The Great Years: 2004-2010
One hundred and sixty million dollars. And that’s just the start.
A Senate panel on Thursday approved $160 million to pay for credit monitoring for veterans, one of many expected payments as the government struggles with fallout from data breaches crossing several agencies.
Link here.
Alex Eckelberry
(Thanks Catherine)
Ok, it’s more than most readers of this blog would care about, but it’s got some interesting material in there.
Checkmate magazine, link here.
Alex Eckelberry
Our Malware Research team is seeing the (recently patched) Microsoft MDAC RDS.Dataspace ActiveX vulnerability being exploited to install a backdoor Trojan on to user’s machines.
While attacks exploiting this vulnerability currently appear limited in number, the threat still exists. If you have not yet applied security patches from Windows Update within the past two months, you are putting yourself at serious risk for infection.
Adam Thomas
Malware Research
(Hat tip to our friends at MAD and Lance James at Secure Science Corp.)
Well, these are a dime a dozen these days. Some idiot loses his laptop and the result is a lot of people getting screwed.
Eckelberry Security Principle #1: If you don’t have the data in the first place, it can’t be stolen. Sensitive data is not for putting on to spreadsheets in plain text form and then traveling around.
Well, in this case, the FTC just lost two laptops containing highly sensitive personal information.
In a statement, the FTC said two employee laptops were stolen from a locked vehicle. The PCs contained data on about 110 people that was “gathered in law enforcement investigations and included, variously, names, addresses, Social Security numbers, dates of birth, and in some instances, financial account numbers.”
Link here.
This is really getting sickening.
Alex Eckelberry
Interesting stuff here.
After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also will be pointing newbies to this site whenever they write me saying “I don’t know where to start”.
Link here.
Alex Eckelberry
(Thanks Zoran)
This video is pretty wild. It shows a Comcast technician who came to a fellow’s house to fix his high-speed service, spent an hour on hold with his own company and fell asleep.
The state of customer service these days is awful, and this is one area where I hope we can make a difference. All of our products come with free toll-free support, 7 day email support, and you always get a person, not a bunch of buttons to push on your phone. Sorry, I know I’m plugging our company, but I’m damn proud of our support!
Alex Eckelberry
(Hat tip to BoingBoing)
This whole predatory pricing thing has been quite interesting. There are views all over the place.
I want to point everyone to Microsoft’s latest quarterly earnings:
Here’s where Microsoft makes its money:
| Client | 2,458 |
| Server and Tools | 882 |
| Information Worker | 2,257 |
| Microsoft Business Solutions | (20) |
| MSN | (13) |
| Mobile and Embedded Devices | (17) |
| Home and Entertainment | (433) |
In other words, Business Solutions, MSN, Mobile and Embedded Devices and Home and Entertainment were money losers. Information Worker (Office), Servers, and Client (primarily XP OEM), generated their profits.
Let’s look at what happened in the browser market: Microsoft killed Netscape. IE took over as the dominant browser. Within a few years, we had the massive attacks of adware and spyware. Coincidence? No. IE was an exploitable browser and it was suddenly the majority. Adware and spyware vendors took advantage of the monoculture of the browser space.
What about Access? Microsoft blew it out for $99 and killed Borland (my former employer). Then took over the high-end market with SQL. What happened? SQL gets slammed by worms and the effects have been horrendous. And how many security patches have we had with Access?
What about the Word viruses that plagued us years ago? These were horrific at the time, with whole companies being taken down.
Is a monoculture in security truly healthy?
Are we just whistling past the graveyard?
Alex Eckelberry
Finally!!!!!!!
Extortr promises to change the world of blackmail. Clearly on the web 2.0–type paradigm of
“Blackmail-As-a-Service” (BAS), they have created a new method that promises to revolutionize blackmail as we know it.
Link here (via Josh Spear)
Alex Eckelberry
(and yes, it is a joke)
Gary Warner, a steadfast volunteer who works on PIRT (the all-volunteer antiphishing group I started with Paul and Robin Laudanski), has some news to share of how well it’s going. It’s just incredible what’s happening out there — PIRT is really making a difference.
