Posted on

Rude, Arrogant or just plain stupid…?

One would expect public figures to be the example, certainly in other countries those in public office, rock stars, actors and generally anyone famous has to set an example for others.  Where the law is broken, those famous often get heavier sentences as an ‘example’ to others, indeed as a person who has worked for a customs office I was warned as part of my induction if I was ever caught in possession of drugs I would likely get the maximum sentence by any court etc..  Where laws are not broken but ethics are, jobs are lost, people are distanced from colleagues and the culprits are discredited.  So the question is how does the Maltese political parties fair in this game of showmanship?

Well yesterday I had to fly back to San Francisco for my 3 monthly visit to ‘Head Office’ and I wasn’t looking forward to it.  United Airlines are renowned for the worst service of any passenger airline, and traveling some 60,000 air miles per year, I have to say I have had my fair share of their awful service.  However, my ‘travel dramas’ of the past were surpassed to my amazement and disgust by and incident at the very beginning of my journey…  Happening right in the Malta International Airport (MLA).

I was waiting patiently in line for a checkin assistant to become available with at least one person in the queue behind me, and a couple of friends being served already, then an older man came up and stood near the desk.  Thinking this guy was just after asking a quick question I did not challenge him, checkin continued and my friends started to move away, and to my amazement the guy stepped forward and put his suitcase on the conveyor belt and handed over his passport.  I immediately called, “excuse me! excuse me! There is a queue here you know?!?!” to which the reply was, “I see no queue.”

I did not hear the reply, but my friends had, I repeated myself with the addition, “are you really such a rude person that you will jump the queue whilst there are others waiting?”  The reply, came under his breath, “F’oxx …” (I did not hear the second word but am fairly sure it was “Ommock” ..  Now for the benefit of the non Maltese speakers, “F’oxx” is equivalent to “Fuck” in English and “Ommock” is “Mother” (ie the term is “Fuck your mother”, which is used rather offensively instead of “Fuck Off”) ..  I was outraged and turned to the checkin assistant who was a young girl and she said, “he’s Flypass”

Now Flypass members get preferential treatment, they get to use the business class lounge etc..  However, their privileges does not extend to queue jumping, and in the event that someone does have that privilege they are to use the ‘business class’ line, or wait to be invited by the assistant.

Mr Joe Debono Grech
Mr Joe Debono Grech – MP for Labour

Remember me saying that I travel around 60,000 air-miles per year?  Well, that’s around 20,000 ‘Flypass’ miles per year, I am known to Air Malta staff in Malta, Germany and the UK (though not this girl on the check in desk).. I was flying Premium on Lufthansa in this case, I am a Gold ‘Star Alliance’ member (Lufthansa Miles and More, and United Airmiles etc)  I am a silver British Airways member and just 4,000 airmiles off being a Platinum Etihad member… I fly a lot, and have been doing so since 2009, I don’t enjoy it….  Not that it made any difference in this case the assistant still allowed him to continue and the poor people behind me had to wait for this ignorant twit.

Another Lufthansa staff member became free and checked me in.

I spent 30 minutes in the departure lounge wondering where the person had gone to, and boarded the flight on time, several minutes later one of the last people to board came into view, and who would it be, you guessed it, the rude person from checkin, and to my astonishment, he continued past my seat into the economy area and sat approximately half way down the plane…  Yes folks, this guy was not even a premium class traveller…!

Incensed by finding probably the most rude, ignorant person in Malta, I formulated a plan.  The plane landed and I jumped up and got off the plane as fast as possible, taking my carry on luggage with me, little did he know I would be waiting at the gate in Frankfurt with my Nikon D3s and F2.8 lens…  Camera checked, turned on, set to highspeed shooting (9 frames per second).. he walked off the plane and one of the pictures was uploaded here..  My plan to name and shame him into better behavior…  Give him an unwelcome 30 seconds of Internet fame…  Little did I realise who “he” is…

Within minutes of posting the picture to Facebook several people messaged me to tell me it was none other than Mr Joe Debono Grech, a politician parliamentary candidate for Labour. Many describing him as a relic of the 80s, some stating quite clearly that my report about his conduct has made up their minds on which way to vote at the next election.

