Month: December 2005

Reported by one newsletter as “Firefox Subject to DoS Attack”, it’s really not that big of a deal (at least at this juncture, but one is never complacent in the security business).

Firefox has a vulnerability with hugely long URLs (and I do mean huge) where it slows down.  Part of the problem is that the slowdown continues as long as you have the mega URL in Firefox’s history.

The Mozilla folks have investigated it and they believe there’s no evidence that a DoS scenario using this long URL vulnerability could result in a security issue.

Web pages with extremely long titles (the posted proof of concept used 2.5 million characters) can cause Mozilla Firefox and the Mozilla Suite to appear to “hang” on startup when reading the browsing history data. The browser will eventually continue normally although this can take up to several minutes on a slower computer. The unresponsive starts will continue until the item with the long title is removed from the history file or eventually expires.

We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.

Should the user encounter this problem the slow starts can be fixed by deleting the item from history.

Link here.

 

Alex Eckelberry

 

Reported in Codefish.  We checked out this Trojan and it’s not very friendly. 

Here is what the email looks like::

Microsoft Security Bulletin MS05-039

Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)

Summary:

Who should receive this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution and Local Elevation of Privilege
Maximum Severity Rating: CRITICAL
Recommendation: Customers should apply the update immediately.
Security Update Replacement: None
Caveats: None
Tested Software and Security Update Download Locations:

Affected Software:

•	Microsoft Windows 2000 Service Pack 4 – Download the update
•	Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 – Download the update
•	Microsoft Windows XP Professional x64 Edition – Download the update
•	Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
•	Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update
•	Microsoft Windows Server 2003 x64 Edition – Download the update

Non-Affected Software:

•	Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Executive Summary:

This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Conclusion: We recommend that customers apply the update immediately.

© 2005 Microsoft Corporation. All rights reserved.  Terms of Use | Trademarks | Privacy Statement

 

Loading the trojan, here’s what it looks like:

 

I checked the file at Virustotal.com and here are the results are as follows
(“No virus found” means that the virus scanner did not detect it):

This is a report processed by VirusTotal on 12/12/2005 at 18:59:39 (CET) after scanning the file “Windows-KB899588-x86-ENU.exe” file.

Antivirus	Version	Update	Result
Avast	4.6.695.0	12.10.2005	No virus found
AVG	718	12.08.2005	No virus found
McAfee	4648	12.12.2005	No virus found
NOD32v2	1.1319	12.12.2005	No virus found
Norman	5.70.10	12.12.2005	No virus found
TheHacker	5.9.1.053	12.12.2005	No virus found
F-Prot	3.16c	12.09.2005	security risk or a “backdoor” program
AntiVir	6.33.0.61	12.12.2005	TR/Luhn
Avira	6.33.0.61	12.12.2005	TR/Luhn
Panda	8.02.00	12.12.2005	Trj/Spy.Luhn
Sophos	4.00.0	12.12.2005	Troj/Dropper-BV
Symantec	8	12.12.2005	Trojan.Dropper
DrWeb	4.33	12.12.2005	Trojan.Sklog
BitDefender	7.2	12.12.2005	Trojan.Spy.Luhn.A
ClamAV	devel-20051108	12.12.2005	Trojan.Spy.W32.Luhn
CAT-QuickHeal	8	12.12.2005	TrojanSpy.Luhn.a
Kaspersky	4.0.2.24	12.12.2005	Trojan-Spy.Win32.Luhn.a
VBA32	3.10.5	12.12.2005	Trojan-Spy.Win32.Luhn.a
Fortinet	2.54.0.0	12.11.2005	W32/SpyLuhn.A-dr
eTrust-Iris	7.1.194.0	12.11.2005	Win32/Luhn!Spy!Dropper
eTrust-Vet	12.3.3.0	12.12.2005	Win32/Luhn.A

 

Alex Eckelberry
(Hat tip to Sunbelt researchers Eric Sites, Eric Howes and Patrick Jordan)

del.icio.us gets bought by Yahoo.  

