PassingNotes.com

given the recent furor of patricia dunn’s activities at hewlett packard, i felt that it might be rather timely to repost this posting from last may (may ‘05) regarding the cover story in private investigator magazine that explored pretexting…
i rarely repost shit, but honestly this is a very solid interview (in the mag, not the post itself)…

for additional insights regarding how such a stunt might have been pulled off, also consider these postings:
1) how to do caller id spoofing
2) conversational terrorism tactics (a bit more extreme of course)
3) more about elicitation tactics…
4) the effectiveness of lies by im, phone, email etc…

FROM 5/17/05 (yes, 05)

damn, what a treat for the general public - pi magazine (the journal of professional investigators) has released a free copy of their january/february 2005 cover article in which they interviewed joel winston, associate director of the ftc to discuss pretexting …what’s pretexting? well, it’s a fancy word for ‘lying‘ to get information, feel free to check out a primer on pretexting (per the dictionary: ” praetextus, p. p. of praetexere: to weave before, allege as an excuse; prae before + texere to weave. Ostensible reason or motive assigned or assumed as a color or cover for the real reason or motive; pretense; disguise.“)…if you’ve read any of kevin mitnick’s books about social engineering (another phrase, synonymous with pretexting at a basic level, and interchangable with ‘rusing’…and lying in general)

so yeah, the big issue has to do with lying to get information - specifically, is it illegal? certainly there are state-by-state issues…this particular interview covers some of the most granular elements surrounding the procurement of personal financial information in support of fraud type claims…very interesting stuff…i’m gonna spare you the quips as well as the summary because you should really just read the entire article yourself, it ain’t that long…btw, new bruce springsteen dvd side of the double cd/dvd is outstanding, which has nothing to do with anything (cool, huh? you should start your own blog today and insert stupid ass comments like that!)

Share This

okay, so a couple of weeks ago i was reading about this ridiculous event where elgoog ceo eric schmidt was facing off with a politician who stated that there are more outhouses in the world than users of tivo…schmidt says he uses elgoog all of the time, as a “truth squad” and commented (after the politician left) that “we live in a world where people make all sorts of claims, and i always wonder if they’re true“…using elgoog, schmidt then claims that the outhouses-exceed-tivo data is old (yeah, like that was a fucking study that took place) and added, “having the ability to search and get the answer is a nice way to live your life”

the point? this kind of arrogance just rubs me the wrong fucking way...as a naturally curious person, a single dad trapped at home and given to wanton fits of nocturnal internet sleuthing while my boys snooze away, i found myself wrestling with a more common sense approach to resolving this issue - using elgoog of course - and would like to present my debunking-schmidt logic for you…now entitled, “eric schmidt might be full of shit”

step 1: what’s the question again?

again, who the fuck ever studied tivo and outhouses? exactly…so let’s rethink outhouses - they’re for people without toilets, right? (without flushable toilets, of which there are nearly a million homes in just the united states, which i know from using elgoog!)…and tivo? tivo claims over 4 million users…

…so a search on elgoog for “people without toilets” leads to a study from results of the “children’s world water forum” which reports that, “Over half of all people without toilets live in India and China - 1.5 billion in total - creating an environment polluted with human waste.” (note about that 1.5billion - it includes the additional 36 percent of people in subsaharan africa living without toilets, along with the rest of the world…in fact, in urban india alone over 75 million people live without toilets...all of which i also found out using elgoog!”)

step 2: uh, i need a formula…

yeah, so how many outhouses per person if we’ve got 1.5 billion globally without toilets? well, let’s start by being sane, no math, just using tivo as a metric: there are 4 million tivo users, so if it were just 4 million plus one (so as to exceed the 4 million outhouses), that implies one outhouse or portable toilet/latrine/ditch etc for every 375 people in the world currently living without toilets…but does that sound right to you? that’s like the second woodstock, right? people rolling in shit, piss and mud…

