Troll below took a lame pot shot
18 minutes ago(12:38 AM)
I looked at your "calculatiBut really you shouldn't embarrass yourself quite so badly...the document you are "laughing about" is labelled with it's source, so obviously you didn't really look. the source is here for your convenience and embarrassment
http://www.ncbi.nlm.nih.gov/pubmed/22206700
Its from the US National library of Medicine. Hah! What a joker your are. Pretending that the USNLIM was actually my work, and then taking pot shot at it. Well you didn't actual even muster a pot shot, all you did was say you laughed.
My assumptions in my work were fairly simple, I took a rectangular box that encompassed known EPA published data points, took an independent simulation of particulate spread, then made it smaller to be conservative, and then assumed a uniform distribution within the volume. Assumptions were clearly stated, backed up with charts and models, and conservative.
The only way that much uranium was in the EPA filters was a massive launch and aerosolization of core or fuel pool material or both. A little temporary even 3 day fire wouldn't do it.
Contrary to what you said I did not make assumption about dispersion of various isotopes, as I simplifed and made my estimates more conservative by only using the most common isotope U-238.
So again, just another pot shot from you. Is that the best you can do, seriously? If i was paying you to be a troll I would fire you.
You could reduce my estimates by 87% AND the only logical conclusion would still be a launch of 10's of tons of uranium.
Here is my original source material for those interested in the truth.
http://nukepimp.blogspot.com/2012/01/uranium-in-air.html
I have also documented your inability to actual mount an argument as an example in the blog.
found one detection so far.
ReplyDeletepdf's have high probability of being clean, yet cannot say for certain without "real iron" testing.
I did get headhunted by http://automattic.com/work-with-us/ (strange)
https ://archive.org /details /atomicnucleus032805mbp
added spaces to prevent reinfection, if that was one vector.
analysis: https://www.virustotal.com/en/url/e5963b3d2e8f5242d43fb74af049a822d9cf7a6dee9c7e8642c08fdb63337d80/analysis/1416048420/
posted: http://enenews.com/govt-issues-inundation-warning-fukushima-daiichi-years-strongest-storm-approaches-tepco-bracing-overflows-officials-warn-torrential-rains-landslides-ground-loosening-south-plant-danger-tornad/comment-page-3#comment-588156
still efforting ...
We may have a "winner".
ReplyDeleteDo bear in mind that none of this should be considered "actionable" until confirmed.
No sense going off half-Vox'ed. :lol
Oak's lunatic Ridge likely isn't going anywhere.
Here's an update to the last candidate link, which only scored as a "Malicious site" on 2/61 URL Scanners:
http://quttera.com/detailed_report/archive.org
Quote from "Blacklisting status" --> "Quttera Labs - domain is Malicious. more info"
That site is long on blacklists, but damn short on details. (Inconclusive)
-----------------------------------------------------------------------------------------------------------------
web site included to ensure moderation:
https://startpage.com/
-----------------------------------------------------------------------------------------------------------------
Here is another candidate (with spaces for sanity's sake):
ReplyDeletehttp ://www.uefap .com /reading /exercise /ess3 /gamow .htm
posted: http://enenews.com/govt-issues-inundation-warning-fukushima-daiichi-years-strongest-storm-approaches-tepco-bracing-overflows-officials-warn-torrential-rains-landslides-ground-loosening-south-plant-danger-tornad/comment-page-3#comment-588284
Analysis: https://www.virustotal.com/en/url/d2e8d4d5534b9d4ddc16c0599f426eb971bb2af3ea84de6e05da8a68fbf138fc/analysis/1416050535/
That registers 1/61 detection as a "Malware Site".
http://sitecheck.sucuri.net/results/www.uefap.com
Quote: "Website: www.uefap.com
Status: Site Potentially Harmful. Immediate Action is Required.
Web Trust: Blacklisted (10 Blacklists Checked): Indicates that a major security company (such as Google, McAfee, Norton, etc) is blocking access to your website for security reasons. Please see our recommendation below to fix this issue and restore your traffic."
...
"Site Likely Compromised"..."Outdated Web Server Apache Found: Apache/2.2.3"
...
"Domain blacklisted By Yandex (via Sophos): uefap.com - reference"
Reference: http://www.yandex.com/infected?url=uefap.com&l10n=en
Quote: "Yandex has detected malware on this site that may harm your computer or gain access to your personal information."
Interesting that only a Russian site puts up red flags.
Translated Quote: "Yandex periodically checks the page. Last check (less than a week ago) has shown that the site was placed malicious code. This could happen as desired site owners and without their knowledge - as a result of malicious acts. If at the next check code is detected, Yandex stops mark the site in search results as dangerous."
...
