- Marshall B. Rosenberg

A single interaction can make or break a person’s day. Whether it be helping someone pick up their fallen groceries or accidentally bumping into them without apologizing, our decisions as humans affect those around us. I experienced one of these cause and effect moments only hours ago, leaving me in…well, whatever emotional state causing me to write this very atypical blog post.

Making a homeless person cry tears of joy was not on my agenda.

Uh…Trixie…this doesn’t seem to be complaining about technology…

CONTENT WARNING: I’m letting my story writing style bleed into the blog. I apologize ahead of time.

Shhhhhhhh

Growing up, I had the combination of pleasure and curse of raising myself for a substantial portion of my childhood and teenage years. Of the many self-imposed rules developed by my own life experiences, three are in scope:

• It’s okay to talk about professional and personal projects and accomplishments, as long as one remains humble.
• Treat people how you wish to be treated.
• Don’t discuss charitable actions or community service.

I have difficulty discussing my own accomplishments on any given day, but I vehemently believe that charitable actions should not be discussed or gloated. Yes, I contribute in community service activities on a regular basis. However, I personally feel that kindness should simply be a part of daily human life. Give when you can, do what you can, be a warm light for someone. We don’t typically discuss that we brushed our teeth in the morning, held the door for someone, or went to the gas station, do we?

In most of my personal social circles - which can sometimes be echo chambers in and of themselves - kindness seems to be more commonplace. Sure, the news has constant negativity and sensationalism about the state of the world, but our daily interactions are far more real than any talking head…unless we’re talking the Talking Heads, which means we’d be heads talking about the Talking Heads talking from their heads. Every so often, we run into someone that snaps us back into reality, which is why today I sat silently in my truck for a solid fifteen minutes thinking.

A Cup of Joe

It’s been almost four months since I lost my job. In the over twenty years that I’ve been working in tech, this is the longest I’ve been without employment. Despite an already frugal lifestyle regardless of paycheck regularity, I’ve spent these months working on backlog projects or activities that cost me nothing but my time. However, there’s only so much time one can spend out of their regular cadence and I decided to venture to my local coffee shop.

I walked in just like any other day, greeted by a smiling barista. She was wearing a white and red beanie cap with a knitted candy cane struggling to remain upright. “Oh, hey [Trixie]! How are you?” I stumbled for an answer in a state of internal conflict between pure honesty and the social contract of American norms. Opting for the mid-west approach, I replied with a laconic “oh, can’t complain. How about you? Did you get your bike fixed yet?” You could slice the playful sarcasm with a knife as she responded “of course, just like I won the lottery last night. What can I get you?” I stared blankly at the menu board as if it was going to magically provide a dissertation on the meaning of life. “Uh…I guess surprise me. Any recommendations?” She looked up at her own hat. “How about a candy cane cold brew? It has your favorite in it: peppermint.” I nodded and threw airwaves at the contactless credit card reader.

As I walked out of the coffee shop, mother nature reminded me of my latitudinal living choice by converting my nasal cavities into ice caves. The creaking of my truck door was quickly overshadowed by the thunderous sound of collapsing rust, reminding me of the mentally debilitating backlog of automotive repairs I still need to make. Just before engulfing my nose into the micro-foam of my beverage, there was a timid knock on my window. I turned my head to see a man of medium height with a silver beard. His skin showed years of hardship and his dark eyes immediately told a story of pain and fear, throwing me off-kilter. I forgot I had not yet turned the key to the accessory position so that I could open the driver window that so desperately needed a cleaning. His interpretation of the delay was telling, as immediately put his hands up as though I was using telekinetic powers to arrest him for the crime of existing.

We’ll call this gentleman Joe.

Joe quickly stammered, almost incoherently. “Hey I didn’t mean to scare you sorry I hope you’re not scared I’m not going to hurt you.” Attempting to catch up to myself, I went to open the window with the click of the switch once again reminding me to rotate the ignition key. “Can you hear me?” Joe asked, as he pointed to his ear. “Sorry, yes I can hear you. One second.” The window lowered at an almost comically slow speed, reminding me of that electrical relay replacement that continues to fall victim to my chronic procrastination. “Okay, sorry about that. I forgot to turn the truck on when I got in.” Before I could get another word in, Joe immediately began rambling at a speed my brain could not follow. He clearly had medical issues, with his dental structure acting as a barrier to communication. I was able to catch a few pieces: “I’m a veteran,” “no place to stay,” and “need help” scattered among what I comprehended to be a sales pitch to stop me from dismissing him. Despite his verbal struggle, the subtext was crystal clear; this man has been damaged from systemic racism and societal prejudice against minorities and the homeless. My brain decided not to wait for the conversational handshake to complete. I interrupted him in a soft, yet assertive voice: “you don’t need to justify being a human being to me.” He froze in place for a few moments, though both parties seemed to experience a virtual eternity of awkward pause.

