Thursday, September 3, 2015


Just a few weeks ago I was reading an article at the Washington Post about people using ad-blockers and how awful they are.  It has even turned out that Microsoft bad-mouths all blocking hosts files that I and others provide.  All we do is block ads they say.  OH?  Microsoft started with Windows 7 to remove any hosts file entry that has a or at that time and continue the practice now with Windows 8 and Windows 10.  With Windows 7 the work around was to install another AV package that leaves that alone.  What is surprising to me is that Microsoft bad-mouths Mike Burgess of MVPHosts and Steven Burn of hpHosts (  But several years back Microsoft gave both of them MVP status.  Then the other day DuckDuckGo complained about me having an ad-blocker.  Well DuckDuckGo, that is backed up by both my blocking hosts file and my PAC filter.  But I even have a rule for you in my PAC filter:

DuckDuckGo rule in my PAC filter
(earch for DuckDuckGo, and I did turn off ABP for what they block with you)

Well, I don't target ad-servers per say.  But I do target trackers.  But everything is moot - nobody but me uses my stuff anyway.  We will stay at the big safe sites is what most people say.  Oh really?  Then here is something you should read, an article on Malvertisement from el Register thanks to the Security Space Newsletter that pointed to one of their article.  That article had a link to this one:

El Register Malvertisement Article

Those kind of ads are the ones I am looking at to block.  I block DNSWCD (DNS WildCard Domain) named LinkBucks that the ad blocking plugins don't block in my PAC filter. It works on Windows 7 only with a majestic fight by very knowledgeable Windows people.  There again we have that Microsoft we will fight you mentality.  Another way of saying it is either our way or the highway.  I do volunteer work less frequently now at Phishtank.  But even on Linux which is totatally immune to all Windows binary malware (protecting your user browser data files is your main problem on Linux desktops and laptops vis-a-vis malware) you need some sort of protection.  They can trap the browser with JavaScript.  I cannot use NoScript or something similar.  But the PAC filter still blocks some phishing attempts so I need some sort of protection not from the malware but exploits that lock the browser, etcetera. I take the vanilla dbgproxy_fr (remember I am on Linux) and add the few extra rules that I am testing and then do this:

# grep -v Phish dbgproxy_fr > phistankproxy_fr
# vimi /var/tmp/PhishTank.txt phishtankproxy_fr

I need to add mostly GoodDomains rules but I comment out some other rules and activate additional protection against rar and zip files which have mostly Windows malware but I do get a tiny amount for Android.  Then I set my browser to use the phishtankproxy_fr PAC filter and away I go on Firefox 20. Believe it or not, Firefox 20 on Linux is much safer than the latest and greatest Firefox on Windows except for one MITM (Man In The Middle) https attack.  But one of the BadDomains rules that is usually active is LinkBucks.  It is not an ad-server.  I classify what they do as a tracker with a twist - they also redirect.  So they get Web-Bug status.  But one phisher was using them with his/her phish!  Evidently the phisher wanted to find out which of the phish patterns were working best.  I have had redirects to malware with this tracking service.  But blocking them can lead me to an erroneous conclusion that a URL that is safe is anything but safe.  Ergo, that rule is commented out in the phishtankproxy_fr file.  I also had to shift from OpenDNS DNS servers to Google DNS servers because I kept getting this is a phish now that I have IPv6 as well as IPv4.  I need to know the answer to "is it really a phish?", not protection from it.

So companies stop complaining and look at those ads you are pumping out which I can stop with the in your face ABP (AdBlock Plus) or the stealth PAC filter and blocking hosts files.  You are frequently pumping out malware with your ads and the FBI and NSA are too busy also tracking us to kingdom come to do anything about it.

Saturday, May 2, 2015


Hillary Clinton Just Keeps On Going

I knew I had to get this out given what Hillary Clinton has said in terms of both Edward Snowden and her promise to give the government agencies and most especially the FBI the tools to decipher enciphered material including PK (public key) enciphered data.

Before I get started I must say that the gushing articles on both the Washington Post and the Guardian about Hillary Clinton made me mighty suspicious.  I wouldn't be surprised that they and MSNBC or what ever TV news channel the Democrats watched didn't have all the news people at those organizations hypnotized by the Psychiatrists at these various organizations.  How do they do it?  Over the phone.  How can you tell they are doing it?  Well, if you have a dB meter on the phone and it registers volume that a non-listener can see but the listener doesn't hear anything then you are very likely to be hypnotized.  It is one of the most potent weapons the FBI has.

Have I heard Hillary Clinton backtracking on this issue? Chug, chug, chug, chug, Chug, chug, chug, chug, Chug, chug, chug, chug, ...  I tell you she is like the energizer bunny.  She just keeps going and going and she never stops.

