I did 63 of the caches last week. I did them on foot, and rediscovered my plantar fasciitis. After eight days rest, I felt it was healed enough to risk going out again, but in order to reduce the impact on my foot, I went by bike.

I parked at the same place, by the recreation area, prepped the bike, and zoomed off.

38 caches later, I got back to the car. It was 3pm, and I was exhausted, because there had been too many difficult stiles. And I found that my left wrist is now feeling strained, so I've got it bandaged up now.

En route, I met 32851 (I might have the wrong number), and we teamed up for a few caches along the way, I also benefited from an invaluable boost, because I got to a flight of steps that I could not have got the bike up alone. Thinking about it, I would probably have detached the battery pack and acrried the bike up the steps, at a cost of greap knackeredness.

And then the two of us met another pair of cachers going the opposite way round, and we all stopped for a long chat.

Friday 30 October 2015

Tax credits and the austerity fiction

There is a widespread belief that the Tory Scum are cutting spending in order to kick the starving masses in the groin. But when you look at what is actually happening, you get a different picture.

Look at the 2015 figures for the UK. The government is spending more than it receives. The extent of this overspend, is 4.1% of gdp, and this is an overspend per year. And when you compare the UK with other western countries, you'll see that only Japan, Spain and the USA are overspending more.

This overspend is met by our government's borrowing, and the amount that the UK owes is now 90% of gdp. Again, the total debt that we've racked up over the years, is greater than any other country except about a dozen (and that's including cases like Zimbabwe). Greece, for example, which is generally considered to be in a bad situation, owes 158% of gdp.

There's no cuts, There's no austerity. The "cuts" were reductions in the planned growth of public spending. We're still running a deficit, which means that the already large national debt is still growing. But is this a bad thing? Well that depends, but you can't run a big deficit for ever.

An individual, a company and a country might need to borrow. The interest rate that they'll get, depends heavily on how confident the lender is, that they'll get repaid. For example, in 2011, private lenders who had loaned money to Greece, were given a 50% "haircut". That's financial jargon for "You loaned £1000, but you're only getting back £500". Lenders accept a haircut when they're persuaded that the alternative is worse - a default.

A country that defaults, or who cuts your hair, is going to be seen as a much greater risk in future. What sane person would lend money to a defaulter, or even a haircutter? But take that one step surther - if you're lending money to someone whose debts are already large, that's riskier, so you want a higher interest rate.

And that's already happened - UK bonds used to be AAA rated,  in 2013, that was cut to AA1.  Greece is CCC-. The larger your debt, compared to your income, the more reluctant people are to lend to you, and when that gets really bad, you get Greece. There comes a point where no-one is going to lend to you, and suddenly your deficit is zero, whether you like it or not. And "suddenly" means "very painfully", with lots of people unable to understand why the money tree suddenly stopped fruiting, and riots in the streets.

And that's what the row about tax credits is all about. The government is trying to reduce the deficit, and to do that you have to tax more (boo, boo) or spend less (boo, boo) and if you do either of those, you have to do it either without anyone noticing (and beleive me, there's lots of ways a government can do that) or else by gradually changing the tax and spend system in such a way that people scarcely notice the increase in pain.

It looks like Osborne cocked it up, and some people would have had a sudden increase in pain. Although, to be fair to Osborne (and the hordes of mandarins at the Treasury) it's really difficult to do a change to tax/spend without at least some people suddenly feeling a cold wind.

Thursday 29 October 2015

Education, form 3 alpha

In my third year at Grocers grammar school, we were divided into four groups. 3 alpha was the top form, above 3A. And the hoi polloi were 3Y and 3Z. I got put into 3 alpha. I was 12, and still in shorts.

It was a good year. There were exams, of course, but nothing serious, just the ordinary school exams. We were, of course, keen to do well; if we hadn't been, we probably wouldn't have made it into 3 alpha.

In maths, I was doing trigonometry, which I very much liked. Geometry not so much, but it was still good. I was introduced to logarithms, which is a really neat way to do multiplication without going to the effort of using the technique of long multiplication (no longer needed because of calculators). And logs leads to slide rules, which is a way to multiply and divide, and I acquired a six inch slide rule. Which, now that I think about it, was the first computer I ever used. Art was still compulsory, but I no longer took it seriously - I couldn't see the point of it, nor could I see how to do well at it. Latin was good fun, probably because  Mr Boyd, our latin master made it interesting. Latin was the first time I found out about declensions and conjugations; that nouns could be masculine, feminine or neuter, that verbs took endings.

Here's a useful mnemonic that I found in Arthur Ransome's "Swallows and Amazons" books (hugely recommended, it really inspired me to learn how to sail a small boat, but sadly I never had the opportunity). 

Common are to either sex:
Artifex and opifex,
Conviva, vates, advena,
Testis, civis, incola,
Parens, sacerdos, custos, vindex,
Adolescens, infans, index.
Judex, heres, comes, dux,
Princeps, municeps, conjux,
Obses, ales, interpres,
Auctor, exul; and with these
Bos, dama, talpa, tigris, grus,
Cavis and anguis, serpens, sus.

I didn't learn this, of course.

Our set books was "Mentor" (teacher) and "Civis Romanus" (Roman citizen). You can buy it on Amazon but I don't know if that's the same book. We also did some of the latin poets; I remember Ovid and Catullus.

English doesn't have declensions (except the possessive) and, as far as I can see, all English verbs are irregular, meaning there's no rhyme or reason. But I found English grammar easy, probably because I'd read so many books. By now, I'd pretty much read my way through every book in the Stamford Hill library that remotely interested me, and I had developed a taste for science fiction; Asimov, Clarke and all the others that are today regarded as classic SF. Tottenham library had an entire bookcase devoted to SF, which helped. I used to get the bus to there, and carry back a dozen books, each week. Until I discovered that they'd take Stamford Hill library tickets, and then it was more like two or three dozen. And that might sound like I was gaming the system, but I was actually reading all those books, and that's the entire purpose of a public library.

We also did some English literature. "Loneliness of the long distance runner" and we did "Taming of the Shrew", which I quite liked, but didn't understand in the slightest, partly because of the archaic language, but mostly because the plot just didn't make any sense.

History was still just one random thing after another, and I found it pretty incomprehensible, which is strange because now I read a lot of history. Some years after I left school, I found out about World War 2, which was deeply interesting (and happened a few years before I was born, but every day I could see sites around London that had been bombed), and left me wondering how it came about. That took me to World War 1, which took me to the Boer war, Crimea, the Napoleonic wars, and I had discovered that history wasn't just a random series of events, it was all about cause and effect, and maybe I should have realised this a long time before, but I hadn't, and no-one had bothered to tell me, probably because it's obvious.

Geography, I felt, was pretty similar to history; it was just one random place after another. Except that I fould map reading quite interesting, and then the way that geography influences human activity, and eventually I would up getting a grade C at geography O level, whereas I got an H for history. H means "specatcular fail, as bad as it gets".

We could choose between woodwork and metalwork. I chose metalwork, it seemed to me to be more useful. I learned things like brazing and riveting, filing, hardening and tempering. I made an aluminium matchbox holder.

I also loved physics; we did sound, and thermodynamics, light and mechanics. And mechanics linked up with applied maths, which its point masses, and thin light inextensible strings, perfectly elastic billiard balls and ladders leaning against walls. Our physics master, Mr Bushell, was mostly chalk-and-talk, but also did some great demonstrations, such as using an heat-expanding wrought iron bar to shatter a cast iron bar.

I went seriously downhill in French. We did a book entitled "Aventur en Fronac", and I totally lost track of what it was about - I still have absolutely no idea. I do remember an essay I did, in which I stated that the Massif Central is a big railway station. Oops. A double failure, geography/french.

