Client Services Available

Member for

1 year 6 months
Submitted by AlReaud on Thu, 12/01/2016 - 13:09

Happy Cat Technologies provides the following services to clients in the Fort Collins/Loveland and local areas only:

  • Computer maintenance, such as dust-out/cleaning, removing unwanted pre-installed applications, installing/upgrading applications, removing malware and viruses, creation of emergency boot disks, optimizing (speed up), diagnostic troubleshooting, etc. We support Windows (7-10), OS-X, and Linux operating systems. Service on smart phones or tablets based on the Android OS is also available depending on model. Service on Apple smart phones and tablets is not available due to Apple product policies.
  • Tower and laptop hardware servicing including hardware installation, upgrading, troubleshooting, and defective component replacement. Limited Apple laptop hardware support is provided due to Apple product policies.
  • Data Recovery and Backup, to mitigate disaster situations, such as when the operating system won't start. We also provide password recovery for some versions of Windows. We can recommend and setup backups to local media (DVD), removable media (flash drive, external hard drive), or to Cloud (SOS Backup, Carbonite, etc).
  • Network/WIFI consultation, design, installation, configuring and troubleshooting, including cable routing. We also do security evaluations of WIFI installations.
  • Web site[1] provisioning from initial consultation to development, 

Analysis and Takeapart of a UPS Parcel Shipping Problem Spoof

Member for

1 year 6 months
Submitted by AlReaud on Tue, 02/28/2017 - 19:26

At least once a week I get attachments from a “reputable” organization saying my account (that I don't have) has been locked due to suspicious activity being detected, a bank account (that I don't have) needs verification, or there is a problem with the shipment of a parcel (I didn't order). This week I got an interesting one from "Jordan Mccabe, UPS Station Manager". Sadly the sending individual doesn't know enough about the target to realize that "UPS" and "Post Office", well, kind of mismatch. But this one got me interested in doing some reverse engineering of the suspicious attachment because of it's small size, only 817 bytes.

The text of the email is as follows:
Date: 02/26/2017 01:35 AM
From: virtual-user <>
Subject: Parcel #001210497 shipment problem, please review
To: Me

Dear Customer,
Your item has arrived at the UPS Post Office at February 25, but the courier was unable to deliver parcel to you.
Postal label is enclosed to this e-mail. Please check the attachment!
Yours sincerely,
Jordan Mccabe,
UPS Station Manager.

Attachment Checksum (MD5): 3e01923b9fd179c864bf40caffb21786

Screen capture of UPS Trojan Attachment Email showing highlights.

The highlighted areas indicate areas that commonly give away the fact that it is a spoof. Usually the sender address is strange or wrong, the grammar is wrong, and the context of the message is wrong.

Unzipping the attachments creates a second zip file with a

Beware the phone scam...

Member for

1 year 6 months
Submitted by AlReaud on Sun, 02/26/2017 - 19:48

I got a call from (212) 877-1620, which is a Verizon New York number on Friday, February 24 2017. This number had been trying to reach me almost daily since February 14. Must have been an important call if they are doing that, so I answered. The guy on the other line was from a "Microsoft Certified support provider" (Right frown) who wanted to let me know that they had detected my Windows computer putting out malware. Really? Which computer? I have four computers up and running. Oh, the one you are on now. That's pretty interesting, I told him, the computer was powered down. Oh, we have logs of it he said. He had one of those Mumbai British accents that lets the cat jump right out of the bag, if you know what I mean…

The truth of the matter is that I have ZERO computers that have Windows on them, I only run versions of Linux. wink So I started feeding him line and slowly reeling him in. I was able to troll him for about 17 minutes (You want to keep them on the line as long as possible, as it cuts down their effectiveness). We get started right away, as he tells me it's a critical problem, and it has to be fixed right away. Sure, right! Lets try to open the command prompt running Windows-Key+R. Doesn't work. No command prompt shows up. Should I be doing a capital "R", no just Windows-Key+R. So we go through a few permutations of the opening of the command prompt in Windows. Doesn't work.

OK, could you open Internet Explorer. How? Spend a few minutes on that. No can't do that either. How about some other browser? Sure I have Firefox. Ok, that works (because I'm looking for a website address, LOL). OK, so he sends me to, which immediately redirects me

Back-Hacker Blog

Member for

1 year 6 months
Submitted by AlReaud on Sun, 11/13/2016 - 14:17

The Back-Hacking Blog came into existence around December 2011 after I started using Kali Linux. It comes from the idea of defending against hackers in a manner similar to Krav Maga. The putative system or security administrator doesn't just sit there passively receiving attacks, rather in the background they start probing the intruder's system, looking for weaknesses and exploits and using all of the tools available. However, make sure you read that first Back-Hacking link (and this one). There are legal, ethical and logistical questions to be addressed. Sometimes it is quite effective, as related in SunTrust Spoof: Additional ways of protecting your SunTrust access it can be quite effective. The other side of the coin is that it is not for the uninitiated. You may compromise your systems, open yourself or your organization to legal liability or criminal prosecution depending on your jurisdiction, and/or straight up waste your time. My personal position is that it is like carrying a concealed weapon, to be used only justifiably in self-defense.

Hitting the nail on the head...