…of course if we use just the urban india number as a relative point, then that 75 million on a 4 million total available basis results in one toilet for every 18.75 people - which seems to jibe closely with fema guidlines…so read on:

step 2a: who creates those guidelines? who even wrestles with toilets-per-population standards?

a quick search for guidelines for portable toilets leads to FEMA resources, per this bit, “The Federal Emergency Management Agency (FEMA) maintains Initial Response Resources (IRR) kit(s). The IRR contains critical goods that are typically needed in the immediate aftermath of a disaster, e.g., food, water, emergency generators, etc. ”

summary: fema suggests one for every 15 persons...but that’s really generous…we all know how awesome and super-duper generous FEMA is!

really, if we even get gross and imagine one outhouse for every 100 people that puts it at over 15 million total for that 1.5 billion…in reality, in villages like kumi in uganda (population estimate is 17 thousand) latrines serve a community in ‘public places’ but each home also has one built outside near the home or kitchen (typically a hole with a slab over it)…using this do-it-yourself approach, that 15 million crude number above might be more like 37 to 40 million if we give one hole or outdoor latrine to every 40 or so people…which is double the FEMA guideline (is that okay?)

step 7 (where was i?): some other points for comparison and thought…

so 2 am and there was still nothing on cable, leading me to take a long wasteful visit into wikipedia’s bit on toilets- fascinating…

…then followed a train of thought, in which i think about how india and south africa alone must have serious outhouse issues…which leads to…population of india…which returns a link to census data, which reports a leap past 1 billion in 2001 (and still outgrowing china…in fact, interesting factoid: country of india produces more live births in one week than all of the EU members combined in one year) wikipedia reports population as: 1095351995 (wow, wikipedia knows it all huh?)…oh, and the population of south africa (search on elgoog) returns the cia factbook data:44,344,136

um, but let’s look at just india, okay? i think you’ll see my point…a quick google search for “without toilets” india returns an excerpt from the census which reports that “the findings reveal that while urban households with toilets increased from 58 per cent in 1981 to 64 per cent in 1991 and 74 per cent in 2001 (the increase in later years due to urban reclassifications and increase in the number of towns), the more significant fact is that the number of people without toilets increased from 66 million to 77 million and then marginally dropped to 75 million over the same period in urban India.”

step 8: now send a letter to schmidt

okay, so do you see my point here? i’m thoroughly convinced that eric schmidt completely made this up…in fact, i’d be willing to bet my left nut (which is really just seminal vessicle, which i know from using elgoog!) that this research endeavor was assigned to some moronic intern who used the help section of elgoog to find some oddball resources and in the end was unwilling to show exactly how schmidt proved this point….

seriously schmidt, measure twice and cut once or we’re going to think that you make shit up all of the time…

Share This

this was originally called, ‘people on aol apparently don’t search for information about the cia, nsa, hezbollah, or the fbi’….

…okay, so this aol database fuck-up is really starting to make me roll…yes, it’s relatively easy to identify a handful of people from the id numbers, but not enough to make the data set a direct marketing dream for spam (i tested this myself by looking for ‘you have messages’ type text from myspace, then went to the users, then found a user linking through to a girl’s personal website via myspace mail, then teased back to the user by ‘guessing’ that his ridiculous searches for golf lined up with the user in the girl’s myspace profile friends list who was all about golf…just a hunch)

…and, btw, if you want to just search the aol data file online and not even bother downloading it, you can now visit aol search database fo’ free….or you can download one of the many files from a mirror site around the globe…

now here’s what’s cracking me up: you search for things that were in the news and they seem to vanish from the minds of aol users…or so it would appear (cia = zero results, nsa = zero results, fbi = zero results, hezbollah = zero results, al qaeda = 2 results, hamas = 27 results - a winner!!!!) …fascinating…then you search for myspace and the list never ends…search for george bush and you run into the thousands…

