Month: December 2005

Patricia Santangelo, a divorced mother of five who can’t afford to pay her lawyer, is taking on the RIAA alone. 

“It’s a moral issue,” she said. “I can’t sign something that says I agree to stop doing something I never did.”

If the downloading was done on her computer, Santangelo thinks it may have been the work of a young friend of her children. Santangelo, 43, has been described by a federal judge as “an Internet-illiterate parent, who does not know Kazaa from kazoo, and who can barely retrieve her e-mail.”

The drain on her resources to fight the case — she’s divorced, has five children aged 7 to 19 and works as a property manager for a real estate company — forced her this month to drop her lawyer and begin representing herself.

Link here.

Did they ever send her a cease and desist letter before suing her?  Apparently not.  These jackboot tactics against mothers and children are sick.

The leadership of the RIAA is two guys:  A lobbyist and a lawyer.  And they’re not stopping. On the 15th of December, they filed lawsuits against another 751 people.

I respect artists.  I have no respect for bullies.

Alex Eckelberry

With the recent Google deal with AOL, there was lots of false information. 

Google veep Marissa Mayer whacks the rumors: 

– Biased results? No way. Providing great search is the core of what we do. Business partnerships will never compromise the integrity or objectivity of our search results. If a partner’s page ranks high, it’s because they have a good answer to your search, not because of their business relationship with us.

– Indexing more of AOL’s content. Our goal is to organize all of the world’s information. When we say “all the world’s information,” this includes AOL’s. We’re going to work with the webmasters at AOL — just as we work with webmasters all over the world — to help them understand how the Google crawler works (with regard to robots.txt, how to use redirects, non-html content, etc.) so we don’t inadvertently overlook their content.

– AOL will receive a credit towards advertising purchased through Google’s ad program. You might wonder if this will affect the ad auction. It won’t. We don’t offer preferential treatment on advertising (in either the auction or the display) to any of our partners.

– We have a service called “onebox” for which we provide some additional links separate from ads (sponsored links) and search results. (Try searching on [new york transit strike] and look for the news section.) AOL and its products have always been a part of onebox, along with many other providers, and will continue to be.

– There will be no banner ads on the Google homepage or web search results pages. There will not be crazy, flashy, graphical doodads flying and popping up all over the Google site. Ever.

Link here via John Battelle.

Alex Eckelberry

I am a loyal fan of RSS Popper, which puts RSS feeds into Outlook.  Well, looks like Microsoft is on going to go the same way.  

From Michael Affronti’s blog (the program manager for Outlook):

RSS Aggregation in Outlook is aimed at providing the user with a consistent look, feel, and experience while interacting with RSS feeds and related information.  While RSS can be a complex technology to interact with, Outlook will merge the complexities and cover it with our friendly user interface.  From the beginning of interacting with a feed using the subscription process through managing your feeds, their associated folder hierarchies, and potentially sharing feeds with others, Outlook will cover RSS in those situations from end-to-end.

 

(Image from Michael Affronti’s blog)

Link here via beSpacific.

Alex Eckelberry

Gulp.

Britain is to become the first country in the world where the movements of all vehicles on the roads are recorded. A new national surveillance system will hold the records for at least two years.

Using a network of cameras that can automatically read every passing number plate, the plan is to build a huge database of vehicle movements so that the police and security services can analyse any journey a driver has made over several years.

Link here.

“On each landing, opposite the lift shaft, the poster with the enormous face gazed from the wall. It was one of those pictures which are so contrived that the eyes follow you about when you move.” —Orwell

Alex Eckelberry

Sad but an example of how phishers can back-door into a site and use it to setup a phishing operation: An educational institution site that has been compromised.

The school district is closed so the phisher is having a field day.   We have been in touch with the school administration and the phishing site has been taken down.

Here’s the main page: http://www.pottsboroisd.org

And here’s where the phishers put their sign-in page for their phishing site:

Looks like the website is using Apache, so if the admin doesn’t really know about security, it’s understandable how it could be hacked.  On the other hand, IIS, in default configuration, is fairly secure. 

Alex Eckelberry
(Thanks to Sunbelt researcher Adam Thomas for finding this.)

Yesterday, Yair Amit of Watchfire Corporation gave details on an exploit that was found in Google.  

