Month: May 2010

Insanely, the world’s second most popular browser

Microsoft actually has someone in charge of moving millions of Internet Explorer 6 users to a version of the browser that is safer. Ryan Gavin, the head of Microsoft’s Internet Explorer business group told PCPro “Part of my job is to get IE6 share down to zero as soon as possible.”

See PCPro story: “Microsoft man: ‘My job is to destroy IE6’”

NetMarketShare lists the top browsers in use as:

Data here: http://www.netmarketshare.com/browser-market-share.aspx?qprid=2

We blogged about the horrible insecurity of Internet Explorer 6 in February: “Are you reading this with Internet Explorer 6”

According to a piece on the Mozilla Blog Jan. 22, a huge number of IE6 installations continue to be used in China where even government and bank web sites are not viewable with anything else and web developers charge extra to design pages that can be seen with more recent IE versions.

See Mozilla blog: “China’s Strange Fixation on IE6”

Tom Kelchner

Yesterday I gave a talk at one of the regular ISSA Ireland meetings (ISSA being a non-profit Org that does all sorts of awesome security related things) on the subject of social networking in the workplace, and some of the tactics unpleasant people on those sites use to get at both individuals and companies.

I spent quite a bit of time talking about how companies can use both security tools and marketing sites to find out if their company has an unofficial presence on the web created by a well meaning employee, or (worse) a dodgy site set up by what I like to call an “Internet crazy person” with the intention of either harming their reputation or luring victims into web scams that come back to bite the innocent parties.

There were also a few examples given of individuals who became victims of the kind of data gathering “regular” employees using 2.0 services can fall prey to, along with a couple of tips to avoid some of the nastier tactics out there. I also touched upon the issue of companies dumping whole chunks of data onto business-centric 2.0 services, then abandoning those accounts a few months later when everyone gets bored of them. While I’d like to think someone goes in afterwards and cleans up / deletes the information posted to long abandoned Yammer accounts, the reality is there’s probably a lot of info out there waiting to be hoovered up by an opportunistic phisher.

Of course, I couldn’t write about a trip to Dublin and not post up a photograph of Ireland’s oldest pub (serving punters since 1198!) so here it is:

…and here’s a slightly out of focus shot of a pint of Guinness.

There’s authentic, and then there’s authentic.

Thanks to Brian and everyone else at ISSA for their hospitality, along with everyone who attended – hopefully it gave you a few things to ponder on your way back to the office!

Christopher Boyd

Mr. Wizard sez: “Alright!! Sunbelt AV detection!!”

Sunbelt anti-virus protection has been incorporated into the free Spiceworks network management software version 4.7.51538.

Spiceworks is advertising-supported software that provides an IT Desktop that will inventory, monitor and manage software and hardware. It also includes an integrated help desk system.

Spiceworks says its application is in use by 950,000 IT pros in small-to-medium businesses.

Tom Kelchner

H-online is quoting an Adobe spokesman as saying the company is considering moving from a 90-day patch schedule for Adobe Reader to a 30-day schedule that would coincide with Microsoft’s monthly “Patch Tuesday” routine.

Brad Arkin, Adobe’s Director of Product Security and Privacy, said Flash and Shockwave could be brought into the monthly schedule in addition to Reader. The company has been issuing updates as needed for Flash and Shockwave.

H-online said: “Arkin has told The H’s associates at heise Security that a monthly cycle is one of the alternatives currently under discussion. He adds that, in emergencies, Adobe is also now in a position to develop patches within 15 days and to release them outside of the regular patch cycle. This compares with the 80 days Arkin’s team needed to develop a patch for the JBIG2 vulnerability in spring 2009.”

Story here: “Adobe considers shorter update cycles”

Tom Kelchner

Malware Alarm, Antivirus 2008 and VirusRemover 2008

The U.S. Department of Justice announced today that it has brought indictments in the Northern District of Illinois against three men in connection with a rogue security software scam that bilked victims in more than 60 countries out of more than $100 million.

According to the DOJ news release:

“Two defendants, Bjorn Daniel Sundin and Shaileshkumar P. Jain, with others owned and operated Innovative Marketing Inc. (IM), a company registered in Belize that purported to sell anti-virus and computer performance/repair software through the internet and that operated a subsidiary called Innovative Marketing Ukraine, located in Kiev. The company appeared to close down last year after the U.S. Federal Trade Commission filed a federal lawsuit in Maryland seeking to end the allegedly fraudulent practices.

