John's Tech Blog

From the F-Secure Weblog:

Data Security Summary - January to June 2006: "It's midyear and time for our semiannual data security summary. Mikko's video (13min) was shot on our office roof for this occasion. It was a very fair, sunny day in Helsinki.

The wrap-up is available here, and includes a variety of video formats as well as audio. Download it for your iPod or other media device.

The video's topics include: Twenty Years of Viruses, WMF Exploit, Nyxem, Macintosh Viruses, Rootkits, Mobile Viruses, and Spear Phishing. Mikko looks very earnest in the video, but don't panic, that's probably due to the brightness of the sun."

From the great folks @ SANS ISC:

Field Day Exercise, (Sat, Jun 24th): "Over this weekend, ham radio operators (who aren't at the World Cup) are participating in an annual emergency communications preparations exercise known as Field Day (http://en.wikipedia.org/wiki/Field_day). It emphasizes the use of emergency and alternative power sources. In the spirit of this exercise I'm running on backup power today to determine how long my setup will last and work out the bugs.

It has not been going smoothly today, but that's the point of the exercise I suppose.

How long can your critical systems operate without grid power?"

Sudo For Windows, (Fri, Jun 23rd): "One of my colleagues sent me a URL today of an interesting utility I have been wishing I had for a while in the Windows environment that I thought I would share with you this evening. For those of us that learned Unix systems administration prior to dealing with the Windows environment, sudo was one of those tools that made it much easier to compute more safely. Well, sudo is now available for the Windows operating system as well. This tool is somewhat different from the RunAs command in that you use your own passphrase (with the right configuration) to elevate the privledges while running a particular application. For those Unix geeks out there, RunAs is probably likened to su in some respects. So if you were ever looking for a Sudo for windows, take a look at http://sudowin.sourceforge.net/ ."

Malware propagation information from microsoft., (Thu, Jun 22nd): "Microsoft recently released a report on the statistics they are collecting via MSRT.

If you need to know what kinds of malware is being detected and removed by the Malicious software removal tool this is a great report. It only covers windows of course but that makes sense.

There is a nice executive summary but please read beyond that. One security trade publication clearly misread the summary and posted a misquote (62% of computers infected with backdoor). That is not what the report states. The 62% number is the percentage of machines that had malware removed from them by MSRT AND had a backdoor installed on them. Restated more then of the machines where an infection was detected and removed also had remote control backdoors on them. No surprise there really. Although there are ways for the hackers to use a system without a backdoor tool installed for the most part the hackers want to be able to remotely upgrade and control systems they have compromised.
...

The dangers of shared web hosts, (Tue, Jun 20th): "A reader alerted us today about yet another web server compromise, affecting a large number of domains. In this particular case, the server was hosted with iPowerWeb, a provider of low cost web space on shared servers.

Space on a shared server is ok for personal use. But you should think twice before using it for commercial, in particular business critical use. Your web sites security will depend on a few hundred other users on the same system doing the right thing. A bad php script on one virtual server could lead to a compromisse of all web sites hosted on the same system.

If you have to use a virtual host, try to follow these tips to make things 'as secure as possible':
...

Microsoft's New Linux-Based Wireless Network: "MECC points to an article about Microsoft's new wireless network. From the article 'The next time Bill Gates sends an e-mail through Microsoft's shiny new Wireless LAN it will be passed through a behind-the-scenes Linux-based network appliance.' Microsoft has partnered with Aruba Networks for a large corporate wireless LAN deployment, involving 277 buildings and 5000 access points, 'all Linux based.'' "

Careful where you step! We're moving the furniture in Google Reader.: "We just made some improvements to managing your stuff in Google Reader to better enable doing lots of things at once. If Reader were a house, I guess we just knocked down a wall -- so you can finally get to the bathroom from the bedroom. (And we added a new patio while we were at it.)

A new settings page.
There's now a link in the top right that says 'Settings'. Clicking on that link opens up a new screen that lists all of your subscriptions and labels, and allows you to make edits to more than one item at a time. We've also added a bunch of new filtering and selection controls. And there's a new feature as well: you can rename any of your subscriptions.



Menus
We've replaced the drawer on the front page with menus for subscriptions and labels. They're faster to load, especially if you have a lot of subscriptions. What's best, the menus allow you to select things without having to shove most of the application out of view.

..."

Microsoft model: Lose money on everything. Make it up in volume: "This whole predatory pricing thing has been quite interesting. There are views all over the place.

I want to point everyone to Microsoft’s latest quarterly earnings:

Here’s where Microsoft makes its money:

[see link for table]

In other words, Business Solutions, MSN, Mobile and Embedded Devices and Home and Entertainment were money losers. Information Worker (Office), Servers and Client (primarily XP OEM), generated their profits.

