John's Tech Blog

Something about this pleases me. I'm not saying it will actually result in any significant change, but it's promising when people start to 'get it.' Mind you, if this machine had come across my bench, it probably would have been wiped within a day (after backing up the files with Knoppix, of course). It's really quite funny how many people try to 'fix' terminal [no pun intended] machines.

Ballmer does support: "And gets religion?

…Ballmer spent the better part of the next two days trying to rid this PC of worms, viruses, spyware, malware, severe fragmentation, and well, you name it. Picture it: the world's 24th wealthiest person, a man worth $13.6 billion according to Forbes magazine, sitting at a table for two days, playing tech support. It was, Allchin says, a humbling experience.

Allchin says Ballmer eventually gave up and instead lugged the machine back to Microsoft's Redmond, Wash. campus. There, several engineers spent several days, burrowing deep into the system to figure out the problem. Imagine, CSI: Redmond.

It turns out there were more than a hundred pieces of malware of various types. Things that these engineers using Microsoft's own private tools could not ferret out and fix. Some of these threats hooked themselves deeply into the core operating system and essentially lied about their existence. Other malware scoured the hard drive for anything containing the string 'virus,' and, in Allchin's words, would 'shoot them d" ...

(Read the cited story)

From: Sunbelt Blog

This is good for Barclays, good for F-Secure, and *very* good for consumers. With any luck, more banks will follow suit. The problem right now is that many consumers don't really want to pay a few dollars/pounds/euros a year for antivirus software, and are quite likely at a real loss. If their bank or some other institution offers it for free, they'll probably take advantage of it. And if you know someone who isn't eligible for one of these offers, check out Google Pack, which includes a 6-month subscription for free.

Barclays Signs Up F-Secure For Free AV Package: "Online banking customers offered help with 'the invisible threat'...

Barclays Bank is offering F-Secure's basic antivirus package to its 1.6 million active online customers for two years.

The bank has actually bought more than 1.6 million licences for F-Secure Anti-Virus.

05-30-2006
Tom Espiner
Read more..."

From: Fixing Email Weblog

Another piece of news that can't go without posting! I look forward to reading more about this at a later time. (and this essentially bookmarks it for me)

Google Releases Picasa for Linux: "chrisd writes 'Hi, everyone. Today I'm pleased to announce that we're making Picasa, our photo management application, available for Linux. This is a pre-beta labs release and since we're still learning on how to best make software for Linux, we're asking that you submit your bugs as you find them. Picasa for Linux uses Wine internally; this shows a bit in the interface, but it works even better than we had hoped. Download it and check it out! A list of supported distributions can be found in the FAQ. We hope our patches to Wine will help make it easier for everyone to run Windows apps on Linux and other Unix-like systems. Thanks to our pals at CodeWeavers who did much of the heavy lifting, and to Marcus Meissner, whose libgphoto support patch was a welcome surprise.' "

Source: /.

Sorry, I can't pass up the opportunity to be /. on the news for this! (Or it doesn't appear to be there, anyway.)

Notebook launched, now download extension: "Just hours after I posted my last article about the login page, the service is now finally live. Even though it is now live, it's not hard to miss the absent link for the browser plugin they promised. So, after some digging here is the link to the browser extension that makes creating notes a [...]"

From: ZDNet Blogs: Googling Google

We interrupt this vacation of a fortnight to post a link to an interesting article:
http://unixwiz.net/techtips/ssh-agent-forwarding.html

In it, Steve Freidl writes a very clear explanation about how SSH authentication happens, via password and/or public/private key authentication.

More news to come in a week's time!

Additionally, there are *lot* of updates (one large patch: 2006-003) for Mac OS X:
http://docs.info.apple.com/article.html?artnum=303737

IMHO, Apple was lying through their teeth in this ad:
http://www.apple.com/getamac/ads/ -> "Restarting."
(Not linked, as it starts Quickime immediately -- oh, the irony.) Granted, the ad is addressing the need to reboot because of system instability, but the need to reboot because of updates/patches is quite annoying.

In the Linux world, the only time you have to reboot is to update your kernel (the core of the OS) or when you change hardware (duh! [unless it's very expensive hotswap hardware). Now, if you'll excuse me, it's time to apply this update...and reboot.

Quicktime upgrade time, (Fri, May 12th): "Apple released a Quicktime upgrade to version 7.1 that fixes a number of vulnerabilities in the Quicktime viewer.