Now, here’s what I like about this story:  Yair found it and reported it to Google.  On the same day, Google responded back to him.  Then, they fixed it. 

He never told the world about it until it was absolutely confirmed that Google had fixed it.  In the security circles, this is known as “Responsible Disclosure”.  And in Yair’s words: “The author would like to commend the Google Security Team for their cooperation and communication regarding this vulnerability.”

Yup.  Both Google and Yair should be commended for handling this so well. 

Now, contrast this with the Internet Explorer Javascript exploit that we wrote about a few weeks ago.

It looked like this:

This exploit attacked fully patched Windows XP systems and was quite nasty.

But here’s the rest of the story:  This whole exploit started back in June, when a security researcher by the name of Benjamin Tobias Franz wrote information on a way to make Internet Explorer crash. I suppose it wasn’t considered high priority by the Microosft team because it was an incredibly obscure method of crashing Internet Explorer (it was a bug that had been fixed in IE previously but had come back).

Then in late November, an outfit called ComputerTerrorism decided to look at the exploit and figured out that it could be used as a way to hack a machine.

They published the details for the world and even threw in a bonus:  They gave wrote the code to make the exploit actually work.  It’s here if you want to see it.

Within 10 days, we started running across this exploit, inserting a trojan into user’s systems.  We looked at the code and it’s clearly copied wholesale from the ComputerTerrorism site. At least in one case, the bad guys didn’t even bother to change the file name of the ComputerTerrorism file.

In other words, ComputerTerrorism did the hackers and favor and wrote the code for them.  They didn’t mean to. But by their own actions, whether negligent or well-intentioned, they started the process of getting people infected with a trojan. 

As an example, here is some code taken off one of the bad sites with the exploit.  It even references ComputerTerrorism.

One assumes that hackers are super gurus.  I hate to break it to you, but while there are some very smart hackers out there, most are script kiddies who take other people’s work, modify it a bit and then use it themselves.

Doing them a favor is the wrong thing to do.

I emailed ComputerTerrorism asking them to please take this code off their site.  Never got a reply.  

Microsoft ultimately patched IE on December 12th and so this exploit is solved.  Microsoft should have patched the vulnerability earlier, true.  But ComputerTerrorism should have alerted Microsoft of the proof of concept and waited for Microsoft to fix it first.  Believe it or not, Microsoft is responsive to security holes in the products.

Only as a last resort should this proof of concept have been published.

Now, perhaps, some people in the security community may learn a lesson on it.  Because by and large, the security community is incredibly responsible.  A few aren’t. I don’t care if it was well intentioned.  The path to hell is littered with good intentions.

Alex Eckelberry

We have new Sunbelt wallpaper with our new corporate slogan:  “We keep the bad guys out™”

Resolutions:

1024×768

1152×864

1280×1024

1600×1024

Alex Eckelberry

How fast do AV companies respond to outbreaks?

Anti-virus researcher Andreas Marx of Av-Test.org has concluded an annual round of testing to see how well the various anti-virus programs responded to recent outbreaks of viruses and worms. The results appear to show that while the major anti-virus products are still having trouble keeping up with the massive glut of new malware, most are starting to do a better job.

This is interesting:

Marx noted that corporations are extremely intolerant of false-positives, so Symantec, McAfee and other vendors widely used in corporate environments tend to have a more complex quality-assurance process to weed out false positives; this often results in the companies taking longer to get virus definitions in place. On the other hand, smaller anti-virus companies, he said, tend to have more problems with false positives.

Link here.

Alex Eckelberry

There’s a serious vulnerability that’s been found in Vmware that can make malware “leap” out of Vmware into your host system.

Since Vmware is used heavily in malware research, this is an obvious danger.

From Vmware’s KB:

A vulnerability has been discovered in vmnat.exe on Windows hosts and vmnet-natd on Linux systems. The vulnerability in this component affects VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1, VMware Player 1.0, and previous releases of these products. The vulnerability makes it possible for a malicious guest using a NAT networking configuration to execute unwanted code on the host machine.

VMware believes that the vulnerability is very serious and recommends that affected users update their products to the new releases available at www.vmware.com/download or change the configuration of the virtual machine so it does not use NAT networking.

Link here.  More at SecurityFocus.

