Ping FTR: Mebromi BIOS Virus Out in the Wild

[Dustin]

~BD~ <~BD~@nomail.afraid.org> wrote in news:j75tbq$sa0$1@dont-email.me:

> What on earth makes you think I was trying to crash your mail client?

For some reason, my client really doesn't like that jpeg. I've examined the
file itself and can't find anything amiss with it.. Perhaps it's the size
of it? a funky meta tag or something else. I really don't know. I keep
getting a memory error; so I know it's inside the rendering module.

The result is a crash every single time I clicked on it. So, I resorted to
dumping your email as a raw data package. Then, I manually extracted the
base64 encoded item with a very old tool I wrote in the 90s.. lol..

Once extracted, I ran it thru a command line base encode/decoder I've got
laying around.. That turned it into a jpeg.

> I sent you an email with a jpeg attachment. I have no idea why you claim
> it was corrupted - it looks fine here on my iMac.

I've found the corruption issue. Most programs which render it probably
wouldn't care, but this particular jpeg header isn't completely valid.

Pegasus rendering engine takes the header information completely literally.
I'll check to see if this has been taken care of in a later version of my
email client.

> Send it back, so I can see what you mean about 'corruption'.

What would that do? Oh wait, It would provide you with my networks IP
address. What sort of an idiot do you take me for, David?

>> I checked out the jpeg you sent me. Allow me to put your and tony's
>> notions to rest. Malwarebytes *KNEW* prior to hiring me of my past. I
>> didn't hide who I was from anybody since releasing BugHunter, which is
>> what got me the job. Lets see here.. Oh yea, I didn't have questionable
>> ethics or an objectionable personality. I got along fine with my peers.
>>
>> You idiots want to keep guessing?
>
> No. I accept what you say!

That's because YOU messed up and gave yourself little wiggle room.

> I still do not recollect saying that, nor can find a relevant MID, which
> substantiates your claim that I've ever said that Malwarebytes fired
> you.

You've stated on numerous occasions that you had an inside source who told
you Malwarebytes had some sort of problem with me and let me go as a
result. That isn't what you were told, based on this jpeg. Does Tony know
you broke his confidence and sent this correspondence to me?

You implied I had been fired or dismissed. You think you're careful not to
libel a person when you do that, but you aren't as sneaky as you seem to
think you are.

> You read bad things into what was discussed when they aren't really
> there. However, you cannot dispute that the words used in connection
> with David Lipman were these "..., but they had to let him go .."

I didn't read into anything. I remember what you stated here on numerous
occasions. I remember defending myself against your accusations. I remember
you asking me on several occasions to dispute the idea I had been let
go/fired/dismissed and tell you what happened.

At one point, G. Morgan even joined in, saying Malwarebytes and myself
wouldn't ever say what took place; We'd use the NDA to keep it internal.

Do you have selective memory loss David?

> Tony did *not* say that about you.

Tony said Malwarebytes may have let me go due to the following issues:

1) My past activities as a VXer; you provided Tony with this information
which led to his conclusion. Until you went out of your way to mention it
as part of your effort to extract information on me. I don't hangout on
social sites like facebook, myspace, twitter, linkedin etc, so, you're
having a very difficult time finding much information about me. You have
nothing to use for leverage to try and force me to help you seek revenge
upon Peter Foldes.

2) I might have questionable ethics, which would have been bad for the
company.

3) I might not get along well with my peers and other co workers.

None of that is true. Not a single bit of it.

You aren't the truth telling saint you want others to think you are. We
both know that, don't we. [g]


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

Gramsterdam <sealteam6@osama-is-dead.net> wrote in
newsplc97t6m2vvsmdieak8qoe1bs6g17ik2j@Osama-is-dead.net:

> In this case, your "morals and ethics" are in conflict with the #1 rule
> in business, to make a profit.

I'm a poor business person. Money isn't a driving force to me and it never
will be. I struggle just as others do, perhaps more, perhaps less.

> Always take the money, unless it is an established repeat customer. In
> a way, you devalued your services in her mind by NOT charging anything.

My take on this is the opposite. In my mind, I'm thinking-- because I
didn't charge her for something silly, she might call me when she does need
real help. I just don't feel right charging for something that took no
effort or real time on my part.