Member for

1 year 6 months
Submitted by AlReaud on Mon, 10/31/2016 - 18:33

Since publishing the article “Beware those scam emails from .top, .stream and .download domains” I must have pissed somebody off by giving some good advice. Since then I've been literally inundated with spam emails from the domains .top, .stream, .download and .win. When I cleared the junk filters out, I had almost 800 junk emails for the week of Sunday October 23 - Saturday, October 29, 2016. This week the count is at 132 so far (see image below)! That previous weekly total is more than I usually get in a month. Further I've had some idiot with the email address something like dhawalnator[at] emailing Toyota and Hundai dealerships in San Jose, Fresno, and other cities in California giving my phone number and saying that I'm interested in a vehicle. Actually it's kind of funny, because I answer the calls and tell them that they are sadly the victim of a retaliatory email scam. That went on all last week. I need one of those dealerships to forward that email to alreaud[at] so I can analyze it.

This leads me to believe that I gave out good advice that is effective in preventing email phishers/scammers from being successful. So I'll give y'all another piece of advice, gratis. Use the Thunderbird email browser. It has one of the best

Beware those scam emails from .top, .stream and .download domains

Member for

1 year 6 months
Submitted by AlReaud on Mon, 10/03/2016 - 17:43

Since the advent of .top, .stream, and .download domains there has been a plethora of new spam emails that are flooding the Internet. This result comes from cheap hosting accounts available from many providers. Hosting providers have no incentive, however, to stop this because they are making money from hosting questionable accounts, and there are technical and legal challenges to stopping spam.

Spotting the scam emails is pretty easy, they usually come from strange addresses ending in .top, .stream, or .download, but can be from other domains with entreaties to protect children, etc. Usually, but not always, the emails contain only images, and the links are very ephemeral. The most important thing you can do to protect yourself from these is to DISABLE REMOTE CONTENT (Google your specific email browser to get the information on how to do so). The next most important thing, other than marking them as spam and deleting them immediately, is to set filters that mark and delete email from .top, .stream, and .download domains.

By disabling remote content, the image that is usually enclosed in the spam email isn't downloaded. That prevents the compromised server these things redirect to from knowing that your email address is valid and being read. It can do so because as seen below, the embedded links in the email have a unique signature that is associated with your email address.

Five examples are (redirects are done using the text only browser, Lynx, and Wireshark for packet capture, PLEASE DON'T FOLLOW ANY OF THE LINKS BELOW UNLESS YOU ABSOLUTELY KNOW WHAT YOU ARE DOING!):

Geek Thought of the Day Archive

Member for

1 year 6 months
Submitted by AlReaud on Thu, 09/15/2016 - 17:20

After seeing so many excellent thoughts of the day disappear into the aether, we thought that maybe it's a good idea to archive them. These all come from the Linux application fortune-mod, selected for (mostly)geek fortunes. As we enter a new fortune, we'll put the ones being replaced here as entries. These will be placed in year, month and day order as the amount of archived entries increases. We don't always follow this rule, so please bear with us…

Free Maverick update NOT recommended...

Member for

1 year 6 months
Submitted by AlReaud on Sat, 11/09/2013 - 21:09

Recently, I had the dubious pleasure of updating a friend's MacBook for OS X 10.6.8 to 10.9. It started as normal, with a backup to DVD of all data that my friend couldn't afford to loose, such as pictures, documents, etc. Normal SOP for significant OS updates.

After that, the update was started. First off, we had to figure out what the Apple ID and password were. That took a bit of time, but we finally found the piece of paper with the critical information. Once we started the update the real fun started. First off, we only had a 500KBS connection. That translates out to an approximately 3 hour download. You get what you pay for, LOL. The reason for doing this update was that my friend needed the speech to text capability that is now part of Maverick. A bit on that later, as all was not what it seems with that application.

So the update downloaded, and the MacBook updated to OS X 10.9, after more post-update updates. Maverick, BTW, has a definition as an adjective of "unorthodox". There were nothing but problems

Two great DRUPAL modules to stop harassing spammers

Member for

1 year 6 months
Submitted by AlReaud on Tue, 03/26/2013 - 21:17

Updated: 10/10/2016

If you operate a content management systems (CMS), you're probably familiar with the curse of botnet attacks on the user registration and persistent spammers on comments. These are IP address that are attached to your CMS from China, i.e. the domain, sending regular, daily spam message updates about Viagra, Cialis, and faux haute couture, sometimes for years on end. Or they continuously try to attack the user registration CAPTCHA, trying to create accounts to do the same or worse, sometimes using inane responses to the CAPTCHA like "TooBad1" through "TooBad257", not really doing any damage but consuming sometimes scarce resources and filling up the logs (to mask other activity sometimes, like database attacks).

This is not a problem specific to any one CMS, and will happen to Drupal, Wordpress, or Joomla. Drupal, however, logs the events as part of core functionality, allowing them to be noticed by the operator. Having dealt with it for well over a year, mostly manually, I found two great modules in the Dupal repository

Out of Lurking for Curiosity

Member for

1 year 6 months
Submitted by AlReaud on Tue, 08/07/2012 - 21:12

Months go by and nothing gets written because not much changes. The Gnome 3 interface doesn't lock up as much on restart, but normally does so on logout. The attacks on the shell are futile, and Fail2ban does a good job of making them futile. So there's not much to write about.

Curiosity, the Mars Science Lander(MSL), is another story. At ~900kg, it's a behemoth, the biggest lander placed on another planet successfully. The landing techniques were novel, requiring aerobreaking, supersonic parachuting, retrorockets and finally a sky-crane winch-down of the lander itself. Pretty phenomenal...

What will we find there, with a real lander that is more like a nuclear powered 6-wheel ATV? There is no telling, but we await expectantly! So congratulations to NASA at the MSL team, great job done getting us there. Now the task is finding out where the water went.