Big fat tyres + only 800kg in weight = no traction.
Couldn't even get the Roadie out of the drive this morning on the snow! Fortunately, Mrs Dynamoo's rather heavier Rover 25 did.
Still, it's funny seeing all those people who've spend a fortune on BMW X5s and X3s to discover that they've got all the offroad capabilities of a milk float in this weather. :)
Thursday, 8 February 2007
Snow... brrrr...
As the country grinds to a halt under a few inches of snow (that have been predicted for a couple of days), here are some pictures of Elstow Village in Bedfordshire. Snow.. in winter.. who would have guessed it?
Wednesday, 7 February 2007
Frozen Roadster
A chilly minus eight degrees overnight.. and a tricky problem for my Smart Roadster. After opening the passenger door, the darned thing just wouldn't shut properly.
Now, the Roadster has a design fault in the door where (I understand) there is a pin holding in part of the mechanism which is basically mounted upside down, and this drops out which means that the door cannot be opened from the inside. Smart's first fix for this was to glue to pin in.. but of course, the pin will still work loose eventually and has a tendency to drop out again. I mention this because Smart's measly 2 year warranty would mean that this might end up as an expensive repair.
The problem was simpler than that - it looks like the very cold weather had frozen the mechanism in place after it opened. About three buckets of warm water over the door unfroze the mechanism and it started working properly. This led to another problem.. a clean bit of the car. So, the Roadster ended up with an early morning bath (as pictured).
The next problem is how to deal with the threatened six inches of snow in a car with only about four inches of ground clearance..
Labels:
Smart Roadster
Friday, 26 January 2007
One Invalid Recipient..
In my opinion, one of the great underappreciated Microsoft Knowledgebase articles is KB147093 which explains one of those mysteries you see with Exchange servers from time-to-time.
The symptom is this - a remote sender transmits a message to multiple recipients on your Exchange server, but one or more of the recipients is incorrect. This causes the mail transaction to fail and NO recipients get the message.
Although KB147093 refers to X400, in fact this is the behaviour that you'll see on an Exchange 5.5 Internet Mail Connector, and it works with other SMTP-based mail servers too.
The problem is this - when sending to multiple recipients at one remote domain, the software at the sender's end will make a single connection to the remote mail servers.. and it's an all-or-nothing proposition.
The problem is compounded if you suppress NDRs (nondelivery reports) to the internet, because a remote sender will never receive a bounce message to say that the mail transaction failed. In these circumstances, it can take some time to work out that there's a problem at all.. but in this case you need to carefully check the recipient list for invalid users and remove them.
Now, if you have NDRs enabled, the problem will probably be spotted much sooner. But these days a lot of organisations turn them off, especially if they are the targets of mass spamming or directory harvesting attacks. It's one of those cases where the current levels of spam have unexpected adverse impacts on infrastructure.
The symptom is this - a remote sender transmits a message to multiple recipients on your Exchange server, but one or more of the recipients is incorrect. This causes the mail transaction to fail and NO recipients get the message.
Although KB147093 refers to X400, in fact this is the behaviour that you'll see on an Exchange 5.5 Internet Mail Connector, and it works with other SMTP-based mail servers too.
The problem is this - when sending to multiple recipients at one remote domain, the software at the sender's end will make a single connection to the remote mail servers.. and it's an all-or-nothing proposition.
The problem is compounded if you suppress NDRs (nondelivery reports) to the internet, because a remote sender will never receive a bounce message to say that the mail transaction failed. In these circumstances, it can take some time to work out that there's a problem at all.. but in this case you need to carefully check the recipient list for invalid users and remove them.
Now, if you have NDRs enabled, the problem will probably be spotted much sooner. But these days a lot of organisations turn them off, especially if they are the targets of mass spamming or directory harvesting attacks. It's one of those cases where the current levels of spam have unexpected adverse impacts on infrastructure.
Wednesday, 17 January 2007
Travelocity Template Spam
A couple of days ago, we saw a pump and dump spam using an Incredimail template to bypass spam filters. We pointed out that Incredimail messages could be scored as being somewhat spammy.
With a new twist, spammers are now using a Travelocity template [click image on right to enlarge] with an embedded image in the middle. Businesses are more likely to allow Travelocity mail than ones with Incredimail templates.
Clever.. but these messages don't come from a Travelocity email address, nor a Travelocity IP (whatever that might be). So, if you roll your own filters you can look for elements of the Travelocity template in messages that don't originate from Travelocity.
