Month: May 2006

Their site just went up, with this message:

The Blue Independence War

Today is Israel’s Independence Day. It’s a public holiday in Israel, but all of us in Blue Security are working. But we are glad we’re working. We’re helping the community fight the Blue Independence War. We fight for our freedom from spammers and cyber criminals. This is our big chance to reclaim the Internet. We must not let it slip from our hands.

Some desperate spammers are doing its worst to harm our community. They’d like us to back off, and agree to get their spam silently. Needless to say, that is not going to happen. We’re not here to listen to their vile threats and fraudulent advertisements…

You may still be able to get the whole post, here.

Alex Eckelberry

Blog reader Stan posted a comment on my earlier blog on BlueSecurity with an interesting article as to how the service works.  Link here.

Alex Eckelberry

BlueSecurity makes an antispam product called Blue Frog.   Their antispam method involves creating a sort of “Do Not Spam” registry.  As part of this service, they contact spammers to get you off their lists.  I have no idea how the product works, since I’ve never used their application (and can’t as the site is down).  And it seems to be popular.

However, BlueSecurity has apparently made some spammers quite grumpy.  Yesterday, blog reader László Stadler started forwarding me some baffling spams.  Here’s an excerpt of one:

Today, the BlueSecurity database became known to the worst spammers worldwide. Within 48 hours, the database will be published on the Internet, and your email address will be open to them all. After this, you will see the spam sent to your mailbox increase 10 – 20 fold.

BlueSecurity was illegally attacking email marketers, and doing so with your help. Many websites have been targeted and hit, including non-spam sites. BlueSecurity’s software has been fully analyzed, and contains an abundance of malicious code. This includes: ability to send mass mail to users; the ability to attack websites with Distributed Denial of Service attack (DDoS); the ability to open hidden doors on any machine on which it is running; and a hidden auto-update code function, which can install anything on your computer and open it up to anyone.

You can view the different spams here, here and here.  And Wired had an article today on the situation. 

I contacted BlueSecurity about this yesterday and got this reply from Eran:

Hi Alex
You can keep this mail as a collector’s item 🙂
As you may already know, many spammers had already listened to the voice of reason and chose comply with the Registry (see our recent blog posts at http://community.bluesecurity.com for more details). We already have 6 of the top 10 spammers, responsible for over 25% of world spam (over 50% of illegal spam), either complying or approach us to start the process of compliance.

This one is trying another approach – something we expected to happen as some spammers may choose to try and avoid removing our members’ addresses from their lists.Our recent successes with some of the world’s top spammers had probably caused other spammers to panic. This particular spammer is using mailing lists he already owns that contain your email address and is now sending such messages to everyone on his list. 

Sorry for the inconvenience,

Now the BlueSecurity site appears to have been a victim of  DoS attack.  It is unavailable.

Curious, I tried to test the application.  But since the site is down, I can’t get registered to the service.

Any ideas out there as to what is going on?

Alex Eckelberry
(Thanks Ferg for the Wired link)

Update:  More here and here.

There’s been this rash of really irritating image spam lately, difficult for spam filters to catch because of its nature. 

For example, if you look at this spam:

and view the HTML source, you see the following:

<!DOCTYPE HTML PUBLIC “-//W3C//DTD HTML 4.0 Transitional//EN”>
<HTML><HEAD>
<META content=”MSHTML 6.00.2800.1106″ name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2><IMG alt=”” hspace=0
src=”cid:000001c66dfc$24202377$7a47e8c8@legunj.hqyivu”
align=baseline
border=0></FONT></DIV>
</BODY></HTML>

Not necessarily a lot for a spam filter to go off of, unless you simply want to ban HTML emails (not entirely practical for most…).

So, we are killing it with a regex expression in our Ninja messaging security product, which looks like this:

^s*?<!doctypes+?htmls+?publics+?”[^”]+?”s*?>s*?<html>s*?<head>s*?<metas+?[^>]*?contents*?=s*?([“‘])[^1]*?1s*?names*?=s*?[“‘]?GENERATOR[“‘]?s*?>s*?<style[^>]*?>.*?</styles*?>s*?</heads*?>s*?<bodys+?bgColors*?=s*?S{7,7}s*?>s*?<div[^>]*?>.*?<fonts+?faces*?=s*?arials+?sizes*?=s*?2*?>[^<]*?<imgs+?alts*?=s*?([“‘])2s+?hspaces*?=s*?0s+?srcs*?=s*?([“‘])cid:[^@]{30,30}@[^3]*?3s+?aligns*?=s*?baselines+?borders*?=s*?0>s*?</font>s*?</div>s*?</body>s*?</html>s*?$

Alex Eckelberry

People have been asking why, all of a sudden, they can’t go to a web site with Internet Explorer unless they type in the full address (with the “http” in front) — when normally they could just just type www.whateverdomainname.com and IE would put in the “http” part.  

This is one of the most commonly reported problems caused by the update referenced in Microsoft security bulletin MS06-015.

There’s a registry edit that will fix it; you’ll find instructions here, along with a list of the various problems the patch causes.

Also, Microsoft has re-released the patch that is causing these problems. It’s been completely re-engineered; the new update should be installed automatically if your system is set to use the automatic update service. You can read more here.

Deb Shinder

How to prevent XP from creating a bridge between networks
Windows XP has a feature called network bridging that allows you to connect two networks together. If you attach two networks to your computer (for instance, you have a wired Ethernet adapter and a wireless network adapter installed on the computer), by default XP will bridge the networks so you can access one from the other. This is convenient but less secure, so you may want to prevent bridging. Here’s how:

1. When you run the Network Setup Wizard, you’ll get a message that your computer has multiple connections. Click “Let me choose the connections to my network.”
2. Click Next.
3. In the “Select the connections to bridge” dialog box, uncheck the boxes for all but one of the listed network adapters.
4. Click Next and finish the wizard. A bridge will not be created.

Update:  See this comment for more information.

How to change the location for Office source files
If you installed Microsoft Office from a share on a network server instead of a local installation CD, the path from which you installed will be remembered and this is the location Office will look for source files if you later need to do a repair or reinstallation or add a feature that you didn’t originally install. If the source files have moved or that server is down, you’ll get an error message when you try to perform any of those operations. If the Office source files are at another network location now, you can change the path. Here’s how:

1. On the client machine, log in as an administrator.
2. Click Start | Run.
3. In the Open box, enter: MSIEXEC /i admin pathMSI file REINSTALL=ALL REINSTALLMODE=vomus /qb
4. Click OK.

Note: “admin path” is the full path where the new installation source files are located. “MSI file” is the Windows installer file for Office. It’s also possible to do this programmatically. For information, click here. 

What is svchost.exe, anyway?
If you’ve ever taken a look at the running processes tab in your XP Task Manager (or better yet, use Sysinternals Process Explorer), you’ve probably seen at least one instance of a process called svchost.exe. Sometimes there’ll be several running at once. What is it and what does it do? If you always wondered, wonder no more. Instead, go to KB article 314056 and read “A description of Svchost.exe in Windows XP Pro.”

Temporarily deactivate the kernel mode filter driver
To help you troubleshoot certain file-related problems such as problems copying or backing up files, or program errors that happen when you work with files from network drives, you may need to deactivate XP’s filter driver that runs in kernel mode. Note that this should be done only temporarily, because it loosens security and makes you more vulnerable to attack. For more information and instructions on how to disable the filter drivers, see KB article 816071.

USB devices don’t work after restart
If you have one or more USB devices attached to the USB port or a USB hub attached to your XP computer, you might find that some or all of the devices don’t work after you restart the computer and you don’t get any kind of error message. This can happen when the device(s) need more power than the USB port/hub can provide. For some tips on how to correct the problem, see KB article 885624.

Deb Shinder

Last week, I discussed the ongoing dilemma of how to keep your private communications private, and how the Skype VoIP service may offer some protection in a world where regular phone calls can be easily wiretapped. Many of emailed me to offer your opinions and experiences.

Some of you see government monitoring of our email, phone calls and other communications as a necessary evil for the safety of the population as a whole. Rick B. said “as with all laws the few that need the control of law force the rest of us to live in a more controlled environment than we would otherwise desire.” Others, such as Jeff B., agree with Thomas Jefferson’s statement that “I would rather be exposed to the inconveniences attending too much liberty than those attending too small a degree of it.”

Cliff G. echoed the opinion of several of you, saying “Somehow I doubt that the NSA is wasting their time on my banal communications, and if they are I really don’t care what they think of my personal ramblings. The more paranoid — and grandiose — may nurture such fantasies of self-importance.” And Ernie J. said, “First of all, we need to understand that NSA is not listening to all phone calls but just ones to or from potential bad guys or countries. Secondly, I think it’s worth a sacrifice of complete privacy in order to prevent terrorist attacks.”

On the other hand, the majority who wrote (about 2/3) agreed with Sean T. that the pendulum has swung too far towards removing privacy in the name of the war against terrorism. He said, “The “War on Terror” is a real thing, but our politicians seem to go for the easy solution or fail to think through the consequences of poorly written laws (DCMA and Patriot come immediately to mind).”

Lionel T. said “I don’t care if the the government wants to listen to my calls to my children, however if I am willing to pay for a service that keeps those calls private then they should be. If the government wants to listen then should have good reason and can articulate that in a warrant.” And Becky C. summed it up thusly: “Good men are doing nothing and evil is starting to triumph by eroding our rights. Shame on us for allowing it.” 

Deb Shinder

In the Brave New World of many of numerous science fiction stories, a totalitarian world-wide government uses implanted microchips to control the minutia of its citizens’ lives. Twenty-five years ago, the theme made for entertaining, if somewhat far-fetched sci-fi. Today it doesn’t seem that far-fetched at all.

The technology is certainly here. Chips are routinely implanted in animals for various purposes. RFID (radio frequency identification) tags are placed in the ears of livestock so farmers can know which cattle are theirs, replacing traditional methods of branding. Veterinarians offer products such as HomeAgain and 24PetWatch, chips that can be implanted in pets to store owner identification, medical information, etc. 

In 2004, it was reported that a number of government officials in Mexico, including the Attorney General, had been implanted with microchips that function much like electronic keycards to allow access to secure areas. The difference is that you can’t forget or misplace this key, and it would be difficult (although not impossible) for someone to steal it.

That was also the year the Food and Drug Administration approved the use of RFID chips by hospitals to identify patients.

Then in 2005, Tommy Thompson, the governor of Wisconsin and former U.S. Security of Health and Human Services, announced that he was having an RFID chip injected into his arm to provide quick access to his medical history and records. Although this announcement made big news, we’ve not been able to find verification that he ever went through with the procedure.

This year, “chipping” made the news again when a company in Ohio used RFID chips implanted in workers to control access to certain rooms. The company’s CEO said the chips are no different from ID cards.

A number of bars and private clubs, in places as diverse as Barcelona, Spain and Glascow, Scotland have offered to let customers pay their tabs via an implanted RFID tag.

Most of these examples have used chips marketed by VeriChip, a Florida company that makes the chips, which are about the same size as a grain of rice and can be easily injected under the skin, usually into the fatty tissues of an arm or leg. It’s a safe medical procedure, done with only local anesthetic. They push the chips as a solution to problems ranging from lost dogs to kidnapped children to wandering Alzheimer’s victims.

The technology being used for these applications is a “passive” one – that is, the chip just stores information and transmits it over a short range (a few meters). To access it, you need a special scanner. The next logical step is a more active chip that can transmit over longer distances. Some chips can be tracked by satellite, and some companies have announced plans to incorporate a Global Positioning Satellite (GPS) transmitter into implanted chips, which would allow for the implanted person to be tracked wherever they go in the world. Chips could also record a person’s movements and activities and store the log on the chip itself or send it to a monitoring station.

Certainly this technology could offer lots of advantages. As an access control method, it would be much harder to tamper with or steal than keys, passwords, smart cards and the like. It’s cheaper than biometrics. As a medical information store, it could provide emergency workers with instantaneous, valuable information about a person’s health history that might save lives. As a law enforcement aid, it could prove or disapprove the whereabouts of accused persons. It could also make it much easier to keep track of (and thus keep safe) animals, children and mentally disabled people.

But where does it stop? How much of a step is it from allowing parents and pet owners to keep tabs on their charges to allowing employers to keep track of their workers and then to allowing governments to keep track of all of us, all the time? Of course it will happen in increments. Who’s going to argue with implanting a tracking chip in a sex offender who’s been released from prison? Or implanting chips in soldiers going to war, so they can be more easily located if they’re wounded? Or in children, for their own safety? And so forth.

As chips become more widely used for these noble purposes, they’ll also become more accepted by the public. Employers can require implanted chips that act as time cards, logging when workers start and stop work. Who could object? After all, it’s voluntary; if you don’t like it you can work somewhere else – at least until all companies are routinely using this method. Chips could also replace passports. Again, you don’t have to get one if you don’t want to leave the country. Except that if it works for passports, it will probably soon be extended to drivers’s licenses. I guess you can just not drive, but we all know we’re headed toward requirement of a national ID card. Having that info “chipped” will probably be voluntary. In the beginning. But if national security is at stake …

The problem is that it’s hard to make a case that chips are bad. Like any technology, they can be used for good or evil. Here are some of the uses (many of them commendable) that were proposed by Digital Angel, a company that makes RFID and GPS implants for pets, fish and livestock.

However, the idea of such technology in the hands of government makes many privacy advocates very nervous – especially in conjunction with other political and social trends. For instance, most babies are born in hospitals today, and all children are required to have immunizations before attending schools. Since the implant procedure is a simple injection, it would be very easy for health care personnel to implant chips immediately after birth or in early childhood without the recipient even knowing it was being done. And with many in the U.S. advocating government takeover of the healthcare system (and nationalized healthcare already in place in many countries), well, you can see where this could go.

Chips could also be used to further political agendas. Conrad Chase, director of the Barcelona nightclub that uses the VeriChip payment system, has been quoted as saying all gun owners should be required to have a microchip implanted in their hands to own a gun. A “smart gun” could be designed so that it wouldn’t fire unless in the hands of someone with a chip. This could give the government almost complete control over who does or doesn’t have the ability to ability to defend themselves with a firearm. On the other side of the aisle, the Patriot Act gives the government broad powers that bother many people, such as the ability to access library records. If an implanted chip were required to check out library books, that information would be much easier to obtain as it would always be with the individual.

In response to all this, some lawmakers are trying to ameliorate the possible damage. A state representative in Wisconsin has introduced a bill that would prohibit requiring anyone to have a chip implanted or doing it without their knowledge.

What do you think? Do the benefits of implanted chips outweigh the dangers? Are implants okay for kids, animals, and the elderly? Should implants always be voluntary or is it fine to mandate chips for prisoners and parolees? Should implanted chips be banned by the FDA? Should be government have control over implants? Under what circumstances – if any – would you have yourself implanted?

Deb Shinder