Ego’s Veil: Unmasking Performative Advocacy

Ego’s Veil: Unmasking Performative Advocacy

One day, during a brief lunch break from work, I stood in line at a local restaurant, craving a sandwich to refuel for the rest of the day. As I waited, a colleague approached me. Although we didn’t know each other well, they recognized me from the office and discussed ‘Cyber Patriot.’ This was a well-known competition where industry mentors teamed up with students to tackle hacking challenges. I had heard of it and engaged in the conversation, nodding in agreement and mentioning that it sounded like a worthy cause. However, my main focus at that moment was satisfying my hunger with a sandwich.

Months passed, and life took me on an unexpected journey across the country to California. Upon returning to the office for a visit, I unexpectedly bumped into the colleague whom I’d previously talked to about the opportunity. The recognition was immediate, and before I could exchange pleasantries, they scolded me, “Why didn’t you join Cyber Patriot?”

Taken aback, I responded, “Well, for one, I moved out of state.”

Their face contorted with a mix of disbelief and frustration. “You should have told me,” they retorted, their voice laced with exasperation, “I wouldn’t have wasted my time talking to you about it.”

My response was instinctual. “At the time, I didn’t even know I was moving. Besides,” I added with a touch of irony, “weren’t we just standing in line next to each other, waiting for food?”

The exchange left me pondering a curious question: Did this person honestly care about the cause, or were they more invested in the appearance of caring? When it came to genuine causes, advocating for them was never wasteful. But for some, the cause seemed secondary to the ego boost they received from championing it. It made me wonder whether they were more concerned about how they looked as part of a program rather than the essence of the program itself.

Upon reflecting on the incident, it became apparent that advocating for a cause carries the potential for meaningful impact. Yet, a distinct dichotomy emerged between impassioned advocacy and performative engagement. True dedication involves spreading awareness and genuinely understanding and valuing the cause’s purpose, untainted by a mere desire to enhance one’s image. This experience underscored the delicate boundary between selflessness and self-absorption, reminding me that we must all navigate where we stand.

It also highlighted the tendency for some to prioritize personal image over grasping a cause’s significance. Motivated by the hunger for validation, their actions often overshadow their genuine impact. The crux of the matter lies in introspection: Does our engagement stem from authentic empathy and altruism, or do we merely seek recognition? The answer holds the key to our level of involvement.

Finding Good Vendors: Lessons from Dental Chairs 🦷

Finding Good Vendors: Lessons from Dental Chairs 🦷

Relocating to California brought about more than just a change in scenery; it posed an unexpected challenge—finding a reliable dentist. What may seem like an unrelated experience holds a profound analogy for understanding why customers meticulously choose vendors, especially when they have dozens and hundreds of others circling them at all times, like sharks in a competitive sea. Join me as I share my dental journey and how it illuminates the pitfalls of hasty vendor decisions.

Dentist Analogy: The Discomfort Zone

My quest for a new dentist, driven by convenience, introduced me to a seemingly cost-effective practice. However, the veneer of affordability soon cracked, revealing profit-driven motives and a disregard for patient well-being. The waiting room turned into a nerve-wracking ordeal, with minutes stretching into eternity. Once inside, my interactions were fleeting and never with the actual dentist. The parallels with the vendor selection process were uncanny—quick convenience can often mask a lack of genuine concern for customer satisfaction.

Experiences with my dentist unfolded like scenes from a chaotic assembly line. The doctor juggled multiple patients, leaving me waiting with instruments in my mouth, yearning for his return amidst his multitasking. This led to frequent mistakes, with one incident culminating in a harrowing 2 am hospital visit due to an overlooked bite check after a procedure. The connections to vendor-client interactions were glaring—vendors who stretch themselves thin and lack focused attention can induce expensive errors, echoing the disjointed dental encounters.

Wisdom Teeth and Vendors: A Parallel Unveiled

The turning point came with the proposal for wisdom teeth extraction based on outdated information without proper examination. Seeking a second opinion introduced me to an oral surgeon whose methodical evaluation exposed the flaws in my previous provider’s approach, and clearly, the weight of the risk was solely on my shoulders. This episode uncloaked the pitfalls of vendor choices—entrusting vital responsibilities to vendors without comprehensive assessments by subject-matter experts can lead to preventable disasters.

Much like the dentist’s disregard for my unique situation, such as my age and how deeply rooted my teeth were into the nearby trigeminal nerve, vendors who skip personalized evaluations fail to comprehend clients’ distinct needs. Just as the oral surgeon tailored his approach and risk evaluation to my situation, businesses should insist on vendors who undertake comprehensive risk assessments, ensuring a snug fit between solutions and challenges.

Navigating the Vendor Seas: Sharks and Shoals

Vendor selection often sets sail with hopeful online searches and form submissions, reeling in vendors that promise the world. Yet, wisdom comes from my journey – where experience and vows sometimes part ways. The chasm between grandiose “We’ve done this hundreds of times…” declarations and actual performance becomes glaringly evident during execution. The divergence between vendors’ claims and their true capabilities resonates with the dangers of selecting a provider based solely on location or marketing hype.

Just as a website’s glitches lay bare the gap between pledges and practicality, vendors who fail to deliver on their assurances can compromise projects, leading to wasted resources and missed growth opportunities. Maybe they’ve executed tasks repeatedly, but success is another realm. The glittering logos on their homepage could well be from yesteryear’s corporate gigs, not their current venture’s finesse.

The Irony of Misaligned Pearspectives

A recent interaction with a copywriter highlighted a common pitfall: the assumption that we understand our client’s needs better than they do. This misconception often leads to misalignments between projects and their intended visions. This issue arose during a disagreement over including my company’s inception story on our website.

The copywriter’s stance was to omit crucial context – that our product was developed collaboratively with IT providers and supported by thorough end-user research. Instead, the copywriter leaned towards a generic approach, portraying us as just another company merely guessing at customer pain points.

Ironically, the same mindset that makes vendors think they understand customer needs without proper engagement also hindered the copywriter from recognizing the value of my insights. Just as vendors can overlook clients’ unique requirements, the copywriter disregarded the essence of our product’s creation journey—partnering with IT providers and conducting meticulous research.

Conclusion: Navigating the Labyrinth

In hindsight, my dental journey mirrors the intricacies of vendor selection. The parallels between my quest for dental care and the pursuit of reliable vendors reveal a shared truth: vendor choices require careful evaluation, meticulous risk assessment, and alignment with clients’ core values.

Just as I opted for a reputable oral surgeon for wisdom teeth extraction over mere convenience, businesses must prioritize expertise and excellence over quick fixes. In doing so, they avoid the allure of empty marketing and make informed vendor choices that propel their growth and success.

In essence, the dental chair and the vendor evaluation table bear uncanny similarities—both can induce discomfort or proceed seamlessly, all while you shoulder the associated risks. Just as selecting a dentist requires careful consideration, choosing vendors demands a thoughtful process. Prioritizing your well-being over their profit, reputable vendors align with the principles of a conscientious dentist.

So remember, when it comes to vendors or dentists, choose wisely – after all, you wouldn’t want a dentist saying, ‘Trust me, I’ve got the perfect painless solution,’ without the anesthetic, right?

