searchdiscovered.com domain hijacking (eg facebook.com)
There is an obnoxious new(ish) exploit that is going on at the moment, possibly since June 7 2011, maybe earlier.
For instance, you refresh or visit a site such as facebook.com and end up at a site called searchdiscovered.com instead.
These scumbags use a little-known and widely dispersed “feature” of Windows – the domain suffix search list – to hijack other domains for nefarious purposes.
Since most domain names in URLs are not fully qualified (ending with a “.” as in “drbyte.net.”) instead of relative/unqualified (as in “drbyte.net”) this exploit is free to work.
What is happening is this:
The browser initiates a DNS lookup on the name “facebook.com”, but the resolver “helpfully” also appends parts of your own domain name as well. The more subdomains in your default domain, the more queries it “sprays” into the DNS. If that happens to be “sales.yourdomain.com.au” then it will look up “facebook.com.sales.yourdomain.com.au”, “facebook.com.yourdomain.com.au”, “facebook.com.com.au” – and they “trap” you on this last one.
In other words, the resolver searches “up” the DNS tree:
whatyoutyped.sales.yourdomain.name.here
whatyoutyped.yourdomain.name.here
whatyoutyped.name.here
whatyoutyped.here
whatyoutyped
So what these twats are doing is registering (for example) the “com.com.au.” domain, and using it to hijack “.com” domains that are not anchored by a trailing “.”
Detail: If you look up “com.com.au” you get 174.122.148.130/131 (ns1255/6.websitewelcome.com)
You get the same thing for “facebook.com.com.au” and “www.facebook.com.com.au”
They also seem to be targeting the “.net” and “.org” top-level domains, since “.net.com.au” goes to the same place. As does “org.com.au”
All of these are directed to the exploit web server as part of their “counting coup”
However, the NSW government got to “.gov” first 
“.info” also appears safe.
There is a perfectly simple solution: simply block their IP addresses until they move them, or someone takes action against them. In the meantime, consider changing your domain suffix search list as well.
From “control panel” go to the network settings for your adapter, hit the “Advanced” button (even if you’re using DHCP), go to the DNS table and uncheck the box “Append parent suffixes of the primary DNS suffix” and OK out. You may need to add other suffixes that your site needs – but don’t add the root ones such as au, com etc that these scum are exploiting.
Eg, if your domain is sales.company.com.au, you may need company.com.au but should not have com.au or au in the “Append these DNS suffixes” box.
wordpress.com is another potential victim of these scumbags – wordpress.com.com.au has exactly the same entry, although they do have an entry for “org.com.au” they don’t seem to regard wordpress.org as worthy of capture.
I have notified Ausregistry, facebook and Google (yes, they have an entry for google.com.com.au) so it is up to the 300kg gorillas of the internet to stomp on this practice. With luck, Ausregistry will do something about it as well… since they are the ultimate authority in this regard, and can fix the problem with a single stroke by de-registering them.
The UK authorities seem a bit more proactive on this; they have “reserved” these names (ie, com.co.uk, net.co.uk)
Reminds me of the old Verisign wildcard domain problem…
Migrating mail from Outlook Express to Outlook 2007/2010
Ever wanted to migrate your thousands of collected, archived messages from one PC to another – especially Outlook Express to later versions (eg Vista, Win7) Windows Mail or even Office Outlook 2007/2010?
Microsoft seem to have gone out of their way to make this as painful and obscure as possible. There is, however, a way.
A really stupid and backward way.
First, find the folder on the old PC where all the *.dbx files are stored (I won’t go into it, but they’re in a hidden folder in your profile on the old machine – search for them.)
Second, copy that folder to the new machine and set up your Office Outlook 20xx profile while you wait (Server details, credentials, etc.)
Third, illogical as it sounds, set up Windows Live Mail even though you’ll never use it again. Trust me, just do it. Give it your credentials (same as Outlook 20xx), server details etc for the moment (you can always delete the configuration in a few minutes.)
