Network Defend

Business Online Banking Safety: A strong recommendation from the FBI

2012-01-30T23:00:00.006-07:00

I present two topics on this subject for your reading pleasure.

1) Why small and medium business owners should be concerned about online banking, and what action steps the FBI, US Secret Service, the Internet Crime Complaint Center and the FS-ISAC recommend you take to reduce your risk exposure.

2) The specific steps for one method to lock down a secure workstation along with how you should use and respond to alerts once that machine is configured for safe use.

Unsafe Online Business Banking

Some time ago a recommendation by the FBI and the Banking Association was circulated to small and medium business owners. It never received much attention from press, but should have.

Banking fraud on business accounts has become rampant. Aside from insider crime, it's happening when the workstation you use to conduct banking via your browser is infected with malware that captures your account log-in credentials and transmits those credentials to an Internet server run by criminals. (It can also happen if you fall for email phishing attempts, but that's another story for another time.)

The really nasty part is if your computer -- the one that you used to access your bank -- was infected then the bank that serves your business accounts may not be willing (and depending on the judge, you might not succeed in compelling them) to cover your losses if criminals drain the account dry.

Go on now please, read this article. I'll wait . ..

Information Week: Who Bears Online Fraud Burden: Bank Or Business?

Back? Onward to the details then.

Here is the FBI press release:
Fraud Advisory for Businesses: Corporate Account Take Over
(Opens in new window, PDF format.)

Excerpts:
Cyber criminals employ various technological and non-technological methods to manipulate or trick victims into divulging personal or account information. Such techniques may include performing an action such as opening an email attachment, accepting a fake friend request on a social networking site, or visiting a legitimate, yet compromised, website that installs malware on their computer(s).

And

Minimize the number of, and restrict the functions for, computer workstations and laptops that are used for online banking and payments. A workstation used for online banking should not be used for general web browsing, e-mailing, and social networking. Conduct online banking and payments activity from at least one dedicated computer that is not used for other online activity.

In short, they are telling us that the risk of malware on a business computer that is used for both online banking and normal web surfing has become too high to afford.

Their recommendation is that you set aside a special workstation that is ONLY used for online financial transactions, to known safe web banking addresses, and that it NEVER be used for email or web surfing anywhere but at your banks.

Do that, plus more:

I'm going to take that a step further and outline how you can further lock down any workstation to mitigate the risk of infection. This method works at home or work and - if your IT department does not already do it -- you should insist they consider the method.

Of note is that this works best with Windows 7, any flavor (Home, Pro, Ultimate).

1) On the designated workstation (or on all workstations if you want to increase safety for all users) create an Administrator account and grant it Administrator access in the Users Control Panel. I don't recommend you name the account Administrator. Call it some variation of AdminXYZ - make it unique to your company. This account MUST have a password, and if you feel safe in your office and trust your peers then it doesn't really have to be a super secure password, but of course . . . I do recommend you consider a strong password. If this is for a local domain, you should create a shared domain account and grant it local administrator permissions on all the member client workstations, but NOT on the server.

2) If you are setting up a new machine, install ALL your required software from that Administrator account. At a minimum, get decent Anti-Virus protection installed at this point. You should also make sure the operating system is fully patched through current critical updates and service packs. Finally, in Windows 7 at least, turn on Automatic Windows Updates and turn on the setting to "Allow All Users to install updates on this computer."

3) Log in as AdminXYZ and create your user accounts. Be certain to make the regular user account - the one you will use for work - a "Standard User." If your user accounts already exist, get into the Users Control Panel and DEMOTE all other users to "Standard User." Don't demote the AdminXYZ account . . . bad things may happen.

4) Open User Account Control Settings and make sure the slider is set to the highest level. I know you'll hate this, and you might have to back off a notch if you're running very old applications on Windows 7, but at least for your financial workstation this should be a requirement. For others, the second or third notch from the bottom may suffice.