Personally I am shocked that someone holding public office would conduct themselves in such a manner that brings their party into such disrepute.  Labour, not for the people, for everything they can get for themselves, is what comes to mind.  Well Mr Debono Grech, I will not stoop to your level, I will not tell you to “F’oxx ….” I will not use my frequent flyer privileges to be rude and inconsiderate to others, I will be the example you obviously cannot set, and I pray that the people of Malta never have to suffer election of someone so ignorant in the future.  I fully expect you to use your contacts to make my life hell, well do your worst is all I can say, I currently pay 4000EUR in income tax per month, I can claim most of those back with all the loop holes in the tax law, I choose not to!  I put my taxes into the community for the benefit of all, I support local artists where I can, often at great cost to myself, and never charge a penny.  I am polite most of the time (I am just not polite to people who don’t take ‘no’ for an answer) and I believe in the Maltese people and way of life.  I was not born here, and I do not have relatives here.  My only connection with Malta before I moved was that my father was stationed here in Malta during World War II..  I am 43 years old now, and I have never in my life seen *anyone* with a attitude as disgusting as yours, and I am just glad the new generation of Malta, whilst not following in as much tradition as many would like, are better behaved and respectful to others than yourself.

 

Oh and the right (Dis)Honorable Joe Debono Grech…. just for the record… you won’t be getting my vote either.

 

PS: I am learning Maltese, not because I have to – but because I WANT TO!!  So yes, I could understand what you said to the assistant.

Posted on

To VEET or not to VEET that is the agony…

THIS IS AN ACTUAL CUSTOMER REVIEW FROM A MAN ON AMAZON.CO.UK AFTER USING VEET HAIR REMOVAL CREAM FOR MEN.

 

After having been told my danglies looked like an elderly Rastafarian I decided to take the plunge and buy some of this as previous shaving attempts had only been mildly successful and I nearly put my back out trying to reach…the more difficult bits. Being a bit of a romantic I thought I would do the deed on the missus’s birthday as a bit if a treat.

I ordered it well in advance and working in the North Sea I considered myself a bit above some of the characters writing the previous reviews and wrote them off as soft office types…Oh my fellow sufferers how wrong I was. I waited until the other half was tucked up in bed and after giving some vague hints about a special surprise I went down to the bathroom. Initially all went well and I applied the gel and stood waiting for something to happen. I didn’t have long to wait.At first there was a gentle warmth which in a matter of seconds was replaced by an intense burning and a feeling I can only describe as like being given a barbed wire wedgie by two people intent on hitting the ceiling with my head. Religion hadn’t featured much in my life until that night but I suddenly became willing to convert to any religion to stop the violent burning around the turd tunnel and what seemed like the the destruction of the meat and two veg. Struggling not to bite through my bottom lip I tried to wash the gel off in the sink and only succeeded in blocking the plughole with a mat of hair. Through the haze of tears I struggled out of the bathroom across the hall into the kitchen, by this time walking was not really possible and I crawled the final yard to the fridge in the hope of some form of cold relief. I yanked the freezer drawer out and found a tub of ice cream, toe the lid off and positioned it under me. The relief was fantastic but only temporary as it melted fairly quickly and the fiery stabbing returned. Due to the shape of the ice cream tub I hadn’t managed to give the starfish any treatment and I groped around in the draw for something else as I was sure my vision was going to fail fairly soon. I grabbed a bag of what I later found out was frozen sprouts and tore it open trying to be quiet as I did so. I took a handful of them and an tried in vain to clench some between the cheeks of my arse. This was not doing the trick as some of the gel had found its way up the chutney channel and it felt like the space shuttle was running its engines behind me.

This was probably and hopefully the only time in my life I was going to wish there was a gay snowman in the kitchen which should give you some idea of the depths I was willing to sink to in order to ease the pain. The only solution my pain crazed mind could come up with was to gently ease one of the sprouts where no veg had gone before.

