Vitalsecurity.org - A Revolution is the Solution

Mid-Week Spywareguide Roundup

paperghost — Wed, 07 May 2008 20:08:00 +0000

Here we go again!

* I just called, to say.....nothing, actually: Strange and annoying phonecalls. We all hate them, don't we? Especially when you can't decide if they're trying to sell you things (bad) or just steal all your personal data to sell on (worse).

* It's a trap: Hot chick adding herself to my Myspace friends list = Disaster. Mind you, I have plenty of real hot chicks on my list so that's okay.

* Hackmemes: Did you ever want to see a DDoS tool whose sole purpose for creation was as part of a meme war? Even better, a DDoS tool that's actually stuffed full of memes purely so it'll gain acceptance with the groups involved in the battle in the first place? Then here comes Christmas.

....you do like Mudkips, right?

Fixed!

paperghost — Tue, 06 May 2008 18:55:00 +0000

Things I am happy about this week:

1) The comments on Spywareguide are working again, and you can now post as you see fit. Swear to God.

2) The day I posted this ramble complaining about Feedburner woes, Netvibes (who, judging from endless posts in their support group via Google, seem to have been the cause of endlessly fluctuating Feedburner stats) went and migrated all of their users to the new interface. Since that day, my stats have been back to normal and have actually gone up a little bit. Anyone else out there using Feedburner noticed a more regular pattern in their stats since a week ago?

3) Insert your own happy thing here, I'm all out.

Worst. Idea. Ever.

paperghost — Tue, 06 May 2008 06:48:00 +0000

All I want to know is, who comes up with this stuff?

See, I've been waiting.....and waiting......and waiting......for the sessions from RSA2008 to hit the web, so we can watch and listen and absorb or whatever. There's a lot of people who couldn't make it who have also asked me if / when my own presentation would be available to listen to. Last year, RSA seemed to be pretty open about who could get their hands on the talks (Hell, we still have one complete with funky Flash thing here).

Now? I get an Email from the RSA organisers last night pointing me to this page, with the following genius idea:

The information and ideas discussed at RSA Conference 2008 will have an impact on the information security industry for years to come. Be sure to capture all of the discussions by replaying the session recordings from this year's Conference. (Free for 2008 Full Conference attendees, $395 for non-attendees)

Wow, yes! What a brilliant idea! We'll have "an impact on the security industry for years to come" by.....letting all the same people who saw the talks originally watch them again!

Wooo!

Also, WTF and doh. Let's be honest and put the hyperbole aside for a second - nothing talked about at RSA will "have an impact on security for years to come", because nobody cares. It was a bunch of talks about stuff, and now it's over. Some were good, some were bad, same as it ever was. But hamming it up with over-the-topness just so we can justify charging lots of money to let people hear it who couldn't make it / afford it? Man, that sucks. That sucks ass, and is a terrible, exclusionary idea.

If there was anything of worth, of interest spoken about at RSA, how are we helping to spread those ideas by chaining them to full conference passes or extortionate amounts of cash after the event is long gone?

And why is it always just about the "security industry" anyway? There's a whole variety of people and initiatives that likely fall outside that narrow definition (purely because they're not running around yelling BUY THE BOX!) and yet they're just as active, just as important to the security scene as anyone else.

But of course, they didn't pay stupid amounts of money to attend and so don't count. Excuse me while I roll my eyes. How many people attending these conferences are only there because their company paid for them to go in the first place? And how many of those people wouldn't come within a hundred feet of security conferences if they actually had to pay up themselves?

Nobody can claim access to 365 session recordings for $395 is good value for money, because nobody in their right mind is going to listen to three hundred and sixty five sessions unless they are clinically insane.

Anyone with any interest in RSA2008 that didn't go is more likely to want to hear the odd handful of sessions - and here's a breaking newsflash, they are NOT going to pay out four hundred bucks just to hear them. I don't believe RSA have a "reduced fee" anywhere to listen to (say) five talks, but meh, even that would suck.