5) That's it. When you use your workstation, always log into the machine with your normal user account. Only use the AdminXYZ account when you need to install something, or update an application.

Now if you do this on Windows 7 - there's a very cool feature that makes doing an occasional application update relatively easy. When you get the notice that your update requires permission, you'll be presented with the option of entering in an Admin account and password. No need to log off or switch users, Windows 7 will open a shell under that admin account to run the update. Other applications (like your browser) that are open will still be protected by your limited access account.

Usage and preventing social hacks to your system:

Once you have this setup correctly - use your system as recommended for its role. If this is the workstation from which you will access your banking/credit accounts then I strongly recommend you restrict its use as described by the fraud advisory notice I linked above. If this is your normal workstation, then practice safe surfing and smart email habits. Otherwise use as normal for your work.

Once a month or so you might see a request for admin access pop for Windows Update. You might also see such an alert for other updates to your specific applications.

If you know you are updating something, it's generally okay to grant that permission.

But here's where the protection kicks in. In almost every case if you inadvertently land on a malicious website, or open that ill-advised email hosting a virus, you'll see this alert asking for admin level permissions pop up in your face.

Stop!

Think!

Terminate that sucker!

Be mindful of what you're doing when that alert pops. You KNOW you were not installing something. If you see that alert while browsing the web, you can be certain it's something uninvited trying to install itself. But you've got your system set to TELL you before it happens. Click NO. Close your browser or email, and don't go there again.

There are some viruses that can still cause minor damage on a protected account though, what about those?

If you suspect/know that your limited account has been compromised, and you did NOT allow the infection admin access (you did say no to that alert, didn't you?) then the virus is restricted to your profile. Here's what to do:

Restart the machine.

Log into the AdminXYZ account - NOT your user account.

Run a full anti-virus scan and let it clean things up.

Now try logging into your account, should be in good condition again. If not, then you might have to backup all the documents under the infected profile, erase the profile, and restore the data. So far at least - in those rare cases where something does infect a profile on a prepared workstation -- this method has prevented me from having to completely reformat and reinstall the infected operating system on that workstation.

Colorado Secretary of State launches password protection for business filings and reports

2012-01-26T11:30:00.004-07:00

In April last year I wrote about a serious deficiency in the system used by the Colorado Secretary of State for businesses that use their online service to register with the state and to file annual reports.

I have good news, and bad news.

The good news is that as of today you have the option of securing your business registration with the State of Colorado with your email address and a password.

In May 27, 2011 Bill HB-1095 was signed, allowing the Secretary of State’s office to implement a password protected business filing system.

On January 26, 2012, the Colorado Secretary of State announced that the "Secure Filing" system is up and running.

Here is the state's description of the password system:
Colorado: Secure Business Filing

And instructions for setting it up plus a short FAQ:
Colorado: Create a Secure Business Filing Account

Colorado: Secure Business Filing FAQ

All good and - while overdue - appreciated.

Now the bad news.

I'm sure arguments raged over the conference tables on this topic, but the fact is they've gone and rolled this out the wrong way.

First, it's optional. You can ignore this feature and bet that you're not enough of a target to be worried. That might be a very expensive mistake.

I never saw any notification of this new feature, beyond their website. Which I - like most of you - only check when it's time to file my annual report.

So here's the problem as I see it. Someone is going to go after their target by filing an amendment (same problem of Corporate ID Theft as before) to change your business address of record. Then they'll have the state send the PIN notification that starts the conversion of your "open" account to a secure account system -- to that address they just used to update your record. Now the crooks OWN your account with the state, and I would imagine it might be painful, time consuming and perhaps expensive to wrest control back to you should this happen.

What they should have done is make this mandatory, by mailing out snail mail with temporary accounts/passwords to current record holders.

Since they did not, it's up to you to act fast and get your registration with the state locked down before the ID thieves do it to for you.

