Saturday, November 21, 2009
Its mediacenter, minus the letter "a". Good job guys, but its an old trick, only works for kids and those who do not practice safe Internet use in the first place.
I found out about this from a friend who IM'ed me that I need to fix his laptop again because he caught a nasty virus or something for the Nth time this month. He told me the last thing he did was simply open an .avi movie file that redirected him to Microsoft's website and that's when thing started to act funky.
The problem is that this guy never listens. He downloads a lot. He refuses to pay for music and movies. Downloading illegal copies of media is hurting the industry. And nothing is free in this world, download a free new movie, get a free evil payload (virus, adwares, scarewares, etc.)
So I inspected his laptop and immediately browsed to the New Moon Movie folder. Everything looks legit, you can even do a quick scan of the .AVI file using Microsoft's Security Essentials and no alerts came out.
So off I go and I opened the movie and as expected my browser popped open and gets directed to www.microsoftmedicenter.com.
However, what I got was a Bandwidth Exceeded return error. Hopefully someone DDoS'ed his website for good, or it got taken down already, or this guy is indeed maxing out the allotted bandwidth for his website because his clever trick is working.
Bandwidth Limit Exceeded The server is temporarily unable to service your request due to the site owner reaching his/her bandwidth limit. Please try again later.
Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_python/3.3.1 Python/2.4.3 mod_bwlimited/1.4 PHP/5.2.6 Server at microsoftmedicenter.com Port 80
So I made my part as good Netizen of this world and decided to explore and learn more about this poorly-spelled website. First stop is a back trace to see where this guy is hosted:
Wow, Amsterdam, land of the free. If it is indeed hosted in that country. Let's try a whois test:
Here's what we know about microsoftmedicenter.com:
* "James Gonzaga" owns about 13 other domains View these domains >
* is a contact on the whois record of 3 domains
* 1 registrar has maintained records for this domain since 2009-05-14
* This domain has changed name servers 3 times over 0 year.
* Hosted on 4 IP addresses over 0 years.
* View 49 ownership records archived since 2009-05-16 .
* Wiki article on Microsoftmedicenter.com
* 193 other web sites are hosted on this server.
DomainTools for Windows®
Now you can access domain ownership records anytime, anywhere... right from your own desktop! Find out more >
Manila, NCR 2000
Domain Name: MICROSOFTMEDICENTER.COM
Created on: 14-May-09
Expires on: 14-May-10
Last Updated on: 27-Oct-09
Manila, NCR 2000
+63.9194341212 Fax --
Manila, NCR 2000
+63.9194341212 Fax --
Domain servers in listed order:
And the plot thickens! Domain name was registered to a fellow-Filipino residing in Manila? Who knows. Unless Domain Name registration requires a high-level of authentication and presentation of credentials, I doubt if there is even a James Gonzaga along Roxas Boulevard in Manila. I am going to try that listed Philippine number in some other time, who knows, maybe there is a real James Gonzaga prowling the streets of Manila.
If someone picks up, I will ask "Is this James? Can I pay in $$$ and distribute some of my stuff on your website and be part of my worldwide BOT NET operation?"
Evil grin. That's how easy bad guys do transaction with smart kids from developing countries. All they need to do is mention the word US Dollars.
Next stop is let's NMAP this baby, I don't care if he backtracks on my trace, I make sure I cover my tracks:
Hmm, a couple of filtered interested ports. Maybe next time.
Friday, October 16, 2009
Click here to receive answers to questions you may have with regard to enrolment for and installation of your free VeriSign Digital ID class 1:https://search.thawte.com/
For answers to further questions you may have about the discontinuation of this service and the impact to your existing certificates please refer to the following FAQ:https://search.thawte.com/
(we will keep this FAQ updated with responses to common questions)
We hope we can keep you in the Thawte family as customers of our SSL and code signing products. Thank you for your support of Thawte Personal E-mail Certificates and Web of Trustover the years.
Thawte Technical Support
FAQ: Click here for FAQ
If you would like to take advantage of our free SSL and code signing offer, please forward this email to our sales department using the details listed below:
|North American Sales|
Tel: +1 888 484 2983
Online Chat: Click Here to Chat
Tel: +27 21 937 8902
Online Chat: Click Here to Chat
Tuesday, October 13, 2009
I would like to thank Dungeons & Dragons Online MMORPG for giving me a reason to play around with my Lenovo SL300 again and at the same time discover the multiple security updates for Vista released today by Microsoft.