We’re proud to announce that del.icio.us has joined the Yahoo! family.  Together we’ll continue to improve how people discover, remember and share on the Internet, with a big emphasis on the power of community.  We’re excited to be working with the Yahoo! Search team – they definitely get social systems and their potential to change the web. (We’re also excited to be joining our fraternal twin Flickr!)

Link here via loose wire.

Alex Eckelberry

A novel use of Gmail.  Not something I bother with, but nifty.  Here it is in case you’re inclined:

Whether you’re knee-deep in del.icio.us or not, it’s easy to understand the benefits of a good online bookmarking system. Wherever you go, whatever you’re doing, your bookmarks will be there with you.

For a while now, I’ve been tweaking my own personal bookmarking system with Gmail. If you’re a Gmail lover like I am, setting up filters and labels to tag and handle your bookmarks with Gmail is a nice and simple solution that brings bookmarking to the email client that you already know and love.

Link here.

 

Alex Eckelberry

“It is wrong to spy on people through the products and services they buy.”  —Core principle of CASPIAN.

Katherine Albrecht and Liz McIntrye are waging a war against RFID.  They’ve co-authored a book (“Spychips: How major corporations and government plan to track your every move with RFID”) and started an activist group, Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN).  CASPIAN was originally started to oppose supermarket loyalty cards, but is now into the field of RFID.

They have some pretty interesting stuff on their site about RFID, including a gallery of pictures from a WalMart store showing where RFID chips are implanted on consumer goods; and pictures of RFID implants for people.

An article today from Foster’s Online talks about Katherine’s battle against RFID abuse:

“Unless we do something now, our kids are going to grow up and not even know what privacy is,” said Katherine Albrecht, the founder and president of CASPIAN, or Consumers Against Supermarket Privacy Invasion and Numbering.

Link here via Catherine.  Related story (also through Catherine) on attempts in the New Hampshire legislature to regulate RFIDs here.

 

Alex Eckelberry 

Will your Firewire plug go the way of the old Centronics/IEEE 1284 parallel standards?

Possibly, if you believe the rumours. Since USB 2.0 came out, I suspect there’s not much use seen for IEEE 1394 anymore for mass consumer markets (note I said “mass consumer markets”).  If you’re curious as to how each perform, this fellow did some tests a while back.  

It’s a hugely popular standard in the video world, and apparently Firewire 800 won’t be phased out anytime soon.

From John Murrell:

Seems a mistake to me, but word around the campfire is that Apple is phasing out FireWire as its peripheral standard. The company has already removed FireWire from the iPod. Now comes word that it’s pulled it from its Intel-based iBooks as well.

More here.

Alex Eckelberry

Well, maybe not.  But the gubmint can track your every move through your cellphone, and not everyone likes it.

Most Americans carry cellphones, but many may not know that government agencies can track their movements through the signals emanating from the handset.

In recent years, law enforcement officials have turned to cellular technology as a tool for easily and secretly monitoring the movements of suspects as they occur. But this kind of surveillance – which investigators have been able to conduct with easily obtained court orders – has now come under tougher legal scrutiny.

In the last four months, three federal judges have denied prosecutors the right to get cellphone tracking information from wireless companies without first showing “probable cause” to believe that a crime has been or is being committed. That is the same standard applied to requests for search warrants.

NY Times link here.

Alex Eckelberry

Metrics Direct and 180Solutions (same company) are active in a variety of sports and it’s pleasing to see them enjoying themselves on so many occasions.  

Here’s some pictures of Our Friends at 180Solutions enjoying themselves. 

Baseball!

Football!

Volleyball!

Softball!

More Softball!

More Volleyball!

Flag Football!

More Flag Football!

To quote Juvenal: “But who is to keep guard / Over the guards themselves?”.

 

Alex Eckelberry
(Thanks, Ben)

In case you’re wondering, I had a wee bit of travel this week, and combined with an unusually heavy workload load, I’ve been light on the old blogging.   I actually had someone email me, asking me if I was ok. 