Disable PCAnywhere from Symantec / Norton

2012-01-25T16:08:00.001-07:00

If you have Symantec pcAnywhere installed on any of your workstations or clients, Symantec would like you to disable (or at least patch) it immediately to protect your system from attack.

They are supposed to contacting all known registered customers about the issue, but I know that many people might not have updated their contact info with Symantec in the last few years -- and may not get the notice.

What happened?

Short answer, the source code for part of this product was stolen by hackers and may be used to reverse engineer an active exploit into any systems running pcAnywhere.

From: Symantec tells customers to disable PCAnywhere
PCAnywhere 12.0, 12.1, and 12.5 customers are at increased risk, as well as customers with prior, unsupported versions of the product, according to Symantec.

More info:
Symantec: Anonymous stole source code, users should disable pcAnywhere

Symantec Web Site: Claims by Anonymous about Symantec Source Code

Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.
Based on our analysis, the Norton Antivirus Corporate Edition code in question represents a small percentage of the pre-release source for the Symantec AntiVirus 10.2 product, accounting for less than 5% of the product.

The Symantec Endpoint Protection 11 product – which was initially released in the fall of 2007 – was based upon a separate code branch that we do not believe was exposed. This code branch contains multiple new protection technologies including Heuristic Protection, Intrusion Prevention Security, Firewall, Application Control, Device Control, Tamper Protection, redesigned core engines, as well as our Symantec Endpoint Protection Manager (SEPM). Customers on Symantec Endpoint Protection 11.x are at no increased security risk as a result of the aforementioned code theft.

[and]

Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product. pcAnywhere is also bundled with numerous Symantec products.

Disable pcAnywhere

Safest and Easiest Method: Uninstall the product, be sure to save your product keys for later re-installation once the program has been patched.

If you have to have it regardless: Be certain you are on version 12.5 and use LiveUpdate to get the most recent patches as of today.

Expert Level: Disable the service from starting automatically with your system and turn it off for now until patched.

Detailed and specific information is available for administrators on Symantec's blog.
Important Information on pcAnywhere

Important!

More patches for V12.x are forthcoming from Symantec. My personal advice is to not use pcAnywhere until those patches are delivered. I'll keep this post updated as they roll out.

Future customers considering pcAnywhere. There are competitive alternatives if you need this functionality now, or wait for version 13.

A note to various print driver and PDF print driver developers

2011-06-06T12:34:00.000-06:00

A short rant:

I and my clients are NOT going to withhold service packs and critical security patches for modern Windows clients (read: Windows 7 x64 SP1) just so your poorly written print drivers will install and run in a stable manner. Crashing the print spooler service leaving all installed printers unusable without a reset is not acceptable.

I'm looking at you Adobe PDF and Nova PDF . . .

Instead, we will look for compatible substitutes from your competitors. Once we change to those alternates, it's highly unlikely that we will EVER return to your products in the future.

Get it right, or lose our business!

'nough said.

Protect your company - Colorado has almost zero protections against someone editing your state business records

2011-04-02T19:09:00.003-06:00

Update January 26, 2012: Colorado now has the option to lock down business registrations.

Almost zero . . .

In the State of Colorado the principle/owner of a business can create a corporation online, file amendments, corrections to contact information and annual reports.

It's nice to have that ability online, and the fee's for filing over the Internet are substantially lower than filing by paper.

But, and this is a HUGE BUT: there is no way to password protect your ability to alter your records.

This was exposed half a year ago, one very good write up about the problem was posted on ComputerWorld: Colorado warns of major corporate ID theft scam (Link pops a new tab or window.)

Seems like a good time to revisit the problem given my feelings about a potential scam snail mail solicitation received today.

So what should a business owner or principle do to protect their corporate ID in Colorado?

Buried within the sage but overly general advice on protecting your business posted by the Colorado Secretary of State is the one thing you can do to be notified when your corporate record is altered: add your email to their notification list.

