SNOsoft Research Team: Hacking Your Bank

We were recently hired to perform an interesting Advanced Stealth Penetration test for a mid-sized bank. The goal of the penetration test was to penetrate into the bank’s IT Infrastructure and see how far we could get without detection. This is a bit different than most penetration tests as we weren’t tasked with identifying risks as much as we were with demonstrating vulnerability…

The first step of any penetration test is reconnaissance. Reconnaissance is the military term for the passive collection of intelligence about an enemy prior to attacking that enemy. It is technically impossible to effectively attack an enemy without first obtaining actionable intelligence about the enemy. Failure to collect good intelligence can result in significant casualties, unnecessary collateral damage and a completely failed attack. In penetration testing, damages are realized by downed systems and a loss of revenue.

Because this engagement required stealth, we focused on the social attack vectors and Social Reconnaissance. We first targeted FaceBook with our “FaceBook from the hackers perspective“ methodology. That enabled us to map relationships between employees, vendors, friends, family etc. It also enabled us to identify key people in Accounts Receivable / Accounts Payable (“AR/AP”).

In addition to FaceBook, we focused on websites like Monster, Dice, Hot Jobs, LinkedIn, etc. We identified a few interesting IT related job openings that disclosed interesting and useful technical information about the bank. That information included but was not limited to what Intrusion Detection technologies had been deployed, what their primary Operating Systems were for Desktops and Servers, and that they were a Cisco shop.

Naturally, we thought that it was also a good idea to apply for the job to see what else we could learn. To do that, we created a fake resume that was designed to be the “perfect fit” for a “Sr. IT Security Position” (one of the opportunities available). Within one day of submission of our fake resume, we had a telephone screening call scheduled.

We started the screening call with the standard meet and greet, and an explanation of why we were interested in the opportunity. Once we felt that the conversation was flowing smoothly, we began to dig in a bit and start asking various technology questions. In doing so, we learned what Anti-Virus technologies were in use and we also learned what the policies were for controlling outbound network traffic.

That’s all that we needed…

Upon completion of our screening call, we had sufficient information to attempt stealth penetration with a high probability of success. The beauty is that we collected all of this information without sending a single packet to our customer’s network. In summary we learned:

• That the bank uses Windows XP for most Desktops
• Who some of the bank’s vendors were (IT Services)
• The names and email addresses of people in AR/AP
• What Anti-Virus technology the bank uses
• Information about the banks traffic control policies

Based on the intelligence that we collected we decided that the ideal scenario for stealth penetration would be to embed an exploit into a PDF document and to send that PDF document to the bank’s AR/AP department from the banks trusted IT Services provider. This attack was designed to exploit the trust that our customer had with their existing IT Services provider.

When we created the PDF, we used the new reverse https payload that was recently released by the Metasploit Project. (Previously we were using similar but more complex techniques for encapsulating our reverse connections in HTTPS). We like reverse HTTPS connections for two reasons:

• First, Intrusion Detection Technologies cannot monitor encrypted network traffic. Using an encrypted reverse connection ensures that we are protected from the prying eyes of Intrusion Detection Systems and less likely to trip alarms.
• Second, most companies allow outbound HTTPS (port 443) because its required to view many websites. The reverse HTTPS payload that we used mimics normal web browsing behavior and so is much less likely to set off any Intrusion Detection events.

Before we sent the PDF to the our customer we checked it against the same Antivirus Technology that they were using to ensure that it was not detected as malware or a virus. To evade the scanners we had to “pack” our pseudo-malware in such a way that it would not be detected by the scanners. Once that was done and tested, we were ready to launch our attack.

When we sent the PDF to our customer, it didn’t take long for the victim in AP/AR to open it, after all it appeared to be a trusted invoice. Once it was opened, the victim’s computer was compromised. That resulted in it establishing a reverse connection to our lab which we then tunneled into to take control of the victims computer (all via HTTPS).