Next, import the messages to Windows Mail with File Open -> Import Mail and point at the directory where you copied all the .dbx files to. Type is obvious: Outlook Express (various OS). Choose “Select folders” (not all) and select the folders required with shift- and/or control-click.
Here is the crazy part – now do an Export, using “Microsoft Exchange” as the type – even though you don’t even have an Exchange server. Again, use shift- and control-click to select only the folders you want from the export.
Now start up Outlook 2010 and Voila! your old mail is there waiting!
Finally, if you’re happy everything worked, de-configure Windows Live Mail and get rid of all the temporary data and folders created to recover the wasted space.
Why make this so obscure? Why not simply code the same .dbx import filter into their fiendishly expensive commercial Office program as exists in the freebie included with Windows? The only reason I can think of is to make a market for conversion utilities and data migration professionals.
I pity the poor users out there trying to work this out for themselves – it should be blindingly obvious how to do this, not an exercise in frustration!
Google Chrome installs per-user not system-wide
What a dumb move! If you have more than one user on your home PC, you end up having to install it multiple times, which is just stupid.
Luckily, there is a way around it. Install it as a Google Pack.
- Uninstall Google Chrome from the username(s) where it is currently installed
- Go to pack.google.com and un-check all but the “Chrome” box
- Download and run “Google Updater” to install Chrome system-wide
- Remember to install the AdBlock extension
- Remember to run the script at http://userstyles.org/styles/39726/google-disable-preview
This last one is important – it gets rid of the extremely annoying pop-up windows on Google search results (the little magnifying glass icons)
The same page has code for Firefox, but it requires GreaseMonkey to be installed first. This alone is a Good and Sufficient Reason to install GreaseMonkey!
Google added this mis-feature last year and made it mandatory. There is no way to turn it off other than scripts that modify the browser. So now we have to run scripts to stop the browser running scripts. If it behaved the way they say (hovering over the magnifying-glass icon) it wouldn’t be so bad – but it doesn’t. If your mouse strays anywhere to the right of a search result, the machine will hang for however long it takes for the “page preview” to download and display… even when you don’t want it (which is all the time.) They are so small as to be useless and illegible. The slower your internet connection, the more obnoxious it is.
Check the feedback on Google’s own forum pages – it’s universally panned.
Silly PuTTY? pscp very slow in some versions
It’s taken me a while to investigate this, but the pathetic transfer speeds I’ve been getting lately really came to a head today, with some downloads from my web server peaking at under 250 KB/sec (that’s KiloBytes) on a GbE network (capable of 100 MB/sec!) Uploads were in the MB/sec range.
Something Had To Be Done.
First of all, the system in question was running a much older OpenSSL than my other systems, so I upgraded that after taking a backup. Amazingly, there was no perceptible difference at all. At least nothing broke
So I hunted around for an older version of PuTTY and tried that.
The difference was nothing short of spectacular. 10 MB/sec!
What is all the fuss about, you ask? Well, this is a mechanism for getting files into and out of a Unix system from a Windoze machine, without having to enter your username and password at all – let alone doing it in plain text.
PuTTY has a key handler that runs in the background, and automagically pushes your credentials to the “other end” and validates with cryptography.
So the next big step was to find out what had changed between 0.56 and 0.60 (the current version.)
I know I have the source for 0.56 around here somewhere, but cannot find it for the life of me. So I Googled for it, of course. As at this time, I still haven’t found the source for 0.56, but I have for 0.54 and 0.57.
So, you ask, what did you find? Well, nothing so far in terms of the source, but I did find something truly bizarre by downloading every version I could get my hands on.
0.54 returned 250 KB/sec (the same as 0.60)
0.56 returned around 10000 KB/sec
0.57 returned 4500 KB/sec
0.58 returned 1500-2000 KB/sec
0.60 returned 200 KB/sec
Now, in the scientific approach, changing only one variable – the PSCP client – and by transferring the exact same file, this clearly points at PuTTY’s pscp.exe as the culprit.
