I Still Don't Sleep At Night

SHUTTING THE BARN DOOR AFTER THE HORSE IS OUT

I can't stop reading stuff about computer security. Since my computer is already hacked, some might say it's a little late for that now.

Today I found a good blog devoted to "network security monitoring, incident response, digital forensics, and book reviews on related subjects." I learned in here about The Center for Computer & Communicatiions Security at Carnegie Mellon. I wonder what resources they have that I might be interested in.

Oh, and I found some really cool security tools you can download for free.

That reminds me of another cool thing I recently stumbled on. It seems to me that Microsoft just sort of sprinkles their goodies here and there, and if you find them great, if you don't too bad. Here's one I was glad to find. It also has, among its many gifts, free tool downloads. Check it out why don't you. There really are lots of useful things.

And I'm ripping and running again. Can't really give this blog justice today either. Too busy reading about security. And I did pause to read "Does Microsoft Give a Damn?"

Gotta go. The hackers are using the Word Perfect I installed today and they won't let me use it. I tried to install my printer again and still they won't let me. Now they won't let me use simple things or open anything from the control panel. They have to go. I am so tired of this.

HACKERS' CONVENTION--YOU'RE INVITED

Quick notes. Tomorrow I really blog.

Remember me mentioning that hackers actually have conventions? I mean they are brazen. I found the site with all you need to know so you can watch for the next one. You might want to check out the very interesting forum also. There are over 170 posts on wireless technology alone, in response to those who wonder how I could be hacked without being plugged in to the internet. I'm thinking of getting some cool Defcon clothes. Why not? If you can't beat 'em, join 'em, right? What if I went and bumped into the hackers of my computer and didn't even know it? Small world. This just gets crazier. And more crazy people are telling me that I'm imagining it every day.

I don't know about you, but I need to get in touch with this guy and get a few things off my chest. From my address book to yours:

Bill Gates
Microsoft Corporation
1 Microsoft Way
Redmond, WA
98052-8300
425-882-8080
425-936-7329 (fax)
billg@microsoft.com

See you tomorrow when I've got more time.

NOW YOU CAN REPORT MY PROBLEM TO THE FBI'S JOINT TERRORISM TASK FORCE

Or so says the page one announcement on the National Infrastructure Protection Center's warnings and advisories home page. I was filing my biweekly crime report with the FBI, when much to my surprise I saw that a lot more people with Windows XP are about to go through the agony I have been enduring, except the warning calls it a worm. I am more convinced than ever that what's in my computer is no worm and I'll give you the fascinating details in a minute. (I also file FBI reports at FBI crime. I hate to say it but maybe you should make a note of some of these sites. Not that they're worth much if you ask me.)

I haven't been watching t.v. and I refuse to read the media whores, so I had no idea about the new threats. I may have heard something but thought it was old news. I mean isn't there a new threat every week now? It's a good thing the windows at Microsoft security headquarters are sealed shut to prevent jumping, isn't it? (I read that in the "Hacker Weekly News" my hackers let me see. I guess they're all having a good laugh about now.

But as some of you may recall, all of my endless research convinced me that my problem began with the Remote Procedure Call. I think I even linked MS03-039 when I talked about it. The three vulnerabilities in the part of the RPC deal with the messages for the Distributed Component Object Model (DCOM) activation--two that would allow code execution and one that would allow in denial of service. The DCOM is a protocol that enables software components to communicate over a network. If you don't absolutely have to have it I suggest you disable it. Here's how to do it.

This has become quite a tech corner hasn't it? I am torn. I want to brag to you about all my latest computer accomplishments because I am so proud of how far I've come in the last month and the misery I've caused the hackers. I mean when you consider that before the hackers I couldn't put a link on the taskbar it's quite astounding. But I have to wait to brag. I have already said too much. They read this blog and there are repercussions. I can't stay ahead of them with a big mouth. Things happen. But wow, what a crash course I've taken. Today I was reading about debugging and realized I was trying to dive to the bottom of the ocean without equipment. Whew! This computer stuff just goes on and on with no end in sight.

But it's hard to brag today in any event. They have set up some controlled boot setup so I can't boot up Windows at all. I checked out the computer with the little I had to go on, and tweaked where I could. I don't think there's anything wrong with it except for the files I found that point to more of their fun and games. They do love to control. And now it's going to start happening to lots and lots of people.

Do you think that because there was a page one government warning people sat up and listened to me and decided to help me? Fat chance. They tell you on the warning to "report information concerning suspicious or criminal activity to local law enforcement (more shrugging of shoulders), local FBI's Joint Terrorism Task Force (why bother, more of the same), or the Homeland Security Operations Center (HSOC). I called the HSOC on my dime. (What? Report crime without an 800 number?) I called tonight just like Charlie Brown kicking the football Lucy is holding, thinking this time it will be different. I rationalized that this is now a big deal to them, surely they will listen to me and help. Sure I wrote them an e-mail report a month ago that they're ignored but now it's a big deal. Just look at that warning.

