John's Tech Blog

Enough is Enough: Coinstar Lets You Trade Change for iTunes Music: "Image source: Gizmodo

Via Gizmodo.

Coinstar, the company’s whose coin counting machines transform loose change into cold hard cash at grocery stores across the country, recently introduced a program that allows patrons to cash their coins in exchange for gift cards and eCertificates redeemable at various retailers, including Apple’s iTunes Music Store.

The program also has the added benefit" ...

SketchUp is free @Last!: "It looks like Google has pulled another 'Urchin' by snapping up a cool, useful and expensive tool and making it free for the world. The free version is only for personal use -- a pro version is still available that has a few extra featurs and can be used commercially.Along with their shiny new domain [...]"

Windows Vista Firewall, (Wed, Apr 26th): "In a somewhat related story, ZDNet has an interesting article that discusses the fact that Microsoft has decided that the Windows Vista firewall will include no outbound filtering by default. Apparently, Microsoft was considering blocking outbound connections by default, but, in response to large enterprise customer requests, they won't be doing that. Not breaking corporate apps is more important than security, I suppose is the reasoning. This is a change from the original Plan (yes, note the capital P), which said that Vista would ship with a two-way firewall. It still has that capability, but outbound filtering will be turned off by default.

I remember a recent fascinating rant from Marcus Ranum, saying (I paraphrase) that a firewall that doesn't block outbound traffic isn't worthy of the name firewall. From the guy who popularized the term firewall so long ago (and the term script kiddie), that's an interesting point.

But, of course, the lack of outbound filtering isn't a problem, given that the client-side apps are so rock solid. Also, with your" ...

Google cheat sheet: "Handy.

[image of cheat sheet in link]

Link here via gHacks.

Alex Eckelberry"

New Project: Google Ctemplate: "The code just keeps on coming! Today we've released Google Ctemplate, a library implementing a simple but powerful template language for C++ that emphasizes separating logic from presentation. You've already used Ctemplate: this is the same code that formats all of the pages for Google's web search.

Source code and RPMs for Ctemplate are available from SourceForge. Give it a try!"

Remember James?: "Remember James Ancheta? The botmaster that was caught and convicted earlier this year. We covered this in January.

[images in original post]

Now USA Today's Byron Acohido and Jon Swartz have done an extensive study into Ancheta's operations and even uncovered his arrest mug shot! Full story is available on usatoday.com.


On 24/04/06 At 05:53 PM"

Security and Stability Updates for Thunderbird Released: "Thunderbird 1.5.0.2 and Thunderbird 1.0.8 have been released. These updates contain several security and stability fixes.

Thunderbird 1.0.8 is the last release in the Thunderbird 1.0.x product line, and the recently released Mozilla Application Suite 1.7.13 is the last official release of the Mozilla Application Suite. Mozilla Corporation recommends that all users of these products upgrade to the Thunderbird 1.5.0.x product line. The Release Roadmap contains more information on product life cycles. "

States Rush to Remove Data on Residents From Websites: "Jon Swartz writes on USA Today:

States across the USA are furiously removing sensitive data from official websites.

The task highlights challenges facing states with sites full of personal information on residents, from Social Security numbers to bank account numbers.

Such data is available in Florida, Ohio and at least a dozen others, say privacy experts who provided USA TODAY with links to public websites. Many state laws require property records be posted online in the interest of open government. Once, the data was confined to books in state offices, says Daniel Solove, a privacy law professor at George Washington University. 'As data is made available online, it becomes a privacy concern,' he says.

It can take months to remove SSNs and other data, say privacy advocates like David Bloys, a retired private investigator in Texas. In the interim, ID thieves could cherry-pick data, he says.

More here."

Back on the map: "Posted by Thai Tran, Product Manager, Google Maps and Local Search

Last October, we merged our local search site with Google Maps. At that time, we thought it was most appropriate to name the integrated product 'Google Local' to emphasize the broad searching capabilities of the site and that it was much more than an ordinary mapping site. But we underestimated how much people loved Google Maps. Many have continued to refer to the site by the previous name, and many have explicitly asked us to 'bring back Google Maps.' Since it's most important to us to give our users what they want, we've decided to change the name officially to Google Maps.

