Author Archives: Joe Wein

About Joe Wein

Software developer and anti-spam activist

Beware of fake Google Chrome installer emails

Posted on by
3

Barely had Google announced its new browser Chrome, that malware senders responded by sending out fake emails claiming to provide an installer for the new software. Here is a German message I received:

From: “Steffen Neukirch” <beta-team@google.de>
To: spamtrap-email-address
Sent: Friday, September 05, 2008 09:26
Subject: [PR] Neuter Webbrowser Chrome erhältlich

Sie benötigen einen JavaScript-fähigen Browser, um diese Software herunterzuladen. Klicken Sie hier, um Anleitungen zum Aktivieren von JavaScript in Ihrem Browser zu erhalten.

Google Chrome (BETA) für Windows
Google Chrome ist ein Browser, durch den die Nutzung des Internets beschleunigt, vereinfacht und sicherer gestaltet werden soll. Dabei bietet der Browser eine hohe Nutzerfreundlichkeit.

Für Windows Vista/XP

Ein Eingabefeld für alles
Bei Eingabe von Text in die Adressleiste erhalten Sie Vorschläge zu Such- und Webseiten.

Miniaturansichten Ihrer am häufigsten besuchten Websites
Rufen Sie Ihre Lieblingsseiten von jedem neuen Tab aus blitzschnell auf.

Verknüpfungen für Ihre Anwendungen
Starten Sie Ihre am häufigsten verwendeten Webanwendungen über Desktop-Verknüpfungen.

Zögern Sie nicht den neuen Webbrower zu testen, im Anhang finden Sie die neuste Version des Chrome
einfach installieren und sofort loslegen.

©2008 Google – Startseite – Über Google – Datenschutzbestimmungen – Hilfe

I checked the attached 705 KB ChromeSetup.rar file with Kasperky’s online virus scanner:

Scanned file: ChromeSetup.rar – Infected
ChromeSetup.rar/ChromeSetup.exe – infected by Trojan-Dropper.Win32.VB.efh

Do not install software attached to or linked from emails you didn’t request. The real Google Chrome (Beta) browser is available at http://www.google.com/chrome

DD-WRT on Buffalo WHR-HP-G54

Posted on by
9

Today I installed the open source router firmware DD-WRT on a newly purchased Buffalo WHR-HP-G54 broadband router. I’m very impressed with its rich feature set and ease of installation.

Months ago a friend had recommended OpenWRT, another open source solution for low cost broadband routers, but following the old “don’t try to fix it if it ain’t broken” mantra, I had stuck with my standard NEC Aterm WR6650S WarpStar router (firmware revision 8.72) .

A few weeks ago I started having random problems connecting to the internet. When I clicked on links in the browser, either it was very slow or it returned an error or timed out on me. When I investigated I noticed that the internal log of the NEC WarpStar was full of error messages like these:

2008/08/24 18:09:29 NAT TX-ERROR List Create Error : UDP 192.168.1.102 : 31320 > 201.29.227.157 : 7701 (IP-PORT=1)
2008/08/24 18:09:29 NAT TX-ERROR List Create Error : UDP 192.168.1.102 : 31320 > 99.227.142.5 : 9205 (IP-PORT=1)

A router reset (briefly pulling the power cord) would cure it for a few hours to two days at most, but then the problem always came back. The router firmware obviously had trouble tracking which entries in its Network Address Translation (NAT) table could be discarded and the table would overflow, making connections to the outside world hit and miss, as NAT entries are essential for replies to requests sent to servers out there to get back into the LAN.

Of the 8 PCs and Macs in my home and office that are sharing a cable internet connection, at least four are on all the time, crunching spam data received from around the world day and night. So you can imagine that whatever router I’m using is always getting a good workout. I can’t afford it to be unreliable.

So I started doing a bit of research on OpenWRT and its cousin DD-WRT and what sort of routers that are compatible with them I could get locally here in Yokohama, Japan.

The Linksys WRT54G was the first router fitted with open source firmware, but Yamada Denki, the biggest electronics store in my part of town, does not sell any Linksys products. They were selling mostly NEC and Buffalo, but none of the models I found on the shelves appeared on the list of supported hardware.

I searched Google for the WHR-HP-G54, a supported Buffalo router, for pages in Japanese and found it on kakaku.com, a price search website. It was available for 6,500 yen from Mr. Direct, a company based in Hiroshima. Less than 48 hours later the router arrived at my doorstep by takkyubin (parcel service), for about $70 including tax and shipping.

Installing DD-WRT on the router turned out to be so easy, it actually took less time to do it than to get my Windows Vista notebook working with the new wireless security keys afterwards!

Here’s what I did:

  1. First I downloaded the firmware (v24-sp1 / Consumer / Buffalo / WHR-HP-G54 / dd-wrt.v24_mini_generic.bin) and saved it on my local hard disk. Update 2009-05-25: Do not use any DD-WRT V24-sp1 builds dated in between 030309 and 051809, these builds have known problem that didn’t exist in the March 3, 2009 version and was fixed in the May 18 2009 version.
  2. Next I verified the router was working with its default firmware. I hooked my notbook to one of the LAN ports by ethernet cable and accessed 192.168.11.1 with the browser. The Japanese factory firmware came up (user: root, blank password).
  3. I added the tftp program in the Windows Vista control panel (Programs and Features / Turn Windows features on or off)
  4. I opened two command prompt windows. In the first I executed
    ping -t 192.168.11.1

  5. In the second command prompt window I went into the folder where I had saved the downloaded DD-WRT firmware and then typed the following, without hitting Enter:
    tftp -i 192.168.11.1 PUT dd-wrt.v24_mini_generic.bin

  6. Unplug the power cable from the back of the router, then reconnect it.
  7. As soon as you see the router responding to the PING command in the first window, hit enter on the second window (tftp command). The diag LED will flash for a number of seconds and tftp will report that the file was transferred.
  8. When the LEDs on the router are quiet, the update will have finished. Renew your IP (or reboot your PC), because the router will now be at 192.168.1.1. Access it with the browser and you’re ready to configure your new DD-WRT router!