But speaking of travel, we have this little story about the TSA:

About 30,000 airline passengers have discovered since last November that their names were mistakenly matched with those appearing on federal watch lists, a transportation security official said Tuesday.

Link here. 

Alex Eckelberry

I’m going to play with it. However, I doubt anyone can prioritize my email. 

Microsoft Research’s Community Technology presents SNARF, the Social Network and Relationship Finder.

SNARF was built around the notion that social network information that is already available to the computer system can be usefully reflected to the user: a message from a manager might be seen differently than a message from a stranger, for example. SNARF applies this idea to email triage: handling the flow of messages when time is short and mail is long.

Link here. 

And while we’re on the subject of free tools for email, I’ll mention two great ones:  Lookout, the Outlook search tool now owned by Microsoft, is fantastic. Download it here. Another, of course, is my ever-favorite RSS Popper, which brings RSS feeds right into Outlook.

Alex Eckelberry

Starware toolbar installed with no EULA or proper disclosure.

I get a popup at an MP3 site:

I click Download.

Bingo.  It’s installed.  No notice, EULA, nothing.

The Recipe Finder is tied to epicurious.com. 

Tsk tsk.

 

Alex Eckelberry
(Thanks to Patrick Jordan)

That’s how Exxon Mobil referred to Alaskan beaches during the Valdez spill.

It’s a beautiful example of PR spin:  It’s propaganda by the redefinition of words.

For example, in the recent Wired article, we learned that Claria worked hard to re-cast the word “spyware” into the more comfortable “adware”.

Next Claria went to work replacing the pejorative word spyware with the more business-friendly adware. The adware model was already an accepted way for software companies to support otherwise free products – the free version of the Eudora email program, for instance, displays ads in a small window that can’t be closed while the program is in use. Claria execs argued that eWallet was no different. Moreover, they policed the distinction with diligence: Anyone who called the company’s products spyware risked a lawsuit.

Now, 180Solutions is working hard to recast spyawre fighters as “zealot”. 

This is actually fairly routine block-and-tackling type PR, showing the hidden hand of PR professional Sean Sundwall, the ex-Microsoft flack who went to work for 180.  He’s good and although I may not agree with it, I do respect his work.  It’s the work of a professional. 

You see, this recasting allows 180 to marginalize statements made against them by saying “oh, he’s just a zealot”.

I know I am on their PR radar screen because they are now referring to me as a zealot.  From today’s BetaNews, quote by Sean himself:

“Should they be skewered as well? I ask these questions because the mainstream media seem to write everything zealot like Alex say without asking basic questions,” Sundwall told BetaNews.

I am rather flattered, actually. 

But there’s the core definition of PR that one must never forget:  Good works well publicized.

Alex Eckelberry
(Thanks Nate)

Some guy in Chicago is suing Microsoft because of overheating problems.  Link here.

Whatever.  Apparently this is all because the power supply gets hot. 

Solutions:

1. Play with your Xbox outside in the snow.   However, this works if you live in a cold climate near the arctic circle (and hence dark enough during the day to see your monitor). So scratch that idea unless you live north or south of a 60th parallel. 

2. Simpler: Just raise the power supply off of the ground or whatever flat surface it’s lying on.  The simple use of string works just fine.You don’t need to open up anything, just get the power supply in a position where the heat can dissipate in all directions.  

Alex Eckelberry  

GTA: Hey, look, I’m driving over a pedestrian with my new Chevy Malibu and it’s great to be part of the American Revolution!

Tony Hawk: I need to put on Nike SB Classics in order to make this jump!

Will this be our future in video games?

Activision and Nielson issue a joint press release about a study on the effectiveness of advertising in games:

The study confirms earlier findings that product integration helps to drive awareness and recall, but also uncovers a new variable, pervasiveness, which contributes to driving brand awareness as well. Most important, the research shows that the combination of product integration and pervasiveness results in a high degree of persuasion — the willingness of consumers to change their opinions of a brand and/or recommend it to others — and establishes that video games drive persuasion.

