John's Tech Blog

Hey, TYPE-YOUR-CREDIT-CARD-NUMBER-HERE.COM is available for registration!: "Being curious about phishing, we decided to look into the number of domains
that mimic banks. Just how many are out there? Well, lots.

We did a simple search across com/net/org/us/biz/info top-level domains for common bank names.

Keyword Number of domains citibank* 497 bankofamerica* 407lloyds* 994bnpparibas* 41egold* 691hsbc* 1258chase* 6470paypal* 1634ebay* 8057

When someone in, say, Nigeria wants to register a domain name that starts with the name of a well known bank, why should the registrars be so willing to do it for them?

Some examples of existing, active registrations, using citibank as an example:

citibank-america.com
citibank-credicard.com
citibank-credit-card.com
citibank-credit-cards.com
citibank-account-updating.com
citibank-creditcard.com
citibank-loans.com
citibank-login.com
citibank-online-security.com
citibank-secure.com
citibank-site.com
citibank-sucks.com
citibank-update.com
citibank-updateinfo.com
citibank-updating.com
citibankaccount.com
citibankaccountonline.com
citibankaccounts.com
citibankaccountsonline.com
citibankbank.com

Some of these probably are perfectly legitimate. Others probably are not...like citibank-account-updating.com, registered last Friday to Ms. Evelyn Musa in Arlington, VA?

On 30/03/06 At 02:00 PM"

Windows Command-Line Kung Fu with WMIC, (Thu, Mar 30th) id1229: "A few weeks ago, uber-handler Tom 'I-Write-Spyware' Liston and I were working on some tests ...(more)..."

An update on the IE ActiveX change from Mike Nash: "

Hi there. Mike Nash from the STU. Earlier this year, during our response to the WMF zero exploit with an out-of-band band security update, I wrote a blog entry explaining the details of how we got to the decision to release that update early. I received a lot of feedback from customers around the world that the blog entry and the internal insights into our decision-making process in that situation was very helpful and that we should make it a consistent practice for issues that have widespread impact on customers and need more clarity.



Based on the feedback I received from several customers on the upcoming change to the ActiveX capabilities in Internet Explorer in the next cumulative IE security update, I decided that this was a topic worthy of a blog entry.



So what’s going on? Three things really: The first relates to Microsoft’s involvement with the Eolas Technologies and the Regents of the University of California v. Microsoft patent case (Eolas v. Microsoft), which requires that Microsoft change the way that IE handles ActiveX controls.



So when we release the next cumulative IE security update, customers will only be able to interact with Microsoft ActiveX controls loaded in certain web pages after manually activating their user interfaces by clicking " ...

Let's Get Ready to Rumble: Comcast Matches Verizon FiOS Speeds: "Marguerite Reardon writes on C|Net News:

Comcast is increasing the speed of its broadband service in what looks like an attempt to keep pace with Verizon Communications' Fios service.

On Tuesday, the nation's largest cable operator confirmed it has doubled download speeds of its fastest broadband service in four cities: Reston, Va.; Sarasota, Fla.; Fort Wayne, Ind.; and Howard County, Md.

Comcast is automatically upgrading customers of its premiere broadband service to 16mbps (megabits per second) for downloads and 1mbps for uploads at a cost of $52.95 per month. Previously, Comcast had offered customers in these cities speeds of 8mbps downstream and 768kbps (kilobits per second) upstream for $52.95 per month.

The cities selected for the initial upgrade also happen to be those where Verizon Communications is offering its fiber to the home service, called Fios.

More here."

Henrik Gemal: Firefox versus Internet Explorer in a Corporate Network: "Two years ago I blogged about a similar subject. I discussed the advantages of Internet Explorer (IE) over Mozilla and other web browsers in a corporate environment. I concluded that IE is by far the better choice. Recently we deployed about 250 new computers and so I considered this question again. Now, Firefox is the main rival of IE. The decision was not so easy this time, but IE won again in the end. I am using Firefox myself for a quite while and I really like this web browser. However, when it comes to the question of switching to a new web browser in a corporate network, other arguments have to be considered.