Malware: “Por favor veja isso!!!”

Posted on by
Reply

Today I received a couple of near identical emails in Portuguese that differed only by the (forged) sender address:

From: “Fernanda” <fernandinha@globo.com.br>
To: <joewein@pobox.com>
Sent: Thursday, September 04, 2008 06:29
Subject: Por favor veja isso!!!

Você acredita que essas coisas ainda acontecem no Brasil?

Eu não posso acreditar…

Se você quiser, assine e repassse!

Tratamentos Desumanos.wmv (153,0 KB)

Google translation:

Subject: Please see that!!!

Do you believe that these things still happen in Brazil?

I can not believe …

If you want to, sign and pass on!

Inhumane Treatment.wmv (153.0 KB)

The link to what looks like a Windows movie file will try to run a malware installer.

The link in one of the emails goes to http://ceubba.org.ar/chat/data/web/~/anexo/video.wmv, which is actually a directory created by the malware senders on a hacked website. For any directory, the browser resends the request with index.html, index.htm and a few other typical default document names. The criminals named their Windows malwale index.html and placed it into that folder. Because the file starts with an executable program header, Windows will try to run it, rather than using the Windows media player to play it as a video.

Be very careful when clicking on links or attachments in unexpected mail sent to you. Use common sense or a good anti-malware program, ideally both!

Gmail “Never send it to spam” and IE 6

Posted on by
6

Earlier this summer a friend told me about a way to keep emails out of the Gmail spam filter, which unlike that of Yahoo! Mail can not be disabled. By setting up a filter rule (say, the email contains certain words) and specifying the “Never send it to spam” action for messages that match the rule, these emails will never get caught in the spam folder.

I collect a lot of spam for building my spam blacklists and would have liked to use my Gmail accounts for that, so this sounded useful. By using a filter rule I could ensure that the spam emails I wanted to analyze would either end up in the Inbox, from where my spamfilter can extract them via POP, or would be forwarded to another email address for retrieval.

However when I tried it, the new option wasn’t there. I found many blogs talking about the feature, but none of the Gmails accounts I tried gave me that option. What was I missing?

The mystery seems to be related to the browser I use: When I use Internet Explorer 7 on a Vista machine, the new option was indeed available. However, with Internet Explorer 6.0 on two XP machines it wasn’t there. When I installed and ran FireFox 3 in parallel on one of those XP machines, the option appeared too.

Therefore, if like me you use IE 6 and don’t want to switch browsers just yet, set up the Gmail filter from another machine running IE 7 or install FireFox as an additional browser (not the default) on your IE 6 machine. Unlike IE 7, FireFox will coexist happily with IE 6 and upgrading to it is not a one way street as it is with IE 7.

flapstate.com / mdanclub.com / wayizer.com

Posted on by
47

Today I was contacted by someone about a domain flapstate.com which was still on my spam list from spam received last year. It looks like since then the domain had expired and been deleted, but then registered by a new owner for what appears to be a scam.

The same scam also uses domains

  • mdanclub.com
  • wayizer.com
  • wayate.com
  • coralnic.com
  • grigga.com
  • srcify.com
  • azureclub.com
  • flipality.com

and probably many others. The fact that they keep switching the domain of their website is already one giveaway that it’s a scam.

The four domains wayate.com, wayizer.com, mdanclub.com and flapstate.com are all hosted on the same server, at IP address 216.22.50.130. That IP address has been assigned the reverse DNS name “server1.bestunbeatableoffer.com”. Interestingly “bestunbeatableoffer.com” is not currently working, as it has been suspended by its registrant for spam or abuse. A Google search for the domain “bestunbeatableoffer.com” finds a blog entry that accuses the site owners of phishing, using a whole bunch of different domains that harvested personal details, including email addresses and passwords.

Do not enter your real name, email account or password on any of these websites. These sites are deceptive and harvest personal information which can (and probably will) be abused!

Here is what happens. If you access any of these websites it first gives you this message:

Our system indicates that a pic from your ip address has been uploaded to this site within the past 48 hours.

This is a blatant lie, because it will say that from whatever IP address you access from, as this is hard-coded into the website. It doesn’t even check what IP address you access from before it puts up this dialog.

Once you click OK it puts up another dialog:

Fill in to view your pics.

FULL Name of Friend
who referred you to this page:

Your FULL Name:

Your FULL Email:

It then asks for your password. This is highly dangerous. With your email address on Yahoo, Hotmail, Gmail and many other services and your password, the website could access your online address book and find all your online contacts. What’s more it can then contact everyone in your address book in your name, sending them an email that looks like it was sent by you! Thus the deception would snowball. It would allow massive address harvesting.

