Saturday, May 31, 2014

Security: Scam Involving the "assoc" Command on Windows

My dad sent me the following:

Today I received a call from a Mark Atkison. He claims to be with Windows Technical Services, located in (or on) Brainbridge Island, Washington. Phone number 206-201-2413

Mark claims for the last two weeks my computer has been downloading online infections, junk files and miscellaneous viruses. I asked him about my “online ID number” Mark said my “customer license Security Identification number is: 888DCA60-FC0A-11CF-8F0F-[deleted]“. Mark said I could verify this by pressing the Windows key and r at the same time.... That would open a “run box” When the run box opens I was to type ASSOC. When I hit the Windows key + r, I saw a box open with “cmd”... which I figured stands for “command”. If I remember correctly, I erased the “cmd”. I was to type ASSOC. When I did, I saw something come up with “exe”. By the way, when I typed in ASSOC, I would not hit enter. I thought this might be some kink of scam or bull shit. I told Mark I was going to contact my son who is a high end programmer. Mark said I could call him back at the number listed above and refer to, “Docket number Yash 120695”. Mark told me they will show me the error and warning reports they have been receiving from my computer or lap top operating system.

This evening, I looked up Brainbridge Island, Washington... I found there was no Braindridge Island, Washington. There was however a Bainbridge Island, Washington (no “r”). Did I make a mistake? I'm not so sure I did. I had him spell out everything. I did a Google search for the phone number he gave me.... I found the following:

Match Found! We found phone number (206)201-2413

See Full Results

Received a call from (206)201-2413? View the comments below or add a comment of your own for 2062012413. Remember to not reveal personal information. Tell us about 206-201-2413. What time did they call and what was the call about?

Anonymous Monday, 19 May, 2014 15:19
Yes this is a scam call, beware do NOT install anything on your computer. They will records all your personal info

Anonymous Monday, 19 May, 2014 15:12
was this a scam call???

Anonymous Friday, 16 May, 2014 16:00
They told me windows was receiving a virus report on from my computer.

I think my instincts were good and your assessments were right on. Needless to say, I will not be calling Mark.

Best wishes to you and yours,
Dad

Apparently, the assoc command in Windows can be used to change file associations. The attacker could use this to convince you to treat .txt files as .exe files. Then, he could give you an executable that has a .txt extension. You would think it was safe, but when you opened it, it would run the executable, thereby taking over your computer.

At least, that's what I think is going on. I'm not 100% sure. It kind of seems like a like of work for the attacker since it involves him calling people manually.

Friday, May 30, 2014

Being Turing Complete Ain't All That and a Bag of Chips

I was talking to someone the other day. He said that given two Turing Complete programming languages, A and B, if you can write a program in A, you can write a similar program in B. Is that true? I suspect not.

I never took a class on computability theory, but I suspect it only works for a limited subset of programs--ones that only require the features provided by a Turing machine. Let me provide a counterexample. Let's suppose that language A has networking APIs and language B doesn't. Nor does language B have any way to access networking APIs. It's entirely possible for language B to be Turing Complete without actually providing such APIs. In such a case, you can write a program in language A that you can't write in language B.

Of course, I could be completely wrong because I don't even understand the definitions fully. Like I said, I've never studied computability theory.

Friday, May 16, 2014

Raspberry Pi: Building an LED Digital Clock

As I mentioned in a previous post, I really enjoyed reading Programming Raspberry Pi: Getting Started with Python. One of the chapters in the book teaches you how to build an LED digital clock. It took some futzing around, but I finally got it done :)

The first problem I had was that I didn't know how to solder. My buddy Chris Dudte gave me a kit to learn. I watched a bunch of YouTube videos with the kids in my Raspberry Pi class, and then we put the circuit board together. Problem solved.

The next two problems I encountered were with the author's library for talking to the smbus for controlling the LEDs, i2c7segment. One of the problems resulted in my saying quite a few less than charitable words under my breath. The Python code kept giving me the error message "IOError: [Errno 5] Input/output error".

I finally figured it out. On line 42 of i2c7segment.py, the code is hardcoded to use smbus.SMBus(0). However, sometimes you need to use smbus.SMBus(1). You can run "sudo i2cdetect -y 0" and "sudo i2cdetect -y 1" to figure out which bus to use. You should see "70" in one of these two. The hardest part of figuring out this problem was that I thought the software must be correct, and that I must have wired it or soldered it wrong. My guess is that this might be a Raspberry Pi model A vs. model B thing.

To hack around the problem, I edited i2c7segment.py to use bus number 1. A better approach would be to allow the calling code to pass a bus number or to try to autoselect it; however, I didn't bother.

Anyway, I'm super excited that I got the project done, especially considering this is the first time I've ever done something like this. Special thanks to my buddy Chris Dudte for all his support and for giving me a Raspberry Pi in the first place!

Wednesday, May 14, 2014

Best Practices for Software Engineers

As I mentioned in my last blog post, I'm going to be giving my "Best Practices for Software Engineers" talk at both the East Bay Ruby Meetup and at BayPIGgies (the Bay Area Python Interest Group). We're planning on broadcasting the BayPIGgies meeting using a Google+ Hangout on Air. If you're interested, here's the event, and here's the direct YouTube link.

Thanks to @nicholsonjf for setting this up!

Friday, May 02, 2014

Best Practices for Software Engineers

I'm going to be giving my talk "Best Practices for Software Engineers" at two different user groups in May:

Here's the abstract:

Being a software engineer requires a lot more than knowing how to write good code.

This class covers a wide variety of topics such as making code reviews useful and effective, how to deal with team conflicts, networking in real life, and planning for your career. The goal is to help you not only be a solid asset for your team, but also to be the type of software engineer that others really enjoy working with.

I hope to see some of you there!