Russian eBay page

I’d been browsing eBay a few days back, checking out a few items I was considering buying. I left my eBay tab open though I was not logged in. Yesterday morning, I figured I would log into my eBay account and save the item I was viewing to my “wish list.” So, I clicked on the login link and was surprised to see the eBay signin page show up … in Russian!

I cannot for the life of me figure out how this happened. My browser language is not set to Russian, my eBay preferences are not set to Russian, and I did not somehow enter a Russian URL. There was no reported BGP hijack on eBay, nor would eBay necessarily reflect it if there was – the IP would not have changed from the eBay webserver’s point of view. Yet somehow it served me up a Russian page.

So, what could have happened here? Either something big happened to eBay, or something happened on my end. I did a quick nslookup to make sure I was hitting the proper site:

Non-authoritative answer:
signin.ebay.com canonical name = origin-signin.g.ebay.com.
Name: origin-signin.g.ebay.com
Address: 66.211.185.34
Name: origin-signin.g.ebay.com
Address: 66.211.181.81
Name: origin-signin.g.ebay.com
Address: 66.211.181.96
Name: origin-signin.g.ebay.com
Address: 66.211.185.47

Looks good. I checked the SSL certificate I was receiving and it checked out:

What I think happened is that my connection to eBay was rerouted temporarily through Russia, possibly through malware. Time to do some spring cleaning on my network, methinks.

Turks tell U.S. officials they have audio and video recordings that support conclusion Khashoggi was killed – The Washington Post

The Saudis are screwed.

The Turkish government has told U.S. officials that it has audio and video recordings that prove Washington Post columnist Jamal Khashoggi was killed inside the Saudi consulate in Istanbul this month, according to U.S. and Turkish officials.

The recordings show that a Saudi security team detained Khashoggi in the consulate after he walked in Oct. 2 to obtain an official document before his upcoming wedding, then killed him and dismembered his body, the officials said.

The audio recording in particular provides some of the most persuasive and gruesome evidence that the Saudi team is responsible for Khashoggi’s death, the officials said.

“The voice recording from inside the embassy lays out what happened to Jamal after he entered,” said one person with knowledge of the recording who, like others, spoke on the condition of anonymity to discuss highly sensitive intelligence.

“You can hear his voice and the voices of men speaking Arabic,” this person said. “You can hear how he was interrogated, tortured and then murdered.”

Source: Turks tell U.S. officials they have audio and video recordings that support conclusion Khashoggi was killed – The Washington Post

Apple caught ripping off customer at Genius Bar

CBC sent a hidden camera to an Apple Genius Bar for a typical Macbook problem of a broken screen. The Apple staffmember recommended $1200 of repairs or a new MacBook, but when the reporter took the same laptop to a NYC repair shop, he got it fixed for free. This is a good look at Apple’s attitude regarding non-Apple repairs and a consumer’s right-to-repair anything she or he owns.

Firefox downloads mysterious dbsync file

Yesterday I pulled up some websites using Firefox on my Android phone and I was surprised to find two notifications on my phone that a file called “dbsync” had been downloaded. I do not download files without having some idea of what they are, so needless to say I was surprised. The files were zero-bytes, however, so I didn’t think they would pose much of a threat.

I later did some Googling which led me to this reddit page discussing the issue. Several others have had this happen to them. Some linked to dubious “virus scanner” software which would remove it, though this cure looks more dangerous than the disease.

I chalked it up to some fluke until I was reading the website of local TV station WRAL.Com from my Ubuntu desktop. After a while I had a Firefox prompt asking me to download dbsync:

dbsync

Continue reading →

Oh noes! The webcams saw my pee-pee!

Another lame scam email…

From: “Cailyn_Demott” order@tonyromo.com
Organization: rdoewnwl
To: [redacted] markturner.net
Subject: [redacted] Read_this_carefully
Details: LEU-755-[redated]
Email: [redacted] markturner.net
Camera ready,Notification: 21.06.2018 01:00:33
Status: Waiting for Reply 96xuKaOy1A8htbnNmUkD4kn4qDy96Iu3_Priority: Normal

–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*–*
Good day.

If you were more careful while caress yourself, I wouldn\’t write dis message. I don\’t think that playing with yourself is very terrible, but when all colleagues, relatives and friends receive video of it- it is terrible news.

I seized malisious soft on a porn web-site which was visited by you. When the object tap on a play button, device starts recording the screen and all cameras on ur device begins working.

Moreover, soft makes a dedicated desktop supplied with key logger function from ur system , so I was able to save all contacts from ur e-mail, messengers and other social networks. I\’m writing on this e-mail because It\’s your working address, so you should check it.

I think that 490 usd is pretty enough for this little false. I made a split screen vid(records from screen (interesting category ) and camera ooooooh… its awful AF)

So its your choice, if u want me to destroy ur disgrace use my bit?oin w?llet ?ddr?ss: 17Q… [redacted]
You have one day after opening my message, I put the special tracking pixel in it, so when you will open it I will see.If ya want me to show u the proofs, reply on this message and I will send my creation to five contacts that I\’ve got from ur contacts.