Let’s look at what happened in the browser market: Microsoft killed Netscape. IE took over as the dominant browser. Within a few years, we had the massive attacks of adware and spyware. Coincidence? No. IE was an exploitable OS, and it was suddenly the majority. Adware and spyware vendors took advantage of the monoculture of the browser space.

What about Access? Microsoft blew it out for $99 and killed Borland (my former employer). "

...

Candy From Strangers: "

Hypothetical One: There's a wallet lying on the ground outside of your office building. It almost certainly contains confidential information. Would you pick it up, open it, determine to whom it belongs, and take steps to return it to them? Many/most people would probably try to be helpful in such a situation.

Hypothetical Two: There's an open box of chocolates lying on the ground outside of your office building. It appears to contain delicious treats. Do you put a piece in your mouth and taste? Most people would probably either ignore the box or put it in a nearby trashcan.

So why did people pick up a USB stick and then insert it into their computer during a security audit as was written about here? Perhaps because USB sticks are so cool…

Or perhaps training often only includes what not to do (a list too long to ever be complete) rather than how to think about the computers within a secure environment. To the non-security minded (regular people), inserting a USB stick is more likely akin to opening a wallet and examining the contents. There " ...

802.11 pre-N Routers Running Into Issues: " Via Gizmodo .

Not only are most of the the pre-N and draft-N routers on the shelves today going to be incompatible with the final spec, they’re incompatible with 802.11b/g products (and with each other). Three chipsets are on the market today that are being used in these N routers: Airgo, Broadcom and Marvell. In tests, Airgo received the highest speeds, but completely obliterated any 802.11b/g router in the vicinity. Broadcom and Marvell wasn’t as bad, but they still interfered with legacy gear.

What this means is if you’re using both 802.11n and 802.11b/g in your home, all your b/g gear will have loads of problems when your newer wireless is in use. And just forget about using this in an apartment complex, where many wireless routers are close together—your neighbors will be pissed. The problem could be solved if you were to use a high gain antenna with your N gear, but nobody really uses it until they need range, but if you need range that means nobod" ...

Gadget of the Day: USB Teddy Bear Holds Data, Scares Children: "

Image source: Engadget

Happy Father's Day!

Stan Horaczek writes over on Engadget:



Generally, when someone makes a teddy bear-themed gadget, his/her intention is to overwhelm bystanders with cuteness. But whoever created this little guy, whose head has to be removed in order to access the internal USB drive, must have watched one too many Tim Burton movies.

No word on how much it holds or if there are any plans to make these available for purchase, but with your own bear, a thumb drive, some thread and a closet full of skeletons, you can probably make your own without too much effort.

More here."

Microsoft France pwned: "experts.microsoft.fr defaced. Windows 2003… Not the only one.
[see link for picture]
More here via Ferg.

Alex
(Thanks Adam)"

Phishes, Phlaws and Phurther Network Phollies, (Fri, Jun 16th): "Pay Pal Phlaw?

We've recieved a report of a potential flaw in the PayPal website that is being used to steal credit card and other personal information from PayPal users.

The scam works by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal.

When the victim visits the page, they are presented with a message that has been 'injected' onto the genuine PayPal site that says, 'Your account is currently disabled because we think it has been accessed by a third party. You will now be redirected to Resolution Center.' After a short pause, the victim is then redirected to an external server, (apparently somewhere in Korean IP space) which presents a very convincing fake PayPal Member log-In page.

Logging in sends the PayPal username and password to the bad guys and causes another page asking for more information (social" ...

The Fiber to the Premises Install Process: "SkinnyGuy writes 'Fiber to the Premises (FTTP) or Fiber-based broadband is still in a very few areas, but PCMag's Lance Ulanoff has it and he seems to really, really like all 15MBPS of it. There's also an extensive slideshow on the whole installation process.' From the article: 'The power out is connected to the box, and the fiber ends in the box and comes out as Cat 5e, which runs back through the hole all the way to a new D-Link router. That's right: In addition to the box on the outside and the UPS inside, Verizon also gave me a new wireless G router, which includes four wired ports. This is a lot of free equipment (though I might incur some charges if I were to quit FiOS before the year had gone by). All this--not including the through-the-tree cable run--took another 2 hours or so.' "

It’s all about the photos: "Posted by Adrian Graham, Product Manager

Reading feedback from Picasa users is one of the best parts of my job. And lately the feedback has been especially clear and direct: please offer an easy way to share photos online. Today, we’re delighted to begin testing a new Picasa feature that does just that. It’s called Picasa Web Albums.

