Conficker Downloads Payload

nk497 writes "Conficker seems to finally be doing something, a week after hype around the worm peaked on April Fool's Day. It has now downloaded components from the Waledac botnet, which could contain rootkit capabilities. Trend Micro security expert Rik Ferguson said: 'These components have so far been missing, but could this finally be the "other boot dropping" that we have all been been waiting for?' Ferguson also suggested that people behind Conficker could be the very same who are running Waledac and created the Storm botnet. 'It tallies with some of the assumptions people have made about Conficker — that the first variant was actively trying to avoid the Ukraine because Waledac was Eastern European,' Ferguson added."

april fools

[gEvil+(beta)]

Downloading its payload and going live a week after April 1? Now that's the way to do an April Fools joke.

Re:april fools

[Rik+Sweeney]

I think the Conficker was going for the clichéd horror film approach. Granted, it should have really done it on April 2nd but doing it this way has probably blind sided more people.

Re:april fools

[Lumpy]

That honestly would have rocked...

April 1 - 2009 Conflicker downloads and activates it evil payload. Computer screens all over the world go black with large red numbers counting down to....... something......

Do it like the many really bad computer hacker movies. That would simply be funny as hell. The raging panic from the easily panicked sheep, Fox news will report that Conflicker turns your computer into a bomb, etc....

THAT would be the coolest April fools joke ever.

Re:april fools

[sskagent]

Your computer would have to beep. All movie computers make excessive, unneeded noise.

Re:april fools

[eieken]

That's easy, conficker would just have to install this: http://www.nullsoft.com/free/nbeep/

Re:Finally?

No. It is the only news.

Holidy Weekend.

[GreggBz]

Bots and spammers typically wait for the holiday weekends; like playing your starters against their backups.

Re:Holidy Weekend.

[skeeto]

like playing your starters against their backups.

Could you change that into a car analogy? Thanks!

Re:Holidy Weekend.

[thedonger]

It's like showing up to a street race in a rickety-looking Ford Escort which secretly houses a small block V8 with nitrous.

It's like a porn star showing up to a naked pool party for men with erectile dysfunction.

It's like bringing a gun to a knife fight.

Re:Holidy Weekend.

[Culture20]

like playing your starters against their backups.

Could you change that into a car analogy? Thanks!

It's like playing your things that you turn the key in that makes your engine go vroom!vroom! against their things that go Beeeeep Beeeeeep Beeeeep.

Re:Holidy Weekend.

[Oxygen99]

It's like rai--ai--ain, on your wedding day...

Re:Holidy Weekend.

[syrinx]

The irony is that a song called "Ironic" is not ironic.

But wait, that would mean the song is ironic after all. Which of course means that it isn't.

Re:Holidy Weekend.

[NinjaPablo]

Pudding can't fill the emptiness inside my heart. But it'll help.

Re:Holidy Weekend.

[Chyeld]

Because, it'll hurt more?

Re:Holidy Weekend.

[networkBoy]

At my old apartment we had someone stealing gas on the peak of the market.
Since my truck is crap it was an easy target. They stole almost an entire 30 gallon tank full.

I found out who it was by disconnecting my fill spout from the tank (and piping a new fill spout from the tool box in the bed), and putting in a mini tank on the OEM filler. Filled it with about 3 gallons of nitromethane and 2 gallons of diesel. All of a sudden one day this (asshat) ricer had his engine almost explode. It was quite funny.
-nB

Re:Holidy Weekend.

[mlts]

A friend of mine did similar. His vehicle has two 25 gallon gas tanks. So, he routed one so it filled up from a non-obvious location and the second tank he filled up with water and used a non locking gas cap. It was not uncommon to see more than the usual amount of dead cars in parking lots, especially during last year when the price of gas spiked.

Re:Holidy Weekend.

[Mister+Whirly]

See also: making the Kessel Run in less than 12 parsecs

Re:Holidy Weekend.

[Mister+Whirly]

Actually, a human heart could hold about 4-5 ounces of pudding if stuffed to capacity. But I wouldn't recommend it.

