I Still Don't Sleep At Night

NOTICE THEY DIDN'T PUT OUT A REWARD FOR FINDING HACKERS

My theory as to why Microsoft will only reward people who lead them to virus and worm instigators, without saying a word about even major hackers, is that there are too many of them. They'd go broke passing out all those rewards. Microsoft has already been hacked I heard, and maybe they don't like using the H word. My hacker got a message to me through BlogPatrol, my statistics website, that I should get my computer up and running so he or they can use it to hack Dell. I guess they thought I'd jump for joy at that one and eagerly re-install the Windows for them. True, I hate Dell for not standing by my four-year warranty, and leaving me computerless three months after I purchased a computer, but I'll be damned if they're using my computer to hack anything--not even the White House. If I can't use it, no one can.

But tell me I'm not narrowing the search for the hacker. None of the usual tools work. They have disabled everything. Ipconfig doesn't work. All the net commands are disabled. None of the hostname things work. The best tools for finding out who's at the other end of your remote network are all on Windows XP Professional, the mere peons get zilch. Anyhow, I've seen the 811. and LANs stuff in the files. I know they are within 1,000 feet. I think I have narrowed it down to the right neighbor. Tell me what you think: There is this 20-something who lives with his mother and sister in the garden apartment. He dresses in what you might call an independent mode. You wouldn't really classify him as anything but you would observe that he's not run of the mill--some might say odd. He works part-time at the local coffee shop. I saw him in there recently and something in my head just clicked. "It's him," my brain said, after weeks of unfairly believing it was the people upstairs from me.

So, out of nowhere that he expects I'm sure, I say, "Do you have a computer?" first thing out of my mouth. He looks flustered and mumbles that he does. "What kind?" I demand to know. Now how's this for a suspicious answer from a kid who's at an age and lifestyle where you would expect he'd know what kind of computer he has? He says, "Oh, I don't know. It's old. I got it from my aunt." Then he turns his back to me and stares out the window until I leave. I let it go.

That night I put a tiny voodoo robot toy with a crab-like creature clawing its stomach area and a missing right hand outside his door. It is gone the next morning. The next day I put a tiny toy stop sign. It, too, is gone the following morning. Then I am doing laundry in the basement and have to walk past their apartment windows several times. The shades don't quite cover the windows on the sides. I peek in and see a new laptop with built-in wireless antenna.

Now to prove it. Tonight I went to a forum at www.whitehats.com. First I went to blackhats, but it seems they mostly work with businesses. Everyone wants to help big businesses. I have yet to find anyone who wants to help an individual who is hacked. My reason for looking at the "hats" today is because sometimes I think the only way I'll get rid of this hacker is to find another hacker to help me.

I found an online publication for people who hate AOL or just want to make fun of it. I'll pass it along when I find it again. Here's what they did to me lately. I haven't used AOL in months since I can't get online but I keep it in case I ever get my computer back and want to download patches and firewalls in a hurry. This month my credit card company alerted me to suspicious charges by AOL. It turns out they charged me not once but twice for charges to an account opened by, get this, MsRefusnik. And here I thought she was just one of my screennames. According to AOL she is real. She got drunk one night and told my master screenname that it was over between them. She said she was going solo and the result was that although I am the one and only user (or non-user as of late) I had two accounts to pay for. AOL argued with me that lots of people like to have more than one account and they didn't find it odd at all. It was a lot of crazy phone calls before I got the account canceled and maybe the charges too.

See ya.

WHAT'S WRONG? SOMETHING WENT RIGHT.

I thought this blog was lost to me forever. I thought it would just orbit out there like space junk while flea market buyers tapped into it occasionally looking for the odd bit on the eplpdx02, fruit flies and doggerel with the theme of not sleeping at night. I have changed so many passwords that I got dizzy. I just did not have a clue what the password was for this blog. Unfortunately, the e-mail address that they kindly send the password reminder to was canceled due to being hacked. So I could not log in to change my user information and I was unable to get an e-mail to them because the page wasn't working properly. And then today my brain went pop and I found where I had actually written down the password and here I am.

By the way, the e-mail address I had to cancel because it was full of malicious files was poor MsRefusnik's. Let's say goodbye forever to her shall we. I know I will never again leave an e-mail address out on the web for all to send their trojans, worms and viruses to or just to more easily hack the computer. Dumb, dumb, dumb.

Speaking of security, here are some of the very interesting and unusual websites I promised you last time. All the research I've done has got to be good for something: at least I can share some of it. Do read "At Microsoft Security Flaws Emerge as Business Shortcomings," and then look over the entire issue of SecurityFocus.Com. According to Helen Jung's AP article, loss of revenue is getting Microsoft's attention in terms of Windows' vulnerabilities. MS said in latest quarterly report that revenue from multiyear contracts dropped $768 million from previous quarter, about $450 million lower than anticipated. And I bet I can guess the feature here: MS, it goes on to say, is making improvements in Windows XP desktop next year. "The improvements are to include disabling certain features that can allow hacker break-ins." What do you want to bet they're getting rid of the ridiculous remote assistance hacking feature?

Security Focus is run by Kevin Poulson, a convicted former hacker, and it is one-stop shopping as far as your security needs go. There are collected timely articles on every aspect of computer security, book release titles, tool downloads (everything from firewalls and password crackers to intrusion detection, vulnerability scanning...just look around. It's geared for the seriously security-minded but should be of interest to all.

The best thing to do according to one book, (Counter Hack: A Step-by-Step Guide to Computer Attacks & Effective Defenses) is to subscribe to Bugtraq. Do this by sending an e-mail to LISTSERV@SECURITYFOCUS.COM. Message body: Subscribe Bugtraq, last name, first name