Other Representatives Disagree

I read this surprise article in the Washington Post on a legislative hearing on encryption:

Encryption Back-Doors

I don't know whether I would use the term that the back doors are technologically stupid.  I would say it is more like the idea that the encryption back-doors are either technologically dubious or technologically impossible.  That is because I write from the viewpoint of an advanced encryption user who has vetted GnuPG's code several times and came to it from a mathematical background.  Right off hand I don't think you can do it.  I saw them going this way once before with the Clipper chip in the 1990s.  Here is a good central point on what it was:

Escrowed Encryption

What they don't say on that page is that somebody was able to hack the Clipper system.  That is why it is not with us today.  Ergo, maybe the statement that back doors are technologically stupid is more appropriate after all.  What they probably are saying is that what you keep telling us we are going to do is impossible so why do you keep saying it?  By the way, Representative Ted Lieu, have you considered a run to become President of the United States?  The Democratic party needs somebody besides Hillary Clinton.  Don't even consider being Vice President.  I realize that if Hillary wins she will die in office with each of her years being like everybody else's four years in aging her.  But we need somebody to hit the ground running with the right idea on this and other issues.  The Republican party leaders have already de-facto announced that all elements of the draconian Patriot Act will be renewed as is.  Thankfully some of the Republicans have broke ranks on this issue.  They finally realized just how important protecting the fourth amendment to the US Constitution is.  We need somebody to think about that and many other things.  I am not in favor of the Patriot Act at all.  Hillary Clinton is in favor of it.  She is back-tracking fast on other issues important to Democrats now that Bernie Sanders is stealing some of her thunder.  Disclaimer: I have donated to Bernie Sanders campaign.  I think he is one of the few people that can turn this country around.  He cannot do it alone.  We need people in the United States to understand that the only rule that will work is to treat others the way you want to be treated (love your neighbor the same as yourself).

One of the commenters in the Washington Post article said something about what happens if you use OpenPGP security to send a message to multiple recipients.  I don't know what they were attempting to say but I know what happens.  First note that you are not prompted for your OpenPGP pass-phrase.  Why not?  Because you are enciphering it using the public side of everybody's key in the recipient list.  But you have a public key for each and every one of them!  So what happens?  The Enigmail plugin for Thunderbird and the equivalent thereof in Claws Mail and other clients makes a separate message for each and every one of the recipients.  Everybody gets their copy of the message and everybody else's copy as well, at least with Enigmail doing the sending.  Don't fret because that is following the standard.  So what if the intelligence community came along and specified that there should be only one message for all?  That is technologically impossible.  It is also technologically stupid.  So I agree with the congress Representatives after all.

A New Paradigm

But with the NSA hacking Gemalto by exploiting the people that work for them by using those people's Facebook and Twitter accounts it didn't take long before Symantec and others took notice of what was going on.  Symantec purchased PGP Corporation.  Why?  Their business is protecting companies and people from having their financial accounts and other things exposed.  They have provided me with a PDF file of a new way of doing things.  I have it here:

Perfect Forward Secrecy

What is the difference between that and what we have now?  They don't depend on permanent PK keys the way we are doing it now.  Instead they use randomly generated transient session keys.  It won't be something that is used with something like OpenPGP which will change to elliptic curve encryption in the future.  But these people are always thinking forward.  Now in this case I can agree with Representatives.  Thinking you can put a third key way of doing things into a session key really is stupid.  And on this we have more than the NSA to fear.  The Chinese, Russians, and other political powers will want to hack enciphered messages.  So will black-hat hackers who will want to do it for monetary gain.

Rest assured of at least two things.

First, much will change in the future.  Encryption has never been a static field.  It is constantly changing to meet new threats.

Second I don't buy those arguments that the people that are putting encryption into everything including even smart phones are aiding and abetting the commission of crimes.  Daniel F Conley and others are just going to have to learn how to do better police work.  You cannot tell me that enciphering of encryption means they are careful about everything.  The Germans using the enigma machine used outside / inside session keys for each message.  The outer session key was three characters long and was not enciphered using the enigma machine. It was sent in plain text  The inner session key of three letters lenght was enciphered using the outer session key plus message and daily settings  and should have been pretty hard to attack.  So what did they use with outside three first, then a dash, then the inside three keys?  LON-DON, MAD-RID, BER-LIN, and on and on.  The most interesting one was TOM-???  The Bletchley Park cryptanalysts finally came upon TOM-MIX. He was the American cowboy film actor during mostly the silent era.  Why did they do it this way?  "We will use these session keys because they are easy."  That is what the German enciphering teams thought would be good enough.  Why?  They were convinced that the Enigma made them completely invulnerable.  It didn't and neither will enciphering the message today unless you do things carefully.  My OpenPGP pass-phrase is so convoluted it depends on my muscle memory to type it.  If I am too tired I have to rest before I can use my OpenPGP keys.

We still have human rights workers whose very lives depend upon the encryption we provide today.  How far will the FBI go in their lies?  I have had I don't know how many people that supposedly live at my apartment.  I have even had the local police at my apartment claiming that an individual by a given name (why don't they ever show me the written name?) lived at my apartment.  When I asked who gave them the name one of the officers either lied through his teeth or the name given was given to them by the FBI because they said they had it on highest authority that person lived at my apartment.  I showed them around and they must have realized they had a red herring.  Yet again less than a month ago a private investigator came calling with yet another name.  Do these police officers or the FBI ever do anything but lie?  They are awfully sloppy in the data that they collect and they don't do a very good job analyzing it.  I suggest they do much better analysis of data and eliminate spurious garbage.  Adding more data with data harvested from the Internet will do nothing but make it ever harder to do the analysis

On the weakness introduced by the intelligence community we have one more.  I believe I discovered the FREAK problem.  If I didn't here is a good report on it from Symantec:

Symantec FREAK Vulnerability Report

To that you can add the new LogJam MITM (Man In The Middle) attack that exploits the Diffie-Hellman encryption.