> In cases like that, I charge for a "service call", $60. I stay an hour
> or so to check for updates, AV/antiMW, backups, crap software removal,
> and file organization. Oh, and physical blow-out of dust if needed.
> Then I put a sticker on the case with my phone number!

Her computer was brand new, less than two weeks old. AV was up to date,
firewall was online. printer prints, sound works, internet operational.
Quick lookover completed.

I didn't do a thorough analysis as the description of the problem once
power restored no longer matched. I didn't want to waste any more of my
time. I've been very busy with other tasks.

If I'd noticed anything amiss over a quick lookover, I would have dedicated
more time and thus charged her my standard rates. The quick lookover didn't
yield anything tho.

> BTW: The $60 gets rolled into the final bill as less if they let me take
> it back to the bench to do the rest of the work. That way, you can work

I credit them partially if I take the machine with me back to the lab.

> the PC), and that's time wasted in the field. A couple of monitors and
> KVM switches come in handy on the bench. Then I go check on them every
> hour or so to see who's ready for the next task.

That and a good network to assist you. Provide music, internet, tools and
research options for the real big problems you run into.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

~BD~ <~BD~@nomail.afraid.org> wrote in news:j75vij$6ji$1@dont-email.me:


> Dustin has advised us that he has recently become a relatively rich
> young man and he can now afford to act charitably as he described above.

It has nothing to do with my financial situation. I've been that way since I
was a little kid. I've always followed those principles as a professional.
It's not acting charitably; as I've learned that tends to piss people off.

The majority of people I encounter aren't looking for a hand out.

> without charge! It's nice, though, when they sometimes reward me with a
> decent bottle of whisky! ;-)

They reward me with a huge smile on their face when the computer comes back
to life and they didn't lose the grandkids photos.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

~BD~ <~BD~@nomail.afraid.org> wrote in news:j75ur7$3ls$1@dont-email.me:

> If you want to check for yourself exactly what transpired, respond to me
> in a civil manner by email. I'll consider providing you with my Username
> and password so you can look for yourself at Wilders. (You will probably
> say that is unethical! <beg>)

You're going to dictate to me the terms in which I email you? Really now...
You must have balls the size of grapefruits.

> OK - I believe you.

Why do I get the feeling you'll be implying I was let go again next week...

> Most folk in business cannot take such a stance.

I'm not greedy. I'm not out to become rich off the misery of others. If I
got food in my belly, a roof over my head, a running van, some fun stuff.
I'm a happy camper.

I told you, You don't know me. I run my computer business part time;
When I feel like doing it, I maintain a select clientel; I'm not cheap, but
i'm not the most expensive either. These people can call me at 2am and I'll
come help them out, but I do charge for that and they realize this.

As I'm picky on the jobs and clients I'll take, I don't have enough to run
fulltime and be able to provide payroll, etc. If I was willing to deal with
anybody, I could easily provide myself fulltime work.

Those aren't the kinds of customers I want to deal with tho. I had to do
that when I worked fulltime for another computer store for a decade. They'd
work on anybodies stuff, pir8 software, pir8 music.. whatever the customer
had, we'd try to preserve even tho we shouldn't have.

I won't deal with shady customers. it's just not worth it. They'll expect
freebies, blame things unrelated to what you did on you, so they can get
free work out of you, etc. I know all their dirty tricks and I won't have
it anymore. W

This is my business, so I can pick and choose the jobs now. and I do.

I prefer to earn a steady paycheck and being your own boss doesn't always
afford that under the conditions in which I choose to run.

> I expect the stress and strain took it's toll.

It wasn't an 8hour mon-fri kind of Job, David. We'd never get any work done
if we stuck to that.

> Why not just give a simple and honest answer? I really do not understand
> your need to complicate matters, Dustin.

It's none of your business. I really don't understand your "need" to know
my personal employment history, where I live, my phone number or anything
else.

> I've never been involved in 'pir8ting'!

Didn't you post a link to a site containing a private copyrighted picture
despite being told by the copyright holder not to share the url nor the
picture? What do you suppose pir8ting is, David?