The man who answered the phone put another man on right away when I told him it was about hacking. I felt important and taken seriously. Little did I know I was receiving the bum's rush crazy treatment. The second man didn't want to hear the details. He didn't want to hear what I had just found in the registry that I felt he really should be interested in: hundreds of hacking classes files on every subject of interest to hackers. I am talking about a range and number of classes that could put a major university to shame. I made a list of most of these files. Someone could go to the registry and look for themself. A computer expert could find these hidden files and the jig would be up. He didn't seem to want to listen. He had one message for me and only one. I should take the tower of my computer to a "man" at a computer repair shop and have them re-format it and re-install Windows. I told him I have now done that about ten times and it does no good. He thought if I had a man do it my problems would be over. He started to tell me about his computer repair problems. I asked if he wasn't at all interested in catching people who teach others how to hack computers. He just repeated the instructions about fixing the computer. Told me I might want to get the hard drive checked out. I started to get angry and told him all the agencies that had refused to help me and asked him who was going to get these guys. He just told me to take my computer to a shop.

I am so sick of being treated like I am nuts. I can identify with victims of other types of crime now who feel shame as though they did something to bring the crime on themselves. I was reading about another new method of hacking the other day, and the article came right out and said that firewalls couldn't protect you in this case. But still I think people are thinking, "There's the stupid woman who didn't have a firewall up," even though I did. Or "there's the woman with the worm who imagines she's being hacked." The local police treat me like I'm bothering them when I tell them someone broke into my house for crying out loud. They don't want to hear anything about any hackers.

Anyhow I'm getting worked up again. I'm writing to Bill Gates or calling him up, whichever way I feel I can get closer to actually getting through. I want to know what happened to 2003, the year of Microsoft trustworthyness. I want to know what he has to say about what is happening with Windows. And I want to know if after everything we've gone through with this turkey if it's true that in 2005 he is planning to make the damn thing obsolete and you won't even be able to buy software for it.

Here are some of the files I found in the registry. I would guess that half of the material for the classes that are taught comes from Microsoft. I went to Microsoft and looked for myself. Yep, they put out all that stuff. It's difficult to tell the non-criminal purpose of a lot of that information. It seems to be made for hacking. They have disclaimers on every page, but they showed no responsibility putting that kind of information out there if you ask me. If you didn't know where I found these files, you'd probably think I knew someone who was a professional support person or administrator with Microsoft.

Here they are, remember there are hundreds and lots of the same ones and I'm just giving you a small sample. I recognized that they were all about hacking from all my recent research. (Watch. Wouldn't this be a nasty twist of fate? After all my begging for help, Homeland Security or someone will finally look into my case, and come and put me in prison for having these files in my computer. That would be about right.)

Microsoft (MS) Index Server Administration Object Class
MS XML Data Source Object Class
Help Collection Wrapper Class
Async M Handler Class
RadioBand Class
RadioServer Class
MS Data Link
MS OLE DB Provider for ODBC Drivers
MS Handler Class
MS Info Tech Protocol for IE 3.0
Marshalable TI Class
MSMQ Query Object Class
MSMQ Queue Class
MS Program Group
Script Control Object
Soap Port Connector Factory (I read in the Hacker News that something called SOAP is going to be big with hackers.)
MSSOAP soap soap reader class
MS soap serializer class
MS soap type mapper factory version 1
(MS MS Ms, see what I mean?)
MS Encoder Feature Segment
OLE SNMP Class
OLE Cvt Class
Bug Rep Sys Info Class
Process Dump Class
Public Key Security object
Precompiled setup info (probably what they're using on my computer right now)
png file
co png filter class
real networks streaming protocol
listener class (it's part of a hacking method)
and, finally, (only because I'm tired of typing, they're are many more), my favorite, "panic class"

BTW, here's what happened when I finally told Dell where I purchased the computer that they had to do something. I bought a four year warranty because I never wanted to have to worry about getting it fixed. Isn't that funny? So I wrote them an e-mail to their tech support address. I told them not to send the reply to the e-mail address they have on record because it's to my hacked computer but to a different one they don't know I have. Well, a month later, today, I got a chance to look in hacked account they of course sent it to, and I found their response. One response is just a copy of my letter returned to me by a computer acknowledging receipt. The other response is just a note telling me to re-send my note to the Dell Contact Center. That's it. That was the reply to a page and one-half e-mail that went into some detail about my desperate circumstances and what was going on exactly with the computer. So Dell will be getting another letter.

And McAfee, let's not forget McAfee when the dust settles here. I think I want to go in and see them in person if I can. Do I blame them that their security failed me? Yeah, I suppose so, but what I really despise them for is not giving me any support when I went to them after the fact and asked what to do.

I better sign off. I sound bitter. I must remember to keep on the sunny side: I can always sign up for the hackers' class in ATM core concepts and live on the side of the law where you never have to worry.


MS Persist Class (I was proofing the blog and this popped up. The hackers are here. At least they can laugh. But it really is the name of one of their classes.