Cookie-Safe Lite Block List 

On this one went through a lot of gyrations with Ubuntu 10.04 (the last gasp of the Gnome 2 GUI).  Carefully preserving what I  had I tried both Firefox 37 and Firefox 38.  Cookie-Safe no longer works.  I was able to import Cookie-Safe Lite and it worked with the cookie block list that I provide:

Microsoft Cookie-Safe Lite Package
Unix Cookie-Safe Lite Package
Cookie-Safe Lite block list (active)
Cookie-Safe Lite block list (visual)

If you have problems here is the downloads folder which isn't linked to in and of itself:

SecureMecca Downloads folder

You will need to install 7-Zip or have some zip program that can handle that zip format.  But it is tested and it works so it is good to go.  Unfortunately for me on Linux with the old version of flash, it crashes every time I encounter flash media that is too new.  That is because Adobe froze Flash for Linux at version 11.  I suppose Mozilla could have embedded it in the browser ala like Chome did.  On that point I did download the new version of Chrome and tried to install it:

# dpkg --install  google-chrome-stable_current_i386.deb
# blah, blah, blah
dpkg-deb: file `google-chrome-stable_current_i386.deb' contains ununderstood data member data.tar.xz     , giving up

I didn't have xz-utils installed so I installed them:

# apt-get install xz-utils

They installed successfully.  I was able to tar my hosts file build folder (Hosts, and everything on 'nix is case sensitive).  Then I compressed the tar file with xz.  Here are some of the results of the various compression routines:

1078068   Hosts.tar.xz
1119844   Hosts.7z
2090641   Hosts.tbz
2343760   Hosts.tar.gz

So xz-utils is worth it when you have spongy files (lots of white space).  I can do this with the Hosts.tar.xz file so tar does understand it:

tar -xf  Hosts.tar.xz

I guess dpkg on my older system doesn't understand it so one of these days I will have to upgrade to kubuntu.  For now I just did the same thing that I did with Firefox 38 that I did  to Firefox 37 (being sure to close the browser first with the Exit):

cd ; umask 077 # this my default but for others I shift to 022
mv .mozilla mozilla.ff37
pak mozilla.ff37

Then I just copied my backup of my Firefox 20 mozilla user folder in place, unzipped it, took the extra PATH to /usr/local/lib/firefox out of my profile (actually dot profile) which was added to the start of the path and logged out and then logged back in.  Oh, what I made to backup up my user Firefox and Opera user folders:

You will have to alter the variables for your particular setup and choose your zip routine.  Just be aware that for something that is not squishy like my Quarantine folder that contains the zips of the PDF and inary files there is almost NO difference between gzip, 7-Zip, bzip2, or xz.  This is where I keep the malware that I ship off to the malware companies.  It makes you wonder what Google is up to by shifting to xz.  Since at least the Linux executables, gif and other image files, and binary files don't benefit by any particular zip routine.  In other words, if it isn't broke, don't fix it!

I am having the same problem with somebody who wants to make all kinds of changes to my PAC filtes.  He doesn't understand that all the people using it are on Linux.  They have that pull folder I provide that compares (diffs) what I had with what I have now and alter their files accordingly.  Ergo me making a huge amount of changes is unwarranted since it will leave them bamboozled.  He is of course free to modify it to his hearts content and distribute the changed file.  He is going to be in for a rude shock on the differences of REGEXP in JavaScript compared to say PERL.  Can he release the changed version?  Certainly!  He just needs to folllow the requirements of the least restrictive GPL license that I could find.

Monday, March 16, 2015



Imagine my surprise the other day on reading that Hillary Clinton had some views on encryption and that the Washinton Post published an article on it.  Here it is:

The positions she takes are similar to what Republicans have and make me wonder if she has any where near enough knowledge and skill to say anything at all about the subject.  I disagree with her about Edward Snowden since I appreciate what he reveals.  I would disagree with Edward Snowden on certain things like complaining about Amazon not using https (PK enciphered) full time when they have an even bigger glaring hole in storing your credit card number without your consent.  What is there to prevent a hacker from stealing it.  Just a year or so ago, every time I ordered something from Amazon the email account associated with it all of sudden would receive a large amount of spam.  But somebody with the pen name LeisureGuy summed up what Hillary Clinton believes about encryption with this statement:

"It's pretty simple in concept: the encryption used must be able to detect the character of the person(s) trying to break the encryption. If they are "good", then the encryption allows them to break the encryption and read the contents; if they are "bad", then the encryption refuses to break.

That's what Clinton wants, and like many who are wealthy and powerful, she cannot understand why, if she wants something very much, it could possibly be something not available. The Dunning-Kruger effect also applies, I imagine: she knows so little of the technical aspects of encryption and cybersecurity that she doesn't understand the depth of her ignorance, so she trusts her "gut feeling" that whatever she *really* wants must be possible."

Dunning Kruger Effect (Wikipedia)

It wasn't just her that had that deep of ignorance.  Others had it too.  So let me look at two recent (within less than a month) things that may change her ideas on encryption and soften her stance towards Edward Snowden.

FREAK Attack
The FREAK attack is because a too soft cipher was mandated to all companies by the NSA and other agencies of the United States government.  Here is a write up on it:

FREAK Attack (Washington Post)

You can test your browser side (there is also a server side to this) here:

Be sure to run the FREAK test named "FREAK Client Test Tool (clienttest.html).  Just remeber that  this weakness was introduced the same way that she purports should be done - a middle way.  My statement on that was that you make encryption as strong as possible and hope it doesn't break.  What happened here?  It broke.  It also shows that Snowden's PowerPoint presentations were correct.  The NSA could crack iPhones.

Gemalto Sim Ki Heist
Here are the first two good articles on this from FirstLook on this:

Gemalto Sim Ki Heist (Breaking In)
Gemalto Sim Ki Heist (In The Dark)

What baffles me is why Gemalto would say none of the Kis were stolen when we have proof from Edward Snowden and other sources that the NSA and GCHQ were actually exploiting cell phones.  We have Angela Merkel whose phone conversations were recorded among other things.  No matter what anybody says, something like this makes other people mad, especially when they are proceding on good faith and not doing anywhere near the same thing.  Okay I will sum up with some points.