From an email from Gary:
Every day the PIRT Squad receives dozens of thank you notes from Brand Owners, Web Masters, and Network Owners, thanking us for letting them know about the Phish we have reported to them.
Do you know that NetCraft, who has an Anti-Phishing Toolbar used by tens of thousands of people to help protect themselves from phishing sites, says our team is #1 at reporting phish? This month we have notified them of 631 phishing sites that they have confirmed themselves to be phish. That is more than 40% of all the phishing sites confirmed by NetCraft for the month! (In May, we reported 1593 phishing URLs to them that they confirmed we were the FIRST anti-phishers to report!)
May was an INCREDIBLE month for PIRT. We produced 1143 separate PIRT reports on 1190 brand attacks against 90 different brands!
The PIRT Squad also went out of their way to help Companies, Churches, Governments, Schools, and even a Motorcycle Gang remove the phishing sites from their webservers and, in many cases, determine what vulnerabilities were used to place the files there originally so they could apply appropriate patches.
Every day the PIRT Squad recovers “Phishing Kits” and “Drop Email Addresses” through the cooperation of webmasters and network owners where we send reports. We share these files with our contact at the FBI.
You can find out more about PIRT here. Join up, help us out. It feels darned good to take down these sites.
Alex Eckelberry
Martin Taylor was a high profile exec with Microsoft. He was one of the key execs in fighting the open source movement and more recently, was a senior executive in Live and MSN.
He just abruptly left. Why? No one knows and Microsoft isn’t talking. Microsoft Watch wonders as well.
Why is this interesting? This was the guy in charge of the marketing battle against Google. It’s quite curious, especially since he was a very highly placed executive. No sabbatical, no retirement, no gold watch. Just “poof”.
Maybe he took Ballmer’s parking space by accident? Spilled his coffee?
AP story here.
Alex Eckelberry
(Thanks Catherine)
| Would you trust Microsoft’s client security (OneCare or ForeFront Client Security) to protect your desktop(s) versus a traditional antivirus product (Symantec, McAfee, Trend, Kaspersky, etc.)? | |||||||||||
|
|||||||||||
| Web Polls by Vizu | |||||||||||
Skip voting — just show me the results
Sunbelt Senior Researcher Patrick Jordan, who runs a popular antispyware website called webhelper4u.com, has had his website a DDoS attack. It’s from a trojan from Dollar Revenue.com!
As of June 16, 2006, I have been under a DDos attack from a trojan installer that DollarRevenue.com began using which was called from one of the Russian VladZone gangs sites and which with my current hosting company, I cannot block the attacks which in 3 days went over 125 Gig in bandwidth usage of my alloted 200Gig per month. They are putting url addressess to free web pages designed to load my sites pages as if they were images and with the use of a trojan from the VladZone and bundled in DollarRevenue.com infestations, I cannot and will not put all my time into fighting groups that have been running since 2003 and authorities around the world have not been able to stop.
Suzi at Zdnet blogs on this as well.
Alex Eckelberry
Given the fact that data protection measures in most places are sloppy at best, I question sharing this type of information in this manner:
Virginia’s public and private colleges and universities soon will be required to submit the names and Social Security numbers of tens of thousands of students they accept each year to state police for cross-checking against sexual offender registries.
Link here.
Alex Eckelberry
I don’t often write pieces lambasting Microsoft. I have close friends who work for the company (incidentally, some of the brightest people I know), my company is a Gold Partner and we’re also in business with Microsoft. And, I am one of those who believe that the computing world has actually been made a better place by Microsoft.
My beef is never with the people. My beef is with a number of strategic decisions that have been made by the company that should scare a lot of people. So please, to my friends at Microsoft, don’t take this personally. This stuff just needs to be said.
It’s bad enough that Microsoft is getting in to all aspects of security. But now they are going to kill their competition through predatory pricing.