That’s when Joe started crying.

The Disconnect

I’ve spent many days at soup kitchens and food drives. While each visit is fulfilling, some days are better than others. Experiences and wisdom are shared, hearing the stories of previous lives echo on through weathered voices. It is well understood that those who are struggling are the focal point in a safe space specifically for them. Though some struggle with the fallacy that they would be admitting defeat in a battle of pride, most enjoy the warmth of humanity within the walls.

The streets are entirely different. The spectrum of incentives and actions mixed with stereotypes and fears - both rational and irrational - create a social disconnect and breakdown of trust between those that have and those that need. I’ve experienced different types people, whether they are looking to fuel the deadly spiral of addiction as a coping mechanism, intending to deceive others for monetary gains, struggling with varying levels of mental illness, and simply looking for help. There is indeed a non-zero chance of safety being compromised when engaging with someone unknown, but it is also far from a certainty. One bad experience can easily overshadow an eternity of good experiences, as humans are infamous for falling victim to the negativity bias. There’s also the issue of socioeconomics and classism, though that’s an entirely different discussion.

The Checklist

“Are…you okay?” I asked with hesitation. Joe looked at me, wiped his eyes, and in a perceived higher octave replied “man…thank you…thank you for that. You…you’re beautiful for that.” He then extended his fist towards me in the universal bump fashion, as if to test the waters of trust that a handshake was not yet ready to swim in. Before I could get a word in, Joe relaxed a bit and said “please…I…I just need some help. I gotta get across the river i got a place to stay but it’s so cold out.” He began rambling again and I struggled to track his words. “Hold on, let’s start from the beginning, okay? My name is [Trixie]. What is yours?” He nodded and said “I’m [Joe]” in a relieved tone. “Are you safe right now?” being the most critical question on my mind. The growing shock in his eyes and my level concern were conjoined twins of parity. “Yeah no I’m okay I’m safe, I gotta friend that lives in the big apartment building” as he pointed across the highway. “Okay, so you have a friend you can trust and you have a warm place to stay at night?” He nodded yes. “Do you have your essentials? Toiletries?” He once again nodded, “Yes mam, I have a bag at my friend’s place.”

The winters here can be deadly even during a normal year. The underfunded shelters fill up quickly, unfortunately resulting in some having to brave the outdoors and search for resources such as steam vents. It’s always heartbreaking when the 10 code comes across the scanner when someone is found in the morning curled up in a retail doorway. “You said you’re trying to get to [town across the river] for a place to stay. We’re going into the deep freeze season. Do you have a way across the river? I don’t want you trying to walk the bridges. Even if you somehow don’t get hit by a car, you’ll freeze from the wind chill.” His face mirrored the concern, almost as if he’d tried it before. The winds here can hit gusts between fifty and sixty miles per hour during some storms. When mixed with sub-zero frigid temperatures heights of over one hundred feet above the water, it’s a disaster waiting to happen. “No I’m okay I have a ride I found later today he’s gonna take me to the shelter when I can get my bag from my friend. It’s in his apartment but he’s at work and I can’t get it yet.” I kept running through the checklist, concerned I would miss something critical.

Joe began to explain certain details about current events in his life, which were unfortunately not all that uncommon. He was kicked out of one of the shelters as a result of being the victim of a beating, and claimed he lost a number of teeth from said beating. My eyes followed his gums as he spoke. The mixture of open and closed wounds confirmed his claims. “Wait, you have open wounds in your mouth. Did you go to the clinic?” He pointed to his pocket. “Yeah they gave me the antibiotics and said if it starts to hurt I gotta go back. The dentist over in [area of the city] said he’s gonna help me fix it up but he needs to get some papers done to pay for it.” Infections from tooth issues can be deadly once they spread to the brain. “Okay, good. It’s not fool-proof, but make sure you keep washing out your mouth with disinfecting mouthwash. That will hopefully mitigate the chance of infection until the dentist can help.”

