Explaining StolenIDSearch.com

Earlier this week, I threw up a quick blog about a new service, TrustedID’s StolenIDSearch.com. That blog post generated a regrettable amount of rancor.

Unfortunately, I was moving quickly and didn’t sufficiently explain all the details in that blog post. I’ve been deeply embroiled in the Julie Amero scandal and then flew to the ISOI conference at Microsoft. At the same time, I have to run a software company. So sleep has been at a premium and I rushed a few things I shouldn’t have — like that blog post. (I’m not whining — I love my hectic life!)

First of all, let me agree with many of the comments and say that that I don’t believe StolenIDsearch.com is a perfect idea. There are problems with this type of service, and they’ve been picked up by others and I won’t rehash the details. However, a lot of the issues mentioned have been addressed in a blog post by the TrustedID CEO here.

A little background from our side: Over the past couple of years, we’ve come across lots of compromised data. At first, we did a variety of things, like contact individuals whose identities had been stolen, sharing stolen credit card numbers with banks, and of course, cooperating with organizations like CERT and financial institutions. After a while, however, we came to the conclusion that there simply wasn’t a valid clearinghouse of this type of information.

Enter TrustedID, a company well-funded by some of the top people in Silicon Valley. The company’s mission is to provide credit-protection services for consumers, and they seem to be doing a good job of it. The CEO, Scott Mitic, is a former senior executive with Fair Isaac, an organization with a very strong record of consumer protection and privacy (one doesn’t get a job easily at Fair Isaac ). The rest of the staff at TrustID are serious professionals with excellent backgrounds, and as Scott puts it, “consumer privacy runs in their blood”.

So Scott contacted me about a new idea they had, which was to provide consumers a way to check if their credit cards had been stolen. The idea was a simple: You went to a highly secure site, entered your credit card number, and it came back with whether or not it may have been compromised. Along the way, they would display an ad for their credit protection service in order to fund the service.

Subject to our performing a due diligence on the company, we agreed to collaborate with a small amount of information sharing, We started cautiously, and, in fact, are still treading cautiously.

However, we know that the fundamental problem is an international clearinghouse is needed for stolen information, with involvement by reputable financial institutions and government agencies. At the conference last week, we met with other security experts on the matter, and I hope to see some progress in this area.

As for StolenIDSearch, we may continue to collaborate with them to a limited degree, as we do with many other security companies. However, we are focusing our major efforts on creating this international clearinghouse with other security and privacy experts — I believe this is a much better solution to the problem of stolen data.

Alex Eckelberry

Norwich school board meeting

The furor continues over the Julie Amero scandal. Last night, there was a school board meeting where administrators tried to calm parents.

At Tuesday’s school board meeting, Information Services Director Bob Hartz
sought to calm the public furor regarding Julie Amero’s Jan. 5 conviction for
exposing Kelly Middle School students to sexually graphic Web sites in
2004.

Link here.

Alex Eckelberry
(Thanks Walter)

Sunbelt Weekly TechTips #29

Vistabackup10009009123999Back up Your Entire Computer without Third Party Programs
The new Backup and Restore Center in Windows Vista is one of its nicest little known features. Along with the ability to create backups of your important files and folders, you can create an image of your entire computer, which can be restored in case of a hardware failure. You can back up to another hard disk, so it’s super simple to install an additional internal disk in your computer or connect a USB removable drive and do a backup to it. The backup process is quick – I backed up both my C: and V: drives, which contain Windows XP and Windows Vista and all of the programs installed on each, in under ten minutes. And you can continue working while the backup proceeds. For more info about Vista Backup and Recovery, click here.

Run virtual machines on Vista
The latest version of Microsoft’s desktop virtualization software, Virtual PC 2007, supports Windows Vista as either the host or the guest operating system. It’s currently in beta testing, and you can apply to participate in the beta program here.

Note that only Vista Business, Enterprise and Ultimate versions are supported. I installed the 32-bit version on Vista Ultimate. The download is a little over 28 MB and installation went smoothly.