This is especially true because they also ask about which social networking site you come from (e.g. Myspace, Facebook). If people happen to use the same password there, it will allow the scammers to break into social networking accounts and their associated address books, “friends lists”, etc. They can then tell every one that “their pic has been uploaded” and repeat the game ad infinitum, until they have stolen millions of names, email addresses and passwords.

After filling in the previous forms with bogus data, I got this dialog:

FINAL STEP BEFORE RETRIEVING RESULTS

Our system indicates that your friend recently bookmarked and reserved this page just for you.

It said that after I made up a bogus name for the friend who supposedly sent me there. My email address was also one I made up and had never used before (on a domain that I own). After that I got an error message:

Link unavailable

Possible causes are:
Your geographic location is not allowed for this offer.
Duplicate IP Address.
A system error ocurred.
The offer has expired.
The AFID or CID is not valid or authorized.

The domain flapstate.com was registered with these details, which appear to be forged (see comments below by the real Adam Arzoomanian, who appears to be an innocent party whose name was abused and reputation destroyed by the real scammer):

Registrant [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US

Administrative Contact [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US
Phone: +1.7029221911

Billing Contact [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US
Phone: +1.7029221911

Technical Contact [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US
Phone: +1.7029221911

Domain servers in listed order:

NS1.DOMAINSERVICE.COM 67.99.176.12
NS2.DOMAINSERVICE.COM 67.97.247.209
NS3.DOMAINSERVICE.COM 64.49.213.231
NS4.DOMAINSERVICE.COM 67.97.247.210

Record created on: 2008-08-03 19:18:56.0
Database last updated on: 2008-08-03 19:16:31.357
Domain Expires on: 2009-08-03 19:18:56.0

(Note that registrant details are not generally verified by registrars, so there is little to stop a criminal from using someone else’s name for a fraudulent domain registration.)

Any other domains that are part of this same scam are likely to use the same address details.

The street address and phone number listed above appear to belong to a nightclub called Spin Nightclub.

Toptieprofiles.com appears to have been part of the same scam, because its HTML code used to reference IP address 216.22.4.42, as does flapstate.com.

Also, the email address used in the domain registration (bulletinpics@gmail.com) suggests a link to domain BulletinPics.com which was also used for an email address and password harvesting scam (see here). Website www.bulletinpics.com looks identical to flapstate.com but is hosted on a different server, on IP address 159.25.17.50. This site loads an iframe that points at domain destination-server.com, which is hosted at IP address 216.22.50.130 like flapstate.com, wayate.com, wayizer.com and mdanclub.com. Here’s the registration record for bulletinpics.com:

Registrars.domain: bulletinpics.com
owner: – –
organization: Spin Promotions
email: bulletinpics@gmail.com
address: 2255A Renaissance Drive
city: Las Vegas
state: —
postal-code: NV
country: US
phone: +1.7029221911
admin-c: CCOM-1288874 bulletinpics@gmail.com
tech-c: CCOM-1288874 bulletinpics@gmail.com
billing-c: CCOM-1288874 bulletinpics@gmail.com
nserver: a.ns.joker.com 69.39.224.27
nserver: b.ns.joker.com 66.197.237.21
nserver: c.ns.joker.com 69.39.224.26
status: lock
created: 2008-05-13 12:14:33 UTC
modified: 2008-05-14 10:01:57 UTC
expires: 2009-05-13 12:14:33 UTC

contact-hdl: CCOM-1288874
person: – –
organization: Spin Promotions
email: bulletinpics@gmail.com
address: 2255A Renaissance Drive
city: Las Vegas
state: —
postal-code: NV
country: US
phone: +1.7029221911

The name “Spin Promotions” suggests a possible connection to Spin Nightclub, whose street address was used for the other domain registrations.

ProfileMirrors.com is another domain that loads a page off destination-server.com. This job offer on GetAFreelancer.com for people doing captcha entry mentions both destination-server.com and bulletinpics. This is very interesting because CAPTCHAs are commonly used to defeat spammers who automatically set up or log in to email accounts at free email providers or BBSes or social networking sites. Here’s a copy of the posting, just in case it gets removed:

searching for good and reliable Teams for desntination captcha entry project . we can pay good rate . PM for more details

when you will PM , please include in your PM

* how many entries you will do everyday
* how many peoples you have to work on this project

********************************************************************

Before bidding work for 15 mins then give us feedback

http://www.destination-server.com/bulletinpics/entry.cgi

entry ID : demo

When I tried the URL given I got this message:

TOO MANY AGENTS LOGGED IN AT ONCE:

PLEASE TAKE A 30 MINUTE REST.

After 30 minutes CLICK HERE to continue work.

Project Manager: Scott Shaw
bulletinpics at gmail dot com

The reason this error page continues to appear is
because agents NEED to take a 30 minute break.
Do not keep attempting to open page.
PLEASE WAIT 30 MINUTES or this
error will continue to appear.

When I tried it again, I got a CAPTCHA to solve. It turned out to be from MySpace:

MySpace CAPTCHA

Could it be that these people use software to log into MySpace accounts using passwords obtained via the scam and then use job seekers in Bangla Desh, India and other low-wage countries to defeat the CAPTCHA test thrown at them by MySpace, so they can get at the data in the account afterwards?

With bulk CAPTCHA tests they can also invite anyone on MySpace to become “friends” of the phished accounts, so they can potentially reach every active MySpace user.