P.S.. U are able to complain to cops, but I don\’t think that they can help, the investigation will last for several months- I\’m from Ukraine – so I dgf lmao

Was Josh Schulte compromised by the Russians?

Remember when I wondered why CIA leaker Josh Schulte was found with kiddie porn on his computers? A tweet by the US district attorney’s office in New York spawned a comment that makes it all make sense:

I wonder if he was being blackmailed to send national security stuff to Wikileaks because he was a pedophile?

— Connie Rodebaugh (@connie_rodeconn) June 19, 2018

Of course this is what happened. Even so, I’m surprised Schulte’s dirty little secret didn’t derail his intel career much sooner than it did.

Skier’s disappearance, return may stay a mystery – Times Union

More than 100 days after Constantinos “Danny” Filippidis went missing from Whiteface Mountain, State Police and Filippidis’ family are no closer to understanding what led the skier to end up in a rental car section of the Sacramento Airport.

State Police said Thursday they considered the case still open but had no new information on Filippidis’ disappearance.

Filippidis was on a ski trip with some fellow Toronto firefighters. At around 2 p.m. Feb. 7, he decided to go on one last ski run while his friends returned to the lodge. When he still hadn’t returned by 4 p.m., they began to look for him.

Searchers eventually found his identification in his car but no sign of him. The disappearance sparked a massive search effort, involving more than 130 members.

Six days later, Filippidis’ wife received a call from a number she didn’t know. On the other line was Filippidis. He called her by a nickname he used for her but sounded lost and confused. After calling him back, she was able to convince him to call 911.

Source: Skier’s disappearance, return may stay a mystery – Times Union

Pompeo says China incident is ‘entirely consistent’ with Cuba ‘sonic attacks’ – CNN

Sonic attacks on American diplomats continue, this time in China.

US Secretary of State Mike Pompeo said Wednesday that an incident involving a US government employee stationed in China who reported “abnormal sensations of sound and pressure” suggesting a mild brain injury has medical indications that are “very similar” and “entirely consistent” to those experienced by American diplomats posted in Havana.

US officials have issued a health alert in China following the incident. Additionally, the US State Department is looking into whether the incident is similar to what happened in Cuba in 2016 and 2017, a US diplomatic official told CNN, which the US government characterized as a “sonic attack.” That incident led to a reduction in staffing at the US Embassy in Havana.

Source: Pompeo says China incident is ‘entirely consistent’ with Cuba ‘sonic attacks’ – CNN

Jolly Roger Telephone Company, saving the world from bad telemarketing | How Does it Work?

This is brilliant. It’s a service that screens your phone calls and answers with an annoying, delaying robot if the caller is a telemarketer or scammer.

How does it work?
1) You buy a subscription, telling us your phone numbers and your email address.

2) Pick a robot you like from our “Pick a Robot” page. Mark down the robot’s phone number and keep it handy.

3) When you receive a telemarketing call, you transfer it to the robot (see “Use a Robot” page for instructions).

4) After our robot is done talking to the telemarketer, it will send a copy to your email so you can have a laugh.

Source: Jolly Roger Telephone Company, saving the world from bad telemarketing | How Does it Work?

Exclusive: CIA ‘Leaker’ Josh Schulte Posted Agency Code Online—And CIA Never Noticed

This is supposed to be the latest on Joshua Adam Schulte, the former CIA worker suspected of passing hacking secrets to WikiLeaks. This case raises so many questions:

If Schulte is suspected, why hasn’t he been charged?
Did what Schulte post online to GitHub qualify as classified information?
There’s nothing worse than child pornography. Doesn’t it seem convenient that Schulte was found with a bunch of it on his computer? His job was to break into computers. He almost certainly worked with expert colleagues whose job was also to break into computers. How could we possibly know that he wasn’t framed?
If Schulte is allegedly into child porn, how did he ever get a security clearance?
Did the government really think that quoting IRC logs of one of Schulte’s friends mentioning child porn was proof of anything other than a joke?

All of these parts mentioned in this case seem like they’ve been carefully chosen to paint a picture. Bottom line: If Schulte did leak the classified material, he should go to jail. If he willingly collected child pornography, he should go to jail. The onus is on the government to prove these charges (or possible charges) and so far I have not seen much to convince me.

Joshua Adam Schulte, the former CIA worker suspected of passing the agency’s hacking secrets to WikiLeaks, previously posted the source code for an internal CIA tool to his account on the public code-sharing site GitHub, The Daily Beast has learned.That potential red flag was apparently missed by the spy agency just months after Edward Snowden walked out of the National Security Agency with a thumb drive of secrets in 2013. A spokesman for the CIA declined to comment.Schulte, 29, worked at the CIA from 2010 to 2016. He was raided by the FBI on March 23, 2017, roughly two weeks after Julian Assange began releasing 8,000 CIA files under the rubric “Vault 7.” The files had been copied from an internal agency wiki sometime in 2016, and contained documentation and some source code for the hacking tools used by the CIA’s intrusion teams when conducting foreign surveillance.

Source: Exclusive: CIA ‘Leaker’ Josh Schulte Posted Agency Code Online—And CIA Never Noticed