Solipsism Gradient

Rainer Brockerhoff’s blog

Browsing Posts tagged Brasil

[Note for English-language readers: I describe a transient DNS poisoning attack against Banco do Brasil.]

Ontem, dia 4 de maio, em torno de 13:00 locais (17:00 GMT) entrei no site do Banco do Brasil. Na tela normal de login, tem-se que informar agência, conta e a senha de 8 dígitos. Feito isto, apareceu uma tela — inusitada! — solicitando, também, a senha de 6 dígitos!

Apesar da tela normal, com todos os logos etc. no lugar, desconfiei e olhei alguns dos links que saíam desta tela. Vários deles se dirigiam a um servidor, também, inusitado: ndninternetbbseguro.bb.com.br.  Fui verificar via whois:

whois ndninternetbbseguro.bb.com.br
...
domain:      bb.com.br
owner:       BANCO DO BRASIL S.A.
ownerid:     000.000.000/0001-91

ou seja, aparentemente normal. Porém, mirando este servidor eu vi:

PING ndninternetbbseguro.bb.com.br (46.166.173.180): 56 data bytes
64 bytes from 46.166.173.180: icmp_seq=0 ttl=48 time=1203.666 ms

um endereço que não me lembrava de ter visto para um site brasileiro. De fato:

whois 46.166.173.180
...
inetnum:        46.166.173.0 - 46.166.173.255
netname:        BALTICSERVERS-LT-DEDICATED
descr:          Dedicated servers
country:        LT
...
person:         Martynas Simkevicius
address:        Tilzes 74
address:        LT-76140 Siauliai

ou seja, um servidor localizado na Lituânia! Obviamente se tratava de um ataque “DNS Cache Poisoning” e isto, provavelmente, nos DNS da Vivo, meu provedor atual. Claro, não prossegui nas páginas nem tentei seguir os links; mas, com toda certeza, minha senha de 8 dígitos já tinha sido enviada ao impostor.

Vi outro relato possivelmente relacionado ao incidente nesta mensagem:
https://twitter.com/andreas_schutz/status/727143088582434817
“Your connection is not secure…” e, depois, um erro na configuração SSL/certificados do servidor www2.bancobrasil.com.br, que eu sabia ser um dos normalmente usados no internet banking do BB. Tentei acessar este servidor aqui, com o mesmo resultado.

relatos esporádicos de tais ataques contra o BB no passado, e muitos contra outros alvos.

Por precaução, fui imediatamente ao banco e alterei as minhas senhas — e, de fato, do terminal de lá conseguia acessar a conta normalmente. De volta, mudei para outro DNS e apaguei os caches; também, agora, tudo de volta ao normal aqui em casa.

Digital Photographer Brasil is coming out in a few days: a Brazilian edition of the UK’s Digital Photographer magazine. Congratulations to the editor, Mario Amaya and all our friends at Editora Digerati.

Special thanks to Mario for featuring one of my pictures on page 14 of the magazine; you can see it on his post, it’s the first top left picture after the cover.

<blush>

No comments

Well, the nice folks at MacMagazine (thanks Rafael!) have republished a slightly updated version of an interview I gave a few years ago. It’s mostly about the 1985 Unitron Mac512, the very first Mac clone.

It’s in Portuguese, so here’s a translated-by-Google sort-of-English version. Rafael has hunted down some good pictures of an early prototype; I regret not having taken any myself.

Week off

No comments

Early tomorrow we’re leaving for a short (6-day) trip to Tocantins, or more specifically, the Jalapão State Park.

It should be good to unwind a little from 2008, and I plan to bring back some good pictures. For the first time in several years, I won’t take a laptop; there’s supposed to be very little infrastructure at the campground. Hopefully the withdrawal symptoms will be mild… icon_wink.gif

Unfortunately, this means I’ll be unable to answer email, do product support, or even approve new users here at the forum. All will back to normal on the 16th, so please bear with me.

Fast status update.

