Month: July 2007

We’ve started a new Sunbelt section on YouTube.  It’s starting small but will keep growing. You can find it here.

Alex Eckelberry

You know it’s been one of those weeks when I ask that question as the title of my editorial. It all started a little over a week ago, when I began having weird little display problems in Windows Vista. Then a few days later, I was in the middle of writing an article with deadlines looming, and suddenly all three monitors went black. That’s never a good sign, and things like that always seem to happen when I’m snowed under with work.

I rebooted, and was able to boot back into the operating system – but found that I had lost both of my secondary displays. What in the world was going on? When I went to Display Properties | Settings, four monitors showed up there (two for each video card) but three were grayed out and marked inactive. Attempting to extend the desktop to any of them had no effect whatsoever.

Those who know me know that I live and die by multiple monitors. It’s difficult for me to do the work I do (research and writing, often involving testing software in a VM while writing step-by-step procedures) efficiently with a single screen. So for me, this is a major problem. The weird thing is that although I had a bit of trouble getting the multiple monitor setup to work initially in Vista, it had been working fine for about seven months. What had changed?

My first thought was that perhaps some update had conflicted with the UltraMon software that I use for multiple monitor management, so I tried closing that program, then uninstalling it and restarting. No change. Next suspect was a “drive by” driver update, so I did a rollback of the nVidia drivers. No change, so I undid the rollback. I had work to do, so I tried working with the single monitor for a while, but I was getting more and more video problems, including short freezeups and flickers. Then I got an error message saying “Display driver nvlddmkm stopped responding but has successfully recovered.”

Well, successful recovery sounded good, but I started getting this same message intermittently, more and more frequently, until it was coming every 30 seconds or so. The screen was frozen in between, so the computer quickly became completely unusable. But at least I had a good idea now that the nVidia drivers were the problem.

I started researching this error message on the web and found that I was, at least, not alone in my problems. One forum, in fact, had about eleven pages of discussion describing the same thing.

Unfortunately, there was no definitive solution, although several people offered advice that they said had worked for them.

I tried just about everything: Last Known Good, System Restore, uninstalling and reinstalling various versions of the drivers, deleting all nVidia files on the computer (warning: DON’T delete nvstor.exe – that rendered my computer unbootable and I had to do a full PC image restore to get it back). Some folks said disabling various software programs, from Windows Defender to Dreamscene, fixed it for them. I tried all that, but still no joy.

I was doing all this in Safe Mode, which ran just fine throughout the whole ordeal. That was another strong indication that it was indeed a driver that was the culprit. I made recommended adjustments to the BIOS configuration and I did a flash update of the BIOS. I tried unplugging the monitor from the older of the two cards (GeForce 5200) and trying it with the two monitors plugged into the newer one (GeForce 7900). That actually got me into Vista with normal bootup again – until I enabled the second monitor. Then I started to get the “nvlddmkm” error message again. And now when I rebooted and tried to start Windows normally, I couldn’t even boot into it. I either got a continuous black screen instead of the Windows logo, or I got a blue screen of death, STOP error 0x00000124.

At least that was something different. I did a web search on that error and found lots of discussions relating it to – who would have guessed? – nVidia drivers. Grrr. I was beginning to feel rather unkindly toward nVidia, whose own web site hadn’t offered any help at all with the problem (although its discussion forums indicated lots of people were having it).

At this point, I tried installing a whole new installation of Vista on a separate partition. Finished installing, booted into it and got (surprise … not) the cursed nvlddmkm error message. By now I was close to pulling my hair out and/or throwing the computer into the swimming pool. But I have a stubborn streak that I inherited from my dad; I don’t give up easily.

My husband was suggesting that it was a memory problem, but I ran memory diagnostics and they found no problem there. And I was just sure it was the nVidia drivers. To prove it, I went back to Safe Mode (by the way, the only effect I noticed from the BIOS flash was that now I could use a higher resolution in Safe Mode, which at least made it a little more pleasant to work with) and removed all the nVidia drivers completely. Sure enough, I could then boot into Vista normally without the blue screen or black screen. However, when Vista started, Windows automatically searched for and installed drivers, but they don’t become active until you restart. I worked for a couple of hours with no problems (but of course, with only one monitor). Then I rebooted, and got the blue screen again because the drivers had been reinstalled.