Privacy Powerhouses: Optery, Kanary, DeleteMe, and OneRep

Privacy Powerhouses: Optery, Kanary, DeleteMe, and OneRep

Unmasking Data Detox Tools

The term “Data Detox Tools” encompass software applications and online services tailored to assist individuals in managing and overseeing their digital footprint and personal data across the expansive realm of the internet. In this context, the term “detox” metaphorically parallels the concept of purification, suggesting a process akin to eliminating unnecessary or potentially detrimental elements. In the digital sphere, a data detox entails taking deliberate measures to curtail the accessibility of online personal information.

These tools offer a spectrum of features and functionalities designed to aid users in diminishing their virtual presence, mitigating vulnerability to data breaches, and thwarting the inappropriate use of personal data. Some common attributes of data detox tools include:

1. Personal Information Removal: Often, these tools furnish a service that detects and eradicates personal data from diverse online sources, encompassing social media platforms, public databases, and search engine results.

2. Data Monitoring: Many tools actively monitor the web for references to your personal data and promptly alert you when instances arise on new websites or platforms.

3. Custom Removal Requests: A subset of tools permits users to formally request the removal of specific information from websites or search engine results that may have eluded automated identification.

4. Search Result Suppression: These tools are adept at relegating or suppressing undesired search results that might surface when someone searches for your name or other personal particulars.

5. Privacy Recommendations: Some tools extend beyond mere information removal, providing guidance and recommendations to elevate online privacy and security practices. This might encompass adjusting privacy settings on social media profiles, for instance.

6. Educational Resources: Many data detox tools are accompanied by educational resources, offering insights into best practices for safeguarding personal information in the digital landscape.

In February 2021, my exploration into the realm of personal information removal tools commenced with OneRep at the helm. However, it promptly became evident that the arena featured other contenders, such as DeleteMe, a service heavily reliant on manual interventions by human agents—an approach markedly less dynamic than OneRep’s automated portal. DeleteMe’s initial scope of less than 100 sites, despite the current claim of an expanded 750, raises concerns about its effectiveness and user experience.

OneRep’s competitive landscape has evolved, with Optery and Kanary emerging as dominant forces, relegating OneRep and DeleteMe to the ranks of privacy-preserving antiquities.

Points of Discontent with OneRep:

  1. OneRep’s zealous approach occasionally results in the removal of entries unrelated to the individual, spanning different ages and family members. This approach raises both privacy and precision concerns.
  2. The absence of visual evidence—such as screenshots or search result snapshots—for user review marks a notable shortcoming within OneRep’s offering.
  3. OneRep’s interface lacks a mechanism for users to “Ignore” false positives or contribute to enhancing the system’s accuracy.
  4. Instances where removal efforts are indefinitely labeled as “In Progress” could be seen as intentional retention tactics rather than coincidental.
  5. OneRep’s incapability to facilitate custom removal requests or deliver robust user support contrasts with competing platforms that offer user-focused success metrics and timely removal estimates.

The Dilemma of OneRep: A comparative assessment against emerging rivals, namely Kanary and Optery, highlights OneRep’s diminished efficacy. Kanary, for instance, boasts coverage across 325 sites, and its responsiveness to user input in expanding this coverage underscores its prowess. The introduction of a feature allowing users to link affiliated company names is Kanary’s ingenious method to curb spam and invasive associations, such as those propagated by Lusha and Apollo.

Optery’s Remarkable Attributes: Optery excels with comprehensive coverage under its Ultimate plan, though the inability to accommodate family members under a single account presents a notable drawback. The user interface within Optery’s portal emerges as a frontrunner, facilitating quick validation through a visual stream of screenshots.

Noteworthy is Optery’s “Optional Feedback” feature, enabling users to fine-tune platform accuracy, a process reminiscent of training the system to accommodate specific search variations and geographical locations.

Optery’s provision of “Custom Removals” stands as a laudable offering, empowering users to request the deletion of specific URLs or search engine results, a testament to user control.

Final Appraisal: Kanary and Optery emerge as preeminent choices in the realm of data detox, effectively superseding OneRep and DeleteMe. My transition from OneRep to these innovative platforms yielded the removal of over 36 pieces of my personal data, underscoring their effectiveness. The robust scanning capabilities, coupled with advanced features, secure Kanary and Optery as leaders in personal information removal. As my exploration of both platforms continues, my ultimate goal is to make an informed choice for a secure and enduring online journey.

Instagram Account Recovery

Instagram Account Recovery

Is Instagram’s account recovery workflow disappearing on some accounts and devices? We’ve had reports from readers and friends who’ve had hacked Instagrams with no success in using Instagram’s published docs to recover the account once the attacker’s email and phone number have changed.

Here’s a copy of the official Instagram post: I think my Instagram has been hacked.

(Update 12/6 – After testing for weeks over 40 times we can see the option on an Android but at the same time not on his iPhone following the same process. Another user reports the option appeared on an iPhone. We put in the attacker’s email, then see ‘Need more help?‘ but it has to be from a phone that’s logged in before and not a new device.)

 

 

 

 

The email doesn’t say ‘Revert Change‘ anymore as indicated in the Doc above:

I can’t access this email’ or phone number is no longer in the UI no matter how long you wait or many times you resend the codes:

Clicking ‘Secure your account here‘ brings you to a login page or the Help Center. No workflow triggers an account recovery of any kind, whether from a mobile or web browser:

Password reset emails offer no option to declare you’ve lost access to the email or phone number on the account:

(It usually says ‘Need more help?‘ but that option is missing on some devices)

Instagram mentions its new selfie function to recover accounts, but how? There’s no UI in any apps to trigger the Account Recovery options that lead to this outcome.

How does one recover once a hacker has changed the phone number and email address on the account?.

Card Fraud – Express Store 2401

Card Fraud – Express Store 2401

*** Update 9/12/22 *** – Thousands of people are visiting this blog regularly due to card fraud of their own via Express Store 2401. I have not been able to gather any more information from the companies involved, but I continue to dig deeper into how they’re stealing these cards and other parts of the operation. It’s ridiculous that it’s been going on this long and that Wells Fargo isn’t concerned with somebody stealing a card that’s never been used.

 

 

Wells Fargo texted me the other night about its fraud system. The issue was an attempted charge from EXPRESS 2401 in Columbus, Ohio. After a bit of Google research, I found that the world is no stranger to fraud coming from this location.

I’ve never once used this card with any other merchant or website. It was activated in June of 2021 and then locked in a cabinet. It also seems that if something were purchased on Express.com, it would show up as CORP, not a particular store location.

Here is the response from Express:

As a part of the investigation, I’ve set out to answer a few questions about this particular scenario:

  1. How could the attackers steal a card that’s never been used before?
  2. Did attackers hijack the Express merchant account for this location?
  3. Why does fraud persist at store #2401 despite reporting to the banks and Express for over 8 months?

The story will be updated as more information is obtained about this issue at Express Stores.

 

Ben Damman aka TypeSend

Ben Damman

Ben Damman aka TypeSend

In our experience with Ben Damman, the CEO of Aliens From The Future, Inc., we’ve encountered some challenges. We invested $8,041.67 for a project in September 2020, and there has been no meaningful progress. We’ve noted missed meetings, limited communication, and minimal code commits and observed him taking on new projects on Upwork. We’ve also come across similar feedback from others on the platform.

Ben Damman

From our records, Ben logged approximately 66 hours, including a twelve-hour day and a weekend. However, the only tangible output we noticed was a basic Elixir framework. He often shared messages such as “I’m about to commit a release” and “There will be a significant update soon.” He even assured repayment, mentioning, “The check is on the way.” Unfortunately, despite these communications, the deliverables and promises weren’t realized.