Conclusion:
The advantages of the IE are mainly founded in its tight integration with Windows. Firefox has to run on other operating systems, too. Hence, all features should work on all systems not only on Windows boxes. That's why I'm not expecting too many improvements in this field in the near future. Although projects like Firefox ADM show that better integration is doable and that some Open Source programmers recognized this problem. All in all, I'm still a Firefox fan, but wouldn't recommend it for corporate use in larger networks. There are exceptions of course: If all your desktops use Linux or Mac OS. But if you have Window" ...

Meanwhile, I've used this option to make my 'news' label publicly available on my Google Page. The really cool feature that's available is the option to view those stories in Google Reader, like I do...without logging in as me. Most of the stories that get published to this tech blog come from this set of feeds - so if want to catch something before I get to reading it...or see the items that just didn't make the cut...take a gander.

View your reading lists in new ways: "Everything that you see in Reader is available as an Atom feed. While that's normally only of interest to Atom fetishists, it does mean that you can view your reading list in new and interesting ways.

Reading lists as screensavers

Mac OS X Tiger has a nifty screensaver that can display any feed with cool swooshing text. Here's how to view your reading list in it:
Using Safari 2.0, load your reading list feed
Add a bookmark for that feed
in the 'Desktop & Screen Saver' preference pane, select 'RSS Visualizer'
From the 'Options...' sheet, pick your reading list
Enjoy your new screensaver!

Windows users shouldn't despair, there are plenty of options for that platform too.

Reading lists as Live Bookmarks

Firefox has a neat feature where feeds can be viewed as Live Bookmarks. This means that you have your reading list, your starred items, or even any label can be one click away in the toolbar. To use this feature, use Reader to navigate to the label you want to use. Then click on the feed icon in the upper right corner and choose 'Add ''s starred items' Live Bookmark'. You should now have that item in the toolbar, as pictured on the left.

Reading lists for podcasts

Reader has had an inline podcast player for a while. However, one of" ...

Walking the Talk: "Did you know that some airlines still issue paper tickets? Well, they do, and I received some in the mail about two months ago after I planned a trip to Fiji . Now, fast-forward to this morning, one day before departing, when I realized my ticket was nowhere to be found...

Thinking this was no big deal, I dialed the airline and smiled to myself when the operator answered the phone with a cheerful 'Bula!' I politely explained my situation, and was horrified to hear that, because my flight was set to depart less than three days from today, the minimum fee to replace the ticket would be over $1000 USD. Wait, I thought the man said, 'Bula,' not 'Moola'!

I then called the booking agency since I have (or had!) a multi-carrier ticket, and was given more bad news:

Travel Agent: ' Ms. Lane , we're sorry, but you'll have to buy a whole new ticket.'
Me: not worth repeating :o)
Travel Agent: 'Yes, we understand that you have a confirmation number and itinerary, but...'

Try telling someone that works for a tech company that a new ticket is necessary, when the whole transaction took place online! How could this be? And then the tears came. Lots of them. Spending an additional $1K+ is a big price to pay for such a little mistake.

I held the phone line, blotting mascara " ...

Modified Malware for the IE Expoit, (Sun, Mar 26th) id1221: "Its always interesting around the ISC and you'll never know what you'll be handed on a ...(more)..."

Tip #1185 - change to directory of the opened file: "The present working directory can be found in the vim by
:pwd
To change to the directory of the currently opened file.
:cd %:h

Related:
:help filename-modifiers
comp.editors at googlegroups - got this tip with the search for my need."

techdirt: Security Through Begging: "Mike Masnick writes over on techdirt.com:

Last summer, the surprising news came out that Japanese nuclear secrets leaked out, after a contractor was allowed to connect his personal virus-infested computer to the network at a nuclear power plant. The contractor had a file sharing app on his laptop as well, and suddenly nuclear secrets were available to plenty of kids just trying to download the latest hit single.

It's only taken about nine months for the government to come up with its suggestion on how to prevent future leaks of this nature: begging all Japanese citizens not to use file sharing systems -- so that the next time this happens, there won't be anyone on the network to download such documents. Beyond the fact that this is unlikely to have any effect (at all) on file sharing in Japan, it has nothing to do with the actual security breach.