Point 1:  There are a lot of people in the United States and other countries that are mad as hell that they are being spied upon.  I can already hear the excuse.  Oh, they are just looking at the metadata.  They throw everything away except for the terrorists that they are after.  Oh really?  Is that why the NSA contract analysts gave porn style pictures and videos to each other as gifts?  They are looking at a lot of text files and pictures solely in the pursuit of voyeurism.  That is strange metadata.  The sad thing is that this Democratic administration is coming dangerously close to doing what the Nazis did and there are many Republicans that will assist in reauthorzing both the metadata collection of phone records and the Patriot act wrongly believing that it will make them safer.  It will not make them safer and the Supreme Court of the United States stands by and favors stripping the American public of their constitutional rights.

Point 2.  You may think we are saying no to a middle way on encryption just based on our feelings.  I don't know about the others but I do know about me.  I have vetted the entire GnuPG code many times and cannot see a way of putting in what Hillary Clinton is requesting.  Others say you can but it would weaken the encryption to dangerous levels.  My observation after studying hackers for years is that if you can put it in that they will eventually learn how to exploit it.  Sometimes it is pure luck but it is always happening.  I still don't see how it is even remotely technically possible.  It is just the way that public-key encryption works.  In case you are wondering, yes, I have the book The Little Book Of BIG Primes by Paulo Ribenboim.  It used to cost $100.  It is a little bit more reasonable now but indicates we are not in Kansas any more.

Point 3:  In all of this most people probably think of enciphering to be the same as encryption and deciphering to be the same as decryption.  You usually just say that encryption involves one of the four activities: enciphering, deciphering, signing, and verifying.  About all I do with OpenPGP encryption is sign and hope that others use it to verify.  Here are two folders on my server where the signed files are at:

Hosts File Changes

Where you will know I am signing you will see for a file named something like "hosts.txt" there will also be a file named "hosts.txt.sig".  The file with a ".sig" on the end of it is called a detached signature file.  Using OpenPGP you test the file with the ".sig" on the end of it and it searches for the file without the ".sig" and uses Digest algorithms and their copy of your key (the public side) to verify that "sig" file which was created with your copy of the key (the secret side) says the base file really did come from you.  What do I do this for?  To make hackers lives more difficult if they try to change the base file.  If the hackers change even so much as just one little teensy bit in the file, the verify fails.  So far, so good.

But that same key that is used for signing and verifying is also used for enciphering and deciphering.  You use the secret side of your key to sign and to decipher.  You use the public side of the other person's key to verify and encipher.  But since it is all bound up and used together there is a possibiliry that if there is a middle way that the CIA, FBI, Federal Marshall's, GCHQ, or the NSA could get some sort of nasty file and sign it with my key.  But surely they wouldn't do that would they?  Do you want to make a bet on that one?  If I did the same thing to Gemalto and was caught I would probably go to jail for at least 40 years.  I am showing just the latest of these things they have done that may be illegal and are immoral.  Do I trust them.  NO!  And there is more to it than I am revealing.


This is a strange one.  Hillary sets up the domain for her email account.  Then a supposed security expert says that it is strange that he sees a construction page.  That is normal for most IWSPs (Internet Web Service Providers) for somebody that doesn't have a web presence yet.  Some IWSPs will even allow you to redirect to another existing web service from these parked host names:

Then I find out she has secured a mail service from

The AV Product
At first I thought that the AV package used was the only thing that McAfee recently purchased.  I thought that McAfee would integrate the heuristics of it into their McAfee-GW-Edition product.  That may have been done but then I learn that McAfee bought the whole company.  That could still be just for MxLogic's one AV product but only time will tell.  But it has never been at VirusTotal, now run by Google that allows you to contrast multiple AV packages to determine if something is safe.  Here is one of my email borne malware I have scheduled to rescan:

VirusTotal Malware Scan

It is much better now than it used to be.  When I got it only two AV packages detected it.  They were Ikarus and Kaspersky.  Here was the scan back then:

Original Malware Scan

But overall, for most email borne malware Sophos is one of the first that detects them.  Kaspersky is also good for email-borne malware as are a few others.  I really would not use what Hillary used if I had a Windows system.  I would want Sophos for the scanner on the email server.  But maybe all Hillary uses is her iPhone.  If so then maybe another AV product that scans for phish would be more appropriate.

What AV do the government email servers use?  I don't know but I can only assume it is much more robust than what she was using.  But they know that they have to defend Windows machines as well as iPhones.

The Anti-Spam Product
At first I thought Hillary had a lot of problems with spam with that number in her user name.  E.g. were there user names with different numbers in them that she abandoned as the spam took over and she created new user names to run away from the spam?  Only the government email people will know the answer to that one since any email received by others on the government email system will have any and all user names that she used.  I stopped looking into this the moment I saw all the problems people were having in getting email into an MXLogic email server.  I suspect you may even need to white-list everybody you want to allow in.  That is how bad some of the people commenting about it found it to be.  Suffice it to say that I think the spam protection is probably one of the better ones out there.  You just have to tune it to get email in and out.  Since the base product is Microsoft Exchange for the SMTP server I of course hate it.  After qmail's nice headers everything else except maybe postfix are sub-standard SMTP servers in my mind.