I try to follow the old mantra of trust, but verify. Despite heavy experience in social engineering, nobody is completely immune to scams. Stolen valor is a common tactic, so I decided to dig a little in a polite way. “You said you were a veteran. Have you tried going to the VA? They might be able to help faster.” He responded without missing a beat, “Yeah the [shelter] was helping me get my papers because I don’t have them but i gotta figure it out.” I remained skeptical, while continuing to remind myself not to come off as cynical. “That’s good, hopefully they help you get that sorted soon. What branch were you in?” “Army” he replied. Now comes the question that typically trips up the scam. “Gotcha, okay. What was your MOS by the way?” His face almost brightened like a child explaining how their toy works. “Yeah I was a 63E!” In the split second between sentences, my brain immediately thought 63E? Isn’t…that a dentist?. Joe continued on, “I worked on the M48 tanks!” He went on to enthusiastically describe the M48 like a modern marvel. “That’s pretty cool. I used to be obsessed with tanks as a child.” He smiled, almost with a sense of pride.

The gears in my head began to turn. The outdated MOS code, the M48 tanks, and his visible age revealed that Joe was likely a Vietnam War era veteran. I don’t particularly enjoy concerning myself with prying into veteran experiences - unless they decide to share on their own - and that goes doubly so for the Vietnam War. A core memory came to mind of the father of my childhood babysitter and a family friend, who we’ll refer to as David. My memories of David are difficult to recall in full clarity, as decades passed will certainly influence, but I do remember him treating me well. He was quiet, though so was my father at times. The clearest memory I retained about David was never to ask him about his military service for any reason whatsoever, and so unlike most directives to a young child, I fully complied with this parental order. Later in life as a teenager, I learned that David served in the US army during the Vietnam War. My teenage self conveniently forgot the rule to never ask about David’s military service, though not so much as to ask him directly. I learned that David was present at the My Lai massacre; a horrific war crime in 1968 (I won’t get into details here). Returning to present times, I let Joe finish the thoughts he wished to share and subsequently dropped the military discussion.

Different, but the Same

Was I fully certain that Joe was authentic? Well, no. A single ten minute conversation cannot fully reveal someone’s true nature. I do tend to vaguely trust my slicing ability and his body language was difficult to deny, leaving me no reason to distrust him.

“It sounds like you have a plan to get things moving. How can I help you right now, [Joe]?” I didn’t expect his response. “…I just really need a hot cup of coffee or hot chocolate and a little food to get me through tonight.” Usually the request is for cash, typically as bus fare or generic food. I think back to a memorable night over twenty years ago, when a group of us drove to Philadelphia to get cheese steaks at Jim’s on South Street. While personally I preferred Delassandro’s and will continue to die on that hill, I did enjoy a typical night on South Street. One of us - no, not I - seemed to have eyes bigger than their respective stomach and purchased two cheese steaks. As we left, the group was approached by a homeless man who seemed slightly intoxicated. This was a lesson for many of us, though the lesson learned was not as unified as may be desired. The man asked for money for food from the person in the group least equipped to handle the situation. He grew up in an upper-middle class household with a - we’ll say - more scoped view of the world. His reaction was less than stellar and borderline offensive, resulting in the homeless man becoming somewhat irate. However, mister “I need two cheese steaks” stepped in and offered the man his second steak in an empathetic manner. The man begrudgingly accepted the gift, but smiled and departed. While the group moved forward, I quietly looked back to witness the man throw the cheese steak on the ground and walk away.

“I don’t usually carry cash in my wallet” I said in disappointment, departing from the usual genesis of that excuse when I know the ask isn’t authentic. Before I could say anything else, Joe cut in and pointed across the street. “It’s okay, I can’t go in the coffee shop but the [convenience store] has coffee and hot dogs and I don’t want to hold you up if you’re busy but if you’re not maybe we can go in I’m just really hungry man.” Before addressing his request, I had to satisfy a sudden tangential concern. “Wait…what do you mean you can’t go in the coffee shop?” Joe looked somewhat defeated. “They won’t let me in.” I had to suppress my sudden frustration, but something I’ll bring up with them later. I then remembered my little emergency fund that I keep in the truck in case I ever lost my wallet and needed fuel to get home. “Actually hold on, let me check something.” Sure enough, there was Andrew Jackson ironically staring back at me in all his creased disgrace. “Looks like I had some cash hiding away. That should get you through tonight.” It took a moment for Joe to accept the paper note. He smiled, held it up in front with a subtle nod of the head, and put it in jacket pocket. “Thank you for this.” I felt guilty that it was all I could spare at the moment and replied “it’s not much. I’m sorry.” He looked straight at me. “Nah man thank you for treating me like a person…I needed it and bless you.” We exchanged a few more thoughts and then Joe went on his way towards the convenience store. His gait and stature exuded confidence and joy as he traversed the snowy sidewalk.