I really doubt half the people at RSA on free Full Conference Passes (courtesy of their company) would complain if people who didn't attend got to hear the talks for free after the event. Again, by this point nobody cares, right? It's now just a bunch of talks at some conference somewhere, and everyone is now too busy gearing up for the next conference in a few weeks or months time.

And if someone argues that it's not good form to have the great unwashed masses listening in for free when all those companies had to stump up tons of cash for full conference passes? Well, too bad for all those companies. Surely half the fun of the full pass is the chance to hear people speak in person that you always wanted to see present twenty feet away from you - not simply possession and apparent ownership of the words that came out of their mouth.

To me, security is all about protecting those same "great unwashed masses" with as much vigor and force as the companies at RSA devote to protecting enterprise and business customers - great unwashed masses that (currently) don't have a hope in Hell of hearing talks that might actually contribute to making them consider security a little more in their day to day lives.

It all seems a bit greedy and possessive to me, but then I only spoke at RSA.

What do I know?

Offtopic: Arbitrary Attacks on Videogames Annoy Me

paperghost — Sun, 04 May 2008 18:57:00 +0000

Peter Hitchens wheeled out a predictable attack on videogames - namely Grand Theft Auto 4 - in the print edition of the Daily Mail today. His tortured logic spilled onto his weblog, so I left him the following reply:

"Could it possibly be bad for a child or a teenager to spend long hours impersonating a violent car thief?" (Hitchens)

Could it possibly be bad for you to write a "won't somebody think of the children" missive to whip up the usual sensationalist panic about videogames while (predictably) failing to mention the product in question is clearly labeled 18 for adults?

Rather than decry the game, perhaps it might make more sense to attack gamestores that happily sell products aimed at an older market to kids. Perhaps it might be better to attack the parents that thoughtlessly hurl products aimed at an older market at their children.

Unless, of course, you're *also* going to blame the collapse of Western civilization on every single activity aimed at someone over 18 along with the horrors of GTA4?

The gaming market has grown and aged with the products. I've played games for 25 years, and I don't particularly fancy playing "super happy hooray for everything" anymore.

Thanks for trying to limit my choice of personal pursuits via the agenda you're pushing without even bothering to try the product in question.

If you *had* actually tried the game, you wouldn't be writing it off as a senseless, lawless gunfest with no consequences, morals or anything approaching depth beyond "kill everything in sight".

It's mature, its intelligent, its - shock horror - actually very grown up, and at least one major videogame site said of this game in its review that the more realistic and serious nature of the lead character meant that they were actually *less* inclined to go on a gun rampage, because it "didn't feel like something the character would do".

To impress upon a player that sense of depth with regards a fictional character jumping around on a screen is pretty impressive. To do such a thing when it could be argued the basic mechanic of the title is to shoot people, even more so.

But of course, you're too busy wheeling out assumptions and blanket statements.

He never published the comment. Funny, that...

Spywareguide Roundup

paperghost — Fri, 02 May 2008 16:33:00 +0000

Shall we get down to business?

* Credit Card up for Renewal? Then Beware This Phish: A funky little diversion through a Phish scam that caught my eye simply because my credit card was due to expire.

* The Spectre of Rogue Facebook Applications, Back Once More: Ooh, it's all kicking off with Facebook applications again!

* Pinont.com - No Need to Panic: Aargh, it's an apocalyptic wave of.....viagra spam.

* Beware - New MSN Messenger Password Stealing Program in the Wild: This is a pretty slick application for scumbags everywhere - click a few buttons, and hey presto, a ready-rolled executable that can be used to steal your MSN Messenger login credentials. here's the Client:

And here's what the attacker will see with the click of a button, assuming the victim let the infection file execute on their PC beforehand:

.....ouch.

Would you like a side order of WTF with those fries?

paperghost — Thu, 01 May 2008 16:06:00 +0000

Sometimes I see things that break my brain.

This is one of those things. Sighted on Facebook, the content falls somewhere between comical and extremely creepy, so of course I'm publishing the whole glorious train wreck below:

.....what??