Chemistry was getting more and more interesting. We did valency, and electrolysis, and we were doing practicals that involved pipetting, weighing using a lab balance. Heating limestone to make lime; dissolving it in water to make lime water. Use of litmus paper. Our chemistry master, Mr MacDonald, did some spectacular demonstrations; sodium in water, for example.

I managed to avoid biology; I didn't fancy the prospect of dissecting a frog, and besides, I had no ambition to go into the medical profession. Although I didn't have any specific idea of what I did want to do.

Back home, I took a refrigerator that no longer worked, and used it as a cabinet for my chemistry equipment. I learned how to blow glass tubing, how to use a blow pipe and charcoal, lead casting. I made hydrogen and oxygen; I tried electroplating (and failed) and growing crystals (failed). I did simple spectroscopy, made records of what compounds had what colours and what their solubility in water was. Lots of fun.

Once per week, we had the dreaded games afternoon, but by that time I'd learned how to stay out of the way of the football (in winter) and field in a remote corner of the field (in summer).

By the end of the year I did have one major success - I had learned how to swim! That got me the prize of a year's free membership to Hackney Baths. I went once, and never again. It's hard to think of anything as boring as swimming from side to side in a swimming pool, unless it's swimming from end to end.

My main thing was still maths. And I was good at it.

And I must have done well enough in the end of year exams, because they put me in the top form again. 4G!

Which antivirus - 10

Subject: Important - Internal Only
Parts/Attachments:
   1 Shown    16 lines  Text (charset: ISO-8859-1)
   2   OK     39 KB     Application
   3 Shown     1 lines  Text
----------------------------------------

File Validity: 29/10/2015
Company : http://thevalkyrie.com
File Format: PDF
Name: Internal Only
Legal Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: Internal_Only.pdf

********** Confidentiality Notice **********.
This e-mail and any file(s) transmitted with it, is intended for the exclusive use by the
person(s) mentioned above as recipient(s).
This e-mail may contain confidential information and/or information protected by intellectual
property rights or other rights. If you
are not the intended recipient of this e-mail, you are hereby notified that any dissemination,
distribution, copying, or action taken
in relation to the contents of and attachments to this e-mail is strictly prohibited and may be
unlawful. If you have received this
e-mail in error, please notify the sender and delete the original and any copies of this e-mail
and any printouts immediately from
your system and destroy all copies of it.


Enclosed is a zip file, inside the zip file is an exe file. The SHA256 for the zip and exe are:

SHA256: 565d610b0d22028638748fb396777864ae00bcc4c8734adf5dc5069246a4fea3
SHA256: 2083d5275a092ffe5ef45609f0a7f7636c6e2d7ad790acee771a04754cc43636 


First upoaded to VirusTotal 13 hours ago.

The zip file was passed as clean by 36 products:

ALYac        
AVware        
AegisLab        
Agnitum        
AhnLab-V3        
Alibaba        
Antiy-AVL        
Avira        
Baidu-International        
Bkav        
ByteHero        
CAT-QuickHeal        
CMC        
ClamAV        
Comodo        
DrWeb        
Jiangmin        
K7AntiVirus        
K7GW        
Malwarebytes        
Microsoft        
NANO-Antivirus        
Panda        
Qihoo-360        
Rising        
SUPERAntiSpyware        
Symantec        
Tencent        
TheHacker        
TrendMicro        
VBA32        
VIPRE        
ViRobot        
Zillya        
Zoner        
nProtect 


The exe file was passed as clean by 35 products:

ALYac        
AVware        
AegisLab        
Agnitum        
AhnLab-V3        
Alibaba        
Antiy-AVL        
Avira        
Baidu-International        
Bkav        
ByteHero        
CAT-QuickHeal        
CMC        
ClamAV        
Comodo        
DrWeb        
Jiangmin        
K7AntiVirus        
K7GW        
Malwarebytes        
Microsoft        
NANO-Antivirus        
Panda        
Qihoo-360        
Rising        
SUPERAntiSpyware        
TheHacker        
TrendMicro        
TrendMicro-HouseCall        
VBA32        
VIPRE        
ViRobot        
Zillya        
Zoner

nProtect  

       

Which antivirus - 9

SHA256: 78b0d908dca64f2b0017da7d94ebba8e0db64cdaf1dca1c3fb283cce8dd25be4 

Subject: You have a package    

Dear Customer,

You have a package with FedEx. You are required to view the attached file for detail. Contact
E-mail: fedxed-liveryexpress@careceo.com



First submitted to Virustotal 19 hours ago. All products pass it as clean.

So is it indeed clean? I'm not expecting a package from Fedex, and the file header reveals that the email was sent from mail.umet.ec (Ecuador). So my first guess is that it's malware, but without setting up a virus lab, I can't be 100% certain. 

How could it not be malware, given all these clues? In my experience, virus authors (and therefore probably also trojan authors) aren't as clever as they think they are, and I've seen several things that were clearly intended to be viruses, but because of a blunder by the author, didn't work. One example that I remember used interrupt 21 *decimal* (15 hexadecimal) for file reading and writing, instead of the correct interrupt 21 hexadecimal (33 decimal). The author not only made that blunder, they obviously didn't test their virus!

Another possibility, is that it isn't malware, just some scam. So I read the content of the file using a file reader that doesn't have a macro ability, and apparently, there's $750,000, an Apple Mac Book Pro and an iPhone 6 waiting for me ....

So, not malware. Just a scam. This kind of scam is called a 411 scam, a 419 scam, an advance-fee fraud scam (you have to send off some small fee in order to get the package released to you, and if you do, you discover that there's another small fee to send, and so on). But I prefer the name "Spanish prisoner" because that goes back 500 years or more.

Which antivirus - 8

Dear Customer. Please find attached your Invoice.

Invoice Number: 0000040777

Invoice Date: 28/10/2015

Invoice Total: 78.40

Invoice Description: Barclay Fresh Direct Debit 1 V (x1.00000)


This e-mail, and any attachment, is confidential. If you have received it in error, please
delete it from your system, do not use or disclose the information in any way, and notify me
immediately. The contents of this message may contain personal views which are not the views of
Barclay Communications, unless specifically stated.


I uploaded the enclosed I0000040777.doc file to Virustotal. It was first submitted to Virustotal 9 hours ago.

SHA256: 044ea5d5039e561c57a4b88bff5949d5640a26fcb2f1d6cd1b663c36e3e010bb 

 4 out of 55 products flagged it as malware. The following products didn't flag it.

ALYac        
AVG        
Ad-Aware        
AegisLab        
Agnitum        
AhnLab-V3        
Alibaba        
Antiy-AVL        
Avast        
Avira        
Baidu-International        
BitDefender        
Bkav        
ByteHero        
CAT-QuickHeal        
CMC        
ClamAV        
Comodo        
Cyren        
DrWeb        
ESET-NOD32        
Emsisoft        
F-Prot        
F-Secure        
Fortinet        
GData        
Ikarus        
Jiangmin        
K7AntiVirus        
K7GW        
Kaspersky        
Malwarebytes        
McAfee        
McAfee-GW-Edition        
MicroWorld-eScan        
Microsoft        
NANO-Antivirus        
Panda        
Qihoo-360        
Rising        
SUPERAntiSpyware        
Symantec        
Tencent        
TheHacker        
TrendMicro        
TrendMicro-HouseCall        
VBA32        
ViRobot        
Zillya        
Zoner        
nProtect          




... update, two weeks later  ...