"Malware: contains Troj/JSRedir-NG (data provided by Sophos)."
https://nakedsecurity.sophos.com/2009/12/23/gnu-gpl-malware-trojjsredirak/
Title: "GNU GPL malware?: Troj/JSRedir-AK" ... "by SophosLabs on December 23, 2009"
Dud here: Note the differing suffixes.
Quote: "The next few lines of code do the redirection to a webpage in Russia with the following legitimate strings in its URL:
google-com-ar
google.ch
google.com
mininova.org
cams.com
ip138-com
I suspect that this code is part of a larger hack and if you find this code on your website please send us samples of other recently modified files."
Dud here: There might be your Russian web traffic.
see http://en.wikipedia.org/wiki/Gumblar
Quote: "Gumblar is a malicious Javascript trojan horse file that redirects a user's Google searches, and then installs rogue security software. Also known as Troj/JSRedir-R this botnet first appeared in 2009."
...
"Gumblar.X infections were widely seen on systems running older Windows operating systems.[2] Visitors to an infected site will be redirected to an alternative site containing further malware. Initially, this alternative site was gumblar.cn, but it has since switched to a variety of domains. The site sends the visitor an infected PDF that is opened by the visitor's browser or Acrobat Reader. The PDF will then exploit a known vulnerability in Acrobat to gain access to the user's computer. Newer variations of Gumblar redirect users to sites running fake anti-virus software."
Dud here: There is your fake security software via a malicious pdf.
Quote: "See also: Malware, E-mail spam, Internet crime"
Still not a "smoking RPV" on it's own though, imho.
Independant confirmation seems in order, including confirmation of 50.142.165.12 as a source.
ReplyDeleteAm i correct that the malefactory crew need not have known about the malware?
It seems to be done in the course of posting hate, sexual harassment, etc., etc.
Their employer ("Your tax dollars at work?") must love this shit.
Can i eventually look forward to reading all about this on Lucas W. Hixson's blog?
You could prolly use a full report of all ManBearPig's links.
I could use a percentage pay raise at minimum. :P
Cue 'da 'Ahnold, und 'da Donald to 'da tune of 'da Nylons.
"Na na na na, na na na na, hey hey hey, goodbye!" :)
Please reply here --> http://nukeprofessional.blogspot.ca/2014/11/virus-laden-troll-links-at-enenews.html <-- to indicate receipt & need for full list of links for independent analysis.
Aloha
ManBearPig pdf linking history @ enenews.com
ReplyDelete-----------------------------------------------------------------------------------------------
disclosure: direct linked pdf's may be malicious files & possible BIOS attack - BEWARE!!!
(the odds are extremely low, yet cannot be ruled out yet; space added before ://)
VirusTotal notes for most files (quote)
"Probably harmless! There are strong indicators suggesting that this file is safe to use."
Anubis seems potentially more revealing ...
-----------------------------------------------------------------------------------------------
October 11, 2014 at 12:24 am - http://enenews.com/latest-govt-models-show-typhoon-making-direct-hit-fukushima-center-vongfong-expected-be-nuclear-plant-tuesday-maps/comment-page-1#comment-585961
http ://www.safety.vanderbilt.edu/rad/nrc-reg-guide-8.13.pdf
October 15, 2014 at 8:57 pm - http://enenews.com/govt-issues-inundation-warning-fukushima-daiichi-years-strongest-storm-approaches-tepco-bracing-overflows-officials-warn-torrential-rains-landslides-ground-loosening-south-plant-danger-tornad/comment-page-3#comment-588258
http ://www.eurosafe-forum.org/files/pe_382_24_1_seminar2_01_2005.pdf
October 15, 2014 at 10:51 pm - http://enenews.com/govt-issues-inundation-warning-fukushima-daiichi-years-strongest-storm-approaches-tepco-bracing-overflows-officials-warn-torrential-rains-landslides-ground-loosening-south-plant-danger-tornad/comment-page-3#comment-588362
http ://earth.geology.yale.edu/~ajs/1960/ajs_258A_11.pdf/151.pdf
https://www.virustotal.com/en/file/40cc4cc26b57e41e55f327634891a5386b7621de999572e26fabefeffa48c0da/analysis/1416046750/
Quote: "This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers."
http://anubis.iseclab.org/?action=result&task_id=173d2c99c7ef13cb45531df4c08326f25&format=html
http ://anubis.iseclab.org/?action=result&task_id=173d2c99c7ef13cb45531df4c08326f25&download=traffic.pcap
https://www.virustotal.com/en/file/0c43d1c08e84475c91e622b1efdee19abfae1ac2a551d7906329cf87b66fdb57/analysis/1416069787/
Quote: "PCAP file! The file being studied is a network traffic capture, when studying it with intrusion detection systems Snort triggered 1 alert and Suricata triggered 3 alert."