Lying doesn't do you any good, mr saint.

>> Tony and yourself speculated about me, You brought up my past
>> activities, because *I* chose to fully disclose who I was and what I
>> was up to. I *never* really had to do that. Prior to you telling him,
>> He didn't even know anything about it. Hmm..
>
> Ah!
>
> You are not as well known in security circles as you thought, eh?!! ;-)

You have it assbackwards. Tony isn't as well known as you indicated. Let me
remind you, I worked for an antimalware company. I was on the battle field.

Tony is an outsider, has always been an outsider, and likely will remain an
outsider. I am well known by handle raid and real name in the security
circles and I have been for well over a decade.

The fact Tony had no clue until you told him indicates he hasn't been in
the security industry that long. (BIG ****ING GRIN). So yes, you've got it
completely assbackwards.

He's just above you in the totem pole, since you wanted to compare.

> You know in your heart that BD has never wanted to 'cause misery' to
> anyone, Dustin. Some here (on SE anyway) have had ... ummm ... 'reason
> to fear' law enforcement agencies, of various kinds - quite the opposite
> of me. In fact, at times in my past I *was* the law! :-)

Your stupidity doesn't allow you to fear, which is frightening. Sad as
well.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Dustin]

"FromTheRafters" <erratic.howard@gmail.com> wrote in
news:j74o6f$62t$1@dont-email.me:

> I was looking at it more from a computer science angle. If the
> persistence module contains the modified MBR code (and overwrites the
> MBR if it is found to be unmodfied), and the MBR supports the agent, and
> the agent (perhaps through a network resource) can detect that the BIOS
> has been unmodified (flashed without the LoJack code) and it can reflash
> the BIOS, it appears to me that it qualifies as a virus.

You're mistaken. Lojack is a trojan with persistance. The "modified" mbr
will not seek out an unmodified mbr and infect it. The persistance program
will replace the master MBR if it finds someone has replaced it with an
original. It's to keep persistance only. No "infection" is taking place.
the modified mbr isn't infectious.

> The computer science virus definition makes no restriction on how the
> process plays out, only the result is important. Mebromi doesn't have
> that two-way guardian aspect - it only flashes the BIOS during the
> installation and it is thereafter un-guarded. So Lojack comes closer,
> and in fact may even qualify as a virus.

No, it doesn't. You need to re-read the definition. Lojack has a series of
executables (seperate programs) which when all properly installed, protect
it. They don't infect other files, it doesn't "spread" to other programs or
computers. It's NOT a virus.

>> I would be inclined to agree. However, the viral code must replicate.
>> Persistance alone doesn't qualify.
>
> Right, but do you see where I'm coming from where viral code is the
> means for the implementation of the persistence? Two "programs"
> (BIOS routine, MBR/code in partiton gaps/agent/network) that

It's not viral. It's simply staying resident via modules that keep an eye
on each other and replace modifications made by the user with themselves.
They don't attach to other programs, send outbound emails, or try to infect
another host in any way shape or form. They process one aspect of the
machine they're installed on and thats it.

nothing viral is going on. The lojacked mbr isn't infected and it wont
replciate its code to other mbrs. if I insert a floppy, lojack isn't going
to put its presence on it. A real virus would jump at the chance.

> sneakernet vector for BIOS and harddrives) which isn't really a
> requirement for a virus in the comp-sci arena - it is only required
> that it doesn't overwrite its parent.

A virus may overwrite its parent. We call that an overwriter. it doesn't
preserve the host. Most other viruses, appending, prepending, and cavity
infection infect the host, but either restore it on disk prior to executing
or do so in memory, so that the host runs. A companion virus never actually
modifies it's host, it takes advantage of the system executing files in a
specific order, based on extension. but, it still replicates itself under
new filenames. it IS a virus.

Replication is a requirement in stone for it to be a virus. Simply ensuring
persistance in specific areas is not viral, that IS trojan behavior only.


> It's not a file infecting virus, but it does infect PE files according
> to the write-up. The infection is not aimed at replication, but is only
> a means of attaching to the startup axis without using the registry I
> think.

Nope, it doesn't infect them. They aren't going to spread the code to other
executables when run. They will ensure the trojans persistance.