Once we had control, our first order of operation was to maintain access. To do this we installed our own backdoor technology onto the victims computer. Our technology also used outbound HTTPS connections, but for authenticated command retrieval. So if our control connection to the victims computer was lost, we could just tell our backdoor to re-establish the connection.

The next order of operation was to deploy our suite of tools on the compromised system and to begin scoping out the internal network. We used selective ARP poisoning as a first method for performing internal reconnaissance. That proved to be very useful as we were able to quickly identify VNC connections and capture VNC authentication packets. As it turns out, the VNC connections that we captured were being made to the Active Directory (“AD”) server.

We were able to crack the VNC password by using a VNC Cracking Tool. Once that happened we were able to access, the AD server and extract the servers SAM file. We then successfully cracked all of the passwords in that file, including the historical user passwords. Once the passwords were cracked, we found that the same credentials were used across multiple systems. As such, we were not only able to access desktops and servers, but also able to access Cisco devices, etc.

In summary, we were able to penetrate into our customers IT Infrastructure and effectively take control of the entire infrastructure without being detected. We accomplished that by avoiding conventional methods for penetration and by using our own unorthodox yet obviously effective penetration methodologies.

This particular engagement was interesting as our customers goal was not to identify all points of risk, but instead was to identify how deeply we could penetrate. Since the engagement, we’ve worked with that customer to help them create barriers for isolation in the event of penetration. Since those barriers have been implemented, we haven’t been able to penetrate as deeply.

As usual, if you have any questions or comments, please leave them on our blog. If there’s anything you’d like us to write about, please email me the suggestion. If I’ve made a grammatical mistake in here… I’m a hacker not an English major.

via snosoft.blogspot.com

This, http://snosoft.blogspot.com/2010/04/hacking-your-bank.html, is a very detailed account of how a bank was hacked. This methodolgy could be used on almost any large organization.

Posted via web from Arizona and Beyond

Sphere: Related Content

HOW TO: Disable Facebook's "Instant Personalization" [PRIVACY]

Last week, Facebook added a suite of new features that let websites like Pandora and Docs.com access some of your personal information and use it to instantly personalize your experience. Pandora, for example, will recommend streaming music stations built around artists you’ve Liked on Facebook in the past.

Most of the time this information is harmless and you shouldn’t worry too much about it being used for nefarious purposes, but if you want to err on the side of caution, you can actually opt out of the program for privacy reasons — the option is called “Instant Personalization” and it’s sitting deep inside of Facebook’s privacy settings pages.

Opting Out at Specific Sites

You can either turn Instant Personalization off entirely at Facebook, or you can opt out at individual websites on a case-by-case basis. The latter is easy; the first time you arrive a website that uses Instant Personalization, a bar will appear at the top of the page letting you know that’s what’s happening and giving you the option to either accept that or to tell it “no thanks.”

Blocking Instant Personalization For All Sites

The feature is on by default when you first arrive at a site, though, and if you’re sure you never want to use it anywhere, you can dig deep from your Facebook home page to make sure no other website can ever access your Facebook information for Instant Personalization purposes. To do that, start by clicking on “Account” in the upper-right corner of the Facebook homepage. Select “Privacy Settings” from the list that drops down below.

You’ll be presented with a list of five privacy settings pages. You can do a lot with these pages — customize who can see your profile info and news feed updates, for example — but the option we’re looking for now is right in the middle: “Applications and Websites.” Give that a click.

There it is at the bottom of this list: “Instant Personalization.” Consider clicking “Learn More” by the top item, too, though, as it explains exactly how your other privacy settings affect what information is shared with other applications and websites. Anyway, click “Edit Setting” by “Instant Personalization” at the bottom.

This last stop in the rabbit hole tells you what Instant Personalization does, and provides a lone check box at the bottom to enable or disable it. It’s on by default. Click the check box to turn it off.

There you go. It’s done! Facebook won’t share your personal information with websites for Instant Personalization again until you re-enable this feature. You can do that by going back and re-checking the box at any time, so if you decide you want the new features after all, this isn’t irreversible.

