Skip to main content

Whiskey Tango Foxtrot

Today is one of those Whiskey Tango Foxtrot kind of days. I've been tracking a real November Sierra since December, and even reported it. I figured it was a bug, so I submitted it to the security folks. Their response? "We're not the team for this problem." ok.

Now today I see two data points, one weird-o one-timer kind of probe. Yup, for real, a solo IP in the gigabytes of logs that my splunk eats. Yet this IP correlates with another IP that has been on my radar.

So I get out my splunk and pull a "deny" query on this IP. Not only does it generate IPS hits from my desktop, outbound to destination, but I see inbound activity from this IP (also denied, of course).

(2017-03-29T17:56:44) firewall: msg_id="3000-0150" Deny 1-Trusted 0-External 9840 tcp 20 64 [desktop_ip] 184.86.92.71 12766 80 offset 5 A 2936268642 win 342 signature_name="WEB-CLIENT WScript.Shell Remote Code Execution -1 (Ransomware A" signature_cat="Access Control" signature_id="1110895" severity="5" geo_dst="USA" msg="IPS detected" (HTTP-proxy-00)

(2017-03-23T08:35:36) firewall: msg_id="3000-0148" Deny 0-External Firebox 936 tcp 20 56 184.86.92.71 [office-ip] 80 1847 offset 5 A 2554649786 win 913 msg="tcp syn checking failed (expecting SYN packet for new TCP connection, but received ACK, FIN, or RST instead).

That IP (184.86.92.71) is owned by non-other than Microsoft. They host the OfficeCat update content on Akamai:

(2017-03-29T17:56:45) http-proxy[2026]: msg_id="1AFF-0021" Allow 1-Trusted 0-External tcp [desktop_ip] 184.86.92.71 12768 80 msg="ProxyAllow: HTTP Request categories" proxy_act="HTTP-Client.1" cats="Information Technology" op="GET" dstname="www.microsoft.com" arg="/office/offcat/2.5/en/offcat.nextversion.xml" geo_dst="USA" (HTTP-proxy-00)

I sent email to security at microsoft.com explaining how this first showed up in December during a Visio update (2AM kind of MSFT update). They responded with the "yeah, not our problem," kind of email.

The other November-Sierra involves a fast tripwire that implicated Microsoft again. That one won't go up on the blog until after I get a response from BigSoft's contact.

Fun times.

Popular posts from this blog

A Self Defeating Race False Narrative

2020 is the year of the pandemic. The SARS-Cov-2 (Covid19) virus has rampaged across the planet infecting 4,893,136 [1] people by May 20, 2020. At this time, of those 4.8M people, 323,256 people have perished from complications that arise from the infection. Arising out of this pandemic has been a narrative about non-white ethnic groups being disproportionately affected by the infection [6,7,8]. A narrative that conditions people to believe that they are perpetually victims only creates a "collective victimhood" [4,5] in that group. This "collective victimhood" costs its members millions in unrealized potential, sends them cowering from social interactions that would otherwise benefit them, and ultimately creates an environment that perpetuates itself. Let's try to dispel that false narrative and deal just with data. I pulled my data from the CDC [9] looking at mortality only. The mortality data from CDC contains per-state mortality rates on a per-infectio...

Number of Primes

Anderson's Theorem (a) The number of primes in [1,n] is no more than 2+floor(n/2). The probability of n being prime when n is not prime is 1/2 - see Dasgupta,Papadimitriou,Vazirani "Algorithms" page 26. Therefore, the E(pi(n)) is n/2. (b) There does not exist another set of adjacent primes other than {1,2,3} 5: 2 + floor(5/2) = 2 + 2 = 4:=> {1,2,3,5} : 4 <= 4 7: 2 + floor(7/2) = 2 + 3 = 5 => {1,2,3,5,7} : 5 <= 5 11: 2 + floor(11/2) = 2 + 5 = 7 => {1,2,3,5,7,11} 6 <= 7 26: 2 + floor(26/2) = 15 => {1,2,3,5,7,11,13,17,19,23} : 10 <= 15 Lagrange's Theorem is Inaccurate Lagrange's theorem about primes states that pi(x) is the number of primes <= x. The pi(x) is approximately x/ln(x). He postulated that the lim of pi(x)/(x/lnx) as x-> infinity was 1. This is incorrect. if the number of primes is bounded by n/2 then refactoring and reducing Lagrange's Theorem results in the lim of ln(x) as x approaches infinity. This is alwa...

Stock Option Debt Income

The 2024 Presidential election has brought out a topic of interest that seems to have been perverted. There is this "Taxing Unrealized Capital Gains" [1] movement that is being falsely attributed to Vice President Harris. Clearly, this is a change in the revenue code that was designed by someone in office long before VP Harris was in office. My money is on Elizabeth Warren and Bernie Sanders. What is this change in the revenue code though? For that you have to understand what Silicon Valley zillionaires are doing with their stock options. Many of these people in this special economic area have huge discounts on stock prices for companies that are not public yet, or are public and can not be sold [2]. To be fair to these holders of equity, banks allow them to finance debt using leverage against those options. If you hold an option that is worth $5M then a bank might lend you a share of that value, thus realizing a debt against the option [3]. This is a fair debt instrument and...