More here."

FTC Slams Spammer in Pocketbook -- Hard: "Via The U.S. Federal Trade Commission. An Internet marketer will pay a $900,000 civil penalty for violating the CAN-SPAM Act, the largest penalty yet for illegal spam, according to the Federal Trade Commission. The company also is permanently prohibited from its unlawful practices, according to a consent decree signed by the company. According to the FTC, since July 2002, San Francisco-based" ...

How Would You Like Your Bagle Done, with Rootkits on the Side?: "Rootkit development has had such a lull in recent months that we were beginning to wonder if the technique had suddenly become passé. The last few days may have changed our opinion. With the discovery of three new cases we are now very curious to see what the future will bring.

One of the new cases, Gurong.A, is based on Mydoom code. See our earlier post for more technical details. The other two cases are variants of Bagle. Both Mydoom and Bagle are what we could call ‘heavy hitters’ in the field.

Gurong.A might be based on leaked source code, and may be only a cut and paste job by a new author. No way to really tell. But the Bagle variants have peaked our interest/concern. Bagle’s authors are currently active and running botnets. They maintain a complex network and it’s a suite of programs that work together.

To illustrate just how complex the Bagle operation is nowadays, have a look at this graph illustrating the relationships between different Bagle modules:



Two years ago Bagle was a simple virus. One EXE file, emailing itself around. It's not like that anymore. The malware suite has been built over time. Now the latest development is that one of the new Bagle variants integrates rootkit functionality. Bagle.GE includes code that uses rootkit features to hide the processes and r" ...

More tech tips: "Sunbelt Tech Tips are a new feature of our blog. We’ll going to start sharing with you technical tips on general Windows XP operation.

Here are some to get you started for the weekend:

Add/Remove Programs displays installed programs incorrectly
If you find that your Add/Remove Programs applet in Control Panel is displaying the list of installed programs incorrectly, or showing no listed programs at all, it might be because an installer for some program removed some of the registry entries that are used by Windows. You may be able to fix the problem by editing the registry. There are step by step instructions in KB article 266668 here.

How to use the Pageheap.exe Tool
Pageheap.exe is a tool that can be used to detect leaks in programs running on Windows XP and 2000 systems and find heap-related corruption, which is a common problem in application development. Find out where to download the tool and how to use it from KB article 286470 here.

Administrator can't unlock a locked computer
If you restart a Windows XP computer and you aren't able to log on with a local or domain account, and you get a message that the computer has been locked and only an administrator can unlock it (but you aren't able to unlock it with an administrative account), it may be because the screensaver is set to use a non-existent .scr program or you're" ...

New Spycar Software Will Test Antispyware: "

Robert McMillan writes on InfoWorld:

Does your antispyware software really work? With security experts warning of 'rogue' antispyware products that sometimes do more harm than good, two security researchers have decided to take matters into their own hands.

They're working on a new software product, called Spycar, that will test the effectiveness of antispyware products. 'We decided the best way to do that would be to write a suite of tiny custom programs that each do a tiny spyware-like thing,' said Tom Liston, a senior security consultant with Intelguardians LLC, based in Washington, DC.

The software is being developed by Liston and Ed Skoudis, also an Intelguardians security consultant.

More here."

Claria: We're through.: "Claria, which had tried to go public a couple of years ago, is claiming that they are exiting the adware business.

Earlier this year, Claria retained Deutsche Bank Securities, Inc. to handle the sale of the company's adware assets, and Claria is in active discussions with a number of interested buyers. A condition of any sale of Claria's consumer software applications, however, will be the requirement that any purchaser agrees to adhere to emerging industry standards outlined by TRUSTe and other industry coalitions.

Link here.

Alex Eckelberry
(Another thanks to Amanda)"

IE7 Separated from Windows Explorer: "An anonymous reader writes 'Security experts warned Microsoft 10 years ago that putting IE as a component of Windows Explorer was a bad idea, looks like Microsoft finally decided to listen to the advice. According to a short write up in Business Week, Microsoft has decided that when IE7 comes out with Vista it will no longer be a component of Windows Explorer and will be able to replace IE6 even on XP machines.'"