... "Intrusion Detection System
Snort 1 alert
Suricata 3 alerts"
... "Wireshark file metadata
File encapsulation Ethernet
Number of packets 120
Data size 89088 bytes"
... "Snort alerts Sourcefire VRT ruleset
BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt (Attempted User Privilege Gain)
Suricata alerts Emerging Threats ETPro ruleset
ET POLICY Reserved Internal IP Traffic (Potentially Bad Traffic)
ET POLICY Internet Explorer 6 in use - Significant Security Risk (Potential Corporate Privacy Violation)
ET INFO PDF Using CCITTFax Filter (Potentially Bad Traffic)"
... "earth.geology.yale.edu 130.132.22.55"
(note: not definative, flagged for further investigation)
October 17, 2014 at 1:23 am - http://enenews.com/pbs-plague-hit-west-coast-hard-year-biologists-fear-species-going-extinct-experts-largest-outbreak-oceans-terms-numbers-species-affected-geographic-scale-mortality-people-kids-before-theyre-all/comment-page-2#comment-589179
https ://www.orau.org/ptp/PTP%20Library/library/Subject/Plutonium/plutonium2.pdf
https://www.virustotal.com/en/url/67f8b5abd8979c791f2786a1e0d177e11e62b1beaaf4b13ac05f2ef08681bc12/analysis/
Quote: "HTTP Communication error - There was an unexpected error when trying to retrieve the response"
http://anubis.iseclab.org/?action=result&task_id=1e7a67a95f43b5114c915fef8f923c38a&format=html
October 17, 2014 at 12:42 pm - http://enenews.com/top-5/comment-page-1#comment-589403
ReplyDeletehttp ://energy.utexas.edu/files/2014/06/Eslinger-2014-JER-Fukushima-Source.pdf
https://www.virustotal.com/en/file/25ce9ab8f93a2f23b4763ccb77f520da27c392438216eb98b1b043e0375bf1c2/analysis/1416046843/
Quote: "This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
This PDF document contains 17 object streams. A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however, since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects. "
http://anubis.iseclab.org/?action=result&task_id=1b0d5dd14764399646db2c039779928c4&format=html
October 17, 2014 at 12:48 pm - http://enenews.com/top-5/comment-page-1#comment-589414
http ://energy.utexas.edu/files/2014/06/Eslinger-2014-JER-Fukushima-Source.pdf
as above (copy)
October 17, 2014 at 11:32 pm - http://enenews.com/top-5/comment-page-1#comment-589912
http ://digitool.library.colostate.edu///exlibris/dtl/d3_1/apache_media/L2V4bGlicmlzL2R0bC9kM18xL2FwYWNoZV9tZWRpYS8yMDc5Mjg=.pdf
https://www.virustotal.com/en/file/ac73c4ab320a3f290a10406e95d217939340688792f12797ed5736a2c2acdb4f/analysis/1416046547/
Quote: "This PDF file contains 1 JavaScript block. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent."
http://anubis.iseclab.org/?action=result&task_id=18f7d9ce635b77ce41d85d8497637249e&format=html
October 17, 2014 at 11:36 pm - http://enenews.com/top-5/comment-page-1#comment-589918
http ://www.ans.org/pi/ps/docs/ps47-bi.pdf
https://www.virustotal.com/en/file/2c4223ea228a88540001d1b99fbd5f1316df2270ee886ec955fd7e24a08b50aa/analysis/1416047170/
Quote: "This PDF document contains 9 object streams. A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however, since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects."
http://anubis.iseclab.org/?action=result&task_id=193d2f7a4c9b9083441ed989f97831934&format=html
http ://anubis.iseclab.org/?action=result&task_id=193d2f7a4c9b9083441ed989f97831934&download=traffic.pcap
https://www.virustotal.com/en/url/03c8e9fd29f38d617ffb906874759641498513c6061f724734ef0feeb8f2542b/analysis/1416070919/
(inconclusive - download & upload to Anubis)
https://www.virustotal.com/en/file/7a794cd011c3f5bf64aef63affc33cfb89776b75eb2cfee428a2d7056f2dcac6/analysis/1416071001/
Quote: "PCAP file! The file being studied is a network traffic capture, when studying it with intrusion detection systems Snort triggered 2 alerts and Suricata triggered 2 alerts. "
... "Intrusion Detection System"
... "Snort 2 alerts
Suricata 2 alerts"
... "Wireshark file metadata
File encapsulation Ethernet
Number of packets 63
Data size 41788 bytes"
... " Snort alerts Sourcefire VRT ruleset
(spp_sdf) SDF Combination Alert (Sensitive Data was Transmitted Across the Network)
BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt (Attempted User Privilege Gain)
Suricata alerts Emerging Threats ETPro ruleset
ET POLICY Reserved Internal IP Traffic (Potentially Bad Traffic)
ET POLICY Internet Explorer 6 in use - Significant Security Risk (Potential Corporate Privacy Violation)"
... "DNS requests www.ans.org 206.222.45.7, 173.167.163.230, 199.19.56.1"
(note: not definative, flagged for further investigation - 3 seperate IP Addresses though???)
