SciTechBits – Interesting Bits of Science & Technoglogy Served For You!

Dell ’s quality control seems to have been smoking the same weed as the Dude, you’re getting a Dell guy did. The Texas based computer manufacturer shipped server system boards with infected and embedded malware code.


If you’ve heard about scammers calling customers as if they are Microsoft technicians, there is little wonder why the Dell customer was confused and posted on a Dell support forum:

“I just got a telephone call from a service scheduler informing me that the replacement R410 motherboard I received several weeks ago contains spyware in its embedded systems management firmware, and wanting to schedule an additional service call for a tech to come clean it off.

Unfortunately since the person calling was non-technical, she was unable to provide a lot of details. But I do believe the call to be legitimate as she had the service tag of one of my systems which did indeed receive a motherboard replacement recently.”

A Dell support technician, DELL-Matt M, replied via a post to the customer: “The service phone call you received was in fact legitimate. As part of Dell’s quality process, we have identified a potential issue with our service mother board stock, like the one you received for your PowerEdge R410, and are taking preventative action with our customers accordingly. The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware. This malware code has been detected on the embedded server management firmware as you indicated.”

DELL-Matt M later posted again as if recanting his previous post. “The W32.Spybot worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware.”

Meanwhile, yet another seemingly stoned to the bone Dell employee confused another customer artadams, who then posted a question to DELL-Matt M: “Will you please post your employee number? In a phone call to Dell this morning I was told that no Dell employee wrote this….”

The infection hit replacement PowerEdge 310, 410, 510 and T410 boards. The direct seller said less than 1% of boards were affected and complete new server systems were quite safe. Dell is still not admitting how the W32.Spybot worm got into its systems and onto its hardware.

Interestingly enough, a Dell spokesman said the problem was worldwide but all infected motherboards had now been removed from the supply chain and it was already shipping clean boards. He added that only people running unpatched versions of Windows without any anti-virus would be infected.

What was Dell thinking? Or were they not thinking, like they had been toking some pretty potent weed, when they apparently decided to run no antivirus software and unpatched Windows OS in their factories?

Dell FAIL!

An Orange County man suspected of hacking computers was arrested on federal charges related to demands for explicit videos from women and teenage girls.


A man, claiming to be affiliated with an underground gang of hackers, was arrested on federal extortion charges that allege he hacked into dozens of computers, obtained personal data about people using the computers, and then demanded explicit videos from female victims in exchange for keeping their personal information private.

Luis Mijangos was arrested after a six-month FBI investigation into his involvement in computer hacking, identity theft and video nosiness. Mijangos infected more than 100 computers which were used by about 230 individuals, at least 44 of whom were juveniles.

Mijangos used peer-to-peer networks to infect computers with malware that he made appear as popular songs. Once his victim was infected, Mijangos sent instant messages to people in the victims’ address books. The malicious code in the IMs gave Mijangos control of those computers too.

Once he had control of a computer, he would search for intimate images or videos of young women in various states of undress or engaged in naughty acts with their partners. Mijangos contacted the female victims and threatened to send the explicit photos or videos to everyone in their contact lists unless they made additional videos for him. He also told the victims that because he controlled their computers, he would know if they attempted to contact the authorities. He told one victim that she did not want to “mess” with a team of hackers.

Searching for Red Dead Redemption treasure hunting clues? Beware of low-down, scum sucking, scareware-toting outlaws.Search results for the wildly popular game are being exploited with malware.


Although Red Dead Redemption, an action-adventure western video game by Rockstar, was only released a few weeks ago, it’s wildly popular. In fact, it’s slick as a whistle and one of the highest ranking video games in years. If you tired of whipping out your six-shooter and gunning down cowboys in the Wild West, you probably are hunting for treasure. There are a total of 9 treasures in Red Dead Redemption, but if you get stuck by the cryptic clues and drawings linked to landmarks while on the treasure hunt, ya better proceed with caution partner. Beware of low-down, scareware-toting outlaws.

Online auctions open up opportunities for several types of frauds. A particular type, which facilitates illegal loans, is on the rise in several nations. Researchers have analyzed these cases to find patterns, which could help identify them, including other types of auction frauds.

As the internet reach broadens, more and more people have started to use online auctioning (EBay). Along with this growth, fraud also keeps growing. 2007 alone saw about $14.37M in auction fraud. Misrepresentation of items, fake bids by the seller to drive up the price, adding hidden charges (shipping & handling, insurance), non-delivery of items and offering black market goods are just some of the well known online auction frauds.

A particular type of fraud is very prevalent in Korea and is also found in most other markets – Online Credit Card Phantom Transactions (OCCPT). In this type of fraud, the seller and buyer collude to create a fake transaction, there by resulting in money (loan) got from the credit card company at a relatively very low interest rate, as compared to other options. This fraud is done in situations where, a person is not able to secure any forms of legal loans, interest rate of available loans are very high or cash advance limit on the credit card is very low compared to the purchase limit. Finally, the buyer (the owner of the credit card) could pay or not pay the credit card company.

Privacy has been a major issue with all Social Networks. While the networks do try to address the issues, most of the times – the solution provided is opting out of certain features. Researchers have tested a new privacy model, based on Bayesian Belief Networks – which creates a win-win situation for both the users and the network.

Everyday so many users join Social Networking Sites (SNSs) such as Facebook, Twitter, Orkut, MySpace etc, to keep up with friends, organize events with friends, make new friends, or flirt. One of the main features of SNSs is the”profile” where users post information about themselves. The profile can include real name, e-mail, physical address, phone number, academic classification, major, hometown, birthdates, sexual orientation, relationship status, interests, job history, favorite music/movies/books, etc. This revelation of personal information provides credibility to the profile and also helps match with other profiles. Users post personal information for a variety of reasons – 89% use it to keep up with friends, 57% use it make plans with friends, and 49% use it to make new friends. How much and what kind of information is revealed depend on users’ privacy concern and the trust on the SNS and its members.

The digital divide is deep and gaping between security professionals and users. Researchers have studied the differing points of views in an attempt to bridge the great divide. But do prejudices on both sides make the chasm too wide and jagged to seal?

A digital divide exists between information security managers and users. IT/IS managers mainly regard users as an information security threat, while users regard themselves as an untapped resource for security work. Research suggests these greatly differing points of view tend to make management approaches to security that do not line up well with the dynamics of the users’ working day.

Different work situations and rationalities may explain the digital divide in organizations. The security professional operates at a distance from the everyday work tasks and vulnerabilities in the company, but put toe to the line in a digital attack when vulnerabilities require crisis management. Users, however, step up to the plate every day as required to keep the company going forward as productive and profitable. For users, it is often a case of feeling like all their rights and privileges are unjustly controlled.

Your right to privacy is shrinking, but it’s happening quietly without much publicity. Identity theft steals far more than your privacy.  So far in 2009, over 13 million records have been breached! Here are the top privacy breaches this year.

by Angie Porter
Cyberspace is the new Wild West frontier where sophisticated hacking is like having the fastest gun. Man-in-the-middle attacks are common place, while credit card PIN crackers lead the pack of cyber outlaws. Neither SSL websites nor the “smart” grid can be considered safe anymore. Lucifer, AKA a social engineer, may dwell on your friend’s list within instant messengers or social sites. Even if you manage to avoid tweeting your intentions, botnets, or clickjackers, the vast frontier of cyberspace is shrinking in regards to your privacy.