Who Has Emails?
This one is where it becomes really problematical.  If the government email system only backs up what is received then it will only backup what she sends to others that are on the government email servers.  But if they backup both what is received and sent then they will have copies of the email that is sent both from her and to her from another user that is using the government email system.  Either way, any emails sent to somebody else that is at a company in the United States that are compliant with the law should have backups.  But email sent to or received from another email system like hers or to a web-mail account will only have what those users keep.

This is more of a transparency issue than anything else.  The idea of saving the records goes back to the 1950s when the first rules were made about saving these government communications.  Only slight modifications were made to update the regulations. I don't know if they are binding laws or not.  I do feel that from this time on that except for extremely extenuating circumstances the government email systems should be used.  All classifed email should of course use a separate, much  more secure system.  One thing that disturbed me is that Hillary didn't have the certs to do the transmissions through her email server using TLS encryption for the first two months of having her email server.  If she sent classified information this way it is traveling in clear text!  That may be fine for her personal email communiques.  But it is not good enough for Secretary of State email messages whether the messages are classifed or not.  That is why I think this needs to shift over to the government email servers where security professionals handle things.  Anything done outside that channel for email needs to be rare or not at all for government email communications from this time forward.  But it should not be done with anything other than with TLS securing the transmission of the messages.  Additional enciphering will be needed for messages with classified material in them.

Update 2015-04-13.  I must add this information even though all of you know by now what has transpired.  Hillary Clinton's aides printed out what they thought people wanted, not realizing that most of the header is not preserved in that process.  But others asked that the whole file be preserved and delivered to them.  Was it?  No.  She had the mail server's disk drive erased.  Okay, let me show you what is in an email's header which usually only people like me see.  This one was created by qmail, the best SMTP engine.  Here it is:

Sample Email Header

Despite the folder name I no longer preserve their spam but only their malware.  This may be from another group other than PerniciousMalware (nee PeskySpammer).  The original group gave me nothing but boomerangs by using fake user names at my domain.  It took me the longest time to educate mail admins everywhere to not boomerang the messages since they didn't come from my or other people's domains but directly from a special purpose send-only SMTP server dropped onto a hacked machine running Microsoft Windows.  But I didn't see that until they made the stupid mistake of adding all their fake from addresses into their to lists.  When that happens you can see that in the email header.  Unlike Microsoft Exchange, qmail does something really nice.  They give you a line with the label X-Originating-IP. Its value for this message is  This is the actual WAN IP of the bot sending me the malware.  I no longer do anything with the spam other than delete.  All I keep is the messages with malware.  I have had three separate days where that has numbered over a thousand email messages each of which had malware attached.  Each of those days it has always boiled down to any where from five to just over a dozen different malware despite all the different names.  So what can I tell by looking at  Well, it is in Kiev Ukraine.  Not only that but it is in the UA-VOLIA-20080404 network belonging to Kyivski Telekomunikatsiyni Merezhi LLC.  More importantly vis-a-vis Hillary Clinton's situation the header preserves all of the dates.  By having the disk drive probably wiped at DoD specifications all of this information that was asked for is gone forever.  If Hillary Clinton was running this as a real business she would have violated the law since all people in the email business are bound by law to keep all emails for a specified time on the server and are supposed to have backups of it on other media that must be kept for much longer periods of time.  At least now you can see the data that is hidden from most of you in your emails.  I see it all the time.  I don't give the AV companies a print-out of the email.  I give them the entire email message saved AS-IS!  There may be other data in it besides the MIME encapsulated zip files that the AV companies need.  By preserviing all of it for them there are no loose ends.

Summing Up

Hillary Clinton is reminding me of the energizer bunny.  She has a fully charged battery and blasts into meeting after meeting without even taking a pause on what she is doing.  This is not a man versus woman thing either.  I know plenty of women who have high order rational thinking.  Two of them are Senators Boxer and Feinstein.  I hear they called her to say things are going horribly wrong.  I strongly suggest that Hillary call and talk to them and others in the days come.  Just remember these other people are very busy and have lots of demands on their time.  But she needs to give serious consideration that she is too old.  What she did with these two issues may show an age related problem.  All I know is that I see one person after another going into the presidency.  They go in bright eyed and bushy tailed.  They come out the tail end with gray hair, worry lines, and aged considerably.  I estimate they age everybody else's four years for each year in office.  That means they effectively age sixteen years for just one term of four years in office.  Ronald Reagan who was famous for doing as little as possible is maybe the only exception but even he aged a lot.  Aren't there any other Democrats that want the position of President of the United States?  I don't want to see Chris Christie in the oval office.  Isn't stopping all the traffic on a major bridge or Interstate an action that a Governor can be impeached for?  It should be.  I will check back for errors later but other than that I consider this post closed.  Post note, I did make some significant changes, most notably to show others just how bad new malware is at not being detected (2015-03-25).  You have a PDF file now to SEE just how bad it is.