How to Prevent Network Share Shortcuts from being added to My Network Places
A shortcut is automatically added to My Network Places on your Windows XP computer if you open a file that’s located on a share on another computer on the network. If you don’t want this to happen, you can change Group Policy to prevent it. Here’s how it’s done on a computer that doesn’t belong to a domain:

  1. Click Start Run and type mmc.exe. Click OK to create a new MMC.
  2. In the new MMC, click Console and select Add/Remove Snap-in.
  3. Click Add.
  4. Click Group Policy, then click Add again.
  5. Leave the default (Local Computer) and click Finish.
  6. Click Close, then OK.
  7. Expand User Configuration under Local Computer Policy in the left pane.
  8. Expand Administrative Templates, then expand Desktop.
  9. Right click Do Not Add Shares of Recently Opened Documents to My Network Places.
  10. Click Properties.
  11. Click Enabled.
  12. Click OK.

Windows Home Server: What will it do for you?
One of the more interesting products that debuted at CES 2007 earlier this month was Microsoft’s Windows Home Server (formerly known as Quattro or “Q”). WHS is expected to go into private beta testing in February. Meanwhile, consumers are wondering exactly what this product is supposed to do for them. The idea is to create a server for home networks that’s simple to use and will provide you with a centralized storage place for your documents, videos, photos, music and other files, easily accessible from all the computers in your home. You can read more about it on Paul Thurrott’s SuperSite.

Vista Family Pack Discount
If you have several computers in your home, you might wish there were a way to upgrade them all to Vista without having to pay the full price for the operating system several times over. Well, Microsoft has announced a “family pack” discount for those who buy a copy of Vista Ultimate, which will allow them to purchase two copies of Vista Home Premium at a discounted rate (expected to be somewhere between $50 and $99 each). The regular price for Home Premium is $239.

It’s also going to be easy to upgrade from one version of Vista to another (for example, from Home to Ultimate) because several versions will be included on the DVD, and by paying the additional licensing fee you’ll be able to install the upgraded version and use it immediately. Click here for more information.

Network Magic: A Caveat
Last week, we mentioned a product called Network Magic that makes it easier to set up your home network. Some of you wrote to say that although it works fine if you have a broadband Internet connection, but it uses a lot of bandwidth and it doesn’t do so well with dialup. So, based on reader feedback, we don’t recommend this product if you’re still connecting to the Internet with a modem. Also, run the trial version through its paces. One user reported intermittent network connection problems with his wifi connection (this could be a bug that’s going to be corrected).

Having problems with WGA validation?
If you I get a message that says “Windows Activation Required. Windows must be activated in order to determine if the Windows product key installed on this computer is genuine”, one known reason that this sometimes happens is because the Wpa.dbl file has been set to read-only. Try this:

  1. Click Start Run.
  2. In the Run box, type: attrib -r %windir%sytem32wpa.dbl
  3. Click OK

Or navigate to the wpa.dbl file in the System32 folder in Windows Explorer, right click the file and select Properties. On the General tab, under Attributes, make sure the Read-only checkbox is unchecked.

If this doesn’t work, check out KB article 916247, on how to use the WGA Diagnostics Tool to determine why the copy of Windows has not been validated:

Troubleshooting L2TP/IPsec VPNs in Windows XP
If you use L2TP with IPsec encryption to create a VPN connection on your Windows XP computer, for instance, to connect to your company network from home, there are a number of problems and issues that can come up. If you’re having problems or getting error messages on your VPN connection, check out KB article 314831.

XP stops responding if you log off when multiple users are logged on
You might find that, when more than one user is logged onto your XP computer with Fast User Switching enabled, when you log off, Windows hangs up with a black screen. This happens if a program is running in the context of another logged on user other than the one who logs off. The latest service pack should fix the problem, and there is also a hotfix available specific to this issue. To find out how to get it, see KB article 328934.

Deb Shinder, MVP

Vista is Here to Stay

It’s official: Vista is here to stay – at least, at my home/office. Those who follow this column know that I’ve been running the new OS on one of my workstations as the primary operating system since Beta 2, but I also had the XP machine downstairs on which I did a lot of my work. That was due in part to the fact that, much as I love the Vista interface, I wasn’t able to get more than two monitors to work with it on any of my computers, whereas XP happily ran my four monitor setup.