Mac Gmail Notifier update: "Posted by Greg Miller, Software Engineer

It's high time for us to release a small update for our Gmail Notifier for Mac (OS X). We've added a few things of our own and got some ideas from users too. Some of the changes are:

- it's a universal binary, so it will run natively on PowerPC and Intel Macs;


- it will notify you when a new version is available and automatically upgrade itself; and...drum roll, please...


- it has new icons (we know it's what you've asked for!). Also, as many of you know, the Gmail Notifier supports plug-ins, and one of our users wrote a cool plug-in called Gmail+Growl that displays visual Growl notifications when new mail arrives. Very cool and worth checking out. So download the Mac Gmail Notifier once again, and we'll take care of the rest."

From Russia with Rootkit: "Yesterday we received an interesting email-worm sample, detected as Gurong.a, that uses rootkit techniques to hide its file, process and launch point in the registry. It is based on the infamous Mydoom code and it is in the wild but currently spreading very slowly.

Gurong.a modifies the operating system kernel, specifically the system service table and process object structures, so it is a kernel-mode rootkit. What makes it different from other kernel-mode rootkits we have seen is the way it installs the rootkit payload into kernel. Often malware uses a special purpose driver or the physical memory device to modify the kernel from user mode.

Gurong.a uses the physical memory device as its initial injection vector to install a call gate to the Global Descriptor Table (GDT) that resides in system address space. Call gates are things we do not see everyday. Below is a definition from Wikipedia:

“Call gate is a mechanism in intel x86 architecture for changing privilege level of CPU when it executes a predefined function call.”

For more detailed information about call gates you should have a look at the IA-32 Intel Architecture Software Developer’s Manual, Volume 3A.

What this means is that through the call gate Gurong.a can execute parts of its code in privilege level 0 (kernel mode) without adding any additional code to the system address space. T" ...

Microsoft Internet Explorer "createTextRange()" Code Execution: " Via Secunia .

Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of the 'createTextRange()' method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview. Other versions may also be affected.

Solution:
Do not visit untrusted web sites.

NOTE: The vendor is currently working on a patch."

IRS Plans to Allow Tax Preparers to Sell Data: "Jeff Gelles writes in The Philadelphia Inquirer: The IRS is quietly moving to loosen the once-inviolable privacy of federal income-tax returns. If it succeeds, accountants and other tax-return preparers will be able to sell information from individual returns - or even entire returns - to marketers and data brokers. The change is raising alarm among consumer and privacy-rights advocates. It was" ...

Meet the Botnet Hunters: "An anonymous reader writes 'The Washington Post is running a pretty decent story about 'Shadowserver,' one of a growing number of volunteer groups dedicated to infiltrating and disabling botnets. The story covers not only how these guys do their work but the pitfalls of bothunting as well. From the article: 'Even after the Shadowserver crew has convinced an ISP to shut down a botmaster's command-and-control channel, most of the bots will remain infected. Like lost sheep without a shepherd, the drones will continually try to reconnect to the hacker's control server, unaware that it no longer exists. In some cases, Albright said, a botmaster who has been cut off from his command-and-control center will simply wait a few days or weeks, then re-register the domain and reclaim stranded bots.''"

Spring is the season for love (and data): "Posted by AC Narendran & Katie Jacobs Stanton, Google Finance team

Alfred, Lord Tennyson wrote, 'In the Spring, a young man's fancy lightly turns to thoughts of love.' In the spring at Google, a geek's fancy turns to thoughts of ... charts and data. So to mark this vernal equinox, we introduce to you Google Finance.

It all started as a small project led by a few engineers in Bangalore and later joined by more engineers and finance enthusiasts in Mountain View and New York . We have different backgrounds, work in different time zones, and, at the start of this project, had never met in person. But we shared the same goal: to improve the search experience for financial information. We hope Google Finance lives up to that aim by offering a fresh perspective on company-related searches. To begin with, you no longer have to remember a ticker or mutual fund symbol. Just search for a company or mutual fund by name and you'll quickly see all the relevant information.

