Archive for the ‘steganography’ Category

Just A little Depressed!

July 15, 2007

You can’t possibly believe that swimmer’s ear is dehabilitating. Alright, I didn’t go to my doctor crying just because my ear was plugged up and I probably didn’t even mention it to him when I saw him on our weekly social visit but I did get it checked before I got on the plane to visit the newest beautiful granddaughter.

He prescribed some ear drops and I made the mistake of reading the label which said that I would lose all my ear hair, and it would burn a hole in my eardrum which would travel though my head as I slept and if I used too much and slept on my side the hole would go all the way through the earth and end up in China. So I used just enough to keep the pain at bay but apparently not enough to cure the infection so I ended up with a real full body infection which gave me the blah’s.

He gave me Cipro which is the only know cure for anthraces, and told me if I drank too much at night, it would flush the antibiotic out of my body but I could make up for it by taking an extra pill. He also gave me an antihistamine which caused me to break out in a sever allergic reaction which could only be cured by steroids so I took them too. I also had to go back to the ear drops to replace the antihistamine.

It’s hard to write when you’re sick and easy to get depressed when your taking steroids. So in the midst of wallowing in self pity. My friend Mike E. visits and asks about his special server and honeypot. He did get the gist of being stalked and all of his friends being stalked so I was going to do just a little more work which turns out to be a lot of work and raises even more fears for the paranoid libertarians among us. That will be covered next post.

The next Depressing thing was that stupid resume for Shannon Perkins I discovered. It showed she was in all those professional organizations with their “Codes of Ethics” and the fact that she committed major big time ethic’s violations and demonstrable perjury to the point that I feel morally bound to make a formal judicial complaint and see if I can get her decertified as an expert and perhaps perjury charges filed against her. She deserves no less.

Perhaps the most distressing aspect is reader analysis. If I had to guess, about half are pedophiles worried about their own one way tickets to jail and hell, and the other half are people who are worried about the Government Invasion of Privacy in the post 911 era under the idiot in charge. Unfortunately, I suspect most are under 18 and not able to be of any political influence. Oh yeah, I forgot th group from the moral majority who actually approve of spying on sinners so they leave comments calling me a Cretan and telling me to accept Christ and I won’t care about privacy anymore because I won’t be doing anything wrong (There is a certain logic to that!)

Oh well, like most writers, I write for myself and if anybody enjoys it, it’s a blessing

GhostSurfer Sucks!

July 9, 2007

Right from the start I should have figured out that Tenebril GhostSurf (which promised an anonymous Internet connection to let you surf the Web) was bullshit. I mean I purchased a copy at Office Max so I paid cash to be totally anonymous only to find out that the cd was merely a connection to an Internet download site which loaded me up with two distinct 20 mg downloads. In order to get that far, I had to give them my email address and product key which immediately tied my ghost surfing habits to my machine.

Can this story get worse? Of course or it wouldn’t be worth a blog!

When the main menu pops up to offer spyware protection, anonymous surfing and 3 other items of lesser value, nothing would work until each line item was individually activated by putting in your product code and email address. Now when I first started surfing, I did a DNS check and traceroute on myself to find out how anonymous it was. That’s when I found out that anonymous surfing was neither anonymous or the set default. If you wanted to be anonymous, you were supposed to check invisible.

OK, I tested invisible.

Visual Traceroute (which is a very cool program) rejected my connection without comment. A traceroute from Pakistan (which is a high technology nation) tracked me to an ev1 server in Houston without comment. Now Dnsstuff.com which is another cool site tracked me to the same ev1 server identified as IP 207.44.220.36. They went onto say that this was a well known proxy server, that it was infected with malware and if I ever returned from that proxy and infected their machines, they would hunt me like a dog and ban my real IP for life. (or something equally threatening). So now I find that I’m still not anonymous. I’m on a fixed proxy with a know IP with a registered copy to my email and machine and any government agency or proficient hacker can break my veil of secrecy.

Can it be worse?

Of course, I got infected by a bot on my most highly protected and very anonymous machine which had a true alternate identity. The infection was so aggressive the machine was worthless.

Was it anonymous?

Not a chance, the index.dat files were loaded with crap including the URL history and pictures in cache memory and there were cookies I was so pissed removing this paid program from my machine that I bearly had time to document the technical details for the blog at Tigerstail.

I will say one thing about the Feds spying on you, your machine is fairly clean of most malware and you are free to quickly surf even if the answers to searches might be wrong or incomplete. This is the worst nastiest infection I have seen in 10 years of surfing the net and it simply can’t be removed without wiping the drive and reinstalling.