Here’s another job offer (a Google search finds many more offers like this):

we need captcha entry team for destination capthca project . we need teams who can deliver minimum 15,000 captcha entries to 50,000 captcha entries daily

http://www.destination-server.com/bulletinpics/entry.cgi

entry ID : demo

please go to the link and work for 15 mins , then give us feedback how many entries you can handle daily.interested team can PM us . but u should check the given link before PM us

Rate is negotiable

happy bidding

The following offer that mentions “bulletinpics” even talks of millions of CAPTCHAs to be solved:

Status: Open
Budget: $30-250
Created: 06/15/2008 at 5:07 EDT
Bidding Ends: 08/14/2008 at 5:07 EDT (2 days, 2 h left)
Project Creator: bulletinpics
Buyer Rating:
(2 reviews)
Description: As many people know, the BulletinPics CAPTCHA project has been very succesful, solving over 250,000 captcha entries per day for several teams earning very good money. We are looking to expand to over one million captchas per day but in order to do this, we need to rotate new domain names to host our images.

We are now looking for people/companies who own unused .COM domain names. We need to point these domains to our main image server for two weeks per domain.

For example, if you own 10 unused domains, we would need you to change the DNS so the A record of each domain would point to our captcha server’s IP address. We are willing to pay $1USD (or best lowest bid) to use up to 1000 domains for 2 weeks each. Please let us know if you can provide this type of service.

More related domains (see also):

  • tellafriendrewards.com
  • stolenprofiles.com
  • profilemirrors.com
  • ownyourfriendarchive.com
  • tradepeopleprofiles.com
  • friendownership.com
  • mirrorsocialsites.com
  • bulletinpics.com
  • peepatpeeps.com
  • buddyspots.com
  • saveyour profile.com
  • seepeopleprofiles.com
  • socialprofilemirror.com
  • discussprofiles.com

UPDATE 2008-10-21:

The server at 216.22.50.130 (http://www.destination-server.com/bulletinpics/entry.cgi) now displays this message, suggests the scam has ended:

This website has been discontinued

All team leaders will be paid in full this week.

UPDATE (2008-11-06):

Spin nightclub happened to be where infamous spammer Sanford “Spamford” Wallace aka “DJ Masterweb” worked (see here). According to the WikiPedia article on Wallace he has been targeting MySpace users before:

On 2008-01-26 the UK Register reported that the Federal Trade Commission has asked the Judge overseeing the 2006 settlement to find Wallace and partner Walter Rines in civil contempt of court for their use of malware and social engineering on MySpace to promote porn and gambling sites.[8] In May 2008 Wallace and Rines were found guilty and ordered to pay $230 million to MySpace by the L.A. District Court when they failed to appear for trial.

What a remarkable coincidence!

Good bye Audi, welcome Prius!

Posted on by
4

Only about 6% of cars sold in Japan are foreign makes (mostly German), but Kanagawa prefecture and its capital Yokohama have one of the highest rates of import cars in Japan. Yokohama is one of the two major ports (the other is Kobe), it has a relatively long history of exposure to Western influences and on average is relatively wealthy. Even so, the street where I live in a middle class neighbourhood is unusual for actually having more foreign cars than Japanese ones.

Until very recently the count was as follows:

  • Mercedes Benz: 4
  • BMW: 3
  • Volvo: 2
  • Audi: 1
  • Porsche: 1
  • Toyota, Nissan and Honda: 4

Since then the numbers changed because I sold my Audi A4 and bought a Toyota Prius. Who knows what’s going to happen when the only German in a street in Japan where German cars outnumber Japanese cars trades in his German car for a Japanese one? 😉 It’s going to be interesting.

The first time my wife and I washed it in front of our garage, neighbours from two houses came over to take a look at it and to talk about it. One couple, who have a BMW X5 were very curious. They explained they only get about 6 km per litre (17 litres per 100 km) and were thinking about what to replace their car with. The other, who drives a Volvo came up as soon as she saw her neighbours across the street talk to us. Afterwards, the wife of the BMW driver said: “Minna eko ni shimashô!” (“Let’s all go green!”)

I expect we will see more hybrids in our street soon.

I’ve driven Audis (or Volkswagens based on Audi designs, such as the VW Passat) since I got my first car in 1982. Generally I have been very happy with them, especially an Audi coupe quattro 20V I had from 1989 to 1994. The latest Audi A4 2.4 however that I bought in 2000 was heavier and seemed not as well made as its predecessors.

The A4 was fun to drive when I bought it second hand with only 3000 km on the clock, but its V6 engine was never anywhere near as fuel efficient as my previous five cylinder engined Audis, nor was it quite as reliable.

After spending more than $2500 on repairs in the final year alone while consistently getting only about 320 km of range out of a 53 litre refill of premium unleaded (98 octane RON), I was starting to worry for the future of that car.

Even allowing for the fact that most of our trips are short runs to the station or to shops, usually less than 10 km total, with the engine starting from cold much of the time, that 16-17 l per 100 km (6 km/l) that I was getting was simply way too much. The best I’d seen was around 12 l per 100 km (8 km/l) on long highway runs on a ski trip.

Then one day last winter I took my daughter to an entrance exam at a junior high school. As I was waiting near the school, a Toyota Prius rode past me in “stealth mode”, running only on its batteries without any engine noise. It was almost as quiet as a bicycle. My curiosity about this car was awakened.