> Yes, so I take it you refuse to adopt the idea that "infection" can be
> used to mean that particular type of file modification even if it is not
> viral?

As the entire premise for a virus requires infection which results in
replication of the virus, obviously I'm not going to adopt a new idea that
seems to confuse the issue. I mean, seriously; You just wrote that a virus
cant overwrite the host, but they most assuredly can.

> BTW, I found this about droppers, it appears that I have used older
> terminology than you have on this one.
>
> "A Dropper is a standalone program that drops a virus to a system.
> Usually a dropper for a file virus is a very small program (a few bytes)
> infected by a virus.

Yes.

> A dropper for a boot virus is usually a program that writes the image
> of a boot sector virus stored inside it to a hard or floppy drive.

Yes. and when that image is later executed, it will spread the virus to
other hard disks on the machine, and maybe even other floppies the machine
reads.

> payload is installing a virus infection. A dropper which installs a
> virus only in memory (without infecting anything on the disk) is
> sometimes called an "injector"."

Yes.

> http://stason.org/TULARC/security/co...is-a-dropper-C
> omputer-virus.html
>
> They seem to agree with my view that a zeroth iteration virus is
> actually a dropper.

It's a 1stgen run, but it's technically viral as it will replicate.

In the industry and in the scene, to distinguish from trojan dropper, we
call it a 1stgen sample. It's the 1stgeneration of the virus code after
compilation and/or assembly. It's the most virgin state of the virus,
before it's attached to other code.


--
I am a sinner
Hold my prayers upto the sun
I am a sinner
Heaven's closed for what I've done.

[Bear Bottoms]

~BD~ <~BD~@nomail.afraid.org> wrote in news:j77ikg$d7i$2@dont-email.me:

> Bear Bottoms wrote:
>> ~BD~<~BD~@nomail.afraid.org> wrote in news:j71d9r$t8f$1@dont-email.me:
>>
>>> ~BD~ wrote:
>>> [....]
>>>
>>>> I'll see if I can find anything regarding TechAngel on WayBack Machine.
>>>> It was a great place to play that I found on the Annexcafe User2User
>>>> web site when I first went there some five years ago.
>>>
>>> No success as yet, but she did exist!
>>>
>>> http://www.google.co.uk/search?clien...chAngel%22+%3C
>>> NoAsk@NoTell.com%3E&ie=UTF-8&oe=UTF-8&redir_esc=&ei=9jeUTtiEOcSW8QOFqvj3B
>>> g
>>
>> What account name and pass?
>>
>
> BoaterDave 063561
>
> HTH

Is this a trick to get my IP address? Someone else advise.

--
Bear Bottoms, security consultant
http://bearware.info

[FromTheRafters]

"Bear Bottoms" <bearbottoms1@gmai.com> wrote in message
news:Xns9F7E8C774430Cbearbottoms1gmaicom@130.225.2 54.104...
> ~BD~ <~BD~@nomail.afraid.org> wrote in news:j77ikg$d7i$2@dont-email.me:
>
>> Bear Bottoms wrote:
>>> ~BD~<~BD~@nomail.afraid.org> wrote in news:j71d9r$t8f$1@dont-email.me:
>>>
>>>> ~BD~ wrote:
>>>> [....]
>>>>
>>>>> I'll see if I can find anything regarding TechAngel on WayBack Machine.
>>>>> It was a great place to play that I found on the Annexcafe User2User
>>>>> web site when I first went there some five years ago.
>>>>
>>>> No success as yet, but she did exist!
>>>>
>>>> http://www.google.co.uk/search?clien...chAngel%22+%3C
>>>> NoAsk@NoTell.com%3E&ie=UTF-8&oe=UTF-8&redir_esc=&ei=9jeUTtiEOcSW8QOFqvj3B
>>>> g
>>>
>>> What account name and pass?
>>>
>>
>> BoaterDave 063561
>>
>> HTH
>
> Is this a trick to get my IP address? Someone else advise.

I don't think so, it would be Google that gets your IP address. I think that
BD giving someone else his account and password might be against
the terms of service that he agreed to when he signed up though.

Now, *anybody* can abuse his account.

