John's Tech Blog

Why Vista Won't Suck: "creativity writes 'ExtremeTech is running an article on the new features of Windows Vista and why it is a must upgrade for all Windows users. They take apart the marketing hype and tell you what exactly to expect in Windows Vista. They specifically pick out less-hyped features like a kernel which has new Heap Management and details on SuperFetch, which is Vista's application cache.'"

An Assignment From Professor Packetslinger of the School of Loose Screws, (Tue, Feb 28th)

OS X is clearly on the radar of exploit-developers., (Fri, Feb 24th): "...(more)..."

Computer Security Awareness Video Contest: "The EDUCAUSE/Internet2 Computer and Network Security Task Force and the National Cyber Security Alliance held a contest for computer security awareness videos.



There are a ton of videos on their site, which you can check out here.

Alex Eckelberry "

Two new developments on the mobile front: "A quick note on two separate developing issues:

1: Redbrowser.A: First J2ME mobile phone trojan. Apparently works on most phones with J2ME support (ie. hundreds of different phones). Sends SMS messages to Russian premium rate numbers to steal money from the user. First reported by Kaspersky Lab.

2: mobileav.org is reporting a new C# virus, which would be succesful in spreading from the PocketPC mobile platform to a normal Win32 desktop computer. We haven't seen a sample of this one yet.

On 28/02/06 At 05:15 AM"

SEC Shuts Down $50M Internet Ponzi Scheme: "Joel Rothstein writes for Reuters: U.S. regulators last week charged the owner of 12dailypro.com and her two companies with fraud for running a $50 million Ponzi scheme, according to a statement released on Monday. The U.S. Securities and Exchange Commission alleged that Charis Johnson, 33, raised more than $50 million from more than 300,000 investors by convincing visitors to the Web site that" [...]

SMS Bit Bucket: 'Null' Account Hit with Wayward Text Messages: "Paul F. Roberts writes on eWeek: Have you ever hit 'Send' on a text message on your mobile phone before addressing it? Ever wondered where all those lost SMS text messages go? If so, you might want to speak with Stan Bubrouski, whose cell phone has been channeling wayward text messages from across the country for years. Bubrouski, a computer science major at Northeastern University in Boston," [...]

Quantum Computer Works Better Shut Off: "waimate writes 'A New Scientist article relates how its possible to get answers from a quantum computer even when your program isn't running.' From the article: 'With the right set-up, the theory suggested, the computer would sometimes get an answer out of the computer even though the program did not run. And now researchers from the University of Illinois at Urbana-Champaign have improved on the original design and built a non-running quantum computer that really works.'"

New NASA Antenna Design by The Borg Collective: "
[Picture in original post]
Image source: Boing Boing
Via Boing Boing .

Like a friendly, non-biological form of the Borg Collective of science fiction fame, 80 personal computers, using artificial intelligence (AI), have combined their silicon brains to quickly design a tiny, advanced space antenna.

If all goes well, three of these computer-designed space antennas will begin their trip into space in March 2006, when an L-1011 aircraft will take off from Vandenberg Air Force Base in California. The airplane will drop a Pegasus XL rocket into the sky high above the Pacific Ocean. The rocket will ignite and carry three small Space Technology (ST5) satellites into orbit.

Each satellite will be equipped with a strange-looking, computer-designed space antenna. Although they resemble bent paperclips, the antennas are highly efficient, according to scientists." [...]

Mac Widget time: "Posted by Jonathan Berger, Mac Applications team

[amusing Mac trivia elided]

If you correctly answered these questions, chances are good you want to know about three Mac Dashboard Widgets that Google has created for OS X Tiger. The Blogger Widget enables quick and easy posting to your blog. Checking your Gmail inbox becomes a matter of pressing F12 with the Gmail Widget. And the Search History Widget allows you find that website you saw last week while searching Google. We'd also like to acknowledge the many great Google widgets people have already created, available on the Apple downloads page.