Link here.

CIBC posted this in a research note this morning:

Activision and Nielsen (owned by VNU, NV, VNUVY – NR) discussed results of their multi-part in-game advertising study in a press release issued yesterday.  The two companies have set out to develop a standardized set of measurement tools to assess the value of ads in games.  The results point to the fact that video game players are cognizant of advertising and when placed correctly view the realism as additive to the overall game experience.  Activision and Nielsen believe that product integration, coupled with pervasiveness, can help increase the persuasiveness of the advertisement.  The study defines persuasiveness as “the willingness of consumers to change their opinions of a brand and/or recommend it to others.”    

The joint venture is still in the process of developing a unit of measurement.  We believe this is the most critical piece of the puzzle.  Studies have shown that 18-34 year old men spend less time watching television and more time playing video games.  The question that has always lingered is whether these men are actually noticing product placement within the game and whether this has any impact on product perception.  The study results imply that they indeed do.  There are some basic ground rules, however.  Product placement must be relevant to the game and can’t be disruptive to the gaming experience. 

We believe that in-game advertising is a natural part of the industry’s evolution and is indicative of the acceptance of video games as an entertainment medium.  As more and more consumers move from the television towards video games, we believe that advertisers will naturally follow.  In our opinion, in-game advertising will become a powerful alternative revenue stream for video game publishers. 

Alex Eckelberry
(Note — apparently some may have inferred from this post that I support advertising in video games.  I most certainly do not.  I was only quoting CIBC’s research notes.  See comments for more).

 

Blogger has gone kaput..  I have no idea how my last post came out. For all I know, the blog is now an unintelligible mess.  So forgive me if when I get in tomorrow I have to do major surgery.

Alex Eckelberry

The Amazing Racist is a comedian, Ari Shaffir, who goes around acting like a racist, replete with a KKK uniform.  Or, harrasing Mexicans (you can see one of his videos, here—without adware).  

It’s apparently an attempt at humor.  To me, it’s just cruel and tasteless.  

Well, there’s a site dedicated to his works, TheAmazingRacist.net.

You can download these videos at the site:

CLIP #1 – The Amazing Picking up Mexicans/Fake Work!
CLIP #2 – The Amazing Racist as a KKK Member!
CLIP #3 – The Amazing Racist At a Mosque!
CLIP #4 – The Amazing Racist filling up Gas!
CLIP #5 – The Amazing Racist At Making fun of ASIANS!

Note that videos of The Amazing Racist are available freely at places like iFilm.  But if you happen to land on this website, you’ll need to get adware. Because in exchange for watching some of the videos, you need Zango:

While this is not an illegal site, the taste aspect is certainly questionable. This is one of those “long tail” things that 180 talks about. The company is marketing itself to websites that are not part of the mainstream (which is what they mean when they refer to the long tail of the Internet) and a relationship with a site like this, however accidental, is inevitable given their current modus operandi and distribution model. 

At any rate, this site is apparently run by some guy called JordanR, who sets up various sites to generate money through adware installs. And he’s selling this site. 

Revenue details:
Revenue comes from “ZangoCash”. There a “pay per install” company.
You must click ‘continue’ then ‘download & open’ (which installs their toolbar) then the website redirects back to the video page and allows you to watch the video. Zango is not ‘spyware’, but ‘adware’ it installs a toolbar on the computer which shows several popups per day.

The site has the potential for banners/popups/popunders which will definietly increase revenue. (I have never tested any of them)

REVENUE OVERVIEW
– October – $532.42
(Site was not indexed in google until the 17th of october, this is when the revenue jumped from $3 – $10 – $30 – $50+ a day)
Jumped from $3 – $50 / day within JUST 10 DAYS of being Indexed in Google!