[FromTheRafters]

"Dustin" <bughunter.dustin@gmail.com> wrote in message
news:Xns9F7DE7B32116EHHI2948AJD832@no...
> "FromTheRafters" <erratic.howard@gmail.com> wrote in
> news:j74o6f$62t$1@dont-email.me:
>
>> I was looking at it more from a computer science angle. If the
>> persistence module contains the modified MBR code (and overwrites the
>> MBR if it is found to be unmodfied), and the MBR supports the agent, and
>> the agent (perhaps through a network resource) can detect that the BIOS
>> has been unmodified (flashed without the LoJack code) and it can reflash
>> the BIOS, it appears to me that it qualifies as a virus.
>
> You're mistaken. Lojack is a trojan with persistance. The "modified" mbr
> will not seek out an unmodified mbr and infect it.

That's not strictly necessary under the virus definition I'm using.

Batman186 (batchfile) didn't seek out batchfiles to infect either, it sought
out and infected comfiles which in turn sought out and infected batchfiles.
It still was a virus nonetheless.

> The persistance program
> will replace the master MBR if it finds someone has replaced it with an
> original. It's to keep persistance only. No "infection" is taking place.
> the modified mbr isn't infectious.

I agree, but the definition I'm using is the most basic mathematical one.
Then, I am seeing how many other aspects of the more modern definition
are also complied with.

Basically, a computer virus is a set of symbols on a Turing Machine's tape
which when processed by the machine (as it will do when it reads the
starting symbol in its starting state) according to its set of states and
instructions, results in the writing to the tape another instance of that set
of symbols in a manner not overlapping the first. This last part is necessary
for there to be now a minimum of *two* such sets of symbols. Otherwise, it
would be a rabbit, which is like a virus except it that removes its parent.

As an added note, if such a set of symbols, as a last step, causes the
placement of the read head over the starting symbol of the newly created
set of symbols and sets the machine to the starting state, it is a worm.

That is where the "all worms are viruses" idea comes from - a worm is
a virus plus this function. It creates the copy *and* executes it.

>> The computer science virus definition makes no restriction on how the
>> process plays out, only the result is important. Mebromi doesn't have
>> that two-way guardian aspect - it only flashes the BIOS during the
>> installation and it is thereafter un-guarded. So Lojack comes closer,
>> and in fact may even qualify as a virus.
>
> No, it doesn't. You need to re-read the definition. Lojack has a series of
> executables (seperate programs) which when all properly installed, protect
> it. They don't infect other files, it doesn't "spread" to other programs or
> computers. It's NOT a virus.

The virus definition I'm starting with has no conception of infection nor even
programs or files. Moving from that definition to the more modern malware
related definition still does not require files. The overwiting of both BIOS and
MBR are not related to files, but they *are* programs and overwriting is still
a form of infection.

If you have a LoJacked computer, and you remove the BIOS chip and
replace it with a new one, will the software on the harddrive detect the now
pristine BIOS code and overwrite (flash) it with code that supports LoJack?

If you take that LoJacked chip and place it in another nearly identical
computer with a pristine harddrive, will the BIOS routine detect that
the MBR is pristine and overwrite the MBR and install the agent?

If you remove the harddrive from a LoJacked computer and swap it into
another nearly identical computer, would the MBR and agent software
detect that the BIOS was pristine and overwrite (flash) it in a similar
manner to the above?

>>> I would be inclined to agree. However, the viral code must replicate.
>>> Persistance alone doesn't qualify.
>>
>> Right, but do you see where I'm coming from where viral code is the
>> means for the implementation of the persistence? Two "programs"
>> (BIOS routine, MBR/code in partiton gaps/agent/network) that
>
> It's not viral. It's simply staying resident via modules that keep an eye
> on each other and replace modifications made by the user with themselves.

Aha!

The same could be said of Batman186. If you repair or replace an infected
comfile, the next time an infected batchfile was executed it would re-infect
the comfile. If you repaired or replaced an infected batchfile, the next time
and infected comfile was executed, it would re-infect the batfile.

*Together* they are a virus.

> They don't attach to other programs,

Perhaps only because they are not exposed to more than one BIOS or
MBR per machine, and users aren't in the habit of transporting the
modified BIOS or MBR (harddrives) to other machines.

