Thursday, May 30, 2013

OUYA First Impressions

I got my Kickstarter backer version of the OUYA last week.  I took it with me on a business trip to test it out in the hotel and I decided to post my review for those who are interested.

Form Factor

The OUYA console itself is tiny, which is what excited me most.  I've long dreamed of bringing a gaming console with me on business trips without the hassle of worrying about packing it in checked baggage or the burden of lugging it around in my carry-on.  I can easily toss the OUYA into my carry-on, so the form factor is a big plus for mobility.  The only downside I've noticed to doing that is that the controller bumps up against objects in my bag, which activates Bluetooth connection attempts.  I can see that easily draining the controller batteries so make sure to remove one of them prior to traveling if you bring it with you.

The console has a good weight to it, thanks to the weight placed in the bottom.  Otherwise it might feel too light.  If you haven't seen the inside of the OUYA yet, check it out.  The controller also feels really good to handle.  The metal finish components on the top of the controller slide off and each side stores a battery.  The top middle flat area is a touch pad for mouse control, which works like a champ.

User Interface

When you first power on the OUYA, you have to register for a new account or login to your existing account.  After you login, there are four menu options: Play, Discover, Make, and Manage.  The Play area takes you to the games you have installed and the games you've downloaded waiting to be installed.  Discover brings you to the app market with different filters like "Staff Picks" you can navigate through, or you can search by name.  Make is the developers section, but it's also where you can access installed applications.  If you sideload an app, it'll be available in Make > Software.  I'll discuss the process to sideload an app later.  Lastly, through Manage, you can connect to wireless networks, check for system updates, and access the advanced menu which is the stock Settings menu in Android 4.1.  Through this menu you can access the Storage area for any installed apps or downloaded apps.

As you'll see if you research the OUYA at all, anyone who's experimented with it complains first about the sparse app landscape.  The OUYA homepage has a counter in the upper right to inform visitors of the current number of games/apps available, which at the time of this post is at 128.  Thankfully, OUYA was developed to be an open platform, so you can sideload apps/games.


Overall, everything works as expected.  I have noticed a slight delay when using the directional pad to navigate through selecting letters when filling in information or navigating through menus.  I don't know if it's the controller Bluetooth latency, the directional pad connectivity to the controller board, or the console controller board latency but I find myself having to press the directional pad more than once to accomplish the task at hand.  Aside from that, everything else flows smoothly.

Side Loading Apps

IT World has a good write-up on side loading apps, so I don't really have anything new to add there.  To sum up, the best way to accomplish this is to throw the .apk file you want to load into a cloud-based file share like Dropbox.  Then take the download URL and pop it into a URL shortener service.  Once you get the smaller URL, you can open the OUYA browser to access the apk file.  Download it, install it, and then open it via Make > Software.

I've found success side loading a Netflix 1.8.1 apk file from the xda forums.  I tried 2.1.2 from, but it wouldn't install.  Interestingly, the 1.8.1 apk shows an OUYA icon when the app is accessed via the Storage manager, but the 2.1.2 apk does not.  I may look at them forensically to see what the different is later.


I'm impressed with the form factor and weight, both inside and out.  The user interface is easy to navigate, which is a definite plus.  The biggest aspect to the OUYA is its promise of an open gaming system.  The biggest downside is that it's a sparse landscape right now.  Hopefully it will continue to receive enough media attention to keep that awareness in the forefront of developer's minds.  For me personally, it's perfect for travel and I can watch Netflix on it while being on my laptop at same time.  I'm eager to see what the future holds for this device!
Read More

Thursday, May 16, 2013

Windows 8: Force Windows to Use Your Wired Connection Instead of Wi-Fi

Image Credit:
This is a slight modification of the instructions over at, but I just tested this in Windows 8 and it works!

  • Open the Control Panel (Win Key + X > Select Control Panel)
  • Click on Network and Internet and then on Network and Sharing Center
  • On the left hand side, click on Change adapter settings
  • Press Alt to open the Folder Menu, and click on Advanced and then Advanced Settings
  • Now you see the same graphic as that depicted above!  
Make sure Ethernet is above Wi-Fi, click OK, and you're done!

Thanks to Melanie Pinola at for this tip.  Be sure to check out her article for reader comments that may provide additional tips.

Read More

Wednesday, May 15, 2013

Fake Email: Career Boost - Rent One Square Meter of Your Garage

This one missed the spam filters. I'm posting this to benefit others because a family member asked if this was legit.  Before we post the analysis, check out the email with formatting included:
---------- Forwarded message ----------
From: <>
Subject: New Career Boost – Apply Today
To: <spam recipient>
Cc:  HAVE A GOOD DAY <spam recipient> !
Garland offers logistics services which are created in conjunction with clients to meet their needs.

Garland suggests solutions in how we provide our consumers\buyers logistics at either our premises or at those of our buyers.

We can diminish expenses for Warehousing | Personnel | Distribution by:
    altering costs from fixed to variable.
    contracting out gives motivation for quality.
    makes our buyers to concentrate on core activities and sales amount.
    scale effect.
    lessening of administration prices.