This laptop has been sitting around gathering dust for a while. Simply because I hated the bundled Windows Vista Ultimate Sp2 OS. I would consider it a moderate-gaming laptop, with a dedicated Nvidia 128mb graphics chip. I rarely open this laptop, save for occasions where I need to do cross-Windows OS platform compatibility and User Acceptance Testing (UAT) of our proprietary VoIP application.
Another reason I boot it up is just to make the Avira Free Anti-Virus and Spybot S&D definitions updated, and of course, checking for Windows Updates is critical and has always been a routine for me every time I boot up my Windows systems, and any Windows systems I play around with regardless if I have it set to acquire Automatic Updates.
Today, October 13, after getting tired of completing Rank 2 Quests for my female Monk character (Yes, shame on me, my account in DDO is VIP) I decided to log out of my alternate universe, head back to the real world and work on my Security+ reviewers and SANS Institute Reading Room materials.
Jumping from one security website to another is a good alternative method to review. Sometimes staring and reading a book with 1000 pages will bore you one way or another, and you will want something more interactive.
Threatpost also scales well on my Blackberry 8330's screen; as well as this humble blog of yours truly. Please go and try it. I find it very convenient to just pop-out my smartphone and read along every time I ride the BART going to work. Keeps me updated on the current IT security news. It's like Slashdot but only with Security-related topics.
Back to my Vista Ultimate SP2 box and its merry 12 updates from Microsoft on a single day, here's a screen shot of the list (click on thumbnail to enlarge screen shot)
Just by looking at these KB numbers I am already having headaches :-) Head to Microsoft's Security Bulletin website to find out what each Knowledge Base (KB) is all about:
You may want to try and use Microsoft's Baseline Security Analyzer on a couple of your Vista boxes. Just to make sure your Vista boxes, your brother's, your sister's, even your friend's friends Vista boxes are updated and safe.
Vista is beyond SMBv2 exploit (MS0-9050) nowadays, it has been a haven of choice for wannabe hackers and script-kiddies.
Play safe kids.
Wednesday, October 7, 2009
Monday, September 21, 2009
This trend is an attempt to accomplish Risk Avoidance. Risk Avoidance is a Risk Management Method wherein you terminate the activity that is introducing the risk. In short, no need to implement and keep track of your Risk Mitigation process since there is nothing to keep track of in the first place. No Adobe PDF Reader, no risk. And why worry about Adobe PDF Reader Zero-Day exploits when you can use another PDF reader that is not affected by such vulnerabilities? Ok, that sounds logical and you may have a point Mr. IT Admin Sir, but please listen.
Enter Foxit PDF reader, the leading candidate and alternative for Adobe's dominant PDF Reader. However, converting your entire company to Foxit PDF reader does not guarantee 100% Risk Avoidance. The Top 2 misconceptions about Foxit PDF Reader are the following:
2. Foxit PDF Reader doesn't have exploits and vulnerabilities like Adobe PDF Reader.
>False. Although Adobe PDF Reader leads in scoring when it comes to exploits and vulnerabilities (Like 10 Exploits Adobe PDF Reader, and 2 Exploits Foxit PDF Reader) Foxit has its own share of bad apples. From Buffer Overflow Exploit to Remote Denial of Service Exploit, yes, Foxit is also prone to PDF-related exploits and vulnerabilities.
It won't take long for malware authors and security researchers to create new and more exploits targeting alternative PDF readers such as Foxit PDF Reader. The same rule applies when dumping Adobe PDF Reader in favor of another; patch your applications and systems on a regular basis, keep tab of Zero-Day exploits. Enforce your company or organization Policies, Standards, Baselines, Guidelines and Procedures to the full extent but not to the point that you lose your sanity in the process, and your co-workers start tagging you as control freak.
Although I find random on-the-spot, casual conversation, Security Awareness Training the best tactic one can employ inside the workplace. So every morning, while lining up for coffee at the pantry room, go ahead and break some "cool" and "leet" IT security news to your fellow workers, they will enjoy it as long as you tell the story like how movies tell them. Avoid jargon and acronyms please and make it exciting. Think Quentin Tarantino directing a hacker-movie.
Bruce Schneier made an excellent point on his speech about "The Future of the Security Industry: IT is Rapidly Becoming a Commodity" on a recent OWASP Meet. Bruce mentioned that the trend nowadays with IT security is slowly turning into a somewhat herd mentality. They are doing it, so let's do it, that kind of thing. Even current Best Practices recommended by the community is suffering from such herd-mentality syndrome. I somehow agree on this notion since everywhere I go and every material I read describes a Best Practice guide which usually doesn't always apply to all.
We need to treat each system, no matter how closely it resembles other systems, as a unique system with a different set of variables and behavior. So please, stop treating those Best Practice Guides as your bible and study your network how it behaves.
