Month: February 2006

How to Remove Hidden Data from Office Documents

If you use change tracking, how can you be sure that only the final version of the document makes it to the recipient, and that first draft text isn’t still hiding in there somewhere, waiting to embarrass you? All changes should be removed if you click Accept All Changes in the Reviewing toolbar. See more detailed instructions here.

You can also use the Remove Hidden Data utility to get rid of tracked changes and comments in Word XP/2003 documents. Download it here.  

If you don’t quite trust these methods, one sure-fire way to ensure that your document doesn’t include your tracked changes is to convert the Word document to a PDF. You don’t have to buy Acrobat — you can simply use a free PDF tool like CutePDF.

You can also remove metadata from Office documents. This is the information stored with the document that includes such data as the author’s name, organization name, name of the computer on which it was composed or server on which it was stored, template information, hidden text or cells, comments, and other file properties or summary information. For instructions on removing metadata, click here

Deb Shinder

A False Sense of Security?

As privacy becomes more and more of an issue for computer users, many turn to encryption software to protect confidential documents and email messages. There are the advantages and disadvantages of encrypting your data, including how just the fact that a file is encrypted may be a red flag that attracts hackers, who have reason to believe the data must be valuable (or at least titillating) since you went to the trouble to try to keep its contents secret.

But the bigger question may be whether encryption really protects your information at all, or just provides a false sense of security. That may depend on who it is that you’re trying to keep out. Certainly a good encryption program will help prevent snooping by co-workers, family members or casual hackers. But if you’re worried about keeping the government from knowing your secrets, will encryption do the job?

Earlier this month, Vnunet.com’s News section ran a story suggesting that Microsoft “may” begin training police agencies to crack the encryption technology in Vista, the desktop operating system slated to replace Windows XP when it’s released later this year. This speculation was based on talk in a U.K. parliamentary committee meeting. 

A lot of folks are up in arms over this possibility, perhaps not realizing that computer forensics is already a big and growing subspecialty for officers of both local and national law enforcement agencies all over the world. Training has existed for years, designed to teach government agents how to decrypt encrypted data regardless of the operating system, and how to discover incriminating data that’s been deliberately hidden on computers or left there inadvertently, even when users think they’ve erased it by deleting files or formatting disks.

Many believe that the National Security Agency (NSA) has the ability to decrypt any existing encryption. Of course, the federal government doesn’t publicly confirm or deny this, but reports surface regularly of deals made by those who make encryption software and devices to provide a “back door” to which the NSA has the keys. For instance, in 1999 a story came out that Swiss company Crypto AG had built a back door for the NSA into their encryption devices and it was being used to decrypt messages of foreign governments containing military secrets and other sensitive information.

Many experts agree that the next stage in computer technology will be quantum computing, machines based on quantum physics that will allow for computers that are orders of magnitude faster and more powerful than today’s supercomputers. Such technology would render all of today’s encryption methods easily breakable (and would also result in new, far stronger encryption solutions). Some believe the NSA or some other secret government organization has already built such machines. Whether they already exist or not, it’s a good bet that governments with vast financial resources will have access to them first (and maybe exclusively).

Some folks don’t see anything wrong with any of this. They believe that the military and law enforcement need to have every tool possible to fight crime and terrorism, and that those who have nothing to hide won’t mind that their secrets can be probed whenever the government wants. Others are appalled at the idea that “Big Brother” can read their encrypted email, even if there’s nothing incriminating in it.

But you don’t have to be encrypting your data to have a false sense of security. Many computer users still think that when they delete a file, it’s gone from their hard disk. That’s not true, and that’s why File Recovery programs work. These programs have been lifesavers for many who have accidentally deleted their homework or the Great American Novel they’re writing, but have also proven to be a source of chagrin for people from pedophiles to cheating spouses who’ve thought they disposed of the evidence only to have it come back and haunt them. Even reformatting your disk doesn’t get rid of the data. To do that, you can use an overwrite program that will write random characters to your disk over the “deleted” data, use a strong magnet to wipe all the data off the disk, or physically destroy the disk. Even if you do one of these, remember that copies of your document or email message may still be residing on one or more servers somewhere.