> send outbound emails, or try to infect
> another host in any way shape or form.

Not strictly necessary for a virus by the basic definition, but by adding that
stipulation it still seems to qualify if the modified BIOS code causes the
software on the harddrive to write that same BIOS code back to the BIOS
chip (or another BIOS chip if it ever finds that it has access to one).

> They process one aspect of the
> machine they're installed on and thats it.

That may be true, and it would require that the LoJack software on the
harddrive be able to tell if it is on a different machine from the one that
it was originally installed on. This makes it 'not a virus' by the modern
definitions, but not by the more basic one. This is why I said it only comes
close by the modern standards, but may qualify by the more basic one.

> nothing viral is going on. The lojacked mbr isn't infected and it wont
> replciate its code to other mbrs. if I insert a floppy, lojack isn't going
> to put its presence on it. A real virus would jump at the chance.

Yes, a *real* virus by the modern standard used in the malware arena.
The *other* definition doesn't require infection, the symbols are just
written there leaving the chance that the machine may read the starting
symbol while in the starting state and repeat the process.

>> sneakernet vector for BIOS and harddrives) which isn't really a
>> requirement for a virus in the comp-sci arena - it is only required
>> that it doesn't overwrite its parent.
>
> A virus may overwrite its parent. We call that an overwriter.

No, it overwrites its new *host* with itself. It is the parent that is doing
the writing and it doesn't corrupt itself while writing its progeny. If it
did, there would exist only one copy (the newly written one) as the
original (parent) would be damaged.

> it doesn't preserve the host. Most other viruses, appending, prepending,
> and cavity infection infect the host, but either restore it on disk prior to
> executing or do so in memory, so that the host runs. A companion virus
> never actually modifies it's host, it takes advantage of the system
> executing files in a specific order, based on extension. but, it still
> replicates
> itself under new filenames. it IS a virus.
>
> Replication is a requirement in stone for it to be a virus. Simply ensuring
> persistance in specific areas is not viral, that IS trojan behavior only.

Unless it implements that persistence by being a virus as I suggested.
The viral activity being the means of the guardianship in the back-and-
forth manner similar to batman186.

>> It's not a file infecting virus, but it does infect PE files according
>> to the write-up. The infection is not aimed at replication, but is only
>> a means of attaching to the startup axis without using the registry I
>> think.
>
> Nope, it doesn't infect them. They aren't going to spread the code to other
> executables when run. They will ensure the trojans persistance.
>
>> Yes, so I take it you refuse to adopt the idea that "infection" can be
>> used to mean that particular type of file modification even if it is not
>> viral?
>
> As the entire premise for a virus requires infection which results in
> replication of the virus, obviously I'm not going to adopt a new idea that
> seems to confuse the issue. I mean, seriously; You just wrote that a virus
> cant overwrite the host, but they most assuredly can.

That's not what I wrote, and I distinctly mentioned the comp-sci virus
definition as opposed to the modern one used in the malware arena.
In that definition *infection* is not a requirement, but I still hold that
the ability of the firmware to overwrite the MBR and the software's
ability to overwrite the firmware constitutes infection on both counts
and there is no stipulation against a network being involved as a
source for symbols.

I wrote that a virus cannot overwrite its *parent* - that is its *old* host
must still contain a working copy of the viral function - otherwise you
don't have one occurrence becoming two occurrences which is the
replication that is necessary for being a virus. If it obliterates its parent,
and only makes one copy of itself, it is not a virus despite the fact that
it copied itself to another spot on the tape. That is more rabbit-like.

If it copied itself to two different spots, and obliterated its parent, it
would still qualify in my estimation, but that's not how that definition
was written. At a minimum, it must make one additional copy while
preserving the parent copy.

I'm only saying that it may qualify under that mathematical definition
and that it comes closer to satisfying even the more modern definition
than does Mebromi which doesn't have any BIOS flashing function
being replicated - it is purely a trojan BIOS flashing function.

[...]