These widgets, which sprang from the brains of some engineers in their 20% time, are a small step towards bringing our sof" [...]

Oh that has to hurt: "Big disk full of personal information on McAfee employees lost.

Deloitte & Touche confirmed the incident. 'A Deloitte & Touche employee left an unlabelled backup CD in an airline seat pocket,' a representative for the professional services firm said. 'We are not aware of any unauthorized access to this data in the two months since the CD was lost.'

Link here.

Alex Eckelberry "

Sorting Out Microsoft's Anti-Malware Services: "Microsoft's current offerings for anti-spyware, anti-virus and anti-hacker services is such an overlapping jumble, it has some of its own developers confused. What distinguishes Windows Defender, Windows Live Safety Center, Malicious Software Removal Tool, Windows OneCare Live, and Microsoft Client Protection from each other? Which tools work together? Which don't? Email Battles sorts it all out... hopefully."

Serious flaw on OS X in Apple Safari, (Mon, Feb 20th): "We received notice from Juergen Schmidt, editor-in-chief at heise.de, that ...(more)..." [...]

Tracking down spammers: "Spamhuntress has a good wiki on tools to use in tracking down spammers.

These are tools of different types that I've found useful while tracing

Tracing


trimMail (http://www.trimmail.com/tools) Online tracing tools
DNSstuff (http://www.dnsstuff.com/) Online tracing tools
Web-Max Reverse Whois (http://www.web-max.ca/tools/domain.php)
Passive DNS Replication (http://cert.uni-stuttgart.de/stats/dns-replication.php)
Dig (http://hn.org/www/tools/dig.cgi)
Webcomindia tools collection (http://www.webcomindia.net/tools.htm)

Link here.

Alex Eckelberry"

IGF: Success, Great Success, or Useful Sideshow?: "Kieren McCarthy writes on his blog: When asked a month prior to the meeting in Geneva this week how it was likely to go, one diplomat closely involved in the talks was unequivocal: 'It will be a success.' Really? 'Of course,' he said. 'Every UN meeting is always either a success or a great success.' The United Nations truly does inhabit its own world. And it comes with its own language. If" [...]

Botmaster: Invasion of the Computer Snatchers: "Brian Krebs writes in The Washington Post:

In the six hours between crashing into bed and rolling out of it, the 21-year-old hacker has broken into nearly 2,000 personal computers around the globe. He slept while software he wrote scoured the Internet for vulnerable computers and infected them with viruses that turned them into slaves.

Now, with the smoke of his day's first Marlboro curling across the living room of his parents' brick rambler, the hacker known online as '0x80' (pronounced X-eighty) plops his wiry frame into a tan, weathered couch, sets his new laptop on the coffee table and punches in a series of commands. At his behest, the commandeered PCs will begin downloading and installing software that will bombard their users with advertisements for pornographic Web sites. After the installation, 0x80 orders the machines to search the Internet for other potential victims.

The young hacker, who has agreed to be interviewed only if he isn't identified by name or home town, takes a deep drag of his smoke and leans back against the couch to exhale. He smiles. This is his day job, and his work is finished in less than two minutes. In two weeks, he will receive a $300 check from one of the online marketing companies that pays him for his services.

More here." [...]

A Interview with 180Solutions' CEO: "Brian Krebs writes on Security Fix:

As I wander the halls of the 180solutions mother ship in Bellevue, Wash., I notice that each of the company's departments is fitted with large, wall-mounted plasma screen televisions that display graphs charting 180's daily and weekly sales and revenue numbers. The display nearest the marketing department showed that 180 pulled in more than $1 million in the past week alone serving ads to people who have its adware installed on their computers. Today's estimated revenue is slightly more than $100,000; the graph showing how much the company has actually earned so far today reads $2,966, but then again it is just after 10 a.m.

Shortly after arriving at 180, I sit down with the company's co-founder and chief executive, Keith Smith. I ask Smith about the criticism that his company's software too often ends up on PCs without the owner's knowledge or permission, and how he thinks the company's 'users' view the quality of their software.