Normally I'd like suggest to read the release notes for details, but they are typically thin in explaining what's been fixed and/or otherwise changed.

Basically viewing crafted images:


JPEGs [CVE-2006-1458],
Flashpix [CVE-2006-1249],
PICT [CVE-2006-1453, CVE-2006-1454],
BMP [CVE-2006-2238]and movies:


Quicktime [CVE-2006-1459, CVE-2006-1460]
Flash [CVE-2006-1461]
H.264 [CVE-2006-1462, CVE-2006-1463],
MPEG-4 [CVE-2006-1464]
AVI [CVE-2006-1465]can lead to arbitrary code execution.

The fixed version is available for both OS X and Windows. The best about it all is that at least we don't get the implicit insults we should only visit trusted websites.

Without more information the only option is not to use quicktime or upgrade.

--
Swa Frantzen - Section 66"

From: SANS ISC

Well, this is more than a bit troubling....However, I'm glad to know about it, rather than have it swept under the carpet.

Wired's paper chase: "Kevin Poulsen at Wired has been trying to find out what happened to the Department of Homeland Security system that screens incoming visitors to the US:

The August computer failure led to long queues at airports across the country, but was only tersely explained to the public. The DHS initially said a computer virus had infected one of the mainframe servers -- in Virginia. Later, the agency reversed itself and claimed there was no virus, and the outage was a normal computer crash.

They filed a Freedom of Information Act and got some runaround, but finally got the answers: It was apparently a virus.

More here via Ferg.

Alex Eckelberry"

From: Sunbelt Blog

Running Sophos? Seems like it's time to update your software...

Critical vulnerability in Sophos Anti-Virus products, (Wed, May 10th): "A critical, remotely exploitable vulnerability, has been identified in various Sophos Anti-Virus products. The list of products affected is pretty big and covers everything from desktop Anti-Virus scanners over PureMessage to MailMonitor for SMTP and Exchange.

The vulnerability can be exploited by crafting a special CAB (Microsoft Cabinet) file with invalid folder count values in the header. This can result in corruption of heap memory which can further lead to execution of arbitrary code on the target machine.

This obviously requires that the inspection of CAB files is enabled, which will surely be the case at least on e-mail gateways (so a special warning for users of PureMessage and MailMonitor packages).

Sophos' advisory and details about updates are available at http://www.sophos.com/support/knowledgebase/article/4934.html."

From: SANS ISC

My favorite part is her discussion of disclaimers - personally, I don't quite grasp them either. What's the point of buying a product from a company that claims zero responsibility if anything goes wrong -- what kind of defective garbage are they selling?

Mother of Internet Speaks Out: "Anonymous Coward writes to tell us that Radia Perlman, sometimes called the 'Mother of the Internet' for her invention of the spanning tree algorithm used by bridges and switches, recently gave a very candid interview with NetworkWorld. From the interview: 'The taste of whoever is in the funding agencies tends to cause everyone to look at the same stuff at the same time. Often technologies get hot then go away. There was active networking for a while, which always mystified me and has now died. In security the money is behind digital rights management, which I think ultimately is a bad thing -- not that we need to preserve the right to pirate music, but because the solutions are things that don't solve the real problems in terms of security.' "

Source: /.

This is pretty brilliant...

Rain Drops Signal Cell Phones: "An anonymous reader writes 'Signals from mobile phone masts have been used to measure rainfall patterns in Israel, scientists report. From the BBC article: 'The University of Tel-Aviv analyzed information routinely collected by mobile networks and say their technique is more accurate than current methods used by meteorological services. The data is a by-product of mobile network operators' need to monitor signal strength. If bad weather causes a signal to drop, an automatic system analyzing the data boosts the signal to make sure that people can still use their mobile phones. The amount of reduction in signal strength gave the researchers an indication of how much rain had fallen.'' "

Source: /.

After running this blog for a few months, I thought I'd solicit a bit of feedback.

Seeing how this blog exists mostly to serve up quotes and links, I figure I'll start out with a quote or two, in this case, from the e-mail I sent a bunch of you:

In this day and age of RSS feed readers and aggregators, I've decided
to bite the bullet and find a more efficient way to share news
articles that I find interesting with others: I've started a 'tech
blog.'

...and in closing:

I hope this may prove to be a useful source of information - if you
like it, hate it, or think you have an interesting story to link to,
drop me an e-mail.