I love how "I am dead" is thrown in as an afterthought, like having pencil shavings up your butt and not having any nose or ears wasn't quite bad enough.

Bonus points if you can work out why it has a random picture of two teens hugging attached, too. As for "don't send it to me", I can't say I have any dead seven year olds missing half their face waving kitchen knives on my friends list to send this to, but oh well.

I can haz typoz?

paperghost — Thu, 01 May 2008 14:35:00 +0000

Comedy spelling galore here. You'd think with all the money they have, these malware writers could afford dictionaries...

Mid-Week Spywareguide Roundup

paperghost — Wed, 30 Apr 2008 18:23:00 +0000

Haven't had one of these for a while, so here goes.

* Here Phishy, Phishy and Booze & Binders: Some leet hax script kiddy applications currently in circulation. I'd throw in a picture here, but amazingly the Blogger image upload tool is broken. Again. Blogger is full of so much win and awesome, and by win and awesome, I mean crap and fail.

* Locking down Facebook Chat: Nothing particularly revelatory, but a little delve into the wonderful world of Facebook Chat, or (to be more accurate) how to get rid of the damn thing if (like me) you had no clue what you were supposed to click on when confronted by hundreds of people saying HELLO LOL. Once more, no pictures. Blogger. Fail. Epic fail.

* Myspace - Who is Watching the Detectives Part 3: Did Myspace ever fix their "system error" that allowed people to view exactly who had been snooping round their profile pages? Click this and find out. Ooh, the suspense.

* Off-Topic Fun: Videogames are Awesome: Spurred on by my post about the Dreamcast phishing incident a few weeks ago, I decided to go deep into off-topic country and post up a bunch of my old videogame systems. I used Flickr for these images, so nothing stops me from posting these up:

My Shenmue Collection, originally uploaded by Paperghost.

ChuChu Rocket Box Set (Front), originally uploaded by Paperghost.

I encourage anyone remotely interested in old game systems to post up some screenies of their collections. I had planned for people to post their links directly on Spywareguide, but it appears the hope invested in the comment fixing was a little premature. With that in mind, post your links here and when (if) the comments start working again on SPG, I'll port everything over there.

Feedburner Stat Trouble?

paperghost — Tue, 29 Apr 2008 08:25:00 +0000

For the last month or so, my Feed subscriber count has been fluctuating wildly - it currently says 1,319 which is correct but (more often than not) keeps showing at around the 900 mark, which is way off the real total. I eventually worked out that this is because Feeburner is having issues with anyone subscribed to the site via Netvibes as they upgrade to their new release.

Whoops.

Apparently they claim subscribers aren't affected, it just makes your stats look more rubbish than they actually are. I've noticed this sudden drop-off affecting quite a few security blogs out there so if you're wondering where all your subscribers are going, it's down to Netvibes. No ETA on when this will be fixed, which sucks.

Wait, what?

paperghost — Mon, 28 Apr 2008 20:23:00 +0000

I got this in my mailbox today:

April 28th, 2008
For Immediate Release:
Contact: Colonel Custard (aka the corporate criminal creamer)

Footage available: www.GreenwashGuerrillas.org

Greenwash Guerrillas Pie Thomas Friedman at Brown University

YouTube Censors Video; Pie Thrower Faces University Disciplinary Procedures

Providence, RI - New York Times columnist and author Thomas Friedman was pied by the Greenwash Guerillas while giving an Earth Day Lecture at Brown University. The Greenwash Guerillas targeted Thomas Friedman because of his support for U.S. military intervention in the Middle East, neo-liberal economic policies that harm the world’s poor, and especially for promoting bogus solutions to the global climate crisis.

"We sought to expose the hypocrisy of allowing Friedman, who is known for his influential support of U.S. wars for oil in the Middle East, to call himself an environmentalist,” explained Greenwash Guerrilla Margaree Little. "He has blood on his hands that no amount of 'green' can wash away."

Little, a Brown University student identified as one of the pie throwers, faces University disciplinary hearings, potentially including expulsion. Colonel Custard, the second pie thrower, remains at large.