A couple of recent documentation and sample code releases by Apple have finally offered me the opportunity to implement a significant portion of everybody’s wishlist for Quay. In particular, I now have code running that does an exact imitation of the Tiger clicking behavior – open on left-click, pop up menu on right-click – with the option of inverting it. Early tests of allowing dragging files onto the Quay icons also are positive. Several other frequent requests from users are also being implemented, and I have some significant new functionality waiting in the wings, so to speak.

So what’s the downside, and when will it come out?

The past week has seen a sudden peak in non-related problems that had to be solved offline; also my ADSL connection has been hit by some instability. I haven’t been able to log onto AIM with any reliability, and I’ve even had to resort to dial-up now and then. No idea when this will normalize; if it’s due to the seriously unstable weather, it could go on for months.

In addition, I’ve had to return to do work, whenever at all possible, on my Objective-C 2.0 book which is now behind schedule. I’m grateful to my Gentle Editor for not emitting any too-drastical threats, but I agree with him that I need to seriously catch up. In addition to all these considerations we’re way overdue for a trip; there’s been no opportunity for any significant travel this year, and now we’ll be finally off this coming Sunday.

It’s going to be a short working vacation though: a week-long Amazon Cruise on the Iberostar. And I’ll be taking my old iBook G3 to work on the book… as usual I expect to make excellent progress. We’ve been to the Amazon twice before, so we won’t feel obliged to do all the excursions.

Coming back to Quay. The new schemes implied yet another significant recoding effort. Most everything has changed, including installation procedures. So I’ll be extra-careful with testing after I return, and I hope to have the new version ready around Christmas.

During my trip I’ll probably be offline most of the time, too – (it’s the Amazon, remember?) – so please be patient if you e-mail me.

We’re back from a 10-day vacation in São Paulo and surroundings. Good to get away, better to get back. I was offline most of the time and am still catching up on news and e-mail.

Had less time to work underway than I anticipated but I made progress on the Leopard version of RBSplitView – including the Interface Builder plugin – and had some new ideas about other things too.

The new iMacs look very nice. Wonder if the lower prices will be reflected here, though.

The iPhone update makes me almost sure Apple isn’t using the TrustZone at all. Deliberately, of course. Makes one wonder what is behind that…

…more as I catch up.

It’s been some time since I visited the Doing Business site, but now they have a new map up which makes it easier to compare various countries regarding the ease of doing business.

Of course, as usual, Brazil is among the worst countries for business. Specifically, it’s #106 for starting a business, #101 for emplying workers, and #149 for paying taxes and closing the business after it folds (which is very probable). New Zealand and Singapore have the best ratings.

In the last year I’ve been getting an unusual number of queries from people wanting to open some sort of business in Brazil; even more unusual, a Mac-related business. My answer is always “don’t”. Yes, ratings for investing money here have been seen very positive increases lately, but it’s better to do so indirectly, via the stock market for instance. (For US investors, funds like iShares MSCI Brazil (EWZ) have had excellent returns.)

I used to have a one-man consulting company – opened during a period where the usual requirement to have at least two partners had lapsed – but I shut it down due to several factors, many of which related to taxes and bureaucratic inconveniences. While the company is dormant, I haven’t dissolved it; it takes 9 to 12 months to do so, and is expensive. Bankruptcy proceedings are known to take 2 to 15 years. Many reports are available; check the latest one about Brazil (PDF) for details.

Saltimbanco

No comments

Somewhat unexpectedly we got a couple of the last tickets to Cirque du Soleil‘s last show in Brazil – namely, Saltimbanco, a show which we’ve seen on DVD, but never before in person. As we’re big fans of the company – in fact, nearly all of the few DVDs we own are the Cirque’s – we didn’t hesitate in booking the package when we were told it was available.

We leave in a few minutes on a bus to Rio de Janeiro. The package includes an overnight stay in a hotel, a few meals and a post-show barbecue – then it’s back home during Sunday night. We’re really looking forward to this. Normal life resumes on Monday; I’ll probably be offline until then.

Photos licensed by Creative Commons license. Unless otherwise noted, content © 2002-2017 by Rainer Brockerhoff. Iravan child theme by Rainer Brockerhoff, based on Arjuna-X, a WordPress Theme by SRS Solutions. jQuery UI based on Aristo.