This time, I booted to Safe Mode and just disabled the drivers instead of uninstalling them. That “stuck” – Windows didn’t try to reenable them and the system was stable with no nVidia drivers. The system was also limited to a single monitor, and that still sucked. I considered my options.

I thought maybe this was the excuse I needed to buy a 30 inch monitor, if I was going to be stuck with just one. Dell has theirs now for a pretty incredible $1499.

I remember just a year ago, the 24 inch was more than that. I just couldn’t bring myself to do it, though. I didn’t want to spend that much money to fix this problem.

I looked into the Matrox TripleHead2Go, an external device for setting up three monitors on one video card. That cost around $250, but I had no guarantee that it would solve my problem, since I might still need the nVidia drivers installed for it to work, and my machine suddenly but adamantly does not want anything to do with those drivers anymore.

The good thing about both of those solutions was that they didn’t require opening the case. Although once upon a time I enjoyed swapping out hardware, those days are long past. The Dell XPS is a monster – heavy as heck – and it lives under my desk. Ever since my back injury, I’ve been loath to try to pick it up. But I finally decided the best solution was to bite the bullet on this one and get rid of those GeForce cards. I had used ATI with no problems for many years until I got this computer. Dell didn’t give me that choice; I had to get it with the GeForce.

The reason I bought the XPS in the first place was because I wanted a system with two PCI-E x16 slots so I could install a second video card. Vista requires that all your video cards use the same WDDM driver, so I had to get a second GeForce to go with the one that came in the Dell. Now I was fed up with nVidia. I was ready to go home to ATI.

So I sent Tom to Fry’s to pick up a Diamond Radeon 1550 with 512MB of RAM. It cost $149, fifty bucks more than I could get it for online, but I was tired of dealing with this and didn’t want to wait. I needed at least two monitors, and I needed them NOW. I sweet talked him into lifting my behemoth Dell onto the table for me, took out the offending GeForce cards and inserted my new ATI, crossing my fingers for luck. Put it back together, hooked up all the cables, booted up and … (c’mon the suspense is killing you, right?) booted right into Vista.

In fact, Vista booted much faster than it ever had with the nVidia cards. No blue screens. No black screens. No nvlddmkm error! I went to Display settings; there was my second monitor, and I extended the desktop to it. Still no problems. And not only that, but the colors were better and everything was snappier. Hallelujah!

I know lots of people swear by nVidia cards and if they work for you, that’s great. They worked for me too, for over half a year. I still don’t know what made them suddenly turn against me, and I don’t know for sure that the ATI card won’t go bad for no apparent reason six months from now. But for the moment, I’m happy again, and I’ve ordered a second Radeon 1550 from NewEgg so I can get back to triple monitors.

ATI saved my sanity this time. How about you? Has your computer done something recently to drive you crazy? Any ideas about how they know when you have the most work that needs to be done and choose that time to go haywire? Have you ever gotten so frustrated with your computer that you just dumped it in the trash and went out and bought a new one? Do you find that you hate dealing with hardware issues more as you get older? Do you have a clue as to what caused my nVidia drivers to become toxic?

Deb Shinder

In a post this morning, Harvard researcher Ben Edelman alleges that Zango has violated its settlement with the FTC earlier this year, carefully dissecting Zango’s installation and distribution practices.

It’s worth reviewing the FTC Settlement:

The settlement bars Zango from using its adware to communicate with consumers’ computers – either by monitoring consumers’ Web surfing activities or delivering pop-up ads – without verifying that consumers consented to installation of the adware. It bars Zango, directly or through others, from exploiting security vulnerabilities to download software, and requires that it give clear and prominent disclosures and obtain consumers’ express consent before downloading software onto consumers’ computers. It requires that Zango identify its ads and establish, implement, and maintain user-friendly mechanisms consumers can use to complain, stop its pop-ups, and uninstall its adware. It also requires that Zango monitor its third-party distributors to assure that its affiliates and their sub-affiliates comply with the FTC order. Finally, Zango will give up $3 million in ill-gotten gains to settle the charges. The settlement contains standard record keeping provisions to allow the FTC to monitor compliance.