I had heard various rumours about the Prius, such as about limited battery life and started to check out the facts. I found the batteries did not need replacing every couple years and were expected to last as long as the rest of the car.

The more I read, the more I was fascinated how much thought the Toyota engineers had put into this car and how methodical they had been about making it work in real life. The Prius has been around in Japan since 1997, even though relatively few of that first generation were sold until 2000, when the second generation came out, which went into export markets too. Even before the Prius, Toyota had already been gathering experience with the RAV4 EV, a plug-in electric. The 1.5 litre engine in the Prius is a close cousin of the identical sized engine in the Yaris / Vitz / Platz ranges, but using the more efficient Atkinson cycle instead of the Otto cycle. Its peak efficiency is 34%, better than some diesels. By giving up on peak power and peak torque (which instead are provided via the battery and electric motors), the engine can be much more efficient.

Later in February my Audi needed more repairs and this time I had a Toyota Corolla as a loan car. It made me consider if maybe I would be better off in something lighter and more economical than the Audi and I was curious what a Prius would be like.

In March I went to California on a business trip. A friend there whose wife drives a Prius let me do a short test drive. Pulling away from a traffic light, where the engine had been automatically stopped, felt very unusual: The car starts up running only on its electric motors, without the noise of the engine, which comes alive only as you already start rolling.

Finally in late June my wife and I started shopping around for a buyer for the Audi and for a good deal on a Prius. The waiting list from custom order to delivery turned out to be about 5 weeks, far less than I had seen quoted by US-based posters on websites. I went for the “S Touring” model with a navigation system as an option, which my wife had been requesting for years. The touring comes with HID headlamps (I had never been happy with the conventional halogen lights on the A4) and a firmer suspension than the base model.

We also added a gadget called “etc” (electronic toll collection), which handles toll road charges for motorways here in Japan (most motorways here charge for usage). There are special lanes for etc-equipped cars at toll gates, which make it quicker to get through, as you just have to slow down to 20 km/h to pass through while your car contacts the wireless booth equipment. Before we always had to queue in a line to hand a prepaid card, cash or a credit card to a guy in a toll booth. There are discounts for paying by etc, I guess because the operating company can cut back on staff.

We returned the Audi on the day its bi-annual vehicle inspection became due. We then relied on bicycles and public transport for four days, until the Prius arrived on the last day of July.

Only after I placed the order did I google for crash test results, but the outcome was very comforting: Though the Prius was some 200 kg lighter than my 1999 model Audi, it did as well as the latest A4 model (2008) on crash test results. In fact it had the highest rating of any car tested for kids in child seats in the EuroNCAP tests. As far as interior space is concerned, I didn’t have to give up anything. If anything it’s more spacious than the Audi and it offers the practicality of a hatchback.

Last weekend we drove down to the coastal town of Enoshima on the Pacific, about 35 km from here, which on a Sunday takes 1 1/2 hours because of traffic jams. The Prius will simply shut down its engine whenever stopped, whether at a red light or in slow traffic. Even then the air conditioner (essential at 30+ centigrade in hot and humid Japanese summers) will keep you comfortable, as it’s electrical and draws current from the car’s powerful traction battery that also drives that car’s electric motors.

The NiMH battery will get recharged when the engine is running again or whenever you push the brake pedal to slow down the car, which switches one of the motors to work as a generator. This “regenerative braking” extends the life of the brake pads too.

Other auxiliary systems that on conventional cars are driven directly by the engine via a belt are electric on the Prius, such as the power steering and the brake servo. These always suck some power on conventional cars, whereas on a hybrid they only draw power when needed, making it more efficient.

On the way back we also drove at 80-90 km/h on multi lane highways, with the multi function display (MFD) showing better than 20 km per litre (better than 5 l per 100 km). We never had any trouble keeping up with traffic.

UPDATE (2008-08-10):
With about 250 km on the odometer, the displayed fuel consumption average is now around 16 km per litre (6.25 km per 100 km or 38 mpg US). Other than the weekend trip, it was mostly short trips to a shop or to drop off or pickup a family member at one of the train stations, which are about 3 km away. At our average of about 900 km per month this means the Prius is burning some 90 to 100 litres of fuel less per month than the Audi A4 it replaced, as well as running on a cheaper grade of fuel (regular instead of premium unleaded).

According to the website of the UK Department for Transport the Prius is not the car with the lowest CO2 output per km in Europe: It is undercut by two other cars. The Polo 1.4 TDI Bluemotion and the SEAT Ibiza 1.4 TDI Economotion both use the same 80 PS VW/Audi turbodiesel engine. At 99 g/km they output about 5g less CO2 than the Prius. However, these cars are classed as “superminis”, which offer considerably less space to passengers. Most people fail to realize how spacious the Prius really is compared to its competitors. Based on interior space the EPA in the US actually puts it into the “mid-size” category, along with the BMW 5-series and the Audi A6. Below the 5-series and A6 in size are the 3-series and A4 (rated as “compact” cars by the EPA). Below that is the A3 / Golf / New Beetle (“minicompact”). And one more size below that are the Polo and Ibiza.

UPDATE 2 (2008-10-16):

In two and a half months of ownership, our Prius has clocked up over 2500 km (1530 miles). My daughter accidentally reset the average fuel consumption display after 100 km, but in the 2400 km since then the car has averaged 18.9 km/l or 5.3 litres per 100 km or 44 miles per US gallon.