Shockmeshocker.com Is Shocking

July 7, 2007

So I was doing my final follow up on castingcouchteens.com (which is a very nasty site on it’s own) when I noticed that the spawn of CCT all pull their Javascript from the same address which is just an IP number, 64.38.231.41

Of course, I’m curious and run a traceroute to the server which is hosted by CWIE off a Level 3 backbone, the same as castingcouchteens.com which makes sense if you are using this IP as your JavaScript server. The only unusual detail was the IP check reveled a verified reverse name of shockmeshocker.com by two different services.

As discussed separately, shockmeshocker.com was one of those sites that you just couldn’t find information on no matter how hard you tried. I did an aboutus.org search which reported that “There is currently no text in this page”. An alexa.com search said there was no data available. When I Googed it, I found the cache pages were unavailable and there was no meaningful information about the site.

So finally, I went to the site and got slammed with an automatic redirect which offered me about 100 free video clips- some involving that world famous Texas daddy abusing his daughter. Today, when I was fact checking, Aboutus is now providing minimal information but when I put shockmeshocker.com in my Google search bar and pressed enter, it never did a search, it just slammed me with that automatic redirect for porn videos.

Now I’m really curious to find out who in the world would host this nasty crap. Whois provided exactly what I thought, no information at all except that the site was allegedly located in the United Kingdom. A traceroute from dnsstuff.com showed that it traveled to New York on the Level 3 backbone before being connected to ISPrime system and was hosted by them. Visual Route from Ashburn showed a path to New York connecting to ISPrime and ipipe hosting while the Visual Route TraceRoute from London connected to ISPrime in New York and hosting by ipipe.

Well, it is fairly obvious that ISPrime is the Web Host and it’s most likely located in New York but just to check, we did a traceroute from Australia which took us to New York, as did traceroutes from Austria and Pakistan. So no matter where in the world you start from, you can’t get fucked by shockmeshocker.com until you reach ISPrime in New York. Once again a protected American site is exploiting a poor Texas child by facilitating the viewing of her sexual abuse online.

Now I have to admit the begots from this site are a little more difficult to track and at least the foreign locations are plausible but I’m still sure we’ll find some roots in the good old USA.

Be Careful What You Think!

July 6, 2007

While I was on vacation, I got a few comments which hasn’t happened in awhile. It would appear that while I was gone, a human evaluated me and found that I was no more seditious than any other True American and that I could go back to normal WordPress blogging.

While I was on my special honeypot server, comments were blocked, it took three or four tries to post a comment and if I was evaluating a comment at the same time the Feds were, I got some silly instruction that the server was under maintenance and I should not change my browser by deleting the comment, going to another site, or hitting the back button for 5 minutes.

Regular readers know that when I was in this special Honeypot zone, I pointed out that I was my own Honeypot and all the information a Honeypot could acquire. But, in general, the blog is it’s own unique media that captures an instant in time without either a history or a future so you can’t expect occasional visitors to really know you.

All this came to mind when an obviously young surfer asked in broken English two comments about “sex for boy” and “i like see boy sex”. Now, once again, regular readers know this site is more about technological invasion of privacy and I don’t do that sort of thing but even worse he seemed to ignore my caveats about protecting his identity and entrapment. When a comment is made at WordPress, the IP is captured and since he made 2 comments in 2 minutes with the same IP, it’s a pretty good bet it’s for real and it tracks to Saudi Arabia. Moreover, he gave an accurate email address with an obvious Arab name that appears to be real. Unless he’s framing an enemy, he’s framed himself.

Personally, as pissed as I am at the USA government for invasion of privacy and perjury at trial, I’d rather take my chances with American lawyers than Islamic thought police in Saudi Arabia who are known to kidnap, maim and kill.

By the way, this lesson applies to all. The very nature of blogging is to seek audience and adulation. To the extent we reveal our innermost thoughts, index them and use similar key words each time to build audience share makes us accessible by Google. If you don’t believe that the Feds are using the same and better search engines to find our innermost secretes- your out of your fucking mind.

Quick Update on Quickcert Course

June 27, 2007

Of course absolutely nothing is happening with my Quickcert courses on Ethical Hacking and Forensics.

The Fedex tracking shows that it was refused by me after it disappeared for three weeks. For most of that time, the tracking report said “clearence in progress” and no one could find it, Finally, after three weeks they report I refused it. Actually, I refused it by way of an 800 number phone call two weeks ago because they gave me false information about attempted delivery. Hell, barge cargo from Florida only takes a week and there are no customs duties on printed materials or educational materials so this one didn’t need lies and obfuscation .

My original notes of my discussion with Quickcert was posted at my Blog and I believe are somewhat accurate:

The response I got from Quickcert this morning is like those credit card memories – Fucking Priceless.