Unfortunately, alerted by the strange grunts coming from the kitchen the other half chose that moment to come and investigate and was greeted by the sight of me, arse in the air, strawberry ice cream dripping from my bell end pushing a sprout up my arse while muttering “ooooohhh that feels good” Understandably this was a shock to her and she let out a scream and as I hadn’t heard her come in it caused an involuntary spasm of shock in myself which resulted in the sprout being ejected at quite some speed in her direction. I can understand that having a sprout fired against your leg at 11 at night in the kitchen probably wasn’t the special surprise she was expecting and having to explain to the kids the next day what the strange hollow in the ice cream was didn’t improve my status…so to sum it up, VEET removes hair, dignity and self-respect.

On a more personal note, I hate sprouts and therefore do not have any in the freezer, that is the extent of the differences in my experience of the same! 😉

 

Thank you Kevin Agius for finding this!

Posted on

The after nearly a year, the outcome…

Pulizija

Well after nearly a year of back and forth to the courts, the Maltese have not dropped the case instead they have put it on indefinite hold. Turns out that they have a choice, if a person leaves the country to avoid prosecution the courts can either drop the case or leave it on ‘indefinite open’, and they choose either based on a number of issues.. Whether the person was initially served and turned up, and whether there are witnesses or not.

Katie Crothers turned up at court on a number of occasions after making herself a pest with the police, then left the country hoping the case would be dropped. She also got reprimanded by the judge for wasting police time and trying to use them to harass me, after succeeding in using my former employer to harass and discriminate against me. Neither the judge nor the Maltese police were impressed by her proxy harassment (first using my former employer, then the police themselves) so the judge returned the favour and declared that the case should be left open indefinitely. Therefore should she return to Europe (anywhere in Europe) at any time in the future she will be arrested and brought to Malta to stand trial, not only for the stalking and harassment issue, but also for ‘Contempt of Court’.

Readers should note for the future, had she actually turned up at court it would have probably resulted in a EUR50-EUR400 fine with an order never to contact myself. Instead, by running from it, now she has screwed her future in any bank or government agency as she has an indefinite arrest warrant pending across Europe for the more serious crime of Contempt of Court which could result in a jail sentence if she ever returns to Europe. Of course anyone with experience with the legal system will also know that should she turn herself in, that charge will be dropped, though the other cases will not.

Posted on

A few questions answered…

Ok some questions and answers that keep popping up in the blog…

Question: Can Internet Dongles be traced?
Answer: Yes, very easily if you have the equipment and know how. However there are some caveats. If you have an ex with a dongle that you want to trace, no you can’t. However, if the ex has stolen your dongle (or you’re one of the idiots that think they can steal a dongle and get away with it) .. Yes you can. There are 2 serial numbers embedded in the dongle (known as EMSIs) one is programmable, the other is ‘hard coded’ (ie it cannot be changed) If you know the programmable one and not the hardware code, you have to hope the thief has not had it reprogrammed. On the other hand if you have the hard coded one you can trace it. I won’t discuss the details here (or in private questions) as you have to sign paperwork to get that information in most countries, but the one thing I can tell you is, knowing both makes things a hundred times easier.

Question: Can you trace someone using a particular Internet dongle?
Answer: Yes

Question: Can you trace someone via your blog?
Answer: Yes if they keep connecting to it… Depending on your knowledge and control it might take some coding. However, if the person is stupid or careless, they will leave finger prints all over your blog… for example, someone who spends a lot of time in Florida (USA) is going to get a nasty surprise this year of 2012 if they don’t stop “checking up” as they are going to find themselves in court this year on similar charges of gender discrimination as my ex is. (Final warning: you know who you are, I might not be able to take you to court, but the European court will take the matter up themselves and I will just supply the evidence!)

Question: Can you see what people are searching for when they find your blog?
Answer: It’s simple, just check the ‘referrer’ header it will present the last page visited for example:

98.203.109.165 TwDoP0W3HEMAAAOTCbcAAAAB – – [01/Jan/2012:18:11:59 -0500] “GET / HTTP/1.1” 200 75800 “http://www.bing.com/search?q=michelle+sullivan+malta+blog&form=MSNH14&qs=n&sk=&sc=1-28&x=107&y=13” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)”

The ‘q=michelle+sullivan+malta+blog’ shows the person searched for “michelle sullivan malta blog” whilst using ‘Bing’ as the search engine as a matter of interest from Hollywood, Florida, using Windows 7 x64. (Similar things can be seen with Google, and image searches just the line format changes – Webalizer will decode most of them for you if you have trouble working it out.)