Little and Custard jumped on stage as Friedman began his talk, entitled “Green is the new Red, White & Blue.” The talk focused on how green technology and corporate environmentalism can restore the United States to its "natural place in the global order."

They tossed two green-colored cream pies at Friedman and dashed off as leaflets denouncing Friedman were thrown to the crowd. According to the pamphlets, “On behalf of the earth and all true environmentalists – we, the Greenwash Guerillas, declare Thomas Friedman’s ‘Green’ as fake . . . as the cool-whip covering his face.”

The Greenwash Guerillas object to Friedman’s support for nuclear power, coal power, industrial biofuels, and carbon trading markets. "These false solutions are smokescreens, intended to generate massive corporate profits while creating global humanitarian and environmental disasters,” said Colonel Custard.

Video of the pie throwing incident was posted on YouTube, and received close to 70,000 views in 36 hours, making it one of the most popular videos on the site. Without notice, YouTube abruptly censored the video, removing it from the website. Hundreds of news outlets, blogs, and websites had linked to the video. The Greenwash Guerillas have reposted the clip at: www.GreenwashGuerrillas.org

"Given the many other pieings on YouTube(1), the removal of the video can only be understood as an act of political censorship," said Little. "One has to wonder whether Friedman, a billionaire with a lot of connections, has more influence than “you” on YouTube."

“The Greenwash Guerillas chose the harmless and humorous tactic of pie-throwing because our goal was to take this perpetual charlatan off his new green pedestal,” said Colonel Custard. “Friedman’s support for coal and nuclear power is as misguided as his counsel on Iraq.”

This is the second time Friedman has been hit by a pie. In October 2002, he received a banana pie to his face while promoting his writings on free-market globalization in Boston."

Now, that's a pretty awesome thing to appear in your mailbox by any standards.

However.

Someone getting a pie in their face gets removed from Youtube, but insanely stupid crap like idiots juggling cats (warning: an idiot juggling a cat) and an endless stream of leet hax videos never seem to get canned?

Meh, whatever. I will say that the options for reporting hacking videos on Youtube are limited at best - if you're not reporting a copyright violation, physical attacks or animal abuse (though I guess the animal abuse option is broken, seeing as a moron is still juggling his cat) then you're pretty much up a creek without a paddle.

Pie throwing is pretty cool, though.

A Day in the Life.....of an idiot

paperghost — Thu, 24 Apr 2008 10:10:00 +0000

22/04/08, 12:38AM:

22/04/08, 10:01PM:

22/04/08, 10:05PM:

22/04/08, 11:09PM:

They still drop the soap in jail, right?

If you're going to rip someone off, make it look pretty

paperghost — Wed, 23 Apr 2008 15:34:00 +0000

Part 1.

Part 2.

Ouch.

From English to Russian in one Leet swoop

paperghost — Wed, 23 Apr 2008 14:51:00 +0000

This grabbed my attention today. Not too often I see leet hax wannabes hauling up the "Nothing to see here, Russian money guys at work" facade...

He's back, now with twice the fail

paperghost — Mon, 21 Apr 2008 20:22:00 +0000

Remember this guy? Sure you do. Well, he's back again with another breathtaking display of getting-it-all-wrong.

Fish, meet barrel. It's clear our anonymous superhero isn't going to reveal their identity OR say anything even remotely approaching common sense, so this one goes out to you, whoever you are:

Man, that's gotta hurt.

Found while browsing Google News

paperghost — Mon, 21 Apr 2008 11:06:00 +0000

"Catching the Script Kiddies" - now that's interesting. The words "script kiddy" sometimes get the odd mention in news articles, but only usually as a passing reference. This is the first one I've seen in a loooooong time where they were the primary focus of the piece.

Hacking school computers, no less. Well, I hope they were better at it than this guy. No wait, I don't. Meh, as long as they got busted it's all good.

I doubt this is the start of a massive trend of "let's write about kids hacking stuff", but good to see it pop up as a fully fledged article somewhere. More, please.