Garland has invested heavily to render a upscale service.
It has created its own solution which allow customers receive more benefit throughout the logistics process.

GARLAND, Would like to offer You an opportunity to RENT only ONE square meter of Your garage
or home space to accomplish following logistics activities for our company:

    Arrival of luggage
    Stock entry
    Stock control
    Distribution If You are ready for transporting max 160 lbs - Please contact us as soon as possible
    Tracking and tracing

Our company can offer You 145dollars payment for each week of 1 square meter rent.
If You are able to carry more space, please reply back immediately.
We have profitable premiums for beneficial employees.

In our stocks Garland can make the following operations:

    Pick and Pack – Receiving, Checking, Separation, Labeling, Packing and Postage.
    Warehousing – Checking, Packing and Storage.
    Preparation of Orders – Labeling, Packing and Distribution.
    Stock Control - Email notifications.
    Statistics - Statistical information if demanded.

Garland, a Portuguese independent company has serious experience in the Logistics of Fashion, Literature, HiTech, Drilling Equipment & Tires.
Why not hear more about our entire assortment of services and contact us?
Reply back with Your resume immediately and we will rent even Your roof space!
Have a blessed day!

Disclaimer:  I am not responsible for any consequences if readers decide to visit the IP addresses or websites mentioned in this report.

Interestingly, there's just enough ambiguous language present to make it past the spam filters.  Also, there are no links to any websites encouraging a click-through, so this isn't necessarily a phishing email.  The errors in spelling and word usage are underlined above, which aside from the formatting, are clear indicators this is not a professional email.

Now let's check out the only potential source indicator, the email address.  According to, the website was re-registered May 11, 2013 but the specific details are "privacy protected".  The nameservers point us to and  Russian nameservers, huh?  That makes me feel safe and that the email is trustworthy.  After all, I'm sure most Portuguese companies have their websites handled through Russian registrars.

Next, I decided to do an nslookup on the domain, which gives me an IP address of  According to Blue Coat's Site Review, the IP is categorized as "Government/Legal".  McAfee's Threat Intelligence reports the IP as "Unverified", but flags the IP as being geo-located in Hungary.  There's a correlation for the .ru nameservers.  If you send an HTTP request to the IP address by itself it's obvious it's a shared hosting server.

And finally, visiting shows an empty directory as the index page.


This email is obviously fake, but it's interesting in that it's not what I expected, which is a malware delivery attempt.  Instead, it appears to offer the promise of semi-legitimacy.  The relative did not pursue things further, but I wonder what would've happened.  A colleague told me that there was a news story a while back where someone rented out their garage in such a manner and ended up getting arrested for drug trafficking.

The moral of the story is never believe an email from someone you don't know!   

Read More

Tuesday, May 14, 2013

YouTube Now Offering Subscription Channels

Ah, Google.  In perhaps what is another moonshot, Google has taken what I believe to be, the first steps on the path to challenge cable companies and the channels packages we're all forced into buying even though nobody watches G4 now that it's all grown up.  This move has two key implications: (1) challenging cable companies to provide channel-by-channel subscriptions, and (2) YouTube video producers increasing the quality of their content, but moving that content to the paid channels listings and attempting to get their viewers to follow.

On May 9th, YouTube announced a pilot program for paid subscription channels.  Excerpted from their announcement:
Starting today, we’re launching a pilot program for a small group of partners that will offer paid channels on YouTube with subscription fees starting at $0.99 per month. Every channel has a 14-day free trial, and many offer discounted yearly rates. For example, Sesame Street will be offering full episodes on their paid channel when it launches. And UFC fans can see classic fights, like a full version of their first event from UFC’s new channel. You might run into more of these channels across YouTube, or look here for a list of pilot channels. Once you subscribe from a computer, you’ll be able to watch paid channels on your computer, phone, tablet and TV, and soon you’ll be able to subscribe to them from more devices.
Interestingly, none of the paid channels include YouTube sensations like Annoying Orange and the like, although by now they may have enough of an established revenue stream through alternate means that YouTube's one dollar a month wasn't enough to draw them in.  But think about that for a second.  One dollar a month.  Using an example like Annoying Orange that catches upwards of 150,000 views per episode, posting just one video a month would earn $150,000 minus taxes and fees, right?  $150,000 in one month?  Sure, I'll take that.

Suffice to say that for $1, there will be people that try the channel and don't like it, but to keep people's interest the content will have to be great.  Which is good, because this model will force all potential YouTube producers to step it up a notch if they want to earn revenue amounts past the total that ads can provide.  That begs the question, will we begin to see channels that used to be free start switching over to the $1 a month?  I doubt it.  I think as with Netflix trying to spin the DVDs off as a separate service, the established customer base will be resistant to change.

I think the best way existing channels can take advantage of the new distribution method is to create a separate YouTube channel, and start pointing the freeloaders (me included) over to the paid version.  Expect the call to action at the end of YouTube videos to start including the saying, "check out my/our other channel," which when clicked will bring you to the paid channel line up.