1. "Handling Risk" Page 107, Chapter 3: Information Security and Risk Management, All-in-One CISSP Exam Guide 4th Edition by Shon Harris, CISSP, MCSE
2. Bruce Schneier: The Future of the Security Industry: IT is Rapidly Becoming a Commodity, http://vimeo.com/groups/owaspmsp/videos/6495257
3. Open Web Application Security Project (OWASP), http://www.owasp.org/index.php/Main_Page
Sunday, September 13, 2009
An excellent way to hide messages or malicious payloads, making use of the unused UDP-RTP bits on a voice stream. I bet I can see the malformed or modified part of the RTP stream on Wireshark! Back to the lab for some tests!
Complete details on the link below.
Steganography meets VoIP in hacker world
Posted using ShareThis
Have fun inserting stuff on those unused bits!
Wednesday, September 9, 2009
This novel is awesome. All the enumeration, sniffing and penetration methods and tools used in the story are all real and up-to-date. A computer game software genius dies and leaves behind the best AI ever created and a kick-ass "daemon" process to automate things. How do you fight evil packets? Go figure it out how the rest of the story unfolds.
So for a change, get out of your chair, away from your computer monitor and pick up the book from the nearest bookstore t. Currently enjoying the Audio Book version for my second reading of the book, and drooling of having my hardcover copy signed by the author.
Below is a brief E-mail exchange with the genius behind the book, Daniel Suarez:
Excellent novel Daniel, looking forward to Freedom (TM).
One question though, regarding this line from the novel:
"So far, Gragg had a cache of nearly two thousand high-
net-wort identities to sell on the global market, and the Brazilians and Filipinos
were snapping up everything he offered."
Does this mean that based on your research (and statistics), most of these bad guys lurking around IRC channels are either from Brazil or the Philippines?
I am a Filipino residing here in the Bay Area and I am into VoIP Security, and overall IP-based Systems Security as well.
All the best,
Thanks for the kind note. I'm glad you enjoyed Daemon.
When I wrote Daemon back in 2004, Brazil and the Philippines were big
centers for identity theft; however, much of that has since moved to other countries. With the rise of botnets, though, it's increasingly difficult to tell where exploits and penetrations originate (with zombies serving as proxies...).
Agreed, 2004, those where the days. Now the Philippines is into hosting Call Centers
(and exploiting them) and Brazil is into US-Satellite tapping, lol.
Do you mind if I post your reply to my blog? (http://packetboyperseus.blogspot.com) I am planning to put up a simple personal review so my network of friends can see it and eventually pick it up from the nearest bookstore. I am sure they will love it as well.
All the best,
My main point is that the future of cyber warfare is going to be driven by botnets and
distributed attacks originating from small groups of individuals (not
I don't want to sound like I'm 'blaming' that on Russians,
Brazilians, or Filipinos. The root cause of our IT security problem is
the inherently open architecture of global networks and the monoculture
that is modern software.
There are now cyber criminals and cyber warfare
units all around the world, and solving the infrastructural issues is
more important than playing international whack-a-mole with would-be
perpetrators--no matter what country they hail from.
Saturday, September 5, 2009
After a couple of minutes of tracing un-labeled RJ45 cables and network devices in general, I was able to trace the root cause. The bottleneck is originating from a commercial firewall installed on their network. I am not going to identify the brand and model, but its one of those firewall not meant to handle tremendous amount of traffic. In short, its a small-office-home office firewall/router. Their facility generates around 12 to 20mbps of outbound traffic on a daily basis.
This firewall goes gaga when hit by too much traffic; it simply drops all concurrent connections and resets as evident on the firewall and router logs. Good thing their Network Admin made the right choice and decided to get hold of a Cisco ASA 5505 Security Appliance and replace their current firewall. The problem is this guy does not know how to configure the ASA and needs to outsource the configuration and installation, so the ASA needs to wait while the problem still persists on their converged network.
To add salt to the wound, they are using old-school workstations; running Celeron 2.0ghz processors with a measly 256mb of SDRAM. Understand that these workstations handle a softphone-based VoIP client, a web-based CRM, Instant Messaging client, and Agent productivity apps. I say good luck with that. As suspected, Agents usually encounter the white screen of death where everything halts and freezes, hitting the Reset button is their usual routine.
Add the workstation hardware issues and misconfiguration on the network and you get a very painful and regretful VoIP experience.