Question: If people have linked to your page, can you see where the original link was?
Answer: Yes, and the same thing works for spotting when someone uses some image on your site on their page, or even Facebook links. Again the ‘referrer’ header is the key field, for example a link from Facebook:

46.11.109.216 TwBOhEW3HEAAAArMSsQAAAAB – – [01/Jan/2012:07:16:04 -0500] “GET / HTTP/1.1” 200 75800 “http://www.facebook.com/l.php?u=http%3A%2F%2Fwww.michellesullivan.org%2F&h=2AQElPj30AQHe6mHhKUmRDmzJE9YdYqc8FksLg6ql4Zxynw” “Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7”

and an image used elsewhere linking back to the site (in this case my MySpace page):

70.127.86.50 TwEF00W3HEMAAAOTCt0AAAAB – – [01/Jan/2012:20:18:11 -0500] “GET /GalleryData/2009/July/12/thumbnails/DSC_4258.jpg HTTP/1.1” 200 4431 “http://www.myspace.com/michelle_i_sullivan” “Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)”

 

Question: I see you have had trouble with a stalker, I think I have a stalker as well, can I use the information to prosecute?
Answer: Yes, but you will need help, if you needed to ask this question you are not someone like myself that has given ‘expert evidence’ in court on multiple occasions so therefore you will need someone to help you gather the evidence. Important: Get advice from the local authorities on the matter as soon as possible if you need to, or think you might, go to court. The first thing you will need to do is turn on forensic logging, this is not as simple as using Apache’s “log_forensic” function, but it is a start. You will also need to dump packet headers from the offenders at a network level and record those packets in a format that is considered ‘untamperable’ (ie once recorded it cannot be altered.) You will also need to be able to follow basic tracing (as described in other articles) as you probably don’t want to record everything that hits your website. Lastly you will need to obtain, or have someone obtain court orders on your behalf, to gain access to the remote connections providers access logs so that you can tie the evidence collected to the offender. Be prepared, such issues are long and involved, and in countries such as Malta, unless you know who to call you rarely get to speak to anyone that actually knows what you’re talking about. You should also note that unless there is a serious crime committed (such as “Criminal Libel”, “Racial Discrimination”, “Gender Discrimination” or “Child Pornography”) you will not get any help from most police forces of the world.

Question: Will you help me trace my stalker?
Answer: I just did by posting this, however if you want someone to be your detective, sorry I don’t do that for others, as I don’t really have the time to waste on it myself, get your self in touch with the Police and if they can’t/won’t help, hire a private investigator to help. Tip: I have used a private investigator myself over the last year to help me as they double checked my ‘evidence’ for forensic ‘soundness’ and at times I just didn’t have the time to do all the work myself. Tracing people is not simple or quick when it comes to getting all the evidence needed for a court case. It’s quick and simple if you just want to ‘know’ without having to ‘prove’ it (also in some cases like mine when the tracing goes international, you either have to visit or get help from someone local – particularly when tracing devices such as dongles to a 50m radius.)

Question: My stalker is using proxies (including the “I’m hiding behind 7 proxies” bulls**t) can they be traced or can I stop them?
Answer: Not as simple as a yes or not because it depends on each proxy and the intent of the person who set each up. Most proxies are accidentally setup ‘open’ and therefore there is no malicious intent, if this is the case it doesn’t matter if there are 100 proxies between the stalker and you, it’s simply a matter of looking for the ‘X-Sent-Via:’ and/or ‘X-Forwarded-For:’ headers in your forensic logs (the latter header is pretty much standardised) if found you will find that all of the IP addresses (including the originators) are presented to you in a nice simple comma separated list.

 

Posted on

Tracing emails and people via them…

So this is a follow up (as promised) to my previous article on tracing people.  This one takes the different and more requested view of tracing emails and reading headers.