“Jain, 40, who was IM’s chief executive officer, is a U.S. citizen and is believed to be living in Ukraine. Sundin, 31, who was IM’s chief technology officer and chief operating officer, is a Swedish citizen and is believed to be in Sweden.

“The third defendant, James Reno, 26, of Amelia, Ohio, with others owned and operated the former Byte Hosting Internet Services, which operated call centers that provided technical and billing support to victim consumers on behalf of IM. Reno is expected to present himself for arraignment at a later date in U.S. District Court in Chicago.

“Sundin and Jain were each charged with 24 counts of wire fraud, and Reno with 12 counts of wire fraud, and all three were charged with one count each of conspiracy to commit computer fraud and computer fraud in a 26-count indictment returned yesterday by a federal grand jury in Chicago. The indictment also seeks forfeiture of approximately $100 million and any and all funds held in a bank account in Kiev.”

News release here: “Ohio Man and Two Foreign Residents Indicted in Alleged Ukraine-Based ‘Scareware’ Fraud Scheme”

Nice!

Tom Kelchner

Started from buyfakepassports.com re-directing to fakepassportsale.cc.

Hmmm. Country domain “cc” = Cocos Islands.

buyfakepassports.com whois registration date:

Created: 2010-04-26
Expires: 2011-04-26

The sites are together in the same IPs with the FakeVimes rogues and other exploits and malware.

“For entertainment only…” Right.

Thanks Patrick Jordan

Tom Kelchner

VentureBeat is quoting market research firm DFC Intelligence as predicting that video gaming will be a $70 billion industry by 2015. That includes console, portable, PC and online games.

Games have vast appeal. A Harvard economist, Lawrence Katz, even theorized this week that video games are so captivating they could have something to do with the continuing drop in crime rates in the U.S. He said the theory hasn’t been tested, but it has been shown that the rate of violent crime drops on weekends when a violent movie opens. So it would make sense that video games keep young men (the demographic most involved in violent crime) busy and off the streets. Story here: “Video Games May Reduce Crime Rate.”

Perhaps the violent gamers aren’t out on a street corner getting in arguments and shooting their friends to death, but the boom in games is resulting in the growth of a different kind of crime – theft of game credentials.

Why? Probably because “that’s where the money is” to use the famous but phony quote attributed to U.S. bank robber Willie Sutton. (Footnote 1.)

Our good friends at Symantec AV company just blogged about finding a server hosting the stolen credentials of 44 MILLION gaming accounts. AND, the information was continuously updated by the botnet of Trojanized machines that stole it. The operators of the botnet could easily turn the malicious fruits of their labor into cash by selling current logins on any of a number of Web sites setup for that trade, Symantec researcher Eoin Ward said. (Blog piece here: “44 Million Stolen Gaming Credentials Uncovered”)

Also, Enterprises based on converting gaming “value” to real money have become a significant industry in third-world countries with estimates as high as 400,000 people working for gold-farming businesses. (See the Sunbelt blog post: “Gaming Trojans: because that’s where the money is.”)

For a while there has been a tendency to ignore the Internet crime associated with games because, well, they’re just games. That is less and less true as time goes on. Symantec said that logins for World of Warcraft game characters with highly advanced capabilities could sell for up to $28,000.

Also, game characters with highly advanced capabilities can accumulate a lot more virtual goods – which can be sold as well.

There is a real loss when thieves steal the value that a gamer has built up over months or even years of playing. Also, like crime everywhere, the money made from victimizing gamers is available to launch other and more far-reaching criminal enterprises.

Tom Kelchner

(Footnote 1: In his second book, Sutton wrote: “I will now confess, by the fact that I never said it. The credit belongs to some enterprising reporter who apparently felt a need to fill out his copy.”)

Are browser web histories the vulnerability of the week?

The Register is reporting that police in Japan have arrested a Tokyo man and a juvenile on fraud charges in connection with an extortion operation in which they bilked victims out of “tens of thousands” of yen. (That would be hundreds of U.S. dollars (10,000 JPY = $110).