Knowing how painful this experience is to their Agents, what I did was strip down Windows XP Pro to the bare minimum to free additional memory and overall system resources. What I meant with a stripped-down version is by disabling all Local Services that are not needed, adjust the workstation to Best Performance, disable tons of start up and running applications via msconfig, and finally, lock down the Agent login to Limited Rights so they can't install those nasty shopping IE add-on toolbars, lol. Things you must do when no Domain Controller is not present on a large network.
On my way back home to the Bay Area, I had some fun on-flight thanks to Gogo In-flight Internet without actually signing up for their service.
Thanks to Wireshark, ZenMAP GUI, and my laptop's Intel(R) Wireless WiFi Link 5100 card I was able to take a glimpse of the WiFi activity on-board the plane.
Intense Scan plus UDP output on NMAP:
nmap -sS -sU -T4 -A -v -PE -PA21,23,80,3389 172.19.131.2Wireshark Capture Screenshot:
Starting Nmap 5.00 ( http://nmap.org ) at 2009-09-03 16:40 Pacific Daylight Time
NSE: Loaded 30 scripts for scanning.
Initiating ARP Ping Scan at 16:40
Scanning 172.19.131.2 [1 port]
Completed ARP Ping Scan at 16:40, 0.22s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:40
Completed Parallel DNS resolution of 1 host. at 16:40, 11.39s elapsed
Initiating SYN Stealth Scan at 16:40
Scanning 172.19.131.2 [1000 ports]
Discovered open port 80/tcp on 172.19.131.2
Completed SYN Stealth Scan at 16:40, 5.05s elapsed (1000 total ports)
Initiating UDP Scan at 16:40
Scanning 172.19.131.2 [1000 ports]
Completed UDP Scan at 16:40, 4.26s elapsed (1000 total ports)
Initiating Service scan at 16:40
Scanning 1001 services on 172.19.131.2
Service scan Timing: About 0.40% done
Service scan Timing: About 1.50% done; ETC: 18:43 (2:00:31 remaining)
Service scan Timing: About 3.00% done; ETC: 18:13 (1:29:33 remaining)
Service scan Timing: About 4.50% done; ETC: 18:02 (1:18:15 remaining)
Service scan Timing: About 5.99% done; ETC: 17:57 (1:12:09 remaining)
Service scan Timing: About 7.49% done; ETC: 17:54 (1:08:07 remaining)
Service scan Timing: About 10.39% done; ETC: 17:43 (0:56:12 remaining)
Service scan Timing: About 10.49% done; ETC: 17:50 (1:02:43 remaining)
Service scan Timing: About 13.39% done; ETC: 17:43 (0:54:02 remaining)
Service scan Timing: About 13.49% done; ETC: 17:48 (0:58:55 remaining)
Service scan Timing: About 16.38% done; ETC: 17:43 (0:52:03 remaining)
Service scan Timing: About 16.48% done; ETC: 17:47 (0:55:49 remaining)
Service scan Timing: About 19.38% done; ETC: 17:42 (0:50:03 remaining)
Service scan Timing: About 19.48% done; ETC: 17:46 (0:53:11 remaining)
Service scan Timing: About 22.38% done; ETC: 17:42 (0:48:06 remaining)
Service scan Timing: About 28.37% done; ETC: 17:42 (0:44:16 remaining)
Service scan Timing: About 34.37% done; ETC: 17:42 (0:40:29 remaining)
Service scan Timing: About 40.36% done; ETC: 17:42 (0:36:45 remaining)
Service scan Timing: About 46.35% done; ETC: 17:42 (0:33:01 remaining)
Service scan Timing: About 52.35% done; ETC: 17:42 (0:29:19 remaining)
Service scan Timing: About 58.34% done; ETC: 17:42 (0:25:37 remaining)
Service scan Timing: About 64.34% done; ETC: 17:42 (0:21:55 remaining)
Service scan Timing: About 70.33% done; ETC: 17:42 (0:18:13 remaining)
Service scan Timing: About 76.32% done; ETC: 17:42 (0:14:32 remaining)
Service scan Timing: About 82.32% done; ETC: 17:42 (0:10:51 remaining)
Service scan Timing: About 88.31% done; ETC: 17:42 (0:07:10 remaining)
Service scan Timing: About 94.31% done; ETC: 17:42 (0:03:30 remaining)
Service scan Timing: About 98.90% done; ETC: 17:43 (0:00:41 remaining)
Completed Service scan at 17:42, 3688.53s elapsed (1001 services on 1 host)
Initiating OS detection (try #1) against 172.19.131.2
NSE: Script scanning 172.19.131.2.