But perhaps Google Finance's most important innovations take place after you've found the company in question. You'll find interactive charts that enable you to zoom through different time periods, headlines mapped right on the charts and are based on Google News, which means you're seeing unbiased and relevant results from more tha" ...

Personal Disaster Recovery, (Mon, Mar 20th) id1204: "As an Internet Storm Center volunteer incident handler it is reasonable to think that each of us h ...(more)..."

Five Years of Storming, (Sun, Mar 19th) id1202: "In March of 2001, the Lion worm set in motion a series of events that resulted in the creation o ...(more)..."

Deb Richardson: Secrets of greatness: "This article, from Fortune magazine, is very interesting and worth reading. The “gallery of leaders and their secrets” is where the real meat is, so make sure you click the linky at the bottom there. "

Beware Your Online Presence: "Mz6 wrote to mention an article in the NY Daily News stating that an increasing number of employers are Googling their prospective employees during the interview/hiring process. From the article: ''A friend of mine posted a picture of me on My Space with my eyes half closed and a caption that suggests I've smoked something illegal,' says Kluttz. While the caption was a joke, Kluttz now wonders whether the past two employers she interviewed with thought it was so funny. Both expressed interest in hiring Kluttz, but at the 11th hour went with someone else.'"

Potential phpBB Hack Coming?, (Sun, Mar 19th) id1201: "Two readers (thanks, Ricardo and Ken) pointed us to a story on digg that appeared this morning. Th ...(more)..."

Quote of the Day: Bruce Schneier: "Regarding theater owners considering to install jamming systems for cell phones in movie theaters: 'It makes sense. If I were going to commit armed robbery, I'd probably want to bring a cell phone jammer with me.' - Bruce Schneier "

Dutch Bandits Blowing Up ATM Machines: "

Bruce Schneier writes on his Schneier on Security blog:

In the Netherlands, criminals are stealing money from ATM machines by blowing them up.

First, they drill a hole in an ATM and fill it with some sort of gas. Then, they ignite the gas -- from a safe distance -- and clean up the money that flies all over the place after the ATM explodes.

Sounds crazy, but apparently there has been an increase in this type of attack recently. The banks' countermeasure is to install air vents so that gas can't build up inside the ATMs."

Poor security practices lead financial services company to host a phishing site: "

From the Great Irony department. A financial services company, E3financial, is hosting a phishing site. As of this afternoon, Paul Laudanski at CastleCops “Spoke with Anna and was told the folks are in a conference meeting, she cannot interrupt. I strongly urged Anna to interrupt as this is very bad PR for the company, but Anna would not sway.” CastleCops link here.

So because she won’t “interrupt a conference meeting”, the site is live right now.

Why do I bother blogging this? I see sites constantly compromised for phishing scams and I guess I’m just going to start raising the volume a bit more on poor security practices that lead to these types of things.

Alex Eckelberry"

Gapingvoid: Apple Market Share: "Via gapingvoid.com. Enjoy! "

"...700 files quarantined on more than 100 computers."

That thats nothing, our corporation had 500,000 files deleted on more than 6,500 machines. We were in all weekend trying to fix this problem, shall we foot the bill to Mcafee?

Oops: McAfee Update Flags Hundreds of Innocuous Programs: "Brian Krebs writes on Security Fix: Anti-virus giant McAfee acknowledged late last week that a recent update to a number of its software products went terribly awry, causing them to flag hundreds of legitimate third-party programs as hostile and prompting users to delete or quarantine them. The files identified by McAfee as malicious included excel.exe (Microsoft Excel) and gtb2k1033.exe"

Phishing arms race, (Sun, Mar 12th) id1183: "Arms Race ? As with anything the bad guys do, they react ...(more)..."

McAfee/NAI rolls bad pattern, (Sat, Mar 11th) id1179: "NAI/McAfee today released pattern version 4716 only hours after 4715 had come out. Pattern 4 ...(more)..."

Guy Gets Credit Card After Submitting a Torn-Up Application: "

Image source: Boing Boing
[Picture is worth 1000 word...follow link above to see it.]