32/55 products flagged it. The following didn't:

AegisLab        
Agnitum        
Alibaba        
Baidu-International        
Bkav        
ByteHero        
CMC        
ClamAV        
Comodo        
Jiangmin        
K7AntiVirus        
K7GW        
Malwarebytes        
NANO-Antivirus        
Panda        
Qihoo-360        
Rising        
SUPERAntiSpyware        
TheHacker        
TotalDefense        
VBA32        
Zillya        
Zoner          

  

Wednesday 28 October 2015

Obfuscated javascript

You have a new fax!

You can find your fax document in the attachment.

Scan quality:        500 DPI
Filesize:            244 Kb
Pages:               8
From:                Kent Mcgowan
Scanned at:          Wed, 28 Oct 2015 16:43:48 +0300
Processed in:        17 seconds
File name:           scanned-00657347.doc

Thank you for using Interfax!


SHA256: 090959443bafe2d1c4259640d3de5eb175118f291699f8e2e0d3b4bb018d7560 

The attachement was a zip file calledscanned-00657347.zi . Inside the zip file was a file named scanned-00657347.doc.js. This is, of course, javascript, and when I looked at it, it was obfuscated.

Double extensions are a common trick.  Windows, by default, doesn't show you the extension of a known file type. So when Windows shows you the name of the file scanned-00657347.doc.js it hides the .js, so what you see it scanned-00657347.doc

The date/time of the file inside the zip is about one hour ago, so it's pretty fresh! And I was the first person to upload it to Virustotal. I claim First to Find!!! That's a geocaching joke.

18/55 products flagged it, 37 didn't. I unzipped the file, and scanned that. Now, only 15 products flagged it, 40 didn't. Clearly, from this and other instances, it makes a difference to the detection capability of a product, whether it is zipped or not. You'd think it might be slightly more difficult to detect when zipped (because the product has to unzip it first, although that's pretty easy). But the reverse seems to be true - I'm seeing better detection when the file is zipped!

The SHA for the unzipped file is

SHA256: 017bbfe2f2ff7f8aca150e8622386239f1930e20b6efeb7e94971a7aa71d52bd




One out of 55

SHA256: 92353e5f94a4932a05cce63b0a44776824120237a483417071fd083fec7af1ef 


Filename is invoice381624185029.zip, containing an exe file.

Sophos calls is Troj/Invo-Zi; the other 54 products don't flag it as malware. VirusTotal first saw it 5 hours ago.


A British view of American politics

I'm interested in world politics. I follow UK politics, of course. I'd love to follow German, French and Italian politics, but I find them too complicated, plus I don't speak their languages. But I do follow US politics.

The US presidential election is a really big deal. They have one every four years, so the next one is November 2016, a year from now. In most sensible countries, the election campaign starts a few weeks before the election - in the USA, two years. So, the campaign has been going for several months now, and it seems to have narrowed down to four possibilities.

There are two parties, Republican and Democrat. And, of course, within each party, there are subgroups. The main subgroup in the Republicans is the "Tea Party", who do not sit around drinking tea out of fine china with cucumber sandwiches and scones. Sadly. No, they're rampant righties. They're keen on ultra-low taxation, minimal government and guns for everyone. The second subgroup of the Republicans are the Religious Right; they're anti-abortion (they call it pro-life), want America (that's what they call the USA) to be a Christian Nation (by which they mean Baptist, which is a sub-section of Protestant, meaning not-Catholic) and guns for everyone. And the rest of the Republican party are relatively sane (compared to TP and RR) but are dragged along in the same way that moderates always get dragged along by extremists.

The other party is the Democrats. I have no idea why the two parties have both chosen such meaningless names; at least "Conservative" and "Labour" have some relation to what they stand for. So again, there are subgroups. The main subgroup of the Democrats is the Party Machine, a kind of "Old Boys, School Tie" group, who (oddly enough) backed what Americans call a black guy (Obama, who from the look of him is really as much white as he is black). This is odd, because in America, race is a Really Big Deal. And this time around, the PM seems to be backing Hillary Clinton, wife of the serial philanderer and ex-president Bill, which is again surprising, because in America, gender is a Really Big Deal, and despite much noise being made in the direction of equality of genders, not much progress has been made - they're still fighting about gay marriage (especially the RR). And, of course, guns for everyone.

The other subgroup of the Democrats is just one guy, Bernie Sanders. And again, this is slightly surprising, because he's Jewish (and if you think antisemitism is dead in America, you haven't been watching), plus he's a closet atheist, which is a "NO WAY" in American politics. You can be a Protestant, a Catholic (JFK) or even a Mormon (Milt Romney), but "atheist" is seen as "Satanist", and although technically the Constitution allows atheists to be elected, a convicted pedophile would probably stand a better chance. So Bernie's trying to keep that under his hat. He wants guns for everyone. In America, unless you're "guns for everyone", you're unelectable.

So here's the four front runners.

Donald Trump. He's the American equivalent of Alan Sugar, but with all the sweetness removed. He's anti-Mexican (build a wall), anti-immigration (send them back), anti-women, thinks that Obama wasn't born in the USA (which would make him ineligible for president), and, well I could go on. Think of Nick Griffin (National Front, BNP) in a ginger wig, crossed with Oswald Mosely (British Union of Fascists, 1939). He's got loads-a-money, he says, and he's spending it on his campaign.

So if you think that's bad, you haven't met Ben Carson. He's a lot blacker than Obama, but that doesn't seem to hurt him, so maybe America is losing its racism. But he's a religionist, big time. He used to be a neurosurgeon, which must mean he's not stupid, but he has some really way-out ideas.

Women who get abortions are like slaveholders 
Obamacare is the worst thing since slavery
Jews could have prevented the Holocaust if they had guns
Muslims should be disqualified from the presidency
Being gay is a choice because prison turns people gay

And so on. He's Religious Right, only somewhat to the right of them, and more religious.

He's second in the polls for Republican candidate. Gasp. I can't think of anyone in the UK who would be his equivalent. We don't do batshit crazy, except, of course, for the Official Monster Raving Looney Party.

In the polls, Trump is a bit ahead of Carson, the rest are nowhere, although there's a Bush bumping along the bottom, and a few other guys I've never heard of.

So now let's look at the Democrat side. Here, at least we find less of the batshit crazy.

Hillary Clinton. She dresses nicely, talks nicely, smiles nicely, and has nice hair. She's nice. Really nice. She's just what you'd expect in a politician. Nice. When they took all of the sweetness out of Trump they converted it to nice and made Hillary. She doesn't appear to have any views, but she has been a Washington politician for decades. She doesn't say, or do, anything controversial; she's a "nice, safe pair of hands". She has pals like Tony Blair. In fact, if you wanted the closest UK equivalent, it would be Tony.

And the fourth jockey is Bernie (feel the Bern) Sanders. He's got the look (Einstein in shirtsleeves), he's got the gab (Blair on sincerity) and he's got the policies (Tony Benn in his prime). He wants  to get Big Money out of politics (as of now, anyone can spend billions of dollars to get their puppet elected). He wants college tuition free. He wants to address income and wealth inequality. He wants something like our own dear NHS. And so on. He is a socialist; unfortunately, in America that's a swearword. He speaks at big rallies, he gets good face time on TV. He refuses to take donations from Big Money, and he wants to reverse the ruling that allows this (they're called Super PACs, it's a way to get round the campaign donations limitations). He's way behind Hillary in the polls, like half or a third her support. His obvious UK equivalent would be Jeremy Corbyn, in appearance and politics.

In the polls, Hillary has twice the support of Bernie, the rest are nothing.

I'm glad I don't have to choose between this lot.

Another DOC file

This claims to be a fax, I'm supposed to read it using MS Word.