I just spoke with Vmware Support (Rahul was very helpful), and patches are only available for versions VMware Workstation 5.5, VMware GSX Server 3.2, VMware ACE 1.0.1, VMware Player 1.0.  Apparently, all versions prior to these will need to address the problem by turning off NAT networking.  

If you have any confusions or doubts, I would recommend contacting Vmware support.

Also, a tip: If you own an older version like 4.5, it’s likely considerably cheaper just to buy a Silver support contract than to pay the upgrade price.  You get free upgrades with a Vmware support contract vs. just buying an upgrade.  Check with Vmware to see if it makes sense.

Alex Eckelberry
(Hat tip to Full Disclosure, Eric and Adam)

Digital analyst Phil Leigh has an interview with Caroline Gabriel of Rethink Research.  She is providing a free presentation about her new $1,500 research report on the WiMax Market.

From Phil:

If you want to learn more about the developing market opportunities in WiMax, this interview is for you.

 Just about everybody with a modern laptop computer today realizes that WiFi is the wireless technology that enables them to connect to the Internet conveniently at various privately owned “hot spots” around town. Perhaps the best known example is the local Starbucks Coffee Shop. But it wasn’t too many years ago when WiFi hot spots were new concepts that many of us had trouble understanding before actually using them.

 It appears that the next stage in the evolutionary trend will be WiMax. But WiMax will offer much more than WiFi. First, it will support much higher data rates so that it will be suitable for video. Second, in its second (mobile) iteration it will enable cellular-telephone-like handoff so that users may stay connected from one base station to another. That provides total mobility.

WiMax basically points the way to fourth generation wireless networks in which voice is merely one application, and a prosaic one, that subscribers run on their portable devices.  Various Digital Media applications involving video, audio, and music will also be routine.

One cogent industry observer, lost to memory, once said, “The future has already arrived, it’s just not evenly distributed.” Our guest today points out that South Korea is well ahead in both wireless and broadband Internet. She feels that the country’s WiMax network will be fully operational by the middle part of next year and that it will provide a test case as to just how effective WiMax will be in practice.

Link to the presentation (WebEx) here.

Alex Eckelberry

We received a tip from a researcher in the spyware community that there was a lawsuit against 180Solutions, DirectRevenue and eXact Advertising. The problem is that it was filed in a small county in California and thus required a small amount of work to get. Nevertheless, with the help of our high priced lawyers, we now have a copy of the suit.

The documents we received also indicate that the defendants are trying to get the lawsuit moved to Federal court.

The lawsuit was filed by attorney Martha Bronson, who apparently has done this before.

A description of this lawsuit from her site:

180SOLUTIONS, DIRECTREVENUE, EXACT ADVERTISING et al.,: This class action lawsuit alleges that these companies violate the general public’s right to privacy and invade the privacy of individuals through unauthorized downloads of adware and spyware. The class action complaint further alleges that the software causes damages to computers by interferring with its processes and sometimes causing the computer to crash, slow or otherwise malfunction. Some of the software is disguised on a person’s computer and near impossible to remove. The lawsuit seeks an injunction prohibiting the dispensing of the software and restitution of all income received from the dispensing of the software or advertising income and to pay the cost of removing or otherwise repairing the damage done to computers.

You can read the lawsuit here (the first several pages is the motion to move the lawsuit to Federal court). I am trying to get a cleaner copy and will post it if I get it.

UPDATE:  I have obtained a slightly cleaner copy here.  Also, defendants’  “Answer to complaint” here. 

Alex Eckelberry

There’s a new movie coming out from Warner Brothers that looks like fun, about a family that has had their identity compromised.  But they picked the wrong guy (Harrison Ford), because he’s fighting back.

Security companies will rejoice at the new found sales opportunities. However, the premise is apparently that the hero got hacked, and the bad guys got personal information which enabled them to kidnap his kids.  HUH?  Well, hate to break it to Hollywood, but you don’t need to breach a firewall to do this…

In other words, this looks like a standard “bad guys try to mess with hero’s family/country/life/etc., the hero fights back” kind of story, with a technology hook. 

Just looking at the trailer, I didn’t see a lot of hokey graphics—the kind of stupid Hollywood stuff that drives me nuts when I’m sitting through a movie. I’m sure technically it’s got blindspots but we’ll have to wait and see when the movie comes out.  