[Bear Bottoms]

"FromTheRafters" <erratic.howard@gmail.com> wrote in
news:j79d43$emm$1@dont-email.me:
>
> "Bear Bottoms" <bearbottoms1@gmai.com> wrote in message
> news:Xns9F7E8C774430Cbearbottoms1gmaicom@130.225.2 54.104...
>> ~BD~ <~BD~@nomail.afraid.org> wrote in news:j77ikg$d7i$2@dont-email.me:
>>
>>> Bear Bottoms wrote:
>>>> ~BD~<~BD~@nomail.afraid.org> wrote in
>>>> news:j71d9r$t8f$1@dont-email.me:
>>>>
>>>>> ~BD~ wrote:
>>>>> [....]
>>>>>
>>>>>> I'll see if I can find anything regarding TechAngel on WayBack
>>>>>> Machine. It was a great place to play that I found on the Annexcafe
>>>>>> User2User web site when I first went there some five years ago.
>>>>>
>>>>> No success as yet, but she did exist!
>>>>>
>>>>> http://www.google.co.uk/search?clien...i&rls=en&q=%22
>>>>> TechAngel%22+%3CNoAsk@NoTell.com%3E&ie=UTF-8&oe=UTF-8&redir_esc=&
>>>>> ei=9jeUTtiEOcSW8QOFqvj3Bg
>>>>
>>>> What account name and pass?
>>>>
>>>
>>> BoaterDave 063561
>>>
>>> HTH
>>
>> Is this a trick to get my IP address? Someone else advise.
>
> I don't think so, it would be Google that gets your IP address. I think
> that BD giving someone else his account and password might be against
> the terms of service that he agreed to when he signed up though.
>
> Now, *anybody* can abuse his account.

Don't be fooled. He's probably feigning to draw you onto his message board
and then he will read your browser and PC info. http://ip-check.info/
http://anonymous-proxy-servers.net/e...rity_test.html Some of my
customers get scammed like this.

--
Bear Bottoms, security consultant
http://bearware.info

[FromTheRafters]

"Bear Bottoms" <bearbottoms1@gmai.com> wrote in message
news:Xns9F7EA16CDCC14bearbottoms1gmaicom@130.225.2 54.104...
> "FromTheRafters" <erratic.howard@gmail.com> wrote in
> news:j79d43$emm$1@dont-email.me:
>>
>> "Bear Bottoms" <bearbottoms1@gmai.com> wrote in message
>> news:Xns9F7E8C774430Cbearbottoms1gmaicom@130.225.2 54.104...
>>> ~BD~ <~BD~@nomail.afraid.org> wrote in news:j77ikg$d7i$2@dont-email.me:
>>>
>>>> Bear Bottoms wrote:
>>>>> ~BD~<~BD~@nomail.afraid.org> wrote in
>>>>> news:j71d9r$t8f$1@dont-email.me:
>>>>>
>>>>>> ~BD~ wrote:
>>>>>> [....]
>>>>>>
>>>>>>> I'll see if I can find anything regarding TechAngel on WayBack
>>>>>>> Machine. It was a great place to play that I found on the Annexcafe
>>>>>>> User2User web site when I first went there some five years ago.
>>>>>>
>>>>>> No success as yet, but she did exist!
>>>>>>
>>>>>> http://www.google.co.uk/search?clien...i&rls=en&q=%22
>>>>>> TechAngel%22+%3CNoAsk@NoTell.com%3E&ie=UTF-8&oe=UTF-8&redir_esc=&
>>>>>> ei=9jeUTtiEOcSW8QOFqvj3Bg
>>>>>
>>>>> What account name and pass?
>>>>>
>>>>
>>>> BoaterDave 063561
>>>>
>>>> HTH
>>>
>>> Is this a trick to get my IP address? Someone else advise.
>>
>> I don't think so, it would be Google that gets your IP address. I think
>> that BD giving someone else his account and password might be against
>> the terms of service that he agreed to when he signed up though.
>>
>> Now, *anybody* can abuse his account.
>
> Don't be fooled. He's probably feigning to draw you onto his message board
> and then he will read your browser and PC info. http://ip-check.info/
> http://anonymous-proxy-servers.net/e...rity_test.html Some of my
> customers get scammed like this.

He's already got my IP address - and practically directions to my house.