NSE: Starting runlevel 1 scan
Initiating NSE at 17:42
Completed NSE at 17:43, 36.19s elapsed
NSE: Starting runlevel 2 scan
Initiating NSE at 17:43
Completed NSE at 17:43, 5.02s elapsed
NSE: Script Scanning completed.
Host 172.19.131.2 is up (0.0014s latency).
Interesting ports on 172.19.131.2:
Not shown: 1000 open|filtered ports, 999 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http?
| html-title: Site doesn't have a title.
|_ Did not follow redirect to http://airborne.gogoinflight.com/abp/page/abpDefault.do?REP=127.0.0.1&AUTH=127.0.0.1&CLI=172.19.131.153&PORT=54273&RPORT=54272&acpu_redirect=true
MAC Address: 00:E0:4B:22:96:D9 (Jump Industrielle Computertechnik Gmbh)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.18 - 2.6.27, Linux 2.6.26
Uptime guess: 0.405 days (since Thu Sep 03 07:59:45 2009)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=197 (Good luck!)
IP ID Sequence Generation: All zeros
Host script results:
|_ nbstat: ERROR: Name query failed: TIMEOUT
Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3757.66 seconds
Raw packets sent: 4045 (148.498KB) | Rcvd: 31 (1502B)
Noteworthy discovered Protocols and Services gathered from the Wireshark .pcap capture:
- Cisco IP-SLA
- TACACS and XTACACS
- CLDAP (Connectionless Lightweight Directory Access Protocol)
- Cisco Wireless LAN Context Control Protocol
- Mobile IP Protocol (RFC 3344)
- RIP (Routing Information Protocol)
- OCSP (Online Certificate Status Protocol)
- Slimp3 Communication Protocol (Device ID: 101) (Firmware Revision: 6:12 (0x6c)
- Base Station Subsystem GPRS Protocol (BSSGP)
- CFLOW (Cisco NetFlow/IPFIX)
- CUPS (Common Unix Printing System)
- GPRS Tunneling Protocol (GTP)
- H.225.0 RAS
Discovered Network Device Signatures/MAC OUI's:
- JUMP INDUSTRIELLE COMPUTERTECHNIK GmbH (00:e0:4b)
- Hon Hai Precision Ind. Co., Ltd. (00:22:69)
You can easily Google those two identified manufacturers and you will have and idea what type of devices they produce.
As always, hit me up on E-mail if you want a copy of the complete .pcap capture and I will be glad to send you a copy, for research and analysis of course. Let me know if you guys need additional information as well about my recent 35K feet packet-sniffing adventure.
On my next flight, I am bringing an external USB antenna with packet-injection capability :-) attached to my future 1000HE netbook.
Happy packet-sniffing everyone and try not to break any law in the process!
Friday, August 28, 2009
As announced some weeks ago the Skype trojan sourcecode will be available for download. You find the source packages in the Tools & sources section if you are the impatient type.
The code is simple and straightforward. You have know malware development is no rocket science and if you expect big magic you are at the wrong place. The backdoor receives instructions from the dropzone and transferres audio files. The Skype-Tap intercepts the Skype function calls, extracts and dumps audio data to files, converts it to the mp3 format and encrypts it.
The code is not 100% complete. I removed the plugin system in the backdor and also the firewall bypassing system is not there anymore. I will publish both of them in separate tools later. If you don’t like this … well, I can’t help you. Thats how it is. Take it or leave it.As always I am open for your opinions and criticism.
Complete article and technical details from Megapanzer's website:
Monday, August 24, 2009
Last month, I moved to a new apartment and decided to hook-up a high-speed Cable Internet from Comcast (as openly documented on this very same blog) as my primary connection to the world wide weird. This was July 15 and I was working at home that day.
With no router or a switch at hand yet, my Sony Vaio VGN-BZ560 laptop is connected directly to Comcast's modem, getting a dynamic Public IP address from time to time. Something exciting happened right in front of my eyes as my Symantec Endpoint Protection software started displaying notification windows, stating a couple of Intrusion Prevention logs. I immediately accessed the Client Management Logs - Security Log feature of Symantec's Endpoint Protection and here's what I found:
[SID: 20081] MS SQL Stack BO detected.
Traffic has been blocked from this application: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
Traffic from IP address 18.104.22.168 is blocked from 7/15/2009 1:33:12 PM to 7/15/2009 1:43:12 PM.
Active Response that started at 07/15/2009 13:33:12 is disengaged. The traffic from IP address 22.214.171.124 was blocked for 600 second(s).
I immediately launched my Wireshark to capture the network interface, then went inside Symantec Endpoint Protection's Client Management - Security Logs and turns out the attack has started since 5AM this morning PST!
