Tuesday, January 4, 2011

fingers in the pies

Antonio Prohías, 1961.

"A Ha to Doctor Johnson
Said Scipio Africanus
Lift up my Roman Petticoat
and kiss my *@!$! Anus"

- William Blake, Complete.

The following (quoted) piece first appeared the day preceding Hogmanay; under a different badge. I promptly reset it to draft, given my alarmism seemed a tad overblown.

In hindsight, I'm not so sure.

There exists a spate of reports out there documenting persons being locked out of their Google or Facebook accounts. Contact lists violated; emails circulating in the wild. The repercussions, when one pauses to reflect on it, are potentially grave enough to raise a code red. After months of plunging into the surf without a seatbelt, internet security is very much back on my agenda.

Legitimate concerns after the careless activation of a Java Applet.

Not content, then, on promoting catalepsy with my waxing lyrical on parenthood, I reinstate it now as a means of further cudgeling the casual wanderer onto the Bleachers. Or to merely propogate unwarranted dread.

"A curious thing happened on the way to the forum, today, to paraphrase Zero Mostel as Pseudolus.

Or Frankie Howerd. Chose your poison.

I was sitting in front of my portal to the world with the sound turned way down low and my browser open. My fly zippered. Out of sheer laziness, I left the tab logged into my Google account. Staring absentmindedly at the baby in my lap; daydreaming myself into a coma.

Well. An hour or two might have idled by. I did not notice whether the monitor drifted off to sleep. The grey afternoon licking at the window petered into twilight; the lamps up and down the close across the street stuttered awake like drunken fireflies. I could have leaned out to start a cigarette. I could have leaned out to start an argument, but nobody was listening.

I am still getting used to the change of water. A different sort of fishbowl entirely. If I ever move again it will be to a croft parked on the edge of a sheer cliff - a broken lighthouse - with nothing but glowering skies between me and the sea.

So. Mildly irrated at this slipping into genteel dotage without so much as a properly diagnosed seizure, I sidled my son into the crook of one arm and lunged at the keyboard for a timely interruption. I punched the volume up as far as it would go. And that's when I heard it. That's when I became aware of some kind of terrible intrusion.

At first I was tempted to dismiss it as a bad rip.

A sloppy stab at binary encoding.

I quit the file and the sound persisted. Keystrokes. F@ckin' keystrokes. Jamming away like a trio of ambidextrous Ukranian crooks. Or the Yellow Magic Orchestra.

Dear lord.

Now, I am not so quick as to dismiss myself as wholly cretinous when it comes to desktop security. I have a modest grasp of the internet; those pitfalls to avoid. I laid my son in his crib and opened up my system preferences, navigated to sharing. Firewall on ? Check. No exceptions ? Check. Internet sharing off ? Check. Back to security. A cursory search to make sure passwords are enabled, then on to accounts.

The devious hacking of remote keys upped a gear and appeared to be reaching its crescendo.

I logged out of everything I could - force quit what I couldn't - restarted and ran a standard Symantec test for vulnerable ports; everything clean and stealthy. The keystroke noise, of course, had disippated. I logged into my router's firewall and closed down anything which did not seem essential. I did this, and I did that. Oh, yeah. So what.

Last, but by no means least, I logged back in to my Google account, changed the password, deleted an obsolete default email address, and made sure port forwarding was not enabled. Everything appeared to be as it should, bar the one lamentable oversight, which lay with the integrity of the original password itself, perhaps. A glaring error. Possibly.

Like Mr. Kurtz, at the atrophied epicentre of his heart of darkness, I have gotten lazy. Prone to infection and possession.

Like Marlon Brando in his precarious temple, I have gotten fat and routinely neglectful; complacent in the face of complexities. But not an inch too paranoid.

Apocalypse now ? Last tango in Partick, motherf@ckers."


I habitually monitor downloads with Clam Xav; a freeware program. I monitor, too, inbound and outbound connections via the indispensable Little Snitch. As an added precaution, I installed Sophos Home Edition and scanned the entire volume for evidence of Trojans or Worms; in particular any DNS Changer which might have embedded itself somewhere in the directory. Nada. I also ran a subsequent fully authorised scan through a separate program to check for any Malware Sophos might have missed; specifically Keystroke Loggers. Nothing. Theories ? Spurious observations or informed conjecture ? Hit me with it. I'm all ears. Let me begin the new year with cigarette burns peppering the hood on my sweatshirt; a glass tumbler to bottle up the smoke.


Löst Jimmy said...

Such East European nastywork caught me out two years ago, fooled into clicking a link which immitated the machine's anti-virus alert and before I knew it all hell had broken lose. Hard work trying to rid the poison.

ib said...

I'm still trying to figure out if I've been compromised or not. All tests suggest not, but the clatter of keystrokes was so blatant that I am otherwise convinced. One thing. I recently modified my ISP contract and ran into some rather extreme technical difficulties; the gist of which was somebody not signing off correctly on the job. The issue dragged on for the better part of a month, and led - at one stage - to some glorified fonejacker from half way round the globe seizing control of my desktop.

As soon as I realized what was afoot I closed the process down. I refused to authorise a software upgrade; in short, I screamed "f@ck off!" I have no idea what program was implemented. In fact, such were the circumstances, I was astounded that I'd inadverently granted permission to execute any code at all.

There is this. And the possibility that I activated an Applet at some other place and time. Hell mend me.