Last week, the downstairs machine was demoted (it goes into one of the small offices upstairs to be another file server) and I got a brand new Dell XPS for the downstairs office. This is Dell’s top of the line Dimension, and it’s a monster. The photos on the Dell site don’t prepare you for the sheer size of this computer – I had to do some reconfiguring of my desk arrangement just to fit it in. If you’d like to see it, check out the photos on my blog posts of January 16 and 21.

I ordered the XPS 700 back in December, but several days after placing the order, I received an email message from Dell Small Business saying there was a supply problem with the model I ordered, and my order was being changed to a new model, the 710. The main difference was that this model’s motherboard would support Quad Core processors. Well, hey, I’m not complaining about that. Delivery date was given as 01/23 – but it showed up at my door on the 15th. Can’t complain about that, either.

I wanted a system that would last me for a while, so I went with a Core 2 Duo 2.4 GHz processor and 4 GB of RAM. Normally when I buy a computer from Dell, I get minimal memory and buy additional DIMMs from Crucial to save money. In this case, it ended up costing less to get it with the full 4 GB installed from Dell. Go figure.

The case is pretty impressive; a sleek, futuristic style that sort of leans forward. When you first turn the system on, it sounds like a 747 revving up, but after it starts, it runs almost silently. Oh, and it has running lights so you can always find it in the dark. There’s a massive 750 watt power supply and enough bays for six hard drives and two optical drives. There are two x16 PCIe slots – something that’s hard to find on computers from major vendors, along with one x1, one x8 and three regular PCI slots. There are ten (count ’em: 10) USB 2.0 ports. I can throw away my USB hub! There are also two IEEE1394 (FireWire) connectors.

It came with a Geforce 7900 video card (more on that later) and a Creative X-Fi Xtreme Music sound card in addition to the integrated audio on the motherboard. There are front jacks for the headphones and microphone, which is handy. Of course, it also comes with a gigabit Ethernet adapter built in, and unlike some modern systems, also has a serial port and PS/2 keyboard and mouse ports just in case you have legacy peripherals.

The system came with a 250 GB hard disk and Windows XP installed on one huge partition. I didn’t want to upgrade or wipe out the XP installation, just in case there were any hardware compatibility issues with Vista, so the first thing I did was download the latest version of Partition Magic (8.0). Symantec, as usual, tried to drive me nuts. After I paid my money and received the serial number both on the web site and in email, when I ran the installation wizard and entered that number, I was told it wasn’t valid. However, I was given the option to continue anyway, and the program installed. The instructions also said I’d have to activate the software the first time I tried to run it, but no activation request appeared. Oh, well. PM itself worked fine and I resized the partition to half its original size and created a new one, on which I then installed Vista Ultimate RTM. The installation went much more quickly than it has on any other system, and soon I was booting into Vista.

Next came the real test: multi-monitor functionality. I opened up the case and got a look at the guts of the thing, which were also impressive (there are “inside the case” photos on the blog site, too). Putting the second video card in was simple – no screws required; you just pop back the plastic clips holding the tops of the cards, slip it in, and pop the clips back. The second card was a Geforce 5200 GS that I’d bought to try to get Vista Aero on three monitors working on my other Dell, with no luck. This time – because it has the same chipset and uses the same driver as the primary card – the third monitor worked great.

I decided before I moved the new system from the workbench to its new home under my desk, I’d add some more storage capacity. Here’s where I saved money by doing it after the fact. Adding a second 320 GB hard drive with Dell cost $170. I picked up two 320 GB drives at Fry’s for $89 each. So now I have almost a terabyte of disk space.

As with the video card, installation of the hard drives was a breeze. Dell had already run power cables and SATA cables to the three empty internal drive bays, and again, no screws were required to put the drives in place. You just slide a holder out of the bay, pop the drive into it, and slide it back in. Attach the connectors, and you’re good to go.