Now, the only questions are WHY, and HOW. Why did it slow down from version to version, and HOW do we restore the “proper” speed?
Easy!
The PuTTY home site has a veiled reference to this that you may or may not find without knowing exactly what you are looking for. From the number of hits in Google complaining about the problem versus the number offering a solution (one, I hope, when GoogleBot comes visiting again…) it would seem that not many people have found it.
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/flow-control-filexfer.html
The upshot is that it is a flow-control issue, and that the “latest development version” of pscp.exe for windows produces transfer speeds in the 10MB/sec range again.
So – if you are experiencing slow downloads with pscp, go to the PuTTY home page and download this updated version!
Rotten apples?
Do you have an Apple iPhone 3 or iphone 3GS that is still running iOS 3? Do you know anyone who does? Think twice before upgrading to iOS4!
It is technically possible to install iOS 4.x on these devices, but you might want to check Apple’s own discussion boards before you jump in with your hands and feet tied.
No, this issue is much bigger than the “poor performance” that almost everyone reports after upgrading. When is a phone not a phone? When you can’t make calls on it!
You see, being Apple – once you upgrade, you can never go back (alright, you can, but it involves some serious voodoo that most people buy iphones to avoid…)
For some months now, the support fora at Apple have been alive with people complaining that their iphone 3rd generation phones have been simply “rebooting” about 4-10 minutes into a call. This has been reported mainly outside the USA, it seems, so the issue “doesn’t exist” as far as Apple are concerned.
There have been many theories suggested, but the one with the most backing is a bug in the handling of the temperature sensor in the battery by MobileSubstrate in v4.x (specifically, mobilewatchdog)
Now, going on the discussion boards and using Occam’s razor, it does appear a logical explanation given Apple’s design philosophy.
1. Lithium batteries can explode if overloaded, or shorted, or overheated.
2. iPhones are powered by Lithium batteries, with thermal sensors
3. Many of the people affected have reported the same errors in their logs: that the battery thermal information is stale
4. Some have taken the issue into their own hands and replaced the battery, making the problem go away.
5. Some have hacked the MobileSubstrate from iOS3 into their upgraded phones, and report that the issue goes away.
6. Some report that holding the phone makes the issue worse, and that using a BT headset reduces it – presumably because the hand keeps the heat bottled up.
The logic is simple: if the phone cannot tell if the battery is overheating, the only safe thing for it to do is crash and reboot in the hope that the sensor will work after a reboot. Either way, it isn’t “safe” to allow high-drain activity (such as a call in a low-signal area) to continue.
The upshot of it is: if you have an older iphone that is still working, and out of warranty – you have been warned – don’t upgrade to v4.x!
If you have a 3rd-gen iphone that is still under warranty, it might be a good time to opt for AppleCare if you plan to upgrade the OS before the phone itself.
While Apple seem to sweep this issue under the carpet, it does appear that their service staff are becoming quite familiar with it (on the QT). Many people report that their phones are being replaced, even out of Warranty, if you make enough noise.
You can find the discussion on Apple’s own support forum on the web, which at time of writing is over 139 pages long with 2070 posts!
http://discussions.apple.com/thread.jspa?threadID=2471090&start=2070&tstart=0
If you have this issue, and Apple (or your reseller) have left you out to dry, there is hope: lifehacker has posted a method to revert your phone back to iOS 3 here
http://lifehacker.com/5572003/how-to-downgrade-your-iphone-3g%5Bs%5D-from-ios-4-to-ios-313
Precis: don’t upgrade your iphone 3 (or 3GS) from iOS 3.x unless you are under warranty, AppleCare, or believe you can get it replaced if you are affected by this problem.
Yes, it has cropped up in Australia, though many reports are from Europe.
Of Mice and Men (and batteries)
Ever notice how your mouse battery goes from “Good” to “Critical” without going through “48 hours battery life left – time to buy new batteries”? It happened to me.