What is predatory pricing? From Wikipedia:
Predatory pricing is the practice of a dominant firm selling a product at a loss in order to drive some or all competitors out of the market, or create a barrier to entry into the market for potential new competitors. The other firms must lower their prices in order to compete with the predatory pricer, which causes them to lose money, eventually driving them from the market. The predatory pricer then has fewer competitors or even a monopoly, allowing it to raise prices above what the market would otherwise bear.
We already know that Microsoft loses money on most of its business (it primarily makes money on the operating system). But now we see that Microsoft is endangering the entire security ecosystem with ruthless, Standard Oil-style pricing.
Start with OneCare: It is arguably a security suite, but just for the sake of simplicity, let’s just consider it an antivirus product. OneCare costs $49.95 for three PCs, an average of $16.65 per machine. (I’m going to ignore the fact that Amazon.com is blowing out OneCare at $19.95, or an average of $6.65 per machine—which is even worse — and Microsoft’s offer to its millions of OneCare beta testers all getting it for $19.95 as well.).
Let’s look at their price, versus the market leaders: Symantec and McAfee. Both of these companies have AV products that retail for $39.99. But they also have three-user offerings, at $69.99 (McAfee) and $89.99 (Symantec). Here’s what that looks like on a per-user basis:
| Norton Antivirus | VirusScan | |
| $30.00 | $23.33 | |
| OneCare price advantage ($16.66 per user) | -44% | -29% |
Incredibly, Microsoft has priced themselves almost 50% below the market leader, and no one has said a peep.
Now, let’s move to the enterprise side, specifically virus protection for Microsoft Exchange. Remember that enterprise sales are the bread and butter of companies like Symantec and Trend. This is where the money is made.
Examine the latest pricing for Microsoft Antigen, the old Sybari product re-branded under Microsoft’s new Foreforont line of security products. We see a per-user pricing for Antigen for Exchange of $.90 per month, per user, for a five-user shop.
The pricing in this case is obfuscated because Microsoft has gone away from the traditional industry model of charging a perpetual license fee and then annual maintenance. Instead, they charge a monthly price per seat. So you would need to multiply the number of months against an expected period of ownership (I’ve used two years for my examples) to do a comparison.
Let’s look at the prices of Antigen against three leading antivirus products for Exchange: Trend ScanMail for Microsoft Exchange, Symantec Mail Security for Exchange and McAfee GroupShield (these are the current market leaders in securing Exchange).
Here is how Antigen costs compared to the other security products, over a two-year period:
| Year 1 | Year 2 | Total | |
| Trend ScanMail for Microsoft Exchange | $33.0 | $13.2 | $46.2 |
| Symantec Mail Security for Exchange | $37.0 | $20.8 | $57.8 |
| McAfee GroupShield | $38.0 | $15.2 | $53.2 |
| Microsoft Antigen | $10.8 | $10.8 | $21.6 |
Or, looking at it another way:
| Trend | Symantec | McAfee | |
| Year 1 | $33.0 | $37.0 | $38.0 |
| Year 2 | $13.2 | $20.8 | $15.2 |
| Total | $46.2 | $57.8 | $53.2 |
| Antigen price advantage | -53% | -63% | -59% |
As we can see here, Microsoft has priced themselves over 60% less than Symantec, an astonishing difference in price. Microsoft has effectively low-balled the entire antivirus industry in one fell swoop. And their product includes five antivirus engines, not just one. This is even a price drop from Antigen’s former pricing (even several years ago, Antigen for Exchange prices started at $27.50 per user for the first year and then went down in volume).
But incredibly, it gets worse! Antigen for Gateways, which is designed to run off the Exchange box, is even less — a mere $.65 per user per month, or $15.60 over two years!
We don’t know what Microsoft plans to price Forefront Client Security, but one can assume from their pricing here, it’s going to be ruthless.