Much more here." [...]

Iron Mountain Had No Disaster Plan?: "Chris Mellor writes on TechWorld: Canadian company Simmons Mattress has switched disaster recover supplier from Iron Mountain to EVault. The reason given is that when Simmons was hit with a region-wide power blackout in August, 2003, its disaster recovery (DR) supplier, Iron Mountain, was hit by the same blackout. DR companies store backup tapes in secure repositories. When clients are struck"

Linux Boots on Intel iMacs: "Image source: Engadget Marc Perton writes over on Engadget: If you want to run Windows on your Intel-based iMac, you may have a long wait. However, if your goal is to just run an OS other than Mac OS X, you're in luck. The enterprising team at the Mactel-Linux project have claimed at least partial victory: they were able to get Gentoo Linux to boot on an Intel iMac. Obviously, they've still" [...]

Brazil police arrest big phishing gang: "Group had 65 members" [...]

Microsoft Windows Media Player BMP Handling Buffer Overflow Exploit Hits the Web: "If you haven't patched yet, boys and girls, you probably should.

Exploit announcement via FrSIRT.

Advisory here.

Advisory ID : FrSIRT/ADV-2006-0574
CVE ID : CVE-2006-0006
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-14


Technical Description

A vulnerability has been identified in Microsoft Windows Media Player, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a buffer overflow error in the bitmap (.bmp) image parsing function that fails to properly handle malformed files, which could be exploited by attackers to take complete control of the affected system by convincing a user to visit a specially crafted web site or open a malicious Word document containing a malformed Windows Media Player (.wmp) image.

Exploits

http://www.frsirt.com/exploits/20060215.wmp-ms06-005.cpp.php " [...]

Brazilian Police Arrest 55 Suspected Phishers: "Via Sophos. ... Police in Brazil have arrested 55 people suspected of being part of a gang which phished millions from online bank accounts. Approximately 10 million reals ($4.6 million) is estimated to have been stolen from innocent internet users. The police swoop, which involved 330 members of the federal police force, took place mostly in Campina Grande, in the state of Paraíba, some 1,100" [...]

Yahoo! Open Source Pattern Library: "Hot off the heels of discussions by us, UIE and Digital Web Magazine comes Yahoo!’s release of their UI Code Library as well as a design pattern library which they’ve promised will grow over time (it’s only got 13 patterns for the moment)."

Microsoft Security Bulletin Summary for February, 2006: " Patches now available .

Note: One problem has been detected in downloading and installing KB913446 -- it failed on three (3) XP SP2 machines that I tried it on (failed on download). Waiting to hear something about it elsewhere but nothing further to report at this time (12:40 CST -06:00 UTC)."
[List of patches follows]

The new features in the new Windows Vista might look oddly familar.

http://video.google.com/videoplay?docid=-3469743121209807715

Combating Spam in 2006: "Spam, the namesake of the Monty Python's Flying Circus skit, in which canned Spam appears in every dish served in a restaurant, is ever present in our 2006 email inboxes, despite anti-spam filters, despite legislation and despite the claims that spam would be by now a thing of the past. Non-malicious spam, while not as dangerous as its malicious cousin with its phishing and viruses, is still annoying and showing no signs of wanting to leave the party. Radicati Group, a high tech research company says spam accounts for 74 percent of all consumer email traffic and expects the number to rise to 85 percent by 2009.

Combating non-malicious spam is proving to be no easy task, if not an impossible one when considering the attempts to address the interests of legitimate volume senders, while protecting consumers, and exposing fraudulent spammers all at the same time. But Joshua Baer, CEO of SKYLIST and co-chair of the ESPC technology committee, believes that the chasm between legitimate senders and their illegitimate counterparts is getting bigger and wider. ”There used to be more gray area, when things weren’t as open or as clear. Efforts like authentication and other evolving reputation services hold senders more accountable. The legitimate senders are working hard to do the right things, while the people doing bad things have to hide m" [...]