Authorities said the pair put a malcode-infected copy of a Hentai-based game on the Winny file sharing network. The game installer (which also installed a Trojan horse) presented a form on which users were required to enter personal information. The personal data, IP address of the victims’ computers and their browsing history were then made public on a web site. The extortionists then send email messages to victims offering to remove their data from the publically available web site for a price.

Story here: “Japanese police cuff Hentai smut scam suspects”

This, of course, is an example of the danger that lurks in file-sharing networks. It’s also interesting that this is the second story in a week that highlights the vulnerability of Web users’ browser histories.

See our May 21 blog post for directions on how to turn off browser history. “On the Web, your browser history is an open book”

Tom Kelchner

Facebook Founder and CEO Mark Zuckerberg today posted a lengthy communication on Facebook’s blog entitled “Making Control Simple” and the company issued a news release about it ( here.)

He was announcing new changes that are supposed to give users more control over who can see their personal information and activities on Facebook. The changes will be rolled out in the near future, he said.

The social media site, with over 400 million users worldwide, has been criticized for a cavalier attitude about users’ privacy, expanding the list of user information that was public, changing exposures and privacy settings that were nearly impossible to understand.

The two key paragraphs in Zuckerberg’s post appear to be:

“First, we’ve built one simple control to set who can see the content you post. In a couple of clicks, you can set the content you’ve posted to be open to everyone, friends of your friends or just your friends.

“This control will also apply to settings in new products we launch going forward. So if you decide to share your content with friends only, then we will set future settings to friends only as well. This means you won’t have to worry about new settings in the future.”

In a later paragraph Zuckerberg seemed to be trying to close the privacy debate:

“Finally and perhaps most importantly, I am pleased to say that with these changes the overhaul of Facebook’s privacy model is complete.”

Facebook also posted a page “Controlling How You Share” which appears to be the future go-to page for an explanation of Facebook privacy settings.

For those who would like a second opinion of their Facebook settings, this article in the Tech Herald might be interesting: “New tool will check privacy settings on Facebook.”

It’s about the reclaimprivacy.org site which will check your settings and make recommendations. It’s a lot easier to understand than Facebook by a long shot. I thought I had my Facebook privacy settings screwed down pretty well, but it spotted two exposures I hadn’t thought of.

Tom Kelchner

Update:

Zack Whittaker who writes the iGeneration blog for ZDNet, doesn’t think much of the Facebook changes. In his piece “Facebook privacy settings ‘better’; doesn’t undo the damage already done” he wrote:

“If I didn’t face social ostracisation or exclusion, I would have shut down my Facebook profile weeks, if not months ago. These new privacy settings mean jack squat and are only being rolled out to satisfy the press-hungry needs of the wider reading public.”

In testimony before a U.S. congressional subcommittee, a spokesman for the Dept. of Veterans Affairs said more than 122 medical devices at VA health facilities were compromised by malware in 14 months.

Roger Baker, VA assistant secretary for information and technology, presented the information during a hearing before the House Committee on Veterans’ Affairs Subcommittee on Oversight and Investigations.

The VA, which is the U.S. government’s largest provider of medical care, has more than 50,000 medical devices connected to networks.

Last year the department began an effort to isolate all medical devices, placing them on virtual local area networks at its Veterans Health Administration facilities. Baker said they expect the work to be complete by the end of this year.

Story here: “VA Security Compromised by Medical Devices“

The pervasiveness and danger of malicious code is truly apparent when you read stories like this of infected medical equipment or entire hospital shutdowns. One would think such a danger would be enough to prompt even the most reluctant government on the planet to take down the ISPs that provide the bullet proof servers and to go after the malicious operators who create the code and distribute it.

Tom Kelchner

This story appeared on the BBC site under the title “First human ‘infected with computer virus,’” which is a bit silly and almost made me skip reading it. The proof of concept is actually quite serious.

A researcher from the University of Reading in the UK, Dr. Mark Gasson, wrote malcode onto a radio frequency identification (RFID) chip which he inserted in his hand. The chip could activate security doors and apparently served as an authentication source for his cell phone.

He demonstrated that the infected chip could pass the malcode to the external control systems that read it. Gasson works at the University of Reading’s School of Systems Engineering.

He will present the results of the research in June at the International Symposium for Technology and Society in Australia.

The story skews off into discussions of all the things the chips are used for, but doesn’t really discuss the implications of malcode spreading from chips implanted in humans. I can think of a few:

— If read-write implanted chips in humans become widespread, there could be the possibility of malicious operators infecting the chips of passers-by in public places. Certainly implanted chips would need to be securely read only.