Preventing Friends From Sharing Your Info

You should be aware that friends can still sometimes share your information from their own profiles with websites even though this is turned off. This is easy to change. Just jump back one level to “Applications and Websites” and click “Edit Settings” by the second option — “What your friends can share about you” — instead of “Instant Personalization.

Here you can check and un-check boxes to specify what information your friends’ connections can share with other applications and websites. If you un-check everything here, none of your information will be shared. It’s nice to be able to choose exactly what you are and aren’t comfortable with, though.

For more social media coverage, follow Mashable Social Media on Twitter (

) or become a fan on Facebook (

)

via mashable.com

Here, http://mashable.com/2010/04/25/disable-facebook-instant-personalization, are specific instructions for adjusting Facebook's new privacy settings for Instant Personalization.

Posted via web from Arizona and Beyond

Sphere: Related Content

Why you should master role playing before you die

via xkcd.com

Posted via web from Arizona and Beyond

Sphere: Related Content

TweetDeck

via tweetdeck.com

This is a very useful, free interface for using Twitter and connecting your tweets with other social media. It's currently available for desktop, iPhone and iPad. I'm looking forward to the forthcoming Android version.

Posted via web from Arizona and Beyond

Sphere: Related Content

James Randi's fiery takedown of psychic fraud

via ted.com

James Randi, legendary skeptic, debunks frauds, the paranormal, and pseudo-scientific claims.

Posted via web from Arizona and Beyond

Sphere: Related Content

Intelligent, Real-Time Holographic Interaction

via youtube.com

We're getting closer to the holodeck with intelligent, real-time interaction with people and objects through light projectors and sensors. As one comment mentions on YouTube, this would be even cooler with 3D. The one concern that I have with the set up is the force with which he seems to need to tap his fingers and move his hand to interact with the set up, which would probably lead to ergonomic problems, but that could probably be overcome with development and configuration.

Posted via web from Arizona and Beyond

Sphere: Related Content

How to recover from McAfee 5958 DAT

Recommended Manual Recovery Procedure using the Extra DAT where DAT 5958 is currently installed

1.      Locate the extra.dat from here and unzip

2.      Boot in safe mode with “Network Option“ enabled

3.      Copy Extra DAT into c:\program files\commonfiles\mcafee\engine

4.      If svchost.exe exists in (c:\windows\system32) and is not a “0“ byte file, skip to step 5

5.      If svchost.exe deleted,  Pull up the VSE console and open “Quarantine manager“

Click on the detection and select “Restore“

1)      If the VSE console does not come up:
C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone
This will pull up the VSE console. Click on the detection and select “Restore“

2)      If steps  4 and 4.1 do not work OR if svchost.exe is “0“ bytes:

a.       When possible Copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present c:\windows\system32\dllcache\svchost.exe

b.      Copy svchost.exe from an unaffected system to c:\windows\system32 directory (same OS) from external media (USB, CD etc.)

If  “paste“ is grayed out, use the following commands:

Start -> run -> cmd            

Run the following command “copy from [source\filename] to [destination\folder]“

Example:  copy x:\svchost.exe c:\windows\system32

6.      Reboot in normal mode

7.      Use the product update to update to 5959

8.      Delete the Extra DAT file in c:\program files\commonfiles\mcafee\engine

 

Alternate Manual Recovery Procedure using DAT 5959 where DAT 5958 is currently installed

1.      Boot in safe mode with “Network Option“ enabled

2.      If svchost.exe not deleted (look in c:\windows\system32\svchost.exe) and is not 0 byte then network connection should be possible - skip to step 5

3.      If svchost.exe deleted or if it is “0“ bytes, then network connection may not be possible

4.      If svchost.exe deleted,  Pull up the VSE console and open “Quarantine manager“

Click on the detection and select restore

1)      If the VSE console does not come up:

C:\program files\mcafee\virusscan enterprise\mcconsol.exe /standalone

This will pull up the VSE console

2).    If steps 4 and 4.1 do not work OR svchost.exe is “0“ bytes:

a.       When possible Copy svchost.exe from the local C:\windows\ServicePackFiles\i386\svchost.exe or if not present c:\windows\system32\dllcache\svchost.exe

b. Copy svchost.exe from an unaffected system to c:\windows\system32 directory (same OS) from external media (USB, CD etc.)

