Wednesday, 25 August 2010

Anatomy of a Paypal Scam

Over the course of the last few days I have been the target of a paypal scam. This was one involving a car I have for sale online. The gist of the scam is detailed here.

The first part that threw me was the perpetrator was claiming to be on a oil rig, having no phone access but working Internet access.

"thanks for mailing back,i am a petroleum engineer and i am on rig right now.i am buying this as a birthday gift for my dad,i've been trying to reach you but i discovered that our  phone is currently scrambled due to the bad weather please bear with me .I can only pay through paypal at the moment as i dont have access to my bank account online,but i have it attached to my paypal account and this is why i insisted on using paypal,i will like you to send me your paypal email so i can deposited the money."

I gather this was a ploy so that I could only contact him via the Internet and not speak to him in person. The mobile number he gave just rang out with no voicemail.

The next step was that the car had to go to Darwin which is a long way from where I am and that he couldn't pay for the pickup agent from his location.

He offered extra money above the price of the car to cover this if I could just wire the extra money to his pickup agent in the UK (never mind the issue of using a pickup agent in the UK to move a car in Australia).

The clincher came the next morning when a fake paypal email came saying money had been transferred into my account (it hadn't) but to release the total value I had to prove that I had sent the money to the pickup agent.

The email looked fake. Checking the headers (View Original in gmail) gives:

Received: by 10.216.15.8 with SMTP id e8mr41876wee.59.1282688603259; Tue, 24
 Aug 2010 15:23:23 -0700 (PDT)
Sender: mark.markspencer.spencer8@gmail.com
Received: by 10.216.170.140 with HTTP; Tue, 24 Aug 2010 15:23:23 -0700 (PDT)
Date: Wed, 25 Aug 2010 00:23:23 +0200
X-Google-Sender-Auth: ovZN1dj6pw_bFlMm7Z5wEsKi3LQ
Message-ID: 
Subject: ****Regarding Your Payment****
From: "service@paypal.com" 
 
 
If you have dealt with Paypal before you know that notifications for instant payments 
come from the person doing the payment, not from Paypal. I did a search for Mark Spencer 
and variations on that name appear with many scams. If they were smart it would be an 
alias but lets not presume too much here.
 
During my long conversation with the scammer (yes he wanted to chat too) it was 
evident that he didnt understand english that well and didn't get that he'd been
sprung. me: I should tell you I work in IT. This sounds too much like a scam to be anything but.
Jayceon: but?
 
I send the original email on to the advertising agency who confirmed it was definately a scam. I also 
forwarded the fake paypal emails to paypal so that they can investigate. I don't expect anything
to come from this but it was an interesting experience nonetheless.
  
I have a full chat log plus all the original emails if anyone is interested. 

Monday, 23 August 2010

iPhone4 Tethering Part2 Multiple Devices

Tonight I did some more experimentation with the tethering on the iPhone4 (yes you can do it on the earlier models too) to see about multiple devices.

In my earlier post, I discovered that the address range assigned to tethered devices is 172.10.20.0/28. Given this range, I presumed that multple devices could tether through the iPhone together.

To test this, I tethered my laptop and my wife's MacBook through my iPhone together. Both devices recieved an IP address in the above network. To my surprise they could ping each other without any issues. I guess you could call that an ad-hoc bluetooth network with the iPhone acting as an access point!

I also checked the externally visible IP addresses and as suspected they are both appearing behind the same externally assigned IP address from the 3G network.

So I guess the next question, could you say, have a whole bunch of devices all tethered through an iPhone? Imagine the possibilities, a classroom of students sitting out in the park all on the 'net through a single device?

Interesting possibilities indeed...

Facetime ™ on the iPhone4

Finally I know someone else with an iPhone4. It has only taken a month! As soon as his phone was on the network we tested Facetime™.I have to say it does work as expected though you have to be careful as to what type of network access you use for wireless.

To me it's obvious, but perhaps to non-technical folk it might not be; You need to have a direct connection to the Internet, this means you can't go via a proxy. We have two wireless networks here and one uses a proxy the other doesn't. The proxy one does not work for Facetime™.

I haven't much on how this protocol works but I assume its similar to a peer to peer application where UDP packets are sent out to create an outbound hole in a firewall that can then be used by the person at the other end of the call. Presumably there is a central registration service which associates a persons mobile number with their current outbound IP address. Again, this is how peer-to-peer networks work.

There's no way they could get away with channelling all video through a central site given how much latency there is getting to Australia.

The quick tests we did showed that the latency was noticable but not Über laggy.

The video quality was passable but with useful lighting it would be better.

All in all, a useful service. Hopefully down the track they will open the protocol and allow other devices to talk with iPhones.

Tuesday, 10 August 2010

PostgreSQL and xpath

Wow.

It all started with me being a lazy developer. I had to store some figures and rather than create a new database table I decided to reuse an existing one. Only problem was that the existing table only had a field of type text for storing these figures (power readings). No worries, I thought, I'll just encode it as XML and use PHP to extract the info when I need it.

Sounds ok so far? Well, I guess I could have gone down that path but it broke my general way of doing things. I wanted to be able to summerize data inside the database where the data lived rather than externally.