— Hacking or denial of service attacks could be launched with malicious code in the chips against security systems that use RFID readers.

— RFID devices will need anti-malware software and will need to be connected to networks securely (outside a firewall?)

— Portable RFID readers will need similar AV protection and will need updates. That will be a record-keeping headache for IT staffs.

— The networks of retail stores could be attacked when malicious operators install back doors by placing infected chips where portable RFID readers used for inventory control would encounter them. Someone with an infected implanted chip could walk near one of the devices and do the same thing.

— The possibility of malicious code on implanted chips containing peoples’ medical information will present a new layer of compliance issues.

Tom Kelchner

Update 05/28:

Dr. Gasson’s stunt and video have attracted massive amounts of attention. I’ve seen 20 stories on the web with doofy headlines that are some variant of: “Scientist infects his own self with COMPUTER VIRUS.” They range from the BBC to local newspaper web sites in the U.S.

It’s such a really dumb headline – admittedly the product of true PR genius – but just really dumb. I counted five news outlets that sensibly reported the story and its implications, including the Register. They really did the best job of not only reporting the event, but the PR silliness behind it. The following is by John Leyden:

Captain Cyborg sidekick implants virus-infected chip

First Mate Malware and the infected pacemakers of doom

“A second transhumanist RFID-chipping nut has emerged from the academic community at the University of Reading.

“Professor Kevin Warwick became famous years ago after claiming he was on the way towards becoming a cyborg after he implanted a simple RFID chip in his arm, which allowed sensors to register his presence and perform simple actions such as opening a door. The same thing could be done by putting the same chip on an Oyster-card style device, of course, but that’s nowhere near as tasty a morsel for mainstream media consumption. The prof has enjoyed a lucrative media and book career on the back of this exercise.

“Now Dr Mark Gasson, a senior research fellow at Reading University’s Cybernetic Intelligence Research Group, has managed to extract further publicity from a variant of much the same pointless experiment, featuring technology more commonly used to chip domestic pets and unspecified computer malware. Gasson surgically implanted an RFID chip infected by malware into his hand. He claimed this made him the first human to become ‘infected with a computer virus.’”

Even the Register’s URL to the story carries a little editorial: http://www.theregister.co.uk/2010/05/26/captain_cyborg_cyberfud/

John Leyden, you are a true professional!!

AND, if you’re ready for the next dose of cyber-media insanity, check out the satirical Twitter feed BPTerry in which someone whose identity hasn’t been outed yet purports to be a lazy, sexist and stupid PR staffer for BP and issues tweets about the oil company’s struggle with the Deep Water Horizon disaster. (Example: “just went skinny diping in the gulf. i call it dipsticking. lol”)

See Mashable account here.

ComputerWorld is quoting a spokesman for Facebook, Andrew Noyes, as saying that the social-networking giant will offer new privacy tools tomorrow so users can control who sees their information and whether Facebook can share that data with other Web sites.

Story here: “Facebook to simplify privacy settings Wednesday”

On Monday the Washington Post carried a piece by Facebook founder and CEO Mark Zuckerberg announcing that changes would be made. He wrote:

“We have heard the feedback. There needs to be a simpler way to control your information. In the coming weeks, we will add privacy controls that are much simpler to use. We will also give you an easy way to turn off all third-party services. We are working hard to make these changes available as soon as possible.”

He also wrote:

“Here are the principles under which Facebook operates:

— You have control over how your information is shared.

— We do not share your personal information with people or services you don’t want.

— We do not give advertisers access to your personal information.

— We do not and never will sell any of your information to anyone.

— We will always keep Facebook a free service for everyone.”

Zuckerberg WP piece here.

Tom Kelchner

Tabnabbing?

Aza Raskin (http://en.wikipedia.org/wiki/Aza_Raskin) a creative lead for Firefox, has a published proof-of-concept for a browser-based attack in which open pages in a browser are switched to carry out phishing attacks. His example shows a Gmail login look-alike page which is inserted into a browser.

As he writes: “This can all be done with just a little bit of JavaScript that takes place instantly.”

When a victim goes back to that page, he assumes he’s been logged out and types in his log-in information which is forwarded to the phishing operator’s site.