SHA256: 92f733da9ba440f0632b495a32742d47a5cb296f49127f210e14de412e371bf8 

It's malware, of course. 28 people on VirusTotal have flagged it as malware, and 9/54 products flag it. Here's the ones that don't detect any problem:

ALYac        
AVG        
Ad-Aware        
AegisLab        
Agnitum        
AhnLab-V3        
Alibaba        
Antiy-AVL        
Avast        
Baidu-International        
BitDefender        
Bkav        
ByteHero        
CAT-QuickHeal        
CMC        
ClamAV        
Comodo        
Cyren        
DrWeb        
Emsisoft        
F-Prot        
Fortinet        
GData        
Ikarus        
Jiangmin        
K7AntiVirus        
K7GW        
Kaspersky        
Malwarebytes        
McAfee        
McAfee-GW-Edition        
MicroWorld-eScan        
Microsoft        
NANO-Antivirus        
Qihoo-360        
Rising        
SUPERAntiSpyware        
Symantec        
Tencent        
TheHacker        
VBA32        
ViRobot        
Zillya        
Zoner        
nProtect


According to VirusTotal, it was first uploaded 7 hours ago. This is the same file as I uploaded a few hours ago "Another incoming DOC file", you can tell because it has the same SHA256. So, in the last few hours, four more products have started to flag it.

25 years ago, viruses spread very slowly; quarterly updates were good enough - monthly if you were paranoid. I'd tell people "If you see a virus today, I probably saw it six months ago". Actually the lag was more than a year.

Today, it's a completely different situation. This file, according to its internal stats, was last updated on 2015:10:28 08:19:00 - that's today! For the signature-scanning-with-updates approach to work today, products need to be updated more often than hourly.

I suspect that's not possible. The virus lab would have to acquire the specimen, sufficiently analyse it, choose a scan string that wouldn't give false alarms, test all this and upload it to all their customers. To do all this within an hour? And they're in a race. The malware distributor sent out a million emails, all these have arrived at your customers' mailboxes, and now you get to see a specimen. You're racing against your customers opening the file, reading the message, and deciding to open the DOC file because it's really really important.

Better, would be to disable automated running of macros. But, of course, if you do that, you don't need an antivirus to flag this as malware.


... later ...


14 hours after it was first uploaded to Virustotal, 22 out of 55 products flag it as malware. The products still failing to flag it are:

ALYac        
AVG        
AegisLab        
Agnitum        
AhnLab-V3        
Alibaba        
Antiy-AVL        
Avast        
Avira        
Baidu-International        
Bkav        
ByteHero        
CAT-QuickHeal        
CMC        
ClamAV        
Comodo        
Jiangmin        
K7AntiVirus        
K7GW        
Malwarebytes        
McAfee-GW-Edition        
NANO-Antivirus        
Qihoo-360        
Rising        
SUPERAntiSpyware        
Symantec        
Tencent        
TheHacker        
VBA32        
ViRobot        
Zillya        
Zoner        
nProtect         




42

42 is the answer. So what is the question ...

How many years have I been married to ladysolly as of October 28, 2015?

Another incoming doc file.

This one purports to come from IKEA, apparently I ordered something for £122.60 which will be delivered tomorrow. I didn't order anything, of course, and neither did the other people who will be getting the same (or a similar) email. So, obviously, I want to look at the enclosed DOC file, "IKEA receipt 607656390.doc". The SHA-266 for this file is



92f733da9ba440f0632b495a32742d47a5cb296f49127f210e14de412e371bf8
and at least 20 people have received this file, uploaded it to VirusTotal and given their opinion that it's malware.

I haven't analysed the file, because I don't run a virus lab; I don't have an isolated computer on which I can run malware, happy that if the malware does something dreadful, I can just wipe and reload the computer. But A) it's a DOC file and B) the first DOC file virus (winword.concept) happened 20 years ago and Word macros can still do malicious things and C) I didn't order anything from IKEA and D) several products do flag it as malware.

Well, reading the enclosed file is what I'm supposed to do. Actually, I uploaded it to VirusTotal. 5 out of 55 products found a problem. 50 products didn't see any problem, so let's list the 50 products that failed.

ALYac        
AVG        
Ad-Aware        
AegisLab        
Agnitum        
AhnLab-V3        
Alibaba        
Antiy-AVL        
Avast        
Avira        
Baidu-International        
BitDefender        
Bkav        
ByteHero        
CAT-QuickHeal        
CMC        
ClamAV        
Comodo        
Cyren        
DrWeb        
ESET-NOD32        
Emsisoft        
F-Prot        
Fortinet        
GData        
Ikarus        
Jiangmin        
K7AntiVirus        
K7GW        
Kaspersky        
Malwarebytes        
McAfee        
McAfee-GW-Edition        
MicroWorld-eScan        
Microsoft        
NANO-Antivirus        
Qihoo-360        
Rising        
SUPERAntiSpyware        
Sophos        
Symantec        
Tencent        
TheHacker        
TrendMicro        
TrendMicro-HouseCall        
VBA32        
ViRobot        
Zillya        
Zoner        
nProtect         


Is the AV product that you use, in this list?

Are you a techie working for one of these companies? Because if you are, you must find this intensely embarrassing.

Are you a marketroid working for one of these companies? Because if you are, I'd love to hear your explanation for why this is happening.

Are you a shareholder in one of these companies? Because if you are, perhaps you need to ask pointed questions at the next shareholder meeting.

Tuesday 27 October 2015

The answer to emailed malware

As far as I can see, the main malware problems today are:

1) Incoming emails
2) Web sites that auto-run malware.

2) is easily handled. If you're using Firefox (you certainly shouldn't be using Internet Explorer) then you install Noscript (there's similar things for Opera and Chrome). That stops Javascript, Java and other executables from running unless you allow it. Of course, this still leaves a hole to trip up the Clueless User, who might allow something they shouldn't. I also use AdBlock, because the ONLY time I ever got hit by malware, was when one of the adverts served by TheRegister.co.uk turned out to be a cross-site scripting attack targetting Windows running Internet Explorer.

So that leaves incoming emails. And last night, I thought of a way to deal with those. First, exe files (that includes scr files, and zip files contining exe and scr files). For that, you can use an email filter. I use a very simple home-made filter that sorts my email into various categories (mostly for the purpose of dealing with spam), one of which is exe, scr and zip files. It would be easy to add "and delete the file" to that filter. Actually, I delete them by hand, because before I delete them, I can send them to VirusTotal, which has the effect of A) seeing how bad the various products are, and B) getting a sample of the malware into the hands of the AV companies, so they can update their software.

Of course, if you really do want to receive exe files, that presents a problem. Easily solved - encrypt the file (or use a compressor with encryption such as zip) and email that, along with the password. Of course, if you receive an email with an exe file sent in this way, you should be sure that you know what it is and who sent it before you use it!

So what about doc, xls and pdf files? There are legitimate requirements for these to be emailed. But these can contain macros, which run on your system, and could be malicious.

I use Libreoffice for doc and xls files. If you start up LibreOffice and go to Tools ... options ... Security ... macro security, and choose "very high". Then only macros from trusted locations are allowed. And my list of trusted locations is - none. This works for doc and xls files. If you're using Word and Excel, I feel sure that Microsoft will have provided a similar way of blocking all macros, but I don't run Word, so you'll have to discover that for yourself.

To deal with PDF macros, I simply don't use Adobe Acrobat. I use LibreOffice again - macros disabled.

So that's something that anyone can do, at zero cost (LibreOffice is free), which looks like it will be a lot more effective than the antivirus products in VirusTotal.