Features in some applications have also resulted in embarrassment to those who don’t understand how they work. For example, many companies use the Track Changes feature in Microsoft Word when collaborating on or editing documents. Depending on Word’s settings, those changes may or may not be displayed. More than once, edited documents have been sent with the edits still available to be viewed by the recipient when this was not what was desired. For an example of this, see another Vnunet.com article here.

Have you been operating with a false sense of security? Or do you even bother to try to protect the privacy of your data? Should the government and law enforcement officers have access to “back doors” in software to allow them to decrypt information if they need to in investigating criminal activity? Should they be required to get a warrant first, or would that prevent them from being able to effectively protect the public? Is encryption that can be cracked worthless, or should we look at it as analogous to locks on our doors – a deterrent, but not something that’s expected to keep a really determined intruder out? Let us know what you think.

Deb Shinder

More on 12Dailypro

Yesterday, I blogged about the shutdown of 12dailypro, a website allegedly operating a Ponzi scheme. However, the link I had in there may not have worked, as it was a paid WSJ article. I have a new link that’s got the vital info, without any payment required. 

This is pretty big news.  This is a $50 million Ponzi scheme.

The U.S. Securities and Exchange Commission alleged that Charis Johnson, 33, raised more than $50 million from more than 300,000 investors by convincing visitors to the Web site that they could earn a 44 percent return on their investments in 12 days by looking at Internet advertisements.

The scheme, which the SEC calls “paid auto-surf,” required users to buy $6 “units”—up to a maximum of 1,000 units—and to view advertisements from what were described as paying advertisers

Link here.

 

Alex Eckelberry
(Thanks, Larry, for the link)

 

 

Advocate group says Yahoo helped China

According to Reporters Without Borders, Yahoo and its local partner, Alibaba, helped the Chinese government nail Li Zhi.

Reporters Without Borders said it had obtained a copy of the court verdict against Li Zhi (below), a former official jailed for eight years in December 2003, confirming that US firm Yahoo ! collaborated with the prosecution, as did local competitor, Sina.

“The Li Zhi verdict shows that all Internet sector companies are pulled in to help when the police investigate a political dissident,” the press freedom organization said.

Link here along with the actual transcript of the verdict in Chinese (if you’re fluent, feel free to comment on this blog).

Li Zhi is the man who got “eight years in jail for trying to query and join a democracy group from his home in Sichuan.” What an evil man! 

However, another source, Roland Soong, says the whole thing with Li Zhi is overblown:

Roland Soong, a highly regarded translator and media researcher who is the author of the EastSouthWestNorth blog, did not dispute reports that Yahoo provided Chinese police with evidence used to build a case against Li. However, he said Yahoo’s role in the case has been overblown, and questioned why the case has attracted so much attention now, nearly two years after the statement was written by Li’s lawyers.

Link here.

It is unclear whether or not Roland he has seen the transcript of the verdict (he’s speaking about the appeal).  Since I don’t speak or write Chinese, it’s difficult to go off of more than just media reports. 

Needless to say, turning over personal information that directly supports a government’s reprehensible human rights violations is difficult to excuse.  Internet companies say “we’re just obeying the laws of the land”. We’ve heard that before, but I won’t bother to push hard analogies out of respect to Godwin’s Law.   If turning over the email records of some poor sod who spoke his mind ends him up dead or in prison for years, you just can’t do it. 

Remember, Zhao Yan faces 10 years in prison for “endangering state secrets” (what those state secrets are, no one knows).  Li Zhi got eight years in prison for applying for membership to a banned political party.  Shi Toa got 10 years for a similarly minor violation. 

Of course, I would be jailed for this blog entry in China.

Alex Eckelberry
(Hat tip to Fergdawg)

 

Cleansweep

12DailyPro, a website that paid people to click, is being nailed by the SEC.  Allegedly a Ponzi scheme.

“Started last spring, 12DailyPro promised “members” that they could earn 44% returns on their money in just 12 days simply by viewing Web advertisements. Thousands of people from all over the world put up membership fees of as much as $6,000 every dozen days. For a while, some got the profits promised. But early this month, 12DailyPro essentially shut down after its primary online-payment processor, StormPay Inc., froze the company’s funds, saying it had been alerted that 12DailyPro may have been conducting a fraud.”