Keep in mind that most of our trips are to pick up or drop off a a family member at a station 3 km away, so most of our trips are no more than 6-7 km on a cold engine. Also, almost all our driving is urban, with plenty of traffic lights / stop and go traffic. If your average trip is longer or you drive more across country or if you live in an area that’s flatter than hilly Yokohama then you’d probably see even better fuel economy from this car.

Jim Lanton rides a Trojan horse

Posted on by
2

A recent malware spam takes a new approach to hijacking your computer.

From: Internal Revenue Service [mailto:jim.lanton@irs.com]
Sent: Thursday, July 03, 2008 10:25 AM
To: User@CompanyName.com
Subject: Re: Company report for CompanyName

To : Firstname Lastname

The report is attached.

You need to complete the fields about CompanyName income.

Jim Lanton
IRS Fraud Department

© 2008 Internal Revenue Service All Rights Reserved.

At attachment named “notice_248-849.doc” included an embedded object called “notce.pdf” which was identified as a Trojan downloader by several scanners, including:

  • AntiVir (7.8.0.64, 2008.07.03): TR/Crypt.XDR.Gen
  • F-Prot (4.4.4.56, 2008.07.03): W32/Heuristic-217!Eldorado
  • Microsoft (1.3704, 2008.07.03): TrojanDownloader:Win32/Small.gen!N

While there have been phishing spams before that masquerade as emails from the IRS in the USA or the UK Inland Revenue, this one strikes a raw nerve for the attention to detail.

The email was sent to a friend of mine and addressed him by his full name, not the short form that virtually everyone commonly uses around him, even in business. The name of the company and his email address were capitalized exactly as he normally does it. That is, the company name had capital letter at the beginning of both the first and second words that it’s composed from. The email address was not all lower case, instead both his initials were capitalized on the left hand side of the ‘@’ in the email address and the domain name was capitalized like the company name.

While it’s possible the malware took the name from an address book of an infected machine, I think it’s somewhat unlikely, as I don’t have a single copy of an email from my friend’s address in which he writes is name in the full version used here. Another possibility is that the malware author purchased a commercial address list of businesses. That would be very unusual, though not unheard of.

Specifically targetting companies and their executives could net the scammers high-yield targets, as they are likely to have sensitive information stored on their computers, which Trojan horse software would open up to these criminals.

P.S.: My apologies to Jim Lanton at the IRS. If he really exists, he has nothing to do with this scam. I am just mentioning him in the headline because people might search Google for the name and I want them to find out that what they received was a malware spam.

Mugabe wins battle, loses war in sham election

Posted on by
Reply

When Zimbabwean leader Robert Mugabe unleashed a wave of terror on his fellow Zimbabweans after his ZANU-PF party was soundly defeated in the March 29 elections and he himself gained fewer votes than opposition leader Morgan Tsvangirai, he was calculating that he could still steal another election and add another five years to his 28 years in power.

Mr Tsvangirai’s recent withdrawal from the run-off election to save the lives of his supporters, followed by his advice to MDC supporters to even vote for Mugabe if necessary to avoid paying with their lives for an honest vote, all but ensures that Mugabe will be soon be proclaimed the winner by his own officials. However, it will be a Pyrrhic victory, because the means by which it will have been achieved will have been so extreme that Mugabe has destroyed all chances of being able to claim legitimacy for his government.

For a start, according to the Zimbabwean election law, since officially neither of the candidates gained 50% or more of the votes, a run-off had to be held within 21 days . That did not happen. It took an astounding 5 weeks for the results to even be announced, raising suspicions of last minute ballot-stuffing to push Tsvangirai’s result under the 50% margin. When the government then announced the run-off for June 27, almost another two months later, it clearly violated that law, under which, if no run-off takes place within three weeks, the highest placed candidate from the first election automatically is the winner (see two papers on the website of the South Africa Litigation Centre for details).

Legally, Morgan Tsvangirai, who according to the official count got 47.8% of the vote compared to Mugabe’s 43.2%, became the elected president of Zimbabwe in April, when the 21 days expired without a re-run.

Mugabe used the three months between the two elections for a war on anyone opposed to his rule. Whole villages and neighbourhoods were forcibly marched to public assemblies where known or suspected MDC-supporters were viciously tortured and mutilated in front of the stunned crowds. Some 200,000 Zimbabweans are reported to having fled their homes to escape torture or death.

One of the most recent victims of the terror campaign was the wife of the newly elected mayor of the capital of Harare, who was kidnapped by ZANU-PF supporters along with her four year old son. Her battered dead body was found later, so badly disfigured that her family found it hard to identify her.

The world has finally taken notice of what’s going on. Presidents and well known voices from Africa, ranging from Kenyan Prime Minister, Raila Odinga to ANC leader Jacob Zuma have condemned Mugabe’s campaign of terror in no uncertain terms. An open letter signed by dozens of former heads of states in Africa, including several former close allies of Mugabe, called for an end to the violence.

Mugabe will survive this sham election only as a pariah, unwelcome anywhere in Africa or most of the rest of the world (North Korea might still support him, given that he relied on North Korean instructors for his infamous Fifth Brigade during atrocities in the 1980s). It looks like African leaders have been shocked into breaking any remaining political ties.

One notable exception is still South African president Thabo Mbeki, who finds himself increasingly isolated in his own party for it.

