Tag Archives: security

The Detection of Promiscuous Network Cards

Back in 2010 I finally finished University. For me, University for some reason wasn’t a choice, but a last resort. After struggling to get through my GCSEs with a head cold, and then fumbling through college (or sixth form as it seems to be called now in the UK) I had a choice to make. I could either try to find a job, or go onto Job Seekers Allowance (JSA).

I got into Teesside University through the clearing process, and just as I had struggled to get into college by having to re-sit my GCSE Maths, I got onto the ladder of University with a Higher National Diploma (HND) in Computing, Software Development. When I finally got around to finishing it, some 4 years later than intended, I was determined to get a degree, only to be told by the University lecturers that they felt I wasn’t a capable C Programmer, even though the undergraduate degree module and course was aimed at people with no prior knowledge.

After Teesside University lost and re-found my grades, I got into another University where I rode the programming and networking train through my Bachelor of Science degree through to Masters of Science.

Sometimes you shouldn’t listen to lecturers, and often the path isn’t easy.

So in 2010 I was meant to publish my dissertation in an article in a journal. If I’m honest with myself, I had anxiety issues, and sometimes I still do. I never published the article and I was pretty burnt out from University. Suffering mostly from what I now recognise as ‘imposter syndrome’. My work was also downgraded because I didn’t discuss the mathematics behind my findings so well, you can perhaps see why I struggled and I blamed myself for that.

Here I’ve been looking through my old hard drives and files, and lo’ and behold I find my 2010 MSc Dissertation, “The Detection of Promiscuous Network Cards”.

You’ll likely have used similar techniques to this in tools such as Nessus, however perhaps not to this extent. There are some good findings in this report, and some details omitted, such as the discovery that the behaviour of promiscuous mode network adapters are changed if you’re running a VMWare Virtual Machine – I still have the stats and evidence of that one somewhere. I was advised not to release that information into my dissertation at the time, VMWare wouldn’t have been happy, apparently.

If you’re interested in some coding (it’s in there too), Z-Statistics of network packets, and also comparisons between Microsoft Windows, Linux and OSX and identifying them on an enterprise network, then you’re in for a treat.

Please do enjoy, finally ‘published’, my report on the Detection of Promiscuous Network Cards.

Skype (in)Security

It had been a long time since there was a security breach on any of my accounts, but it’s now the in-thing for cyber security and it appears to be the Russians or at least someone pretending to be that is leading the charge.

A number of months back my Electronic Arts Origin account was hijacked, I suspect this was through something on the Origin website that just allowed a bypass into the account as I received no notifications aside from when my e-mail address was changed on the account. The bot or person then changed all the details and settings into Russian and did nothing else aside from remove my friends from the friends list. At that time I had very few games on there and no associated details, so I didn’t mind.

Before that happened the only security breach I had was in the days of using ICQ regularly when I was foolish to have the same password for it as I had set for a forum. I learnt then and kept everything separate since.

So wonder be to my surprise when I’m notified that my e-mail address for my Skype account was changed.

“Here we go again”

I’ve used this account for a long time, I haven’t used it on an actual computer for years and it resides on a Skype phone, a DualPhone 3088 now a 4088. Only I use the account and I don’t login to a computer for it, why would I need to? It has an auto renewing, auto filling skype subscription. It solved itself.

This is where it goes sour of course. I had it linked with PayPal. No sooner as I discovered my password had changed on the account and that the e-mail was changed that I checked my PayPal balance and, low, the “Russian” had pulled £90+ in Skype credit, but only onto the phone. Why? I’m not sure, there was a perfectly good subscription there.

So I attempt to recover from this; Skype do not have a phone number you can contact them on. They only have a ‘live chat’ for ‘premium users’, was I a premium user? I have no idea. So I managed to get through to a person whose first language was definitely not English (was it Russian?) who then proceeded to not grasp that the e-mail address on my account had changed and so just resetting my password wasn’t going to cut it.

At this point, might I add, that Skype’s recovery process entirely relies upon the thought that you only ever have one Skype account and that you’re able to access said account to report any problems in the trouble-shooting process before you even get through to an advisor. So I wasn’t a ‘premium user’ on the Skype account I could actually log in with.

While clarifying which account I couldn’t access and trying to get over the language barrier the person in control of my account had spent a further £20 bringing the total to over £100. I’m now thinking that the Russians aren’t entirely bright.

I answer the security questions and attempt to have my account reset, but all the while the advisor can’t confirm to me the e-mail address they’ve set it to, because of “security” and they can’t escalate the request to someone else (or won’t, I’m not sure). So I’m getting pretty frustrated and my “tokens have exceeded the amount given for that e-mail address” to be able to reset my password.

I’m forced to resolve to “contact us again in 24 hours, until then the account is suspended”. My cries of “which account and which e-mail address?” cannot be confirmed, for security reasons.

So, I’m sat here quite fraught with concern and so I decide to contact PayPal. Once logged into my account I find the contact details and there’s a number I can actually call (real people ahoy!) with a verification number so I don’t have to mess about. The menu system uses voice recognition so I don’t have to mess about with the numbers and I find that ‘claims and fraud’ line is only open until 8.30pm – well by now it’s quite late. Crap. So “Okay, let’s think about this another way” I figure. My Skype account was ‘linked’ to PayPal, surely they can severe the link?

Yes. This was the key, I got through to a nice pleasant person who was actually sympathetic, said they were going to severe the link now and push forward to Skype to refund my money. Though, sadly, they stated they couldn’t do a great deal because it was “completed” already. Still, I’m satisfied that the little Russian can’t take my funds any more.

A few hours pass and I get an e-mail through, it’s the password reset token. In Russian, then, in English. The delay only confirms to me that they’re having some great struggle. I can finally get into my account and it’s pre-loaded with £100+ and nothing else appears to be touched and no apparent calls made.

So I’m not entirely sure how they managed to get into my account as it wasn’t a compromise on my computer, I’m pretty certain. Of course my e-mail account is a suspect but it shows no sign of foul access and I go between various phases of obscure methods of security with it. However, while it was nice at the time to have my Skype automatically renew the Skype Pro subscription you can’t get any longer; I’m certainly going to revise the best practices.

Computing is still in its infancy and this was one, far too easy way to access my bank funds indirectly.

Maybe I can call my family in Australia?