Update 2015-04-13.  See the two paragraphs preceding Summing Up added on 2015-04-13. I use 24 hour UTC time (Zulu) for all my computer related activities.  All I can say is that if Hillary ran even a modestly sized business that by expunging all the data on her email server by erasing the hard disk drive with no backups, she just violated the law.  Evidently she believes there should be a separate standard for her and Edward Snowden.  If she cannot see the difference in intent she is blind.  As any good email admin will tell you, you need to make backups of all the email messages and keep them for a long time.  If you don't very bad things can happen to you.  I am afraid Hillary Clinton could never have counted on any Republicans switching sides.  After her actions that is now etched in granite.  Independents like me that advised my state's electoral votes be given to Obama were of course ignored in Utah.  But that isn't what disturbed me.  It was that the Democratic party didn't give us an inkling that somebody else other than Hillary was even considering running.    So I sat down and wrote a snail mail letter that will be sent to the Utah Democratic headquarters.  Basically I was concerned that they were being too quiet about other potential President hopefuls.  When I saw only 100 or so replies in the Guardian on the last announcement I knew she was toast.  The letter will be sent shortly but I discovered on Saturday (2015-04-11) that the Rhode Island governor was considering entering the race.  I encourage the Democratic party to never do this again.  By having nobody but one person the foregone conclusion is that is their only candidate.  It makes it look like the fix is in.  Next time even if they have just a few other people considering don't allow it to seem like there is just one candidate the party will have.  Will the way they did it kill them this time?  I don't know.  I know I go based on the best information at the time of the general election.  I wished I was actually voting for the President directly.  We needed to replace the electoral college system with a direct vote at least a hundred years ago.  It has stifled this country with two parties that for now at least, both parties want to kill Edward Snowden.  He is not a traitor nor is he my hero.  But I do thank him for exposing the corruption and law breaking of the NSA, CIA, FBI, and from the looks of it even now the Federal Marshall's office.  As usual, I hope to add nothing more to this blog entry.

Monday, December 15, 2014

Hosts file and PAC filter on Windows 7

New Way Of Handling Hosts File On Windows 7

Somebody wrote to me saying that my hosts file installer is no longer suitable for Windows Vista, 2008 Server, Windows 7 or if you are crazy enough to use it there - Windows 8.

This is absolutely correct.  The UnxUtils way of using my hosts file on a Windows system is only for Windows XP and for use with something like Homer to act as a pseudo HTTP server (phttpd).  The reason I don't provide anything else is because I depend on somebody else's program to handle incorporating my hosts file on Windows 7 systems now.

If you use Windows 7, use Alex Kowalski's hosts file maintainance program which I provide download space for.  Here is the Hosts file page which shows where the links are:

Hosts File Page

Down at the end you see these two links:

APK's 64/32 Host File Engine Program
APK's 64/32 Host File Engine Instructions

My hosts file is primarily used by Linux people.  They use dnsmasq, Marco Peereboom's adsuck program or similar.  I am the only one using my phttpd.  But all of these people expect the hosts to be remapped to  There is no on Linux like there is on Windows.  On Windows is normally used as an inter-process server.  On Linux and Unix they use a special file construct called pipes for processes to communicate with each other.

Will I remap the entries to something else other than  No.  I depend on Alex Kowalski's program to do that for me.  The reason I mention this is because somebody wrote to me about this 4chan comment on hosts files (which you will note has Alex Kowalski's comment - APK):

4Chan comment on hosts files

What is my statement on using 0 versus  I defer to Alex Kowalski on that issue since it is his APK 64/32 Hosts file engine that automatically does the conversion from to what ever he uses.  Frankly I am surprised somebody wrote to me about it.  You can NOT use my shell file to install a hosts file on anything newer than Windows XP anyway.  Even if you give the script a temporary over-ride you have lots of programs like wget, rm, etcetera, the script calls that do not have the over-ride.  In fact you can no longer install UnxUtils on anything from Windows Vista on.  IOW, attempting to use my script file on Windows 7 will fail.  Even if you can seem to get it to work (I couldn't) use APK's Host File Engine Program instead.  His program does much more than just install a hosts file.  I will say you must use some other AV program on Windows 7 than the one provided by Microsoft with a hosts file.  The AV program supplied by Microsoft will remove every entry in a hosts file.  You must use another AV program to prevent Microsoft's AV program from removing hosts file entries.

New Way Of Handling PAC On Windows


Actually the only people I know using the PAC filter are all on Linux.  Most of the other people that look at my PAC filter don't actually use it.  They just look at my rules and stuff what they want into their company's proxy server.  That is fine with me because I used the most liberal GPL licensing enabling them to do that.

Here the special instructions for putting the PAC filter on Windows 7.  You don't put it on there the same way you do it on XP.  You should change it put all of the PAC filter files which can be used for Firefox in your account in an etc folder.  You also need an extra special folder for Internet Settings and it is mandatory for the Chrome browser.  For example for a user named hhhobbit and assuming your system drive is C: you will have these folders (substitute your user name for mine and it should be just alphabetic or alphanumeric characters):


You put all of the files you think you will need into the etc folder.  I have already tested changing the PAC filters altered so that blackhole goes to and that does not work!  I have not done this part yet but will do it later on today (2015-08-01).

You put one and only one of the files proxy_en.txt or proxy_fr.txt into the OneFile folder.  This is because when you use Internet Settings, the Chrome browser parses every darn file in the folder.  So only one PAC filter file should be in that OneFile folder.  You would need to install Homer in roughly the same area, e.g.:


I found out the hard way that FunkyToad croaked.  So I have revamped the file in such a way that it already has the allclear.gif file in it and that unzipping the file when it is plopped into C:\Users\hhhobbit\ folder you get the Homer folder automatically.  None of this mess files all over the place.

Okay,  What have I tested so far?  This string will work for me in Firefox 39 ( Firefox is the only browser left that can handle the debug) on Windows 7:


To get it in you do a Tools, Options, set it to Advanced, select Network and then click the Settings button.  You then put in the string I just gave (substituting your user name for hhhobbit) in the "Automatic proxy configuration URL" box.  You select that by clicking the radio button next to it.  Remember all of this because until we get a pseudo web-server like Homer working on Windows 7 (I assume it won't work) you will be unchecking it real soon and going back to your default.  I forgot to record the default.  I will do it on my other system.