First we will take an example email from one of my inboxes…

Return-path: <katie@sorbs.net>
Received: from [192.168.1.100] (c121-71.i07-31.onvol.net [92.251.121.71])
	by nemesis.sorbs.net
	(iPlanet Messaging Server 5.2 HotFix 2.05 (built Mar  3 2005))
	with ESMTPSA id <0LH100J02CFQR7@nemesis.sorbs.net> for matthew@sorbs.net; Wed,
	23 Feb 2011 06:19:07 +1000 (EST)
Date: Tue, 22 Feb 2011 21:20:05 +0100
From: Katie Crothers <katie@sorbs.net>
To: matthew@sorbs.net
Message-id: <4D641A75.30405@sorbs.net>
MIME-version: 1.0
Content-type: text/plain; format=flowed; charset=ISO-8859-1
Content-transfer-encoding: 7bit
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.13)
	Gecko/20101207 Thunderbird/3.1.7
Original-recipient: rfc822;matthew@sorbs.net

Loved your blog, Matthew.

I wouldn't expect anything less from someone with Multiple Personality
Disorder.

Cheers for the laugh.

So as we can see a fairly abusive email (the sender knows I am no longer called ‘Matthew’, and knew that at the time of sending the email, they also knew that the address is one I keep for legacy only and rarely read it), one that needs tracing to the source. This one is fairly simple as unlike spam it doesn’t contain fake headers… Ok first a few things starting with the most important rule..

  1. You can only trust the headers generated by your server (your means your ISPs server or one you own.)
  2. Received headers in all modern servers are read from the top down (ie latest goes at the top)

So the headers:

Received: from [192.168.1.100] (c121-71.i07-31.onvol.net [92.251.121.71])
	by nemesis.sorbs.net
	(iPlanet Messaging Server 5.2 HotFix 2.05 (built Mar  3 2005))
	with ESMTPSA id <0LH100J02CFQR7@nemesis.sorbs.net> for matthew@sorbs.net; Wed,
	23 Feb 2011 06:19:07 +1000 (EST)

So in this case we have one header, so for this example, it’s simple.. it was sent directly to my server either by a registered user, or by some trying to send unauthorised emails. In this case I know that Katie Crothers was a registered user (as I am the server administrator) but lets analyse the line a bit more and see what we can gleen in information.

The first part of the line [192.168.1.100] is the command used by the client when connecting to the server and issuing the identifying command HELO in this case it is the correctly formatted IP address of the local host on the local network.  The second part (c121-71.i07-31.onvol.net [92.251.121.71]) is the server checked and logged connection. The IP address 92.251.121.71 is the host that actually connected to the server (in this case a home network/DSL/Cable router) the name c121-71.i07-31.onvol.net is the verified hostname of the connection (as provided by the ISP). Using geo-location services we know the host is a connected Melita Cable modem not far from the Naxxar Police station in Naxxar, Malta.

The second part of the line: by nemesis.sorbs.net (iPlanet Messaging Server 5.2 HotFix 2.05 (built Mar 3 2005)) just identifies the local mail server type and version and is more for debugging purposes than anything.

The third part of the line: ESMTPSA id <0LH100J02CFQR7@nemesis.sorbs.net&gt tells us the connection identifying command was EHLO rather than HELO this is not really useful for our purposes, however <0LH100J02CFQR7@nemesis.sorbs.net&gt is the message ID in the server which is a lot more useful in that it will make finding the log line in the logfiles a lot easier to find.

The forth part of the line: for matthew@sorbs.net tells us the destination email address as the server saw it. This cannot be faked, unlike the one in the To: line further in the headers as it tells the server how and where to deliver the email, where the To: line is for informational purposes with reference to the email reader only.

The rest of the headers are irrelevant for the purposes of this article and should be self explanatory with the exception of the line Original-recipient: rfc822;matthew@sorbs.net which is a copy of the destination email address used to tell the server how to route the email.