Here are the logs of the first attempt:
[SID: 20081] MS SQL Stack BO detected.
Traffic has been blocked from this application: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
Traffic from IP address 126.96.36.199 is blocked from 7/15/2009 5:48:38 AM to 7/15/2009 5:58:38 AM.
The logical thing for me to do is to trace where these IP addresses are coming from. So I made a few back traces using my VisualRoute Tool and surprise! Surprise! Yes, the IP addresses are all from China.
The source IP's are all from China, if the back trace is reporting it correctly and these attackers are not using some mechanism to hide their real location, or probably just a bunch of compromised boxes or BotNets serving their master somewhere here in the States. But my guts keep on telling me that these are really coming from China.
My Sony Vaio Laptop is running Windows XP SP3. Installed is Microsoft Office 2007, with Microsoft SQL Server 2005 pre-installed which is the backdoor of this attack based on the Symantec Endpoint Protection Security Logs.
I am sure that my MS SQL Server 2005 service is not running on the background as a Service on my laptop turns-out that our new customer network connectivity troubleshooting tool called PathView by Apparent Networks is using a Local SQL Server Service on my laptop as well. By virtue of logic, I believe this application gave another backdoor for this MS SQL based vulnerability.
Below are actual screen shots while the attack is occurring:
(Click on the images to enlarge them)
Symantec Endpoint Protection Client Management Logs - Security Logs
PathView SQL Server running as a Local Service
Wireshark capture while the attack is happening
Let me know if you guys need a copy of the actual Wireshark capture (.pcap file) for analysis, I have no problem sending it out.
So what have I learned from this? Always double-check your new machine what applications are pre-installed on it, as well as ensure that unnecessary Services are not running on the background. This happened to me because I got lazy when the new Sony Vaio was handed over to me from work and I did not bother hacking into it like what I usually do with my personal machines.
Peace out and spread the word.
Monday, July 13, 2009
It took them 4 days in total, to resolve a simple physical connection problem. Turns out that my actual cable was disconnected. The apartment located on the 2nd floor got disconnected from their Comcast Service so someone from Comcast Provisioning disconnected them. They did not even check that the connection was originating from a splitter, one goes to the apartment on top of me, one goes to my apartment. They disconnected the entire cable feed. Another epic provisioning to on-site tech coordination FAIL.
My savior on my 4th day in fire and brimstone of zero Internet was a good-natured on-site tech guy named Tom. Tom was a classic good-ol'-American gentleman. He reminded me of those 1950's to 60's Handymen portrayed on television. He has a cool utility belt with all the tools he need, he has a cool mustache and beard, and sports an old-school baseball cap. He was a little bit odd with his seemingly non-sense gibbering while tracing the coax cables from my living room all the way outside the veranda but one thing is for sure, he knows his craft. He knows how to pacify someone who has been deprived of their connection for days by virtue of hard-work and results. Comcast Tech Support people should take a page out of Tom's book of work ethics.
All work, less talk. No promises.
Monday, July 6, 2009
The thing is, Comcast Call Centers are distributed in North America and most of their on-site technicians are contractors, even better, sub-contractors. lol. Earth to Comcast, please stop hiring and giving out contracts to clueless companies to render service to your poor customers.
And one more thing, in case you call in Comcast Technical Support Hotline, ask them to transfer you to their Call Center based in Tucson, Arizona because the guys there will help you. The rest are plain stupid, newbies, too old to do technical support jobs, or just completely clueless.
I was in a hurry to go home today so I can meet the Comcast tech guy at 6PM PST, as promised over the phone yesterday by another clueless Supervisor. So around 5:45PM PST they called me and I told them to wait for just at least 5 minutes, 8 minutest tops, because I am already on my way to my apartment walking, coming from the BART station.
You know what was the reply of the guy who called me representing Comcast?
"Sorry, but we cannot wait because we have other job orders pending today." And that was it.
OMFG. I have been patiently waiting for the past 3 days for them to restore my Internet service, and the freakin' on-site Tech Guys couldn't even wait for just 10 minutes for a customer who has been down for 3 days?!
How I wish Comcast Managers can read my post. You guys gave me a new definition for ultimate customer service FAIL.
Have a goodnight Comcast people.
Saturday, July 4, 2009
So I just moved to a new apartment. The place is totally empty, I have no furniture yet except for my laptop, HD LCD and game console. That's it. My clothes are still inside my traveling bags even, and yes, I am sleeping on the carpeted floor, reminds me of my college years.
So whats the very first thing I worked on on my first day at the new spot? Yes, you got it, Internet. I am nothing without Internet, the rest of the bare necessities can wait.