Zimbabwe is at a breaking point. Literally anything could happen now. It is not clear how a government of national unity can come about. Will it take a military intervention by fellow AU or SADC members to convince the hardliners around Mugabe, the JOC, that there is no way for them to hang on to power? There are moderate elements in ZANU-PF who would negotiate a change of power, but they don’t control the army and the thugs. Will it come to a Rwanda-style genocide before regime change?

The person, next to Mugabe himself, who carries the biggest responsibility for the further hellish chaos that Zimbabwe could descend into is Thabo Mbeki. If he recognizes Morgan Tsvangirai’s right to form a new unity government to organise a transfer of power in Zimbabwe, based on the outcome of the legitimate election results in March, there is no way Mugabe could hang on much longer.

Since the 1950 the ANC had struggled against racist violence for the principle of One Man, One Vote. This elementary right has now been stolen from Zimbabweans by Mugabe, who says “only God” could remove him from power. It reminds me of Rhodesian prime minister Ian Smith, who stubbornly said that “not in a thousand years” did he believe in majority rule in Zimbabwe. Mugabe has become what he hated most, and worse.

In the 1970s, when the illegitimate minority government of then Rhodesia was fighting a war to maintain its racist system, it relied primarily on South African support. The sudden withdrawal of South African police troops from “Rhodesia” and later a cutback in fuel supplies was the beginning of the end for the white regime. Mugabe can not go it alone any more than Smith could before him. If anything, Zimbabwe is in a much weaker situation economically than Rhodesia was then.

I am hoping that the second liberation of Zimbabwe will become a watershed event for democracy and human rights in Africa, a continent that has suffered so much already.

The “run your car on water” scam

Posted on by
138

Every crisis can also be viewed an opportunity, or so it seems. As many motorists are having trouble making ends meet with rising fuel (and food) prices, various websites are popping up (usually with affiliate schemes) that make tempting promises such as:

  • “…use water as fuel and laugh at rising gas costs…”
  • “double your mileage”
  • “…cooler running engine…”
  • “no knocking”
  • “one quart of water provides over 1800 gallons of HHO gas which can literally last for months”

You will find numerous websites if you google for “water fuel car” or similar terms. Mostly the websites that make these claims sell e-books and other kits with instructions on building your own hydrogen generator from glass jars, electrodes and tubes to hook up to your existing engine.

Such kits draw power from your car’s electrical system (the battery and the generator charging it) to split water into hydrogen and oxygen gas, which is then fed into the air intake of the engine, so the hydrogen-oxygen mixture will be burnt along the air/gasoline mixture in the car’s combustion chambers. How well can such a system really work?

If a a “water-engine” as described above were to produce extra power beyond the power obtained from burning gasoline it would violate fundamental laws of physics. The First Law of Thermodynamics states that no energy is ever lost or gained, it just changes form, such as chemical energy to heat when you burn wood or heat to mechanical energy in a steam engine. An engine that uses only liquid water to produce water vapour (i.e. water plus heat) in its exhaust while providing mechanical energy violates this law of energy balance. It outputs energy with no energy going it. It would be a perpetual motion engine, which is physically impossible.

The sad fact is, people who buy these systems usually have a very rudimentary understanding of science. They take these unverified claims at face value, or are at least prepared to give them the benefit of doubt and spend money on testing unverified claims.

The “water-fuelled car” in detail

To split water (H2O) into its constituent elements hydrogen and oxygen takes electric energy. While the engine is running that energy will come from a generator driven by the engine via a belt. Just like running with your headlights on or your radio blaring will cause your engine to work a bit harder and burn more fuel, so will an electrolytic “hydrogen generator” take its toll on your gas tank.

Assuming an efficient setup, about 50-70% of the electrical energy provided will end up as chemical energy in the explosive hydrogen-oxygen mixture fed back into the engine, the rest will just warm up the water. A gasoline engine manages to convert up to 20% of the chemical energy contained in its fuel into mechanical energy, which is then available for driving the wheels or a generator. That generator converts maybe 90% of its mechanical input into electrical power. Altogether this means that burning the hydrogen returns only around 1/10 of the power originally invested into generating the hydrogen from water. It’s like you just burnt 10 litres (or gallons) of fuel in order to avoid burning one litre (or gallon).

What this of course means is that a “water-powered car” actually burns more gasoline and gets worse mileage than an unmodified car. However, the output of the “hydrogen generator” is so small and its practical negative effect on fuel mileage is so minor, you are unlikely to actually notice that, even if you accurately measure fuel economy. For example, a setup that draws 3 amperes of current from your generator (as claimed in one of the websites we’ve studied) will only use 1/20 of one horsepower (3 A x 12 V = 36 W = 0.036 kW = 0.050 hp). The difference in fuel usage is smaller than the difference between say driving with a full or a half empty fuel tank, which also changes fuel economy as a heavier car takes more power to accelerate.

The advertised fact that the “water-powered car” uses so little water (“one quart lasts for months”) is actually a give-away that the system is a hoax. If you produced hydrogen at home from tap water and a solar panel on your roof and stored it in a pressurized tank in your car to run it on only hydrogen, you would find that the amount of water used to make the hydrogen is still in the same order of magnitude as the amount of gasoline used, maybe something like a third by volume (I’d have to look up the exact numbers on relative energy content of hydrogen and hydrocarbons). In a water car that uses virtually no water (no matter where the electricty to make the hydrogen came from) the hydrogen can not be making any significant contribution to running it because there’s too little of it!