If “paste“ is grayed out, use the following commands:

Start -> run -> cmd

Run the following command “copy from [source\filename] to [destination\folder]“

Example:  copy x:\svchost.exe c:\windows\system32

5.      Download the 5959 SuperDAT from here

6.      Run the SuperDAT program

7.      Reboot in normal mode

 

via vil.nai.com

Almost everyone at work in the office today spent most of the day recovering from the McAfee 5958 DAT problem. Here, http://vil.nai.com/vil/5958_false.htm, are instructions for recovery if you use McAfee at home and your Windows XP computer continues to reboot following the McAfee update being installed earlier today.

Posted via web from Arizona and Beyond

Sphere: Related Content

Sign up for Docs

Microsoft is rolling out Docs, a document service like Google Docs, for creating and sharing Microsoft Office, Word, Excel and PowerPoint documents. Sign up on the waiting list at http://docs.com/ to get an invitation to try Docs.

Posted via web from Arizona and Beyond

Sphere: Related Content

Read Local Twitters

See what is being twittered in your area on Bing Twitter at http://www.bing.com/twitter/maps. Go to preferences and set your location, then select Twitter Maps from MAP APPS to see local twitters displayed on the map.

Posted via web from Arizona and Beyond

Sphere: Related Content

Huge Kid's Sales Event

Looks like there will be plenty of kids for sale with 100 families participating.  I know we have a bad reputation for overweight children, but I don't think they should go at a discount. ;) 

Posted via web from Arizona and Beyond

Sphere: Related Content

Cody

Cody got a trim yesterday. I'm heading out to get one myself now.

Posted via email from Arizona and Beyond

Sphere: Related Content

How to pronounce Eyjafjallajökull

via languagelog.ldc.upenn.edu

AY-uh-fyat-luh-YOE-kuutl (-uh)

Posted via web from Arizona and Beyond

Sphere: Related Content

Send Any FarmVille Nursery Barn Materials

Give FarmVille Nursery Barn Bottle	Give FarmVille Nursery Barn Blanket	Give FarmVille Nursery Barn Brick
Give FarmVille Nursery Barn Nail		Give FarmVille Nursery Barn Wooden Board

via farmvillefreak.com

Click on any image to send that Nursery item as a gift.

Posted via web from Arizona and Beyond

Sphere: Related Content

Better Facebook

via betterfacebook.net

Install Better Facebook to have more control over your Facebook experience in Firefox and Google Chrome. I use it to automatically expand "similar posts," but there's a lot more that you can customize.

Posted via web from Arizona and Beyond

Sphere: Related Content

Spring Fools | The Big Money

Spring is the season of spring, of optimism and new beginnings, a good time for dreamy reveries and wishful thinking. Which means that it's a good time to talk about housing.

In late March, the Treasury Department unveiled its new foreclosure relief plan. Like the previous lackluster plan rolled out a year ago, the new program is built to fail. The premise behind it is that lenders will cut the principal of at-risk mortgages and give debtors new, federally guaranteed loans for something close to their homes' real values.

For the parts of the country hit hardest by the housing crash and the foreclosure boom, this is a pipe dream. In places like Miami (where prices are down 45 percent from their high), San Diego (close to 40 percent), or Phoenix and Las Vegas (more than 50 percent off their housing bubble peaks), lenders would have to cut loans by half to get them down to the real market values the government hopes for. There's no indication at all that lenders, who've resisted cutting mortgage principal in any way, will make these kinds of reductions, and the new government plan won’t force them to.