Well, almost. When I booted the computer and went into Vista, all the drives showed up in Disk Manager. I partitioned and formatted them, then shut down the machine and moved it to my desk. I attached all my monitors and USB devices and other peripherals, powered it up, and – nothing. Oh, the Dell boot screen came up, but no Windows. Oops. Went into the BIOS and discovered that only one hard disk was set to “on” and it wasn’t the original one on which Windows was installed. Turned them all on, and everything was back to normal.

Setting up a new primary workstation is always a fun but anxiety-ridden experience. After all, this is where I’ll “live” for many hours a day for the next year or two. It went quickly this time; software installation was fast – in part because I didn’t need to install nearly as many third party utilities since so many functionalities they provided in the past are now included in Vista. And thanks to the speed of the machine, software packages I did install went on quickly. Microsoft Office 2007 installed in a matter of minutes, far faster than on the old machine (which is, itself, pretty powerful).

Despite one minor physical setback – I twisted my back crawling around under the desk, connecting all those cables, and could barely walk for a couple of days – the experience was a rousing success, and most of the small problems with Vista that I encountered on the old machine are now gone. I’ll be having lots more to say about Vista and new applications that run on it after the official release at the end of the month.

If you’ve bought or built a new computer recently, and if you’ve installed Vista on it or on your older system, tell us about your experiences.

Deb Shinder, MVP

Forensic expert on Amero case talks publicly

Herb Horner, the forensic expert called in to testify on behalf of Julie Amero, has spoken out.

During the copy process we received several “Security Alerts!” from our antivirus program. We analyzed the activity log and noted that there were spyware/adware programs installed on the hard drive. We ran two other adware/spyware detection programs and more spyware/adware tracking cookie/programs were discovered. Out of the 42, 27 were accessed or modified days if not a month before October 19, 2004. We also noted that there was no firewall and there was an outdated antivirus program on the PC. The PC was being tracked before October 19, 2004 by adware and spyware.

We examined all internet related folders and files before October 19, 2004, during October 19, 2004 and after October 19, 2004. Most significantly, we noted freeze.com, screensaver.com, eharmony.com and zedo.com were being accessed
regularly.

On October 19, 2004, around 8:00 A.M., Mr. Napp, the class’ regular teacher logged on to the PC because Julie Amero being a substitute teacher did not have her own id and password. It makes sense that Mr. Napp told Julie not to logoff or shut the computer off, for if she did she and the students would not have access to the computer. The initial user continued use of the PC and accessed Tickle.com, cookie.monster.com, addynamics.com, and adrevolver.com all between 8:06:14 – 8:08:03 AM. During the next few moments Julie retrieved her email
through AOL.

http://www.hair-styles.org/ was accessed at 8:14:24 A.M., based upon the hair style images uploaded to the PC we were led to believe that there were students using the computer to search out hair styles. The user went to http://www.crayola.com/ at 8:35:27 A.M. The user continued accessing the original hair site and was directed to http://new-hair-styles.com/. This site had pornographic links, pop-ups were then initiated by http://pagead2.googlesyndication.com.

There were additional pop-ups by realmedia.com, cnentrport.net, and by 9:20:00
A.M., several java, aspx’s and html scripts were uploaded. A click on the
curlyhairstyles.htm icon on the http://www.new-hair-styles.com/ site
led to the execution of the curlyhairstyle script along with others that
contained pornographic links and pop-ups. Once the aforementioned started, it
would be very difficult even for an experienced user to extricate themselves
from this situation of porn pop-ups and loops.

All of the jpg’s that we looked at in the internet cache folders were of
the 5, 6 and 15 kB size, very small images indeed. Normally, when a person goes
to a pornographic website they are interested in the larger pictures of greater
resolution and those jpgs would be at least 35 kB and larger. We found no
evidence of where this kind of surfing was exercised on October 19, 2004.

More here.

Alex Eckelberry

Norwich schools have a p0rn history….

Frank Krasicki, a teacher (who actually has taught in Norwich in the past) has been covering the Amero scandal on his blog, and he’s pissed.