Ben Damman

Ben often speaks about his past experiences, mentioning roles at prestigious places like the White House and Apple. He also positions himself as an expert developer. Given these claims, it was surprising and disappointing for us that the commitments he made weren’t followed through, especially when it seemed he had the capability.

The frequent cancellations and last-minute rescheduling of meetings became our primary, if not the only, window of communication with Ben.

Ben once sent me a message, which I’ve captured in an image, explaining he missed our meeting because he was in “beast mode,” supposedly accomplishing a lot of work. Unfortunately, this approach seemed counterproductive, as I never received the promised screenshots, links, or instructions.

On one occasion, when inquired about his progress and well-being 91 days into the project—especially since there hadn’t been any tangible outputs or communication from his end—Ben attributed his lack of progress to political events in January and a coincidental stomach bug.

(In a particular instance, as showcased in the attached image, Ben extended an invitation for a call. I responded promptly within an hour, suggesting multiple time slots for our discussion. Regrettably, there was no subsequent communication or acknowledgment from his end.)

When Ben expressed his financial struggles to me, mentioning he was “low on money(unemployed), I empathetically gave him a $1k bonus from my own funds, hoping to assist. This bonus was attributed to a proposal he had drafted for our project. However, it’s noteworthy that up to that moment, the tangible deliverable from him was just a 1.5-page document. Even the presentation of this brief document was postponed as he had canceled the scheduled meeting for its unveiling.

Interestingly, just eight days after I terminated our contract that spanned from Oct 14, 2020, to Jan 19, 2021, another client posted the following review about their experience with Ben:

Ben Damman Aliens From The Future TypeSend
Ben Damman Aliens From The Future Typesend

During our engagement, Ben cited a personal tragedy—a death in the family in December—as a reason for delays. However, only a week after our contract termination, he undertook another project, displaying the same patterns of behavior—accepting funds but not delivering results. Between our two organizations, this amounted to a loss of ~$13,000.

It was disheartening to observe his leisurely activities on social media—travels, dining out, moving to a new, picturesque home—all while communication gaps persisted. It felt as if he was comfortably living on the funds we provided without offering any tangible work in return. To see him repeat this pattern with another business, even after our experiences, was deeply unsettling.

Ben’s inaction severely impacted our operations and timelines, causing significant setbacks to our market entry. Initially brought onboard for troubleshooting, he was unable to perform that task. Instead, he persuaded us to create an entirely new environment using his preferred frameworks.

It was the visible association with figures like President Obama and references to esteemed organizations such as the White House, Apple, and Google on his social media that convinced me to engage him. Regrettably, I was lured by this perception of a ‘My jobs are my identity‘ ethos, expecting it to equate to reliability. However, the outcome was far from it.

Ben Damman Aliens From the Future Developer Missoula Montana

Ben has yet to deliver meaningful results for the funds we provided when the project was initiated. Instead, we felt the impact of his actions quite heavily—both financially and in terms of time. After engaging with us, Ben relocated and ceased communication.

While Ben seems to be familiar with financial disputes, the question remains whether we’ll be able to recover our investment. It appears that others have had to resort to legal measures to ensure their financial disputes with Ben are resolved, and we might have to consider a similar course of action:

(Per WhitePages.com)

$4,306 to Express Personal Services
$9,802 to Asset Acceptance, LLC
$3,600 GB, LLC
$1,640 Capital One Bank
~20k in legal judgments.

Despite being provided options for a significantly reduced repayment plan, Ben has not made any attempts to repay even a small portion of the amount. We were open to a generous arrangement where he could pay back only half the amount at his convenience, both in terms of amount and schedule. Yet, this proposal went unacknowledged.

The last communication I received from him was an email of varied formatting in which he labeled my inquiries as “harassment” and stated that any further communication should be directed through his attorney. Interestingly, Ben had, on multiple occasions, voiced his intention to repay us. However, he never firmly communicated a refusal either. It seems he chooses avoidance over addressing the issue head-on.

Thank you for your attention to this matter, and I wish you success in your endeavors.

Google Spamdexing Attack

Google Spamdexing Attack

No Comments

Found an interesting Google Results injection against sites running Solr search. Attackers created links in an unknown place with search parameters being passed to the websites. Google crawled these source pages, following the links and accepting them as content. It’s not all that sophisticated, but remember, it’s results that matter in this game.

Many more are on my Twitter from notifying the organizations of this clever little hack against Google’s results.

911: Google Webmaster Removal Tool

 

 

 

 

In an example URL from Berkeley.edu, notice how they’re passing a parameter to ?s= that the site appends into the code of the search results page. Somehow they’ve added this to Attacker Page 1, which was then crawled by Google, and it’s creating an XSS (cross-site) on the destination page, picking the search up as content.

The result is that Google is picking up keywords from those pages in its results effectively promoting them:

Image

Image

Image

Definitely don’t try this at home! ‘Snorting Viagra‘ hosted on Umassmed.edu.

Image

Check out all of the other organizations that have the search hack:

https://www.google.com/search?q=%22Search+Results+for+%22+Viagra%22 (Pages 1-7)

https://www.google.com/search?q=%22Order+without+prescription%22 (“Order without Prescription“)

You can take any of the domains found in the broad results and cross-check with a more specific search, for example, site:berkeley.edu “viagra”

Here’s a gallery of different University sites showing thousands of results with the pill advertisements. Hit escape if the gallery runs off the top of your screen:

Pages that show whatever you put into?s= Solr search. If the search parameter is replayed into the page, it creates the appearance of content. The attackers must’ve linked these from other locations to get them on Google:

In a similar scam where the attackers actually inject a real page into the site, these organizations were impacted. Some were the University of Massachusetts Medical Center, Hastings Library, and The City of Dry Rock, where the pages have been injected since at least December of 2020:

Image

Destinations of these links being advertised are some of the following sites like ‘WebMD(dot)shop,’ which is brazen:

All of these domains above are landing pages that eventually lead to anonymrxonline[.]com

Phone: 888-524-7141 [ANI: VIGAR]

This phone # has over 5k Google results and shows signs of being in use for pill dealing for over 6+ years. It was formerly advertised by

[email protected]
Skype Gina24Rx [BDay: 9/16]
Location: Costa Rica.

Uses another phrase ‘MyPharmaCash’ from this affiliate program: https://www.facebook.com/MyPharmaCash and Twitter https://twitter.com/24rxshop activity ceased in early to mid-may of 2015.

Skype resets are af*****@mypharmacash.com and gi*****@gmail.com or phone number (***) ***-**61

The registrant of mypharmacash.com before it went private in 2016 was Mariano Bolanos in San Jose, Costa Rica. This is the same location as ‘Gina24Rx‘ this time using an email [email protected].

The owner Marianos Bolanos has numerous domains for pill-related items. His activity has died down since 2016. Many of the domains are active, though I have not investigated all of them.