Re:Holidy Weekend.

[dragonturtle69]

I think of it differently. Han is an experienced criminal in Star Wars. Luke is still quite naive.

Han says that the MF made the Kessel run in less than twelve parsecs, obviously not a measure of time. Luke asks if that is fast. Han then knows that Luke is an interstellar NOOB. While not nice, this type of behavior was something that made Han Solo interesting in the first films. He went from a selfish smuggler that would have ejected his passengers in space to a selfless leader.

But like the another change made to the story, where Greedo fires first to make Han not the aggressor, the back-story was created to make Han nicer. I guess we just can't have mean, selfish, egotistical smugglers nowadays.

april fools?

[pickle_in_being]

I think it would have been more logical for conficker to download it's payload on the 1st of April itself, so that people would take the threat less serious.

Re:april fools?

[Norsefire]

Everyone was expecting that and was prepared for it. A week later, everyone's forgotten about it. Also with this timing if something starts going wrong now it will be difficult to get anyone to fix it until Tuesday.

Re:april fools?

[MeisterVT]

In this case everyone was growing to expect just that, and would therefore be taking it seriously. Or at least people that could do something about it would. Now, since nothing much has happened people are lulled into a false sense of security and become lax or start considering the threat that something big was happening on 4/1 the real joke.

Now that the hype has supsided, what better time to strike? I think that dovetails nicely with GreggBZ's earlier post about the holiday weekend (for some of us).

Re:april fools?

[AliasMarlowe]

Half the world writes it 4/1 the other half 1/4

Half? About one twentieth of the world (by population) writes it month/day or month/day/year, in the so-called "middle-endian" form. The other nineteen twentieths mostly write it day/month or day/month/year, in the so-called "little-endian" form. The ISO 8601 standard is the "big-endian form" year-month-day which is used in a few countries.
http://en.wikipedia.org/wiki/Date_format#Date_format

Re:april fools?

Don't I feel backwards for writing it year/month/day---but it makes sorting backups and such so much easier.

That's what kills me about this.

I live in the USA, where the government recommends yyyy-mm-dd but everyone actually uses mm/dd/yy.

Every year I have to tell my kids' teachers "my kids are going to date their papers using the internationally standardized date notation, and you are going to accept it. Here's a handout with many reasons why, that also includes recommendations from NIST and other prestigious US scientific organisations. I will be checking their homework for proper date format, you don't have to do anything except allow them to do it right". In every single case the teachers read what I've provided, agree that I am being reasonable, and then take exactly zero steps to educate any child other than my own in proper date notation.

Every job I've ever worked, I've had a similar experience: I explain why we're all going to use ISO dates, and show how computer programs get more efficient, misunderstandings are prevented, etc. etc. etc. and everyone agrees but then keeps on using the retarded US format. They are all totally conditioned from school.

So, now that I have wealth and power, I simply fire everyone I catch using the stupid format. My employees tell each other, "He's reasonable about everything else, but he has a bug up his ass about date formats". This strategy is working incredibly well for me, because I now have zero employees who are unable to overcome mental conditioning. And someday my kids will rule this nation, because they are being raised smarter than their peers (most of whom are examples of devolution in action - can't ride, shoot, spell, or converse intelligently).

Re:april fools?

[dotgain]

I would think that the security companies would at some level keep things running 24/7,

And how do you propose they might do that? Reroute power through the main deflector dish?

Potato Blight for computers

[MosesJones]

One of the major causes of the Potato famine in Ireland was the reliance on a single product (the potato) and an inability to shift to a more varied diet. Things like ILoveYou and Conflicker are preying on exactly the same homogeneous environment as they know that hitting one element yields massive results.

Now given that this homogeneity has been driven in part via a convicted monopolist then it really is interesting how little political attention this gets. Arguably these sorts of attacks are more of a modern challenge than "traditional" terrorism and against a background of economic woe we can all do without a bunch of companies getting taken offline for a few days or suffering from industrial espionage.