– November – 1626.42 $
Jumped from $3 – $60 / day within JUST 10 DAYS of being Indexed in Google!

NOW Revenue is consistent around $65+/day (Has been $48/day 1or2 days or 85+/day 4or5 days)
-PM me for Screenshots (of revenue proof)

Monthly page views: 36,000+ Uniques

Click Paul Laudanski at Castlecops, who has the link.

The indefatigable Eric Howes has a video, here.  The CastleCops forum where this was apparently originally reported, here.

I did not mean for this blog to become so 180–focused as of late.  In fact, I’m really getting sick of writing about this company. It’s just that there’s such a large amount of material that’s been generated recently. I even wrote a big post this weekend that I’m holding off on simply because this blog is in danger of getting 180 fatigue! 

 Alex Eckelberry
(Thanks Adam and Eric)

YouSendIt has been getting lots of good press as a service that allows people to send large files to each other easily.

It’s free. You just can’t send more than a 1 GB file, which is totally fair.  And it’s a legit and decent service. 

Here’s the site: 

But there’s another site, called zango.yousendit.com (Zango is part of 180Solutions).

It’s the same as the normal YouSendIt.  You get to send a file up to 1GB. But in exchange, recipients of your file have to install Zango Search Assistant, which will provide a rich advertising experience like few others.

So apparently if you don’t know enough not to go to the normal YouSendIt site, you might go to this one and get your friends to install Zango Search Assistant.

Is there any value add?  Apparently not.  I mean, if you could send a 20 GB file or something, maybe I could understand the quid-pro-quo. (Update: actually there is a value add—see note at the end of this blog).

Is this what 180Solutions means when we hear this? 

In the new content economy, Smith says, in exchange for highly desired Internet content, such as an online game, we can agree to advertising. On the Internet this translates into what 180Solutions calls “time shifted” pop-up ads that display when you’re searching for information. As with TV, Internet consumers have options too. If you don’t want to trade free content for pop-up advertising, you can pay for content.   Link here. 

 

Alex Eckelberry

12/4 Update: Apparently the difference between Zango’s YouSendIt and the normal YouSendIt is that you can send out 25,000 downloads with Zango’s, as opposed to 25 with YouSendIt.   

12/4 Clarification:  You don’t have to install Zango Search Assistant to send a file.  However, you need to install it to get a file.  Here’s what a screen looks like to a recipient:

So you send some family pics to a friend and then he has to install Zango Search Assistant to get the file.    

I’m sobbing in my grape juice.  Really.  Winston Churchill is now inadvertently helping 180 Solutions. 

180Solutions Keith in the Seattle Bizjournal:

“We had a problem,” he said, referring to the botnets and worms that appeared within the firm’s Zango software. “We screwed up and have worked hard to fix it.” 180Solutions is now working to communicate the results of the firm’s “naivete” through an aggressive public relations campaign based on the exhortations by none other than Winston Churchill.

So here’s where Churchill comes in:

In fact, 180Solutions now follows a public relations mantra inspired by Churchill’s sayings:

1. Accept zealots for what they are: “A fanatic is one who can’t change his mind and won’t change the subject.”

2. Prevent defense is a losing strategy: “An appeaser is one who feeds a crocodile and hopes it will eat him last.”

3. Speak to the right audience: “Never hold discussions with the monkey when the organ grinder is in the room.”

4. Zealots will eventually lose steam: “Nothing in life is so exhilarating as to be shot at without result.”

5. Be proactive/ play offense: “History will be kind to me for I intend to write it.”

My grape juice is becoming pink.

But there’s more in this article.  It’s about 180’s exchange with consumers.

So what is this new “content economy?” The premise is simple when compared with something we’re all familiar with — the tradeoff of free TV for commercial advertising. For example, the cost of a new episode of “Desperate Housewives” each week is the inconvenience of the commercial breaks. If we don’t like commercials, we can opt for premium pay channels

In the new content economy, Smith says, in exchange for highly desired Internet content, such as an online game, we can agree to advertising. On the Internet this translates into what 180Solutions calls “time shifted” pop-up ads that display when you’re searching for information. As with TV, Internet consumers have options too. If you don’t want to trade free content for pop-up advertising, you can pay for content.