The Ultimate Dual-Hand Touchscreen: "LithiumX writes 'This morning I saw a video demonstration of the most interesting input technology I've seen for a long time. This is a touch-screen that accepts inputs from multiple (I saw at least 8) points at once. It seems very responsive, the display is large and of decent resolution, and they actually wrote software to take advantage of it. It appears to be entirely research at the moment. I'd offer up organs for one of these things.'"

Apple Antitrust Case Gets Green Light: "SuperAlgae writes 'The recent antitrust suit against Apple regarding iTunes and iPod has been approved to go forward. This is only the beginning of the process, but it does bring up some interesting questions about what defines a monopoly.' From the article: 'Slattery claimed that Apple's system freezes out competitors, and while one antitrust expert called it a long shot, another antitrust law professor said that the key to such a lawsuit would be convincing a court that a single product brand like iTunes is a market in itself separate from the rest of the online music market.'"

Microsoft Anti-Spyware Removes Norton Anti-Virus: "An anonymous reader writes 'According to a story over at Washingtonpost.com, the latest definitions file for Microsoft's Anti-Spyware beta flags Symantec's Norton Antivirus products as a password-stealing trojan and prompts users to delete portions of the program. Users who follow the instructions hose their installation of Norton, requiring delicate Windows registry edits and a complete removal/reinstall of Norton. Microsoft's support forum is quickly filling up with complaints about this problem, many from businesses that have been pretty hard hit. This should be a cautionary tale about deploying beta products in production environments.'"

U.S. Charges California Man in 'Botnet' Case: "A Reuters newswire article, via Yahoo! News, reports that: A California man was indicted on Friday on federal charges of creating a robot-like network of hijacked computers that helped him and two others bring in $100,000 for installing unwanted ad software. The indictment from a federal grand jury in Seattle also accuses Christopher Maxwell, 20, and two unidentified conspirators of crippling" [...]

Man Sought in Burglaries During Which He Ate, Checked e-Mail: "An AP newswire article, via the La Crosse (Wisconsin) Tribune: Authorities were seeking Thursday a burglar who allegedly took the time to make coffee, cook and eat meals, take showers, pick out a change of clothes, watch television and check his e-mail while inside three rural Washington County homes this month. 'He took clothes and meals,' Sheriff Brian Rahn said. 'Whatever he was finding in" [...]

Web Sites Hawking Phone Records Shut Down: "An AP newswire article by Jennifer C. Kerr, via SFGate.com, reports that: Following a wave of negative publicity and pressure from the government, several Web sites that peddled people's private phone records are calling it quits. 'We are no longer accepting new orders' was the announcement posted Wednesday on two such sites, locatecell.com and celltolls.com. 'Thank you for your patronage. It" [...]

Fortune: Is Slashdot the Future of Media?: "A Fortune Magazine article by David Kirkpatrick, via CNN/Money, reports that:

If you want to see the future of media, go to Slashdot.org.

Two things distinguish it -- it's the most popular news and information site with the tech cognoscenti, particularly programmers and engineers. And all of its content is created by its users. They submit about 700 stories per day, which staff editors vet and reduce down to the 30-35 that get published. Of the site's 5.5 million unique visitors per month, about 25 percent post comments about those stories.

More here." [...]

February 2006 Advance Notification: "

Hey folks, Mike Reavey here, I wanted to take a quick second to make sure everyone saw the Advance Notification for the Security Bulletin release for February. This coming Tuesday, we’re planning to release seven security bulletins, and they are being released for Windows, one for Windows and Office and one for Office. The maximum total severity rating for this month is Critical, so please update systems as soon as possible when they are available on Tuesday. The updates can be deployed and detected with MBSA, Microsoft Update, and WSUS and the Enterprise Scanning Tool. Also, we’re going to release an updated version of the Malicious Software Removal Tool.