Domain Cnaacr.com belongs to the National Chamber of Agriculture and Agroindustry in Costa Rica. In the footer, it’s signed ‘Web development by Bernetz’ (WayBack)

Domain Bernetz.com belongs to the company Bernetz IT Services that’s also registered to Marcos Bolanos:

https://twitter.com/bernetzit?lang=en

 

Still putting some pieces together on this one…

Organizations I’ve notified about being listed on Google under these kinds of reflective (XSS) and direct injection attacks today:

American Association of State Highway
Alabama Theatre
Arizona Department of Health Services
Berkeley Materials Science & Engineering
BainBridge Island Museum of Art
Califonia Digital Library
Children’s Community Day School
City of Dry Ridge, Kentucky
City of Tullahoma, Tennessee
Columbus Tech
Columbia University
Dickerson Park Zoo
Eastern New Mexico University
Ewing Marion Kauffman Foundation
FPrime Capital
Generation Citizen
Gulf of Mexico Fishery Management Council
Hudson River Museum
Monroe County History Center
Museum of Durham History
Miami Music Project
Multiple YMCAs
Methodist University
Palm Harbor Fire Rescue
Pathways 2 Life
Philly Expo Center
QuickLogic Software
SAE Institute
Schoharie County NY
Iowa State University
Irish American Heritage Center
Illinois State University
SoftLab
The City University of New York
The Port of Philadelphia
Toledo Zoo
University of Southern California
University of California San Diego
University of Minnesota
University of Mary Washington
Unmanned Systems Labs @ Texas A&M
Virginia Commonwealth University
Washington Internation Trade Association
Wisconsin Small Business Development Center
We Fest – Country Music Festival
WinterThur Museum
Wheaton Arts
Working Men’s Institute (Indiana)

Impacted Orgs: Google Webmaster Removal Tool 

Phish Gallery & Blog Update

Phish Gallery & Blog Update

Update

Why has the blog been so dry? Well, it’s complicated. There are always people who don’t want to see you expressing yourself in a public way. These invisible haters will try to make connections between your personal activities, i.e., Blogging and work-related things, in any way they desperately can. I win those battles; it’s just tiring to explain to the suits how free speech works. Support the ACLU and EFF. 

Visit my Twitter Feed to see screenshots of various threats that come my way from readers, and my own mailboxes being flooded with threats. Many of them turn into future news articles in the days or weeks to come, so you get a head start. Otherwise, I tend to post the news I’ve been personally reading throughout the day. Maybe you’ll find something interesting. Thanks for reading. I’ll be back as soon as I finish realigning my career goals and getting myself in a good place to write again.

Phishing Gallery

It’s been a CRAZY year for breaches, ransomware, and other cyber terrorism. Truly a daily occurrence all over the world. A collection of phishing screenshots I’ve collected this year from various honeypots and other sources. We’ve worked with many organizations over the years to take down infrastructure related to these attacks. The trend I’ve seen across security products is that they block effectively, but it takes days. Secondly, the sites and email sources tend to go largely unreported.  If you want to make a difference: Protect future victims by sending the abuse emails. It may take hours, but it’ll take days or even weeks as everyone shields themselves without bringing the sites down. Many providers I reach out to will respond quickly to eliminate the artifacts.

Useful Links:

www.joesandbox.com

www.any.run

www.sentinelone.com

www.dnsfilter.io 

Websites:

(Click the right > key to move through the screenshots. I need to fix the jumping around with different sizes)

Emails + Attachments:

AlphaRacks Offline

AlphaRacks Offline

No Comments

We reported a massive phishing operation taking place back in July of 2018 at Alpharacks. The spam, child porn, malware, and phishing never stopped for a moment since writing about Alpharacks back in 2018. The abuse@ team never responded to any direct emails between Quadranet and myself. The blog is under development but at this time Alpharacks is still offline as of 5/26/19. Here is the most recent Statement from Alpharacks

See our article: Phishing – A Master Anglers Toolbox

Recent updates:

DeepSentinel

DeepSentinel

No Comments

DeepSentinel is a new home surveillance system that leverages cameras, AI, around-the-clock monitoring to prevent break-ins, auto theft, and other domestic crimes.

DeepSentinel cameras are equipped with speakers allowing two-way communication. Speakers at 104dB which is reportedly the loudest on the market. Each kit comes with 3 cameras, 1 hub, and mounting equipment. Cameras are battery operated and reportedly last up to 2 months without recharging.

If a crime is detected, the Surveillance Center will engage local law enforcement. DeepSentinel aims to identify a threat in under 10 seconds and contact the police within 20 seconds

 

 

System Review

*** Update 11/2020 – Things have been smooth with DeepSentinel. A few brief outages were about an hour of time due to the larger Google Cloud Disruptions. The performance of the system has increased over time with much less false positive activity. Alerting is still nearly real-time allowing me to catch people out front very quickly. App has improved visually and in terms of features greatly since I bought the system. Support is great they’ve sent me a new hub, batteries, and cameras anytime I have issues with barely any hassle. Although I spent a bit of time below poking holes at the system most of them have long since been resolved. It’s truly a wonder to stop constantly thinking about people in my yard especially when I leave the house.

The vendor has recently released a new power-over-ethernet system that uses an Nvidia card and dome cameras. Stay tuned for updates on that system as I get my hands on one. our DeepSentinel purchase.  Click here to get 20% off your purchase/subscription.

—-Original Blog—-

Testing is in progress as are discussions with the vendor. This is a rough write-up of the final testing that I am doing with this system at home. Please note despite any critical reviews of certain features I am certain of two things: 1. I am here to hang on because fully managed is what I need. 2. Apps, Features, Bugs, and Products can change with enough feedback. This is by no means a recommendation not to buy the system. I love it! My job (as always) is to show you how marketing meets the delivery. Also, highlight anything that needs development or may annoy a potential customer. I have been using it for approximately 1-month gathering this information.

Positive:

1. Wake up time is fast. Agents consistently verify events in a short amount of time. Tests were successful in bringing an agent to the live camera. Many other cameras I have tested seem to catch the movement 1-5 seconds after it starts. This unit always records the movement that is taking place reliably. Another feature I like is that the clips can be 1.5-2min long if necessary. Other devices have predefined lengths that cut off the activity prematurely.

2. Battery life is good/acceptable for cameras with 1-2 bars and heavy traffic in front of them. My cameras have been up for 1 month. Batteries are 61% (Front), 57% (Back Door), (Driveway) 27%. The extra battery is a nice touch. It took me a few to realize you can rip the top off of the hub to charge it.

3. The app is evolving with new features. Alerts have become more specific, and the privacy mode is much more flexible. Having an initial max of 3 hours was a mistake. 24hr is great, a schedule would be even better. One downside to privacy mode is it stops recording locally altogether. It would be nice to choose whether to keep storing footage locally on the box. The idea (in my mind) was to stop escalating it to the SOC.

 

Issues:

1. Picture Quality – Overall picture quality of snippets and recordings is low. The vendor stated this is to expedite uploading to the Operations Center. I find the quality locally on my end remains poor. It would be hard to identify a license plate or letters on a van for example. I don’t doubt that the camera is capable of more but I can see that it’s throttled down for the reason specified and perhaps others like preserving battery life, storage space, or other resources. My thought is that this might record full quality and then commit a lesser quality image to the Operations Center. There is a balance of evidentiary interest with these minor details in addition to the live response.

2. Opened a ticket with the Support Team to investigate an unexpected outage of my system in the first 14 days. I didn’t make any changes other than rebooting the system a few times. On my first escalation, the rep explained it away as one of those situations where a device crashes. I recommended avoiding that kind of rationalization in this instance. It’s much wiser to use support as a point to collect those technical details. I want to know if my box is going to crash every 14 days. Reboots don’t address root causes. The vendor has been responsive and contacted me about this multiple times. No crashes since that time.