WSJ story (may require subscription, I’m looking for a better link)

A curious side story: Remember Barry Minkow, who started the ZZZZ Best Co carpet cleaning company that was subsequently busted as a massive fraud?  It was was a classic story of 80’s greed.  Barry served some hard-core time in prison and subsequently wrote a couple of self-redemption books, including one entitled Cleansweep.  (I only know this as I was given the book as a gag gift years ago because I launched a product by that name at Quarterdeck.)

Well,  Barry helped bust this site:  

“A key figure in the shutdown of 12DailyPro was Barry Minkow, a former carpet-cleaning executive who was convicted of securities fraud in the 1980s before he turned to helping regulators and investigators detect other frauds.”

Good for him.  

 

Alex Eckelberry 
(Hat tip to Richard)

Azoogle cans 180solution, Direct Revenue

Azoogle, a fairly well-sized 3rd party ad network, has canned 180Solutions and Direct Revenue.  That means they will no longer be placing ads through these adware programs. I was grumbling about third party ad networks at the Antispyware Coalition workshop and am glad to see some movement here. 

From Wayne Porter:

AzoogleAds terminated their relationship with 180solutions (MetricsDirect) today and DirectRevenue will be terminated as of March 3rd. Sources inside AzoogleAds said these relationships are being terminated due to the feedback that was received during the Anti-Spyware Coalition Public Workshop: Defining the Problem, Developing Solutions earlier this month which the Company attended. It’s great to see this move by AzoogleAds, and they deserve positive feedback no matter what you think of their past choices.

Link here via PG.

If you’re curious, you can hear Don Mathis (sp?) with Azoogle talk to a panel at the Antispyware Coalition here (at about 58:00).  He makes the comment that they have discovered that “greater transparency is expected” by ad agencies, etc., and said that adware advertising represents less than 5% of their revenues. However, it is clear from his discussion that they would still be fine with advertising through adware, if it was TrustE certified or something of the sort.

The situation with third party ad networks is worth briefly highlighting for those still learning the economic side of adware. (To cover the basics and the language of online advertising:  A website, called a “Publisher”,  contacts a third party advertising network and signs up with them to find advertisers.  Available space for advertising on the website is called “inventory”, which might encompass pop-ups or banner ads. The Publisher puts a snippet of code on their site, and the third party ad network goes off and sell ads for the website.   Examples of third party advertising networks are Advertising.com and 24/7 Media. This model extends to adware, in which adware companies sell advertising inventory —usually popups — that’s on PCs, as opposed to a website.)  

At the Antispyware Coalition workshop, Ben Edelman showed a slide where a Columbia House ad had been delivered through adware back in October of last year.  However, it wasn’t placed by Columbia House.  It was placed through a string of intermediaries.   

Here is the ad for Columbia House showing up through a popup from Icannews, an adware program.

Edelmancolumbiahouse138

The ad didn’t come from Columbia House.  It started with aQuantive Atlas, which bought inventory from Yfdmedia, which bought inventory from Azoogle, which bought inventory from MyGeek, who ultimately placed the ad with Icannews.  Phew!

So here is what the chain of intermediaries on this particularly Columbia House looked like:  

Columbiahousebenedelman

You can see the original slides here (and many thanks to Ben for his excellent analysis).

This little incident clearly demonstrates what a lot of people already know:  One of the ways adware companies make money is by selling advertising inventory through third party ad networks.  It also highlights the occasional complexity of the problem, as to how advertisers can control where their ads are placed.  In other words, if I were running marketing at Columbia House, would I really want my ads to appear in adware?  One hopes not. But it’s not always that easy to control where your ads actually land.  Even McAfee, a noted security company, has been found placing ads inside of adware.  I’m sure they didn’t want that.  But it happened.  

Are intermediaries, such as we see above, always involved?  Not necessarily.  Ad industry pundit Pesach Lattin tells me that these types of complex intermediary relationships are only done on the CPA (Cost-Per-Action) side of the business, and “most large networks do not allow this and its usually done without their knowledge.” (“Cost per action” is a an advertising payment model where the advertiser only pays on actual results, such as a lead generated, not impressions or clicks.)