-Mike Reavey"

GnuCash 1.9.0 Released: "Grendel Drago writes 'The GnuCash team have released GnuCash 1.9.0. After literally years of waiting, GnuCash is now a GTK2 application. The current version is unstable, and testers are needed.'"

Microsoft to Unveil Paid Security Service: "An AP newswire article by Allison Linn, via Yahoo! News, reports that: A new security service from Microsoft Corp. will charge users $49.95 per year to better protect its Windows operating system from spyware, viruses and other Internet attacks. Microsoft plans to release the product in early June. Called Windows OneCare Live, the subscription service will compete with security products made" [...]

On Botnets: "Robotic software programs, called 'bots or agents, automate actions that are typically performed by real people. 'Bots can be used for good purposes or good - there are 'bot programs that play games over the Internet, for example, and 'bots that collect information for search engines, like the GoogleBot. Programmers have used 'bots on eBay to automatically search the site for bargains. 'Bots are common on the Internet Relay Chat (IRC) network, where they can moderate a channel by 'listening' for profanity or other undesirable conversation and removing violators from the discussion. So-called ChatBots can carry on conversations over Instant Messaging programs.

Unfortunately, 'bots have gotten a bad reputation because attackers can use them for malicious purposes, such as coordinating a distributed denial of service (DDoS) attack to overwhelm and crash a company's network. The first 'bot attacks were against IRC servers but the practice soon spread way beyond IRC. Other uses of 'bots include:


'Bots have been used to commit 'click fraud,' where the 'bot pretends to be a Web user clicking on an ad, to generate a high number of pay-per-click fees paid by the advertiser to the site owner.
'Bots can collect information such as the passwords, credit card numbers and other confidential information that users type into Web forms for the purpose of identity theft.
Another" [...]

Google Adds Chat To Gmail: "Nathan Weinberg writes 'Google has added a chat feature to Gmail. It brings Google Talk, minus voice calls, into your webmail client. Gmail now also logs your IMs, whether they originate in Gmail or Google Talk. In the commentary at InsideGoogle, I note that Google recommends you disable Firefox's AdBlock, which can block Google's ads, if you want Gmail Chat to function properly.'"

Russian Trojans Used to Steal €1M in France: "Kim Willsher writes in The Guardian: Russian thieves have stolen more than €1m (£680,000) from personal bank accounts in France using 'sleeper bugs' to infect computers. French authorities claim the thieves can take control of and empty a bank account in seconds. In one hit, a bank customer lost €40,000. Police say the virus is embedded in emails or websites and remains dormant until the user"

NIST Issues Guidelines for Data Removal: "Joab Jackson writes on GCN.com: Wonder no longer about how to remove sensitive data from the hard drives and optical disks you are about to toss. The National Institute of Standards and Technology has issued a set of draft guidelines on how to safely remove information from obsolete forms of storage. Matthew Scholl, Richard Kissel, Steven Skolochenko and Xing Li of the NIST Information"

'Synthetic ID Fraud' -- How Widespread Is It?: "In a rather fascinating story, Bob Sullivan writes on The Red Tape Chronicles:

SSN-only ID theft -- also called synthetic ID fraud -- is often undetectable because of the way credit bureaus store data and release it to consumers. Free credit reports ordered by consumers don’t reveal all credit history entries connected to a Social Security number. Only entries that precisely match a consumer's name, Social Security number and other personal information appear on such reports. Accounts opened using the consumer's number but a different name are often omitted, according to the bureaus. That means SSN-only theft, like Harrison’s, can be almost impossible to detect.

It’s also impossible to say how common such theft is; the only agencies that would know –- the credit bureaus and the Social Security Administration -- aren’t talking. But an investigation by MSNBC.com last year revealed that millions of workers pay taxes using the wrong Social Security number every year, hinting that the problem may be much wider than generally believed.

Read the entire story here." [...]

