Internet, Unix en security

Implementing RFC 2142 for beginners

I stumbled on a phishing site for a Dutch-bank in my junk-folder and for once I decided to have closer look to see if the filter was working correctly. Is was, but after reviewing the phishing site I saw two things and it was time to act.

The first one was the hosting service. It was a free hosting service so no defacing or whatever. That makes live very convenient for hosting a phishing site that looks pretty safe. The seconds was the use of a free hosting service for submit and collect forms. The funny part is btw, that the seconds appears to very if a certain tag is in the referral page, but doesn’t check if it really shows up. So to eliminate the inclusion in the webpage, the have added then after the closing HTML-tag. Maybe using XPath was a better design choice over just search for a certain string to enable the service.

As the form was asking for all kind of funny details to do perfect phishing I decide to report this to all involved parties. The site being phished, Rabobank in this case, the hoster and Formbuddy for processing phishing data. After so checking and didn’t found enough leads on alternative mail-addresses to report this I decide to use RFC 2142 reserved mail-addresses and the following happend.

<>: host[] said: 550 #5.1.0
Address rejected. (in reply to RCPT TO command)

<>: host[] said: 550 #5.1.0
Address rejected. (in reply to RCPT TO command)

<>: host[] said: 550-5.1.1
The email account that you tried to reach does not exist. Please try
550-5.1.1 double-checking the recipient’s email address for typos or
550-5.1.1 unnecessary spaces. Learn more at
550 5.1.1
d15si7088885eei.16 (in reply to RCPT TO command)

The one that worries me the most is that a bank appears to have no working mail-addresses as described in Section 4 of RFC 2142. Those are basically key for contacting parties in case of emergencies or trouble. The abuse-reject was already noticed by someone last year, but I really wonder how a /16 network can ignore this. Also since there is no abuse-c entry know for there /16.

Update 2012-01-06: The nice guys at have taken the website down within a few hours after reporting.

Life and society

Farewell 2011, hello 2012

2011 has been a strange year for me personally, maybe also a reason why I didn’t blog that much and hopefully 2012 will be better. But a lot has happend in 2011 as Debian 6.0 was released, GNOME 3 impacted the world a lot and still does, Linus released Linux 3.0.0 and many other things happend in the FOSS world. Also two titans, Dennis Ritchie and Steve Jobs, past away.

Also other things changed last year and one of the biggest driver behind this was my Android phone. Google looks nice in many ways and promises “not to be evil”, but I don’t trust them. It was a driver for me to set up my own CalDAV and CardDAV server and it looks fine for now, but also looking into TT-RSS as replacement Google Reader. Some things still need some love and sweet, and we will see this progresses in 2012 hopefully.

2011 was also a reasonable year for reading. The list includes “Cloud Application Architectures”, “Cloud Security and Privacy”, “Being Geek”, “Myths of Innovation” and “Network Warrior”, but also some books for CISSP. Luckily the list also includes non tech-books with a few books from “The Wheel of Time”, “Discworld”, “Ghost in the Wires” and “Steve Jobs in His Own Words”.

Like I said, 2011 was the year the cloud came into my life. And to be honest, the cloud meaning in this context, the separation of data from an application and from a local installed application. With this came also my love and hate relationship with Tor as it may be an answer to certain flaws in DNS for example where a government can take over a domain name or disable it. With this once digital life basically ends. The name resolution within Tor really looks promising as also for Tor-chat, but it is slow as hell. For chatting it could be usable, but not for browsing at the moment. But I still wonder why projects like GNU, Gutenberg or Wikipedia have no known presence on the Tor-network.

The cloud thingy made me slowly also wonder about my next workstation. I bought this machine begin 2009 and I expect to buy a new one at the end of 2012 or in 2013. Most likely it will be a laptop then, but which one? One thing I hope before then and that is that Tux goes on a diet as my root-volume currently is at 12G and I’m sure it was between the 6 a 7G a year ago. I hope it is some additional fat from running Debian Testing, but I expect not.

Also this year I finished the conversion of my music collection to FLAC to make a copy of it in Ogg Vorbis. Yes, FLAC became my archiving format and Ogg Vorbis my day to day format to make it more useful so I can also put them on my phone without filling up the 32G SD-drive with just a few CD’s. Also good and bad news for the movie-industry. Yes, I’m going to the pictures again, but only from the money I get from selling my DVD-collection. And about downloading things, that has slowed down also and my backlog slowly starts to dry up without adding anything new. The round silver disc’s are going the same way as paper in my house. Slowly almost becoming extinct.

A few things I promised myself to do in 2011 I didn’t do sadly enough. Taking up C-programming again and learn how to create decent Debian packages and related infrastructure. Hopefully I can spent some time on this in 2012, but for now I took up Latex again and I like it. About other things we will see, but looking back it was a good year where I switched from being an Unix-engineer towards a security officer. I can only hope the trend progresses, but we will see in 12 months time.