And now he’s found out something pretty interesting:

I just searched the Bulletin for the word porn and came up with two hits that indicate that in June of 2004 the Griswold Middle school had children printing out graphic materials and that hard drives were seized containing pornography.

In fact there are so many porn stories during that period it looks as though it were a local cottage industry.

This indicates that both the public, the school board, the authorities, and the law KNEW there was a problem in Windham long before Julie Amero set foot in a classroom. For the responsible parties this suggests criminal negligence in not upgrading EVERY school’s anti-virus and anti-piracy software. Furthermore, by not providing policy guidance, procedural steps to take, and so on EVERY TEACHER in Windham county was being put at risk.

IMO, Norwich is going to have a LOT of explaining to do.

Good for you Frank.

Folks — this issue has still failed to get national media attention. If you have friends in high places, now is the time to alert them to this travesty. They can contact me or others covering the case. We need to get major people involved here.

The appeals process is not a certain one, and there’s a real chance she’s going to prison. And that would be a disaster for a whole lot of reasons.

Alex Eckelberry

Correction: As Dean writes: The Griswold Middle School, cited in the June 04, 2004 Norwich Bulletin article Mr. Krasicki mentions, is in Rocky Hill, CT, a suburb of Hartford located about forty miles from Norwich.

Heads up: Storm worm getting nasty

This “storm worm“, as it’s being referred to colloquially, is quite nasty and there is activity out there on this one. Also, F-Secure has reported that it’s started using rootkit technology.

Using email as an infection vector, it uses current events in the subject line, as F-Secure describes:

  • Russian missle shot down Chinese satellite
  • Russian missle shot down USA aircraft
  • Russian missle shot down USA satellite
  • Chinese missile shot down USA aircraft
  • Chinese missile shot down USA satellite
  • Sadam Hussein alive!
  • Sadam Hussein safe and sound!
  • Radical Muslim drinking enemies’ blood.
  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
  • U.S. Southwest braces for another winter blast. More then 1000 people are dead.
  • Venezuelan leader: “Let’s the War beginning”.
  • Fidel Castro dead.
  • Hugo Chavez dead.
  • And the attachment names are:
  • Video.exe
  • Full Video.exe
  • Read More.exe
  • Full Text.exe
  • Full Clip.exe

There are other .exes it will use. These type of attachments are always a security risk, and blocking them is just a fine idea.

Alex Eckelberry
(Hat tip to Ferg)

Podcast: My interview on ComputerAmerica

Last Wednesday, I was on the national Computer America radio show discussing the Julie Amero case. Some of you asked for the podcast, and there is one available, but it’s full of commercials. I received gracious permissions from the show to edit it down a bit, and you can download the podcast here.

I was on the show with Steve Bass of PC World and Carey Holzman, who was hosting the show that week. It starts up with a mention of some Google searches I did while on hold to help a listener, and then Steve Bass introduces my story.

Alex Eckelberry

My editorial on the Amero case published

The local paper in Norwich has published my opinion piece on the Amero case.

When I first read of the case, my reaction was how illogical it all sounded: A middle-aged, substitute female teacher accessing porn on a classroom computer, in front of her students on one particular day? It made no sense.

Then I read on to find out the forensic examination of the computer clearly showed this machine was an old, poorly maintained system, riddled with spyware, without adequate protections in place, and it all became clear. Amero is the victim, not the perpetrator.

They did edit it a bit and it’s actually an earlier draft of the final, but the major gist of the storey is there. You can read the editorial piece here.

Note that the data I presented in the editorial came from Julie’s own testimony at the trial, information from the expet witness, along with actual forensic evidence (which I have reviewed parts of), and information from the defense. A later draft that I sent to the paper made my sources more clear (the edit did not make the final publication). The forensic evidence and expert testimony showed clearly that after a visit to Crayola.com, someone went to a site about hair styles which loaded a javascript that spawned popups. You can argue whatever you want, but it physically impossible to say that Julie “clicked on those links” from the physical evidence.

There’s so much more emerging on this case. I will likely interview Julie Amero and the expert witness this weekend, so watch this space for more.