I sat for a while, thinking about nothing and everything concurrently. Today I arrived feeling happy to get a coffee, and Joe arrived feeling nervous and unwanted. Two people with different backgrounds, different ages, and different life situations came together for a simple conversation. Joe left with confidence and a glimmer of hope, and I left with much to think about in terms of my own direction in life. Every difference shaped who we are, but at the end of the day, we’re just two people. Different, but the same.

Kindness

I won’t sugarcoat it: the world is a scary place right now. We’re surrounded by negative news, manipulative social media algorithms, and in some cases unfettered hate. It may seem like we’re on a one-way train full steam ahead, but it’s critical to remember that we’re not. The train can be reversed or rerouted, but you can’t stop a train without slowing it down first. Community is the key, and community is built on remembering that we are all people and we are all in this together.

Life is short. Spend it making positive memories for yourself and others. I suppose that maybe, occasionally, it is good to discuss good deeds. Anyway, back to your regularly scheduled programming of me being a sarcastic idiot.

~ Trixie

So I receive a message from Fastmail support. It looks like my payments aren’t working and I might lose service! Panic ensues! I must resolve this immediately and disregard all reason!

Wait…my renewal isn’t until February…and my credit card hasn’t changed. What could possibly be wrong? What’s wrong is the fact that this message even made it to my inbox shakes fist at email. This, my fellow humans, is a phishing attempt to steal my credentials and payment information.

“Yeah yeah Trixie, we all know how this works already” says the seasoned and grizzled blue teamers. Well, this post isn’t for them. It’s for those who are tired of being scammed but aren’t quite sure how to tell. I’m going to walk through how to use common free tools avialable to anyone, investigate as much as possible, and actions that can be taken.

The Message

So let’s break this down. The attacker is appealing to my emotions. The message is stating that I may end up with a service interruption, which clearly I’m not going to like and may even slightly worry about. The goal is to get me to open the attachment - which claims to be some sort of “payment” thingy. Could be a bill, could be a credit card charge failure, could be a cheese pizza. I’m okay with that last one.

Message Headers

The first thing I notice are the email headers, which are what get displayed to me as who it’s “from” and who it’s to.

Apparently the “support team” is haloes@fastmail[.]com…whatever that is.

Points of interest:

• The green check mark - which is specific to Fastmail - is missing.
• The “From” address for Fastmail Support is support@fastmail[.]com, not Halo’s Master Chief.
• The “To” address is incorrect. The phishing message had my old primary email address from before I changed it, which Fastmail would never send anything to at this point.

Cool, so just check the From header an I’m all good right? Nope. That header can be set to anything and it would be allowed. The attacker technically could have used support@fastmail[.]com, but it may have been caught by spam filters.

Message Body

How thoughtful of them to make things convenient. Give me convenience or give me death. Couldn’t they just as easily have shown me how to access payment information in the email message itself? Why a PDF file?

Break it Down

No, I’m not pulling the cardboard out and jamming to Planet Patrol…actually, that sounds like a good idea. Instead, I’m going to dig into the guts of the message content and look for specific information.

Raw Message

What you typically see in an email message is a formatted HTML document so that it is easy to read and looks clean. That also means there’s a whole bunch of stuff you can’t see by default, like trackers and hyperlinks that lie about who they are. There’s a nice messy way to see all of that, and it’s called the message source or raw message.

Welcome to a wall of text. Most of it will be useless to you. However, there is a little tool to make it easier to read. I’ll copy the entire message contents and paste it in the header analyzer for a pretty output. Do not do this with sensitive information.

Mail Routing

Email messages have to traverse multiple computers systems as they make there way from start to finish.

We can see here that this message never left Fastmail’s servers as these are all internal IP addresses, which means the sending account is a Fastmail account.

Return Path

The return path address is what a reply message will populate in the “To” header.

Here we can see that it is indeed a Fastmail address, which lines up with the mail routing. However, we can’t be sure that’s the account’s primary email address.

Email Message Authentication

SPF is a way that organizations can claim which email servers are allowed to send with their domain. Unfortunately, since this is all internal to Fastmail, this automatically passes. The same goes for DKIM (confirms message integrity) and DMARC (confirms the sender domain is legitimate).

