QAM, QAM, lovely QAM

I've been happily surviving without any source of live television for a few years ago. It's a combination of pretty awful local over-the-air reception (which is only compounded by the impending switch to digital), and obscenely expensive cable fees for even basic programming. It hasn't bothered me much, but it would be nice to have some access to live information in the event of a major event, political happening, or large emerging news story. For the presidential debates, I was able to pick up some webstreams, though these were a bit shaky, and for the oscars, I just drove over to Princeton for an hour to see them.

Well, I recently switched my internet service from 3Meg DSL (which barely counts as broadband these days) to 15Meg Cable. I casually wondered whether this would let me pick up any TV off the coaxial cable. Nothing via "analog" or plugging in to an over-the-air ATSC decoder box, as you might expect (the installation work order even indicated that I had been given a "video block" for free). But, after some fiddling, I discovered that I could pick up the local channels via QAM: Quadrature Amplitude Modulation. The kind cable company was fulfilling its FCC obligation to provide customers with unencrypted QAM versions of the channels. So now I can pick these up, albeit via a computer with an appropriate decoder card, which isn't that satisfying. Maybe when I upgrade a television, I'll get one with an integrated QAM tuner and use that.

Also while switching to Cable internet, I made the mistake of hooking up a machine which is usually shielded behind a router. I left it alone for an hour or two, and returned to find that it had been hijacked: I'd left a VNC server running without a password (I normally access the machine only on the internal network), and some crim had abused the hospitality. I was tipped off by the fact that the antivirus software had been uninstalled, the software firewall disabled, and other general nastiness. I wondered if I would need to scrub the machine and start over. Actually, delousing the machine was not too hard. I identified all the files that had changed in the intervening time, which led me to a couple of new directories, in windows/system/programas [hint: I don't usually label my directories in spanish] and thereabouts. A couple of new processes were running, as well as a couple of familiar named processes which were running as a user rather than as kernel (ie they were pretending to be something they were not). A new service, cunningly named ms-java was also installed. I killed and deleted the processes and files, and removed the unwanted service. Unless there was some additional nasty rootkit business going on, I think I got it all (subsequent virus scans and spyware scans didn't turn up anything).

What was interesting is what all this badware was doing: I didn't spend too much time trying to disentangle it, but I got the general idea. There was an IRC client installed, presumably to allow the machine to be controlled from afar; there was also an FTP server set up. Probing into it, I was rather galled to find that the server was serving up some of *my* files. Fortunately, these were only some music and video files that I'd downloaded. These had been copied into the programas directory, and were being served from there. I got rid of all of that, but was still curious to know how automated this was: had the whole attack been done via standard scripts, or had some kid pwned my machine, and manually been probing through my files? Fortunately, there wasn't anything too important on the machine, but it's still rather worrying to see how easily---and how quickly---some kid can get in. Sure, I left a door wide open, but it's always a surprise to be reminded how cavalier people can be. Anyway, I managed to get the whole thing cleaned up within a couple of hours of infection, so no lasting damage done.

1 comment:

Anonymous said...
This comment has been removed by a blog administrator.