Monthly Archives: January 2020

Phishy Facebook ad explanations

Jeopardy test ad

This past weekend, a friend invited us over to play board games. Two of the people there have been on Jeopardy. So, I found this advertisement interesting. And when I went to the feature explaining why I got the ad, I found that explanation lacking.

Supposedly, it was because I live in the US and am the right age and are similar to their existing customers. I don’t watch the show. I don’t follow their pages. My friends probably do. But, these two friends have very different interests.

My guess? Physical proximity to these friends triggered the ad.

From Phishy Facebook ad explanations published January 22, 2020 at 09:07PM.

Dear Russians,

A few years ago, I read Hacking: The Next Generation which mentioned using LinkedIn to research an organization to attack it. Pick out the CEI and send an urgent email from this person to a peon to phish them.

Last week, I heard about a Russian campaign attempting to leverage LinkedIn. I just got a connection request from someone supposedly in a small town near where I used to work. This woman was supposed to be a recruiter, but used the most awkward language in the profile. Stuff like a recruiter for US citizens.

I laughed so hard at this. It seemed obviously like someone who doesn’t understand Americans. Which is odd because your trolling the US election was far superior. Maybe I attracted the D team?

From Dear Russians, published January 12, 2020 at 12:02PM.

Windows md5 checksum

I was sent a script to run by an analyst who advised to verify the MD5 hash. This is good advice to ensure that I receive the correct content. And happens to be the advise I gave the DBA manager before restoring backup files that was going to take hours to download.

The idea is creating an MD5 hash from the file contents is a fingerprint that tells me whether the file is the same or different quickly and easily. The analyst tells me the hash of the file on the source. I generate a hash on the destination and compare. If they differ, then we have a problem.

I do this all the time on Linux. However, the application I was working with is on Windows. And uploading the file to a Linux server from my workstation wouldn’t really tell me if the file on the Windows server has the correct hash as corruption (ever so unlikely) could have happened over one upload but not the other.

So, I was curious if there was a way to do this on Windows. Turns out there is.

certutil -hashfile C:\scripts\filename.sql MD5

The certutil.exe command is a program installed as part of Certificate Services used typically to view SSL information. (I used it via Powershell, but I bet it works via CMD too.) The various flags available makes it look like something extremely useful to know exists. And, I am surprised at never having seen it prior to today.

From Windows md5 checksum published January 03, 2020 at 02:51PM.