The Legacy Sunbelt Software Blog
The Great Years: 2004-2010
Good read by Marissa Mayer, the keeper of the Google homepage.
Marissa Mayer, who keeps Google’s home page pure, understands that less is more. Other tech companies are starting to get it, too. Here’s why making things simple is the new competitive advantage.
Link here.
Alex Eckelberry
(Thanks Riggs)
Digital analyst Phil Leigh interviews Yankee Group Senior Analyst Mike Goodman:
Our guest [Goodman] believes that even though the record labels have been wining all the legal battles, they are badly losing the war. It’s not even close. They could be headed for extinction if the Internet becomes the vehicle for both promotion and distribution.
Will suing individual P2P users significantly curtail illicit file trading?
No. P2P usage is up. There are too many networks. It will be like online gambling. They (the P2P guys) will find, and operate out of, the political jurisdictions that will tolerate them.
Will copy protecting CDs work?
No. They will all be hacked. Even if they are not, they must permit at least one instance of ripping to the PC. Once that is done the consumer has a dot-MP3 copy that can be replicated infinitely and the genie is out of the bottle. The consumer will not buy a CD if it can only be ripped into a proprietary format that will not play in her primary music player, which is increasingly iTunes.
Is TiVo’s plan to port programming to the iPod Video and Sony PSP significant?
The implications are hugely important. TiVo-To-Go essentially makes all television programming available on the iPod, as well as the PSP and laptop computers.
You can hear the interview here.
Alex Eckelberry
Accoona, makers of a browser toolbar, sent us a nasty letter.
The lawyers state this:
…You falsely claim that the Acoona [sic] software is a “type of threat” that is “more along the lines of commercial type adware that offer[s] a premium service in exchange for tracking your user online performance.” The Acoona [sic] software currently availble at Accoona.com is not “adware” and it does not “track[] [] user online performance”.
Well, actually what we say is this:
Moderate threats may profile users online habits or broadcast data back to a server with ‘opt-out’ permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance.
Description: The ACCOONA Toolbar is a Internet Explorer toolbar that is bundled and installed with other programs.
The ACCOONA Toolbar is bundled and installed with programs such as screen savers and desktop themes which target children. Earlier versions of the ACCOONA Toolbar were purportedly difficult to remove.
As usual, we scratch our heads as to why companies need to send us legal threats when a simple email suffices. Truly. We even have a nice little submission area for these types of things.
Oh—that’s right, it’s the holidays and we all need to support lawyers in their time of need.
At any rate, we’ll pass this on to our high-priced lawyers and go through our usual process.
Alex Eckelberry
Recently, Microsoft listed a new exploit, IE Javascript Window() Remote Code Execution. eWeek discusses it here. CNET raises threat level here.
Take heed. This exploit attacks fully patched Windows XP systems and is quite nasty. The exploit looks something like this:
Monday, Sunbelt spyware researchers Patrick Jordan and Adam Thomas saw the first such instant of this exploit being used in the wild to download some really ugly spyware (we held off publishing the details of this exploit until after we gave Microsoft security researchers a full debriefing).
However, we are only seeing it in a limited number of very nasty spyware sites (professional researchers requiring more info can contact me).
We did a quick check with McAfee (JS/Exploit-BO.gen) and Kasperksy (Exploit.JS.CVE-2005-1790) and both detect this exploit. We haven’t checked other AV engines yet but I assume that most have detections for it. Obviously, having updated AV definitions is a must.
Another way you can secure yourself against this nasty is to turn off Active Scripting in the Internet Zone:
So here, in all its glory, is a real live nasty spyware infestation occurring on a Windows XP SP 2 system. I simply went to the site and was off to the races.
(Sorry for the edits, but the content of this page is pretty raunchy).
At any rate, it’s now confirmed, in the wild and two things MUST happen:
1. Microsoft must patch exploit immediately.
2. Get your security essentials in — at the very least an AV product. Tight on cash? Read my article, Security on the Cheap, here.
Alex Eckelberry
I read this story earlier, shook my head and moved on. Then I saw that competitor Richard Steinon had blogged on this one and figured I’d step in and agree with him (fancy that). He think it’s bunk.
Here’s the silly story:
Global cyber-crime generated a higher turnover than drug trafficking in 2004 and is set to grow even further with the wider use of technology in developing countries, a top expert said on Monday.
No country is immune from cyber-crime, which includes corporate espionage, child pornography, stock manipulation, extortion and piracy, said Valerie McNiven, who advises the U.S. Treasury on cyber-crime.
“Last year was the first year that proceeds from cyber-crime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion,” McNiven told Reuters.
Link here.
There’s even a reference to “human trafficking”. Woah.
We really need some facts here to understand what exactly is being lobbed into “Cybercrime”.
Meanwhile, the REAL news that November was the 194th anniversary of the Luddite uprisings, and my subsequent proclamation that November was to be National Luddite Remembrance Month was completely ignored by all.