That’s when you find that your Wife/Son/Daughter has used the last of the batteries for their spare camera flash, flashlight, or some other sundry non-critical device, and you put 8 of them in your telescope, which is packed away behind the detritus of Christmas cleaning, and it’s raining and the wife has the car.
So I have a Logitech mouse, it has all of the buttons(5), scroll wheel which also does cool left and right tilt (great for games, and extraordinarily wide spreadsheets), but with all of this capability, it only knows “Full” and “Nearly Empty”. I know, I’ve tried.
Still. It’s better than the Microsoft Wireless mouse it replaced.
So speaking of mice, There’s a Japanese scientist, who has bred a singing mouse, as part of an evolutionary research project. His dream, believe it or not is to breed a Mickey Mouse.
Yes.
They claim it’s part of a study on how language evolved. Whereas I see them getting out in the wild. Then watch out.
Imagine intelligent mice working together, teaching by passing down knowledge.
They breed faster than humans.
Now imagine them working together for a common goal.
Planet of the Apes? Nope.
Planet of the Mice.
It was when I was writing an email about this concept that my mouse battery went critical.
Oddly spooky.
Mobile Madness
In an effort to get some respectable data connections on my shiny, if not so new HTC Desire, I have recently ported my number to Telstra on the Business PLUS plan.
Since I make few calls (they are mainly incoming), and don’t use a hell of a lot of data either, there was no point going for a new phone/contract bundle on an expensive long-term plan. 30 minutes and 500MB per month would do me fine.
Please, don’t get me started on the “$35 gets you $400 of value” rubbish that the telcos spout. $35 get you $35 or less of value. Usually much less. With extortionate per-minute (or part thereof) charges, ridiculous flag-fall charges, and probably “having your phone turned on” charges.
If you spend the time to actually parse the near-impenetrable mass of conditions, footnotes, and extra hidden charges, most phone plans are nothing short of usury.
I applaud Telstra for finally coming to the party with some decent plans, and for being reasonably transparent about the hooks and gotchas.
The Telstra pre-paid Long Life plans looked pretty good for a while; decent call rates, 12 months to use the time, and data packs available at $10/200M and $20/1G. For me, that could have cost as little as $100 plus 12 x $10 for the data, per annum. A real hassle having to juggle the separate plans though.
The Casual (SIM only) plan also looked a little inviting; for $20, about 20 minutes of calls, and more invitingly, $10 gets you 1GB of data, so that was my “benchmark,” since I could just about live with that.
However, the plan I went with (since I have an ABN) is even better.
Business PLUS @ $35/month has 30c/30 second calls, which amounts to 1c per second, since they charge by the second (a very rare thing for a Telco!), meaning that a 4 second call “I’m on my way” costs 4c, not rounded up to 30 or 60 seconds…
“but wait,” you say, “what about flagfall?” On this plan, you can choose a bonus. The one I chose eliminates flag-fall (an insidious charge, born of the introduction of “competition” in the phone market.). It also eliminates the retrieval charges for Voicemail.
The BMplus plan also comes with a (small) data plan. In the case of the $35 plan, it’s 100MB. That’s enough for a few emails and a few maps while you walk around. If you need more, you’ll need a ‘data pack’ which will add significantly to the cost.
$10/150M extra is a pretty poor deal in this case, bringing the cost up to $45 per month, without the extra benefits of the higher plan (which happens to include 600M at this point.)
However – the sweet part of the deal is that if you sign up for 24 months, there is a $10 bonus on this plan that you can use for your MRO (handset repayments) or other services… such as, for example, your data pack
So the upshot of all of this, is that for $2 more than I was paying before, I now have:
- The same coverage, without roaming
- The network won’t be demolished in 11 months
- Data coverage everywhere, without any (extortionate!) roaming charges
- 3500 seconds of calls per month
- 1.1G of data per month
- Over-quota data comes out of spare “call” credits first, then your pocket.