…so i had to ask myself: if somebody is searching for george bush, what else might he search for? and here then is a round up of what some of these users went looking for before, during and after the bush search:

user 3006162: looked for bush, then u2’s ‘walk on,’ then keyword vomit, then vomiting, then naughty college girls, then brian eno…and more! (brian eno or vomit, i’m not sure anymore…)

user 3337450 looked for bush, then shiva, then gonesh, then merlin the wizard…then elimidate (hmm…)

user 2303405 looked for “we love president george w. bush” and then looked for aa.com (no shit, yes, the american airlines site), delta, orbitz, travelocity (list goes on) and then finally, flood insurance

…and a user searching for “dick cheney” (user 3519380) also went looking for plumpers, used cars, the 700 club (the pathway to porn, right?), and then finally plumpers sex, playboy, anatomy of a murder and assassination’s gate…strange, huh? (oh, and a ford taurus)

yeah, so as you can see this is incredibly important information for government research….

….and in the final battle:

life = 9388 searches
death = 4404 searches

heaven = 1408 searches
hell = 669 searches (spooooky….turn that nine upside down kids!)

Share This

okay, this is truly a nerd popularity contest tool designed to alienate all of the folks who see the key phrase “popular contest” and the go rushing to the site only to discover that they’ve got no fucking clue what’s going on..

it’s rate my network diagram, a site where users can contribute an image of a network for community rating and feedback…from the creators, “The idea of setting this site up was not to make it possible for people to vote on the “look” of a network diagram. The purpose of this site is to allow people to learn about computer networking and network documentation by seeing what other people have done with their networks”

…so don’t bother building out your myspace network image in visio or whatever, you probably won’t make the cut…and of course no porn unless it’s for scientific or technical applications (ain’t it all?)…enjoy…check out this hot full mesh vpn baby!

Share This

hello, i’m abraham lincoln….okay, yeah, so i’ve been looking closely at the recently hyped ‘fake identity generator‘ that’s drawn attention from both the mainstream as well as the experts (namely bruce schneir, security guru)…it’s become so popular that is has gone from ’shitty url path’ to its own unique domain: fakenamegenerator.com, and it has its own distinct blog to track progress…and the dude has been adding new features like crazy…and the usage is going through the roof…

…so what is this thing? it’s a tool that will draw a set of randomly paired ‘person’ elements from different data stores to create one completely ‘real looking’ fake identity, replete with social security number, mastercard number, date of birth, address, phone, email and full name…all of the data is completely made up, and there were some folks discussing ‘enhancing‘ the service to run the addresses against a quick search on elgoog maps to find out if the street given is ‘real’ and in turn regenerate a fake address until a real one turns up…oh, and dude is also selling the fake names in bulk right now to folks who wish to test ecommerce platforms (though he may make the project open source, still to be determined)

and of course, for those with a little more patience there are much more sophisticated alternatives out there, but they really look more like identity theft than internet theater, so i won’t discuss them too much further (some mentions in my archives though, follow the birthday trail perhaps, or email me if you really want an explanation of what i’m talking about)..

…yeah, so pretty nifty stuff for the social engineers out there looking for new free toys to play with, but what really caught my attention here is the code that the fakenamegenerator’s creator is using to whack out those fake mastercard numbers…the site uses graham king’s php credit card number generator ….from graham, “Command line Python program, PHP script, and Javascript script to generate valid (MOD 10) credit card numbers. Usefull for testing e-commerce sites. (Note: You can’t actually buy anything with these). Should run on any platform.“…if you just want to see how it works when generating results and don’t wanna touch code, check out his online version of the generator (much more than mastercard on the list)…these conform to the luhn formula (aka ‘mod10′) which confirms the final ‘check digit’ in the stringy sequence of numbers, meaning that if well executed, then the numbers could be used to validate but will fail if a transaction is actually run…

think about that for a second….how long will it be before i can meld my fake online identity with my (hypothetically) boss vt-1 transformer, spice it up with a little caller id spoofing and manage fake identities in analog and digital from the comfort of any relatively quiet place? this is a dark feeling, sorry, speaks to that whole ‘living off the grid’ future that everybody used to make fun of…

Share This