But there's a way that this could all be done in software that one would install, without the user having to change the options in the software they're using, and that's what occurred to me last night. I don't know of a product that implements it, and I'm not planning to write such a product myself, but if anyone contacts me and offers a sufficient inducement, I can tell them how to do it.

Trust me, I'm an expert

According to the Barbara Speed (a technology and digital culture writer) writing for the New Statesman (a free online blog), I'm a "computer security expert". I don't know where she got that idea from - I don't remember claiming such a thing, at least, not recently. Although I do have a collection of Caro t-shirts that say "Trust me, I'm a computer security expert", which is, in case any literalists are reading this, meant to be ironic. When people ask me, I tell them that I'm a programmer. Still, it's nice of Barbara to give me that kudos.

It would seem that my blog post pointing out that "whether the TalkTalk data was encrypted or not isn't as important as the media seem to think", was noticed by Graham Cluley (author of Wibbling Wilf and many other fine games, and former programmer for the Windows user interface of Dr Solomon's Antivirus Toolkit) and reposted in his blog (with my permission, of course), and I'm guessing that Barbara picked it up from there, because she probably isn't among the small but select band that regularly read my essays. Although maybe she will be in future, because I often make posts that could be parlayed by the Big Media into clickbait. And maybe she did get it direct from me, because if she'd got it from Graham, it would have been nice for her to have said so, and she didn't say so.

Anyhow. Barbara does make one mistake - "encrypted data, is, by definition, more secure than non-encrypted infromation". That's not true. It isn't less secure, but it isn't necessarily more secure. Here's an example, taken from a data recovery that I did 25 years ago.

This was a situation where the hard disk had died, and the backup, on tape, wouldn't restore using the bundled software. However, I was able to read the tape, and dump the contents of the tape to a long file. Then I looked at the file, and it was obvious that it was encrypted. It was obvious, because nothing made sense. So I contacted the tape vendor to ask for the encryption algorithm and key. They refused - you can't really blame them. Although I suspect they refused because they simply didn't know.

So I looked at the contents of the file more carefully, and I immediately noticed that there were long sequences of hex 5A bytes. This must mean that this was encrypting long sequences of the same byte, and that the encryption must be so simple that it doesn't change from byte to byte. And if you've been doing data recovery for a while, you know that the commonest byte with long sequences, is 00. So if 00 encrypted to 5A, that probably meant that their encryption consisted of an XOR with 5A. Or, to put it another way, one glance that the contents of the file was sufficient to break the "encryption", and you can see why I put "encryption" in quotes. And I was right, and my customer got all his data back.

Encrypted data is not necessarily more secure than non-encrypted infromation.

The red meat panic

Once again, I'm being bombarded by headlines saying that "xxx causes cancer". The thing is, xxx changes all the time. Currently, xxx is processed meat.

Humans are notoriously bad at assessing small risks. I like to compare everything to the risk of driving.

I (and pretty much everyone else) am better than average at driving, but let's assume that I'm average (actually, I know I'm better because the last time I had an accident, which was several years ago, was when a cow jumped from the side of the road on to the car - the cow wasn't badly hurt). UK statistics for people killed or seriously injured are 1713 per year, for 304 billion vehicle miles, of which 53% are car occupants. So when I go out caching, I drive to my start point (in a car), and the day's travel might be 100 miles. And suppose I do this 100 times per year, then my chance of being killed or seriously injured, is 0.003% per year. And I'm totally willing to accept that risk, so let's use that as a standard.

Now let's look at the other end of the risk spectrum - smoking. If I were to smoke 5 per day, I'd have a 25% chance of getting lung cancer at some point in my life. Taking 50 years as a time period, that's 0.5% chance per year. I can see why so many people are willing to ignore such a small chance, but I'm not, and I don't smoke. Actually, the reason I don't smoke isn't to do with that, it's more to do with a place I worked when I was 16, which was a sedentary job, and the smokers at the same job sounded like they were periodically coughing their lungs out.

Smoking causes a million cancer deaths per year; red meat 34,000. So if I eat red meat for a year, that's a 0.017% chance of cancer. Which means that red meat is five times as risky as my driving. That, I think, is acceptable to me.

And that's why I shall continue to eat bacon sandwiches, and drive to my cache outings.


Which Antivirus - 2

Today, another file arrived by email. It was a zip file, unpacked it was a scr file (which is really an exe).

Scanning the zip file, 23 out of 55 products flagged it as malware. Here's the ones that passed it as clean:

ALYac        
AVware        
AegisLab        
Agnitum        
AhnLab-V3        
Alibaba        
Antiy-AVL        
Avast        
Avira        
Bkav        
ByteHero        
CAT-QuickHeal        
CMC        
ClamAV        
Comodo        
Fortinet        
Jiangmin        
K7GW        
Kaspersky        
McAfee-GW-Edition        
Microsoft        
NANO-Antivirus        
Panda        
Rising        
SUPERAntiSpyware        
Symantec        
TheHacker        
VBA32        
VIPRE        
ViRobot        
Zillya        
Zoner


I unzipped it and scanned the scr file.
SHA256: 7ef09594202e5b619ac0332ab122f722684e896f77a2b9839d13ba79f882243f

22 out of 55  flagged it as malware, the following passed it as clean.

ALYac        
AVG        
AVware        
AegisLab        
Agnitum        
Alibaba        
Antiy-AVL        
Avast        
Avira        
Bkav        
ByteHero        
CAT-QuickHeal        
CMC        
ClamAV        
Comodo        
F-Secure        
Fortinet        
Jiangmin        
K7AntiVirus        
K7GW        
McAfee-GW-Edition        
Microsoft        
NANO-Antivirus        
Panda        
Rising        
SUPERAntiSpyware        
TheHacker        
VBA32        
VIPRE        
ViRobot        
Zillya        
Zoner        
nProtect


I find it very surprising and disturbing, that so many products flag it when zipped but not when decompressed, or vice versa. Unzipping a file to scan the contents is very easy to implement (we had it implemented in Findvirus 25 years ago) and obviously important.
It's an exe file the accompanying email said, in this case,
Attached is the information for the duplicate payment of Invoice #39 for $53,182.78. We have applied it to your account as a prepayment. Let me know if you would like this to be applied to future invoices or refunded.

So it's an offer of $53,000; a nice inducement to at least click on the attachment, and clicking on the attachement will run the EXE file. What it does then, I'm guessnig, is download something from a remote server that does the real payload, whatever that is. I'm not interested enough to actually try it out. And anyway, the download could be different for each access (this is called server-side polymorphism, and is extremely difficult for an AV product to handle).

The fact that two dozen products flag it as malware probably means that it's been around for a while, so if the product that you're relying on doesn't flag it, you should be concerned.

But here's a much bigger concern, which I'll leave you to chew over.

Why isn't anyone else mentioning the issue of AV products being so dismal? It's very easy to make such a test; I'd guess that most people are getting several such files emailed to them each week, and it's very easy to use Virustotal.

Why the silence?

Monday 26 October 2015

Which antivirus?

I've written recently about the poor detection of malware by antivirus products, when tested against things that arrive in my in-box.

Maybe I should name names. 55 products were involved in the test; 43 failed.

A zip file arrived today. SHA256=4cb00ceb5071c6f9b155b223c04ec776907208cc5e6621cc093f7ae1d944b350 
Here's the 14 products that detected it:

AVG                  Crypt_s.JQU   
Ad-Aware             Trojan.GenericKD.2825682   
Arcabit              Trojan.Generic.D2B1DD2   
Avira                TR/Crypt.ZPACK.196579   
BitDefender          Trojan.GenericKD.2825682   
Cyren                W32/Trojan.XTCC-3358   
ESET-NOD32           a variant of Win32/Kryptik.ECCY   
Emsisoft             Trojan.GenericKD.2825682 (B)   
F-Secure             Trojan.GenericKD.2825682   
GData                Trojan.GenericKD.2825682   
K7AntiVirus          Trojan ( 7000000c1 )   
MicroWorld-eScan     Trojan.GenericKD.2825682   
Sophos               Mal/Upatre-V   
TrendMicro-HouseCall TROJ_GE.B11C6342     



So then I unzipped it and found a scr file inside. 14 products detected it.