This improved content reinforces the You in YouTube because it's content created for and demanded by us.  Although there are numerous high quality shows on television like my current fav Hannibal, we're forced to pay for that channel along with however many others we don't watch.  

Speaking of not watching, a current trend for cancelled shows and those on the verge of cancellation to seek alternate networks for distribution, such as Arrested Development.  I foresee production companies watching this effort by YouTube closely to see if they can farm their "less successful" (by Nielson ratings anyway) shows for profit through that medium.  But don't get me started on why Nielson ratings are dead.

Here's to YouTube's efforts and hoping they're successful!  I can't wait to stop subscribing to Lifetime for Women...

Read More

Monday, May 13, 2013

Authorized Applications and Google Chrome


Today I'd like to share a thought regarding a scenario where applications that users are allowed to use are controlled via Group Policy and/or a desktop agent and outbound Internet access is inspected by a gateway proxy.  In these types of controlled environments, Internet Explorer is typically the preferred browser by systems administrators due to its ease of manipulation from a centralized management perspective.

That aspect of centralized management can be a pain in the butt from a user perspective.  If the version of Internet Explorer is outdated, runs slow, and/or is generally difficult to use then most users seek an alternative.  The most common browsers people commonly flock to in such a situation are Mozilla Firefox and Google Chrome.

When people attempt to download Firefox, they may get blocked by the proxy if that proxy is using a content filtering solution such as Blue Coat's WebFilter or some other enterprise solution.  These blocking mechanisms are broad, category-based mechanisms like "software downloads" or "web applications".  Interestingly, Mozilla Firefox's download URL is categorized as software downloads, and if that category is blocked then users are prevented from installing Firefox.  All pages for the Google Chrome download on the other hand are categorized as "Search Engines/Portals".  Obviously blocking search engines is counter-productive, so the site is allowed, and thus the download of Google Chrome.

When the Google Chrome installation is first attempted, it will fail because the default install requires elevated privileges.  However, when the installation fails, Google is kind enough to ask if we want to try to install without admin privileges.  After clicking yes, Google Chrome is able to be installed!  Thus, after about 15 minutes of tinkering, we are able to circumvent our organization's centralized browser control.

Fortunately for this organization, we have a proxy.  To prevent users from using Chrome even after they go through this process, simply block the User-Agent HTTP Request Header string using RegEx.  If you're unsure of the User-Agent string, check out  The RegEx match to block Chrome can simply be "(.*)Chrome(.*)" since normally Chrome's UA String looks like this:  
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31
The (.*) is a wildcard that will catch everything leading up to "Chrome" and everything after.

Of course, a user could still get around this by changing Chrome's UA string, but that's a story for another day.
Read More

Sunday, May 5, 2013

MACCDC 2013, A Blue Teamer's Lessons Learned: Part 4 - Game Time

This is the fourth part of a series of blog posts I'm writing to relate the various things I learned from getting to experience the glory that is MACCDC.  Here is the table of contents:

#4 - Game Time

Game Time

1) Make the most of your time.  This can be construed multiple ways, but if team members don't have access to the machines as expected, immediately start finding an alternate path.  Familiarize yourself with the scorebot gui to locate flags and injects.  If you're waiting for an answer on something, try to multi-task.  There ideally should never be a time where someone is sitting and doing absolutely nothing.

2) Don't get over-confident.  I'm guilty of this myself.  I set down the basics on two linux boxes without setting deeper security, and they both got owned on day two.  So, no matter the standings point-wise, don't stop securing a system until the end of the competition.

3) Communication.  It's the team captain's responsibility to receive and assign injects.  At the same time, the team captain is going to be pulled in multiple directions.  Therefore, the team captain needs to effectively disseminate the injects so that the whole team can be aware of all the details.  This can be done by having the team captain log in to every machine so each team member can see the injects, or he/she can assign the injects.  If assigning injects, the approach should be the team captain asking the team for familiarity with the subject and assigning the inject to the team member with the most familiarity.  If no one knows the inject subject, then the team captain should assign it to the person with the most availability to multi-task.

3) Receiving injects.  Injects are a high scoring component of the game, so the team needs to identify all potential ways injects can be delivered.  This year that included a) email, b) phone, and c) sneakernet.  Within the first two hours of competition time, these methods should be identified and monitored.

4) Inject handling.  When team members receive an inject, those same team members may get pulled away from completing it.  If so, then the team member that was handling that inject needs to hand it off to another team member to ensure it gets completed or progress is made.  Basically, an inject should never stop being worked.  This will ensure the team receives points for completing the inject and that it will be finished in case another inject builds upon it.  When injects are received the team captain needs to identify the deadline and keep monitoring progress as time ticks down to the deadline so the inject completion does not fall by the wayside.

5) Scorebot.  Each team member needs to, at some point, open scorebot and monitor the respective services on their assigned VMs.  Identify the services with the most points scored, and try to ensure that they stay active.  If the team members do not have time, then the team captain can perform this function on the "high side" (if there is one).

And that wraps up my lessons learned from a high-level.  I hope this helps those preparing for CCDC-type competitions.  Check out Rob Fuller's presentation for more technical detail.

Read More