This is of some importance, especially in light of the fact that Zango is currently embroiled in a lawsuit with PC Tools over its method of listing Zango in its product.

Alex Eckelberry

That she made a pi.

(Mary Beth in Sunbelt’s tech support made the pi.  Looks quite yummy.)

Alex Eckelberry

Security guru Paul Ferguson has just blogged about some more of these fake “double v” sites that we wrote about last week.

VVINDOWS.COM NS NS1.MYDOMAIN.COM
VVINDOWS.COM NS NS2.MYDOMAIN.COM
VVINDOWS.COM NS NS3.MYDOMAIN.COM
VVINDOWSVISTA.COM NS DNS1.MALKM.COM
VVINDOWSVISTA.COM NS DNS2.MALKM.COM

…. and so on. More of these fun domains at Paul’s blog.

Alex Eckelberry

Truly silly. Halvar Flake, a German security expert planning to do a training to Blackhat attendees (a number of whom are federal security officials, no less), has been refused access to the United States over a technicality (despite never having had such a problem before):

For the next 4 1/2 hours I was interviewed about who exactly I am, why I am coming to the US, what the nature of my contract with Blackhat is, and why my trainings class is not performed by an American citizen. After 4 hours, it became clear that a decision had been reached that I was to be denied entry to the US, on the ground that since I am a private person conducting the trainings for Blackhat, I was essentially a Blackhat employee and would require an H1B visa to perform two days of trainings in the US.

Unfortunately, it’s not often within the purview of bureaucrats to work within the “spirit of the law”. One can only hope that Halvar can appeal to some reason at the consulate.

Alex Eckelberry
(Thanks Andreas)

That’s the words of a federal official on the bust of Suntasia Marketing (also known as Strategia Marketing, as well as a number of other names), an operation which was an allegedly major scam operation that was run out of a large office here in Florida.

Suntasia allegedly had telemarketers call up consumers and offer various travel programs. Customers were asked for their credit card number or checking account information and then got billed, often against the customers wishes. And it was allegedly impossible to stop the billing. (These types of billing schemes are called “negative option”, because the customer has to call to cancel, otherwise get billed).

You can see a video about the scam here.

And here is the picture of a telemarketer’s cubicle:

But how did they do it? I recently met a couple of ex-telemarkers from Suntasia and was curious about their story. Better yet, I decided to record the conversation, which you can hear for yourself.

Stephanie: Well, I started just listening on the phone, you know, to see how they actually talked to the people and how they dealt with the questions that they would ask. And then I started getting on the phone and they had me rebuttal (handle the customer’s objection), rebuttal them. People would not want to give up their account numbers.

We had to trick them just by asking their city, where they bank at and their name, the name of the bank, where they bank at. Then we would pull up their routing number and we would read their routing number to them. By then, the person would be, you know, kind of scared caused they say, “Oh she’s got my routing number.” So we had to explain that the routing number was simply just their electronic address to their bank and that they had to verify their account number.

What we did is, they would say, “No I’m not going to verify my account number,” and we had to rebuttal them. “Well your account is your member ID to your bank.” And they would say no, “I’m not giving it to you.” We had to keep rebuttal, rebuttal, rebuttal. And then finally they gave it up and they, you know, verified their account number and then we put them into the recorded line that they are not being billed, charged for anything TODAY. Which the main key word was for you to say “TODAY.” Because that was stating to the recording that they are not being billed for that day, but that they’re going to be billed for the next, and the next, and next days to come.

So my experience with that was, I was feeling kind of very upset because I tried to get out of that company two time and they just kept telling me “No, its, you know, it gets better. The money, you know, is good, and whatever,” so, but I was very, I was getting very upset because I knew for a fact that it was scamming people all over.

Mp3 here, text transcript here.

Alex Eckelberry

Yahoo is running ads for Zango via third party ad network rmxads.com. And it looks like the ad is optimized for myspace advertising as well…

Alex Eckelberry
(Credit to Sunbelt researcher Patrick Jordan)

A group affiliated with the infamous VxGame Trojan has registered a new site called vvindowsupdate(dot)com.

It was created July 9, 2007, and so far no pages.  However, the two v’s together looks like a “w”, so this is clearly an attempt to fool people into thinking it’s the real WindowsUpdate site. 