Now, third party ad networks are getting better about placing ads through adware.  After AOL bought them, Advertising.com took a $10–$15 million hit in revenue by no longer placing ads through adware at the insistence of AOL (that was roughly 10-15% of Advertising.com’s revenue).  And Azoogle, who claims that less than 5% of their revenue is through ads placed in adware, is already cleaning their channel up. 

What’s the solution? One option is that that advertisers start getting signed certifications from their third party networks that no ads will be placed on adware.  If so, there’s no payment.  That will kill a big part of the economic incentive.  And, in fact, there’s already this type of pressure occuring from advertisers. 

However, you’re relying on advertisers to have ethics, to care, or to even have a clue, and that’s not always realistic. There will always be unscrupulous advertisers and, one can assume, unscrupulous third party ad networks.  In other words, as a third party ad network, you may not get Chase Bank to advertise with you, but you might get “Fun n’ Breezy Vacations” or “Happy Mega Casino”.  If you can’t make it with the A-players, just lower your standards.

A third-party certification model is an option. According to a talk I had with AOL VP Jules Polonetsky  at the Antispyware Coalition Workshop, this was done with a fair amount of success in the pharmaceutical field, where illegitimate online drug stores were advertising through third party ad networks.  A certification program was put into place, and things got better. It’s also what TrustE is trying to do with their Trusted Download Program.  Through their certification program, adware programs will be certified, which means that third party ad networks will point at the certification as a validation.  Remember, though, that what they’re doing there is certifying adware.

In the end, though, there probably isn’t a permanent solution.  There will always be some third party ad networks who always advertise to some degree or another on adware programs.  We can at least attempt to lower the chances of that happening.

Alex Eckelberry

This Origami thing looks pretty interesting

Microsoft’s new ultra-portable PC, code-named Origami, is supposed to be announced on March 2nd.

Origami13421008

Origami23421008

There’s a teaser video here (via Microsoft Watch).  It’s useless.

However, DesignTastesGood seems to have figured out what it may be. You can get a glimpse of what I think it may be by going to this link, clicking “Enter”, then “Work”, then “BrandTheatre”, then “Microsoft Origami”.  

Alex Eckelberry
(Additional hat tip to Scoble)

IT war stories

IT managers and support people the world over have to have one key character trait:  Extreme patience.

Networld World has pulled together a bunch of stories from IT managers about some of the more curious things that have happened to them in their careers.  Some examples:

“In the early days of PC’s most everything was stored on floppy disks. It was fairly common for these disks to eventually go bad. I was able to retrieve most information off of floppies using some bit level utilities. Word of my skills were talked about around the company and I was well known. One day I received a call from a sales rep on the west coast. He had a floppy that had a sales quote he spent a lot of time working on and the client needed it soon. He asked of I could recover the data off of it and I told him to send me the disk and I’d look at it. About 30 minutes later the receptionist in our area walked to my desk and had a perplexed look on her face. She held up a fax of a floppy from the sales person.”

and

“I have a user that complained that his sytem was not working and that it was mission critical. He was down and I needed to fix it. He told me that the PC would not boot. I asked him to check and see if the powerstrip under his desk was tripped. He told to wait that he would have to get a flashlight. I said “what do you need a flashlight for?” I told him that it was right next to the desk. He told me that it was difficult to see because they had a power outage. I hung up the phone.”

Link here.

Got any stories of your own?  Post away.

Alex Eckelberry

Upcoming workshop on Spyware

The Information Law Institute is holding a workshop on spyware in New York, March 16-17. Eric Howes, our director of malware research, will be there.

Join us for this workshop when experts from academia, industry, government, and public interest advocacy organizations examine spyware in the broader context of computer security, governance of the information infrastructure, and the rights of individual computer-users in relation to public and commercial institutions with which they interact online. Panelists will address questions about the nature of spyware, its prevalence, it perpetrators, its harms, and its victims. They will reveal motives and incentive structures behind it as well as the technical and regulatory context that makes it possible, and they will deliberate over solutions strategies, whether individual or social, whether technical, economic, educational, or legal. Our aim is to achieve meaningful progress toward a well-rounded understanding of spyware and related issues at the intersection of computer security and social values. We anticipate and welcome a diversity of viewpoints and voices.