AVG                     Crypt_s.JQU    
Ad-Aware                Trojan.GenericKD.2825682    
Arcabit                 Trojan.D    
Avira                   TR/Crypt.ZPACK.196579    
BitDefender             Trojan.GenericKD.2825682    
Cyren                   W32/Trojan.XTCC-3358    
ESET-NOD32              a variant of Win32/Kryptik.ECCY    
Emsisoft                Trojan.GenericKD.2825682 (B)    
F-Secure                Trojan.GenericKD.2825682    
GData                   Trojan.GenericKD.2825682    
Kaspersky               UDS:DangerousObject.Multi.Generic    
MicroWorld-eScan        Trojan.GenericKD.2825682    
Sophos                  Mal/Upatre-V    
Tencent                 Win32.Downloader.Bp-upatre.Kacq     


Interestingly, its not the same 14.

Looking at the naming, I'm guessing that the products that call it  Trojan.GenericKD.2825682  might all be using the same engine.

These detected the zip but not the content of the zip:

K7AntiVirus
TrendMicro-HouseCall


These detected the content of the zip but not the zip:

Kaspersky
Tencent

That is strange, because it's pretty easy to unzip a file and scan what you find inside. But even stranger is being able to tell that the zip file is malware, but can't do the same for the content of the zip.

Arcabit

 was able to detect the zip, and inside the zip, but gave it different names.

Saturday 24 October 2015

A neat way to acquire your personal data.

Here's a plan.

Set up a web site that says that it will do free credit monitoring.

Have a signup form that asks for name, address, birth date, email address and phone number.

Part two of the signup asks for your credit card number, and reassures you that it won't be charged, just used for identity verification.

If you're worried about it being a free service, and wonder how they're making money out of this, you get told "We receive a small commission from the product providers for any customer who uses our site and takes out a product". And guess what - their privacy policy lists five categories of companies that they'll give your data to.

This company looks legitimate, but wouldn't it be easy to set up a similar site that just acquired your information, then said "Sorry, you dno't qualify".

 TalkTalk are suggesting to their customers that they sign up for Noddle alerts. Normally, Noddle charges for this. Noddle is free if you use it by accessing their web site. TalkTalk say that if you give the code TT231 then you'll get 12 months of free alerts.

Well, sorry Noddle. I'm not willing to fix a theft of my personal information, by giving away more of my personal information. Sorry TalkTalk, fixing your blunder doesn't mean giving away a service that was already mostly free.

And I expect I'll soon be getting a bunch of spams purporting to come from TalkTalk and trying to scam me into giving away more info, or money. Well, I'm already set up for dealing with this.

And, by the way, I'm in the middle of getting additional services from TalkTalk, and I need to phone them on Monday. That conversation might get interesting!

Talktalk data loss

I was wondering what someone who could access all of TalkTalk's data would get. So I checked what they have on me. Or at least, I checked what I can access via the "Myaccount" web site. Maybe they have data on me apart from that, but I doubt it, I don't give out data on me unless there's a need-to-know. If people insist on me giving them data that I don't thnk they need to know, then I make something up, which keeps them happy. Yes, I know it's daft. But it makes for an easier life than arguing with some jobsworth "No, you don't actually need to know my birthday". Facebook thinks I'm 115 years old.

Name (which isn't actually my name), address (which isn't my street address), phone number, username for talktalk account and password (now changed). They'd have my mobile number, but I didn't give it to them.

Then, for DSL accounts:

login, ip address, password (they don't store it one-way encrypted!)
Email name, email password (I don't use their email, but now someone else can).
Webspace URL, username, password (I don't use their web space)

I don't see how I can change that password using their web site. The method that they give on their web site, doesn't work. Here's what I get:

Email information and settings for xxxxxx@nildram.co.uk

No Information available at this time. 

 All the passwords for email and web space are displayed, so they aren't even storing them encrypted (they should use a salted hash). Duh! Security 101, you don't keep passwords where someone online can read them, not even the user! Here's Graham Cluley's article on this. And here's a nice explanation, how not to store passwords.

So tough luck on anyone who is actually using their TalkTalk mailbox.


Is it encrypted

TalkTalk have just announced that they've been hacked. The details of four million customers are in play.

The big question that they're being asked is, "Was the data encrypted?" The answer, currently, is "I don't know".

This is, of course, a silly question. And a silly answer.

Data encryption is, in this case irrelevant. Standard practice, is to store sensitive data on an encrypted file system.  That way, if the computer is physically stolen, the data is safe. This is great for the "laptop left in a train" scenario, but a database with the details of 4,000,000 customers won't be a laptop. It's also great in a "burglars ram-raid the datacenter" scenario, because although they've stolen the hardware, they can't access the data.

But in a scenario of "authorised user accessing the data", the encrypted data will be decrypted and supplied, because the authorised user gave the correct decryption key.

So, let's imagine a big company, with the sensitive details of 4,000,000 customers stored on a server. That data is there because it gets used. For billing, for marketing, for tech support. But it's encrypted, so only authorised users can access it.

Now let's imagine a wily hacker, who uses an SQL injection vulnerability, or a PHP vulnerability, or a Wordpress vulnerability, or any one of a zillion other vulnerabilities, to get root priviledge, and is now logged on as the root user. He can now log on as any user on that computer, and because he's an authorised user, he has all the access to the sensitive database that the kosher user has.

That's why "Is it encrypted" is a silly question. Because it actually doesn't matter in the hacking scenario we're looking at here. And that's why "I don't know" is a silly answer, because the correct answer is "Of course it is, do you think we're idiots? But the fact that it's encrypted, doesn't stop the hacker from accessing (and copying) it, because, see above."

Aren't there any people who understand about computer security in the media? Or in Talktalk?

Friday 23 October 2015

Binsted on foot

I had a look at a circuit near Binsted. It seemed to be 90% on footpaths, and the cache page said that there were lots of stiles, so I decided to do it on foot.

The first 40 caches (1 to 40), I felt that I could easily have biked; only one stile. But after that, the route got very stylised.

I did 65 caches in total, and that took me 7 hours (lunch was delayed until 5pm). Early on, I was doing 10 per hour, and then got that up to about 12 per hour, but I slowed down a lot for the last 20, because:

A) My left heel was hurting each step I took. Probably my plantar fascitis, which is the reason why I mostly cache by bike.
B) And my left ankle, which felt like it was sprained, but only intermittently, although by the time I reached those last 20, it was continuous.
C) And then my right heel (see left heel)
D) And then my thighs were complaining about all the walking effort, and I could barely get over stiles.
E) And my back, which just seems to start aching after I go more than about seven miles.

By the time I got back home, I needed a crane to get me out of the car.

I did a bit more than ten miles today, which is clearly too much.

65 caches found, no DNFs.

Wednesday 21 October 2015

How do you know where you are?

I set up a wifi access point recently, for my own use, and just for fun, I wondered if I could pretend to be somewhere other than where I was. Let me explain.

When you access, for example, google.com, you expect to be swiftly wafted to the web site run by Google Inc. This is done by a program that translates google.com to 66.102.1.100 (or whatever), and that's one of Google's servers. But suppose I do something a bit sneaky?