Article link here.

Ok, let’s chat about this whole “content exchange/content economy/long tail” stuff. There’s free stuff at Zango.com (a 180 site), like ZangoWeather or some Flash game.  In exchange for these freebies, you get Zango Search Assistant and get a, umm, rich advertising experience. You know, I can almost jive with that.  I can understand it. 

But let’s not forget that a crapload of 180 installs occur on sites that push an install on you that you don’t actually need.

For example, you go to a site and see this in Internet Explorer:

It’s a screen, generated by ZangoCash (a part of 180), that pushes the 180’s Zango Search on you.

That same link in Firefox doesn’t say anything.  As in NOTHING.

So actually, the Internet Explorer user is pushed (and still doesn’t have to do it) into this “content economy” but the Firefox user isn’t. 

Or like this really nasty porn site, where you get the same type of push to install 180Search Assistant. (The images are off, thankfully.  This is really hardcore stuff.):

Lord Winston Churchill, one of the greatest statesmen and leaders who has ever graced this earth. He, who stared down Hitler with a coolness that would make Dirty Harry run for the hills.  He, who led Britain through its darkest hour, with the greatest of purpose and strength, imortalized through these words:

We shall go on to the end, we shall fight in France, we shall fight on the seas and oceans, we shall fight with growing confidence and growing strength in the air, we shall defend our Island, whatever the cost may be, we shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets, we shall fight in the hills; we shall never surrender, and even if, which I do not for a moment believe, this Island or a large part of it were subjugated and starving, then our Empire beyond the seas, armed and guarded by the British Fleet, would carry on the struggle, until, in God’s good time, the New World, with all its power and might, steps forth to the rescue and the liberation of the old.

Well, even he can’t escape 180 Solutions.

Alex Eckelberry
(Thanks Ben)

We’ve just posted an update to iHateSpam 4, our antispam program for Outlook and Outlook Express.

If you run iHateSpam, definitely upgrade to this new version.  The new 4.0.619 has a variety of bug fixes as well as improved spam detection.

You can download it here.  

Alex Eckelberry

 

You gotta read this article in the latest Wired. Warning: You’ll get angry, so if you’re going out with friends and just want to relax, wait until you’re in a mood to be grumpy.

While it’s not perfect, it gives a good view into the world according to Claria.

Back in 2002, Gator was one of the most reviled companies on the Net. Maker of a free app called eWallet, the firm was under fire for distributing what critics called spyware, code that covertly monitors a user’s Web-surfing habits and uploads the data to a remote server. People who downloaded Gator eWallet soon found their screens inundated with pop-up ads ostensibly of interest to them because of Web sites they had visited. Removing eWallet didn’t stop the torrent of pop-ups. Mounting complaints attracted the attention of the Federal Trade Commission. Online publishers sued the company for obscuring their Web sites with pop-ups. In a June 2002 legal brief filed with the lawsuit, attorneys for The Washington Post referred to Gator as a “parasite.” ZDNet called it a “scourge.”

Today Gator, now called Claria, is a rising star. The lawsuits have been settled – with negligible impact on the company’s business – and Claria serves ads for names like JPMorgan Chase, Sony, and Yahoo! The Wall Street Journal praises the company for “making strides in revamping itself.” Earlier this year, The New York Times reported that Microsoft came close to acquiring Claria. Google acknowledges Claria’s technology in recent patent applications. Best of all, government agencies and watchdog groups have given their blessing to the company’s latest product: software that watches everything users do online and transmits their surfing histories to Claria, which uses the data to determine which ads to show them.

Link here.  Oh, and check out Paretologic’s comments, which are good, here.

It’s scary.  And very educational.

Alex Eckelberry