Does this mean that local search is no longer important to Google? Absolutely not! Google Maps continues to have the killer combination of maps, driving directions, and local business search. And local search has become a fundamental part of the Google search experience; it's now embedded within a number of our products, including Google web search, Google Earth, Google SMS, and Google Mobile."

Symantec Scan Engine Multiple Vulnerabilities, (Sat, Apr 22nd): "Three vulnerabilities were reported in Symantec Scan Engine. The vulnerabilities could allow a remote user to access the scan engine, download any file located under the Symantec Scan Engine installation directory and conduct man-in-the-middle attacks. Symantec Scan Engine is used in third party applications to interface with Symantec content scanning technologies.

The first vulnerability is the authentication mechanism used by Symantec Scan Engine over its web-based administrative interface. The Scan Engine does not properly authenticate web-based user logins which will then allow a remote user to bypass authentication and gain control of the Scan Engine server.

The second vulnerability allows an unauthenticated remote user to send a specially crafted HTTP request to access arbitrary files located under the Symantec Scan Engine installation directory.

The third vulnerability is the result of the Scan Engine using a static private DSA key for SSL communications. The key cannot be changed by end users and can be extracted from any installation of the product. As a result, this could al" ...

Run Windows Application Natively in OS X?: "mcho writes 'Unlike other speculators, who get no spam, Robert X. Cringely offers an intriguing reason behind Apple's recent strategy of Boot Camp. From the article: 'I believe that Apple will offer Windows Vista as an option for those big customers who demand it, but I also believe that Apple will offer in OS X 10.5 the ability to run native Windows XP applications with no copy of XP installed on the machine at all. This will be accomplished not by using compatibility middleware like Wine, but rather by Apple implementing the Windows API directly in OS X 10.5.' "

Banks use non-ssl login forms., (Wed, Apr 19th): "This is a bit an old issue I am having, but it seems to be getting worse and not better: Bank that use non-SSL login pages.

Now this is not about sending your credentials in the clear. The bank essentially uses a non-ssl 'home page' which includes a login form, but the result of the login form is sent encrypted to an SSL page (e.g. you got to http://www.example.com, and the login form will submit your data to https:/www.example.com). Now why is this so bad, given that your login data is still encrypted? Well, there are two reasons for SSL: The first is to encrypt your data (which happens in this case). The second, as important function of SSL is authentication. A valid SSL connection confirms that you are actually talking to your bank, and that the login form is 'real'.

With the help of some handlers, we checked out a number of major banks. You can see the result at https://www.securewebbank.com/loginssluse.html . (I will gladdly add more to the list if time allows. If you want " ...

Google Calendar data API: time to starting coding!: "Developers appreciate a nice web application, like the one that launched last week with Google Calendar. Even more, they appreciate a nice web application programming model that enables them to build applications, not just use them. Enter the Google Calendar data API.

The Google Calendar data API is based upon a common API model called GData. The GData model uses REST principles and Atom or RSS 2.0 syndicated feeds as the base resource model to expose data held by Google services (like Google Calendar).

GData feeds support queries based upon URL parameters, so it is
possible to take a base feed, add parameters, and query for all entries that
match a search query, fall within a date range, or other conditions.
With proper authentication, GData feeds also support the ability to
post new entries (create new events), to modify existing ones (add event
participants), or delete them (cancel a meeting). The GData feed edit model is
based upon the Atom Publishing Protocol.

Basing the GData protocol model upon HTTP/XML means " ...

A rather surprising find: "After my blog post earlier today on a new rogue antispyware program, Spyware Soft Stop, our Eric Howes made a surprising discovery.

Look at this screenshot:
[see source link]


As you can see, it found six files and identified them as various types of malware.

The problem is, not only are those files just junk files (not malware), but the Spyware Soft Stop application itself installed the files.

That's right, this application planted the very files it claimed to detect as malware.

Unreal.

Alex Eckelberry"

Fix for the fix: "I got this through Donna (one of my favorite security blogs).

A recent patch, MS06-015, could cause some problems, such as:



•Unable to access special folders like 'My Documents' or 'My Pictures'.
•Microsoft Office applications may stop responding when you attempt to save or open Office files in the 'My Documents' folder.
•Office files in the 'My Documents' folder are not able to open in Microsoft Office.
•Opening a file through an application's File / Open menu causes the program to stop responding
•Typing an address into Internet Explorer’s address bar has no effect.
•Right-clicking on a file and selecting Send To has no effect.•Clicking on the plus (+) sign beside a folder in Windows Explorer has no effect.
•Some third-party applications stop responding when opening or saving data in the “My Documents” folder.