Link here.

Alex Eckelberry

Analysts

Gartner, Forrester and the rest are an integral part of the tech marketing community.  Conventional wisdom is that if you want to get into the enterprise software market, you need to work with these groups.  This may or not be true, but that’s what a lot of PR agencies preach.

But can you trust them as an enterprise customer or as a reader of the latest article that relies on analyst information?

InformationWeek has a fascinating article entitled “Credibility of Analysts”. 

Research firms make their living by offering expert advice to business and technology people about the best ways to invest their IT dollars. It can be invaluable insight, but only if that analysis comes with no strings attached. And on that, there’s no guarantee.

Forrester, Gartner, IDC, and others insist their output is squeaky clean, yet they also rake in millions providing services to the very same companies they monitor, heavyweights like Cisco, IBM, Microsoft, and Oracle. Which leads to a question that continues to dog the research firms: How much influence do technology vendors have over their work?

Link here.

 

Alex Eckelberry

PC World review of virus busters

A bunch of AV products reviewed. 

Link here.

One thing was surprising:

All of the products we tested come with e-mail technical support for the duration of the virus-software subscription (one year for the paid programs and indefinitely for the free ones). BitDefender, F-Secure, Kaspersky, Panda, and Trend Micro all offer free telephone support–on weekdays, at least. Symantec’s phone support costs $30 per incident; McAfee charges $3 per minute for help. If you think you might wind up needing phone support, you should consider these prices when making your buying decision. One or two lengthy calls could add up to the price of the software.

I’m not sure if this is accurate — does it really cost this much for support at McAfee and Symantec, even if you’re under subscription?   Anyone know?

Alex

The AV industry and its problems

Back in November, Eugene Kaspersky wrote a fascinating overview of the AV industry.

What problems might the antivirus industry be facing, apart from the market headaches which plague any manufactuer of consumer goods. We all know that viruses exist, and so do antivirus solutions. It might seem that antivirus solutions are a standard consumer product – one solution barely differs from the next. Users choose their product according to design, or marketing, or for some other non-technical reason. Given this, an antivirus solution is, in theory, just another consumer product, like washing powder, toothpaste, or cars.

Unfortunately (or perhaps fortunately) this is not the case. Users often chose an antivirus solution for its technical characteristics, and these differ widely between products. Users often focus on whether or not a specific product protects against a specific type of cyber threat, and the overall level of protection offered.

Not everyone may have seen it, so the link is here.

Alex Eckelberry

180Solutions issues mea culpa

We’d like to bring readers up to date about the illegal force-install of 180solutions’ Zango Search Suite software that Ben Edelman documented on Monday.

As we noted late Monday, 180solutions issued a press release in which the company claimed to have identified and shut down the perpetrator of the force-install documented by Edelman. 180solutions also claimed to have “re-messaged” all the victims of that particular force-install.

From 180solutions’ press release:

“Despite an unprecedented effort by some industry critics to keep secret the critical information that would have led to a quicker shutdown of the fraudulent behavior, the company, through its own policing mechanisms, was able to track down the nefarious actor responsible and shut him down. This rogue publisher will not receive any payment for these installs and as stated in the Code of Conduct, will be subject to further financial penalties and legal action … While a non-trivial software hack was used in this instance to subvert the consent process, the S3 functionality enabled the company to go back and re-message every user who received its software from “Sniper84” and provide them a one-click uninstall.”

As it turns out, the claims made in this press release were innacurate.  When 180 issued the press release, 180 had not yet shut down the perpetrator of the illegal force-installs documented by Edelman, and 180 had not yet re-messaged the victims. 180solutions had managed to shut down someone going by the online name of “Sniper84” for violations of the ZangoCash affiliate agreement, but Sniper84 was not the party responsible for the bad installs documented by Edelman. 

They have issued a blog posting, entitled “Mea culpa”:

On Monday, we announced we had shut down a hacker responsible for forcibly installing our software. Those forcible installs were done without our authorization and were contrary to our policies. At the time, we believed this was the same individual Ben Edelman had (cryptically) described, but purposefully not fully identified, in a post to his website earlier that same day. 