“I am told that we [Quickcert] are having trouble getting it released back to us through [US] customs. This may turn into a Bay of Pigs fiasco but my shipping guys are on it. They said it would be best for you to get it but I explained your concerns and as soon as we get it I will let you know.”

Why am I not surprised that Quickcert can’t get back their own course materials back on a timely basis. It should only take Homeland Security another three weeks to get the original course materials back in the same box without too much obvious tampering. Looks like Quickcert, US customs, Fedex and American Express will fight it out. American Express is of course my credit card company, and I guess it’s time to think about backing out the charges if I don’t get it soon.

If I ever get the course, I’ll let all the visitors who came looking for information know what I think. It must have some value or customs wouldn’t have fucked with it for a month.

Youngsex and The Castingcouch Begots

June 25, 2007

Youngsex.com led us to castingcouchteens.com and tracking the spawn of that unholy alliance is one of the most difficult things I have ever done. It’s not that it involved kiddie porn, it’s just that I hit all of the spawn listed in this post in an involuntary manner to find out that most of this crap makes the top 25,000 sites in the whole world or pissing women exceeds 99.9% of all the cerebral work on the Web.

When I went to castingcouchteens.com, I was greeted by your typical cop portal with all the disclaimers. Upon entering, there was nothing spectacular, it was just typical average porn. A casual exam of the code, showed that the Javascript was being called from site http://64.38.231.41 very similar to the way femalesex.com got it’s Javascript and images from cnomy.com. (Also, the site was ranked about 23,000 which as mentioned above is quite impressive.

It is hosted by CWIE, off a Level 3 network with no obvious honeypots in the path. I probably would have quit there except for three items. First, there were some obvious close ties to cnomy.com in the code and second, there was a relationship to one of those go to jail sites, pimpmyblackteen.com, which was connected to hotteens.com.

However, the real reason I decided to take a look was when I hit the back-button to get a screen shot of the legal crap, I entered a new site, allreality.com. Once again, I couldn’t find anything special or memorable. The site was hosted by CWIE off a Level 3 backbone. I think their claim to fame was that they offered access to 10 (or maybe 20) sites that all looked the same for one price. Unbelievably, this site ranks in the top 10,000 world wide or bigger than 99.99% of all the sites in the world.

When I hit the back-button again, I was directed to mrbigdickshotchicks.com which brought nothing much to the party. The porn was ordinary. The site was hosted by CWIE off a Level 3 backbone. I guess being part of a spawned group pays. This site is ranked in the top 5,000 in the United States, Egypt and Israel.

Now the back button delivered me to the really bright spot in Middle Eastern Harmony and a blight on my soul which was seehersquirt.com This very obvious piece of crap is exactly what the name applies. Unbelievably, it is ranked in the top 10,000 in the Palestinian Territory, Egypt and Israel. This is higher than the Quran.org (1,048,000) or Torah.org (208,000) although torah.org also makes the top 10,000 in Israel. Once again hosting is by CWIE off a Level 3 Backbone

The backbotton then delivered me to lonelywivesdatingclub.com which is a very weird site. Instead of code sharing and relying on Javascript from a common server as the other sites do, this site uses a php page to tag you and identify the location of your IP so as to offer woman from your own town. Of course the woman you see are the same whether you are surfing from new Jersey or Afghanistan. The other weird aspect is continued Middle Eastern Harmony as lonely people in the Palestinian Territory, Egypt and Israel rank this site in the top 15,000.

Since I couldn’t break out of this loop by hitting the back button, I shut the browser only to discover a popunder which was not blocked by my pop-up blocker. It took me three tries to shut down tv69.com maybe because it was spawned by each of the sites I entered by use of the backbutton. This site also identified a home town and offered to hook me up with lonely women in my own area. As expected, the site was hosted by CWIE off a Level 3 backbone. This site is ranked in the top 7,500 in the United States, Egypt and Israel.

This chain of sites offers an excellent test area for antispyware programs for several reasons. These are definitely law enforcement sites using the best technology. They are related to sites that offer and steer you to kiddie porn but hey don’t do it themselves nor are there residual images of kiddie porn on your machine so they are all legal (if tasteless). Here is a place to play with the best and not end up in jail while testing your new anti-spy products. Testing reports are at the Tigerstail.

The only thing I can’t tell considering their global popularity is the following:  Are these sites spying on Islamics, Israelis or Domestics? Or do the people at homeland security ignore the differences?

Tying Things Together!

June 23, 2007

One of the items I use to tie porn honeypots to each other is to use their begots. If Youngbabes.com redirects to hotteens.com, they are part of the same group. However on occasion, there are even stronger links involving incestuous shared family relationships.