We don't learn from history, we don't apply history to new cases we just stand back in amazement after letting homogeneity develop at the impact that a relatively simple flaw can have across a large group of people.
 

Re:Potato Blight for computers

[Ed+Avis]

Yeah, because obviously the answer is to have a hundred different systems with a hundred different sets of vulnerabilities. That will be much easier to keep patched.

Re:Potato Blight for computers

[entirely_fluffy]

>Yeah, because obviously the answer is to have a hundred different systems >with a hundred different sets of vulnerabilities. That will be much easier >to keep patched. well, actually, this really is the answer - you never get rid of vulnerabilities but you can put enough variation in them that specialised viruses become less effective.

Re:Potato Blight for computers

[Anpheus]

Or, since the barrier to entry is so low as far as blackhats are concerned, ALL systems end up being more insecure and virus-ridden and no one benefits.

Or virus-writers will pick, instead of the top 1, the top 5, or the top 50% of systems, and target those. Unless it were a truly heterogeneous network, with every single person having their own hand-crafted OS and application set, there will be viruses because people, dammit, want to see the dancing bunnies.

Reference: http://www.codinghorror.com/blog/archives/000347.html

Re:Potato Blight for computers

[Cornwallis]

So I understand you to mean I should stop using my potatoe to surf the web?

Re:Potato Blight for computers

[Ed+Avis]

No but it would be a lot harder to exploit and that is GP point.

Why? It is often only necessary to attack the weakest link in the chain. To get inside a company network and copy documents available to employees, for example, only one employee workstation needs to be subverted. That is easier if there are several different systems running - just pick the crappest one and exploit that.

Of course, it's arguable that the one system which is widely deployed in a monoculture today is in fact that one crappest and least secure of all the choices available. In which case adding a bit more variety would not hurt things, but it wouldn't improve them either, unless almost all the Windows systems were removed.

Re:Potato Blight for computers

[Ed+Avis]

His point was that you don't need to keep things patched as regularly if you have a wider variety of OSes because there will be less people finding vulnerabilities, less incentive to exploit them,and less hackers writing worms for a given OS.

That is the definition of 'security through obscurity'. I would not want to run an insecure system and hope to be safe because nobody else had heard about it. True security means using well-known and peer-reviewed code (but not 'well known to be crap').

Re:Potato Blight for computers

[bazonic]

Aside from pointing out the flaws in your analogy, and the fact a patch was released four months before this exploit arrived, I think you are overlooking the massive systemic benefits of homogeny.

One could argue that computing and the Internet would not be as ubiquitous as they are today without having had a defacto standard. There is an even stronger argument at the cost savings to businesses and governments in not having to train and retrain new employees on how to use numerous computer systems.

And as far as "companies getting taken offline," there is no excuse for leaving production systems unpatched for four months. Microsoft could not make it easier to apply security updates unless they came onsite and installed them for you. That's not as much a convicted monopolist issue as it is shoddy, lazy network management.

Re:Potato Blight for computers

[AliasMarlowe]

Except in such a case you just have to exploit one box and you get access to the rest. There went all your brilliant planning and schemes.

No, you would probably just get access to the one box (and others identical to it). You generally would not get access to the other boxes, unless they share essentially the same vulnerability. GP's point was that a monoculture can be devastated by a single assault, but a mixed ecosystem is much more difficult to damage severely.

Minor clarification of GP post: the potato crop in Ireland in the 1840s was dominated by a single variety of potato - the Lumper - which exacerbated the effect of a single strain of potato blight. The equivalent in computers would be all PCs running the same version of Windows with the same selection of programs, patches and protections: a disaster waiting to happen.

Re:Potato Blight for computers

[Mister+Whirly]

Yes Senator Quayle, immediately disconnect your potatoe from the intertubes.

Re:Potato Blight for computers

[Larry+Clotter]

No, you would probably just get access to the one box (and others identical to it). You generally would not get access to the other boxes, unless they share essentially the same vulnerability.