The new foreclosure plan does invite a question that lurks in the background of any housing discussion: Have we reached the end of the housing bust? In short, the answer is no. One of the reasons the foreclosure plan won't work is because despite recent rosy talk about housing, the housing bust is worse than ever, and even now neither banks nor policy makers are willing to confront just how bad it is.

Which is odd, because if you have been following the news from the realty and mortgage trade, you might think that it's time to pop the Champagne corks and celebrate the end of the housing crisis. The National Association of Realtors points in its latest report to “stabilizing prices,” “steadying home prices,” and “consistent price gains” in the market—a veritable potpourri of calming language. “We are likely seeing the beginning of the end of the unprecedented wave of delinquencies and foreclosures,” declares the chief economist of the Mortgage Bankers Association.” Prices are up, foreclosures are down (we'll get to that in a second): There's always a reason to be happy in mortgage land.

The dirty secret of the housing recovery, though, is that in the worst hit markets—Florida, California, Nevada, Arizona, and other places where the foreclosure boom is concentrated—there's one important number that hasn't gotten better. That's the percent of people who can't pay their mortgages. Believe it or not, that number is rising faster than ever.

Consider, for instance, California. In the first quarter of 2009, according to the Mortgage Bankers Association, banks started foreclosures on 2.15 percent of all mortgages (that is, roughly one in 50). In the last quarter—the latest period for which data are available—that was down to 1.34 percent, a sizable drop (you can see the Mortgage Bankers Association's latest report on this here).

But if you conclude from this that more folks have gotten their arms around their mortgages, think again. The number of new foreclosures may have dropped, but the number of people seriously behind on their mortgages has risen—from 4.75 percent of mortgage holders all the way up to 6.93 percent, an increase of close to 45 percent.

What's happening here? It seems to be something like this: Thanks to some combination of government pressure, genuine efforts at loan modifications, and reluctance to seize houses and try to sell them in a dismal market, banks are simply letting more debtors fall behind without foreclosing. Think of this as the foreclosure relief paradox: A small drop in foreclosures keeps some people in their homes and helps prop up the housing market, hiding the fact that borrowers are in worse shape than ever.

Look at most of the country's most dismal real estate markets, and you'll see the pattern repeated. In Arizona, the proportion of mortgages that are 90 days or more past due is up 60 percent in nine months, even as foreclosures have fallen. Same story in Nevada or Florida—really, everywhere in the foreclosure belt.

In addition, where lenders have initiated foreclosure proceedings, they have in some parts of the country been noticeably slower to actually repossess properties. In California, for instance, according to RealtyTrac, a company that monitors the foreclosed properties market, banks foreclosed on and took back 12,546 properties in February, down from 18,872 the previous February (though on this the evidence is more mixed; banks also took back fewer homes in Nevada, but more in Arizona and Florida).

The effect of this strange dynamic—rising delinquencies, falling foreclosures—seems to have been to create in the worst hit areas the “stabilization” of home prices that the Realtors' trade group is so thrilled about. A year ago I wrote that any bailout for distressed home buyers was also a rescue for lenders, saving them from being stuck with foreclosed properties they can't sell at anything close to the face value of the mortgage.

Indeed, now we are seeing exactly the appearance of a housing recovery that lenders would have hoped for. Last year, according to the authoritative Case/Shiller Home Price Index, house prices in the Miami and Phoenix fell close to 10 percent, in Las Vegas (the worst-case scenario of the housing crash) 20 percent. Essentially all of that drop came in the first three months of the year. So in the last year it looks like even the worst markets have recovered from their housing freefall.

Or maybe not. If you've had the patience to breathe steadily through your snorkel and follow along on the data-diving expedition of the last few paragraphs, it's now time to look up at the luminescent coral of the great housing market reef and consider just how much you should trust in the housing recovery.

The answer is not very much. The Realtors' association happily reports that housing prices are rising because of tightening “inventory”—the trade term for “fewer houses for sale”—but underneath this is the scary reality that there are ever more folks seriously behind on their loans and waiting for lenders to take their houses and condos. This is something that lenders are reluctant to do because they still have no one to sell them to. The housing market looks stable only because lenders are avoiding flooding it with foreclosed properties.