Here are the steps:

1) Get thee to http://www.sos.state.co.us/pubs/business/ProtectYourBusiness/protectyourbusiness.htm

2) Click the left upper link offering to "Subscribe to E-mail Notification Services"

3) Click the first link under the heading: "E-mails specific to a business organization record" entitled "Click here to subscribe to e-mail notification regarding a specific record"

4) This brings you to a search page, you can either enter your state ID, or search on your business name. After entering your search criteria, click the Search button.

5) Click the ID Number of YOUR business from the list after doing the search.

6) This brings you to a summary page of the business record. Find and click the link at the bottom that states: "Subscribe to E-mail Notification Regarding this Record"

7) Enter a valid email address and click the Subscribe button.

8) Within the hour (after I tried this it took about 50 minutes) you should receive an email from the Colorado Department of State (entity.subscribe@sos.state.co.us) confirming the subscription.

. . .

This is just WEAK. Complex steps to subscribe, no real security. No way to verify anyone's identity. Oh sure, it's a felony to misrepresent yourself on the states website, but since when has that stopped the criminals?

Corporate Controllers Unit - Scam Smelling Snail Mail

2011-04-02T16:52:00.008-06:00

Scam? Spam? Both? I got some snail mail today from an organization calling themselves "Corporate Controllers Unit" or the initials "CCU" offering a very expensive service: for the low low fee of $225 per year they will file my company's annual report with the state where I do business.

This report costs me about 10 minutes of time and a $10 fee when I file directly with the state.

The envelope looks like an official mailing. So does the letter inside, filled with legalese threatening dire things unless you file on time. Thankfully the fine print at the very bottom lets you know it's "just" a solicitation.

Couple of other clues. The organization uses a PO Box. A search on the web does not find any contact info, but it does bring up about six pages of the same couple of articles touting their service via spam blogs. Someone hired a blackhat SEO agent to market their stuff.

My advice: save your money and your sanity. Companies should file directly with the state as they have in the past.

My suspicion: this might be an attempt to steal your companies ID.

Update: This smells more like a scam the more I don't see . . . let me explain:

I cannot find anything on this company at all, other than the aforementioned spam blogs re-posting the same few articles over and over. No contact info, no phone, no web site, just the PO Box. And I think my Google-Fu is pretty darn good, thank you. If it was out there, I would have found it by now.

Other than the comments below, I've gotten calls from two of my clients and one of my business partners asking my opinion - they also received one of these in the mail today.

Update 2: Remember I said 6 pages of search results? That was 4 hours ago. Something fishy is up, because the returned results as of this update (8:30 PM Saturday night) presents over 29 pages now, and except for this blog the results are all the same couple of articles over and over on different odd domain sites.

Update 3: Denver Channel 9 posted this article at 7:27 AM MDT Monday April 4.
State warns of potentially misleading letters (from Corporate Controllers Unit)

Update 4: Denver Post finally listed an article with more information, including a quote from the Attorney General that this is most likely a scam.
"Gessler warns businesses, non-profits of "deceptive mail solicitation" (from Corporate Controllers Unit)

.

Multiple Java Updates Installed == Vulnerable!

2011-01-20T13:19:00.002-07:00

Update: We're now up to version 6.30 . . . and Oracle has added a page in the Java site to assist with removing old versions.

Over the last year security researchers have been tracking a major rise in the use of Java exploits to plant malware on unsuspecting users. Many of them have blamed security vulnerabilities in IE or (pick your browser) . . . and truth be told that's still going on too. But the big surprise is that Java exploits are eclipsing "plain jane" browser exploits, across all browsers and in some cases across platforms.

Bottom line: many Java exploits go after vulnerabilities that have been patched. Since Java runs on a wide variety of platforms, this makes it a very serious vector. You should stay alert for and accept automatic Java updates. You should remove old Java versions as they allow older - vulnerable - Java scripts to run even when you are patched to the most current version. You should also check the Java test page to make sure the latest version installed successfully.