A close examination of the code of the spawn of youngsex.com and youngbabes.com, shows that Femalesex.com, Naked.com, raunchy.com, and orgie.com all rely on cnomy.com as their Javascript and image server. I mean what the heck, the all look alike except for the name so why not share the code and the main information gathering service.

This observation leads to some very interesting relationships which will be seen in future posts.

Arab Porn and Theocracy!

June 21, 2007

I never did quite get around to saying why I thought that the death penalty was being proposed by Iran for Arabic porn sites and I believe the decision is more political than religious. Consider the American Moral Majority which happens to be Christian. Now the Bible I read had little problem with sex and Jesus got off by forgiving whores for their sins which sounds like an up close and personal decision to me.

Still, when politicians are elected on a Christian platform, they never consider what the Bible says but how it will play in morally repressed Oklahoma where no one actually reads the Bible. The answer is of course ban everything and punish everyone. I can’t imagine that an Islamic Moral Majority is a lot more intelligent.

Now the Koran and their supporting holy books offer far more sexual advice than the bible. They took the “go forth and multiply” command and improved upon it. As a source, I am freely misinterpreting Robert Spenser’s The Truth About Muhammad.

According to Muhammad, a man must do what a man has to do. If you had the prowess of 40 men like he did, than you need a dozen wives which he serviced in rotation. For those who were less than a perfect example for man, you should have consensual sex with as many wives as you could afford (including your children), then plant your seed in slaves and concubines which you don’t have to be responsible for.

The opposition to porn could hardly be a rejection of sex as it would be a rejection of Muhammad’s advice. Besides if infidels or sex slaves were used it simply wouldn’t matter because they are not really human and have been used throughout history. There really can’t be a big difference between porn as a favorite to warm men up for their wives and belly dancing.

It is also not likely to be a prohibition against photography as now any Mullah with more than 40 followers puts his image on a poster, holds a protest and declares himself an Ayatollah. Moreover anybody that can afford a ski mask gets a video camera and kills a Christian contractor for a shot at prime time TV.

Even in a theocracy with politicians pandering to the most ignorant members of society there has to be a more solid Biblical reason than being against sex and/or pictures and to find it, you should look at the most perfect example for all mankind, Muhammad.

He was more concerned with spies, their facilitators and traitors than he was in protecting woman . To the extent that kiddie porn and Arab porn is created by and hosted in America and used to spy on visitors to the sites, they should follow his example. That is assassinate and kill all traitors, spies and facilitators before their honeypots and malware infect too many machines in Iran and steal all the secrets.

This all makes sense in a primitive sort of way. If I were an Arab theocratic politician who had no understanding of the Internet, web hosting or honeypots, it would be simpler to kill all operators of porn site because they might be spies and blame it on ill defined sins.

It works in for politicians in America so it probably will work for politicians in Iran.

The Spawn of YoungBabes & YoungSex

June 19, 2007

When young babes engage in young sex, they produce multiple offsprings which creates more or a spawn than a family. Since apples don’t fall far from tree, the spawn of cop sites are likely to be cop sites. Here is the update of the Law Enforcement Honeypot List

Finally figured out how to update this page easily, so the updates could be more frequent. Bookmark the page if you find it valuable. If nothing else, its a hell of a list of honeypots that might be a challenge to hack.

Domestic Spying – What Do They Find Out?

June 19, 2007

Regular readers already know the answer. First they have my unique machine ID which ties my copy of XP to my machine and my specific hardware. The cookies I have, tie all my session surfing habits to my visit to the honeypot and report my email identities. From my WordPress blog, they can access all of my drafts several days ahead of publication. From my index.dat files, and the lists of most recently used files, they know all the search terms I have visited and from the cache memory they can search for hashed pictures of kiddie porn.

Data Mining Programs allow them to evplore every file on my machine and keystroke loggers allow people to track my activity in real time. They know every site I have been to , how long I stayed, whether I printed anything from it and the number of links I visited. The only way to avoid it is to cleanse every machine after every site visit destroying all cookies before entering the next site. Hardly practical.

My IP address ties me to my ISP who has my credit card, social security number, name, phone, employer and home address. Since they are already in bed with the ISP’s that have Carnivore on them, they can get all those records. With this they can then get credit reports. Hell, they can also Google me under my real name to find all public information.

As I travel and use laptops to enter my admin page, they can find out who’s house I surf from and what machines I’m on. They can track that machine identity to my war driving and theft of service.

Since all Federal agencies are cooperating for “persons of interest”, they can track my every motion when they swipe my passport at customs.

The question is not what they know, but what they don’t know.