Which all brings us back to the latest bailout plan. Cutting borrower's mortgages to a level they can afford means bringing their principal down by 40 percent or 50 percent—-which means admitting how far the market has fallen and that it's not about to recover. Lenders won't do that. They hope that they can somehow wait out the slump and wait for prices to pop back up.

In the housing price run-up, lenders bet that prices would climb up forever. Now they hope, with similarly optimistic illogic, that prices can stabilize even as the buildup of busted mortgages continues. The first time, the lenders fooled us, and shame on them. This time? Remember the old adage: Fool me once, shame on you; fool me twice, shame on me. The mortgage bankers and realtors might say recovery is right around the corner, but shame on you if you believe that this time.

via thebigmoney.com

This is a great summary of why the housing market isn't really recovering in Arizona and other troubled markets. The bank got a bailout, but nothing's really been done to fix the underlying problem.

Posted via web from Janine's Posterous

Sphere: Related Content

Arizona Central Valley Traffic Weekend Closures and Restrictions

via azdot.gov

If you live in Central Arizona, or you're just visiting, you may want to take a look and the Arizona Department of Transportation Valley Closures and Restrictions web site, http://www.azdot.gov/ccpartnerships/news/closures/index.asp, and/or subscribe to their email updates to make sure you can get where you want to go without unnecessary delays.

Posted via web from Janine's Posterous

Sphere: Related Content

CauseWorld

via causeworld.com

Donate money to charity by checking in at local retailers on your iPhone or Android with CauseWorld, http://www.causeworld.com.

Posted via web from Janine's Posterous

Sphere: Related Content

Tell Gov. Jan Brewer: Stand up for civil rights and veto SB 1070

Our friends at the United Farm Workers alerted us to a chilling new Arizona law that has been passed by the legislature and will soon land on the desk of Gov. Jan Brewer for her signature.

If signed into law, the bill would create a unique and frightening police state within Arizona's borders. A state where anyone who forgets to carry identification or papers proving immigration status could be picked up by police. A state where someone who appears to be a Latino or speaks English with an accent will be at constant risk of being stopped and interrogated by police.

As Alessandra Soler Meetze, president of the American Civil Liberties Union of Arizona, says, "A lot of U.S. citizens are going to be swept up in the application of this law for something as simple as having an accent and leaving their wallet at home."

And its not just the Arizona ACLU and civil rights groups that are raising the alarm. The Arizona Association of Chiefs of Police opposes the bill because it will deter immigrants who are witnesses to crimes from coming forward and helping police.

Not only does the bill make it a misdemeanor not to carry proper immigration paperwork in Arizona. It would also require police officers to demand verification of immigration status whenever they have "reasonable suspicion" that someone is undocumented. Under current state law, officers can inquire about immigration status if an individual is a suspect in another crime, but the wholesale racial profiling required by SB 1070 is not condoned.

Gov. Jan Brewer has not taken a public stand on SB 1070. She needs to hear from us that we expect her to stand up for civil rights and veto SB 1070. Send her a fax today!

via act.credoaction.com

Go to http://act.credoaction.com/campaign/az_immigration and send a fax to the governor to veto SB1070. The Arizona legislature information on SB1070 is available at http://www.azleg.gov/legtext/49leg/2r/summary/s.1070pshs.doc.htm . As a legal alien for many years, I didn't carry my green card any more regularly than most Americans carry their passport or birth certificate because I didn't want to take the chance of losing important documents. Making it trespassing if you don't is ridiculous.

Posted via web from Janine's Posterous

Sphere: Related Content

Come Back Home: Eco Coke Bottle design

via designfabulous.blogspot.com

I hope that Coca Cola and Pepsi take a serious look at this design suggestion created by Andrew Kim.