Less pinking / knocking?

I don’t know how many of the people who sell these useless plans are simply ignorant about science and how many are fully aware they’re scamming people. In any case, their other claims are equally baseless as their claims about improved fuel economy. Hydrogen has a higher energy content but also much lower octane rating than gasoline because it burns faster, more violently. This means your engine is more likely to start knocking or “pinking” than when run on gasoline (or gasoline / ethanol mixtures), not less. This is a problem that BMW had a hard time dealing with when they converted the engine of a 7-series saloon car to run on hydrogen. In practice this problem doesn’t matter in a “water car” because those “hydrogen generators” output so little hydrogen that it makes almost no difference to the engine, unlike real hydrogen cars with hydride or high pressure hydrogen tanks.

Cooler running engine?

Also, a hydrogen / oxygen mixture does not burn “cooler” than a gasoline / air mixture. Ask the space shuttle designers: The only reason the space shuttle’s hydrogen-oxygen engine doesn’t melt itself is because it’s cooled with liquid hydrogen (at -253 C / -423 F). Hydrogen / oxygen flames burn so hot they can be used for cutting steel like butter. First, hydrogen release more energy per unit of weight than does gasoline. Secondly, while the oxygen used for burning gasoline in a car engine is diluted with nitrogen (which makes up 80% of the air we breathe), the ogygen / hydrogen mix from the generator has not been diluted with anything inert, which is another reason why it burns so hot.

The vater vapour in the “water car” exhaust has no cooling effect whatsoever, because it’s not derived from liquid water, hence there’s no cooling effect from evaporation heat. Again, in the “water car” setup it makes no difference because there’s too little hydrogen involved.

Summary

In reality a “water as fuel” car is a placebo. Technically it doesn’t make any noticable difference to the amount of gasoline you use per kilometre or mile, but it may change the way you think about driving. If you do see any drop in fuel usage, it may be simply that you’re thinking more about fuel usage because of the investment you’ve just made and now drive less aggressively than before and that can indeed result in a modest reduction. Beyond that, any claimed changes are either due to wishful thinking, a vivid imagination or a cruel hoax to deceive unsuspecting customers.

The only way you’ll really see a 50% drop in your monthly fuel bill is if you basically cut your driving in half or if you change to a significantly different kind of car, such as from a bulky V6 to an economical Toyota Prius.

The number one factor that affects fuel economy around town is weight: A lighter car uses less fuel. Don’t get a more powerful engine than you really need. A more efficient setup, such as a hybrid or a new clean diesel can make a big difference too. Use public transport, ride a bicycle or walk wherever you can. It’s good for your health too 🙂

UPDATE: Here is a good page that explains in more detail why the claims for “HHO” don’t add up (use Ctrl+A to mark the text as it’s difficult to read as dark text on dark background).

Media fall for “car that runs on water”

Posted on by
2

Nikkei and Reuters report about an announcement by Japanese company Genepax of a car that supposedly runs on only water. One litre will keep the car running at 80 km/h for about an hour, reports Reuters.

Genepax CEO Kiyoshi Hirasawa is quoted by Reuters as stating that the car requires no external inputs but water. As long as water is available, it will keep running.

Reuters states things a bit differently:

Though the company did not reveal the details, it “succeeded in adopting a well-known process to produce hydrogen from water to the MEA,” said Hirasawa Kiyoshi, the company’s president. This process is allegedly similar to the mechanism that produces hydrogen by a reaction of metal hydride and water.

The uncritical reports by these two sources barely scratch the surface of this story. Hydrogen is not an energy source, it’s an energy carrier as there are no natural sources of it on earth. It always has to be produced through physical or chemical processes that require external energy input of some source, either fossil natural gas or coal or biomass or electricity generated from some source.

The Genepax website does not shed much light on how the hydrogen is produced for their fuel cell. The description of their technology on the company website consists of all of two sentences and one diagram of a fuel cell.

If you produce hydrogen in a chemical reaction of metal hydride and water, you use up not only water, but also metal hydride. Typically, metal hydrides take a lot of energy to produce. Substances such as alkali metal hydrids or aluminium that easily release hydrogen when reacting with water consume huge amounts of electricity in their manufacture — hardly a case of “no external input”.

The car uses a 300W fuel cell, presumably only to supplement a conventional battery, as 0.3 kw is far too little drive a car. That fuel cell sells for about 2 million yen ($19,000), almost enough to buy a Toyota Prius (the base model of which costs 2.3 million yen here in Japan).

Even if the “hydrogen generator” could produce hydrogen indefinitely with no external input (otherwise known as a perpetuum mobile), 300W is not enough power to keep even a small car running at 80 kp/h. It would take at least tens of kW, or the output of maybe 50 of these fuell cells. The concludion is that the demo car ran on a set of batteries previously charged from the mains grid, with no assistance from the Genepax fuel cell that was either significant or sustainable.

While we are not sure about all he facts behind the announcement by Genepax (such as whether they happen to be selling stocks to science-challenged would-be investors right now), we’d suggest taking any of their announcements with considerably more than a pinch of salt.

The domain genepax.co.jp was registered only on May 8, 2008, a mere five weeks ago. That seems awfully recent for a company that claims to have spent years developing this technology.

Whichever way you look at it, the story quickly falls apart, but the journalists hardly seem to notice. With rising fuel prices people will be interested in such “news” and that seems to be all that matters.