Alex Eckelberry

Teacher rallies to Julie Amero’s support

Great blog post.

The teacher’s unions and every self-respecting citizen in this country should petition that this verdict be thrown out and that the school administrators who failed to help her turn off the computer be fired. If the judge in this case was derelict in duty then the State needs to take a hard look at what’s going on in the justice system in Norwich as well.

Link here.

Alex Eckelberry
(Thank Walter)

Spyware maker’s sick, dark humor

Cefalo46540006664

From Francesco, in our spyware research team:

Here’s a screenshot from one of the sites from the “Ricercadoppia/Lowzones” spammers/hidden dialers installers.

Coprocefalo literally means “sh*t” (copro) “head” (cefalo) and “zombie maker”. Iit’s pretty obvious what it means, especially since their trojan infector that allows them to send spam creates the file “cefalo.exe”.

In the past, this group has also been seen installing the Zango toolbar (and we suspect they may still be doing that).

Alex Eckelberry

Remember…

Remember Steve Jobs’ quote about Apple as “musicians and poets and artists and zoologists and historians who also happened to be the best computer scientists in the world”? That’s his old quote about the Macintosh team, and it’s one of my favorites (I admit to being a bit nostalgic about the old days, when the software business was not a fashionable post-MBA career, but often a world littered with freaks, oddballs and some of the brightest minds you could find).

You can see the difference between the two CEOs of Apple and Microsoft. Here, Ballmer laughs about the iPhone’s high price in this video (via):

Jobs, on the other hand, practically conjures up magical genies and phantasmagoric images with his presentation of the iPhone. Incredible salesmanship? Yes. But the entire presentation is soaked with Jobs’ extraordinary vision.

Say what you want, but the difference between the two companies can be quite striking. No, I’m not bashing Microsoft. My only point is the difference in style (and it’s worth noting that despite all the grumblings about Microsoft, they have some of the best engineers and developers in the business).

I won’t be going out to replace my PC anytime soon with a Mac. But that iPhone… boy, that is interesting

Alex Eckelberry

Update on Julie Amero case

More information is coming out about the trial, and it’s clear that we have a miscarriage of justice here. I hope to write more today or over the weekend as to some of the new information (short on time right now).

However, Altnernet just posted an article which explains a lot more about this case. It’s generally accurate, based on the research I’ve been doing:

When lax cybersecurity meets anti-porn hysteria, an innocent computer infection can land you in jail. Just ask Julie Amero, a 40-year old substitute teacher who maintains she’s a victim of a malicious software infestation that caused her computer to spawn porn uncontrollably.

Alternet also spoke to the defense’s forensic expert, Herb Horner. I’ve spoken with Herb as well, and he’s a good guy and is absolutely devastated by what happened. He’s quoted in the article:

“This whole trial was so unfair,” Horner said. “When Julie was convicted, I went home that night. I was eating dinner, and I started crying. I just cried my eyes out. This was a total travesty of justice.”

He’s right.

Alternet link here.

Alex Eckelberry

I am NOT gloating: I repeat, I am NOT gloating

Consumer Reports pulls car seat report due to flawed methodology.

NHTSA that raised questions about whether the tests conducted by the non-profit group accurately simulated the conditions they were supposed to.

“Our initial review of the Consumer Reports testing procedures showed a significant error in the manner in which it conducted and reported on its side-impact tests,” said NHTSA Administrator Nicole Nason in a statement posted on the agency’s Website.

If you’ll recall, last year a number of people in the industry had serious concerns about Consumer Reports’ testing methodology for spyware and viruses. Their antispyware testing was, bluntly, laughable.

So, how many consumers will continue to be misled by CR’s testing methodology? I know I get comment storms from CR supporters, but we know of so many flawed tests — everything from hybrid cars, cat food, cameras and flipping Suzukis. I would postulate that the reason for their problems is that the organization fiercely believes in its independence, which means that they may not consult with industry experts who know more about how to test their own products than the testing organization itself. There is bias. There is also expertise. The two can be mutually exclusive.

Alex Eckelberry