- Completely free voicemail (deposit, call, and retrieval)
- No flag-fall charges
Works for me!
However, you have to go through a few hoops for this; the shopfront computers can’t add the “Consumer $10/1G” data pack to a Business PLUS plan, but you CAN do it for yourself at m.bigpond.com from the handset
So why did I need to change carriers? It’s a long story. Precis version:
Telstra were slow to join the 3G race, so they bought into Hutchison/3 as 50/50 partners in a joint venture called 3GIS. This is the metropolitan 2100Mhz UMTS network.
They then turned off their CDMA network and re-used the spectrum to roll out 850Mhz UMTS.
Last year, Telstra got rather upset with Hutchison for merging with Vodafone, and late last year announced that the “joint-owned” network would be dismantled and divided up between the joint-venture partners.
VHA (the new joint venture – are you keeping up?) was never going to get any help from Telstra, nor any of my clientele if I could help it. Especially since I’d just invested in a new ‘phone to support the (then) recently announced ability for “3″ customers to roam onto the 850Mhz Telstra network – only to have it pulled before I’d even gotten used to the new phone! Voda use 900Mhz UMTS, which my phone won’t speak, even if I wanted their service.
So, faced with a great phone, a poor network, and expectations that it would get much worse before it got any better (if ever), it was time to look into options. By sheer luck, the big “T” had just revised all their personal and business plans, and had a few that were not-entirely-unacceptable.
(Aside: through the VHA merger, Voda gets access to the 850MHz spectrum owned by Hutchison, so they’re rolling out “infill” coverage in the same band as NextG – but it is only infill, with their primary coverage in the 2100/900 bands. A pity that most of their customers have 900/2100 phones… with the glaring exception of the latest iPhones)
With some finessing, and not a little gnashing of teeth on long “support” calls to Telstra (over nine forwards, on increasingly shocking connections, talking to people with no clue) all signs are looking promising; after an SMS today, it does appear that the promised deal above is in fact active.
I’ve had some very good, and some pretty shocking data connections while testing the “Big T’s” data network – but while slow at times, it doesn’t simply stop and hang up like 3′s did. Weather radar might take 5-10 seconds or 1-2, but never four minutes.
The one-off “best case” data speed from Three was about 2.7Mbps down, and 1.4Mbps up, but typically more like 0.4 in each direction, with cases as low as 40kbps. Yes, slower than dial-up.
I’ve used a pretty nasty chunk of my Telstra quota testing them and my handset, and the results are usually substantially higher; there have been a few 0.4M results, and even one 60k result… but the indefinite hangs are few and far between. 2.5-3.5Mbps are the new baseline, with 1.5Mbps not unknown.
I’d do more testing, but I’d rather get on with actually using the phone for what I bought it for!
The mysterious glowing light
Took the dogs to a local oval this afternoon (between storms) and because it was fairly dark, I could just see a little light on the front of my car. Very odd. At first, I thought the parking lights were on, but no. A quick check of the dash proved that wrong.
Ok, time for a closer look. I’d never noticed, but the “High Beam” lights on my E46 BMW actually have two globes. I’d always assumed the “parking lights” were just the high-beams on very low power, so I had no idea what this second globe at the top was, nor why only the left one was on!
I did a quick Google while the dogs ran around, but clearly this wasn’t going to be answered soon. Before long the rain came back, so we all pootled back home for a serious web search, and an attempt to reproduce the issue.
A good few minutes and many useless web pages later, I found an online copy of the user’s manual and checked that. Aha! So it was the parking light after all… but still no explanation why only one was on.
Then, a few entries later, I hit paydirt. Oh no. A common fault, requiring a new lighting control module. Unless that is, you had the lights off and the turn indicator control latched on.
Sure enough, when I tried this in the garage, I could reproduce the exact same behaviour in the right-hand parking light.
It’s not a bug, it’s a feature!