By "access" I didn't mean you would then have full access to everything on the network. By access I meant you would have an entrance point to the network and then would be able to access whatever other computers that the node you exploited has access to. Through that entrance point you would then be able to scan and attempt to exploit any computers it can access.

GP's point was that a monoculture can be devastated by a single assault, but a mixed ecosystem is much more difficult to damage severely.

So it is claimed, but there are numerous cases of people breaking through heterogeneous systems so this claim is a bit lacking.

Re:Potato Blight for computers

[Espinas217]

I run an unpatched machine with an obscure system that some friend of mine wrote. Probably anything but secure, knowing his code, but oddly, no spyware, no malware, no nothing. Why? Because it's no market either.

When you have a hundred systems all having an equal market share, any given threat can only infect 1% of the existing machines (provided they are not binary compatible). That is economically uninteresting for the malware businesses.

It is also uninteresting for software developers so you have a system without malware and almost useless because you just don't have any software to run on it. Also you can't comunicate with other peoples systems because yours is incompatible and different. Unfortunately the malware is the price we have to pay for having access to such a big network. If we had hundred different incompatible systems it would be a nightmare to write any software that runs on all of them (be it good or bad software). With some sort of common standard is easy (for certain values of easy) to develop software that can run everywhere, good software and evil software.

Re:Potato Blight for computers

[mlts]

There are two programs included with Windows versions (XP and newer) that do pretty much this. sigverif.exe which verifies every file's signature, and sfc.exe which will compare installed Windows files against service pack files and will copy from OS media any files that have been changed or are missing.

actual article

[phantomcircuit]

http://blog.trendmicro.com/downadconficker-watch-new-variant-in-the-mix/

Re:actual article

[phantomcircuit]

also it looks like http://www.confickerworkinggroup.org/ is down

Re:actual article

[DarrenBaker]

Holy shit, I'm going to hide under my desk now. Call me when it's all over.

Re:actual article

[Shrike82]

This is an extremely interesting development. One potential explanation is a DDoS attack from infected machines. Another option is simple coincidence and a technical problem with their hosting server.

I suspect the former, but hope it's the latter.

Re:actual article

[dissy]

also it looks like http://www.confickerworkinggroup.org/ [confickerw...ggroup.org] is down

I can still get to it... you must be infected!

(Ok, ok, i'm just joking, it doesn't load for me either. It seemed a lot funnier when i first started typing it :P )

Re:actual article

[robthebloke]

or it's been slashdotted...

Re:actual article

[Wolvenhaven]

His name is Robert Paulson

Re:actual article

[buzy+buzy]

Holy shit, I'm going to hide under my desk now. Call me when it's all over.

No Problem,

I'll email you an attachment that will explain what happened and why everything is ok.

Be sure to read it.

Eye chart

[Drakin020]

On a side note, that eye chart the Conflicker Group had up no longer works.

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Re:Eye chart

[JakartaDean]

On a side note, that eye chart the Conflicker Group had up no longer works.

http://www.confickerworkinggroup.org/infection_test/cfeyechart.html

Works for me.

I gotta ask

Why didn't someone infected with this, say last month, change their pc clock ahead to April 1 to see if it downloaded stuff or not? Then April 2, then April 3, etc.
Duh.

Re:I gotta ask

Conficker gets it's time from a lot of different time servers, not the local machine. I think the author might have thought about that when designing the worm...

Re:I gotta ask

[Z34107]

Conficker doesn't use the internal system clock; it polls various websites to find out the real date.

If it can't connect to those websites, or gets an unexpected response, it assumes it's in a closed network and holes up.

Re:I gotta ask

[MyDixieWrecked]

Why didn't someone infected with this, say last month, change their pc clock ahead...

First of all, I'm sure that the payload itself wasn't made available until the last minute.

Second, if it were me who wrote the virus, I would have written it to *start* looking for a payload, start looking in no particular place, and continue looking until it's been found. Considering that it's getting its payload from an established botnet, it could just be poking around looking for machines that can give it its payload and the payload wasn't made available until today.