Anyway, this blog serves another primary purpose: to capture the most interesting stories I find on the Internet for future reference. Bookmarks are impossible mess, and I'm not going to do the del.icio.us tagging stuff. Someday I may set up my own personal bookmark server with an open source system, like del.irio.us, but for now this works.

However, the main reason is to find a convenient way to pass these stories on to you, the reader. That said, I'd like to hear back on whether the style is good, bad, indifferent, and if there's anything anyone thinks should be changed. At some point in the future, I will try to better link the attributions (at the bottom of the post), as suggested by a friend - but that will require writing a Greasemonkey script (which will make other parts of the process easier, anyway) - I'm not going to do the links by hand every time. Don't have my address handy? Visit my contact page. (in this day and age of harvesting bots, I won't make mailto: links)


But wait, there's more! I'm going to be away on vacation for a bit, so I've invited my friend Chad to guest post on this blog. I hope you'll enjoy his take on tech news, and only hope that the Internet doesn't blow up while I'm away. :-) it seems this will stay dark until after Memorial Day.

...and now back to our regularly scheduled posting.

I love it...

Dumbest. Phishing scam. Ever: "First there was the Amish computer virus, which said:

You have just received the Amish virus.

Since we have no electricity or computers, you are on the honor system.

Please delete all of your files on your hard drive. Then forward this message to everyone in your address book.

We thank thee.

Of course, that was a joke.

Now, there is a flagrant phishing hoax which promises:



The following complete hacking tutorial IS GUARENTEED TO WORK AND ITS FREE!! The hacking method is based on a flaw in the PayPal (www.paypal.com) mailing address confirmation system THAT MY UNCLE HAS SHARED WITH ME AND NO ONE ELSE!! I am giving this to you because it has helped me out ALOT and it will help you too. It will only work BEFORE PayPal discovers this serious security flaw and fixes it. Take your action FAST! This method works only works for hackers with PayPal accounts with CONFIRMED PAYPAL ACCOUNTS. It will never work for PayPal user without a confirmed account.By strictly following instructions in the following tutorial, you'll gain unlimi" ...

From: Sunbelt Blog

Well, this is certainly a clever new phish.

Psst... Come hither, Check out my profile: "One of our readers has brought to our attention an interesting instance of a popular Yahoo! account phishing scam. This scam takes advantage of the fact that Yahoo! requires members to logon to their account to verify their age before they can view members with adult content in their profile. Users on Yahoo! chat rooms, besides other places, are enticed to click on a link to view a profile. The link leads to a phishing web page that is a spoof of a typical Yahoo! profiles login page hosted on a domain named yahoo-members.com.

[screenshot in original page]

The interesting thing about this domain is that none of the phishing blacklists we have checked seem to recognize this as a phishing site, which is weird because according to its whois record, yahoo-members.com has been around for about six months now.

This is one more reason why blacklisting should be combined with whitelisting - along with trying to catch all the spoofs of Yahoo! websites out there, phishing filters should also tell the users which Yahoo! sites are genuine. This way, when they go to a spoofed site that is " ...

From: F-Secure Weblog

And this confirms a trend I've been posting about here - it's all about the money!

Panda: 70% of Malicious Software Aimed at Theft: "An AFP newswire article, via Yahoo! News, reports that:

Seventy percent of malicious software being circulated is linked to various types of cybercrime, a study by security firms Panda Software showed.

The report, based on a survey in the first quarter of 2006, suggested that 'financial profit has become a priority' for creators of 'malware,' which includes viruses, worms, trojans and spyware," ...

From: Fergie's Tech Blog

Well, at the very least, one has to have a sense of humor about these things...

MSIE 'Sploit du Jour, (Thu, Apr 27th): "Yesterday's. [link in article]
Today's. [link in article]

#!/bin/sh
cat /usr/home/tliston/diaryheader.html > diary.html
echo '$1 has discovered a vulnerability in Internet Explorer,' >> diary.html
echo 'which can be exploited by $2 to compromise a user's system.' >> diary.html
echo 'The vulnerability is caused by an error in $3 ' >> diary.html
echo 'that can be exploited to $4, by tricking a user into visiting' >> diary.html
echo ' a malicious web site. Successful exploitation allows $5.' >> diary.html
cat /usr/home/tliston/diaryfooter.html >> diary.html
mv diary.html /www/htdocs

tommy: tom$: ./ie_dujour.sh
MATTHEW MURPHY has discovered a vulnerability in Internet Explorer, which can be exploited by EVIL HACKERS to compromise a user's system. The vulnerability is caused by an error in A RACE CONDITION IN THE DISPLAY AND PROCESSING OF SECURITY DIALOGS RELATING TO THE INSTALLATION/EXECUTION OF ACTIVEX CONTROLS that can be exploited to CONVINCE A USER TO INSTALL A MALICIOUS ACTIVEX COMPONENT, by" ...