And then there’s this little mention:



The VERCLSID.EXE process is flagged by Sunbelt Kerio Personal Firewall. Sunbelt Kerio Personal Firewall (http://www.sunbe" [...]

Grampa's backup, (Wed, Apr 5th): "Being an IT Professional, I'm sure you frequently get to 'help out' your less IT-literate relatives and neighbours with their computer problems, real and imaginary. Recently, I had the opportunity to fix a problem of the 'real' kind - a very dead hard drive that wasn't even willing to spin anymore. Good thing is, only months earlier I had converted that same PC to backing up to an external USB drive - and since everything was so easy and quick now, Grampa had been doing his backups just as religiously as taking his fiber supplement at breakfast.

Bottom line: External USB drives make a pretty neat and cost effective backup media for home users. Combined with a customized 'single click' scripted backup icon on the desktop, and the instruction to always turn the USB thingy off again after backing up (so that the worm/virus doesn't get the backup as well), Grampa should be reasonably safe. Checking back, I found that he had made two backups to the CD writer in one year, and - surprisingly - weekly backups to the USB drive."

Couple ISC Site Updates, (Wed, Apr 5th): "We made a couple of changes to the site recently:


The RSS feed is now available in two versions. One with headlines only (as before) and a second version with full content.
In addition, we now offer a 'Security News Feed' which aggregates feeds from various security related sites.
removed a ton of little html issues that should bring the site closer to HTML 4.01 strict compliance. Not 100% there yet, but close.In other news: We rebooted one server this morning and as a result, a ton of old queued up messages got released. You may see some old update notifications in your inbox.

You can always subscribe to our 'new diary notification' service to have a brief link sent to your pager/phone if there is a diary or infocon update.

And I almost forgot: We may have some infocon test runs in the future to check that all of the mechanics of it is working well. There will be plenty of warning (> 1 week) with an exact date.


Links:
News Feeds
New Diary Notification E"...

'Who is' your friend!, (Wed, Apr 12th): "At the ISC we often get requests that end up in ...(more)..."

Google Calendar is live!: "Google Calendar is finally live -- we have been waiting for it and has been only speculation and rumor for way too long. Thank you Google.Log into the service while it's still responsive at http://calendar.google.com "

Survey of Internet Explorer 7 Beta 2 Reviews: Ouch! Ouch! Ouch!: "If you sensed something might be slightly askew when Microsoft switched from allowing anonymous public comments about Internet Explorer 7 to requiring sign-ups in order to see Internet Explorer Feedback... you sensed right. The reviews of Internet Explorer 7 Beta 2 are in. After toting them up, Email Battles has Good News and Bad News. The good news is for Firefox. The rest of it belongs to Internet Explorer."

Chris Ilias: Customize the Firefox Bookmarks location: "Don't like your bookmarks being stored in your profile folder? Want two or more users on the same computer to share a bookmarks file?
Easy.
- close Firefox.
- copy/move your bookmarks.html file (and bookmarks.bak) to the location you prefer to keep it.
- open Firefox.
- enter about:config in the Firefox location bar, right-click on any of the listed preferences, and choose New -> String.
- enter the preference name: browser.bookmarks.file
- for the value, enter the new file path (including the file name) of your bookmarks.html file.

Using this method, not only can you share your bookmarks file with other Firefox users on the same computer (and possibly same network. I'm not sure.), but share the file with SeaMonkey users, or Mozilla Suite users, or Netscape users. If you share with SeaMonkey/Mozilla/Netscape, just remember that live bookmarks will not function.

If you have Netscape Communicator, you can even go as far as pointing it to your Communicator bookmark.htm file."

Spam reporting addresses, (Mon, Apr 10th): "It's been a quiet day, with a few reports of phish and pop-up spam. It looks like ...(more)..."

Nigerian 419 Scam Stole the Most Money Off Internet: "Eric Rosenberg writes on SFGate.com:

Americans lost a record amount of money to Internet fraud last year, with the infamous Nigerian 419 scam nabbing the largest sums from individuals, according to new federal crime statistics.