In reading the Apartment Lease form, I saw a big Comcast Cable Service Ready smack at the bottom of the document. Turns out Comcast has first dig on the apartment complex, AT&T can't touch the area for some reason. So I immediately called the courteous guys at Comcast and in a couple of minutes a technician is already installing the Cable Internet. He brought a used Modem with a big Comcast logo on it, I said fuck it, I don't mind if its used, as long as its working right. So after a few minutes, Coax Cable on wall to the back of the Modem is installed. Ethernet Cable plugged it, and I politely asked the tech guy if I can hook it up at the back of my laptop already so we can test it. He said "Ok but its not up yet, I need to call to get it provisioned, but yeah you can hook it up because I need to check on it as well."
After hooking up the modem I immediately launched the terminal console on my Macbook to check what IP the gray box is giving me. The box was on a default gateway IP address 192.168.0.1, immediately opened my Firefox 3.5 and headed straight to it. The modem has a web-based configuration access but there is nothing we can do currently because it still needs to be provisioned. The tech guy said "Hmm, so you know how to do this huh?" I said, yeah only a little. This guy definitely needs to look around my empty living room because right next to us are scattered Cisco and CISSP books, lol.
The tech guy made a few calls on his NexTel phone, and after like 10 to 15 minutes, modem was up and operational, signal was good, and firmware updated. I saw this with my own eyes. The tech guy told me to do some speed tests, so he directed me to speedtest.net. The site testing gave me remarkable results, 15mbps download, 3mbps upload. Destination San Jose, from my place in Union City. Perfect. He told me that's Powerboost baby, but since you are not signed up for it, you may only get something like around 8mbps down, and 2mbps up. So I said, ok, its cool, still more than sufficient for my needs. Signed the papers that service was installed and working properly, a few chit-chat, tech guy left.
Everything was doing good till the next day, the freakin' Cable Internet went out on me. Multiple calls to their 24x7 Support Department wasn't fruitful, they could not even tell remotely from their Support Contact Center if there is a problem with the line or the modem. The first tech support guy that I spoke with told me I need to pick up a replacement modem, for free of course, but turns out I need to drive all the way to their office in Fremont or Hayward. Fuck that, its freaking far. So I told them I'd rather go to Radio Shack because Its right next to my place, all I need to do is walk.
So I asked the guys at their Technical Support Department, Supervisors included, what is my assurance that once I go out and spend like 40 to 60 bucks on a cable modem, swap it, that it will fix the problem?! Their answer? NONE. If its not a modem issue, I'm negative 60 bucks, if its a line issue, they can only send in an on-site tech guy on Monday, because of the long weekend. WTF. Another epic FAIL in customer service.
So I made a call again to their Support Department next day, 2nd day of my outage, made a plea of my case, and finally, they told me they will send in a tech guy on-site to check on the modem. The tech guy will bring a modem so he can swap it out. So I said yes, finally progress, and a sign of true customer service. But turns out there was a catch to it. If it turns out to be a line problem, cable problem, etc, or anything aside from the the modem being the source of the problem, they will charge me $46.00+ for the on-site service. Wow. The rabbit hole gets deeper. But the courteous lady tech support told me, I can avoid the service charge If I sign up for the 99 cents monthly service fee to cover such similar issues. Wow, another can of crap opened right in front of me. I politely replied to the support lady that I will not sign up, just send someone out for heavens sake, I just signed up for your service, and its already out the next day. Do me a favor please.
So here I am, typing this blog, spilling my guts out in disgust to their service at Starbucks so I can be online, its $3.99 plus tax for 2 hours by the way. They told me to wait for the call somewhere between 1PM to 5PM PST. They will call me on my mobile phone before they drop by. So I said, fuck it, I'll give them another chance, or not.
Its almost 4:15PM PST, assuming they come and fix the problem today, what I am going to do is call first thing on Monday and cancel the service. I am switching to AT&T's DSL and Telephone Line service instead.
Ah, revenge, so sweet I can almost taste it. Sorry Comcast, but first impression lasts!
Thursday, June 18, 2009
I am 30 years old and honestly I feel more fit then I was like 5 to 6 years ago. I think I am in the best shape of my life, both physically and mentally.
Sunday, June 14, 2009
Thursday, June 4, 2009
This AI-IP module will be so advance that it will not rely solely on hardware power to completely manage your interconnected-network devices. I believe this A.I. module will contain sophisticated coding techniques that someday someone will discover. A.I. technology has been around so long, this should not take long to be discovered.