Sometimes, you just can't blame it on technology

paperghost — Mon, 21 Apr 2008 07:46:00 +0000

Take this guy, for example. Maybe there's a Skype dating group he can join or something...

The Melon Pirates get their own conference

paperghost — Fri, 18 Apr 2008 08:48:00 +0000

Not to be outdone by RSA, our friends responsible for the wonderful Melon Pirate spam not so long ago are back, with all new levels of stupid. Just click the image and let your brain soak it all up:

I swear, I don't go looking for this stuff. It just finds me.

"Chris Boyd is a disgrace to infosec"

paperghost — Fri, 18 Apr 2008 06:50:00 +0000

Wow, someone doesn't like me this week. I will now stand in the corner and hang my head in shame.

Double Trouble

paperghost — Thu, 17 Apr 2008 16:55:00 +0000

"Dude why am I getting a different friend request from you?" - some guy I know on Facebook

Why indeed. A quick search for myself on Facebook later, and....

......hello, future blog entry!

A quick rummage around the fake profile on the bottom reveals some curious things. For example,

Most of the information above is wrong. Even better than that:

.....I'm doing what with who now? Seems I can't keep my hands off the ladies, because...

I'm just THAT memorable! Well, that or she was sent a completely fake "We knew each other because.." mailblast. Finally, it appears I have a penchant for turning up on photograph pages and making random comments. Namely:

Go web go! So yeah, if you happen to get any odd things sent to you on Facebook from "Chris Boyd" (like, I rub myself in lard and think of you at night or I am your baby-daddy) then it's probably best to ignore it.

Awesome-tastic.

Creepy Myspace Interweb Stalkers

paperghost — Wed, 16 Apr 2008 18:00:00 +0000

Remember the Myspace thing from a few weeks back where some nifty code could auto- subscribe you to someones video channel (and thus give them a method of knowing exactly who had visited their page)?

Well, some further digging has revealed that this particular scam has been in use by scumbags everywhere since at least October 2007.

That's pretty bad news, right there. So is the fact that this is still going on - visit Spywareguide for details.

Paperghost: Naked and caught on video, supposedly

paperghost — Wed, 16 Apr 2008 17:53:00 +0000

Oh, what a wonderful title. Anyway, I got this in my mailbox today:

Of course, clicking the link takes you to one of those fake codec installer jobbies. I know, I know - you all really wanted to see that mythical Myspace clip of me parading around in my birthday suit at 3AM.

Sorry kids, maybe next time.

The two most annoying things I always get asked at security conferences

paperghost — Wed, 16 Apr 2008 17:44:00 +0000

RSA 2008 was always going to be a tough one to pull off - while most people were probably going there to dazzle everyone with the latest cutting edge exploits, cryptography-tech and innovations in the technology field, I was going to show up and talk about kids hacking things.

Already off to a tricky start, things were made more complicated by the structure dictated by such an enterprise - throw in all the juicy stuff right at the start to keep peoples attention, and you risk having nothing interesting to whip out at the end. Keep it too general at the start, and you risk incurring the wrath of the OMG KIDS HACKING ON THE INTERNET? OH, WOW REALLY? THAT'S SUPPOSED TO BE NEWS NOW? brigade.

Of course, the news isn't that kids are "hacking on the Internet" - the news is that nobody is still paying it much (if any) attention. Why is that? It's a tricky question to answer.

I did have a few people come up to me while I was at the FaceTime booth who fired the following at me, and I usually always get something along these lines (indeed, one guy got particularly stroppy with me for no good reason at InfoSec Europe after asking me the first one). It used to irritate me, but now it just makes my eyes roll and probably glaze over a bit. I might start to think about shopping I need to purchase. A funky song from yesteryear might autoplay in my mind while I jig from side to side in a sexy yet creepy fashion. Who knows.