The program that does this translation is called a DNS server. When you connect to a wifi access point, one of the important things that the wifi server gives you, is the address of the DNS server that you'll be using. So, in this case, I told it to use a DNS server that's running on the wifi server. And I told my DNS server a wrong address for google. So that whenever anyone accesses my wifi access point and types in google.com, then actually get sent to a page that is mine.

And I can make it look like google, and act like google, in that it will produce a page of search results that looks like it came from google (because my wifi server did a real google search), but every link that it shows you, is actually a link to my wifi server again, to a page that gives you a sarcastic remark instead of what you were hoping for.

Which is all very funny.

But it's a classic "man-in-the-middle" attack, and someone with less of a sense of humour than me, could use it for some pretty nasty purposes.

So how do you know where you are?

Well, if you're using someone else's wifi, then you probably have no way of knowing, other than by simply trusting that the organisation providing the wifi access is A) honest and straight, and B) doesn't have an employee with base motives and C) hasn't been hijacked by one of the Bad Guys.

So what can you do?

Well, if you're sitting in an airport lounge using wifi to watch entertaining Youtube videos, it really doesn't matter much. But if your thinking of logging in to your bank, or you're about to give your credit card number online, then you should only do such sensitive activities when you're *really sure* that you are where you think you are.


Another day, another flash

Flash must be close to the top in insecurity. It seems like barely a month goes by without another vulnerability being found. Wordpress is close by, and php pretty bad.

I can live without Wordpress (this blog doesn't use it) and php (I use perl). But so much of what I need to do, requires Flash. Even a security site that I used to use for checking my compliance with PCI DSS (the Payment Card Industry's Data Security Standard) uses Flash. I'm glad to say, I don't use that site any more. My main use of Flash is youtube - yes, I'm a youtube addict. I use it like Radio 4, playing in the background. I watched The Knowledge recently. I watch Colin Furze's latest lunacies. I worked my way through all the Jeeves and Wooster (Fry and Laurie) series. So I need to keep my Flash updated, to avoid the constant series of vulnerabilities.

I was on version 11.2.202.521, and I need to update to  11.2.202.540 (and so do you). It's always a hassle.

In addition, I don't let Flash play automatically. Because if I did, and I accessed something that exploited the latest vulnerability, then I'm in trouble. Instead, I make it ask me each and every time it wants to play, which is a minor nuisance, but I think worth while.

The price of security is eternal vigilance.

Antivirus - not good enough.

I checked my email this morning, and among the real emails, the spams and the scams, were three emails with attachments; two zips and a doc. Inside the zip files were one exe file and an obfuscated javascript. I haven't done a deeper analysis, but they're obviously malware.

The Javascript is identified using Virustotal by 14 out of 56 products, and it's JS/Nemucod.q. It downloads something malicious to your computer.

The zip file containing the exe, is detected by 2 out of 55 products. I unzipped the file and tested the exe file with Virustotal. That should, if anything, make it easier to detect. But one of the products tested (Sophos) passed that as clean, whereas when it was zipped, it said it was malware. Very strange!

The doc file was passed as clean by all 56 products. Does that mean that it is, indeed, clean? Not likely. The file name was "Invoice 7500005791.doc"; it's claiming to be an invoice for something; that's a standard ploy to get you to open the file. Here's an analysis of it.

So there you have it. None of these 56 products are able to find all three of the malware that were emailed to me over the last 12 hours.

Not good enough.


 ... later ...

Two more arrived.

my_resume_3455.doc, found by 6 out of 56
Notification Email..pdf found by 0 out of 56
Secure Message.doc found by 0 out of 56

Monday 19 October 2015

Wear the fox hat, part 3, The Final

I parked at the car park, and got the bike ready. I bagged the cache near the car, then I set off.

In two of the first several caches, I found the Northings for the third bonus. I looked at the map, and decided that I didn't really need the Westing, there was only one place it could be. This meant a diversion of about a mile, and when I got there, I couldn't find it, which was saddening. As it turned out, I was wrong, it was somewhere else.

So I continued on, and eventually found a cache that gave me the Westing, and sure enough, it was in a completely different place from where I'd thought.

So I did 37 caches, and then the bonus for this loop (loop 2). And that gave me the final part of the coords for the Final Bonus. Which turned out to be several kilometers away.

The problem was, I'd done loop 1, loop 3 then loop 2. I should have done them in order.

So I relocate the car, got the bike out again, and went to get the Final Bonus.

When I got close to the cache, I was about 30 meters away, and there seemed to be an impenetrable barrier of brambles between here and there. I paced up and down a bit, but eventually I decided to go for it, and plunged in.

I fought my way to GZ, and I found a lovely big box.

I'd wondered why the series was called "Wear the fox hat". There's a pub nearby called "The Fox", and maybe it's that? Or maybe it's the shape of the cache series? But now I knew why the series is so-called.


I wore the fox hat!

Sunday 18 October 2015

2000 kilometers

My bike odometer is showing 2000 kilometers. That's the distance travelled on my current bike - the motor with two gears. And I love it.

High gear lets me bowl along at about 25 kph (even faster if it's downhill), but I rarely go that fast. Caching is mostly over fairly rough ground, so I use low gear, which gives me lots of torque (pull power) and a top speed of about 18 kph.

It's supposed to run at 36 volts, so I'm using 12S Lipo batteries, which is 50 volts fully charged, 40 volts when near to empty. The extra volts give me a bit more oomph.

I mostly ride in top gear on the front gearwheel, and change the rear gearwheel according to whether I'm going along a good, flat surface; lower gears if it's rough or uphill. Exceptionally, I change the front gearwheel to give me an even lower gear, for going up steep slopes. Sometimes I get off and walk the bike, because although that's tedious, it's better than falling off!

I started off by using trios of 4S, 5AH batteries; now I use trios of 4S, 10AH batteries, giving me 12S, 10AH (50 volts freshly charged). That's normally enough for a morning's ride or an afternoon; 12 to 20 km. Then I like to get back to the car for lunch, and while I'm eating recharge the GPS. Then a fresh 10AH battery, and I'm on my way again. As well as the trio of 10AH batteries, I carry a trio of 5AH batteries, as a reserve, but so far, I haven't needed it.

I also carry a full bike toolkit (spanners, pump, inner tube, bike multitool, etc) and my full geocaching toolkit (pliers multitool, first aid kit, sting remedy, etc). I carry a hefty bike lock, in case I need to temporarily leave the bike where it might get nicked (that happened to me once, fortunately it was an ordinary bike) and a head torch in case I'm out later than expected. I also carry a hard drive (because I like to leave a hard drive as a swapsie in caches that are big enough and waterproof). But don't get too excited if you find one; half of them don't work at all, and the other half have failed and been reformatted, and I won't use them because they might fail again.

All this stuff is in a saddle bag, because it adds up to being pretty heavy. When I need to lift the bike over an obstacle, I can quickly take the bag off before lifting the bike.

On the handlebars, I have a lot of stuff. My PDA for navigating, of course, and the bike controller, showing speed, distance travelled and voltage. There's a thermometer to monitor the motor, and a little bell I can ting to warn pedestrians when I'm coming from behind them. And there's also a turn/stop indicator; that's usful whem I'm sharing a road with traffic, to let cars behind know that I'm turning right, or slowing down (the brake light comes on when I brake). It also gives me a horn to toot.

I do all the maintenance and repair - for me, that's part of the fun. That mostly consists of replacing brake pads, retensioning cables and oiling things, but I've also needed to replace the rear suspension when it broke.

Here's to the next 2000 kilometers!