The Attachment

I am going to say with utmost importance: DO NOT OPEN ANY ATTACHMENTS FOR ANY REASON…EVER. If you open it, then you might infect your computer which is as fun as watching an ant farm devour your house.

I’m going to very carefully save the attachment without opening it and then upload it to Hybrid Analysis, which is a website that will test links and files that you provide. Keep in mind, anything that you upload is public. After the analysis is complete, I receive a summary report of what they found.

As we can see, opening the PDF reveals a clicky button to go “update payment” on my Fastmail account. Can I update it to free? That would be cool.

There’s more!

Ruh-roh Raggy, a spearphishing link! While a phising link is a malicious website sent out to a large audience, a spearphishing link is crafted for and sent to a specific group of people or a single person. In this case, the target group is Fastmail users.

The Phishing Website

The report also contains the website links from the PDF file. So using Hybrid Analysis once again, we can now submit that link for analysis.

The analysis confirms that the site is malicious, but why? Well, a few reasons:

That sure does look like the Fastmail login page (from last year) doesn’t it? If you look at the address bar, it doesn’t say fastmail[.]com. It says “I’m a loser attacker who wants to harm innocent people with my fake website.”

So What Do?

Well, the easiest thing is to simply delete it and go on about your day. However, if you’d like to contribute, here’s what you can do.

Let Your Provider Know

• Report the message as phishing using the provider’s mechanism.
• Send an email to the provider’s support letting them know the email address it came from and that it was reported. They may reach out with more questions or they may say nothing.

Report the Domain

Some domain registrars - which are the companies that provide website addresses - have a reporting feature for abuse. ICANN has a website where you can look up the abuse contact information.

Here I can see that Tencent is the registrar, so I sent them an email with enough information to hopefully get them to investigate.

That’s all she wrote. If you followed along to the end, then congratulations. You’ve just done your first security investigation. Go have a slice of pizza.

The Thief series is still to this day one of my favorite game series. The immersive world and fantastic story are not commonly matched in today’s gaming. Given that I now have a bunch of free time, I find myself returning to my childhood…because that’s what you do when reality stinks. If you have not yet enjoyed any of the below games, please do. Play at night with the lights off and a good set of headphones.

• Thief: The Dark Project
• Thief II: The Metal Age
• Thief: Deadly Shadows

Yes, Thief 4 was good, but out of scope.

Install a Thingy

“…but Trixie, you don’t use Windows! You can’t possibly play a video game!”

Nonsense, poopy pants. With the introduction of Proton, Linux gaming has come a long way for the average gamer who doesn’t argue over which text editor is best. However, sometimes a little manual work is still necessary to get a game going…especially a game from the 90’s designed to run on Windows 98. Here’s a little how-to so you can save yourself the headache.

Gamer setup:

• Pop_OS! 22.04.
• Steam version of the games.
• GE-Proton-10-15.

You can also use Good Old Games or the CD, but you’ll need to use Wine manually.

Thief: The Dark Project (and Thief Gold)

1. Install the base game.
2. Set the compatibility mode to run with Proton-GE 10-15.
3. Run the game once. It will get angy at you and the cutscenes won’t work. Close the game.
4. Download TFix and add it as a non-Steam game.
5. Set the compatibility mode to run with Proton-GE 10-15.
6. Run and install TFix. When it asks for the Thief installation location, you will need to manually type z:\home\USER\.steam\steam\steamapps\common\thief_gold\ as the installer will not show hidden Linux folders.
7. Remove TFix from Steam.
8. Delete the files ir50_32.dll and ir41_32.dll from the installation directory as they conflict with Wine’s versions.
9. Run Thief.

All cutscenes should work. However, if you’d like to upgrade the models and cutscenes to a higher definition, then there are additional steps.

HD Mod

1. Download the Thief HD Mod.
2. Set the compatibility mode to run with Proton-GE 10-15.
3. Run and install the HD mod. When it asks for the Thief installation location, you will need to manually type z:\home\USER\.steam\steam\steamapps\common\thief_gold\ as the installer will not show hidden Linux folders.
4. Ensure that LArge Address Awareness is enabled when prompted.
5. Remove the HD mod from Steam.
6. Run Thief.

HD Cutscenes

1. Download the ESRGAN SD Cinematics Pack
2. Extract the contents of the 7-zip archive.
3. If you are running Thief Gold, then delete CREDITS.avi so that it does not conflict with the extended credits.
4. Rename all files so that the extension .avi is all upper case .AVI. Windows may be sloppy with file paths, but Linux is not.
5. Replace the original cutscene files with the new ones.