1. Sounds interesting, but what is the value to your company?

Well, in terms of specific value to "my company" (and indeed, all companies), anything interesting and productive is good publicity, and good publicity = good news for any company, right? If nobody knows who you are, they're less likely to buy your stuff. If everyone knows who you are, you've achieved some form of visibility and so might sell slightly more stuff. If what you do is worthwhile and productive, there's an increased chance people might take your equipment for a test drive. Anyone that can't see the obvious benefits of that, just doesn't get it.

The other side-effect of lots of publicity is that scumbags the world over - and those scumbags can be anyone from the 17 year old kid in his bedroom to the nastiest of kiddy pr0n creators - don't like a light shone in their face. It all helps, and it all goes a little way towards people actively working in security one less headache to deal with.

These people also tend to forget that it's not just a case of shutting down some websites and that's it. If you start with a person, you inevitably end up with their interesting and unique infection files which can then be protected against. If you start with the file, you can usually trace it back to a fame-hungry mofo.

There's no reason why we can't have our cake and eat it, and no reason why we can't simultaneously look to grab the files for detections AND attempt to shut down the people making those files permanently. In that sense, we're doing what anyone else in security is doing - providing detections - and also trying to ensure they don't keep pumping out infection files all day long. Anything done after grabbing the files and providing detections is a bonus. That's a benefit to everybody, and I'm interested in providing a benefit to everybody - not just the parent company.

Why does "value" always have to equate to tangible amounts of cash on the table? If it's done purely to help people, does that suddenly lose all worth? Is it only relevant if I'm rolling around in a swimming pool stuffed with hundred dollar bills or something?

I'm sure the future victims of some credit card scammer who won't now be stung because we already shut him down three weeks ago will see the value in it, or the people using some social networking site that won't be hit because we already shut down the clowns producing the latest scam, and so on and so on. To me, people complaining about the dollah dollah bill, y'all worth of things not being entirely evident by "simply" shutting down wannabes, hackers, crackers and God knows who else have it all back to front.

In case they forgot, I apply the same "burn it all down to the ground" method for everyone from Adware vendors to hackers in the Middle-East and everyone inbetween. Was it an issue then? Or does it only become an issue because people can't immediately see the worth in slicing up wave after wave of script kiddies?

I mean, it's not like many of these kids will be doing bigger, better and nastier things in five years time or less if left unchecked, right? It's not like they're gearing up to be the next wave of assclowns who people like me will eventually have to chase down anyway, right? What? What's that? They WILL?

Oh.

The next question I had thrown at me from one or two guys was something similar to this:

2. I used to hack back in the day, and I'm still on the scene though I don't do anything anymore. You shouldn't call these kids hackers, because it's an insult to all of us real hackers who were all about exploration and fighting the system etc etc (insertpartabouthowtheyactuallyusedtohackthingsanywayhere).

My response to that was, you're unhappy about them being lumped in under the semantically awesome term "hacker", you claim to still be "on the scene", you probably read articles in 2600 magazine about the "true worth and nobility of hackers" and yet don't actually do anything to steer them towards your ideal goal of "hackers not being into illegal things as such and actually being all about exploration and freedom of expression"?

Wow, then EPIC FAIL FOR YOU.

Anyway, ramble over. I just want you to know what not to ask me at conferences (along with, "Did you enjoy the flight". That one sucks too).

Fail

paperghost — Wed, 16 Apr 2008 17:32:00 +0000

If you meet me, have some courtesy

Have some sympathy, and some taste

Use all your well-learned politesse

Or Ill lay your.....soul to waste.

RSA 2008: Pictures Galore

paperghost — Tue, 15 Apr 2008 07:17:00 +0000

You can jump over to Spywareguide and see an overview of the session we did at RSA last week (with links to a bunch of articles), and also click here for as many pictures as you can shake a stick at.

Incidentally, many of you have asked me about this TShirt.

Sorry, I had it custom made. That's right, I go into TShirt shops and ask for junk like this. To the guy that came up and asked me where I got it? I admit it, I felt like I was kicking a puppy when you asked me what booth you could get it from. To the randomly selected booth that suddenly had some dude come up and bug you for a "Tonight we dine" shirt, I apologise.