From: SANS ISC

FYI: Firefox users should be noticing the automatic update pretty soon - unless of course, you're really secure and not running as administrator. :-) If you are responsible for other machines, please be sure to get machines updated to this.

MozillaZine: Mozilla Firefox 1.5.0.3 Released: "Mozilla Firefox 1.5.0.3 has been released. This update fixes a publicly disclosed denial of service weakness. All users are encouraged to upgrade to this version.

The bugfixes previously planned for Firefox 1.5.0.3 were shifted to 1.5.0.4, and a quick update was released shortly after the recent 1.5.0.2 release to address the publicly reported issue. "

From: MozillaZine

Well, this shall be interesting to watch...

Hackers Quaking Over Reported Spam King's Arrest: "According to an unconfirmed report, spam king Alan Ralsky has been arrested by federal law enforcement and is being held pending the release of a sealed indictment against him.

The problem: Ralsky apparently has the goods on a wide swath of the hacker underground, and folks there are really worried he's gonna spill the beans to the feds in return for a lesser sentence.

Ralsky is a near legend in the spam community -- the subject of a raft of lawsuits from Verizon and others for his shameless spamming activity. More recently the feds have been closing in. His home in Michigan was raided back in October. And rumor has it that a datacenter Ralsky used was raided a couple weeks back.

04-28-2006
InfoWorld
Read more..."

From: Fixing E-mail Weblog

Great [Windows] tips from the Sunbelt Software folks:

Sunbelt TechTips for the week of May 1: "How to prevent XP from creating a bridge between networks
Windows XP has a feature called network bridging that allows you to connect two networks together. If you attach two networks to your computer (for instance, you have a wired Ethernet adapter and a wireless network adapter installed on the computer), by default XP will bridge the networks so you can access one from the other. This is convenient but less secure, so you may want to prevent bridging. Here's how:
When you run the Network Setup Wizard, you'll get a message that your computer has multiple connections. Click 'Let me choose the connections to my network.'
Click Next.
In the 'Select the connections to bridge' dialog box, uncheck the boxes for all but one of the listed network adapters.
Click Next and finish the wizard. A bridge will not be created.
How to change the location for Office source files
If you installed Microsoft Office from a share on a network server instead of a local installation CD, the path from which you installed will be remembered" ...

From: Sunbelt Blog

Wow....this is vile. And, it's another case of money promoting unsavory practices on the Internet.

In Bad Taste: John Levine on 'Domain Tasting': "John Levine writes over on CircleID:

So-called domain tasting is one of the more unpleasant developments in the domain business in the past year. Domain speculators are registering millions of domains without paying for them, in a business model not unlike running a condiment business by visiting every fast food restaurant in town and scooping up all of the ketchup packets.

Since 2003, the contract between ICANN and each unsponsored TLD registry (.biz, .com, .info, .net, .org, and .pro) has added an Add Grace Period (AGP) of five days during which a registrant can delete a newly registered domain and get a full refund. Although this provision was clearly intended to allow registrars to correct the occasional typo and spelling error in registrations, speculators realized that this allows them to try out any domain for five days for free.

As soon as the speculators (who call themselves “domainers') figured this out, they started using automated software to register domains like crazy. They put " ...

From: Fergie's Tech Blog // CircleID (I thought I had the latter in my RSS feeds)

Ooops. That doesn't sound like fun - perhaps I'd complain about it, but I use Firefox. Oh well. Personally, it's always annoyed me on the few occasions that I've used IE that if you're accessing any port other than 80, you must specify http://... now it sounds like it affects everything. Here's a tip if you're going to a www.____.com address - type the ____, and then press Ctrl-Enter. This even works in Firefox, with the added shortcut of Ctrl-Shift-Enter for .org.

Why do I have to type http:// in IE?: "People have been asking why, all of a sudden, they can't go to a web site with Internet Explorer unless they type in the full address (with the 'http' in front) — when normally they could just just type www.whateverdomainname.com and IE would put in the 'http' part.