As it turns out, we didn’t get Mr. Edelman’s guy on Monday. The guy we got on Monday, Sniper84, was also installing our software in the same unauthorized manner. The hacker Mr. Edelman discovered, csk2000, was shut down early Tuesday afternoon after we were finally able to identify him in the course of our ongoing investigative efforts. (Security researchers at Sunbelt Software have since confirmed that we found the “correct” culprit on Tuesday.)

So only later -– sometime on Tuesday or early Wednesday did 180 finally manage to shut down the true perpetrator of the exploit-driven installs Edelman found.

How do we know this?

Well apart from 180’s blog posting, it had struck us as odd that 180 would have managed to identify and shut down the party responsible for the installs discovered by Edelman so soon. 180’s press release came within hours of Edelman’s own report, and Edelman had purposefully not identified the web site at which the exploits were being performed. Moreover, Sunbelt’s own investigation had turned up nothing to point to any person going by “Sniper84.”  How could 180 figure out this puzzle so quickly?  If 180 could figure this out substantially on its own, why had 180 needed Edelman’s initial report in order to take action here.

Also puzzling was the fact that our infested machines had not been “re-messaged” with a “re-opt-in” box and “one-click uninstall,” as 180 claimed had been done for victims of the rogue installs.  We browsed on multiple test machines, but we never got this prompt, and neither did Edelman.

A Sunbelt researcher re-staged the exploit on Tuesday morning, confirming that the perpetrator’s 180 installation files still worked as usual.  This fact is revealing, because 180’s installation system lets 180 halt installation by distributors who have been ejected from 180’s distributions program. If 180 had actually managed to shut down the perpetrator of the installs documented by Edelman, as 180 claimed Monday, the Zango installer used in those exploits would not have worked on Tuesday. But it did.

On Wednesday we continued to monitor our test machines. Late afternoon on Wednesday one of Sunbelt’s researchers again re-staged the exploit with the Zango installer used by the perpetrator. This time, the installation of Zango software was stopped in its tracks, telling us that 180 had finally managed to shut down the right perpetrator.

We asked Ben Edelman how 180 could so quickly have identified the perpetrator of the force-installs he documented, especially since Edelman had not disclosed the web site where he found those installs. Edelman pointed to his video which, though scrubbed clean of any info identifying the site, did contain one key bit of data: the extraordinary speed with which the S3 consent box had been dismissed by the exploit software. That bit of data could be used, Edelman noted, to single out these nonconsensual installs in 180’s logs and database: Just look for programs installed less than one second after users were (purportedly) asked for permission. Comments made by 180 spokesperson Sean Sundwall to eWeek seem to confirm Edelman’s suspicion:

180 would have spotted the illegal installs earlier, but lacks an integrated system for monitoring telltale signs of rogue behavior, like an unusually high rate of user acceptance of the 180 software (the rate is typically between 5 and 10 percent), or an unusually rapid consent to the license agreement, Sundwall said.

So, although 180 did eventually identify the perpetrator responsible for the illegal force-installs documented by Edelman, they had not shut down that rogue distributor by Monday, as they incorrectly claimed in their press release.  Instead, 180 wouldn’t actually shut down this installer until sometime Tuesday or Wednesday (the time between our two re-tests of the Zango installer used in the exploit-installs).

Needless to say, this episode points out that the much-ballyhooed S3 technology is not sufficient to block “rogue” distributors. 180’s S3 technology failed to guarantee that users would always have to consent to the installation of 180’s software (as 180 claimed it would) and 180 failed to shut down the perpetrator responsible for the rogue installs exposed by Edelman before it rushed out its press release on Monday.

We are satisfied that the perpetrator of these rogue installs has been shut down.  But 180’s S3 technology has turned out to be far less robust and effective in combating rogue distributors than 180 would have internet users believe.  

 

Eric Howes
Director of Malware Research
Sunbelt Sofware

Oh that has to hurt

Big disk full of personal information on McAfee employees lost.

Deloitte & Touche confirmed the incident. “A Deloitte & Touche employee left an unlabelled backup CD in an airline seat pocket,” a representative for the professional services firm said. “We are not aware of any unauthorized access to this data in the two months since the CD was lost.”

Link here.

Alex Eckelberry