Monday, July 31, 2017

The Nostradamus Effect

There was a time when I thought that the Prophecies of Nostradamus were something to be revered and respected. Whenever there was a war or a disaster, or 9/11, a quatrain from the seer would be dragged out and analyzed and it would be determined by guys in capes with bad haircuts talking on the "History" Channel, that it had been foreseen. Wow. Amazing. This guy who lived many centuries ago saw the collapse of the Twin Towers, the rise and fall of Hitler (even missing his name by one letter), and the first Iraq war (or was it the second?). Yes, whenever something major happens in the world, it turns out that Nostradamus had already seen it coming.

WAIT! Hold on just a cotton-pickin' minute!

The major thing happens AND THEN we see the prophecy? That's not how it's supposed to work. A prophecy is supposed to be a prediction of future events, not a reporting of what has already happened. That's called news. And actually, reading some of the "prophet's" quatrains, they don't necessarily describe future events as much as past and current events can be shoehorned into them to make them look like prophecy. That is precisely what has been happening all along.

Somehow, after a major thing happens, a quatrain is referenced and shown how it precisely manages to describe every part of the event with laser-precise accuracy, down to the date and time of the event. However, when one of these "scholars" is asked about future predictions out of these quatrains, it becomes quite vague and murky. Suddenly, the precision is completely lost and it suddenly becomes a range of five to twenty years, and the location is somewhere on a continent.

Shouldn't a prediction of future events actually be a prediction? What good is it if we're told that "bad thing" will happen between now and 2025 somewhere in western hemisphere? So, I have a challenge for the Nostradamus believers out there. If you're truly a scholar on Nostradamus, then make a prediction of a future event with the same precision as he supposedly predicted events that have already happened. I will be generous and give you a window of a week and geographical precision within a region of a country.

Nostradamus was either a fraud for money (a prophet for profit, if you will), a political writer who got a sweet gig acting like a seer or scryer, or just insane. My money is on the second (if I actually gambled). I personally think his writing were a sort of political blog written in a coded language that spoke to the proletariat and was meant to look like prophecy to the upper class.

Monday, July 24, 2017

Cryptolocker (Repost from Nov. 2013)

I originally posted this back in November 2013. Unfortunately, when I closed down the old site, I lost the original post. Fortunately, I backed up the database of posts I had made and reconstructed the post as it was.

By now, most people have heard of CryptoLocker, a nasty piece of "Ransomware" that encrypts the document and jpeg files on your hard drive and then gives you a period of four days (up from three, I believe), to pay a ransom of $300 US or 300 EUR, or 2 Bitcoins (there are reports saying it is down to a half) to obtain the private key required to decrypt the files.

All I've known about it to this point was what I read in accounts by others, and listening to Security Now! on the TWiT Network. That is, until episode #431 of Security Now! when the host, Steve Gibson of, announced that he had obtained a copy of the malware (it wasn't CryptoLocker, but then he did get it) and asked if anybody wanted to "play with it" he would send them the file. I decided to take a chance and he sent me a link to the file. I have an old netbook that was doing nothing but collecting dust, so I installed Windows 7 on it and then I added some photos and documents to the drive so it would have something to work with since I wasn't sure if it only targeted the Documents folder. Then, nervously, I extracted the .exe file and double-clicked it. I was expecting something immediate, but nothing happened.

Image 1
(Image 1) The top two processes are CryptoLocker, and the CPU usage will pin at 100% during the initial process. These processes cannot be stopped.

I had to leave the house for a few hours, so I left the computer running while I was gone. When I returned home there was a message on the screen...
(Image 2) The Netbook has a small screen, but there is a "Next >>" button at the bottom of the window.

Image 2
I originally tried the test in Sandboxie, but when I ran it and nothing happened immediately, I decided to run it in the clear. The first successful test took place in the open, unprotected right on the hard drive. In order to get the computer back to normal, I reinstalled Windows 7 and insured that there was no sign of the malware. Then I installed 7-zip (to extract the file) and Sandboxie, and ran the malware in the default sandbox. Doing a quick calculation from when I left the house and the time remaining on the countdown when I came home, I figured it would take 15 to 20 minutes. Sure enough, the window above pops up. Also, a sandbox window pops up telling me that there files ready to recover. It appears that CryptoLocker copied the files from my entire hard drive and encrypted them within the default sandbox. I closed the Sandboxie window without recovering and went into the sandboxed Documents folder. There I found all of the same .xls, .rtf and .doc filenames (I've read that it's upward of 60 different file types affected), but upon opening, were nothing but gibberish. Back outside of the sandbox, my files were in perfect shape. I then went the main CryptoLocker screen and clicked the Next >> button (not seen in the picture), and checked out the "Convenient Payment Methods". MoneyPak (USA only), Ukash, cashU, and Bitcoin (most cheap option). According to Steve Gibson, the payment options are hardwired into the program and this is an old copy of CryptoLocker.

(Image 3) The Bitcoin screen. Needless to say, the CryptoLocker folks will not be getting any money out of me.

Then I tried one last test on this infection, I emptied the default sandbox. I kept the Task Manager running when I hit delete and the two processes that were CryptoLocker went away. There was no sign of it anywhere. I let the computer sit for a while, I ran system updates, opened files, and surfed the internet. It was gone.

I shut the computer down overnight while CryptoLocker was still running in the sandbox, but when I started the computer in the morning, CryptoLocker wouldn't run. So, I emptied the sandbox and ran it again.

This is not an ad for Sandboxie, but it is the best known free sandbox program available. As I have demonstrated here, it can protect your files from CryptoLocker and can be cleared out quickly and easily. Would I run this experiment on my main PC which contains tons of at-risk, work-related documents using Sandboxie? If I had to, sure. Will I? No.

I would not recommend running this experiment at all unless you are willing to take the risk or are a professional (I am not the latter at all). The only reason I did it is because I happened to have a computer laying around doing nothing. I also kept careful watch on my main computer's Task Manager, but it does not wander around the network apparently.

Thursday, July 20, 2017

Leave a Comment

I can't do anything about this screen
It appears that some people have had a bit of trouble commenting. I allow Anonymous comments, although I may not take them as seriously unless I can figure out who you are. Your best bet would be to use the Name/URL selection from the drop-down menu. If you don't have a URL, use since it links back to this website (or use a random Wikipedia page for added fun).

I turned off word verification, but I can't turn off the "I'm not a robot" check thing, so you're on your own there. I would prefer if you used some sort of name so that I can reply to you personally.

Thank you,

The Management

Monday, July 17, 2017

Where's That Kiss Episode?

OK, so one casualty in the move to the new blog is the SGMR Special #1: The Good Side of Kiss that Oliver and I recorded back in April. Well, it is still alive and now appears on The Smooth Sailing website, thanks to Jason. I have posted the link below to the new page for it as well as Special #2: The Not-So-Good Side of Kiss.

I was not willing to take any chances and have that podcast get DMCA'd on, so I asked Jason to post it on Smooth Sailing. Anyway, if you haven't listened to both of these, this is a good time to catch up.

SGMR Special #1: The Good Side of Kiss

SGMR Special #2: The Not-So-Good Side of Kiss