In case you’re not familiar with Picasa, it’s Google’s free desktop photo management software. Picasa is a quick download that makes it easy for people to organize and edit their pictures using something that’s simple and clutter-free. It’s all about the photos. And now we’ve tried to bring that same experience to online photo sharing with Picasa Web Albums. Just pick a bunch of your photos from Picasa and upload them into a web album in a couple of clicks. Once they’re online, it’s super-easy to share them – click the “Share” button from anywhere on the site or, just email friends the URL for your publi" ...

Microsoft patch day, (Tue, Jun 13th): "Microsoft is releasing today 12 new security bulletins.

• MS06-021 Cumulative patch for Internet Explorer - Critical
  


• MS06-022 ART image library buffer overflow - Critical
  


• MS06-023 Microsoft JScript memory corruption - Critical
  


• MS06-024 Windows media player - Critical
  



• MS06-025 RRAS - Critical
  


• MS06-026 Graphics rendering engine remote code execution - Critical


• MS06-027 Word remote code execution - Critical


• MS06-028 Powerpoint remote code execution -Critical
  


• MS06-029 Exchange - Important
  



• MS06-030 SMB privilege escalation - Important
  


• MS06-031 RPC mutual authentication spoofing - Moderate
  


• MS06-032 IP source routing allows remote code execution - Important

Importantand re-released one.
MS06-011Please stay tuned for more details as we analyze the bulletins.

Handlers actively working on these include Arrigo, John, Kyle, Lorna, Johannes, Scott and Swa."

Phone Booths Make a Comeback -- Minus the Phone: " Via CBS News' 'The Early Show' .

You don't see old fashioned phone booths too much anymore, partially because just about everyone has a cell phone these days. But, as CBS News correspondent Cynthia Bowers explains, they could be making a comeback — with a twist.

A few months ago Rob Katz and Kevin Boehm joined the growing ranks of restaurateurs giving their diners a private space to make or take those can't-miss calls.

'There is no such thing as a dinner for two as long as their cell phone are on,' says Boehm.

More here."

AT&T Readies 40-Gig Backbone: "Craig Matsumoto writes on Light Reading:

Craig Matsumoto writes on Light Reading:

AT&T Inc. is gearing up for its OC768 (40 Gbit/s) backbone expansion starting next year, CTO John Stankey told Globalcomm attendees this morning.

Delivering the second-day keynote to a packed room, Stankey outlined AT&T's overall plan following on the completed merger with SBC and the pending BellSouth Corp. acquisition. Most of his talk involved lots of big numbers -- 5.6 petabytes of traffic per day traversing AT&T's network, for instance -- and breathless proclamations about the cornucopia of cool but really vague "converged" services coming for consumers and businesses.

All that -- plus Project Lightspeed, AT&T's initiative to bring broadband to the home -- translates to massive network growth. Hence the OC768 buildout, which Stankey said will be placed "in key routes between 31 cities throughout AT&T's U.S. backbone network."

More here.

Happy Birthday, Google Earth: "Posted by John Hanke, Director, Google Earth and Google Maps

We got so excited around here about the first anniversary of Google Earth that we decided to celebrate a bit early. Beginning today, you can download a brand new version, Google Earth 4. Running on OS X? Feel the love. Prefer Linux? Ditto. Yes, we're releasing simultaneously for PC, Mac (universal binary for full performance on both" ...

Car ad brings malware: Beware: "Got this from Mat at Sana
Security. An innocent looking ad on Craigslist leads to a site with malware.

Hello,
Thank you for your interest in my car. I gladly inform you that it is still on sale so you are right on time.
Sorry for the delay, as I am staying in the hospital right now. As I have to cover all the costs myself, I am selling it and the deal is very good for you. The car is in an excellent good condition. Please, follow the link and download all the specific information about the car:
http://url_removed/myalbum.exe
As soon as you download it, you will have all the necessary data:
description, photos, and other
details. Please, make sure you are well acquainted with the info so that your decision would be reasonable. The car is in excellent condition, no accident. Thank you.
Please, reply ASAP and feel free
to ask any questions.
P.S. To watch the pictures you are to save the portfolio on your computer and launch it.

Mat’s link here.