Well not really, it was pretty funny.

Eventually, RSA will (hopefully) provide a link to the full talk - when they do, I'll link to it and all that jazz. Wish they'd get a move on, they were a lot quicker linking to this stuff last year...

British Airways: Redefining "Sucktastic" for the 21st Century

paperghost — Sun, 13 Apr 2008 15:21:00 +0000

I've arrived home, no thanks to BA. Already having endured the wonders of BA287, you can imagine my reaction at seeing this upon arrival at SFO:

.....oh BA, not again. Even before checking in, some dude was handing out "We're sorry, but.." letters so I knew it was gonna be bad. As it turned out, the plane was indeed delayed for a stupidly long time but we didn't plunge out of the sky - hey, bonus.

Of course, this meant I had to be ultra-snappy when getting to Terminal 5 to ensure I didn't miss my connecting flight. Imagine my dismay, then, when it turned out that the following snazzy electronic poster:

.....would turn out to be spectacularly incorrect.

As soon as you get to the departures lounge, there's no indication of where you're supposed to go. Do I stay in the same terminal? Do I have to catch one of those bus things to the other buildings down the road somewhere?

No idea. Sadly, I made the fatal mistake of asking British Airways staff. Before you knew it, they'd sent me downstairs to the bit where you catch the bus where I was told "Terminal 1" by some guy who could barely speak English. Not entirely convinced, I asked the woman at the Terminal 1 bus departure gate only to be told "Terminal 4".

Well holy crap, SOMEONE tell me where to catch the damn plane. Can't be that hard, can it?

As it turns out, yes. Yes, it can. Not long after the guy who told me Terminal 1 mocked me with a "Why could you possibly want to go upstairs?" type comment, someone else came down and apologised profusely because......the plane was leaving upstairs from Terminal 5, and there was no way back up the escalator.

A few minutes of shouting later, and they let me go back up in a freight elevator of some description, but of course it was too late and my plane was already flying off into the distance. I did feel better giving the Terminal 1 guy the two finger salute, but not by much - especially when it turned out that the next plane would be something like FIVE HOURS LATER (of course, it was delayed severely which meant a grand total of seven hours of swearing and ranting but it's entirely academic by this point).

Even trying to use a phone to let people know you weren't dead was an exercise in futility. Approaching the helpdesk (no more than ten feet away from a non-working payphone), this is how it all went down:

Me: Hi, are there any phones working yet?

Some stupid woman: Sorry?

Me: When I flew out last week, none of your payphones were working and I'm guessing it's still the same?

Some stupid woman: We're having problems at Terminal 5?
.
.
.
.
.
.
.
.
.
.
.
.

Well, BA ain't getting one over on me again. Spying the first class lounge off in the distance (and watching my fellow cheap-seat passengers being turned away with hopeful cries of "but I have extra legroom seats!"), a quick burst of the old "walk backwards while saying goodbye" trick later and I was confronted with free food, booze and all the comfy seating I could handle. I know it looks like I'm hiding under a table in the first picture, but I swear I'm not:

After stuffing my face with all the pasta, noodles and muffins I could cram into my gob I started looking round for something a little more fun:

Oh, free booze? Don't mind if I do. I pretty much nuked the free drinks bar. Well actually, all the free drinks bars. Then I made all their free Internet access Terminals look like this:

Aside from tales of lost luggage, some of them linked to the BA287 flight writeup from the week before, so I'm sure they appreciated that too. In fact, I made sure lots of articles like this, this and this were popping up all over their desktops. Enjoy, BA, enjoy. It's all for you, baby.

I finally arrived home God knows how many hours after the whole shambles started, and can't say I was surprised to see a pile of people stuck at my final destination asking where their luggage had gone:

Someone at British Airways needs a good kick to the face. A sustained and brutal beating, actually. Cries of "Don't Taze me, bro" will only have the exact opposite effect. Not only will I never fly with them again, I'm happily going to encourage people not to fly with them either.

You should too.