Posted via web from Janine's Posterous

Sphere: Related Content

Rational Computer Security Advice

In his recent article, Cormac Herley of Microsoft Research suggests that many of the things that users are asked to do in the name of computer security are not a rational use of their time, which is why many users do not follow most computer security guidelines.  Although the advice is sound, following it takes too much time for the likelihood of avoiding being harmed.  Most security compromises are from users installing malware and falling prey to social engineering.  Herley doesn't say what we should be doing to protect ourselves.  He encourages computer security professionals to simplify what users are asked to do through more research into which security measures are most likely to help us avoid actual, rather than maximum potential, harm, and to target that advice at those most likely to be harmed.

Posted via web from Janine's Posterous

Sphere: Related Content

Cormorant

We went to Sunset Shores Park to do some photography today.  We spent about an hour at the park and I walked about a half mile around the pond stalking various wildlife.  Today, there were Canadian Geese, Cormorants and a white duck, among others.  I once again learned the lesson that I need to check the settings on my camera before I start shooting because I realized most of the way through that I was on Manual instead of Aperture.  Luckily, the manual settings were close enough that I'll be able to touch up from the RAW files.  I'll be posting them to Flickr as I edit.

Posted via web from Janine's Posterous

Sphere: Related Content

Flying Egret

Posted via web from Janine's Posterous

Sphere: Related Content

Early Morning Birds

  
Download now or listen on posterous

2010-04-11-05-34-14conv.mp3 (497 KB)

Sent using HiFiCorder on Android
http://hificorder.com

Posted via email from Janine's Posterous

Sphere: Related Content

Tell The Senate To Stop Wall Street Gambling

via change.org

Encourage responsible banking and credit regulations.

Posted via web from Janine's Posterous

Sphere: Related Content

Arizona Appliance Rebates

Welcome to the future site for the Arizona Appliance Rebate Program.

Nearly $6.2 million in appliance rebates will be offered to Arizonans starting Monday, April 12, 2010 at 6:00 a.m. Arizona Time. This program is funded by the American Recovery and Reinvestment Act (ARRA) of 2009 to help consumers make the switch to ENERGY STAR appliances.

Please check back soon for more details about the program.

Guide for Arizona Consumers

Information for Retailers

Information for Contractors

via arizonarebates.com

Buy an energy efficient appliance for an Arizona home and get up to $200 for a clothes washer, $150 for a dishwasher, and $300 for a water heater, when you register for a rebate starting at 6 AM April 12. Full details are available in the Guide for Arizona Consumers at http://arizonarebates.com/pdf/AZ_GuideforConsumers_FINAL.pdf .

Posted via web from Janine's Posterous

Sphere: Related Content

Head Tracking for Desktop VR Displays using the WiiRemote

via youtube.com

3D display using a monitor, Wii Remote and sensor bar. Very cool!

Posted via web from Janine's Posterous

Sphere: Related Content

Disk Space Fan - Manage disk space with art

via diskspacefan.com

Analyze how your Windows disk space is being used and delete unneeded files for free.

Posted via web from Janine's Posterous

Sphere: Related Content

GeneTests

Check out this website I found at ncbi.nlm.nih.gov

GeneTests is a nationally funded, publicly available directory of information on genetic tests and diseases.

Posted via web from Janine's Posterous

Sphere: Related Content

Pot Stickers Recipe

Pot Stickers

Epicurious  | February 2010

by Eileen Yin-Fei Lo

Mastering the Art of Chinese Cooking

via epicurious.com

I love pot stickers. This recipe was recommended by a blogger at work.

http://www.epicurious.com/recipes/food/views/Pot-Stickers-357550

Posted via web from Janine's Posterous

Sphere: Related Content

Home made chips and salsa at Parilla Suiza

Posted via email from Janine's Posterous

Sphere: Related Content

The Craziest Prohibition Signs: Who Would Try These Things? (PHOTOS)

via huffingtonpost.com

Things you should probably know without a sign. LOL!

Posted via web from Janine's Posterous

Sphere: Related Content

Every time you make a Powerpoint ...

via markandrewgoetz.com

Too funny!

Posted via web from Janine's Posterous

Sphere: Related Content