When you have control of as many machines as the Storm or Waledac botnets, the world really is your oyster. You're not restricted by IPs, and if your botnet is large enough, you can just iterate through addresses looking for a system that has your payload for you. Without access to the botnet or the payload, it doesn't matter how much you reverse engineer or adjust your clock, you just can't predict what will happen in the future.

Re:I gotta ask

[Lumpy]

You certianly can man in the middle attack it. slowly skew the time with your own NTP server.. then look to where it's going to ask for it's next feeding and then attack that vector. and yes you CAN attack a P2P distribution vector.

Re:I gotta ask

[maxume]

The AC is confused though; researchers did all of that, they even have some sort of access to the randomly generated domain list (I get the impression that they have the algorithm, rather than doing some sort of playforward attack as is being discussed here) that is checked for downloads. The core issue is that there had not been anything to download, so all they were able to do was (potentially) confound the operators.

I would go so far as to say that they have been attacking the p2p vector, but since it requires the cooperation of the administrators of the compromised machines, they didn't get very far.

Re:Blame Obama

[Richard.g.k]

See, if you're going to go all political and off-topic, you should at least try and make some sort of attempt to link it to the story at hand...

for example...

If you look at the facts the conficker virus and waladac botnet are CLEARLY parts of a vast left wing conspiracy which is obviously fronted by obama because the democrats want to take as much of your processing power as they do your income

Re:Blame Obama

[GreenTech11]

PLEASE, PLEASE mod parent funny

Ahhhhhh...

[buttfscking]

This sure is entertaining from over here on Linux Island! *sips drink*

Re:Ahhhhhh...

[tb3]

The Mac Archipelago finds it amusing, too. *Cheers!*

Re:Ahhhhhh...

[parkrrrr]

The parts of the Windows mainland who install security patches are also amused. I'm sure we'll all be amused right up until the Internet we all share with the infected losers goes all wonky.

Re:Ahhhhhh...

[Shrike82]

It's good that this provides you with entertainment, it must get very boring over there when you can't play any games ;)

Even though I'm joking, let the "Troll" modding begin.

Re:Ahhhhhh...

[jimbolauski]

Macs have games, Breakout, Super Breakout, ... Photoshop?

Re:Ahhhhhh...

[ancientt]

The Windows 7 testing delegation would like to tell the Linux Island group to kiss [LOST CARRIER]

Re:Ahhhhhh...

[Myrimos]

Don't forget the Linux games!

- Why Isn't My Wireless Working? (Fun for the whole family!)

- Write Your Own Driver

- rm -rf ~/* roulette

- The Uptime Game (See how long your server's up! Prizes for +100 day or 6 sigma uptimes!)

- Condescension (Make Windows users feel so bad about their OS they switch to *nix. Bonus points for Gentoo.)

Anyway, Linux has tons of games for the creative and inquiring mind.

Re:Ahhhhhh...

[Yosho]

Hey, don't knock it. Photoshop Hero is the best game ever.

Why the doom and gloom?

[castironpigeon]

Isn't anyone else curious to see what happens next?! I can just imagine millions of computer users starting their computers Monday morning and seeing their new goatse-themed desktop. Oh the lols...

Re:Why the doom and gloom?

[RiotingPacifist]

Remove the stone of geek!...Append the stone of evil genius!

Although if that does happen, expect a call from some well dressed men in a nice car, with blacked out windows, on Monday afternoon.

Patch?

[SmallFurryCreature]

Why would you need to patch if nobody has a clue about how to attack your system?

well, actually you got a point but you come at it from the wrong angle.

The problem is that thanks to the net, EVERY COMPUTER IS THE SAME. Internet capable...

Effecticly, this is to sexually transmitted virusses as all of us screwing everyone else at the same. The internet is a gangbang of computers.

What this leads to is that no matter how obscure your OS and the bugs on it, someone somewhere will know about it and have, thanks to the sheer size of the net, have thousands if not hundreds of thousands of targets.

There may not be many amiga's left but if they were all infected, it would still be a nice botnet.

Re:Patch?

[0100010001010011]

What is this sex of which you speak?