This is one of the most commonly reported problems caused by the update referenced in Microsoft security bulletin MS06-015.

There's a registry edit that will fix it; you'll find instructions here, along with a list of the various problems the patch causes.

Also, Microsoft has re-released the patch that is causing these problems. It's been completely re-engineered; the new update should be installed automatically if your system is set to use the automatic update service. You can read more here.

Deb Shinder"

From: Sunbelt Blog

It's a real shame that some very talented people are not getting very high paying jobs to do amazing things, and are instead writing spam engines that are exceedingly clever.

Next Generation Spam Zombies Will Use Data Mining: "branewashd writes 'The Globe and Mail is covering some new research on the future of spam. The paper 'Spam Zombies from Outer Space', from researchers at the University of Calgary, will be presented on Sunday at the European Institute for Computer Anti-Virus Research conference. According to the paper, the next generation of spam zombies will employ 'sophisticated data mining of their victims saved email'. When a computer is turned into a spam zombie, it will first be mined of its address book, mail client configuration, and mail archives. Then the spam program will use Natural Language Processing techniques to send spam messages to the victim's contacts that look a lot like messages that the user has previously sent. The researchers predict that this will be extremely hard to detect, but they do offer a few suggestions for combating it.' "

Source: /.

I knew I had read about this before, but I never looked futher into it. Definitely something I'll be setting on some terminals (for myself, anyway).

Tip #1220 - Use Vi shortcuts in terminal.: "I got addicted to using vim shortcuts like h,j,k,l, b (back one word), e (forward one word), ... and I miss it every time when I'm not in vim. But there is a way to use basic Vi shortcuts when you are in command line. All you have to do, is write the following lines to /etc/inputrc or ~/.inputrc :

######################################################

set editing-mode vi
set keymap vi

######################################################

Now exit the terminal and come back. The main difference is that by default you are in INSERT mode and you have to pres Esc to get to normal mode.

More info: 'http://docs.freebsd.org/info/readline/readline.info.Readline_Init_File_Syntax.html""

From: Vim Tips

The Matrix Reloaded was the only one that used something remotely feasible (pun realized). The rest...so very bad...

More Than 20 Years of the Web on the Big Screen: "Carl Bialik from WSJ writes 'WSJ.com has compiled clips from a dozen movies over the past 23 years that depict the internet, with varying degrees of accuracy. Among the selections: WarGames, Sneakers, .com for Murder, and Mr. & Mrs. Smith. The Matrix Reloaded used real Linux code, while Mission: Impossible had the improbable email addresses Job@Book of Job and Max@Job 3:14. In a related article, WSJ.com reviews some of the more-absurd Hollywood conventions when it comes to the web. Harry Knowles, of Ain't It Cool News, says, 'The thing that always gets me is watching people send emails. You click 'send' and the entire document begins to fold into an envelope and disappear into the screen. I tend to send around 300 to 400 emails a day, and that would drive me insane.'' "

Source: /.

SANS & SANS ISC...keeping the lot of us sysadmins informed.

Thanks again, guys.

SANS Top 20 Spring Update, (Mon, May 1st): "SANS has announced its spring 2006 update to the 'Top 20' list. The high level discussion is here and the technical details are here. The big news (which isn't big news to our readers) is the increasing visibility of malware targetting Mac OS X."

From: SANS ISC

Ahhh...finally. Certs are almost worthless these days - hands on experience and a sharp mind are what counts. Many employers are already throwing MCSE rèsumès right in the revolving file, as they simply took a cram course, but can't fix anything.

IT Certification Less Important Now?: "lpq writes 'IT certifications, popular after the dot-com bust, seem to be hurting careers now according to this article in the current Eweek.com issue. Guess employers are getting hip to the idea that those who don't' have experience or can't 'do', get certified...' "

Source: /.

Definitely a smart move on the part of the medical community. Doctors are already overbooked as it is - getting inane questions via e-mail could make for a very ugly situation. Now, if only a few more groups could take some lessons from this -- e-mail shouldn't always be used for extremely serious matters.

Why Your Doctor Won't Send You Email: "Way back in 2003, a survey by the Pew Internet & American Life Project concluded that while over 32 million Americans had exchanged health-related email, only 7% had exchanged messages with their doctors or health professionals. Three years later, while a huge segment of America uses email, over 60% of the medical community still refuses to engage. Email Battles explores the dangers of email, as doctors see them."

From: trimMails's E-mail Battles