What should be disturbing about of this all is that we very well might see Microsoft owning a majority in the security space. Despite what their PR flacks tell us, they are hell-bent on getting your business. Look at the Forefront website for yourself. These people mean business. Maybe I’m jaded, as I’ve spent most of my career working for companies that got pummeled by Microsoft (Borland, Quarterdeck, etc.).
Stifling innovation? You bet. What venture capitalist will invest in the next great security idea or product? What entrepreneur will start a new company in the security space, given the risks of competing with Microsoft?
And it’s not just startups. For example, after Microsoft announced the acquisition of Giant Company, a senior executive at a major security company told me that they weren’t going to bother coming out with antispyware functionality, since Microsoft had already made that product free. While that company has since changed their mind, it was a chilling conversation.
It’s one thing that Microsoft has destroyed competition in browsers, languages, word processors, spreadsheets, presentation packages, and all the rest. In some cases, the competitors practically asked to be killed (for example, WordPerfect and Lotus both were laughably late in coming out with Windows support).
But it’s another thing to kill competition in the security space. Because the security landscape has changed. There is now a tremendous incentive to hack Windows, because there’s just so much money to be made by the bad guys. It’s free market economics — energy goes where there is a profit. So Vista will get hacked, there will be zero-day attacks, there will be evolving forms of viruses and malware. And Microsoft security products will be targeted. In a world where Microsoft has a hegemony on security, the implications may be far reaching, possibly to our own national security.
So what does the security industry need to do? Well, stopping Redmond in its march for world domination is for Microsoft’s own good. Destroying their own developer ecosystem is the worst possible thing they could do. After all, there’s always someone waiting in the wings to take over. I won’t suggest what I think should be done. But something does need to happen.
Alex Eckelberry
Usually we put our weekly TechTips section into one larger blog posting. However, with wireless fast becoming the easiest and most economical way to set up a home network, we figured we’d make this subject its own blog post. So here are some basic tips for securing your wireless router/access point and computers with wireless adapters:
Deb Shinder
Vista Corner
This is a new section we’ll be doing during the transition from XP to Vista. Each week we’ll tell you about a cool new Vista feature.
This week, I want to talk about the Aero Glass interface. It requires a supporting video card (my Radeon 600 series card works) but it gives your applications a very sophisticated look. You can adjust the transparency effect from completely opaque to completely transparent. The good thing is that, unlike some of the transparent window add-ons I tried for XP, and unlike the terminal window transparency feature in Mac OS X, only the window’s “frames” are transparent, so you can still read any text inside the window with no problems. To adjust the transparency effect, you right click the desktop and select Personalize, then click Visual Appearance. Here you can choose a preset color and transparency combination or adjust the transparency level using a slider bar.
What will you do without FrontPage?
As you may know, FrontPage is going away after FP 2003, and there there won’t be a FrontPage 2007 in the new Office. Microsoft will still support FP 2003, at least for now. And you’ll now have two different new Microsoft web design programs to choose from. SharePoint Designer 2007 is included with the Office 2007 public beta and as the name implies, it’s specifically made for creating web sites that run on SharePoint services. You can read more about it here.
For non-SharePoint sites, Expression Web Designer is part of the Expression family that also includes Express Graphic Designer and Expression Interactive Designer. Microsoft has released a Community Technology Preview that you can download and try out for free here.
You may lose settings after installing, repairing or upgrading
When you install, repair or upgrade Windows XP, you might lose some or all of your program settings and templates, as well as data stored in the All Users folder. That means you may find that you’re missing items from the Startup group, Start menu shortcuts, and files stored in the Shared Documents folder. This happens if you reinstall Windows in the same folder using the Upgrade option, use the “R” selection to repair Windows from the installation CD, or upgrade XP Home (OEM version) to XP Pro. To prevent this from happening to you, see KB article 312369.
How to set performance options in XP
You can use the System tool in Control Panel to change performance options and control how programs use memory, manually manage processor time allocation, and change visual effects to conserve resources so as to make XP perform faster. This can be especially helpful if you have a relatively slow processor and/or limited amount of RAM. Find out how by reading KB article 308417.