Re:Patch?

[Larry+Clotter]

Why would you need to patch if nobody has a clue about how to attack your system?

Because if even one system in your heterogeneous environment is exploitable you have just given them an easy backdoor to the rest of your system. If all systems aren't patched up you've only created a false sense of security and you've increased your maintenance costs many magnitudes higher for some "security through obscurity" scheme.

Re:Patch?

[Larry+Clotter]

Sure, if your sysadmin is an idiot. If one box being compromised results in full access to all boxes on the network, your system is poorly designed.

Strawman argument. No where in my statement did I say anything about having full access to every other box on the network through that one node. But, once an attacker has an inlet into the network they can then move on to compromise other systems which may have greater access to other parts of the network. The simple fact of the matter is that the systems on the network are going to have to have some level of access to each other otherwise there is no point in networking them up together.

Re:That's just ridiculous....

[tygerstripes]

I think your anglophobic ranting has blinded you to the OP's statement and argument.

One of the major causes of the Potato famine

[emphasis added]

The reliance on a single product - the potato - was unquestionably one of the major factors behind the famine. The fact that this reliance had socio-political factors as its root cause is totally besides the point. The fact is that the poorest people were reliant on the ubiquitous crop as their winter staple, and that ubiquity is what allowed one blight to cause such devastation. As you said yourself, it was all they had.

It's a good analogy, and you've needlessly muddied the waters by misreading and over-extending the OP's point.

Your suggestion that opposing open-source is a necessary step in increasing OS variety is weird and baseless. I'll grant you that completely free trade (as in "without restriction") would facilitate monopoly-practice and in turn engender a monoculture, which is how we found ourself in the current mess.

To suggest open-source development discourages variety though...? Wow. What's your reasoning behind that posit?

Re:That's just ridiculous....

[gbjbaanb]

to be fair, the British government didn't deliberately starve the Irish, instead they were proponents of 'free market forces'. They didn't have supermarkets or microwave readymeals in those days, so a staple foodstuff like the potato was pretty much all you ate anyway. Of course, if you were rich you could afford meat - like the cattle raised in Ireland for English tables. The landlords got richer and the poor stayed poor.

The trouble was that the blight reduced the number of potatoes in circulation, and as other people were richer, they could afford to pay more - and so the farmers shipped their potatoes to the richer people, leaving the peasants to starve. As has always been the way.

Incidentally the British didn't deliberately starve the people - after they'd woken up to the trouble, they did ship in large amounts of aid and close the ports to food exports. Too late for most of course, but don't get incompetence confused with conspiracy.

There's been too much FUD about the potato famine, I suppose spread for modern political reasons. The truth is just dull, the government took a 'light touch' approach to the markets. Unfortunately this approach to 'hands off' free-trade doesn't give what society requires, with such lax input from governments, the free market doesn't always work correctly and you have monopolies appearing and abusing the freedom that should be providing a better set of choices. For computers, its no good saying "you could run Linux" if everyone needs to run Windows because of the ubiquity of software running on it.

Protectionism is the last thing you want, when you get that, you invite stagnation. There's no innovation of growth, the established parties simply try to maintain their market with what they've got. Developing new products is a significant cost - and without free trade getting in the way and allowing new entrants to the market, there's no incentive to spend. Of course you might get new upstarts appearing, but that happens so rarely, and most of them are small and get killed off by the established big players either by being bought out (name any MS product really) or having their market destroyed (eg IE v Netscape).

Ultimately the government needs to step in and support open standards, making sure everyone works with them. Then you can have much better spread of heterogeneous systems as they would work together, giving people the ability to choose an alternative to the dominant product.

Re:That's just ridiculous....

[sveinungkv]

Like, there's only one Linux kernel, only one C compiler, only one bash shell.. only one Perl, only one Java...