Not to put too fine a point here: Java Updates are notorious for leaving previous versions on your system instead of upgrading in place. Those old Java versions are alive and vulnerable until they are removed.

Worse, many times the Java setup or update process offers end users some form of crapware: additional toolbars, "free" virus scans, etc. I personally recommend that during any install - of any plugin (and I include Adobe products etc here) that you watch for these unneeded add-ons and UNcheck them during installation. If you allow every update of every plugin you use to install these extra craplets, your system will quickly be bogged down to a slow, sad mess.

Action Steps:

1) Check in Control Panel: Add/Remove Programs (Windows XP) or Uninstall a Program (Windows 7) for older Java or J2SE or Java Runtime versions and remove ALL of them. You'll gain back on average around 120MB of disk space per outdated version removed. And you'll close some serious holes in your security.

Example of multiple old Java versions.
Get rid of them!

2) The current Java version as of this writing is "Java 6 Update 23" That should be the ONLY version you have listed in "Remove Programs." You can install the latest version of Java: www.java.com

What you want to see.
Only one Java, and it's the most recent version.

3) Test your installation: http://www.java.com/en/download/testjava.jsp

Oh hey there!
I passed, or did I?

Note that this test only reports the latest working version installed on your system. It does not reveal whether your system has older versions still installed. For that see Step 1 above . . .

A note on x86 versus 64-bit: If you - like most people - use a 32-bit browser when running a true 64-bit operating system, then you only need to install the 32-bit version of Java. In fact I recommend that if you see a 64-bit version of Java in your "Remove Programs" window, you zap it away.

Additional reading:

http://itmanagement.earthweb.com/secu/article.php/3921441/Cisco-Java-Attacks-on-the-Rise-As-Spam-Declines.htm

http://sunbeltblog.blogspot.com/2010/11/its-time-to-get-very-serious-about-java.html

http://blogs.technet.com/b/mmpc/archive/2010/10/18/have-you-checked-the-java.aspx

Bad Outlook 2007 Update KB-2412171 -- December 2010 Microsoft Patch Day

2010-12-15T10:30:00.008-07:00

January 11, 2011 Update: This patch has been re-released under the same KB number. If you previously installed this patch you should update it again. See http://support.microsoft.com/kb/2412171 for more information.

Bug Summary:
After installing patch KB-2412171 for Outlook 2007 SP2 delivered via Microsoft Updates on Tuesday, December 14 2010; several problems on multiple machines began happening.

UPDATE: Pass the salt please -- Outlook team at Microsoft admits to the bad patch. (Which TOTALLY rocks, would sure like to see more ownership from team MS when problems come out of Redmond.)

Performance while loading Outlook, or clicking any email folder/sub-folder or changing views was extremely sluggish, even on high performance workstations.
Auto-archive options were missing entirely from the Properties page for any folder, also missing from the Mailbox Cleanup tool. (See screen-shots)
Additionally severe system instability when certain other plug-ins are installed and running: the Franklin Covey Plan Plus for Outlook version 6 in particular began crashing badly.
Users of Comcast and AT&T email services have reported that sending/receiving breaks with this patch. Error 0x800CCC18 indicating SPA not working.
Some users of outsourced Exchange services have also reported that outgoing emails fail to leave their Outbox.

Tested systems: Windows 7 x64 Professional and Ultimate, running Office 2007 Professional and/or Ultimate. Office 2007 Service Pack 2 installed. Tested with and without AntiVirus running - AV was not a factor. Also tested with the Franklin plug-in removed: which solved the more severe crashing but did not solve the performance issues.

Note that AutoArchive is missing entirely from the patched Outlooks MailBox Cleanup UI, it should be between those two blank lines.

This is what that UI window should look like.

Fix this problem by removing KB-2412171.

This patch can be removed safely. (Note: Microsoft has removed their page for this patch - which I had linked to in the original article. This hopefully means a fixed version is coming very soon. In the mean time, here are the steps to remove this patch from your system.)