Link to the trailer here.

Alex Eckelberry

Today we announced the completion of our acquisition of the Kerio Personal Firewall and the Kerio Server Firewall.   Link to our corporate propaganda here.

Here are the key points:

• We have acquired both the Kerio Personal Firewall and the Kerio Server Firewall. Both products will be re-branded on an interim basis as the “Sunbelt Kerio Personal Firewall” and “Sunbelt Kerio ServerFirewall”.
• Existing customers of the paid versions will receive full technical support through Sunbelt, with the additional enhancement of access to Sunbelt’s toll-free support.   Yup. Toll free support, right here in the US of A.
• We are also maintaining Kerio’s product support forums for both products, with full transition of the forums to Sunbelt servers expected by January.  Forum link here.
• We are continuing Kerio’s tradition of offering a free home version.
• We will be launching a new version of the Kerio Server Firewall in the first quarter of next year, at a competitive price point.
• We are dropping the price on both products.  And, we’re giving 25% off on the Kerio Personal Firewall product through the end of March. 

Personal Firewall will get Sunbelt’s “no brainer” pricing.

We’ve had this idea for years of what we call “No Brainer” pricing.  The idea is that it’s such a value that it makes the whole purchasing decision easy.  Plus, I do feel that most software is overpriced anyway. 

Well, $19.95 is no-brainer pricing.  It’s the cost of a decent meal. So we have priced the Kerio Personal Firewall at Sunbelt’s No Brainer pricing of $19.95.  With that, you get one year of free support, upgrades and updates.  Subsequent annual subscriptions are currently $10.  It’s a ridiculously good deal.

This type of pricing upsets my accountants and the competition, but it’s good for the user and ultimately, it’s good for the company as it allows us to develop a large user base..   

But I went a step further.  I want as many people that are using the free version to convert to the paid version.  I also want our own users to own the product. And in order to get people to buy, you need two things:  a) a hot price and b) time urgency.  So I instructed our online shop team to put in place a 25% discount on the Kerio Personal Firewall until March 31.  That makes it $14.95.  It’s ridiculously cheap and I expect a lot of people will be buying up this firewall.

This $14.95 pricing works for people renewing their license purchased through Kerio as well.  

On the Server Firewall 

Kerio had previously shipped a server version of their firewall, but it was expensive and was ultimately discontinued.  We are working on a new version 2.0, which adds a lot amount of functionality to the previous version, including remote management of multiple servers and plenty of other features.  We’ll have it ready to ship the first quarter.  We’re still trying to figure out a good price for this thing, but I can assure you, it will be less expensive than the version Kerio had sold.

The whole 2.1.5 issue

Years ago, Kerio shipped a version that was an extremely simple and powerful packet filter tool.  Ultimately, development was ended at version 2.1.5, and the new version 4 (there never was a version 3) was shipped.  Version 4 is a superset of the old version 2.

There’s a lot of loyal users of the old 2.1.5 version who haven’t upgraded to version 4.  Many want us to re-release it. I’ve looked at this older version, and I can truly understand its charm:  It’s a tight, small and very elegant tool for the highly technical user. 

Internally, we discussed at length the possibility of re-releasing version 2.1.5.  However, ultimately our development team came back with the news that this was not going to be possible without a Herculean effort.  This is tired code.  Even doing a build is nearly impossible and presents enormous headaches from a development standpoint.

However, I do agree with the loyal users about all that this old version had to offer and we will see what we can do on future versions of the Kerio Personal Firewall accommodate your personal preferences. 

For now, those who still want to run the old version 2.1.5 can download it here.

The future

We’re proud of this acquisition, but we’re also humbled by our responsibilities to such a large, active and loyal user base.  We are committed to supporting Kerio users and you can always contact me personally if you ever have any issues.  We’re big fans of these products and look forward to doing more great things with them.

Alex Eckelberry

President, Sunbelt Software

This guy got a typical Sober worm email saying “he was under investigation”, thought it was real and turned himself in.

A child porn offender in Germany turned himself in to the police after mistaking an email he received from a computer worm for an official warning that he was under investigation, authorities said on Tuesday.