3. The camera appears to inspect 100% of all movement. Dogs, a spider, people walking by 100 times in 5 minutes. I have not personally witnessed any kind of AI. Every time there is movement it’s verified by an agent. I’m trying to make the connection between AI Assisted and a fully managed service that manually checks 100% of all notifications. This is not evident in my usage of the product. I am waiting for the vendor to explain where the technology comes in to play. I need somebody to draw me that line… We all know of the  100s of vendors who sell AI but the execution seems to be largely reliant on humans. Maybe it’s in the roadmap? Learning mode?

^^ Turkey Burglar or Burger? I can’t decide. My Actual Intelligence determined this is a bird, not a threat.  We focus on what matters most  “Coupled with Artificial-Intelligence, we distinguish between a potential intruder and a car, dog (^turkey?) or other non-threats.“. I’m sure it’s in a hyper-excited type of ‘learning’ mode but I’m just saying… I don’t know or understand a lot about “How” it’s going to learn, and when to expect that to kick in. I don’t doubt it’s coming but I seek more information on what’s next for my system. For now, I don’t mind if they keep an eye on my turkeys.

4. Delayed alerts, false alarms with cameras going online/offline. Apps seem to be evolving with its notification styles on Android. I have seen alerts that there was activity at my Front Door but then the clip is for the Back Door. Other times it alerts but the clip is from a past time. Not clear if this is known but the app seems to be producing lots of alerts that apply to events which already happened. Or there’s no video waiting when I open the application to see that alert’s contents. It might be something that’s going on with my phone. It’s not annoying enough to cause any issues. I do have ComCrap internet service…

5. Adjusting the area of coverage in some cases took away from areas within that border. I am still experimenting but it seemed like the ideal way to keep it was expanding the coverage completely. I tried to reduce it in some areas to avoid a road with cars passing by in the distance. It has recently stopped firing on those cars so the AI may have learned this pattern. Previously I had dozens of recordings showing cars far in the distance moving laterally to my yard. (Vendor responded and made adjustments on 5/24)

6. Many situations where I select a camera and after 0-60 seconds it’s still loading. At this moment I have rebooted my phone + the hub several times and still can not load my cameras in a live view. It displays a message that it’s having trouble reaching cameras. I can’t do it at all no matter how many times I try with app version 345. The camera also hangs when it has a live alert and I click into it when an event is taking place. (Vendor replaced a defective camera on 5/28)

7. Wireless between the cameras and hub is just OK. It’s not terrible but it’s also not spectacular. There are no antennas on the hub and it’s a 2.4GHZ connection. I spoke with the company about this and they quickly sent me a few repeaters. Mind you my Wireless box has 4 antennas and 75% strength in the positions of the cameras. It’s not up to me though I have to use the Wireless built-in to the system unable to leverage my own. (Vendor provided WiFi extender on 5/29)

Visit DeepSentinel

Bomb Threat E-mails

Bomb Threat E-mails

No Comments

A developing story where a wave of e-mails around the United States has caused mass hysteria and evacuations. I’ve obtained two domains from a trusted source who manages hundreds of clients. Below I provide an example of the e-mail, and move on to start investigating the domains. As always I’m asking for others to independently look into these domains. I will be updating the blog as I obtain information about this issue.

Data for domains came from various sources but are relatively self-evident as the headers will match the From: address in this instance. I have a list of domains below with corresponding IP addresses that all point to the same provider’s network. In some cases, the key seems to be what the domain was doing before it moved over to the new Russian host. One approach is that I’ve found most of the were pointing to GoDaddy just prior to changing over to REG.RU. I couldn’t find many that had a frontpage or legitimate use. See below for a deep dive on 11 different domains/IPs sending these messages.

Example:

“Subject: Do not waste your time

Hello. My man hid an explosive device (Hexogen) in the building where your business is conducted. My mercenary assembled the explosive device according to my guide. It has small dimensions and it is covered up very carefully, it is impossible to damage the building structure by my bomb, but in the case of its detonation there will be many victims.

My recruited person keeps the area under the control. If any unusual behavioror cop is noticed he will power the bomb.

I can call off my man if you make a transfer. 20.000 dollars is the cost for your life and business. Pay it to me in BTC and I warrant that I will withdraw my man and the device won’t detonate. But do not try to cheat- my guarantee will become valid only after 3 confirmations in blockchain network.

My payment details (Bitcoin address): (REMOVED)

You must solve problems with the transaction by the end of the workday, if you are late with the money the device will detonate.

Nothing personal this is just a business, if you don’t transfer me the bitcoins and a bomb explodes, next time other companies will send me more money, because this is not a one-time action.

For my safety, I will no longer log into this email. I check my address every forty min and if I receive the payment I will order my person to get away.

If the explosive device detonates and the authorities see this letter:

We are not terrorists and dont assume any liability for explosions in other places.

Deeper Investigation

I’ve accumulated a total of 11 Domains/IPs that were actively sending as a part of this campaign. They all have working SPF records and are hosted in netblocks starting with 194.58.x.x in ORG-nrRL1-RIPE as the host out of Russia called REG.RU. I’m not saying Russia is behind it as that would be a very simple solution – and at this point we can’t attribute anything. I opened a ticket w/ the host Thu 12/13/2018 5:38 PM PST as the services were still up and running with no takedown requests, not surprisingly. They responded Fri 12/14/2018 4:31 AM PST that ‘Service is blocked’. Despite all of the media coverage, and expert analysis not one person contacted the source of the e-mails to prevent further activity. Infact, as you’ll see below this is the same host/subnet used on the most recent sextortion emails.

Note: The e-mail below is a Sextortion threat from back in late Oct of this year using the domain albionstudios_com. That domain still resolves to ISP where threats came from. This strongly implicates the same individuals have recently run sextortion spam jobs from the same source network.

Here is an example header from the bomb threats:

Network Map (2 of the 11 below)

VirusTotal Graph

Godaddy IPs that some of these domains had before the A records changed over to REG.RU based on passive DNS from DomainTools + VirusTotal records:

50.63.202.48
184.168.221.57
184.168.221.9
103.1.175.1
50.63.202.62
50.63.202.82
91.195.240.82
50.63.202.46

Domain #1: yinnyang.com (194.58.103.231) (Previously: 
50.63.202.46)

SPF record checks out for both hosts during the campaign:

Search shows that the IP for this domain was changed today after being stuck on another address for several years:

Current IP:

Current IP address search on VirusTotal shows a number of other domains associated with the IP

Looking at the previous IP address right before it switched:


Previous IP this domain was pointing to is regularly communicating Files on this address is off the charts. It’s obviously a Command & Control point for Malware communication. Probably a throwaway at GoDaddy that’s still being used. The key here is checking the other domains (many of which have no legitimate front page) for these kinds of connections as the largest majority suddenly made the DNS switch today for this campaign.

Malware Families associated with previous IP of the domain


Domain #2: armiracles.com (194.58.61.73)

Domain #3 – Tiedeman.com (194.58.58.207) (Previously 95.170.70.225)

Domain #4 – wedgeze.com (194.58.58.54)

Domain #5 – weimd.com (194.58.58.23

Domain #6 – whathappensatdeath.com (194.58.61.134

Domain #7 – vinight.com (194.58.58.82) (Previously: 
184.168.221.9)

Domain #8 – theweightlossarea.com (194.58.58.125)

Domain #9 – worldfused.com (194.58.61.67) (Previous: 50.63.202.62)

Domain #10 – tvlgbt.com (194.58.58.123)

Domain #11 – truockhichet.com (194.58.58.106)

Adware Empire – IronSource and InstallCore

Adware Empire – IronSource and InstallCore

A recent Adware campaign using malicious Bing ads led me to a Chrome download that eventually deployed Adware to the user’s computer. The IPs and types of Adware connected back to IronSource Ltd., Babylon Software Ltd., and InstallCore – all Israeli companies that have connections to Adware. See here, and here.

