Comments on: Infamous Hacker Heading Chinese Antivirus Firm?

By: thiago

thiago — Mon, 03 Dec 2012 15:43:38 +0000

Queried rwhois.theplanet.com with “184.173.181.194″…

%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-SOFTLAYER.184.173.128.0/18
network:Auth-Area:184.173.128.0/18
network:Network-Name:SOFTLAYER-184.173.128.0
network:IP-Network:184.173.181.192/29
network:IP-Network-Block:184.173.181.192-184.173.181.199
network:Organization;I:nxee.com
network:Street-Address:Tianyi street , Idealism Center
network:City:Chengdu
network:Postal-Code:610000
network:Country-Code:CN
network:Tech-Contact;I:sysadmins@softlayer.com
network:Abuse-Contact;I:abuse@softlayer.com
network:Admin-Contact;I:IPADM258-ARIN
network:Created:2011-10-10 04:34:17
network:Updated:2012-12-02 03:03:13
network:Updated-By:ipadmin@softlayer.com

By: thiago

thiago — Mon, 03 Dec 2012 15:38:14 +0000

Last Updated on: 05-Jul-12

Registrant:
Anvisoft Technology
Number 36, Tianyi Street, High-tech Zone,
Chengdu, Sichuan 610000
China

Administrative Contact:

Technology, Anvisoft anvisoftceo@gmail.com

Number 36, Tianyi Street, High-tech Zone,

Chengdu, Sichuan 610000

China

+0.8613438331441

Technical Contact:
Technology, Anvisoft anvisoftceo@gmail.com
Number 36, Tianyi Street, High-tech Zone,
Chengdu, Sichuan 610000

China

By: thiago

thiago — Mon, 03 Dec 2012 15:35:46 +0000

O email do Ceo da empresa anvisoftceo@gmail.com

Pergunta para recuperar senha é em chines

您的车牌号是多少？

By: Giggitygoebbels

Giggitygoebbels — Sat, 01 Dec 2012 02:44:49 +0000

Is this company gonna be taken down?

By: JoachimS

JoachimS — Fri, 30 Nov 2012 12:15:03 +0000

It might be worth taking a closer look at the street addresses given by Anvisoft as well as the address in CA. Googling on “5334 Yonge Street, Suite 141, Toronto” produces 197000 hits. Just browsing the first entries suggests that it is a maildrop for many strange businesses.

The address in Fremont as given by the WHOIS-record does not seem to exist.

By: JCitizen

JCitizen — Sat, 24 Nov 2012 20:50:10 +0000

Good reminder Nick! And I agree. I see check-sums displayed with many of the sites that have solutions for download, and you are right, they don’t use SSL. This is the reason I usually simply order the disc/USB stick for such applications/utilities as factory burned, and usually only pay a nominal sum for shipping and handling. Many especially in the FOSS community use the little money they make over head, to fund the improvements in open source, or other software.

So I feel we both benefit a little by going this route. My problem with check-sums, is they rarely check out as safe. I’ve tried several utilities for calculation them, and I always get the same results(bad). So I haven’t used such downloads in years now.

By: Nick P

Nick P — Sat, 24 Nov 2012 17:04:30 +0000

“When I say you’re pwned, I mean the key to your TrueCrypt container file is stored twice in the header, once encrypted with the key derived from your passphrase, and once with a key hardcoded into the TrueCrypt application. No great risk to the TrueCrypt developers, as the code is well obfuscated in the binary, and the back door is used rarely and by only one intelligence agency.”

“…once with a key hardcoded into the truecrypt application…”

Do you have any evidence of this? The TrueCrypt documentation indicates they combine your password, a large salt, & an optional keyfile cryptographically via PBKDF2 to generate key material. The generated key material is used for header encryption/decryption. No hardcoded keys are mentioned.

http://www.truecrypt.org/docs/?s=volume-format-specification

So I call FUD till you present solid evidence of a subversion, such as specific part of source.

By: ab

ab — Sat, 24 Nov 2012 11:16:20 +0000

When I say you’re pwned, I mean the key to your TrueCrypt container file is stored twice in the header, once encrypted with the key derived from your passphrase, and once with a key hardcoded into the TrueCrypt application. No great risk to the TrueCrypt developers, as the code is well obfuscated in the binary, and the back door is used rarely and by only one intelligence agency.

By: Neil Schwartzman

Neil Schwartzman — Fri, 23 Nov 2012 15:42:24 +0000

interesting but viewdns.info doesn’t appear to do the same thing as domaintools, more like dnsstuff.com OTOH they do seem to be selling zone files :

http://viewdns.info/data/

which appear to be terribly out-of-date. for example:

1,290,856 .ca domains

.ca actually now has over 2MM registrations.

http://cira.ca/news/news-releases/canada-reaches-two-million-ca-internet-addresses/

By: Zune

Zune — Fri, 23 Nov 2012 15:31:37 +0000

I recommend (as an alternative to domaintools.com) viewdns.info, which (aside from being free) has whois, reverse ip, dnssec, port scanner, traceroute, and iranian and chinese firewall testing, just to name a few. Frankly in my opinion it’s better than domaintools.