It’s ok. I’m ok. I just need some time.
Alex Eckelberry
WhenU is making a move into comparison shopping, a market that is currently being served with products like SideStep and Dealio. The new versions of WhenU Save and sister product SaveNow incorporate the company’s new TrueRelevance technology, which provides shopping comparisons.
From WhenU:
A consumer that has WhenU Save with TrueRelevance™ installed who views a Web page describing a particular product or service for sale may instantly receive competitive offers from other merchants for the exact same product or service, saving both time and money. If the same consumer shops for airline tickets, TrueRelevance technology enables WhenU to offer instant, one-click access to other available flights to the consumer’s chosen destination on the same date that may prove less expensive or more convenient.
Alex Eckelberry
Yet Sony has.
You know you’re in for a bad day when Eliot Spitzer starts issuing statements about your company. Which is precisely the situation Sony finds itself in today. The New York Attorney General has finally caught wind of the company’s digital rights management misstep and has begun looking into it. BusinessWeek reports that Spitzer’s office dispatched investigators, who, posing as customers, were able to purchase affected CDs in New York music retail outlets long after Sony BMG recalled the disks. That didn’t sit well with Spitzer, who promptly issued a statement warning consumers and retailers away from the disks. “It is unacceptable that more than three weeks after this serious vulnerability was revealed, these same CDs are still on shelves, during the busiest shopping days of the year,” Spitzer said. “I strongly urge all retailers to heed the warnings issued about these products, pull them from distribution immediately, and ship them back to Sony.”
Link here.
Alex Eckelberry
(No offense to Texas!)
Miami police will now will stage random shows of force, asking for IDs and generally making themselves known.
Miami police announced Monday they will stage random shows of force at hotels, banks and other public places to keep terrorists guessing and remind people to be vigilant.
Deputy Police Chief Frank Fernandez said officers might, for example, surround a bank building, check the IDs of everyone going in and out and hand out leaflets about terror threats. Link here.
At the same time, Deborah Davis refuses to show her ID while on a bus and is ticketed.
Federal prosecutors are reviewing whether to pursue charges against an Arvada woman who refused to show identification to federal police while riding an RTD bus through the Federal Center in Lakewood.
Deborah Davis, 50, was ticketed for two petty offenses Sept. 26 by officers who commonly board the RTD bus as it passes through the Federal Center and ask passengers for identification. Link here.
How do you boil a frog? You put it in a pan of cold water and slowly heat up the pot. Our hard-fought freedoms are slowly and inexorably being reduced in the name of national security.
Alex Eckelberry
180 Solutions CEO Keith Smith talks about people like us.
The bottom line here is that scanning applications have every right to tell the user exactly what is on their computer and to delete any program that the user chooses, so long as the scanning application provides clear and accurate explanations of what the programs in question actually are and do. Given the fact that some scanning applications will continue to create their own criteria (which some will share and some will keep a mystery) and refuse to engage in meaningful, substantive business discussions about that criteria, as a last resort downloadable applications may be forced to go to court to protect their brands. A legitimate industry standard for best practices is the only answer that can equitably solve this issue. As we all know, it’s close to impossible to get an entire industry to agree on general principles, but until this happens and it is adopted universally, the fight between downloadable programs and scanning applications will rage on.
Link here.
Just another opportunity for us to revisit 180Solutions in 365 Days.
Alex Eckelberry
(Thanks Suzi)
Innovation Interactive has been acquired by Japanese company Livedoor.
Innovation Interactive is the parent company of eXact Advertising, makers of Bargain Buddy and other fun treats. Also the focus of some legal trouble…
No news if Livedoor picked up the eXact assets. I’m still working on this.
Link here.
Alex Eckelberry
(Thanks Eric)
Well, actually it’s just Windows booting.
(Click)
Bonus: If hackers ruled the world.
Alex Eckelberry
Hat tip for both to John Murrell.
Interesting article in eWeek by Andrew Garcia on locking systems down.
Barring users from gaining administrative access—and thus restricting their ability to install such unwanted or malicious software—will automatically tighten security and will garner other benefits as well.
Link here.
Pretty pictures here.
Alex Eckelberry
This is interesting. L0phtCrack, a well-known password auditing tool, will no longer be available to overseas customers. The reasons are apparently related to US government regulations. Link here via Donna.
John the Ripper should suffice for those who are concerned about buying L0phtCrack overseas.
Alex Eckelberry
Well this has got to be rather embarrassing. But as the article highlights, it’s not the first time it’s happened — other manufacturers have occasionally had the same problem.
Japanese peripherals manufacturer I-O Data Device has offered product exchanges after it discovered it had shipped out a batch of hard discs contaminated with viral code. Portable hard disk drives in I-O Data’s HDP-U series might be infected with the Tompai-A, a worm that gives hackers backdoor access to compromised machines.