Search Companion starts when you double click a folder
If you have a problem where double clicking a folder or drive makes the Search Companion start and the the drive or folder doesn’t open, it may be because you’ve configured settings for other actions that are associated with drives or folders. To fix the problem, you can edit the Registry. For instructions on how to do so, see KB article 321186.
Deb Shinder
In this blog, we often take a look at how the Internet and related technologies have changed our world and how we live our lives. It’s been a long time since I had to endure the process of “pounding the pavement” to look for a job, but it’s a task many people face every day. Back in the olden days, finding a new job meant typing, retyping and re-retyping your résumé until it was perfect, mailing it out in response to ads and other leads, making lots of phone calls to your contacts within your field of expertise, and hitting the streets for interviews.
All of those activities are still part of the job hunting process, but today’s technology has wrought a number of significant changes. Whether you’ve just graduated with a shiny new degree, been laid off or fired, quit to pursue a more satisfying type of work or work environment, are making a mid-life career change or discovered retirement wasn’t all it’s cracked up to be and want to go back to work – whatever the reason you’re in the job market – modern technology can make job hunting both easier and more difficult than it was in the past.
For one thing, getting that résumé right (at least the formatting, if not the content) is simpler and less time consuming than it was before the advent of personal computers. Spell checkers help you avoid embarrassing mistakes, templates help you put it all together in a way that’s familiar and acceptable to employers, and you can even buy special software (some of it free or inexpensive, such as ResumeBuilder) that contain wizards to help you structure it in one of several different styles depending on your targeted employer. These programs can also publish your résumé to a web site, send it to a database of contacts, or even translate it into different languages.
Probably only our older readers will remember the suspense, hope and frustration of sitting by the phone, afraid of missing a call from a potential employer. Now most of us have cell phones so we can be reached wherever we go and voice mail for those occasions when we’re not immediately reachable. There’s no longer much danger of missing out on an opportunity because of a missed phone call.
Then there’s the process of finding those potential employers in the first place. Once upon a time, we were pretty much limited to classified newspaper ads and word-of-mouth from friends. If you were open to relocating, you might find job leads in a distant city by buying its paper or through professional trade journals/magazines. The Internet has changed all that. Web boards such as Monster.com and Craig’s List have job postings from all over the country and world that you can access easily. And because the cost of posting those ads is low or free, employers are more likely to advertise and the ads are more likely to be descriptive enough so you don’t waste so much time making calls only to find out you don’t fit the requirements.
The best way to get a job, though, is still through actually knowing someone at the company or in the industry. The Internet has made that easier, too – our circles of friends and acquaintances are no longer so limited to people in our own geographic areas. I have friends all over the globe who work in all sorts of different fields (especially my own, the tech industry). Many of them I’ve known and corresponded with for a decade or more; some of them I’ve also met in real life and some I haven’t. But I know many of them would be happy to help if I were looking for a job in their cities or with a company with which they were associated.
Of course, not all of the changes that technology has brought to job hunting work in the job hunter’s favor. Because everyone else has all this technology, too, there may be far more competition for a given position than there would have been before. And if you’re tempted to exaggerate your qualifications a bit, there’s a greater likelihood that you’ll be found out since computerized records and low cost global communications make it easier for employers to check out your references now.
Even if you don’t lie on your résumé, your past can still come back to haunt you electronically during your job search. Sophisticated Internet search techniques have made it possible for employers to go way beyond verifying where you went to school and whether you were really a vice president or just a janitor at the company you listed in your employment history. Many more companies now do fuller background checks using the Internet. A simple Google search on your name can turn up all sorts of interesting information that an employer might not think to ask about (or might even be prohibited by law from asking) in a job interview.
A couple of months ago (in the April 14 issue, to be exact), I did an editorial called “Online is Forever,” in which I talked about how some of the records of our online activities never go away. This promises to be even more of a problem for the generation that grew up with the Internet. I did my share of foolish things when I was young, but at least I didn’t do them on a public network where the whole world could see – and save copies with a simple right click.