I think this illustrates the fact there are serious, serious problems in the whole credit industry.

Via Boing Boing .



Rob Cockerham of Cockeyed.com says:

'I wasn't sure if just tearing a Credit Card application into tiny bits was good enough to prevent dumpster-diving theft, so I did a test.

'I tore one up, then taped it back together again, filled it out with a DIFFERENT address and CELL number.

'Sure enough, in four weeks I was rewarded with a shiny new card with a $5,000 limit.

'Now I guess I'll go buy a shredder with this card.'" [...]

Spam ahoy!, (Fri, Mar 10th) id1177: "This PR release slides nicely right into our current poll on how much spam a typical organization re ...(more)..."

An easier way to make money selling antispyware applications: Bundle adware!: "Oh boy, this takes the cake. An antispyware application which bundles in adware.

In order to install Spy-Shield, you have agree to install BestOffersNetwork (formerly known as DirectRevenue) adware. The EULA for the BestOffersNetwork software is shown right after you start to run the installer for Spy-Shield. If you refuse the BestOffersNetwork installation, Spy-Shield will not install…

Absolutely unbelievable. Link here.

Alex Eckelberry"

The New Face of Script Kiddiez: "An anonymous reader writes 'Washingtonpost.com's Security Fix blog has an interesting post profiling the activities of a kid named Witlog who controls a botnet of roughly 30,000 hacked Windows PCs. Even after the authorities manage to shut down the network Witlog uses to control his bots, he pops up somewhere else. From the article: 'Witlog may in fact be the product of a new generation of script kiddiez; the chief distinguishing feature of this generation being that instead of using Web site flaws to deface as many Web sites as possible, these guys are breaking into thousands of home and work PCs and taking them for a virtual joyride, often times all the way to the bank.''" [...]

Writely so: "Posted by Jen Mazzon, Google Writely Team

For the last five months, I've been part of a Silicon Valley startup called Upstartle, which makes Writely, a collaborative word processor that runs in a web browser. Well, as of Monday, I'm happy to say that I, and the rest of the Writely team, are now part of Google.

The other night, I was talking to my husband about how nervous I was to be starting work there. Truth be told, we've all been pretty overwhelmed for the past few weeks. What could our little team possibly do that's innovative enough? And he said, 'Hello? You already did it!' It's true -- everyone told us it was crazy to try and give people a way to access their documents from anywhere -- not to mention share documents instantly, or collaborate online within their browsers. But that's exactly what we did. And since we launched the Writely beta in August 2005, many thousands of people have registered, and all of them came through word of mouth (and blog).

To be clear, Writely is still in beta, and it's far from perfect. Upholding our great user experience means everything to us, so we're not accepting new registrations until we've moved Writely to Google's software architecture. If you're interested in giving us a try, we hope you'll get on the waitlist so we can let you know when you'll be able to try out " [...]

Debit Card Thieves Get Around PIN Obstacle: "Bob Sullivan writes for MSNBC: With consumers around the country reporting mysterious fraudulent account withdrawals, and multiple banks announcing problems with stolen account information, it appears thieves have unleashed a powerful new way to steal money from cash machines. Criminals have stolen bank account data from a third-party company, several banks have said, and then used the data to" [...]

G:Drive Starting to Make Sense: Google, Writely In Talks?: "Om Malik points out the reasoning, and possibilities, in the whole G:Drive thing-a-ma-bob: So you all know that Google’s got designs for a G:Drive and doing an end run around Microsoft? Now what if you can simply store and save data on that drive, but that’s not clearly as much fun. What if you could write a document in a browser, much like you write on Microsoft Word, but then save it directly"

Bargain: 10'000 infected PC's for only 25$, (Wed, Mar 8th) id1173: "Just got this one, sent in by a reader who received it as email:Dear Sir/Madam, Hello! We are inte ...(more)..."

RIAA: Simply Having Files in a Shared Folder is Copyright Infringement: "Ray Beckerman writes on The Recording Industry vs. The People blog: In its briefs responding to the amicus curiae briefs of the Electronic Frontier Foundation, the U.S. Internet Industry Association, and the Computer Communications Industry Association, the RIAA argues that merely having a shared files folder with copyrighted material in it -- even if the files in it were legally authorized" [...]