There are a lot of ugly possibilities, Raskin writes: “Using my CSS history miner you can detect which site a visitor uses and then attack that. For example, you can detect if a visitor is a Facebook user, Citibank user, Twitter user, etc., and then switch the page to the appropriate login screen and favicon on demand.”

Raskin blog here: “A New Type of Phishing Attack”

Well-known security blogger Brian Krebs also wrote about Raskin’s find very nicely here.

Tom Kelchner

ComputerWorld is carrying a long, detailed and very good feature story by Logan Kugler “The smart paranoid’s guide to using Google”

Every search term or anything you have put in Google’s search engine or any of its other services remains there for as much as a year and a half. It’s linked to your Gmail account if you’ve been logged in or your IP address if you haven’t. The data remains there, available to hackers who might find a vulnerability on one of Google’s servers, governments or attorneys with subpoenas.

“The good news,” Kugler writes, “is that Google anonymizes its server logs by removing the last three digits from the IP addresses associated with searches after nine months and by deleting the associated cookies after 18 months, which makes it very difficult to link you to searches that are more than 18 months old.”

Some practices to minimize your exposure:

— In order to stop the accumulation of data on your searches, log out of your Google account before you do a search.

— Turn off Google’s Web History: Settings | Google Account settings | Edit” (next to “My Products”) | “Remove Web History permanently.” If the option isn’t visible, that means you never activated Web History.

— If you’re not logged in to your Google account you can use a proxy service like Tor, Anonymizer or the PhZilla Firefox extension.

— Practice good Internet security behavior: Run anti-malware software on your system; don’t click on links in e-mail from strangers or those you know; pay attention to the URLs in links; don’t open attachments you aren’t expecting; avoid porn, illegal file-transfer and warez sites; don’t click on pop-ups (even to close them — instead, use the keystroke commands Alt-F4 on Windows machines or Command-W on Macs).

— Use browser security or privacy settings to reject third-party cookies (those that originate from sources other than the site you’re on.)

— Set your browser’s security and privacy settings to delete all of your current cookies at once or else manually delete those that you don’t you want to keep.

— Use your browser’s “private browsing” feature.

— Encrypt e-mail. Encryption is available in Outlook or Thunderbird clients, or you can use a product like PGP Corp.’s PGP Desktop Home

— Block scripts and ads with ad blockers such as AdSweep (Firefox, Opera and Chrome) or AdblockIE for Internet Explorer 8 to prevent sites from serving ads, including Doubleclick’s.

— Use a strong password (more than eight characters, upper and lower case, numbers and symbols) and change it about every month.

— Stop using Internet Explorer 6 (and its 24 unpatched vulnerabilities). Upgrade to IE8 or one of the other browsers like Firefox.

— Run your browser in a virtual environment so malware can’t access your hard drive.

I think the fact that the word “paranoid” was used in the title of the story is yet one more indication of how ambiguous we are to Internet security. There are hundreds of millions of people using the Internet across the planet and most of them EXPECT it to be safe. It really isn’t. The threats very technical, ever-evolving and hard for most of those people to understand.

The story is a good description of state-of-the-art security practices for everyday users and well worth reading.

Tom Kelchner

The Social Times site is running an interesting feature story and interview: “Interview: New ‘Pot Farm’ Facebook Game Promotes Organic Growth.”

According to Neil Vidyarthi, the game has half million players on Facebook; six people have joined a Facebook group opposed to it.

The public relations contact (Uncle Floyd) for the group who created it described it: “In pot farm you can grow, like plants and things and make your own groovy homestead out in the woods, man. It’s really beautiful. Only thing is you have to look out for RANGER DICK. I don’t know what his problem is, but there’s some plants that totally freak him out. The dude is really uptight and needs to RELAX. Wow.”

“We also have this protection mechanic that’s different than the usual withering mechanic. In Pot Farm your crops never die, but if you grow certain plants without making sure they’re protected, you might get busted by Ranger Dick! This lets players choose how much risk they want to take on; if they buy enough protection, they never have to worry about that mean old Dick. Groovy, man.”

Funny how that “stoner” shtick that was developed to high art form by Richard Anthony “Cheech” Marin and Tommy Chong continues to live on.

There could be a privacy issue here. Players might consider what future employers will think about the game and make their Facebook privacy decisions accordingly, so, like, they don’t freak out. Ya know what I mean, man?

