Pew Pew Laser Blog

Code. Glass art. Games. Baking. Cats. From Seattle, Washington and various sundry satellite locations.

Blogs about paranoia

A Ghost Story.


When I was a kid, one night I thought I had a ghost in my room. I heard a scratch-scratch-scratch sound coming from my closet that would stop for several minutes and then start again several minutes later.


After what seemed like an eternity, I turned on the lights and looked at my 'ghost'. It was a plain old balloon, bouncing around on the heater vent in the corner of my bedroom. It was scary for me at the time. But once I found the balloon, it was the last time I was worried about ghosts.

Twitter Knows When You Are Sleeping.


I found a most amusing Twitter data contrivance: Based on tweets, will tell you when someone (likely) sleeps. Check it out:

Scam Tells.


I posted an item up for sale on Craigslist, and was excited to receive this email the next day:

From:     Michael Haishkarem
Re:       Re: [exact title of the item I posted]


saw the Ad you put up on craigslist titled - "[exact title of 
the item I posted]" and I'm quite interested in purchasing this 
but I am not too confident if it's the similar type that my cousin 
is after. Here's a demo that I was able to cpy from my brother's 
computer URL1 or try URL2. Can you please confirm its the similar 
kind and get back to me as soon as possible. I'm ready to pay a 
little more than what you put on for sale as long it matches the 
Vid description and you can put it on hold for me.


After a few seconds of thought, I decided that this was a scam; probably a computer generated phishing attempt. Note the following hallmarks:

The two URLs were hot linked to a URL shortening service. I turned off cookies and JavaScript in Chrome and visited the site. I got no source code, but I'm willing to bet that it would have installed some malware had I visited the site without protection.

Attention Corporate and Institutional System Admins and IT Policy Makers.


Internet Explorer is a 9 year old piece of software. It's doing pretty well for such an old collection of 1s and 0s. I wouldn't expect a developer to maintain an application this old, especially an application which was free in the first place. Microsoft does still patch IE6; though perhaps not as quickly as one would like.

Simply "grandfathering" software inside corporate certification policies doesn't seem like a good idea. Threats have evolved in the past decade, but IE6 has not. It is a huge security risk; far beyond simple stuff like popups and spyware. Recent highly sophisticated hacks stole source code from Google and breached over 30 other enterprise networks, including Adobe. IE6 was a major point of entry for these hackers. They knew precisely what they were looking for, and how to get it.

If I were responsible for corporate network security, not only would demand modern web applications; I would ban IE6 from usage, and probably IE7 too.

Change Those Passwords.


Come on folks; don't leave your device's password at the factory setting. Change it to something anything other than the default.

More blogs about paranoia: