Month: July 2006

ScatterChat is way for people to secretly communicate via IM.  Designed for political dissidents and the like.  I wish them the best.

Link here via Schneier.

Alex Eckelberry

 

Kids are a great source of spyware infestations.  They click on things.  And spyware vendors may not always care…

Case in point: Mark Arruda, who specializes in marketing stuff to MySpace junkies.

Average age of visitors to his website:  Between 13 and 18.

From Chris Boyd:

Mark, you may remember, is the guy who advises people with Myspace accounts to add Zango videos (complete with Adware) to their profiles. He doesn’t mention Zango will be served to visitors in return for them hosting the clips on their profiles, and all of these antics also completely break Myspace Terms and Conditions.

More here.

Alex Eckelberry

PR people do funny things, especially when it comes to computers, email and the Internet in general.

Take this one PR person, who spammed the world for an antispam company:

In this instance, however, the mass mailing was readily apparent to all because the “To:” field of the e-mail was populated by 116 clearly visible names — our 11 staffers, the three exes, and 102 other journalists. 
 
And if that wasn’t enough to convince every targeted scribe that he or she was getting a less-than-exclusive interview opportunity, there was this personalized method of address:
 
“Hello [RecipientFirstName]:”

Remember:  This is an antispam product being promoted.  Link here via /.

Then another one, who made misspellings in a press release, that was for a company that, umm, corrects typos and mispellings.

A company that sells software to correct irritating Internet spelling mistakes has reissued its latest news release to correct a minor snafu.

TextTrust, which says it focuses on “eliminating the negative text impressions on Web sites,” re-released a Tuesday news release to correct a mistake that listed the most common spelling errors on “the 16 million we (sic) pages it has spell checked over the past year.”

To which the company rep responded bravely (and contritely):

It’s very embarrassing,” said Pat Brink, PR consultant for the Toronto-based company. “I made the mistake, not TextTrust — they do a much better job, It’s certainly egg on the face of this public relations person.”

Link here (thanks Catherine).

(Of course, I’ve never made mistakes like this).

Alex Eckelberry

As we’ve said before, Warner Brothers is in business with Zango.

Now, a Warner Brothers kids site is directly promoting Zango.

See it for yourself. 

Blog post here at Do Not Reply (and no, this doesn’t mean that kids are going to now get kiddie porn, which this one post on Digg claims).  There’s also another post here by Jimmy Daniels (thanks Wayne).

Alex Eckelberry

Interesting post by the ubercoders at Agnitum on Kernel Patch Protection (a new security feature introduced by Microsoft for 64–bit systems):

New security measures introduced by Microsoft under the name “Kernel Patch Protection” are being presented to the world as bringing a new level of security to users. This security will be provided by a combination of Microsoft security software and Windows operating system kernel design.

Agnitum security experts have analyzed these new measures, and it is their informed opinion that these measures will actually cause more harm than good, for two primary reasons:

• It will be more complicated for third-party security software companies to install and maintain their software on Windows PCs. In some circumstances, kernel patch protection may even block the installation of third-party security software.

• It will be easier for hackers to share and use this new technology than for legitimate software developers.

Link here.

Alex Eckelberry

From WMF exploits, to adware installations, to investigations by law enforcement, our Favorite Website of All Time, MySpace, is getting to be a pretty rough place to hang out.   

And now Chris Boyd discovers some new fun stuff just today.

First, a bot putting buckets of fake profiles up, and an offer to all potential “sexy and horny webcam models”.

Hey, man, it’s all about the Web2.0 social networking paradigm.  Go with the flow.  Really!

Just block the this site if you’re running a business, and if you’re a parent, keep a very sharp eye if your youngsters are on it—or better yet, ban it. 

Alex Eckelberry

Last year, one of our partners, appliance vendor Mi5 Networks, installed one of their test systems into a fairly large university (Mi5 uses our Linux-based antispyware scanner to scan for spyware coming into the network).

Since it is a well-known fact that university students never touch spyware, porn or P2P,  </irony> it was with some surprise that appliance’s outbound detection found a percentage of its students had some kind of spyware on their systems.

So what to do?  The university could, as a simple measure, purchase an enterprise antispyware desktop application.  However, Mi5 started talking with us about another idea: Putting in place what was later termed a “dissolvable” agent which would be deployed through the appliance.  The appliance could quarantine the system in question, and force the user to run a spyware scan off of the appliance.

We firmed up the plan with the Mi5 team while meeting at the RSA Conference in February and they are now shipping this solution, which they term “Spywash”.

So what exactly is this “dissolvable agent”?  In its current form, it’s an ActiveX control loaded from the appliance (a future version will also run as a Java app).  A page comes up when a system is discovered to be infected, and the user is given little choice but to run a scan.  Once the machine is cleaned, the machine can then access the network without further hindrance.  In the future, more rigorous controls are expected to implemented to fully quarantine the box from the network.

More Sunbelt propaganda here; Mi5 propaganda here.

Alex Eckelberry

 

How to hide user accounts from other users
If you have several users sharing an XP computer and you want to hide the User Accounts applet in Control from those who don’t need to have access to it, here’s how:

1. Click Start | Run.
2. Enter gpedit.msc in the Run box to open the Group Policy Editor.
3. In the left console tree, expand User Configuration | Administrative Templates | Control Panel.
4. In the right details pane, doubleclick “Hide specified Control Panel applets.”
5. Click the Enabled option.
6. Click the Show button.
7. Click the Add button.
8. In the Add field, enter nusrmgt.cpl

How to get rid of old computer names saved in the Remote Desktop Client
If you’ve used Windows XP’s Remote Desktop quite a bit, you might find that old computer names are still there in the dropdown list on my Remote Desktop Connection client. One way to get rid of them is by using a little program called Remote Desktop Assistant that will let you clean up that list in short order. Unfortunately, while the page is up, it looks like the link to the download no longer works.  Luckily, you can also remove entries from the computer list manually, by editing the registry, if you prefer. You can find instructions on how to do that here.

Popup windows still appear with Popup Blocker turned on
In Windows XP SP2, the default setting for the IE popup blocker is “on,” but you may find after installing SP2 that popups still appear even though it shows to be turned on. Now how annoying is that? This can happen for a number of different reasons: the popup window’s sites is in your Trusted Sites, the popup is being opened by an ActiveX control, the popup is opened by some software program you have running on your system. The solution depends on the cause; you can read about some ways to resolve the problem in KB article 843015.

Sounds don’t play after the computer comes out of hibernation
On some Windows XP SP2 computers, you might find that when the computer resumes operation after hibernating, sounds no longer work – but if you reboot, your sounds are restored. This happens because of a problem with the Portcls.sys driver. Obviously, it can be inconvenient to have to restart every time you resume from hibernation (might as well just shut the computer down instead of hibernating). Luckily, there’s a hotfix available for this problem, but Microsoft recommends you apply it only if you’re having this specific problem. If that’s you, you can find out how to get it by reading KB article 892559.

USB device connected to USB 2.0 hub is not detected
If you have a USB 2.0 hub attached to one of the USB ports on your Windows XP SP2 computer, and you connect a new USB device to it, you might find that not only does Windows not detect the new device, but all your other USB devices connected to that hub stop working and you have to reboot to get them back. What’s up with that? Seems it’s caused by a conflict between the USB 2.0 driver and the Enhanced Host Controller Interface (EHCI) specification. The good news is that there’s a hotfix available for this one, too. Find out how to get it from KB article 892050.

How to share your Windows Calendar in Vista with others
One of the cool new applications in Vista is the Windows calendar. Previously, you had to install Office with Outlook or a third party calendaring application, but now there’s a built in calendar, where you can enter your appointments and events, set reminders, and invite participants. It also includes a task list. Best of all, you can easily share it with others. Here’s how:

1. In the toolbar across the top of the calendar, click Share.
2. Select Publish.
3. Type in a name for the calendar and enter a location to publish (or browse for one). You can publish your calendar in a network folder or on a Web server.
4. Select whether you want changes you make to the calendar to be automatically published.
5. Check the checkboxes for the calendar details you want to publish (notes, reminders, tasks).
6. Click the Publish button.
7. After your calendar is published, you can click the Announce button to send email to people with whom you want to share the calendar.
8. Click the Finish button.
9. Now other Vista users can share your calendar in their own Calendar application, or others can access it on the Web if you published to a web site.

Vista Remote Desktop provides a new layer of security
Remote Desktop, the mini version of Terminal Services built into Windows XP and now, Windows Vista, is a great convenience for those who want to use the desktop of another computer on the network without physically going to that machine. But security has always been a concern, especially when using the Remote Desktop Protocol (RDP) over the Internet. Windows Vista supports a new feature, Network Level Authentication, for RDP connections. This adds security by authenticating users before establishing the full Remote Desktop session. Read more here.

Vista helps you keep data in sync
One of the new features in Vista is the Sync Center, which provides you with a centralized place for synchronizing with network folder, mobile devices like your Pocket PC, flash memory cards, and other compatible applications. You get to the Sync Center by clicking Start | All Programs | Accessories | Sync Center. Here you can set up and manage synchronization partnerships. You can schedule automatic synchronization (every day, every week, every month, whenever you log onto the computer, etc.). When the Sync tool performs a synchronization, it checks the copies of the files in both locations of the partnership and updates them so that they match. You can read more about it here.  

The missing Run box
Last week we reported that the Run box is now hiding in the Programs | Accessories menu. What we didn’t say (and thanks to David U. for pointing it out) is that you can also use the Search box in the Start menu to run programs, rendering the old Run box no longer necessary. Another alternative, pointed out by Lloyd M., is to use the Windows Key + R keyboard shortcut.

Deb Shinder

We’ve all seen the sci-fi movies where futuristic computer users are able to connect their brains directly to the network, usually via nice little ports implanted in their necks. No need for a keyboard or mouse to input data, no need for a monitor to view the system’s output. Of course, in those movies, something very bad usually ends up happening to our plugged-in hero. It’s annoying and expensive when a power surge blows your monitor but it beats the heck out of having the same thing happen to your grey matter.

It makes for a cool storyline – but are we getting close to seeing it turn into reality? This article on CNNMoney.com (hardly a haven for off-the-wall technology predictions) describes how it’s already happening.

Short version: A quadriplegic man has learned to control his computer using just his brainwaves, which are translated by a tiny implant that reads the electrical impulses from his brain. What are the ramifications for the rest of us?

Some scientists are predicting that one day, interfacing with your computer via a keyboard will be just as obsolete as throwing binary switches or punching paper tape to input data is today. And of course, networking is already all about communicating and collaborating with others. We use the network to send email or instant messages. In the future, when we’re all plugged in, will we enjoy a technology-assisted form of telepathy, where we only have to think our message to have it delivered directly to the recipient’s brain?

I have to admit that, much as I generally love to be on the cutting edge of new technology, I’m more frightened than excited by the prospect. First of all, imagine the security issues that would arise with this scenario. I feel violated enough if my computer’s hard drive gets hacked; I don’t think I want to deal with attackers whose viruses install a “back door” to my cerebral cortex. And the thought of all that brain spam cluttering up my thought processes makes me shudder.

It just so happens that I really like my keyboard. As a writer, I’ve often said I tend to “think with my fingers” – that is, I can compose better material, more quickly, typing on a keyboard than I can without it. That’s why I’ve never much liked any of the voice transcription software I’ve tried. Even if it were completely accurate, I just don’t feel as natural speaking my thoughts as typing them. Of course, it helps that I can touch type at around 90 wpm. I recognize that some folks probably feel just the opposite, and others have no real choice because they’re physically unable to operate a keyboard. But I think I’ll be keeping my old input methods for the foreseeable future.

What about you? Are you eagerly looking forward to the day when you can become one with the network, or does the idea make you a little uneasy, too? Do you think this technology will really spread to the mainstream, or remain a specialized tool for the disabled? What benefits and dangers do you see attached to such direct connections?

Deb Shinder

A little break from security… I’m off for the weekend now, but here’s a little nasty puzzle that I predict will cause many lost hours by many over the next few weeks.    

http://n.nfshost.com/1.html

How high can you get? 

(If you need justification, just tell yourself that you’re exercising your mind for that next pen test you’re working on).

Alex Eckelberry
(Hat tip)

Sunbelt’s creative director, Robert LaFollette, is a peripatetic fellow, wandering around the state during his time off with camera (and his wife) in hand.  He’s been the subject of a number of blog posts here. 

His best trip yet was a trip last weekend to the Keys, and he’s got pictures to prove it. 

Link here.

Alex Eckelberry 

WMF exploit hits unpatched machines through a banner ad. 

An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company.

Link here.

Alex Eckelberry

Our Dear Friend Leo Stoller, the trademark troll going after security site CastleCops for the use of the word “castle”, has been pwned by none other than the US Government: 

On July 14th:

the TTAB has sanctioned Leo Stoller for his “misuse of the TTAB’s procedures” by filing more than 1,800 requests for extension of time to oppose since November 2005. The Board, in its 15-page letter addressed to Stoller, found that the filings were made “for improper purposes, namely, to harass the applicants to pay you to avoid litigation or to license one of the marks in which you assert a baseless claim of rights.”

Link here.

It gets funny though.  Stoller is going down fighting. :

This is not the first time that the US Government has falsely accused a citizen and it will not be the last. Fortunately the US Constitution provides equal protection under the law and is the citizen’s best shield for such unconstitutional attack on a citizen rights.

Hey Stoller, just what part of the constitution protects trolls, eh?   

Alex Eckelberry

I get comment spam all the time and just remove it.  However, one little spammer is really starting to piss me off.

Those who read the comments section of this blog will routinely see this post by “Simon Scatt” (I remove it usually within a few hours):

He has three links in this comment spam:

http://download(dot)softsecurity(dot)com/1/14/prvkbd(dot)zip
http://elias(dot)trap17(dot)net/security(dot)php
http://download(dot)softsecurity(dot)com/1/14/prvkbd(dot)zip

His posts come from IP 213.179.251.29.

I checked with Chris Boyd over at Vitalsecurity and he’s getting this troll as well.  Chris believes that Simon is actually hand-crafting each comment spam — it’s not being done by bot.

I don’t know what this PrivacyKeyboard is or what Raytown Corporation LLC is but I would strongly advise against having anything to do with this company, product, or Simon Scatt for that matter.

 

Alex Eckelberry

See how you score on this quiz.

More here.

Alex Eckelberry

We posted two updates today on our site.

Sunbelt Kerio Personal Firewall version 4.3.268

• Fixes vulnerability (advisory 2006-07-15.01) as described by matousec.com.
• Updates to resolve General Protection Faults.
• Corrections to the foreign translations.
• Enhanced the update check capabilities to update language files and IDS rules.
• Digitally signed the drivers, program files, and installer.

Download link here.

Sunbelt Messaging Ninja Build 2.0.1734

A number of items have have been addressed in this update of Ninja, as described here.

Alex Eckelberry

Ben Edelman thinks so:

For years, my manual and automated testing have documented Vonage ads appearing in all the major spyware programs. Now that Vonage has completed its IPO — itself promoted as a way to raise more money to buy more advertising — this page presents twelve recent examples of Vonage ads appearing in spyware.

More here.

Alex Eckelberry

How to create keyboard shortcuts for programs
Some folks prefer to keep their hands on the keyboard and use the mouse or trackball as little as possible. This allows for faster typing and input of commands. Want to start a program with a key combination instead of clicking through menus or clicking on desktop icons? It’s easy in XP:

1. Right click the program icon in the Start menu (or a desktop shortcut to the program).
2. Select Properties.
3. Click the Shortcut tab.
4. Click in the Shortcut Key field.
5. Now press the combination of keys that you want to use to start the program. The combination must include two of the following keys: CTRL, ALT, SHIFT, plus one alphabetical, numeric or symbol character (for example, CTRL+SHIFT+Y).
6. Click OK.

Security Accounts Manager Initialization Fails
If you start the computer and get an error message that says “Security Accounts Manager initialization failed because of the following error: a device attached to the system is not functioning,” it’s probably because your SAM file has become corrupted or accidentally deleted or moved. The SAM is the database that holds the computer’s user accounts. You can restore the file from backup or copy a clean SAM from the Windows Repair folder. For instructions on how to perform both of these tasks, see KB article 316751.

Fxssvc.exe causes an error message
If you get an error message on your Windows XP computer that says “Fxssvc.exe has encountered a problem and needs to close,” this can happen because one of the fax jobs in the Queue folder is corrupted. To fix the problem, you can delete the fax queue folder and restart the fax service. For Guided Help (which can automatically perform the necessary steps for you), see KB article 317450.

Taskbar won’t stay on top
If you can’t view the taskbar with a program window maximized on your XP SP1 or SP2 computer, even though you’ve selected the option to keep the taskbar on top of other windows in the Taskbar and Start Menu properties, you might need to get this hotfix from Microsoft. It can be obtained from Microsoft Product Support Services (PSS) and you can find out more from KB article 884539.

Can’t find the Run command?
If you’re beta testing Vista you might find that the Run command has mysteriously disappeared. Well, presumably Microsoft took the Run command off the Start menu to discourage regular users from running commands that might mess up their computers. They might want to re-think that decision, as this is a complaint I’m hearing very often from those who are trying out the public beta. Luckily, the Run command is still there; it’s just hidden a little deeper:

To see the Run command, click Start | Programs, select Accessories and lo, there’s it is. Personally, I created a shortcut to it that I placed on the Quick Launch bar (you could also put a shortcut on the desktop if you prefer – just right drag the icon to the preferred location).

Where’s this new firewall functionality, anyway?
You’ve probably read that the Windows firewall in Vista is improved to allow you to create rules for outbound traffic. But if you double click on the Windows Firewall applet in Control Panel (or through the Security Center), you’ll probably be left scratching your head and wondering where you configure that. Well, here’s the secret: you have to create a custom Microsoft Management Console (MMC) to access the new features. Here’s how:

1. In the Run box (see “Help! I can’t find the Run command!” in the Question Corner section if necessary), type mmc.exe.
2. If you’re logged on as an administrator, click Continue at the prompt. If you’re logged on as a regular user, provide admin credentials.
3. In the new, blank console, click File | Add/Remove snap-in.
4. In the list of available snap-ins, scroll down and select Windows Firewall with Advanced Features.
5. Click Add.
6. In the Select Computer dialog box, select the local computer and click Finish.
7. Click OK.
8. Now you can manage the firewall’s inbound and outbound rules, computer connections and monitoring, import and export policies, etc. with the Windows Firewall MMC.

Deb Schinder

We mentioned earlier that Microsoft was ending support for the Windows 98 operating system. Despite the fact that the OS is over eight years old – absolutely decrepit in terms of the typical software lifespan – more than a few people were more than a little upset about its official “end of life.” Apparently there are still plenty of computer users who are content to keep on using it, at least until the hardware on which it’s installed finally dies.

Some folks continue to run the older operating system, especially in the business world, because they have proprietary applications that are tied to it and won’t run properly or at all on a more modern OS. Others can’t afford the upgrade for dozens or hundreds of machines because it would require substantial costs to upgrade the hardware to meet minimum system requirements for a newer OS. Support for Windows Me also ended on July 11, but it was never as popular as Windows 98 and there seem to be few businesses running it.

“What’s the big deal anyway?” You might be wondering. Just because Microsoft is dropping support doesn’t mean you can’t keep on running the old operating system if you want. That’s true – but “no support” means no new security patches, and that could pose problems not only for the remaining Internet- connected Windows 98 users themselves but also for the rest of the ‘Net, since these unpatched computers could enable attacks to spread across the network.

In a perfect world, then, everyone would upgrade to a more stable, more secure, still-supported operating system. Unfortunately, we don’t live in one of those. Patches or no patches, some people will keep using Windows 98 and Me, and many of those will connect to the Internet. According to a recent article from ZDNet Australia, there are estimated to be 50 to 70 million systems out there that are currently running Windows 9x operating systems (95, 98 and Me). This includes many schools and some government agencies.

Many folks believe Microsoft (and other software makers) should continue to release security updates for all of their products as long as some customers choose to use them. Some have even gone so far as to suggest laws requiring such support. Software vendors argue that all products eventually become obsolete and it’s not the manufacturer’s responsibility to support them in perpetuity. For example, automobile makers weren’t expected to provide free upgrades to old models of their vehicles to install safety features such as airbags that come with the new models, just because some people drive old cars.

What do you think?  Should software vendors provide lifetime support for their products? If so, should that be mandated by the government or should it be a customer-driven business decision? Do you believe unpatched systems pose a real risk to the Internet as a whole? Are you still running old “legacy” operating systems at home or work? If so, why haven’t you upgraded? 

Deb Schinder

Oh precious irony.

Our Dear Friend Leo Stoller, the trademark troll going after security site CastleCops for the use of the word “castle” is now being threatened by Hulk Hogan over Stoller’s claim to the word “hulk”.   Hogan (who incidentally lives a few miles from Sunbelt Software), tells Stoller:

“…should you go forward with the oppositions, we will short-cut the procedure and sue you in federal court, where we are sure to be awarded our attorneys’ fees in addition to any other remedy the court deems fit to award us. We also will be advising our friends at Marvel Entertainment who own the HULK mark and with whom we have a relationship…” 

Maybe Stoller will get his bevy of beauties to form a sort of kung-fu Charlie’s Angels squad to go after Hogan? 

Alex Eckelberry