Tom Kelchner

Another day, another scam based on the content delivery system Steam. This time round, it’s a rather nice looking website offering up lots of free games in the form of l4d2dl(dot)com:

Click to Enlarge

“Download now: 100% Free”, says the big Download Now button. Elsewhere, the site puts up nice “All Access” banners and down the left hand side you can see lots more games up for grabs, along with embedded Youtube videos playing trailers for all the titles in the middle of each page.

Of course, it’s all about to go horribly wrong.

The first clue that something isn’t quite right here is this:

“Cracked client”? That can’t be good (although clicking the button does nothing, as there’s no download there anyway. This already looks like a cookie cutter website designed to extract marketing information from you, doesn’t it?)

Should you visit the site with AdBlock Plus switched on, you’ll see the following message:

Click to Enlarge

In order to “keep the content of this website free” you have to view the adverts – we’re about to view a content gateway, aren’t we? Cleverly, anyone thinking they can get around the content lockout by switching off user style sheets will see this instead:

Yes, they really want you to see some adverts. This is what the end-user will see if they do as the website demands:

It’s survey time! You’ll need to fill in forms, sign up to offers and get ready for marketing action galore in order to grab your “free games”. Of course, given that the site itself doesn’t have live download links on it and claims to have an extremely dubious “cracked” version of Steam up for grabs (it isn’t) I don’t think anyone signing their lives away to offers will get anything decent back in return.

The site is a recent creation, registered to someone in China and is already picking up a few reviews of the “avoid” variety on SiteAdvisor. I think I’d have to agree with them…
Christopher Boyd

Single-use login codes and SSL

Microsoft is ramping up the security of Hotmail in its latest evolution. Improvements include:

— New account security information to help users regain access to accounts when passwords have been lost or the accounts taken over by malicious operators. These measures include account recapture codes sent via SMS messages.

— Single-use (one-time) codes that can be used to log into Hotmail accounts on public networks to prevent the loss of login information to sniffers. The codes can be sent to alternate email accounts or mobile phones.

— Secure Socket Layer (SSL) encrypted login and complete sessions

— Trusted sender logos: pictures that will appear next to legitimate senders (such as banks.)

See “Security Investments in the New Hotmail” at the end of the blog entry “What’s new in Hotmail”

Tom Kelchner

Sunbelt Software will be giving away a Ducati 848 Superbike at Tech Ed 2010 in New Orleans in June. The Ducati 848 is an 849 cc L-twin sport bike. It’s sitting in front of our reception desk now.

Check out the VIPRE paint job:

Photo credit:  Sunbelt Group Technical Product Manager Eugene Olsen.

Sunbelt is a silver sponsor of the Microsoft TechEd 2010 North America event, at the Morial Convention Center in New Orleans, June 7-10, and will exhibit advanced technology solutions for endpoint anti-malware security, email security and data retention at Booth # 701.

We’re going to announce two new products and hold five demonstrations of our high-performance, low resource VIPRE Enterprise and VIPRE Email Security for Exchange. Attendees are invited to participate in a drawing to win the Ducati. The drawing is Thursday, June 10 at 1 p.m. CST.

News release here.

Tom Kelchner

Alert reader Joe Fernandez over at the MalwareUp forum (http://malwareup.org) sent us a tip on this one. He was checking out the scripting in a rogue security product and found a little note to the guys at ESET anti-virus company (which makes ESET NOD32 Antivirus 4 referred to below):

Cute.

Update:

Eset, Star Wars, dot.tk and rogues ....

I just got a note from Steven Burn with the Ur I.T. Mate Group in the UK

His group found this little “message” in a script in a rogue as well:

/*hello nod32 guys; the force is strong with u, young Padawans, but u won’t defeat us; any resistance is futile;/

Blog post about it here.

Ur I.T. Mate Group is the name given to a collection of websites developed and maintained by Steven Burn.

Tom Kelchner

Today, as virtually everyone knows, Google put Pacman on the homepage.

I got the following note from Mike Williams, one of our support managers, this afternoon:

“We had a new kind of ‘virus’ attack today that people were calling in about. A few people including an admin called in thinking they had virus with the sound of a siren in the back ground of their web browser (one guy even sent in a .wav file).

Turns out it’s Google’s home page.”

Alex Eckelberry