October 17, 2014 at 11:38 pm - http://enenews.com/top-5/comment-page-1#comment-589922
ReplyDeletehttp ://web.ornl.gov/~webworks/cpr/v823/rpt/109264.pdf
October 17, 2014 at 11:39 pm - http://enenews.com/top-5/comment-page-1#comment-589924
https ://www.oecd-nea.org/science/docs/2007/nsc-doc2007-6.pdf
https://www.virustotal.com/en/file/945c79fa9bbef9286b01f422e284c6fe2189ff21f5c6e5f9732b8718e5bb4394/analysis/1416064139/
Quote: "This PDF file contains 1 JavaScript block. Malicious PDF documents often contain JavaScript to exploit JavaScript vulnerabilities and/or to execute heap sprays. Please note you can also find JavaScript in PDFs without malicious intent.
This PDF document contains at least one embedded file. Embedded files can be used in conjunction with launch actions in order to run malicious executables in the machine viewing the PDF."
http://anubis.iseclab.org/?action=result&task_id=19a05d41e78269f34257819cc626e920d&format=html
October 19, 2014 at 11:35 am - http://enenews.com/top-5/comment-page-1#comment-590754
http ://www-pub.iaea.org/MTCD/publications/PDF/te_1601_web.pdf
https://www.virustotal.com/en/file/08df0e133e48e87325ca0aa8e083f51afb7a4738efa239989103c30813bde194/analysis/1416047503/
Quote: "This PDF file contains an open action to be performed when the document is viewed. Malicious PDF documents with JavaScript very often use open actions to launch the JavaScript without user interaction.
This PDF document contains AcroForm objects. AcroForm Objects can specify and launch scripts or actions, that is why they are often abused by attackers.
This PDF document has Digital Rights Management or needs a password to be read."
http://anubis.iseclab.org/?action=result&task_id=10acd33d394d7230419600d32bda8597b&format=html
October 20, 2014 at 11:49 pm - http://enenews.com/govt-report-reveals-fukushima-radioactive-release-larger-chernobyl-japan-reactors-could-emitted-four-times-cesium-137/comment-page-1#comment-591781
http ://behavior.vetmed.ucdavis.edu/local-assets/pdfs/Inappropriate_Mounting_in_Dogs.pdf
October 23, 2014 at 5:08 pm - http://enenews.com/sailor-fukushima-impact-dead-thousands-miles-pacific-ocean-between-japan-talking-about-makes-feel-like-cry-birds-fish-sharks-dolphins-turtles-theyre-all-gone-audio/comment-page-1#comment-593778
ReplyDeletehttp ://apps.who.int/iris/bitstream/10665/78373/1/WHO_HSE_PHE_2013.1_eng.pdf
https://www.virustotal.com/en/file/aed62e6804e87473726e4c85f2a6b83b8497425eca7c2a06323705aacbe83058/analysis/1416046642/
Quote: "This PDF document contains 1 object stream. A stream object is just a sequence of bytes and very often is only used to store images and page descriptions, however, since it is not limited in length many attackers use these artifacts in conjunction with filters to obfuscate other objects."
http://anubis.iseclab.org/?action=result&task_id=1e10c80ec7f86eaa4d5ac2c601dec32ac&format=html
(Adobe Updater triggered)
http ://anubis.iseclab.org/?action=result&task_id=1e10c80ec7f86eaa4d5ac2c601dec32ac&download=traffic.pcap
https://www.virustotal.com/en/url/fee4fac9788a6f12b92816ef7eabec7401bc273652449f75b782fbd5e5bf9c99/analysis/1416072656/
(inconclusive - download & upload to Anubis)
https://www.virustotal.com/en/file/37bd9de6bbdb7dbb472612866eff65e94439023b60062a906c70667de3e7ef8e/analysis/1416072923/
Quote: "PCAP file! The file being studied is a network traffic capture, when studying it with intrusion detection systems Snort triggered 0 alerts and Suricata triggered 2 alerts."
... "Intrusion Detection System"
... "Snort 0 alerts
Suricata 2 alerts"
... "Wireshark file metadata
File encapsulation Ethernet
Number of packets 98
Data size 48564 bytes"
... "DNS requests apps.who.int 158.232.12.85"
... "Suricata alerts Emerging Threats ETPro ruleset
ET POLICY Reserved Internal IP Traffic (Potentially Bad Traffic)
ET POLICY Internet Explorer 6 in use - Significant Security Risk (Potential Corporate Privacy Violation)"
(note: not definative, flagged for further investigation)