You are correct that there are only one Linux kernel, but there are other free UNIX kernels you could use instead. When it comes to compilers both LLVM and GCC are widely used. (LLVM is used in Gallum3D, the new acceleration architecture for X, and in Shark, a CPU agnostic JIT for OpenJDK. A C frontend not based on GCC is in development) There are many shells. Ubuntu, a quite popular Linux distro, actually uses dash as default /bin/sh. While it's true that only OpenJDK (if I recall correctly) passes the TCK for Java you also have competing implementations like Harmony, what Google uses on Android. You have more competition on the parts of the Java stack that takes less time to implement.

Ever have one of those moments...

[gillbates]

When you realize you are uncontrollably in love with someone? That you and this person sitting beside you are soul mates? That you were meant for each other?

That moment for me came a few weeks ago. Yes, my wife and I have been married several years, but she was a Windows user when we met. Sure, she'd grown up in a diverse family - both Macs and PCs, but most of her experience was on Windows.

About a year ago I replaced Windows with Ubuntu on the family laptop. She kind of grudgingly went along with it.

Then, last week we were watching the news when the anchor broke the story of conficker. Without missing a beat, she turned to me and in roll-your-eyes-I-can't-believe-they're-so-stupid kind of voice said:

"That's a Windows thing, isn't it?"

"Yep," I replied.

"Hmmm. Sucks to be them, I guess..."

Linux evangelists take note: sometimes it takes people *years* to come around. But when they do, when they realize they no longer have to WORRY about viruses and other Windows-specific crap, it's priceless.

Re:Ever have one of those moments...

[Angostura]

That's actually one of the saddest thing I've read for a long time. I hope she never elopes with a Windows 7 install.

Re:That's just ridiculous....

[Jaysyn]

Protectionism worked for the US from the 1800's all the way up till the 1980's. We got to the moon using protectionism as an economic tool. I'm just saying.

Ridiculous or not.

[AliasMarlowe]

Incidentally the British didn't deliberately starve the people - after they'd woken up to the trouble, they did ship in large amounts of aid and close the ports to food exports.

As you say, there has been a great deal of bunk written about the Hunger in Ireland in the late 1840s. However, you may have added to it.

Irish ports were closed to food exports in the previous famine in 1783, but not at any time in the 1840s or 1850s. Ireland remained an exporter of food (mostly grain & cattle) in great quantity during the Hunger. What food aid arrived in Ireland was the result of charities, not the British government. In fact, the British attempted to prevent food aid from arriving from some other countries. http://en.wikipedia.org/wiki/Great_Irish_Famine

There was also a lesser famine in Scotland at the same time, caused by the same over-reliance on potatoes which were hit by potato blight. http://en.wikipedia.org/wiki/Highland_Potato_Famine This caused great hardship in the Highlands, but food aid provided directly by the British government meant there were relatively few deaths from starvation or malnutrition-related diseases.

Re:Car Thieves

[Velska1]

Now that we're talking about car thieves;
Once my car's fuel pump was busted, and I had been working with it since I tried in vain to start it.

I accidentally left the keys in the ignition at night when I went in, and in the morning we had a visitor, who asked, "what happened to your car?" "Something happened?" says me, only then spotting the empty bay in front of the garage door (not really visible from inside).

You imagine I was a little puzzled. There was no fuel pump in the car. How in heck had they driven off with it? Without really knowing what I was doing I started walking around the neighborhood, thinking they can't have gotten too far...

About 150 yards out, around the corner, there was the car, complete with the keys in the ignition (including my house keys - how's that for stupid?), the hood still unlatched, with no other sign of tampering but a dirty palm print on the white hood.

Turned out somebody had been waiting for us to go to bed. We had been sitting up till 2 AM right above the car bay, talking by an open window in the balmy summer weather. Whoever it was, had waited under the neighbor's shelter, smoking a crapload of cigarettes (~100 butts) - and taken a crap - to pass the time, then pushing the car out far enough so we wouldn't hear the starter grind.

Big fat reward there. I hope they had a sense of humor! (I kind of figure if they didn't have one, they would have vandalized the car to "get back".)

A bit offtopic, but I think it makes a good story.

Re:Solution?

[dotgain]

...and using 4096-bit signing to authenticate anything tossed in the windows.