So I began looking at what options there were for working with XML inside postgreSQL. Well if you do a simple search for these terms you find yourself looking at the manual for version 8.2 . I soon discovered that XML support in 8.2 was limited at best with third party add-ons required to be useful.

When I took at look at the manual for 8.3 though, it became aparant that I could do XML manipulation as part of a regular SQL query! Imagine that. Now, that lovely XML data that I had sneakily placed into a text field could behave like all the other data that had been given its own columns.

Try this on for size as a scary looking but way cool SQL query for postgreSQL:
SELECT
date_trunc('month'::text, lo.ti_start)::date AS "Reading Taken",
cl.cl_name AS "Client", (xpath('/load/board/text()'::text, lo.ti_data::xml)::text[])[1] AS "DB",
avg((xpath('/load/reading/phase[@units=''amps'']/text()'::text, lo.ti_data::xml)::text[]::real[])[1])::numeric(6,1) AS "Phase1 (A)", avg((xpath('/load/reading/phase[@units=''amps'']/text()'::text, lo.ti_data::xml)::text[]::real[])[2])::numeric(6,1) AS "Phase2 (A)", avg((xpath('/load/reading/phase[@units=''amps'']/text()'::text, lo.ti_data::xml)::text[]::real[])[3])::numeric(6,1) AS "Phase3 (A)", avg((xpath('/load/reading/phase[@units=''kw'']/text()'::text, lo.ti_data::xml)::text[]::real[])[1])::numeric(6,2) AS "Phase1 (kW)", avg((xpath('/load/reading/phase[@units=''kw'']/text()'::text, lo.ti_data::xml)::text[]::real[])[2])::numeric(6,2) AS "Phase2 (kW)", avg((xpath('/load/reading/phase[@units=''kw'']/text()'::text, lo.ti_data::xml)::text[]::real[])[3])::numeric(6,2) AS "Phase3 (kW)"
FROM netdb.load lo, netdb.client cl
WHERE lo.se_type = 39 AND lo.cl_id = cl.cl_id AND lo.cl_id = 3
GROUP BY date_trunc('month'::text, lo.ti_start)::date, cl.cl_name, (xpath('/load/board/text()'::text, lo.ti_data::xml)::text[])[1];

As you can see, with the xpath function, you can treat any text block as XML and then manipulate, select or group by the results.

This is such a powerful idea that I'm still geeking out about it. For a long time I had seen XML formats as a data storage format, throw in XPath and XQuery and you have somethign that could potentially replace a RDBMS. Now think about XML inside your RDBMS and you get the best of both worlds. Better still, you can slowly add XML into your existing database without having to retool all your existing code.

What a fantastic idea.

Look forward to doing lots of cool things with XML and postgreSQL.

Read this knol that I wrote on this subject.

Monday, 9 August 2010

iphone4 Tethering

After receiving my new iPhone4 on the 2nd of August, I was surprised to find my Telco now allowed tethering for free. This was a change from my previous contract for my iPhone 3 which required a call to the telco and an additional charge of $9.99 / month.

So here I am blogging via a tethered connection to my iPhone and I thought I would check what addresses I get on each device. To my surprise, I get a different IP address on each device. I discovered this by using one of those "what is my IP" sites (e.g. here). Yet my laptop locally had an IP in the 172.10.20.0/28 address space and also the next three hops out from my laptop.

traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  172.10.20.1 (172.10.20.1)  24.506 ms
 2  172.22.68.131 (172.22.68.131)  82.246 ms
 3  172.22.68.2 (172.22.68.2)  116.105 ms

This makes me think that my tethered traffic is being tunneled through my iPhones 3G connection. To make matters even more muddy, the ping app I have on my iPhone reports yet another IP address different to that reported by the ip address website. This makes me think perhaps there might be some transparent proxying going on.

Further analysis I find that the address site and ssh connection show consistent results for both devices. The only difference is the laptop is reporting a different local IP than that of the SSH connection or address website. The range allocated is a /28 which makes me think the iPhone supports multiple devices connected via bluetooth tethering to a single IP address which exists on the phone. Thus the ISP allocates one IP for the iPhone and a separate one for the tethering. This still doesn't explain the three hops from the tethered device inside the 172.16.0.0/12 private address space but I'll leave that to someone else to explain.

But the best news is that it works a treat and I no longer have to take a 3G dongle with me to access the 'net on my laptop.

More questions that answers I'm afraid but at least interesting networking. If only I could capture the network packets inside the iPhone.

Perhaps there's a useful document out on the 'net that describes the actual process going on.

I'll leave that to you as an excercise.

Monday, 2 August 2010

Sample iPhone Image and Video

This image was taken on my new iPhone4 which arrived this morning. The shot was taken in my office with lots of sunlight and contrast. Bear in mind that the image has been squashed to 1600 horizontal pixels by Picasa so you don't see the whole resolution but it gives you a good idea of the potention of the iPhone's new camera.

I will try and upload the original image somewhere but its not small and will take a while.

I have also created a test video from the phone and uploaded it to youtube.