If you use Postini, add an inbound filter something like:
- Select "Match All"
- Body | contains | 1-888-709-5983
- Sender | does not contain | travelocity
- Set Message Disposition to "User Quarantine"
What's clear is that the spammers have found a new technique here and there's probably (sadly) quite a bit of mileage in it. Expect to see more variants of this soon.
Monday, 15 January 2007
"Incredimail" spam
A novel twist to the CBFE pump and dump spam that's been doing the rounds is a large scale run of spam messages using an Incredimail template to fool spam filters. [Click the image to enlarge]
The trick here is that Incredimail uses a lot of embedded images, as does the recent batch of P&D messages.. so if a filter has been "detuned" to let these templates through, then the spam can slip through on the back of it.
In this particular case, the CBFE spam is encoded with the Windows-1251 Cyrillic character set which makes it distinctive, although that will probably change.
If you roll your own filters, look for X-Mailer: IncrediMail in the headers, and charset="windows-1251" on each MIME boundary.
If you use Postini, you could create an inbound filter of Header | contains | X-Mailer: IncrediMail and set Message Disposition to "User Quarantine".
There's probably no harm for most people in scoring messages with Incredimail templates higher for spam as very little of it will be business related.
Wednesday, 10 January 2007
Patch Tuesday - January
A very small number of patches this month, none of which are critical for servers (assuming you don't read email, process office documents or surf the web on a server) and which may not even require a reboot on most client PCs. I've ordered these roughly in order of importance.
MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
http://www.microsoft.com/technet/security/Bulletin/MS07-004.mspx
This addresses an active exploit in IE and should be applied as soon as possible.
Client impact: high
Server impact: low
MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)
http://www.microsoft.com/technet/security/Bulletin/MS07-003.mspx
A series of potentially serious flaws that could lead to an exploit if the user opens a specially crafted email message. Outlook 2000 is vulnerable to this, but cannot be patched via WSUS so this would need to be applied manually where possible. Replaces MS06-055.
Client impact: high
Server impact: low
MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
http://www.microsoft.com/technet/security/Bulletin/MS07-002.mspx
Similar to MS07-003, and Excel 2000 is similarly impacted with no WSUS remediation.
Client impact: high
Server impact: low
MS07-001 Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)
http://www.microsoft.com/technet/security/Bulletin/MS07-001.mspx
This only impacts Office 2003 with the Brazilian Portuguese language pack. It should be a big problem for most users.
Client impact: low
Server impact: low
Labels:
security
Monday, 8 January 2007
Braindead spam from eReplicaShop.com
eReplicaShop.com is a particularly persistent spammer, using image spam from zombie PCs and a large variety of domains. Most of these domains are registered to "Paul Gregoire" or a number of other aliases.. the smart money is that this is actually Alex Polyakov.
Unusually, the eReplicaShop servers are rented from fairly legitimate web hosts.. but bearing in mind that Polyakov is linked with phishing and money laundering scams it's quite likely that at least some of these services are being paid for by stolen credit cards.
Rule 3 of the Rules of Spam states that "Spammers are stupid". In this case, the eReplicaShop.com spam is particularly stupid as it often gets sent to abuse@ addresses. Most mail admins get really pissed off about abuse@ spam.. and this often leads to a satisfyingly short lifespan for the eReplicaShop mirrors.
If you do end up reporting one of these, it's always worthwhile to point out to the host that they might not be getting paid for the services they're providing. That normally gets a very quick response.
Unusually, the eReplicaShop servers are rented from fairly legitimate web hosts.. but bearing in mind that Polyakov is linked with phishing and money laundering scams it's quite likely that at least some of these services are being paid for by stolen credit cards.
Rule 3 of the Rules of Spam states that "Spammers are stupid". In this case, the eReplicaShop.com spam is particularly stupid as it often gets sent to abuse@ addresses. Most mail admins get really pissed off about abuse@ spam.. and this often leads to a satisfyingly short lifespan for the eReplicaShop mirrors.
If you do end up reporting one of these, it's always worthwhile to point out to the host that they might not be getting paid for the services they're providing. That normally gets a very quick response.
Labels:
Spam
Welcome
Well.. alright, I've come to the blogging thing pretty late on, I know. But sometimes it's just too much work to break out the web editor and fiddle around, and at least this way I can get things to press more quickly.
Anyway, here's a completely gratuitous shot of a Compaq Portable II for you..
Anyway, here's a completely gratuitous shot of a Compaq Portable II for you..
Labels:
Blogging
Subscribe to:
Posts (Atom)