More on RedBrowser: "The RedBrowser trojan is unique in several ways:

1. First J2ME (Java 2 Mobile Edition) malware. Some old Java viruses like Strangebrew do work on some Java phones, but RedBrowser is the first malware targeting Java phones on purpose.

2. First mobile malware that tries to steal money. The threat is is still very limited: this thing does not spread by itself and we have no direct reports of anybody being hit by it in Russia (where the first reports were from).

3. All other mobile malware targets smartphones (running on Symbian, Palm or PocketPC). This one works on many low-end closed phones. We've succesfully tested it under:
Nokia 9300 (Communicator, running Symbian Series 80)
Nokia 6630 (Symbian S60 smartphone)
Nokia 5140i (low-end Series 40 phone)
We've also heard it works under Blackberries with J2ME support. We will be testing it with Nokia 6310i - one of the first phones with Java support.

These screenshots taken under Nokia 6630 show how the social engineering works:



The trojan always sends the messages to number 1615, which seems to be a generic premium-rate number in Russia, used by several different services.

On 28/02/06 At 07:15 PM"

Using Process Explorer to run as a Limited User: "Process Explorer is one of several extremely cool tools made by Windows uber-guru Mark Russinovich.

In a recent blog posting, he explains how you can use Process Explorer to run specific applications as a Limited User, without the attendent hassles of actually running the entire user session as in Limited User mode.



An alternative to running as limited user is to instead run only specific Internet-facing applications as a limited user that are at greater risk of compromise, such as IE and Outlook. Microsoft promises this capability in Windows Vista with Protected-Mode IE and User Account Control (UAC), but you can achieve a form of this today on Windows 2000 and higher with the new limited user execution features of Process Explorer and PsExec.

Process Explorer’s Run as Limited User menu item in the File menu opens a dialog that looks like and acts like the standard Windows Run dialog, but that runs the target process without administrative privileges:

Link here.

Alex Eckelberry"

• Sunbelt BLOG


• timbl's blog


• Google Talkabout


• Fixing Email Weblog


• Inside Google Sitemaps


• Microsoft Security Response Center Blog


• Updates from code.google.com


• The Official Google Reader Blog


• Viruslist.com - Analyst's Diary


• trimMail's Email Battles


• CircleID: Organizations


• Asa Dotzler - Firefox and more


• Fergie's Tech Blog


• Planet Mozilla


• F-Secure Antivirus Research Weblog


• SANS Internet Storm Center


• Slashdot


• Official Google Blog


• mozillaZine.org


• tips : vim online


• Spread Firefox - Igniting the web

Money Tech: New U.S. $10 Issued on March 2, 2006: "

Via MoneyFactory.gov .

On March 2, 2006, the Federal Reserve banks issued a redesigned Series 2004 $10 note to the public through commercial banks. The notes will begin circulating immediately in the United States, and will then be introduced in other countries in the days and weeks following, as international banks place orders for $10 notes from the Federal Reserve. Businesses that handle cash and use machines that receive or dispense cash are encouraged to continue updating their machines to accept the new notes.

New money designs are being issued as part of an ongoing effort to stay ahead of counterfeiting, and to protect the economy and the hard-earned money of U.S. currency users. The new series began with the introduction of the $20 note on October 9, 2003, and continued with the $50 note issued on September 28, 2004.

More here."

Hacker Defender Antidetection Closes Shop: "The author of the Hacker Defender rootkit has announced that he will stop offering the so-called antidetection service, which promised to hide the rootkit from anti-virus products and even from rootkit detectors such as F-Secure BlackLight. The service, priced at several hundred euros, was on sale on the author's web site for more than a year. We mentioned the antidetection features in Hacker Defender in our previous blog entry.



It is a good thing that the 'official' Hacker Defender anti-detection service is out of business. However, since Backdoor.Win32.Hacdef is an open-source rootkit, we will most likely continue seeing private builds of it also in the future.