Black Hat Fingers Email As Easy Target: "A network penetration expert claims that, even after years of development, the email client is still a favorite attack vector for criminals. Email clients often have everything attackers like: they're installed on highly complex systems operated by people with little knowledge of security. Few attackers are deterred by the current breed of flimsy personal firewalls. Nevertheless, some relatively simple solutions can pay big dividends."

Tech Support to the Stars: "Carl Bialik writes 'The Wall Street Journal is reporting that Prince, Snoop Dogg, Ludacris, Bon Jovi, and U2 all have used technical support when on the road, when their Wi-Fi or Xbox or Sidekick needs servicing. The Journal takes a look at the lives of the essential, if overlooked, members of the entourage, the support tech. Joshua Kapellen, of Best Buy's Geek Squad, has been on the road with U2 since 2004. From the article: 'Last March, lead singer Bono needed his Xbox connected while the band rehearsed in Canada. Mr. Kapellen got a call. He hooked up the contraption and a few minutes later was playing videogames with Bono. 'It was one of the coolest things that has ever happened to me,' says Mr. Kapellen.''"

AOL and Goodmail: Two Steps Back for Email: "Matt Blumberg writes over on CircleID: Remember the old email hoax about Hillary Clinton pushing for email taxation? When we first heard AOL’s plans for Goodmail today, we thought maybe the hoax had re-surfaced and a few industry reporters got hooked by it. But alas, this tax plan seems to be true. AOL has long held the leading standard in email whitelisting. Every email sender who cares about" [...]

Legacy Fix: Marry Free Utilities for NT4 Server Anti-Virus Bliss: "Although Microsoft has moved on, the world is full of Windows NT 4.0 servers, still chugging along. Problem is, many are chugging along due to budget constraints, which often means they are running without any protection from trojans, worms and other malware. Email Battles melded the best freeware anti-virus projects that run on NT 4.0 servers into one coordinated toolkit that, so far, has evaded NT's infamous Blue Screen of Death."

Researcher: WMF Exploit Sold Underground for $4,000: "Ryan Naraine writes on eWeek: Virus hunters combing through the wreckage of the zero-day WMF (Windows Metafile) attacks have found evidence that exploit code was being peddled by Russian hacker groups for $4,000 a pop. The first sign of an exploit was traced back to the middle of December 2005, a full two weeks before anti-virus vendors started noticing mysterious WMF files rigged with malicious" [...]

PHP Apps A Growing Target for Hackers: " Via Netcraft .

Security holes in PHP-based content management and forum apps are an increasingly active front in Internet security, as hackers target unpatched weaknesses. The latest example is Monday's hack of chip maker AMD's customer support forums, in which an older version of Invision Power Board was compromised and used to distribute malware using the Windows Metafile (WMF) exploit.

While Windows flaws like the WMF vulnerability are useful to hackers assembling armies of compromised desktop computers, security holes in PHP applications provide access to more powerful servers hooked directly to high-speed network connections.

Internet criminals have targeted unpatched vulnerabilities in open source CMS apps including phpBB, PostNuke, Mambo, Drupal and others, hoping to build botnets for use in phishing scams and distributed denial of service (DDoS) attacks. Compromised web forums hosted more than 600 phishing spoof sites identified by the Netcraft Toolbar Community in 2005 (as noted in our Year in Phishing roundup).

More here.. "[...]

Historical Landmark: Western Union Abandons Telegrams: "Daniel Terdiman writes on the C|Net 'Missing Links' Blog: The Internet strikes again. First it mostly did away with brick-and-mortar auction houses. Then newspaper classifieds went the way of the Model-T Ford. And now, thanks to the ubiquity of e-mail and instant messaging, Western Union is getting out of the telegram business, reports LiveScience. That's like General Motors getting out of" [...]

Coolness: Home Theater That Looks Like NCC-1701's Bridge: "Via Boing Boing. Captain Kirk would love it. A geeky home-theater enthusiast has built and l