“It just goes to show that computer worms aren’t always destructive,” said a spokesman for police in the western city of Paderborn. “Here it helped us to uncover a crime which would otherwise probably have gone undetected.”

Link here via Ferg.  Also, F-Secure has a picture of the email that scared the guy.

Alex Eckelberry
(Thanks Eric S.)

Got this from SpywareInfo:

Federal judges have just hit parents with a triple whammy. Two appellate courts held that parents have no right to stop offensive, privacy-invading interrogation of their own children in public schools. In a third case, the U.S. Supreme Court indicated that it is not going to do anything to protect parental rights concerning schools.

Link here via Catherine.

Alex Eckelberry

I blogged eons ago about Macs and spyware and mentioned in passing a program called MacScan.  At the time, it didn’t support OS X, but now a new version has been released. 

Mac users, correct me if I’m wrong, but is spyware even a vague problem on Macs?  

At any rate, link here via Vitalsecurity.

Alex Eckelberry

I recently wrote about a way to run IE 6 alongside IE 7.  It may not be the best idea.

From the Microsoft IE blog:

If a user has ever attempted to run IE7 Beta1 in an unsupported side-by-side configuration with a version of IE6, IE7 Beta1 puts a registry key on the machine the first time a user executes the IE7 version of IEXPLORE.EXE. This key is part of an normal IE7 installation on XP, and will not be configured correctly if an unsupported side-by-side install is used. When IE7 is installed using the installer, the key should be removed properly upon uninstall. A machine can also load this registry key and not remove it during a failed IE7 installation.

Link here via SpywareSucks.

SpywareSucks makes this comment:

When I asked him why he wanted to run IE6 and IE7 together, the only reason he gave was that some sites do not work with IE7.   He was surprised to discover that this is an issue that is easily addressed, without running the risk of causing problems for your PC (such as those being reported to the IE team).  Advice and instruction on how to get around User Agent String sniffing, which is in 99.9% the only reason you may see problems trying to access a web site when running IE7, can be found here:
http://www.ie-vista.com/sites.html

Alex Eckelberry

IBIS, makers of WebSearch Toolbar, claims it is exiting the adware model.

From a press release on the 15th:

IBIS … announces that it will discontinue distribution of its flagship product, WebSearch Toolbar. Amid concerns that WebSearch was being labeled as spyware, the company initiated action to rectify controversial aspects of the product in order to refute spyware claims.

Link here.

Their strategy will be to focus on Crawler site and toolbar, as well as their SpywareTerminator antispyware application (which is listed on SpywareWarrior’s Rogue/Suspect antispyware page).

We will be researching their claims for validity.  

Alex Eckelberry
(Thanks Eric)

I went to DC recently for a press tour and got to meet with I.J. Hudson at the local NBC affiliate.  Very nice guy, he even caught my charming (albeit tired) mug on TV.  Go to the Sunbelt Underground and click on “Holiday Shopping” under “Past Videos”. Direct link here. 

Alex Eckelberry

If you got some of your early computer experience on a Pet/Vic-20/C64/Amiga, etc., you’ll likely have a passing interest in this story.  

A Dutch consumer media company is hoping it can tap the power of the VIC 20, the PET and the Commodore 64 to launch a new wave of products, including a home media center device and a portable GPS (Global Positioning System) unit and media player.

And then:

The company has said it plans to launch three products at the show. The Commodore MediaBox is an all-in-one home entertainment box with an Internet connection, digital TV tuner and hard drive for playing music downloads, games or on-demand video. The Commodore Navigator is a Windows CE-based portable device with a 20GB hard drive for music and video storage as well as built-in GPS and a 3.6-inch touch screen.

Similar to the old CDTV? .  <nostalgia> Back in the dawn of time, I worked for an Amiga developer (Aegis Development, then Oxxi) and I remember getting a briefing from Gail Wellington (the “mother of the Amiga”) about the CDTV before it was launched—and not long thereafter I went to Quarterdeck. The CDTV was an interesting idea but never sold as wildly as Commodore would have liked.) </nostalgia>

On first glance, it looks to me that they’re basically going to leverage the brand name, but whatever. Others have certainly tried to revive Commodore, and I can only wish them luck. 

Link to the article here.

Oh, and curious about the history of Commodore?  Click here.

Alex Eckelberry