(Note: This was reported heavily by the media ZDNetOn MSFTInquirer, and Alphr in recent days. My discovery of the malicious ads was independent of any other source. My list of 3,500 IronSource Hostnames is exclusive, as is all of the IP research behind the Adware).

At this time, there appears to be a publisher that’s steering users to a network of sites that deliver a payload of Adware. Please note that I have made only tangential connections between said publisher and the aforementioned companies. Various IP addresses and analysis of the Adware point to IronSource as the controlling entity of the servers that the Adware is communicating with after it’s delivered. That’s not to say that IronSource is necessarily aware that a publisher (pay-per-install) is redirecting visitors to sites that impersonate Google Chrome.

The process began by searching Bing.com for “Download Chrome.” The ad at the top of the returned page below looks like a legitimate Chrome advertisement and has an “Ad” marker clearly visible, but it’s poisoned because it leads to a false Google Chrome domain.

Notice how the ad below says “Chrome is a fast,secure” browser. No, I didn’t make a typo – there is a missing space before the word “secure”!

 

The fake chrome website googleonline2018.com is presented to the user when they click the ad above.

 

 

Clicking ‘Download Chrome‘ leads the user to a URL:

files.drivedowns.com/direct/?cod=24620&name=GoogleChrome
🍪
302 Redirect
Which leads to another URL with the payload:
www.tasetofeni.com/y94jg5t/ChromeSetup.exe 
SHA1:a61c027efb9c0ea3448ef584302c987af508a07d8347c20e8f373d847034ba7c

^^ File above on VirusTotal (1/70) is only detected by BitDefender. Here’s the JoeSandBox Malware Analysis. Malware type delivered is DealAgent, which is considered as Adware.

We discovered a number of different Adware families being delivered from the hosts this file communicated with including Amonetize, BitVote Miner, Babylon Toolbar, InstallCore, Strictor, DealPly, InstallMiez (MacOS), OpenCandy, Optimizer Pro, SProtector, Crepreote, Advanced Mac Cleaner, Vittalia, OpinionSpy, Spynion, and Adware going by many other names across all of the IPs involved. There was also a prevalence of macOS unwanted programs and Adware communicating to these hosts, similar to a Command & Control infrastructure in malware. (JoeSandBox Malware Analysis)

A video below shows the full sequence of events:

A video below shows the full sequence of events:

We’ve compiled a video of the event and screenshots to walk through the process of encountering the Adware. In our video, the Antivirus Bitdefender blocks the attack, and it was the only one out of 70 other engines that detected it on VirusTotal. See JoeSandBox full analysis.

Deeper Investigation

***Update #1. Check out this list of 3,500 IronSource hostnames still active!

***Update #2. Related IP address in a block owned by IronSource199.58.87.151. It contains interesting files that appear to be payloads for the Adware applications. Curiously, a few are named KAVcompatibilityCheck.cis and Symantec_Norton_IronSourcev5.cis. Here’s a zip of the files I downloaded from the URLs in VirusTotal. Can you analyze these?

Below, I will investigate three domains. One belongs to the publisher, and the other two appear to funnel traffic using a referrer ID to a payload domain with round-robin DNS. Several of the IPs it resolves to belong to IronSource, based on WHOIS Records. Others are unidentified, but given the identical file structure and activity, I’d say there’s a great chance they’re all connected. As you scroll down, you’ll find a piece of evidence. I encourage you to continue researching them and connecting the dots. Let me know what you find…

Domain #1: googleonline.com

The landing page googleonline2018.com is a 116-day-old domain, registered by [email protected] at an IP address 149.28.73.46 that reportedly belongs to Vultr Holdings, LLC.

Example of the site googleonline2018.com:

A number of other domains are registered to this user with the word “Chrome” or “Google” in them.

There are two other domains that stand out like the atracksys.com (1st domain name on list above). They don’t seem to fit the profile of the fake Chrome sites. They are inccweb.com and necisoft.com, listed below from 3 to 4 years ago.

Information on registrar:

Blog @ 163.com no logins since 2007 – http://richard86811.blog.163.com/

Pastebin link https://pastebin.com/sai42Sdw has “456223”, “richard86811”, “868118918”, and “[email protected]”. These are held in a DB dump (of some kind) that reveals another email associated with the Gmail used to register these domains. The number 86 is the country code for China, and 86-811-8918 could potentially be a partial phone number.

Names associated with domains: Jiaqiang Li (Jiangmen & Guangdong, China) and Chen Weilong (Guangdong, China).

Domain #2: drivedowns.com

This domain is the initial redirector after you click Download Chrome. It’s a 20-day-old domain currently being protected by Cloudflare. It’s not uncommon to see malicious sites behind Cloudflare. I’ve made dozens of attempts to report abuse to this vendor, only to be rebuffed and told that “Our service is a pass-thru and we do not control the content of our customers.”

The VirusTotal results show not only that this domain is rated as malware by Fortinet, PREBYTES, and Scumware.org, but that others on the same IP appear to be backdoor PHP files and other malicious-looking, randomized-type domains. These details are unrelated to this campaign, but it goes to show you that it can both protect the good guys and obfuscate the real location of the bad guys.

Domain #3: tasetofeni.com

This domain is 101-days-old and has been using rotating Amazon IPs since at least 10/08/2018, based on passive DNS. This is not surprising, as we see plenty of hacked AWS accounts and/or fraudulent ones where attackers are controlling domains with no legitimate front page.

Other files with different packing are showing various levels of detection with AV Agents.

Malware ChromeSetup.exe is detected as InstallCore or a basic dropper/trojan.

Click for JoeSandBox Analysis of these files and domain goes into depth:

Domain #4: reholessbegise.com (dev, img, remote)

The ChromeSetup.exe dropped file communicates with a couple of subdomains on reholessbegise.com, a 35-day-old domain using AWS DNS. There is a connection with this domain and IPs owned by IronSource at LeaseWeb. Also, many of the IPs that resolve have the Babylon Toolbar, a piece of software made by Babylon Software Ltd. in Israel.

img.reholessbegise.com is a domain that many images are pulled from for the ChromeSetup.exe file and there’s no shortage of IPs behind it.

We resolved them with Whatsmydns globally to find a round-robin of addresses:

IPs: [199.58.87.155 (Active) 199.58.87.110 (Old), 199.58.87.151 (Old) ] (IronSource Israel via LeaseWeb)

Note how IronSource’s IP range has plenty of misleading or downright fake file names. These aren’t files that are ‘communicating’ but ones that have been pulled down from these hosts.

Check out this list of 3,500 IronSource Domains most are still active!

Note ‘InstallCore.com’ is hosted off of this IP owned by IronSource. Here’s a discussion between two hackers on a forum below about doing Adware installs for them linking the companies together. InstallCore is an ‘IronSource’ service.

LeaseWeb identifies the customer in WHOIS records:

 

dev.reholessbegise.com is a domain we can see ChromeSetup.exe talks to this domain often as confirmed in the sandbox analysis

Note that each IP has a Virustotal link to see it’s activity:

IP: [54.201.95.158, 35.167.192.77] –  (Amazon AWS)

IP: [185.59.222.146] (CDN77.com/Netherlands)

IP: [46.166.187.59] [85.159.237.103] (NForce Entertainment B.V.)