Alex Eckelberry
We have quietly released a new definition set of CounterSpy that decloaks the Sony rootkit. This means that it gets rid of the driver (Aries.sys) that gives the Sony DRM functionalist its hidden rootkit capabilities. This is the same thing that Windows Antispyware is doing.
However, it does not remove the Sony DRM files themselves, as doing so can wreak by causing the CD drive to become inoperable (thanks Sony). Note that the Sophos uninstaller also just does a decloacking.
I’m not aware of any utility that actually removes these DRM files (not just decloaking). Microsoft has announced that their Malicious Software Removal tool will remove it, but I suspect it will also be just a decloaking.
Sony provides no way for their DRM files to be removed through Add/Remove programs. Instead, one has to go to their website to do a full uninstall or go through a cumbersome manual uninstall.
CounterSpy 1.5/CounterSpy Enterprise 1.5: Definition 261
CounterSpy 1.0: Definition 256
Alex Eckelberry
11/30 UPDATE: Kelly Mackin over at Computer Associates pinged me to let me know that PestPatrol removes the sony rootkit.
They remove:
So, as far as I know, they are the only ones that actually remove the rootkit completely. All others (including the Sophos tool and our own CounterSpy) “decloak” it, meaning to expose it so it’s no longer acting as a rootkit.
While I’m not supposed to be thrilled to promote a competitor, I have to give them grudging respect for this feat, no small technical challenge.
Link here.
Alex Eckelberry
Rufus is an alternative to BitTorrent. BitTorrent portal TorrentSpy has licensed their own version of Rufus and is including WhenU SaveNow in it.
Note that if you download Rufus from its site, you won’t get adware.
It’s currently advertised on the front page of TorrentSpy:
There is no disclosure from TorrentSpy that adware is included on their download page:
We’re proud to announce the release of our official BitTorrent client. Torrentspy Rufus is a freeware application that will allow you to download the torrents indexed by our site. The Rufus client will make downloading files via BitTorrent a breeze.
Torrentspy Rufus is a powerfull [sic] Python BitTorrent Client. It supports many advanced options such as speed limits, proxy and port mapping, simultaneous downloads and fast resume, torrent searching and more!
Make the Change to Torrentspy Rufus Today
Uninstall those clunkly BitTorrent programs and try out our official Torrentspy Rufus. This application is certified by us and is our reccomended [sic] client.
It is only disclosed when the user downloads the application.
At least they are bundling WhenU, a relatively tame adware program that has decent notice and disclosure and is removable from the add/remove programs. But it does produce pop-ups.
The author of Rufus is not happy about this.
You are right, I’m not liking this. Monk2000 gave me a heads up in an email and I’m now trying to sort it out. I don’t want Rufus associated with adware at all.
Here is what is happening:
I’m affraid [sic] to say that this is partly my fault – Torrentspy’s client is the prebeta 0.6.8 which I had released to a few people for testing as I wanted to make sure that the fast resume was working correctly.
In this version I also added some code to allow for an image and text to be inserted into Rufus allowing it to be branded – this was requested by torrentspy as they wanted to release Rufus with their logo on it which I had no problems with at the time.
I personally loath adware and it makes me cringe to think that it has been bundled with Rufus. I had no idea that they were going to include adware with their install and have contacted the TorrentSpy admins and am trying to sort it out.
Also as superontvetter said, I’m having computer problems at the moment – I dropped my laptop (main Rufus dev environment) and am waiting on a new motherboard. It should be here any day now.
I’ll keep you all posted.
Most antispyware programs will remove WhenU SaveNow (although Lavasoft recently announced plans to de-list WhenU, they are apparently still detecting it), but you can just go to the Add/Remove programs and get rid of it if you don’t want it running:
Alex Eckelberry
(Thanks Dan)
There’s this new device from Sonare Technologies (a part of Herman Miller) that obfuscates what you say on the phone so that passers-by or cubicle neighbors can’t hear what you’re saying. It’s marketed at cubicle workers.
To use Babble, which consists of a central device and two speakers, you record a few phrases from a script provided by Babble into the unit. It then uses those samples to obscure your voice as you speak into the telephone. It broadcasts small, separated portions of the user’s speech based on the tone and volume of his or her voice and is supposed to sound like the hum you hear in a busy place, like a shopping mall or a crowded restaurant.
Link here via Catherine (thanks!).
Alex Eckelberry
Microsoft’s new integrated antivirus/antispyware product will be going into broad beta “very soon”.
Also, Gordon Mangione, corporate vice president for Microsoft’s security business and technology unit, has resigned. On a personal note, I have dealt with Gordon in the past and am sorry to see him leave Microsoft. He was the genuine article — a down-in-the trenches developer who rose up the ranks. He was a good guy and I hope he lands well.
Microsoft Watch link here.
Alex Eckelberry