This recent New York Times article that was reprinted in my local newspaper recounts how employers are looking up job candidates on social networking sites and other Web sources and dropping them like hot potatoes when they discover explicit photos, inappropriate comments and descriptions of drinking, drug use and sexual activities. Link here.
On the other hand, the right kind of online reputation can bring employers to you, even when you aren’t looking. Even though I’m happily self-employed, I’ve been contacted by recruiters from a number of companies (including big names like Microsoft) who want me to apply for their openings because they’ve seen my work and read about me on the Web.
Obviously, technology can work for you or against you in getting that dream job. What do you think? Overall, do the Internet and other high tech services and devices benefit job hunters or work to their detriment? If you’ve conducted a job search recently, did the ‘Net play a role? Have you ever lost (or gotten) a job because of your online reputation? Should employers be allowed to consider your “offtime” online activities in the hiring decision or is that an invasion of your privacy? If you’re in the position of hiring people, do you use the Internet to check out applicants?
Deb Shinder
A vulgar new worm has been found spreading that is taking advantage of the 2006 World Cup Soccer games. The worm arrives as an E-mail attachment with one of the following subjects and message bodys:
Subjects:
1. Soccer fans killed five teens
2. Crazy soccer fans
3. Please reply me Tomas
4. My tricks for you
5. Naked World Cup game set
6. My sister whores, shit i dont know
Message Bodies:
1. Soccer fans killed five teens, watch what they make on photos. Please report on this all who know.
2. Crazy soccer fans killed two teens, watch what they make on photos. Please report on this all who know.
3. I wait your photos from New York. I sent my pics where i naked for you. Please reply me. Linda Salivan
4. Nudists are organising their own tribute to the world cup, by staging their own nude soccer game, though it is not clear how the teams will tell each other apart. Good photos 😉
5. Emily Carr was an artist know for her prudery, but now the Portrait Gallery of Canada has aquired a nude self-portrait. View photos.
Upon execution, the worm copies itself to the following location:
%Sysdir%msctools.exe
Attempts to download additional malware:
http://couple{removed}.com/tumbs/dianaimg.exe
The worm also attempts to disable the following processes:
AVP32.EXE
AVPCC.EXE
AVPM.EXE
AVP.EXE
iamapp.exe
iamserv.exe
FRW.EXE
blackice.exe
blackd.exe
zonealarm.exe
vsmon.exe
VSHWIN32.EXE
VSECOMR.EXE
WEBSCANX.EXE
AVCONSOLE.EXE
VSSTAT.EXE
OUTPOST.EXE
REGEDIT.EXE
NETSTAT.EXE
TASKMGR.EXE
MSCONFIG.EXE
NAVAPW32.EXE
UPDATE.EXE
msctools.exe
The worm then uses a built-in mail engine to send copies of itself to addresses that have been harvested from the infected machine. The worm avoids sending itself to addresses containing the following strings:
temps
abuse
admin
webmaster
support
submit
service
sendmail
secur
samples
ripe
privacy
postmaster
panda
nothing
mydomai
mozilla
linux
kernel
inpris
icrosoft
ibm.com
google
example
contact
certific
borlan
berkeley
anyone
policy
apache
webmin
webmist
random
local
anonymous
addres
kaspersk
microsof
norton
symantec
virus
reply
report
Adam Thomas
Malware Research
We’ve known this for a long time, but now it’s statistically confirmed. At Tech Ed, Microsoft lavishes all kinds of food (much of it candy and junk) on the attendees. If you haven’t gone, it’s quite an experience — there is food everywhere. You could basically float through the show on a massive sugar high.
So, realizing that this show only had about 13,000 people attending it, here are the official food stats for TechEd:
But the health conscious where there in force. Salads and water were consumed:
Alex Eckelberry
(Thanks Scott, who got this off of Microsoft’s TechEd site for attendees)