Alex Eckelberry
(Credit to Sunbelt researcher Patrick Jordan)

DollarRevenue had gone dark for a time, but it’s now back, installing from a new site, instaffpro(dot)com.

Related sites:

activexrevenue(dot)com
browserrevenue(dot)com
casinorevenueprogram(dot)com
freecontentprogram(dot)com
instaffpro(dot)com
intadvsol(dot)com
slotmachinerevenue(dot)com
toolbarmedia(dot)net

Other implicated sites:
nonameforthisdomain(dot)com
yourstartingpage(dot)com
searchbar(dot)findthewebsiteyouneed(dot)com

Patrick Jordan (aka WebHelper)
Sunbelt Spyware Research

Today, this ad was spotted apparently coming from realtor.com (ostensibly through a third party ad network).  Anyone else seeing this type of behavior on realtor.com?  

Alex Eckelberry

We’re looking for a Senior Security Response Engineer to join our antimalware team.

We’re doing some seriously bleeding edge stuff, so this is the place to be if you want to be involved in some of the most interesting research in the business.

Responsibilities: The Senior Security Response engineer will serve as a technical supervisor to a team of engineers creating antivirus signatures. The engineer will also be required to reverse engineer malicious code threats with the goal of creating antivirus signatures and custom reports detailing the threat’s actions. The position entails providing day-to-day technical guidance to other engineers on the team including provisioning work and ensuring deliverables are met.

The engineer will be required to create tools and systems to aid in reverse engineering malicious threats including file format parsers, unpackers, and system monitoring tools. In addition, the engineer is expected to remain apprised of current security trends and topics. This position may require weekend availability and the engineer must be able to work under high-pressure situations.

Qualifications:

• Degree in computer science or equivalent experience.
• Solid x86 assembly and C/C++ programming skills.
• Solid understanding of networking and Windows system internals.
• Experience in reverse engineering including using disassemblers and debuggers is mandatory.
• Knowledge of scripting languages such as Perl or Python is a plus.
• Relocation to Tampa Bay, Florida required. (Relocation assistance provided.)

Please email Eric Sites, CTO at eric at sunbelt-software dot com.

More jobs, including several senior .net programming positions, here.

Alex Eckelberry

Our Sunbelt building is mentioned in this blog post as part of a series entitled: “Real places recreated.”

That really is what our building looks like, and even the lobby is accurate.

Alex Eckelberry

(Back to the old format…)

Making XP Last
Not interested in switching to Vista now or in the future? Like XP just fine and want to keep it around forever – or at least for what passes for forever in the computer world? This article in ComputerWorld claims you can make XP last for the next seven years, and even better, shows you how to get many of Vista’s advantages on XP – even including cool “eye candy” features like Windows Flip 3D.

RIAA loses lawsuit – Bigtime
Although a few people have won their cases when lawsuits were brought against them by the Recording Industry Association of America (RIAA), in the past it still ended up costing them plenty to defend themselves in court. Now, for the first time, RIAA and Capitol Records have been ordered to pay the attorney’s fees to individuals who fought back and filed a counterclaim after being accused of copyright infringement. Read more about it here.

Official word on Vista support for Second Lifers
For those of you who participate in the Second Life web experience, the official blog from Linden (the company that makes it) last week noting that they are in the process of testing and validating support for Vista, and that generally the software works on Vista as long as you have a supported graphics card with the latest drivers. Here’s the web site showing the system requirements.

Cool new Windows Media Center features in Vista
Vista Home Premium and Ultimate editions include Windows Media Center, which lets you turn your PC into a digital video recorder (DVR) and entertainment center for your home. The Vista version of WMC has a number of cool new features. For instance, you can watch and record HD cable content without a set- top box if you have a PC with CableCard support.

Another welcome change: you don’t have to buy a DVD decoder from InterVideo or another third party vendor. Now DVD codec support is included in Media Center. And in keeping with making your Media Center more like an appliance (think TiVO), you can configure it to start up like a CE device and you can lock the Media Center session, so that users can’t exit to the regular Vista desktop.

How to change file associations in XP
Sometimes when you install a new program, it may change the file associations. For instance, if you install a graphics program such as PhotoShop, you might find that it is now the default program to open picture files like .jpg and .gif, even though you prefer to have them opened by the Windows Picture and Fax Viewer. Luckily, it’s easy to change the file associations so that files with the selected extension will open with the program of your choice. Here’s how:

1. Right click the Start menu and select Explore.
2. In Windows Explorer, click the Tools menu, then click Folder Options.
3. Click the File Types tab.
4. In the list of registered file types, scroll down to the file extension whose association you want to change and highlight it.
5. Click the Change button.
6. Scroll through the list of programs that can open the file type and select the one you want to use as the default. Be sure the box labeled “Always use the selected program to open this kind of file” is checked.
7. Click OK.

You can click the Browse button to look for the program if it doesn’t appear in the list.

How do I keep XP from connecting to wireless networks?
QUESTION: Last week I was traveling and discovered that my XP laptop was connecting to a wireless network without me doing anything. I’ve read about people getting in legal trouble for accessing wireless networks without permission, and besides I’m afraid of somebody hacking into my computer, so how can I make it stop this? Thanks. – Dana G.

ANSWER: The default is to connect to “any available network” and automatically connect to non-preferred networks, which helps to assure that you’ll get a connection if there is a non-secured network available anywhere in range, but it’s not so good for security (yours or the network owner’s). You should configure the wireless feature so that you’ll only connect to the network that you explicitly specify. Here’s how:

1. Click Start | Control Panel.
2. Double click Network Connections.
3. Right click Wireless Network Connection and select Properties.
4. Click the Wireless Networks tab.
5. Under Preferred Networks, click the name of the network to which you want to connect.
6. Click the Advanced button.
7. Click “Access point (infrastructure) networks only.” This will prevent connecting to ad hoc wireless networks, which could be run by anyone in range with a wireless-enabled computer.
8. Click to uncheck the box labeled “Automatically connect to non-preferred networks.”
9. Click Close, then OK, and close the Network Connections window.

Now your wireless laptop should be a little pickier about connecting to every network that comes along.

Troubleshooting DVD problems in XP
Having problems playing DVDs on your Windows XP computer? From choppy video quality to black screens and lost audio, this DVD Troubleshooter walks you through the steps of diagnosing and fixing the problem. Just click the link in the KB article to start the Troubleshooter.

Error message when trying to play older games on XP or Vista
Sometimes when you try to play an older game on an XP or Vista computer, you get an error message that says “Game requires administrative rights to play” or something similar. Or you may be able to play, but the game doesn’t allow you to save or open files. In other instances, the operating system may not recognize the game disc at all. Any of these problem can be caused by using a limited user account to play a game that’s written to require admin privileges. KB article 893677 provides workarounds for both operating systems.

IE7 stops working when you move the contents of the Temporary Internet Files folder
If you’re running Internet Explorer 7 on Vista and you move the contents of the Temporary Internet Files folder to a different location, IE may stop working properly (web sites don’t open). This is because the user permissions on the new folder aren’t set correctly. Luckily, there is a process for restoring IE 7 to working order (without having to move the folder back). For step by step instructions, see KB article 937828.

Until next week,

Deb Shinder

Many folks have told me that they refuse to upgrade to Vista because of its Digital Rights Management (DRM) technology that supposedly makes it impossible to play “ripped” music. DRM is a controversial subject; it’s not just content thieves who hate it. Many people who legitimately buy music and other protected content are outraged when they find they’re unable to play that content when and where they want after they’ve paid for it.

The biggest problem with DRM is that it takes a “guilty until proven innocent” approach to copyright protection. And that angers those customers or potential customers who have no intention of stealing, but just want to be able to fully use and enjoy what they’ve bought.

Last week, a new version of a popular DRM cracking tool was released that, according to reports, removes DRM protection from files without any degradation in the quality. This works on both XP and Vista. My friend George Ou wrote about it in his blog post.

Some folks are hailing this software as the solution to the DRM “problem” – but there’s just one minor problem with that: using it is illegal. Under the Digital Millennium Copyright Act (DMCA), which was signed into law in the U.S. by Bill Clinton in 1998, any act to circumvent copy protection is a federal offense. That’s true even if you don’t commit an actual copyright infringement.

Music companies, movie studios and other content providers, along with software vendors, keep trying to create “fool proof” copy protection systems but hackers keep finding ways to crack them. That leads the companies to impose ever more restrictive technology on their customers, and it turns into a vicious cycle. The thieves, who don’t care about breaking laws anyway, still manage to access the content. The ones who suffer are the law abiding folks who have to put up with increasing inconvenience and limitations on their legitimately purchased songs, movies or software.

I had one reader bring up an interesting theory. He thinks the availability of DRM cracking software could actually lead to more sales for content providers. He notes that after downloading the crack, he’s purchased a large number of songs because he no longer has to be afraid that he’ll spend the money and then the copyright protection technology will prevent him from playing them.

It sounds counter-intuitive, but it actually makes some sense when you think about it. Who wants to throw away money on something that you know from experience may not work? But if you know that you can rip out the DRM that causes the problems, you might indeed be more willing to pay.

Just as some people argue that privacy invasions are okay because “if you aren’t doing anything wrong, you don’t have anything to worry about,” those same folks will often tell you that DRM isn’t a problem unless you’re using stolen content or software. It would be nice if that were true, but ’tain’t necessarily so.

A case in point: I just spent several days struggling with a sudden problem involving my Nvidia display drivers freezing up on Vista. I’ll be writing about it here in more depth if/when I find a solution, but it seems to be the problem described in this forum.

At one point in the troubleshooting process, I was advised to download and install a certain update from Microsoft. Downloading it required going through the Windows Genuine Advantage verification process. No problem, I thought. My copy of Vista is legit and I’ve run WGA verification on it many times.

This time, though, I got a response that “This copy of Windows did not pass genuine validation. Either an unauthorized change was made to your Windows license or a software program installed on this computer is not currently compatible with Windows.” What’s up with that? This same copy of Vista has passed with flying colors dozens of times in the past. And there’s not a clue as to what change or software program is now causing it to fail.

DRM is far from perfect, and its imperfections are alienating a lot of people who might otherwise buy digital music. Some have suggested that it’s the overall attitude of the record companies, from imposing DRM hassles on their customers to instituting lawsuits through RIAA, that’s really responsible for slumps in sales and that the harder the companies try to exert dictatorial control over their customers, the more of those customers will desert them and turn to illegal downloading or just abandon digital music altogether. In fact, there is some evidence of the latter trend, in recent reports that sales of old vinyl albums and vintage CDs are actually on the rise.

What do you think? Are content providers and software vendors shooting themselves in the foot by adding more and more layers of copy protection to their products? Have you avoided installing Vista because of fears about the DRM? Would you buy more music if you didn’t have to worry about DRM restricting your use of it after you pay for it? Have you ever been denied access to Windows updates due to WGA verification failure even though you know your copy of Windows is legal? Would sales increase if companies just did away with DRM completely? Or are companies just doing what they have to do to protect their rights and keep dishonest people from stealing?

Deb Shinder, MVP

Didier Stevens shows how to easily reverse engineer malware if it’s written in AutoIt, a popular scripting tool. You simply unpack the malware and then run it through the AutoIt decompilation utility (exe2aut).

He ran a piece of malware through this process, and the result was some mildly interesting tidbits as the malware author’s code was exposed.

A higher quality video and more explanation is on Didier’s site.

Alex Eckelberry

TRUSTe suspends comScore for 90 days (announcing it just this Friday evening):

Earlier this month, after notification by several sources, TRUSTe undertook an investigation of a distributor installing comScore’s RelevantKnowledge on consumer machines through a security exploit. TRUSTe immediately launched an investigation, and with the help of Eric Howes and the team at SunBelt Software, and with the cooperation of comScore, was able to locate the exploit.

The blog post goes on to say that:

• The RelevantKnowledge application was observed being installed via a security exploit amongst several other applications. The following describes the series of events observed:
• The user visited an unauthorized distribution web site.
• A series of hidden frames were loaded containing links to dozens of other websites, including sites containing code designed to test and trigger security exploits on the user’s machine.
• by way of these exploits, a cascade of maliciously installed software was downloaded/installed onto the user’s machine without any form of consent. This software included RelevantKnowledge.

Link here.

Faithful blog readers will recall the taped interchange on this subject at the ASC Conference (here, go forward to 32 minutes). Listening to that interchange is elucidating.

Let us ponder the fact that this was through TopInstalls, and hence, a widespread exploit-based install, first observed in April by Ben Edelman and going on for at least two months.

Sunbelt’s Eric Howes is mentioned in TrustE’s blog entry, but Ben Edelman has also been a major contributor to the comScore watching.

Alex Eckelberry

Interesting stuff. Russian developers of MPack interviewed:

How do you get the exploits for MPack? Do you buy them?
For our pack, there are two main methods of receiving exploits: The first one is guys sending us any material they find in the wild, bought from others or received from others; the second one is analyzing and improving public reports and PoC (proof-of-concept code).

We sometimes pay for exploits. An average price for a 0-day Internet Explorer flaw is US$10,000 in case of good exploitation.

Is the project profitable?
The project is not so profitable compared to other activities on the Internet. It’s just a business. While it makes income, we will work on it, and while we are interested in it, it will live.

Of course, some of our customers make huge profits. So in some ways, MPack could be looked at as a brand-name establishment project.

Link here.

Alex Eckelberry

Interesting article on a spammer who agrees that “he’s going to hell”. But the substance is worth reading:

“Ed,” a retired spammer, built a considerable fortune sending e-mails that promoted pills, porn and casinos. At the peak of his power, Ed says he pulled in $10,000 to $15,000 a week, storing the money in $20 bills in stacks of boxes.

It was a life of greed and excess, one that preyed especially on vulnerable people hoping to score drugs or win money gambling on the Internet. From when he was expelled from high school at 17 until he quit his spam career at 22, Ed — who does not reveal his full name but sometimes goes by SpammerX — was part of an electronic underworld profiting from the Internet via spam.

“Yes, I know I’m going to hell,” said Ed, who spoke in London on Wednesday at an event hosted by IronPort Systems, a security vendor now owned by Cisco Systems. “I’m actually a really nice guy. Trust me.”

Link here (via popsci via ferg)

Alex Eckelberry

Video game battlefield
CNN reported last week that the Nintendo Wii is outselling both of its big rivals:

For serious gamers, the choice of a platform is an emotional subject, and it’s interesting that as with computer operating systems, consumers basically have three choices. However, unlike the Windows/*NIX/Mac contest, no one game system clearly dominates the market. And gamers seem more willing to quickly “jump ship” and switch allegiances if a competitor makes a better product. We want to see what our blog readers think; tell us which gaming system you think is the winner: Nintendo Wii, Sony Playstation3 or Microsoft Xbox 360. Leave a comment if you have a chance.

Visit unknown galaxies (virtually) that is
Want to help scientists analyze and classify millions of galaxies? Galaxy Zoo is a project seeking volunteers to view photos of galaxies online and look for patterns. You have to take a short test of your ability to recognize galaxy types and go through a tutorial, then you can sign on and start participating in the project. You’ll get to see pictures of places in the universe where no one has gone before. If you’re interested, find out more here.

Lightning strikes iPod users
Strolling in the rain, listening to your tunes, can turn out to be a dangerous pastime. There have been several reports of iPod users being struck by lightning, giving a new and ominous meaning to the term “shock rock.” The problem is that the devices conduct the electrical current and you can end up with major burns where the earphones, cords and device itself touch your body. Some victims suffered ruptured eardrums and possible permanent hearing loss. Ouch. And although most reported incidents cite iPods, any type of portable electronic device could cause the same injuries. Link here.

Network open cancellation tip
Got this great tip from John Roller: “Do you remember way back when you could hit CTRL+C to cancel an operation? Well, it’s back with Vista – sort of. Try to open a document on a network resource that it can’t find. In Windows XP, you were stuck until the OS decided it couldn’t connect. Vista allows you to hit cancel and it returns control back to you. If you’re at the command prompt, CTRL+C works again. Play around with it and discover the power.” Read more of John’s tips here.

Free Download of the Week
Love the Vista sidebar but wish you had more gadgets to choose from? Now you can create your own – sort of – without being a programmer. This freeware program allows you to turn web widgets on web pages, such as the Google Gadgets, into Vista sidebar gadgets or use them on the Mac OS X dashboard. How cool is that? Check it out here.

Deb Shinder