Alex Eckelberry"

Microsoft Misrepresenting WGA's Functionality?: "Legal Ethics writes 'According to an article on Groklaw, Microsoft is misrepresenting what the Windows Genuine Advantage (WGA) tool is to pressure people into installing it. It comes with no uninstall, it fails to disclose many pieces of information it provides to Microsoft, and it misrepresents itself as a 'critical update' when it does not address any security vulnerability, although it remains to be seen if it can create one. ZDNet has a series of screenshots so that you can see exactly how badly it misrepresents itself. Oh, and it also checks for updates, so Microsoft can presumably execute arbitrary code on any machine with it installed, merely by making that code part of a WGA update.' "

More Warnings Against Oversharing on MySpace: "Skapare writes 'Your next prospective employer might be watching your MySpace page, according to a story at the New York Times. And if you think Facebook is more private, maybe not if that prospective employer has an intern from the same school checking up on you.' From the article: 'Students may not know when they have been passed up for an interview or a job offer because of something a recruiter saw on the Internet. But more than a dozen college career counselors said recruiters had been telling them since last fall about incidents in which students' online writing or photographs had raised serious questions about their judgment, eliminating them as job candidates.' "

MS06-015 will not provide patch for windows 98 and ME., (Fri, Jun 9th): " Microsoft announced that they will not provide a patch for Windows 98 and ME for MS06-015 'Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)'. The choice appears to be related to the amount of effort needed to patch the problem and the fact that those Operating systems reach the end of their lifecycle on June 11th.
The suggested workaround is blocking incoming traffic to TCP port 139 on any unpatched systems. This should at best be a temporary step; unsupported operating systems are a greater liability than supported ones.
Many thanks to everyone that sent us a pointer to this story.

More details can be found at:
http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx
http://blogs.technet.com/msrc/archive/2006/06/09/434300.aspx"

Chris Hofmann: AJAX Mobile Map Apps on Minimo: "In the next rounds of development for Minimo we are focusing a bit on testing and creating some good support for mobile web based mapping applications. A recent Pew Internet study and other research indicates this is very high growth..."

Chris Ilias: Message tagging is here!: "Bug 114656 (ie. message tagging) has been checked into the Thunderbird trunk! Create as many tags as you want. Assign as many of them to a message as you want.
To help test message tagging, grab the latest trunk nightly."

phpBB 2.0.21, (Wed, Jun 7th): "phpBB version 2.0.21 was released.
There are some minor security improvements in the code, check the announcement for more details. Most of the code changes apear to be more functionality oriented than security oriented.

Considering the level of attention phpBB gets from the bad guys out there, it's best not to hesitate for long and upgrade really soon.

--
Swa Frantzen - Section 66"

Get in sync: "Posted by Brian Rakowski, Product Manager

What could be worse than forgetting to bookmark the obscure page you found that maps out the perfect walking tour of Venice? Having bookmarked it on the computer sitting on your desk back at home, 6000 miles away, instead of on the laptop you brought along. Or how about the frustration of being on a new computer and not remembering your passwords because your browser on your old computer automatically filled them in for you?

These sorts of frustrations inspired us to build a Firefox extension that keeps your browser settings for all your computers in sync. Google Browser Sync unifies your bookmarks, history, saved passwords, and persistent cookies across all the computers where you install it. It also remembers which tabs and windows you had open when you last closed any of your browsers and gives you a chance to reopen them. We think you'll enjoy how it handles sync conflicts and 'just works,' enabling you to bring your browser with you everywhere.

Meanwhile, we've also been improving version 2 of the Google To"

Google Launches Online Spreadsheet System: "Accommodate Students writes 'In a move that is sure to cause even more discussion of Google's intentions to go head-to-head with Microsoft in the Office Suite arena, they have launched a spreadsheet. AP is reporting this as 'Google further invades its rival's territory'. You can share spreadsheets with other users and can chat while you're editing - multiplayer spreadsheets! It can read both CSV and XLS formats.' More from the article: 'Google is targeting Office, which generated $2.95 billion in sales and $2.09 billion in profit in Microsoft's third quarter ended March 31. Microsoft plans a new release this year and is trying to get Office into more consumers' hands at a cheaper price while persuading businesses to buy higher-priced versions.' "

Bellagio Fountains Recreated with Mentos and Coke: "Trip writes 'What happens when you combine 200 liters of Diet Coke and over 500 Mentos mints? It's amazing and completely insane. The first part of this video demonstrates a simple geyser, and the second part shows just how extreme it can get. Over one hundred jets of soda fly into the air in less than three minutes. It's a hysterical and spectacular mint-powered version of the Bellagio Fountains in Las Vegas.' "

Viruses At All-Time Low, Spam At All-Time High: "Criminals opting for money over malware

May witnessed an all-time low for virus-laden emails and a record high for spam, according to figures released by security services firm BlackSpider Technologies.

The number of emails containing a malicious program made up fewer than one per cent of all emails seen by BlackSpider, while junk emails represented 87.74 per cent.

06-01-2006
Matt Chapman, vnunet.com
Read more..."

Burning Edge - Firefox: New release changelogs: "I posted two changelogs today based on Burning Edge posts: What's new in Bon Echo Alpha 3 (for Firefox 2) and What's new on the trunk for Firefox 3."