Ok on to something a little more realistic for tracing spam:

Return-path: <alison@isux.com>
Received: from catapilla.sorbs.net (catapilla.sorbs.net [113.52.8.151])
	by nemesis.sorbs.net (iPlanet Messaging Server 5.2 HotFix 2.05 (built Mar  3 2005))
	with ESMTP id <0LHA00840VAD00@nemesis.sorbs.net> for michelle@shellsshots.com;
	Mon, 28 Feb 2011 09:44:37 +1000 (EST)
Received: from vampire.isux.com (c190-211.i02-8.onvol.net [213.165.190.211])
	by catapilla.sorbs.net (Postfix) with ESMTP id 5F8B42E0D5 for
	<michelle@shellsshots.com>; Mon, 28 Feb 2011 10:44:35 +1100 (EST)
Received: by vampire.isux.com (Postfix) id E7FF3C23A; Mon,
	28 Feb 2011 10:48:53 +1100 (EST)
Received: from 189-68-86-125.dsl.telesp.net.br (189-68-86-125.dsl.telesp.net.br [189.68.86.125])
	by vampire.isux.com (Postfix) with SMTP id B58F5B901 for <alison@isux.com>;
Mon, 28 Feb 2011 10:48:50 +1100 (EST)
Date: Mon, 28 Feb 2011 10:48:50 +1100 (EST)
From: alison@isux.com
Subject: RE: Your invoice from VIAGRA - #5187
To: alison@isux.com
Message-id: <20110227234852.B58F5B901@vampire.isux.com>
MIME-version: 1.0
Content-type: text/html; charset=ISO-8859-1
Content-transfer-encoding: 7bit
Delivered-to: alison@isux.com
Original-recipient: rfc822;alison@isux.com

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <
html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="application/xhtml+xml; charset=UTF-8"/>
</head>
<body>
<table border="0" cellpadding="0" cellspacing="0" style="width: 896px">
<tr><td align="center" style="font: normal 11px Verdana, sans-serif; color: #333;">
<a href="http://usadoctorpills6.ru" style="text-decoration: none; color: #0099ff;"
>Click here!</td></tr>

<tr><td align="center">
<br/>
<a href="http://usadoctorpills6.ru"><img src="http://usadoctorpills6.ru/1.jpg" 
style="border-width: 0px"/></a></td></tr>
</table>
</body>
</html>

In this case we have more received headers:

Received: from catapilla.sorbs.net (catapilla.sorbs.net [113.52.8.151])
	by nemesis.sorbs.net (iPlanet Messaging Server 5.2 HotFix 2.05 (built Mar  3 2005))
	with ESMTP id <0LHA00840VAD00@nemesis.sorbs.net> for michelle@shellsshots.com;
	Mon, 28 Feb 2011 09:44:37 +1000 (EST)
Received: from vampire.isux.com (c190-211.i02-8.onvol.net [213.165.190.211])
	by catapilla.sorbs.net (Postfix) with ESMTP id 5F8B42E0D5 for
	<michelle@shellsshots.com>; Mon, 28 Feb 2011 10:44:35 +1100 (EST)
Received: by vampire.isux.com (Postfix) id E7FF3C23A; Mon,
	28 Feb 2011 10:48:53 +1100 (EST)
Received: from 189-68-86-125.dsl.telesp.net.br (189-68-86-125.dsl.telesp.net.br [189.68.86.125])
	by vampire.isux.com (Postfix) with SMTP id B58F5B901 for <alison@isux.com>;

In this case the headers are read from the top down, now I own/manage the hosts nemesis.sorbs.netcatapilla.sorbs.net and vampire.isux.com so reading the ‘by’ part of each received line we know we can trust all these headers.  We also know that the headers are ordered as ‘latest first’ from top down, which means the last server that I own in the headers added the last header:

Received: from 189-68-86-125.dsl.telesp.net.br (189-68-86-125.dsl.telesp.net.br [189.68.86.125])
	by vampire.isux.com (Postfix) with SMTP id B58F5B901 for <alison@isux.com>;

The delivering host was 189.68.86.125 which identified itself as the same as it’s official hostname 189-68-86-125.dsl.telesp.net.br (a Brazilian host) again using Geo-location services such as http://www.maxmind.com/ we know the host is located in Sertãozinho, Sao Paulo, Brazil.

I will be posting a follow up article to this at a later date with more technical information.  Feel free to subscribe to the RSS feed to get the updates.