On 03/03/06 At 07:31 AM"

Mobile Industry Doesn’t Understand Its Own Customers: "I feel so vindicated. Something that I have been saying for over a year (but Om says it much better), Om Malik writes over on his Next Generation blog: Imagine a conversation between a person who only knows Norwegian and other who is fluent only in Swahili. Well, that precisely the relationship between mobile industry and its executives and the consumers. RBC Capital Markets at its Mobility"

'Malware-Speak' Spooks Symantec: "Brian Krebs writes on Security Fix:

Symantec said Wednesday it plans to tweak the behavior of its Norton Internet Security and Norton Personal Firewall products so that they are no longer vulnerable to an annoying but otherwise harmless prank that 'script kiddie' hackers have been using for the past week or so to knock users off online chat channels.

Turns out that if someone types 'startkeylogger' or 'stopkeylogger' in an IRC channel, anyone on the channel using the affected Norton products will be immediately kicked off without warning. These are commands typically issued by the Spybot worm, which spreads over IRC and peer-to-peer file-swapping networks, installing a program that records and transmits everything the victim types (known as a keylogger).

More here."

Javier Pedemonte: AJAX Toolkit Framework released: "IBM has just put out the first release of the AJAX Toolkit Framework (ATF). This product is released as part of the OpenAJAX Initiative, and brings together technologies from IBM, Apache, Eclipse, Mozilla, Dojo, Rico, and Zimbra. ATF is an Integrated Development Environment for creating web applications based on different AJAX runtimes (such as Dojo, Rico, and Zimbra). ATF provides enhanced JavaScript editing features such as edit-time syntax checking, as well as testing and debugging features.

The web browser facilities in ATF are provided through an embedded Mozilla browser view, using XULRunner plus JavaXPCOM to allow Java to embed and communicate with Mozilla. ATF provides custom views for the DOM Inspector and the Javascript Console. It also hooks Mozilla’s Javascript Debugger into Eclipse’s debug framework, to allow easy debugging of AJAX applications. A future version of ATF will also include the XHR Monitor, which displays all XMLHTTPRequests associated with the AJAX application, and shows the information and content of each request. See the screenshots below for examples of these features.

For help and tutorials, once you have installed ATF, in Eclipse select Help->Help Contents. Then on the left hand sidebar, select “AJAX Toolkit Framework User Guide”. "

Senate Bill To Prohibit Extra Charges For Internet: "xoip writes 'A report in the The New York Times states that 'Senator Ron Wyden, Democrat of Oregon, will introduce new legislation today that would prohibit Internet network operators from charging companies for faster delivery of their content to consumers or favoring some content providers over others.''"

IT war stories: "IT managers and support people the world over have to have one key character trait: Extreme patience.

Networld World has pulled together a bunch of stories from IT managers about some of the more curious things that have happened to them in their careers. Some examples:

“In the early days of PC's most everything was stored on floppy disks. It was fairly common for these disks to eventually go bad. I was able to retrieve most information off of floppies using some bit level utilities. Word of my skills were talked about around the company and I was well known. One day I received a call from a sales rep on the west coast. He had a floppy that had a sales quote he spent a lot of time working on and the client needed it soon. He asked of I could recover the data off of it and I told him to send me the disk and I'd look at it. About 30 minutes later the receptionist in our area walked to my desk and had a perplexed look on her face. She held up a fax of a floppy from the sales person.”

and

“I have a user that complained that his sytem was not working and that it was mission critical. He was down and I needed to fix it. He told me that the PC would not boot. I asked him to check and see if the powerstrip under his desk was tripped. He told to wait that he would have to get" [...]

Original link here: http://www.networkworld.com/news/2006/021306widernetusers.html

Fresh Apple Patches, (Wed, Mar 1st): "Apple released a security update called '2006-001'. It is claiming ...(more)..."

Apple Announces Wonderful Toys: "XMilkProject writes 'Apple just released 5 new products, all of which should show up on the Apple Store within minutes. You can already see the most interesting new product, the iPod Hi-Fi, a supposed high fidelity boombox for your iPod. Other new products are an iPod Leather Case and three new media-center-style Intel Mac minis which will hit the Apple Store within the hour.'"