The Lavender Hill Mob

Last night, we watched an old classic, The Lavender Hill Mob. Alec Guinness, Stanley Holloway, Sid James and Alfie Bass, plus a special appearance of Audrey Hepburn.

The plot revolves around the stealing of a batch of gold, and melting it down and recasting it into Eiffel Towers, using the foundry where lead and pewter are usually cast.

There's two problems with this, though, one small, one large. The small problem is that gold is twice as heavy as lead, three times as heavy as pewter. This would surely be noticable?


The second problem is much bigger. The melting point of pewter is 200 degrees C; the melting point of lead is 327 degrees. I'm melted and recast lead over a domestic gas cooker. But the melting point of gold is 1064 degrees C. A furnace made for pewter and lead, wouldn't be able to melt gold.

It was quite a good film, though.

Saturday 17 October 2015

I'm a blogger

I'm a blogger.

I'm not like other bloggers, but I've had half a century to get used to the fact that I'm different from other people. Of course, everyone else is different from other people, but I suspect that my difference is more than the average. Anyway. My blogging is different.

Other blogs tend to be about one thing, or a couple of things. Mine is more a collection of essays, about a range of subjects. I'm heavy on geocaching, computer security and bicycles, and there's not much of a link between those three. I also write about gullibility (in various forms) and critical thinking; I write about unwanted intrusions into my time (spam, cold calls). About the vagaries of VAT, and the bonkersness of banks.

I don't do many pictures, because I prefer words to pictures. I don't do videos at all, because, again, I'd rather read ten pages of text in ten minutes, than watch an hour of video of someone saying the same stuff.

I don't mingle with other bloggers. Daughter.2 is very social, and part of her blogging experience, is the fun she has with other bloggers. I'm not a social person; I'm very happy to spend an entire day out caching with only my own thoughts for company. The only blogger I've met is daughter.2, and I knew her before she was a blogger.

For me, my blog is an outlet for my thoughts. It's also useful to me; if I want to remember something, then if I've blogged about it, then I can google it including the search term "drsolly". Handy.

I'm not on Twitter, because I can't imagine being able to say anything useful in 140 characters, and I'm not active on Facebook (except to point out especially bad notions) because Facebook is 99% noise. But my blog is an oasis of sanity and useful information, in a chaotic internet of insanity, uselessness and nonsense.

Antivirus - part 2

As the tests in my recent post show, antivirus products are detecting 10 to 20% of the malicious software that is emailed to me. And that tells us something interesting - this is how they get in.

I get a few dozen emails per day that include a doc, pdf, scr or exe file. An exe file is a program; when you click on it, that program runs. An scr file is another exe file. A zip file is just a way of hiding what sort of file is inside it; when you click on it, Windows cleverly pulls the exe file out from inside it, and runs it. If a file has two extensions, like .jpg.exe, you might think it's a jpg file, but it's actually an exe file. A doc file can contain macros; if you doc file reader (often that's Winword) runs those macros automatically, then you've just run a program that's been emailed to you.

So there's lots of ways someone can email malware to you. What can you do about it?

It's difficult to block. You can have the strongest firewall possible, but you still want to receive email, so your firewall will be told to allow email to come in. Your incoming email, for most people, is your biggest vulnerability.

Wouldn't it be nice if something could be done about it? Preferably by the people who make your operating system, so that malicious software can't run? Well, they did try. But it didn't work well enough. So what can you do?

As discovered in my previous blog about antivirus, installing an antivirus isn't going to be the answer. Even if you install three of the best antiviruses, they're going to miss a high percentage of incoming malware. So what do do?

I'd suggest a two-layer defence. The first layer is you. If an email includes a doc file or a zip file (or any other attachment), don't click on the attachment, unless you have a *really good* reason to do so. And a really good reason does not include:

* It looks like it might be interesting
* It looks like it might be funny
* It looks like it might be important
* It looks like it came from your bank
* It looks like it came from a friend
* It looks like it came from your government


Did it come from your friend? Or could this just be a generic email that's pretending to be from your friend?

The second layer, is  your software.

If you're running Word, disable the running of macros.
If your software for reading doc files is something else, disable it in that.

If you're using Adobe Acrobat to read pdf files, disable macros. If you can't see how to do that (I looked, I couldn't see how) then use a different product to read pdf files.

If you're using Windows Explorer to browse the web, you can use higher security settings. 
Or you could use Firefox or Chrome.

So what happens if you don't bother with all this? Not much. At first.

Then the first malware gets installed. This slows your computer down, because as well as doing what you want, it's also doing what the malware wants, which might be pumping out spam to the rest of us.

Then the second malware insalls. This slows your computer down some more, and occasionally it crashed while your trying to do something, because the second malware wasn't written or tested very well. And it's being used to cause other computers to crash so that if discovered, you get the blame.

Then the third one arrives. This clashes with the first one, so you computer hangs from time to time, and accessing the internet becomes really slow. Also, it watches what you type, and anything that looks like a credit card number, is sent to the malware author. Do you check your credit card statement? Most people dont, and even if you did, if there's an occasional item for £30 that you don't remember, would you do anything?

By the time the tenth malware installs itself on your computer (and tries to uninstall the sixth, but fails leaving it partly working and causing lots more crashes), your computer has become pretty useless. Your credit card too, because as fast as you put money on it, it seems to evaporate. And you're having a long correspondence with your bank because they're saying that you logged into your account and took out £100, and you know you didn't.

Time to spend £1000 on a new computer. Or spend a few hundred getting a techie to wipe your computer clean (and you lose some or all of your data) and install a new copy of Windows, so now you can start the process again.

Friday 16 October 2015

Wear the fox hat part 2

Today I went out to do another  part of this series. It went well, and I found them all. 42 caches done today.

Thursday 15 October 2015

New iPad

Ladysolly has been agonising over the new iPad Pro. She's an Apple fanboi (or should that be fangurl?) and has an iWatch, and iPad Mini, an iPhone 6 and an iPad 4 (I might have lost count there somewhere).If there were such things, she'd have an iHandbag and an iCar.

Apple have announced (or maybe it's just a rumour that everyone believes) that a 12.9 inch iPad (iPad Pro) will be coming out in November, and she's been agonising over whether she can justify getting one.

The agony is over. She dropped her iPad 4, and the screen is a bit cracked. It still works, but it's all she needs to justify getting the iPad Pro. And so I'll be inheriting an iCracked iPad to replace the old iPad (which I think might be an iPad 1) which I only ever use to watch youtube while I'm working.

So that's her Christmas present identified!

Lunch in London

Today, ladysolly and I went down to London to have lunch with daughter.2. The day started off badly - ladysolly couldn't find her Oyster. That also meant that we set off for the station a bit late, and ladysolly drove like a gazelle to get there on time.

She dropped me off to get a parking ticket, which I got and handed to her, and then I went to the station and fed the ticket machine more money to get her ticket. And then I waited while she parked.

And waited.

And waited.

Then the train came. And went.

And I waited.

Eventually, I saw her walking towards the station. Here's what had happened.

She drove all the way to the end of the car park, and there were no spaces. So she circled the car park until she found one, and then she parked, and I wasn't there, but she's not too skilled at parking in small spaces, so I imagine that took a while. And then disaster struck - the parking ticket had fallen into the crack at the front of the dashboard, and she couldn't get it out. So she had to buy another parking ticket, which meant walking to the nearest parking ticket machine and back to the car, and she barely had enough change for that. And by the time she'd done all this, the train had come and gone.

So we got the next train, which wasn't a big deal, it meant that we got to London half an hour after we intended, and met daughter.2 at the restaurant.

I had chickpea soup followed by beef stew and cheesecake (CHEESECAKE) for dessert.