The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
Grandmaster of the Vitalsecurity Dojo and Supreme Antispyware Samurai Paperghost waxes lyrical on the art of being a Spyware Samurai.
Grasshopper: All is within your reach.
The time has come, children! The enemies are at the gate, and it is time to train in the ways of the Spyware Samurai! So, you want to kick some Malware-butt? Chew up and spit out all in your path? Invent crazy names for infections like W00tyMcWootalotabot.VVX!!2?
Well, now is the time!
Link here.
Alex Eckelberry
You’ve probably seen them — emails from the FBI and the like. Sober-Y is pretty significant in its breadth.
I even had a friend contact me: “I’m getting notes that the FBI has been watching me!”. Oh boy. I patiently explained that it was merely a virus.
Some are calling it the biggest email virus outbreak of the year. I agree.
It looks like an e-mail from the FBI, or a note promising pictures of Paris Hilton — but some anti-virus companies are now calling it the most widespread computer virus outbreak of the year.
MSNBC article link here.
Alex Eckelberry
Every move you make…every breath you take…
Police are rolling out surveillance cameras downtown and in the city’s most violent neighborhoods, the first step in an ambitious plan to make West Palm Beach the most closely monitored city in South Florida.
…”If we could put up 100 throughout the city, that would be ideal,” Assistant Chief Guillermo Perez said.
Link here.
Alex Eckelberry
One of our spyware researchers re-checked the LookoutSoft.net site that we discussed earlier and found that they are now using a EULA consent screen.
The EULA is densely worded legal jargon for Integrated Search Technologies and Enternetmedia. In there is a reference to nCase, a 180 Solutions product that was the precursor to Zango. You can read the EULA here.
Initial screen.
Note that in the EULA, one sees “CLICK HERE” to see the license agreements for three adware programs but there are no actual links.
180 Solutions Zango’s S3 dialog box now shows up.
Alex Eckelberry
Update: See the blog above.
There are is a follow-up from our post on LookoutSoft/Visaid Development, makers of software installs spyware without any notice or disclosure.
We received an email from them today:
Please remove this page as it contains false statements about lookoutsoft.net
Please notify us of the removal.
Visaid Development
Suzi at Spyware Warrior received a similar email today.
We have indicated to Visaid that we will not post a correction, since there is nothing that we can see to correct.
Alex Eckelberry
State of Texas is suing Sony BMG over the rootkits.
The state sued Sony BMG Music Entertainment on Monday under its new anti-spyware law, saying anti-piracy technology the company slipped into music CDs leaves computers vulnerable to hackers.
The lawsuit is over the so-called XCP technology that Sony had added to more than 50 CDs to restrict to three the number of times a single disc could be copied.
Link here.
Alex Eckelberry
(Thanks Lior)
Ben Edelman discovered a very simple, effective way that Sony BMG can notify customers that they have the rootkit on their system.
Since the Sony BMG CDs in question actually call home, there is a simple way for Sony to insert an advertisement into the XCP player, warning users they have the rootkit on their system.
Highlighted in green is call for a banner ad (currently nothing is there):
HTTP/1.1 302 Moved Temporarily
Set Cookie: ARPT=JKXVXZS64.14.39.161CKMJU; path=/
Date: Sat, 12 Nov 2005 18:36:49 GMT
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.14 OpenSSL/0.9.7d
Location: http://www.sonymusic.com/access/banners/nobanner.xml
Keep Alive: timeout=10
Connection: Keep Alive
Transfer Encoding: chunked
Content Type: text/plain
By simply replacing it with his own, he was able to create an ad on the Sony BMG player with a warning.
<?xml version=”1.0″ encoding=”UTF-8″ ?>
<rotatingbanner>
<banner src=”http://www.benedelman.org/sony/image1.jpg” href=”http://cp.sonybmg.com/xcp/” time=”4000″ />
</rotatingbanner>
See Ben’s site for all details, and a screen shot of what an ad might look like. Link here.
Sony BMG: Do this. It’s a good idea.
Alex Eckelberry
Uber Spyware Fighter Eric Howes has put together a detailed list of “issues” regarding 180 Solutions.
Link here.
Alex Eckelberry
You can now be like your dog. A company called Applied Digital has received FDA approval to start selling an RFID tag that will be implanted in humans.
The uses listed are fairly innocuous — tracking people in hospitals with complex diseases such as Alzheimer’s.
The company is targeting the devices at patients suffering from Alzheimer’s disease, diabetes, cardiovascular disease and other conditions requiring complex treatment.
Medical data is not stored on the devices, also known as radio frequency identification chips. Rather, it’s stored in a database that links the chips’ unique serial numbers with patient data. In its review, the FDA carefully studied the privacy issues around the technology, specifically the risk that medical records could be improperly disclosed, according to Applied Digital.