Americans reported losing an all-time high of $183 million to Internet fraud in 2005, up 169 percent from $68 million the previous year, the Internet Crime Complaint" ...

Money money money: "Back in February of last year, I blogged about “Why Adware works”. The answer was simple: It’s very profitable. I detailed how much money Claria had made, based on information from their S-1 (the initial filing made with the SEC to go public).

It’s not only Claria. 180Solutions is quite profitable, and has some flashy offices to show for it:



I notice that each of the company's departments is fitted with large, wall-mounted plasma screen televisions that display graphs charting 180's daily and weekly sales and revenue numbers. The display nearest the marketing department showed that 180 pulled in more than $1 million in the past week alone serving ads to people who have its adware installed on their computers. Today's estimated revenue is slightly more than $100,000; the graph showing how much the company has actually earned so far today reads $2,966, but then again it is just after 10 a.m.

Link here.

The profit extends throughout the entire distribution chain. A fellow can set up a crappy "

New Project: ExplorerCanvas: "If you do web development and need your pages to render properly in any browser, you should take a look at the latest open source project from Google. ExplorerCanvas is a JavaScript implementation of the canvas tag for Internet Explorer. The HTML element allows you to create programmable 2-D graphics, and it is supported by Firefox, Safari and Opera 9. To make your canvas-ified pages work in IE, all you have to do is add a single script tag.

We've made the code for ExplorerCanvas available on SourceForge: check it out!"

Exhibit 5 - A Better Internet?: "In case we didn’t already know – people don’t like Spyware. Well, they really don’t like Spyware. The New York Attorney General's office has brought suit for illegal practices against Direct Revenue and the exhibits make for interesting reading. Ben Edelman has a copy of the case documents here. Exhibit 5 has more than a few examples of the hate mail that Direct Revenue received. This is one of the less vulgar:

[see link for image]

Direct Revenue, makers of VX2, ABetterInternet, and BestOffers, is a company that is known for its use of less than honest affiliates. Those affiliates have the very bad habit of installing software without user consent. Due to the method of installation, even the uninstaller offered by Direct Revenue didn’t always work – evidenced by the table in the exhibit.

Direct Revenue has gone from shady to less shady over the years, but perhaps not quickly enough to avoid the eye of Attorney General Spitzer.

On 07/04/06 At 02:20 PM"

McAfee Acquires SiteAdvisor: "Dawn Kawamoto writes on C|Net News:

Security company McAfee has acquired SiteAdvisor in a move to fortify defenses for people before they browse potentially malicious Web sites.

Boston-based SiteAdvisor informs people conducting Web searches whether their results include sites potentially associated with spyware, adware, spam and browser attacks. The safety ratings are displayed next to the" ...

Free Tool Ferrets Out Mail Server Problems: "Installing and maintaining a mail server or network spam filtering appliance is pretty easy, at least in concept. Unfortunately, in practice, it's full of gotchas, like mis-matched IP addresses in mailservers, filters, DNS and firewalls. That's why Email Battles has added Mail Server Profiler to its free on-line toolkit. To help professional and amatuer network managers alike get to the bottom of mail server headaches."

Paul Allen's Microsoft Experience: "theodp writes 'Just in case Microsoft bashers don't have enough ammo, Robert X. Cringely has a couple of interesting tales in this week's column. The first explains how Bill Gates used Paul Allen's moonlighting at MITS to justify awarding himself 64% of Microsoft's stock vs. Allen's 36% (and Gates' failure to adjust the shares after he accepted a $10/hour part-time MITS job). The second heart-warming tale concerns a conversation Allen reportedly overheard late one night (as he was finishing up DOS 2.0) between Gates and Steve Ballmer discussing how to get Allen's Microsoft stock back if the Hodgkins disease Allen was battling killed him. Yikes.'"

Daylight Savings Time, (Sun, Apr 2nd) id1232: "For those who read this Saturday, April 1st don't forget to compensate for daylight savings time. ...(more)..."

SQL on Rails Launched: "Daniel writes 'Developers have created a new Rails framework for SQL, SQL on Rails. Check out the screen cast that shows you how to develop an internet search engine with three lines of code. Version 4.1 of the SQL on Rails framework is available for download on the site, and the O'Reilly title is expected to hit shelves next month.' ZOMG L@@K at the kitten site it powers!@#!11"