When I go to something like in the PAC filter with it set that way I get a proxy error message.  I tried changing the blackhole to being careful to and then tried something like say (there is no way to clear the cache any more which is stupid in my opinion) it gives me the same proxy error message.

So today, 2015-08-01, I will be testing to see if Homer works.  If it does I will be back here filling in all the details and putting in the stuff for the other browsers.  Don't expect any of this to work for Windows 8 or Windows 10.  Either Windows XP or Windows 7 is the end of the road for the PAC filter on Windows.  Sorry.


Friday, September 19, 2014

Are we being hacked by the Chinese?

I wrote a response to a comment made about this article that said the US Senate was invenstigating the Chinese break-ins that occurred at TRANSCOM in September 2014:

Fierce Government IT - Chinese Hackers

I wrote this reply to callmebc's comments (it may not be exact because the original is gone - they deleted it):

You can be skeptical about the Chinese being behind it but you should not be skeptical about it being done. It IS done. I am an independent security analyst that cannot work due to actions by the FBI going on eighteen years with no end in sight. But I have even pulled down a banker trojan from a Financial Institution ( about one month ago. We need to get Windows systems out of the POS cash registers at brick and mortars and work upward from there. APT (Advanced Persistant Threat) can be avoided by shifting to Linux (not nearly as secure as OpenBSD but more user friendly) and using Thunderbird or other email programs that don't render HTML making phish a thing of the past.

I got the very same malware that did in Google several years back and it WAS of Chinese origin right down to the hashing function that could only be theirs.

Since the editors deleted my response here it is.  I do have the malware that did in Google and will provide it to Fierce Goverment IT upon request.  I also have malware that used the same RealTek certs used in Stuxnet.  The visible proof is here:

Realtek certs used in Stuxnet

That malware will also be provided to Fierce Govenment IT upon request.

Henry Hertz Hobbit   (Intenet Name)
David Alexander Harvey   (Legal Name)

Saturday, May 10, 2014

No to all HTTPS

Letter to Google

   Google, people probably always want to use port 443 (HTTPS) for logging into GMail. They also want to use it for their blog.  They even may want to use it for Google+ which I need about as much as a hole in the head.  Ditto for Facebook, Twitter, Linked-In, et al.  I don't need any of those "ant-social" web-sites.  They have turned people into anti-social idiots in the real world.
   But forcing me to use HTTPS for your search engine all the time is inappropriate.  I am generally searching for the usage of some new hosts in tracking, ad-servers and malware.  You are second on that with DuckDuckGo being the primary.  For what ever reason, you seem to be trying HTTPS first on the link which causes all sorts of problems when I click on the links.  I could care less that the NSA tracks this activity.  If they are using Windows and get infected by the ad-ware I find that is their fault.  I get the high octane malware stuff in my email box almost every day.  They can have that too because I give it to your VirusTotal service with comments I hope help people learn what is happening.
   In case you are wondering, DuckDuckGo just uses the URLs as-is  But there I can also use DuckDuckGo as either or, which ever is most appropriate.  It is just that my ISP (Comcast / Xfinity) kept snooping on my activity, supposedly to protect my Linux systems from Windows malware.  So I usually use HTTPS with DuckDuckGo to foil them.  But I am having extreme difficulties testing for whether I have a tracker / ad-server off of your links.  Invariably the links are not using HTTPS.

   So please make it so we can use HTTP for your search engine when that is appropriate.  Over 90% of the time I could care  less that the NSA knows what I am searching for.  Again a warning is in order.  When it looks like I am searching for porn I am usually looking for malware, an ad-service, or a tracker at a porn site.  Despite common wisdom to the contrary, porn sites still up the chance of Windows malware considerably.  So if I am looking for info on it may be their ad-service, a tracker or given where it came from, maybe malware.  Even if it just their ad-service or their tracker it still gets tossed into my porn bin when I add it to my hosts file.  After all, it is not a generic ad service.  There is no malware I know of at it. But there is no reason to hide the search from anybody.

Sunday, March 30, 2014

Setting up email

Where The Spam Comes From

  Recently I read a piece from eSet (makers of NOD32).  They claimed that there were 10,000 hacked Linux machines sending out spam and malware.  Could this be the hackers I originally dubbed PeskySpammer and renamed PerniciousMalware that put in 500+ spam per day in one of my email boxes plus occasional malware I asked myself?  No, it cannot be that because you can see yourself that the majority of the IPv4 addresses used are in DSL and cable IP blocks.  You don't believe me?  Here you go:

Public PeskySpammer folder
Originating IPs
Left 0 Pad Filled Originating IPs

  Just look them up in whois.  I stopped keeping records of these about six months ago.  But if you ever wanted proof of what was sending the spam and malware all you had to do is seize the machines at the sending IP addresses.  On the machines which would be running Microsoft Windows you would find specially crafted SMTP engines that only send email.  How do they get around where it was sent from?  They pretend it was sent from some place else.  That is how I first got them.  They were pretending to send from ficititious users at my domain.  It took me over a year to get email admins to learn NOT to boomerang messages to me.  Evidently thinking has gone out of style. Whether the hackers realized that Yahoo and other domains have email set up wrong from a practical point of view but probably correctly from the old RFC is unknown.  It does argue that things need to change and immediately.  There will be more on that in a moment.

Are The Linux Machines Hacked?