Here’s what the thing looks like:
It’s implanted in the fatty tissue of the arm.
And check this out from the same article:
Applied Digital…also markets the VeriChip as an authentication tool for use in building security and to complete financial transactions. The attorney general of Mexico and 200 people on his staff have already been implanted with the company’s chips as part of an effort to control access to areas where confidential documents are kept.
Well pretty nifty, eh? One more step in the Brave New World of RFID, something I’ve highlighted occasionally in this blog.
Alex Eckelberry
If you’ve been anywhere near the Internet business community for the past year, you’ve likely heard the term “Web 2.0”. It’s become a sort of catch-all phrase for the web as an application platform (hasn’t it been for a long time?), and new stuff like flikr, flock and del.icio.us is being thrown into the pot. (By the way, is it just me or is del.icio.us just the most stupid, awful URL known to mankind?)
Well it turns out the origins of the term are pretty pedestrian. Book publisher Tim O’Reilly was working with a tradeshow company and they were trying to name a new conference.
So the entire Web 2.0 thing came out of a couple of people trying to name a tradeshow.
Now, I don’t blame Tim at all. He was trying to figure out what the evolving web would look like. But in the meantime, we’ve got people cropping up all over the place saying “Web 2.0” and the term has apparently evolved to mean “new stuff on the web”.
From Paul Graham:
Tim says the phrase “Web 2.0” first arose in “a brainstorming session between O’Reilly and Medialive International.” What is Medialive International? “Producers of technology tradeshows and conferences,” according to their site. So presumably that’s what this brainstorming session was about. O’Reilly wanted to organize a conference about the web, and they were wondering what to call it.
Read Paul’s article here.
Alex Eckelberry
If you haven’t seen the list of open source packages that Wikipedia has put together, check it out. It’s pretty cool.
This is a list of open-source software packages: computer software licensed under an open-source license. Software that fits the Free software definition may be more appropriately called free software; the GNU project in particular objects to their works being referred to as “open source.” For more information about the philosophical background for open source software, see open source movement and free software movement. However, nearly all software meeting the Open Source Definition is also Free Software, so it is all listed here. But there is also a List of Free Software packages where only software whose licence is approved by Free Software Foundation is listed.
Link here via Lifehacker.
Alex Eckelberry
Weather Guy Scott Stevens thinks all this crazy weather is due to a massive conspiracy:
So in early 1990, the weather engineering operations over North America were assumed from the FSB/KGB by the Yakuza/Aum Shinrikyo teams, and operations continued with the Yakuza’s leased giant scalar interferometers. The weather engineering against the United States continues today under the rogue Japanese teams on site in Russia, with direct FSB/KGB supervision.
In 2004 we have entered the 2-year “final preparation phase”. These operations have been intensified and will continue to be intense, wreaking great economic damage. Hurricanes Charlie, Frances, Ivan, Jeanne, etc. have been no exception to the Yakuza weather engineering, which included directly influencing and controlling each hurricane’s power and behavior, as well as directing its course and speed so as to choose its targeting path. Indeed, Ivan did a 180 degree turn, and Jeanne did a 360 degree loop before reaching Florida, demonstrating the degree of control available.
Link here.
Please, I’m not commenting on this. It’s entertainment, ok?
Alex Eckelberry
First, let’s make sure our definitions are clear. A rootkit is generally defined as software that is installed secretly and is undetectable. It provides the most powerful level of control to the system without the system owner’s knowledge. It gives “root” privileges, a term used in Unix to denote the highest level of authorization — also called superuser. A full definition is here.
Microsoft program manager Mike Denseglio talks about rootkits to ZDNET and says some surprising things:
What is a rootkit?
A rootkit is not an attack vector on its own. It is not a virus, and it is not a worm. It is a cloak or a disguise — something to hide something else. For instance an attacker might want to use a rootkit to put a virus on your system but doesn’t want you to be able see that virus.Is a rootkit malware?
Most people think it is, but it is not always. A sys admin might want to use a rootkit to hide something from the user, to monitor the system in some way. I treat rootkits neutrally — I don’t want to class them as good or bad. You have to make your decision in each case. [My emphasis.]
The rootkit is not a virus, a worm, or a Trojan horse. It is just the code that hides something. Can it hide worms and spyware etc? Absolutely it can. The issue in the Sony DRM case is whether Sony properly disclosed that it is installing a rootkit on your system. And what Sony uses is a rootkit: it hides other things.
First is the illogic. How can Denseglio define a rootkit as something acceptable if there is full disclosure? That, by definition, is not a rootkit.