IP: [95.211.184.67] – (Leaseweb)

IPs: [146.185.27.45, 146.185.27.53, 209.95.37.242] (Midphase

IP: [192.96.201.161] (CommPeak.com via LeaseWeb)

The ChromeSetup.exe file talks heavily to these hosts and grabs not only images but suspicious files. See the JoeSandBox analysis for all communications.

Oct 26, 2018 6129 OUT HEAD /ofr/Solululadul/osutils.cis HTTP/1.1
Accept: */*
Host: remote.reholessbegise.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Length: 0
Connection: Keep-Alive
Cache-Control: no-cache

(SHA256: 168656b0a807e5fa2c016d637c0c02d83753919ac5a8f493895e9dddce1a916c)

Still working on this investigation…. Have any tips? Drop me a line in my contact form.

Net Neutrality – The Spirit Lives On

Net Neutrality – The Spirit Lives On

No Comments

What if one day your Netflix suddenly stopped streaming and displayed an error message to call your Internet Service Provider for assistance? You place the call, and the provider advises that you’re currently not subscribed to the 3rd party streaming plan to access this type of content. Come to find out; the provider is now charging a fee for access to streaming content outside of its network. You’ll have to purchase a package to access Netflix or be forced to access the providers own video streaming service which comes at an additional cost. Net Neutrality rules are protections created in the spirit of a “need to ensure the openness of the Internet, preserving users’ free and nondiscriminatory access to content, applications or services available on the Internet.” (Bello & Jung, 2015).

The scenario with Netflix is but a glimpse into the reality of a world painted by those who oppose removing the protections. If a provider does make a user pay for specific services like gaming, video streaming, or establishing a remote connection to your office, it’s considered offering a “tiered service,” which differs from the unlimited subscription model of internet services today. Research suggests that repealing Net Neutrality regulations can be bad for consumers because they harm innovation and competition between providers, but also that repealing these laws allows for consumer internet traffic to be analyzed, manipulated to block content, and throttled to decrease the performance of the transmission speeds. The potential impacts to the consumer are interruptions to streaming, lower quality video, and possibly an inability to access certain types of services by requiring additional subscription fees, and some other scenarios that we’ve yet to imagine. ISPs may not be able to experiment with business models or innovate with new services in the market.

At the heart of the Net Neutrality debate is the concern that providers will be able to analyze, manipulate, throttle, or even block access to specific content on the internet. The term open internet comes to mind when thinking about the origins of the internet – an entity born free and not intended to be commercial in origin. The internet has evolved from a platform that was facilitating communication between universities, to the birth of e-commerce websites – and now services like cloud, the blockchain, or online distance learning leverage it to deliver content to every edge of the earth. It’s become a utility for all kinds of devices as well, for example, cars, refrigerators, water bottles, luggage, and even a surfboard. The possibilities are somewhat endless when you view things through the lens of the Open Internet versus the Restricted Internet. Consumers are increasingly adopting lifestyles that revolve around these services, which necessitates a discussion about the legal rights of ISPs to control information.

It’s entirely possible that ISPs will make changes that are “self-serving, and profit-maximizing goals when enhancing or degrading content carriage.” (Frieden, 2018). The service you have doesn’t currently come with the ‘package’ you have for internet access to these types of applications. What about employees who telecommute using a VPN connection to the office? Would ISPs be able to charge a premium for this kind of access, knowing that it’s for a commercial purpose? The short answer is yes; they’re able to categorize and sell products in any way that they’d like. It’s believed that “The Internet’s openness” should be understood as a guiding principle that transcends each of the layers/tiers and extends throughout the digital ecosystem, and that each of the stakeholders of this ecosystem is essential to its development. (CIGI, 2015).”. Keeping the spirit of the internet as an open place by integrating protections for consumers is essential to the discussion, and actions by the FCC. It’s proponents want to see these core values preserved and more transparency with how providers manage network traffic.

You might be asking yourself, is all of this for nothing? What is the real threat here, and are ISPs planning, or doing this kind of thing today? After all, if they have never done this before, then Net Neutrality could potentially be a solution in search of a problem. Is there any history, or even potential for abuse by these providers? The answer is yes, and one situation where a violation of Net Neutrality occurred when an organization called Public Knowledge complained to the FCC that the number two provider of internet Comcast was throttling BitTorrent Traffic. Comcast was working with a vendor who was Sandvine, a company that sells ‘Active Network Intelligence,’ a service which can give ISPs better visibility into exactly what kind of traffic is on the network. In a statement, the company explained that “Sandvine determined that the use of several Peer-to-Peer protocols was regularly generating disproportionate burdens on the network, primarily on the upstream portion of the network, causing congestion that was affecting other users on the network.” (Comcast, 2008). Based on this research, Comcast had reportedly achieved wide-scale deployment of a blocking platform in 2007 until the FCC ruled that the “The selective blocking of file-sharing traffic interfered with users’ rights to access the internet and to use applications of their choice.”. Although Comcast had a plausible explanation, it still violated the Net Neutrality rules because it interfered with the normal transmission of information. Comcast positioned itself to analyze, and interrupt certain types of legitimate communications without any transparency to its users. Notification of these practices had not been sent to its subscribers, effectively restricting any users of the BitTorrent file-sharing method that was used at one time by NASA to accelerate the distribution of satellite data. BitTorrent is not a completely illegitimate protocol, and even if it was the issue remains that customers were unaware of these activities. Based on this occurrence of the violation, it is entirely possible that ISPs could begin blocking traffic without the transparency provided by these regulations.

A key argument from opponents of repealing Net Neutrality rules is that it negatively impacts the innovation and competition between providers. The FCC commissioner stated that “…the regulations made things worse by limiting investment in high-speed networks and slowing broadband deployment. Under Title II, broadband network investment dropped more than 5.6% — the first time a decline has happened outside of a recession.” And went on to say that “Removing these outdated and unnecessary regulations will create a strong incentive for companies to pour resources into building better online infrastructure across the country and bringing faster, better, and cheaper Internet access to more Americans.” (FCC, 2018).

The stated intention of the government is that repealing these rules will aid in expansion in rural and hard-to-service areas, as well as higher average speeds throughout the US. They also wanted to allow ISPs to experiment with different business models, such as giving priority to medical applications, or self-driving cars. ISPs may experiment with security, home automation, and services like artificial intelligence that can help improve the quality of your experience in a meaningful way. There are limitless possibilities for how companies could innovate these products. Mainly, the concern is that small players in the market and start-ups wouldn’t be able to create unique services to compete with larger companies. In fact, the FCC found that “Title II regulations are bad for competition. They disproportionately burden the small Internet service providers and new entrants that are best positioned to introduce more competition into the broadband marketplace.” (FCC, 2017) And also that “Restoring Internet freedom will lead to greater investment in building and expanding broadband networks in rural and low-income areas as well as additional competition—leading to better, faster, cheaper Internet access for all Americans, including those on the wrong side of the digital divide.”. Based on these statements, it would appear that repealing could promote innovation among ISPs.

The Net Neutrality rules came under attack in January 2017, when president Donald Trump appointed Ajit Pai, an FCC commissioner who had previously voted against Title II reclassification of the internet, as the new head of the FCC. Net Neutrality was finally repealed on June 11th of 2018 and is no longer in effect after nearly 20 years of having classified internet services under the protection of telecommunication laws.