  Probably.  But which would you want to send spam from?  A tiny number of Linux boxes (10,000 is tiny) which you can easily map out the IP addresses and take them out of the loop with blocks at major IMSPs (Internet Mail Service Providers)?  Or do you want a huge flotilla of Windows boxes where the machines sending spam come and go regularly in such a way that a preventitive measure based on the originating IP address is almost useless?  The infected Windows machine route will win hands down.  But lets probe the weaknesses of Linux.  The very first one for me is actually not security.  Because of that stupid X-Windows DB I am almost always staring at 640X480 at install time.  Gone are the days of hacking the X Config file and being on with my business.  But I work from Linux and it is a compromize.  Maybe OpenBSD would be a better choice.
   Linux systems have so much software that is hacked into place and the software changes so furiously that it is almost impossible to eradicate problems.  This is especially true for the servers.  But my two machines named GandalfTW and Sauron aren't servers and they eye each other suspiciouly.  They will allow a hello and are you there (ICMP ping) and that is about it.  I don't even let one do print server duty and instead rely on the JetDirect card in the old HP printer to handle things.  Getting that configured took a lot of work.  Yes, it has an old parallel printer interface.  But with this much complexity I have this nagging feeling I have too many holes in my systems.  Blowing down the protection of IPv4 with IPv6 (no NAT, no firewall) doesn't help.  But I do have two routers in place.
   But then I hear that there is an SSL bug in Macintosh, iPhone, and iPad.  I can remember Apple taking over six months to fix a simple problem several years back.  Did they really fix the iPhone in 2-7 days and Macintosh in less than two weeks?  Unbelieveable.  Then the boom was lowered.  Many versions of Linux also had an SSL security flaw.  At least some Linux distors do make use of OpenPGP signing to make the downloads trusted or not.  But is my kernel the real deal or did the NSA hack a SHA1 certificate and give me a modified kernel?  I am paranoid.  I am paranoid enough or too paranoid?
   But the coup-de-grace was when was hacked and they sat there saying how super secure SHA1 was.  Pshaw.  I have malware with SHA1 and I know others do too where they hacked the SHA1.  Still, it is more likely that the certs were stolen as in this case:

But it is not Stuxnet!  The cert passed muster until the keys were revoked.  What am I saying?  There are ways around encryption.  But coming from SSL and hitting serious security stuff gives one the idea that SHA1 is powerful.  Not one serious AV company depends on SHA1.  They have shifted to SHA-256 years ago.  My OpenPGP keys have SHA-256 as the preferred Digest algorithm:

Cipher:  TwoFish, Camellia256, Camellia192, Camellia128, BlowFish, Cast5, 3DES.
Digest: SHA256, SHA512, SHA1, SHA384

I used to have 4096 paired RSA keys and SHA512.  It was fine with a dual core and quad core machine.  It was a little too much for older single core machines.  But I get 3DES whether I want it or not.  I don't want it.  Note that both BlowFish and Cast5 precede it and iPhone and Android systems can handle that.  SHA384 is non-standard so I have no choice but to bump SHA1 up in pecking priority.

But if a Linux system is truly hacked they can steal your keys unless you put in a symlink to a flash drive where your keys are really at and the hacker always hits it with your flash drive removed.  The key logger gets the pass-phrase.  But I doubt most Linux people ever police their shell startup files.  I do look at my shell startup files which have been altered considerably by me;  FREQUENTLY!  I told you I was paranoid.  But what do you expect of somebody that has now handled well over 12,000 Windows malware.

So is it too much to ask that  Linux people shift from SHA1 to SHA256?  I don't think so.  The less services you run the less vulnerable you are.  That is the way it has been forever.

Lest Windows People Snort

  Windows did not wait for IBM to add owner group and other things to the file system which is also used in the processes.  Back then it was called the HPFS and it became the NTFS.  But here is what would have happened if they had waited:

It isn't just limited to the file system.  Look at voodoo.txt.  If Target, Neiman Marcus, and others had used Linux instead of Windows in their POS terminals scraping would not have worked.  Try it!  The SourceBuffer is invariably out of your process's memory space.  The result?  A segnment violation.  No memory scraping here.  Where did all of those Siemens Nixdorf POS terminals go?  Why did they replace them with Windows?

How To Setup Email

   On to the main reason for this blog entry.  Because of the way that Yahoo (and other IMSPs) set up email I have over 500 spam per day in my mini honey-net.  I don't mind the malware except for those two days I got 500+ malware instead of spam each day.  But really, email should be set up like this as the first step in reducing spam:

1. There are only three email accounts that are extra but for anything other than those three email accounts, your email account, and any other created email accounts, anything sent to any other users than the ones enumerated should be tossed.  Bye, bye mini honey-net!

2. The other three extra users are abuse, postmaster, and webmaster.  Although it may seem nice to not put email for those into the master user's account in case of somebody hacking your computer what if your computer (as opposed to Yahoo's or other IWSP / IMSP) is compromized?

3. The number of domains for places like Yahoo are huge.  I would set it up with some sort of a self balancing binary tree for fast lookup.  For example, if you had a domain named with just master user named keyboard, here is what the users and email box (only one, would look like (email name then email box):


Only the emails for those four users at would be accepted and all of the messages for them would be put in the user's email box.  Any emails sent to any other user at would be dropped like a hot scalding potato.  That means they would just be discarded.

Once that is done, all of my other comments apply.  But if Yahoo set it up this way I would get less than 2% of what I get now.  Their email servers would get a break.  The people that aren't involved in the spam and malware storm would finally see the odd behavior of their email vanish.  No?  Then look at my other points.  I am pretty sure qmail can do it.  It has the richest set of fillter options of any SMTP server.