For example, you have those programs that lock down computers (you see them at retail stores like CompUSA and BestBuy). They may be hidden in user mode from the user. However, the administrator can gain access to them. Commercial keyloggers may be in the same vein — the administrator of the keylogger can get to it.
Look at what the Sony rootkit did:
1. It didn’t disclose itself.
2. It hid itself from the user.
3. It provided no means to uninstall itself.
4. Because it was hidden, it created security holes that hackers could use to gain access to a system.
5. It hooked into the kernel.
6. It provided Sony with superuser/root capabilities.
But if it was disclosed, would it still be acceptable? No.
Denseglio is watering down the definition of rootkits and that is a slippery slope.
To quote Eric Howes in a recent email on the subject:
Think of all the interested parties who will welcome the news that it is perfectly acceptable to drop rootkits on users’ PCs in order to assert control over them, as long as there is some form of disclosure.
And given what passes for “disclosure” these days, we could very well start seeing various parties who regard users’ control of their own PCs as a threat or a nuisance simply wait a bit until the Sony uproar dies down a bit and then start rolling out their own rootkits — with some notice buried in the EULA, of course.
The next step will be to invent a more “friendly” term for “rootkits” — perhaps “administrative cloaking tool,” or even “secure protection utility.” The goal here will be to hang a name on the technology so that it actually sounds like a benefit to the user.
It’s hard to see how users or consumers or citizens benefit from an approach that regards rootkit technology as “neutral, neither good nor bad in and of itself.” There is nothing “neutral” at all about the effects that this so-called “neutral” approach will have on users, who will now have to grapple with software companies, advertisers, and content providers vying to use rootkits to LEGALLY assert control over the PCs of users for whatever end.
I don’t know Denseglio and I don’t necessarily blame him for his comments and I’m certainly am not interested in attacking him or his credibility. But his statements merit discussion and debate. To me, the answer is simple and he may very well agree with me:
Rootkits are unacceptable in any situation.
Link here.
Alex Eckelberry
Ok, so maybe you have to be a marketing wonk to care about all this but I find this mildly interesting.
The Online Publishers Association recently reported on online spending patterns. Umm… this was done with Comscore (makers of tracking program Relevant Knowledge…we won’t go there right now…).
There is some interesting stuff in there.
Growth in the Entertainment/Lifestyle category, driven by online music sales, has rippled through most every aspect of this report. Not only does growth in the Entertainment/Lifestyles category account for a large portion of the overall growth in online paid content spending; it accounts for the ballooning figures for single purchase content sales (now 20.1% of all revenue for paid content, up from 11.0% in 2003) as compared to subscriptions, and for the increasing percentage of all online paid content income attributed to low-price-point sales (under $5 per transaction), as compared to mid- and upper-range figures.
So paid online music sales is actually a growth area. No big news there, but perhaps it will make the Luddites feel better.
Now, if you’re wondering why you get all those popups for online dating, the answer is here. It’s a big business:
Personals/Dating remained a strong second-highest revenue producer, with online content sales of $245.2 million in H1 2005.
Conclusions of the report:
PDF link here.
Alex Eckelberry
I have three of these Scientific Atlanta DVRs at home. Looks like they might be owned by Cisco if rumors are correct.
From the New York Times:
Cisco Systems Inc., the Internet equipment provider, plans to announce the acquisition of Scientific-Atlanta, a maker of television set-top boxes, for $7 billion according to people who have been briefed on the negotiations.
Alex Eckelberry
From Lifehacker:
The iPod stores music on a hard drive, right? And with any system, an excessively fragmented hard drive means a slow system. An old thread on the iPod Hacks forum discusses speeding up your iPod with a simple disk defragment.
(I’m not completely convinced it will increase performance, but it’s worth a try).
More here.
Alex Eckelberry
Well, they certainly are nicer offices than ours. These pics were taken during a recent party for ad:tech (an industry conference on online marketing).
Flickr link here.
Alex Eckelberry
Michael Horowitz has a good writeup on some of the trickery used by phishers and thieves to create real looking, but completely fake URLs. While most of This Blog’s Faithful Readers know all these tricks, it’s a good overview of the “domain name trickery” going on out there.
In determining who really owns a domain name, the rightmost two parts of the name are all that matters, and the only thing that determines the rightmost two parts are periods. Thus a web site name such as “www.ebay.scammer.com” is really “scammer.com” and has nothing to do with eBay.
Link here.
Clark, Texas becomes the town of DISH, TX for 10 years in exchange for 55 DISH antennas.
Perhaps the next step is for San Francisco to become the city of Google, CA in exchange for free WiFi.
Of course, we already did all that naming stuff — we have a whole region of the country named after us… the Sunbelt!
<sorry>
Alex