A sophisticated A.I.module for a computer network will act as the central control, no matter how many nodes you have on it. It can utilize a simple code tagging technique to a specific packet or traffic, keep track of the signature, payload, and behavior on its almost infinite database. The packet infrastructure of IP networks will evolve beyond IPv6.
Sunday, May 17, 2009
What even makes me even more proud on that day is he chose the gift me myself would choose. He chose a top-of-the-line Quantum-Powered Quad Core Laptop by Intel, developed by Apple. It is one of the slimmest and lightest laptop released this year. 80% of the body, including the keyboard is made of combined graphite, aluminum and composite materials used by NASA. making it super light yet virtually indestructible because of the Nanotechnology used to developed it. The material used in the body has the native characteristic of repelling materials that comes close to it, its like a mini-magnet but with a South Pole. It Is even rumored that the technology was derived from the nearby civilization discovered in the outskirts of Venus. But Intel and Apple refuses to give comment about this, since only the US Military has access to such technology, a thing frowned upon by the Neo United Nations.
My son gave me a full smile after I flashed my credit card in front of the automated cashier. The price was hefty, but it hella' worth it in my opinion. When I was at my son's age, I was using a laptop powered by silicon and transistors on their microprocessors. Silicon-based Microprocessors during those times only has two states, either a 1 or a 0, called the Binary System. It will take years to crack a 1024K-bit encrypted message using the laptops I used to use during those days. Now, even the cheapest Quantum-Powered Processor Netbooks can crack a 1024K-bit encrypted message in minutes.
I think not only my son will enjoy this new toy we are taking home, I am thinking of installing SETI@Home on it, then connect it to my 100-Gigabit Wireless Network at home to help my main computer's processor and resources in reaching signals far beyond Venus. Who knows, my son might be the next Galaxy Civilization discoverer, and not some UC Berkeley and MIT alumni. I am getting old, the year 2030 has been good to me and my finally. I am looking forward to visiting our retirement home back in our homeland, Neo Manila. But that will be another blog entry.
Cheers and reach for the stars!
(P.S. Although a fictional story, the future technology depicted here is a possibility. This story focuses on the future of Nanotechnology and Quantum Physics. It is getting more exciting every day as scientists and experts around the globe continue to push the limits of our current technology and discover new ones in the process.)
Wednesday, April 29, 2009
Wednesday, April 1, 2009
Friday, March 13, 2009
I just passed this exam last month (February), and to all seasoned Traditional Telephony and IP Telephony guys and gals out there, the exam is no joke. You need to review and prepare for it still regardless how l337 you are in Cisco. I was under the impression that I will easily crack this exam since I have 4 years of advantage working for a VoIP/SaaS vendor, but It was the other way around. The exam cracked me up. There were tons of questions on the exam on techniques and protocols that I have never heard of (or studied!), lol!
In order to pass this exam, here are my Top 3 recommendations:
1. Master the fundamentals of Traditional Telephony
2. Master the fundamental of Data Networking
3. Do not rely on the official CompTIA Convergence+ Materials alone!
Below are the books and on-line resources that helped me pass the exam. If you can read all this books before you take the exam, I strongly believe you have at least more than 70% chance of nailing it. Please nail it once, $200 plus for the examination fee doesn't come easy nowadays.
1. CompTIA Convergence+ Certification, 2nd Edition + CertBlaster, Student Manual (Official Student Manual from CompTIA)
2. CompTIA Convergence+ Certification Study Guide (Certification Study Guides) by Tom Carpenter (Hardcover - Jan 7, 2009)
3. VoIP Deployment For Dummies (For Dummies (Computer/Tech)) by Stephen P. Olejniczak (Paperback - Nov 17, 2008)
4. Internet Multimedia Communications Using SIP: A Modern Approach Including Java® Practice (The Morgan Kaufmann Series in Networking) by Rogelio Martinez Perea (Hardcover - Jan 15, 2008)
There are tons of on-line/web resources out there!
Also, please be reminded that this certification is not VoIP-centric, hence the name Convergence. It will challenge your knowledge in deploying, managing, and troubleshooting converged networks, computer networks with both data and voice traffic running on it.
Remember, to be able to pass this exam, you need to master the fundamentals for all subject areas AND be updated on the current technology and practice. In my case, I allocated at least 2 months of studying and reviewing, reading all those books I identified on top from cover to cover, and making it a habit to visit those on-line/web resources I identified to keep myself updated on the industry of converged networks.
Feel free to ask for questions, I am already working on getting my second certification from CompTIA, Security+. I want to focus on the field of securing IP Communication.
For more information regarding CompTIA's Convergence+ Certication exam, please point your browser to their website:
Good luck and enjoy the challenge, I did!