As of June 20th, 2018 thirty-six states have proposed or passed a resolution, bill, or executive order to preserve Net Neutrality since the new rules were adopted. Six states, Hawaii, Montana, New Jersey, New York, Rhode Island, and Vermont, have addressed this change by issuing Executive Orders requiring companies wishing to contract with the State to confirm that they will meet the 2017 net neutrality requirements. Thirty states have proposed legislation reinstating the net neutrality rules or requiring state contractors to abide by them. Ten additional states initiated Resolutions supporting Net Neutrality principles (NRRI, 2018)

Current day, there is a clause in which internet service providers or ISPs, have to disclose information about under circumstances they block or slow traffic and to disclose if and when they offer paid-priority services. The FCC has preserved the ‘transparency’ rules that had many concerned about the power over that ISPs could potentially hold over these communications. This development mitigates the risk that providers would continue to engage in activities such as blocking or throttling connections as Comcast did with BitTorrent, and not tell it’s customers. The current ruling is a win for consumers, who are only seeking a basic set of guidelines or principals to regulate the behavior of providers. It doesn’t have to be called Net Neutrality, but it does have to have increased transparency and still allow ISPs to grow and innovate in the markets in which they operate. We can’t let it be used in an anti-competitive, fraudulent, or discriminatorily to harm consumers in a way that diminishes the right to equal internet access abilities for all who seek it.

California net neutrality bill easily passes Assembly

Internet groups urge U.S. court to reinstate ‘net neutrality’ rules

Net Neutrality Repeal Enables Abuse By Carriers, Groups Tell Court

Ajit Pai killed net neutrality but still wants you to love the FCC

(Note: I’m actively updating this small paper I wrote for a class on Net Neutrality for a novice audience)

References:

Bello, P., & Jung, J. (2015). Net Neutrality: Reflections on the Current Debate. GLOBAL COMMISSION ON INTERNET GOVERNANCE

CIGI. (2015). Net Neutrality: Reflections on the Current Debate https://www.cigionline.org/sites/default/files/no13_web.pdf

Corporation Corporation. (2008, September). COMCAST CORPORATION DESCRIPTION OF CURRENT NETWORK MANAGEMENT PRACTICES. Retrieved from http://downloads.comcast.net/docs/Attachment_A_Current_Practices.pdf

FCC. (2018, May 22). Releases Restoring Internet Freedom Order. Retrieved from https://www.fcc.gov/document/fcc-releases-restoring-internet-freedom-order

FCC. (2017). Myth Vs. Fact. Retrieved from https://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db1128/DOC-347961A1.pdf

Frieden, R. r. (2018). Freedom to Discriminate: Assessing the Lawfulness and Utility of Biased Broadband Networks. Vanderbilt Journal Of Entertainment & Technology Law, 20(3), 655-708.

NRRI. (2018). Net Neutrality State Actions Tracker. Retrieved from http://nrri.org/net-neutrality-tracker/

Skype – Why can’t it all be so simple

Skype – Why can’t it all be so simple

Skype now has four versions of its software – purely for your confusion and inconvenience. Most recently, Microsoft was on its way to canceling Skype v7.0, with a deadline of Sept 1st until an uproar from internet users not-so-quietly rolled that back. The new version of Skype that Microsoft is pushing now is called v8.0. There are issues users have brought up about its design and overall feel. One ‘idea’ on the Skype Voice site reads “Make Skype 8 look EXACTLY like Skype 7 Classic.” In its own forum, Microsoft stated that “Based on customer feedback, we are extending support for Skype 7 (Skype Classic) for some time. Our customers can continue to use Skype Classic until then. ”

Skype Release Notes is not being updated frequently by Microsoft. We’re seeing new versions, and 1 to 2 weeks later, there are still no details on what’s changed.

Skype FAQ and Known Issues has limited information on actual issues we’ve seen with the software. It would be nice to have a closed loop, with the Release Notes showing when things are fixed.

Here’s a quick rundown on versions of Skype:

Skype for Business – Used for SMB/Enterprises, typically via Office365, but can be hosted privately on Rackspace, etc.

Skype for Windows 10 v11 – Windows 10 app that runs off of the Microsoft Store. This version is part of a program called Universal Windows Platform, or UWP, which means it works identically across Windows 10 platforms like PC, tablet, phone, and holographic devices. At this time, it’s not clear if it is missing any features when compared to the new Skype Desktop, but it does seem to be a very basic touch-type app in Windows.

Skype Classic v7.0 – An apparent all-time favorite of Windows users, and they don’t want it to go away. It’s the “same old” same Skype and seems to be working perfectly. I’ve run into errors installing it on Windows 10 at times, which were probably due to a major update that MS still hadn’t put in their fixes to make it work.

Skype for Desktop v8.0 – Newest version of Skype that brings Free HD Video, @mentions, group calls with 24 users, and will soon have privacy features like off-the-record audio chats. The biggest value-add here is in those features, which are combined with a modern interface and, of course, the promise of future development.

There’s also: Skype for Web, Skype Meetings, Skype for Mac, Skype For Linux, Skype for Android, and Skype for iOS, if you feel like you don’t have enough Skype in your life.

Issues:

I’ll make a list of known issues and fixes as I test the software. Please see below for some of the common deployment and usage-type problems I’ve found in Skype, especially on the new v8.0.

  • Skype v8.0 – attempts to launch SkypeSetup.exe out of the user profile when the user has no admin permissions. The user can NOT open Skype – even when they hit No, the program keeps trying to trigger this download file. This happens every time Skype releases an update, and it will effectively lock the user out until the admin credentials are provided.

Adding these lines to the hosts file seemed to help block this version of Skype from trying to auto-upgrade:

127.0.0.1 get.skype.com
127.0.0.1 livegeteastus.cloudapp.net 
127.0.0.1 liveget.trafficmanager.net

Delete or block the SkypeSetup file:

del "%APPDATA%\Microsoft\Skype For Desktop\SkypeSetup.exe" /f
  • Skype v8.0 – does not remove Skype Classic from a machine when you push it out. In my testing, I was able to remove Skype v7 first and then push Skype v8. It migrated my profile to the new version. If I pushed Skype v8 on top of v7, it would launch both on start-up. Simply removing v7 didn’t fix it – I had to push v8 again after the removal. Here’s my recommendation:
wmic /node:'LOCALHOST' /interactive:off product where "name LIKE 'Skype% 7.%'" call uninstall

Skype-8.27.0.85.exe /silent
  • Skype for Business – Installs with the Business version of Office365 and will NOT let you remove it from the computer. Go ahead try it… use a customized install XML and it won’t honor the request to keep Lync off the machine. Even if it does remove Lync, the app will automatically reinstall during an online repair of Office.

Remove from start-up:

reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ /v Lync /f
  • Skype For Business– 2nd issue with Skype For Business is easily connecting to regular Skype users. Microsoft requires them to associate with a Live.com email before this can happen. You can’t find them, and they can’t find you until that has been done. In my testing, I could not add my personal Skype account to a test instance running for Business without the Microsoft email association.
  • Skype v11 for Windows 10 – This version of Skype can cause confusion and issues with compatibility when it comes to the new features offered by Skype Desktop v8.

Remove it using Powershell:

Set-ExecutionPolicy -Scope LocalMachine Restricted
Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage