Category: Uncategorized

Orbitz sued for misappropriation of data

Worldspan, a provider of electronic services to travel agencies, is suing  Orbitz for $50 million for breach of contract, including alleged misappropriation of data. 

The lawsuit, filed in the Cook County Circuit Court of Illinois (case number 2006L4255), alleges (among other things) that Orbitz has been “abusing and exceeding” access to Worldspan’s electronic systems by improperly accessing data about seatmaps on certain flights that Orbitz customers were considering booking through Orbitz.

Orbitz also allegedly misappropriated other data gathered by Worldspan, including data related to airline taxes and surcharges in connection with airline tickets, and data providing a comparison of available flight routing options and associated prices. Orbitz then allegedly used this information to process requests from Orbitz’s customers.

This is on the heels of other legal issues for online travel agencies not paying adequate hotel taxes.

Alex Eckelberry
(Thanks David)

IE 7 add-on page

Addons_hdr

From the IE blog:

We’re excited to announce our new site at www.ieaddons.com. The site has two objectives: to make it easier for users to find valuable add-ons and to promote our partners who develop add-ons. On the new site we partnered with CNET to compile an extensive list of add-ons that make browsing with IE more productive, fun and safe. At the same time, we’ve worked to streamline the search and download process, added web feeds for the most popular and newest add-ons, and included editorial and user reviews to provide as much feedback to you as possible before you install an add-on. Customers can access the add-on site from the “Tools” menu and from the “Manage Add-ons” interface..

Link here.

Alex Eckelberry
(Thanks Scott)

Payment at your fingertips – literally

Large retailers like WalMart, Target and Costco are investigating the benefits of using biometrics for customer payments. One of these days soon, you may be able to pay at the checkout counter by inserting a finger into a fingerprint reader, circumventing the need to write a check or carry a credit/debit card around with you (any of which could be lost). Some people see it as an invasion of privacy, while others see it as a way to thwart identity thieves and other fraudsters. For the retailers, transaction costs can be reduced. We can only hope they might pass some of the savings on to us, the customers. Read more about it here.

 

Sunbelt TechTips for the week of April 24

How to enable connections to a SQL server on XP SP2
If you’re trying to use a Windows XP client computer with Service Pack 2 installed to connect to a SQL server, you may find yourself unable to connect. That’s because SP2 automatically turns on the Windows firewall, which by default blocks the ports that SQL uses. You can solve the problem by creating an exception in Windows firewall for SQL. Here’s how:

  • Click Start | Run.
  • In the Run box, type firewall.cpl
  • Click OK
  • In the Windows Firewall dialog box, click the Exceptions tab, then click Add a Program.
  • In the Add Program dialog box, select an instance of SQL Server or browse to its location by clicking the Browse button. For example, the default instance of SQL Server 2000 is stored in Program FilesMicrosoft SQL ServerMssqlBinnSqlservr.exe.

If you’re using Multiprotocol, after creating the exception for each instance of SQL Server, you need to enable ports on the firewall and modify the registry after creating the exceptions. For instructions on how to do so, see KB article 841251 here

How can I get rid of Google search history?
Is there a way to “hide the evidence” of the terms you’ve searched for on Google?  The short answer is yes – but how to do it depends on how you do your Google searches. If you search from the Google web site, the search terms that are saved in the dropdown box aren’t saved by Google itself, but by your Web browser. If you use IE, this is saved as a “form” (like other forms that you fill out on the Web). To get rid of the contents of this drop-down list, do the following:

  • In IE, click the Tools menu and select Internet Options…
  • Click the Contents tab.
  • Click the AutoComplete button.
  • Click the Clear Forms button.

Note that this will clear the autocomplete information saved by all Web forms, not just Google’s.

If you use the Google toolbar on your browser, it’s even easier. Just click the little down arrow on the toolbar right after the Google logo, and click Clear Search History.

How to configure file sharing in Windows XP
You know that you can share your files with other users on the network. But how do you manage different levels of access to your shared folders? And what are some of the problems that crop up with file sharing and how can you fix them? KB article 304040 explains how to use the Simple File Sharing interface, how to turn simple file sharing off, provides some guidelines for sharing files and tells you how to troubleshoot known problems. Link here.

How to perform a clean reboot so automatic services won’t interfere with games
Gamers may find that some of the programs Windows automatically starts when you boot up normally can interfere with certain games such as Flight Simulator, Halo, Age of Mythology and others. You can do a “clean reboot” that only loads basic services and devices by following the instructions in KB article 331796 here.

XP stops responding if you install Service Pack 2
Service Pack 2 has been out there for a while now, but if you haven’t yet done the upgrade, take note of this if your computer uses a VIA processor. Some models of this processor cause XP to hang up with a “Please wait …” message when you install Windows XP with SP2 or upgrade to SP2. There are workarounds; one of them involves editing the registry so be sure and back it up first. The instructions for both workarounds are in KB article 893356 here.

Computer hangs if maximum log file size is set incorrectly
If you change the maximum log size settings to their maximum and don’t apply the changes correctly, the log files can get too big, resulting in the use of too much memory which causes the system to hang. For instructions on how to set the log files correctly, and what to do if this happens to you, see KB article 329095 here.   

Deb Shinder

And more security scam hijack sites

From our dear friend “Alexander Morozov”.  Block away.

arcyp(dot)com
jadfair(dot)com
nisiet(dot)com
phbrink(dot)com
watcomm(dot)com
campco(dot)net
lipreferred(dot)com
mega-chem(dot)com
vrstandard(dot)com
accessibletransport(dot)com
halloweenoutreach(dot)com
hangerhandler(dot)com
hargraveranch(dot)com
daphna-jewels(dot)com
smart4all(dot)com
westtexasonline(dot)org
handwave(dot)com
tidelinecharter(dot)com
fotosansimon(dot)com
jimuldoons(dot)com
webtendency(dot)com
gonzales-ca(dot)com
3dme(dot)com
agrivir(dot)com
legacyart(dot)com
modereko(dot)com
fanatticrecords(dot)com
hclperot(dot)com
kiddefender(dot)com
kotanikinya(dot)com
www(dot)arcyp(dot)com
www(dot)jadfair(dot)com
www(dot)nisiet(dot)com
www(dot)phbrink(dot)com
www(dot)watcomm(dot)com

Registrant:
Morozov, Alexander
  Capital Collect Services, LLC
  2505 Main Street, suite 231
  For 7539381
  Stratford, CT 06615
  US

Patrick Jordan and Adam Thomas

If you’re paranoid, Skype might be your best bet

Worried that someone may be eavesdropping on your phone calls? Landlines and cell phones can easily be wiretapped. Some Voice over IP transmissions can be intercepted. But it appears Skype-to-Skype calls may be the most secure means of voice communication, since they’re encrypted with 256 bit keys. This is a good thing for privacy advocates, but may not sit as well with government and law enforcement agents, who see it as an opportunity for terrorists and other criminals to go undetected. Read more here.

Skype was one of the first popular computer-based VoIP services. It’s now owned by eBay, and it allows you to make free voice calls and send Instant Messages from your computer to another computer. You can also pay a per-minute fee to make calls to regular landline phone numbers and cell phones through a service called SkypeOut. And there’s also a service called SkypeIn, where you’re assigned a regular phone number for your Skype account so people can call you from landlines and cell phones. You have to download and install the Skype program, which is available for Windows, Macintosh OS X, Linux and even Pocket PC. You can get the software here.

According to this article, Skype calls are impossible – or at least very difficult – to eavesdrop on (this doesn’t apply when you use Skype to call landlines and mobile phones because the call can be intercepted when it enters the regular or wireless phone system).

Skype uses 256 bit AES encryption, a U.S. government standard, and uses 1024 bit RSA to negotiate the AES keys. But does NSA have a “backdoor” into AES? Some folks think so although there’s no real proof. The ACLU published this interesting article about what the NSA may be able to do; although it doesn’t specifically mention the encryption schemes they can crack, it offers insight into their data mining practices here.

Up until the late 1990s, there were strict laws in the U.S. controlling the export of encryption software to other countries. This software was actually classified as “munitions.” Use of encryption never really caught on with regular computer users, in part because it required installation extra software such as Pretty Good Privacy (PGP) and in part because encrypting your data was seen to call more attention to it, providing a red flag to the government and others that there must be something “juicy” involved.

It’s not just the encrypted nature of the calls that could make Skype attractive to criminal types. As with most VoIP services, you can get phone numbers in any area code no matter where you actually live. So you might live in New York and have a phone number with a San Francisco area code, making it more difficult to determine where you really are. And of course, you can use that number when you’re traveling, from many different places.

In fact, the problem is that just about anything that provides privacy for regular folks also helps the bad guys conceal what they’re doing. And that’s resulting in a lot of laws that are stripping us all of the last remnants of privacy that we had – and that’s not just a matter of concern for those with something to hide. It subjects us all to the risk of identity theft.

For example, we have always used our PO box for credit card correspondence to prevent the possibility of thieves stealing our mail from the curbside box and getting our credit card information from statements or sending in responses to the free offers of new cards without our knowledge. We recently closed our PO box 20 miles away (near our old residence) and opened a new one close to where we live now. But when we went to change the address with our credit card company, they wouldn’t accept a P.O. box. Supposedly this is because of Patriot Act requirements. Now I don’t mind giving them my street address for their records (well, okay, I do mind because of the many times companies have had this sort of customer information hacked, but I understand it). However, to not allow us to have a separate mailing address is ridiculous – and we’re canceling that card because of that, along with the fact that they send us “blank checks” several times a month that anyone could fill in to charge to our card. We have a credit card with another company (AAA) that does allow us to use a mailing address.

This is just one example of how new laws are eroding our privacy. Will Skype be outlawed – or forced to change its technology so messages aren’t encrypted – in the name of fighting terrorism? We’ve got to wonder.

What do you think? Much ado about nothing, or are the current trends dangerous to our well-being? Should we crack back down on the export of encryption, or is that futile since many of those plotting against us may be inside our own borders? When you make a phone call, does it matter to you if the NSA is listening, or do you figure it’s worth the sacrifice of a little privacy if it helps prevent further terrorist attacks or catches a drug dealer?

Deb Shinder

Netword classification

The Netword Agent (netword.com) is a browser toolbar and add-on that enables users to perform searches on keywords (“networds”) either through the toolbar itself or the browser URL address bar. Although users can define their own “networds” or “keywords” (which are then used as an alternative form of bookmarks), the search results returned for most “networds” are, in fact, paid-for advertising of one sort or another.

The company had approached us about our listing of their product in our CounterSpy database.  Subsquently, we performed an exhaustive review of the product and the company’s practices and as a result, we will be changing the product’s classification from “Adware” to “Low Risk Adware,” and will be changing the default action presented to users from “Quarantine” to “Ignore.” This ensures that although CounterSpy will still detect Netword, users must affirmatively elect to let CounterSpy remove the program by changing the action themselves from “Ignore” to “Quarantine” or “Remove.”

We have elected to continue detecting the application because of concerns surrounding the inadequate disclosure of the advertising functionality of the program. See our report here  for more details.

Alex Eckelberry

Fake Microsoft Lottery

What chutzpah but this fake lottery is almost humorous.  From a spam email received today:

FROM THE VICE PRESIDENT
MICROSOFT LOTTERY INTERNATIONAL
PROMOTIONS PRIZE AWARD
REF Nº: MIC25003189SP05
BATCH Nº:1007581906

ATTN WINNER, 

We wish to congratulate you over your success in our MICROSOFT LOTTERY INTERNATIONAL WORLD GAMING BOARD computer balloting Sweep stake held on the 15Th April 2006. This is a Millennium scientific computer games lottery in which email addresses were used. It is a promotional program aimed at encouraging Internet users; therefore you do not need to buy ticket to enter for this draws.

Your email address name attached to a ticket number 042091690 with serial number 932306 drew the lucky numbers 82148814575 which consequently won the lottery in the 1st category. You have therefore been approved for a lump sum payout of
THREE HUNDRED AND FIFTY THOUSAND EUROS ONLY (350,000.00 Euros) this is from total prize money of 1,000,000.00 Euros distributed to winners from 1st to 3rd and consolation awards categories.

CONGRATULATIONS:
Your fund is now deposited with our correspondence Bank .Due to mix up of some numbers and names, we ask that you keep your winning information confidential until your claims has been processed and your money Remitted to you. This is part of our security protocol to avoid double claiming and unwarranted abuse of this program by some participants. All participants were selected through a computer ballot system drawn from Microsoft users from over 20,000 company, and 3,000,000 individual email addresses and names from all over the world. this promotional program takes place every three years.

To begin your claim please contact your claim agent Mr. David Lopez For processing and remittance of your prize fund into your designated bank account.

LIBERTY SEGUROS COMPANY
Contact person: Mr. David Lopez
(Legal Department Officer)
Email: legaldepliberty@netscape.net
Tel: 0034 676799031
Madrid Spain

Note: All prize funds must be claimed before the 8Th of May 2006 after this date all funds will be returned to the MINISTERIO DE ECONOMIA Y HACIENDA as unclaimed. In order to avoid unnecessary delays and complications, please endeavor to quote your reference and batch numbers in every correspondence with us to your claim agent. Furthermore, should there be any change in your address do inform your claim agent as soon as possible. Congratulation once again from all members of our staff and thank you for being part of our promotion program.

Yours Sincerely,
Sandra Garcia
Vice President,
MICROSOFT LOTTERY INTERNATIONAL

NOTE; ONLY REPLY TO YOUR CLAIMS COORDINATOR TO CLAIM YOUR CASH PRIZE.

There’s a sucker born every minute…

 

Happy fun exploit party

There are a number of sites out there using a large number of different exploits to install malware on system.  

For example, one site that masquerades as the Red Cross installs nasty malware using one of the following exploits:

MS03-11
MS04-013
MS05-002
MS05-054
MFSA2005-50  (Firefox vulnerability)
MS06-006

You can see a screen shot of the admin console with the success by exploit:

Exploitpent1212387

There are other similar consoles we ran across as well showing similar types of statistics.

This site claims exploit efficiency of 7%, a number that’s not trivial. Even unpatched Firefox are getting hit here.

Just a reminder that just because you use Firefox, you still need to keep updated with the latest patches.  And as far as running IE, well, you know what you need to do. 

More detailed stats are available here (pdf), from the same page.

Alex Eckelberry
(Thanks for the tip from some French friends)

Microsoft will patch the patch

Microsoft will re-engineer the patch that’s been causing some difficulties.

From the Stephen Toulouse:

So what we have done is re-engineered the MS06-015 update to avoid the conflict altogether with the older Hewlett Packard and NVIDIA software. We’re going to run a test pass on it and we will release this new update on Tuesday, April 25th.  What the new update essentially does is simply add the affected third party software to an “exception list” so that the problem does not occur.  The revised update automates the manual registry key fix.  

I want to be real clear about that.  When the update is re-released, it’s going to be very much targeted to people who are having the problem, or people who have not installed MS06-015 yet.  That means if you have already installed MS06-015 and are not having the problem, there’s no action here for you.  Windows Update, Microsoft Update, and Automatic Update will have detection logic built into them to only offer the revised update (which essentially includes the reg key fix) to those customers who either don’t have MS06-015 or are having the problem. [My emphasis].

Link here via Ferg.

Separately, I saw this last night:

Microsoft released today thru their Download Center the Compatibility Patch for Internet Explorer (KB917425)

Do not install that compatibility patch if you are not experiencing problem in your Internet Explorer *after* installing the Microsoft Security Bulletion – MS06-013: Cumulative security update for Internet Explorer which was released last Patch Tuesday – April, 11, 2006 because… the said compatibility patch was made available only for “customers who have experienced compatibility issues and who require more time to test/update websites and programs that are impacted by the IE Active X update.”

That means if you have already installed MS06-015 and are not having the problem, there’s no action here for you.

Link here

So. one fix will be coming out on Tuesday (I’ve got an email into Microsoft get a little more data).  And there’s one right now for people who are experiencing issues with the Active X update.

And then just to add spice to the whole mix, Microsoft is investigating problems the patch may have had on some Outlook Express users.

I do hope that people aren’t holding off on the implementing the April 11 patch because of fears that it will cause harm to their system.  The createTextRange() zero day exploit is still a potential threat out there.  Correction: To be clear, MS06-015 does not address the createTextRange vuln.  That bulletin is MS06-013

 

Alex Eckelberry

Sad

Google had a beautiful logo this morning, which looked like this:

Google1230123123

Here at Sunbelt, one person sent a group email wondering what it was.  Someone else explained that it was dedicated to the birthday of Joan Miró.

It is so cool for a company to change their logo to commemorate the birthday of an artist who is not even known to most of the world (yes, he’s famous in art circles, but do you think the average person on the street would know who Joan Miró is?  Well, many do now).

What a good thing Google did today.  A lot of people learned a little more today about art, and a lot of people were introduced to a great artist of this century.  And that, I believe, is a good thing.

Anyway, some guy called Theodore Feder, who runs the Artists Rights Society, demanded that Google take the logo down. According to a story in the Merc (via techdirt):

“There are underlying copyrights to the works of Miro, and they are putting it up without having the rights,” said Theodore Feder, president of Artists Rights Society.

So Google complied and yanked the logo.

This begs the question:  If, as an artist, I were to be inspired by the style of Joan Miro, would I suddenly be in trouble?  It seems pretty clear to me that they didn’t steal his art.   (If you want to see what his art looked like, you can click here, or do a Google image search.)  But it just seems to me to be a representation of his art by a Google artist (granted, a very good representation of Joan Miró’s art).

So, is this an abuse of copyright law?  Or is Theodore Feder right?   Did Google go too far? 

What about the benefits of spreading a bit more art and life into an Internet bombarded with crap and incessant ads for cars, dating sites and casinos — while respecting a great artist of our time?

Alex Eckelberry

Micheal Miller pulls no punches

Michael Miller, PC Mag’s editorial leader, writes a hard-hitting editorial on the state of security products.

All of you have reason to worry about the prospect of Microsoft entering the security market this summer with a new service called OneCare. But you’re focused on the wrong problem. Instead of focusing on Microsoft, you need to take a good hard look at the effectiveness of your own wares. I’ve talked with a lot of computer users lately, and the conclusion is inescapable: Your products just aren’t good enough.

Link here via Catherine.

He’s spot-on. It’s an excellent read.  And a wake-up call to the industry.

 

Alex Eckelberry

Is MyGeek.com helping a security scammer?

MyGeek.com is a third party ad network that has had a business relationship with Direct Revenue (also, a press release last year announcing a “Strategic Partnership”. 

Mygeek.com hosts a site called cpvfeed.com (66.179.234.169). CPV stands for “Cost Per View”, something MyGeek is into.

Take a look at this google search. 

Mygeekcpv2q90842

If you click on that link (which you shouldn’t do), you get this odd page:

Cpvfeed123108sad

Clicking on OK gets you to this bogus security site:

Cvpprotection132123123

Why is this relevant?  A big thing about Mygeek is keyword advertising.  If there are keywords purchased by this company for things like “virus”, “spyware”, etc…. well, you get the idea.  

 

Alex Eckelberry 

Behind the scenes

I have a completely eclectic bunch of brothers.  One of them does the market. Another is an architect.  Another is a high tech marketing consultant. And another is a film director, and was recently working on the film The Mirror.  He just forwarded a link to an unofficial (and irreverent) behind-the-scenes video. 

He’s the guy with the hat (true, he may have gotten the bad genes, but we don’t hold it against him).

Stephen213408123123123

Link here.

Alex Eckelberry