1) Close Outlook and any related applications (such as Google Calendar Sync).
2) Open Control Panel >> Add / Remove (or Uninstall) Programs.
3) Click Show Windows Updates or View Installed Updates (depends on your Windows version.)
4) Locate the Outlook update KB-2412171 and remove/uninstall it.
5) Normally a reboot is not required, but if you are prompted to -- wait until you complete the further steps below.

Additionally, I recommend you block this update on systems that have not yet been patched, or block it after removing it so you don't get slammed again.

1) Force a check for updates.
2) Updates should display KB-2412171 as available.
3) Un-check KB-2412171, then right click (in Windows 7) and hide it. In IE (Windows XP) Uncheck the first box next to the update, then check the box below to hide it.

That should solve the problems for now. I recommend you check back later - when a fixed version is released I will make a point of announcing it here.

New: Microsoft has removed the KB article for this patch from their website as of sometime this afternoon December 16. They also appear to have removed the patch from Automatic updates. If you manually remove this patch as described above to correct problems, you should not have to "hide" the update to prevent it from reinstalling. It will simply not be on the list anymore when you refresh available updates.

Critical New (yet old) DLL Loading Vulnerability likely won't be fixed via Microsoft Update

2010-08-24T23:38:00.002-06:00

Short summary: To continue to provide backward compatibility for older (poorly written) applications, Microsoft will likely not patch what may become one of the most dangerous vulnerabilities in Windows. It effects all versions, even the newest Windows 7 and Windows Server 2008 R2 operating systems. System administrators must manually test and patch each system according to what critical applications are used - to prevent business critical systems from breaking completely - or risk infection.

For a decent analysis on what the problem is, and why Microsoft likely won’t be releasing a hot fix via Windows Update see this article:
ars technica : Windows DLL-loading security flaw puts Microsoft in a bind

A Microsoft KB article was released last night announcing a mitigation fix available to system admins. The process includes adding a new REG key and installing a hotfix that enables that key on the OS.
Restrict the DLL search path algorithm (Machine Global, Application Specific, WebDAV or Remote Folders) KB2264107

Please note that if you intend to deploy this fix you will need to manually apply the patch to each system and import a reg key.

Test all business critical apps on this patch before you deploy widely!

In my opinion Microsoft should bite the bullet on this in favor of security – this is potentially one of the most dangerous exploits we shall see this decade. Expect rampant virus infections very soon on un-patched systems. The catch-22 is that deploying this fix will likely break older 3rd party software that used dangerous DLL calling methods. (No names, but there were some big companies that did this right up until last year - “financial software” cough cough.)

Tabnabbing - new phishing technique

2010-05-27T20:47:00.002-06:00

Ever walk away from your computer, or change focus to a different application for a while and forget where you were surfing?

Might want to be careful. A new phishing proof of concept that affects Firefox, Chrome, IE 8 and most other browsers that support simple scripting and tabs might fool you into thinking you were about to log onto your email account -- or your bank!

It's called Tabnabbing, and a malicious site might use it to change the information on a web page to something that looks like your bank, Gmail account, or even a gaming account log in page. (Hit that link above to see more info as well as a harmless working demo of the technique.)

Quote:

How The Attack Works

1. A user navigates to your normal looking site.

2. You detect when the page has lost its focus and hasn’t been interacted with for a while.

3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.

4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.

5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

/quote

You know the drill by now: inform your friends, parents, siblings, co-workers and make sure that official looking log in page to which you're about to respond is one YOU pulled up - not one that just happened to be there when you got back from that bio-break.

UPDATE: If you use Firefox with NoScript, version 1.9.9.81 of said NoScript includes an experimental tabnabbing blocker.

PDF's are the new vector for malware - and now PDF worms are coming

2010-04-05T21:04:00.003-06:00

I've ranted in the recent past about PDF vulnerabilities based on exploitable holes or embedded javascript.

Now comes the real warning about the near future: A built-in feature inherent to the PDF format can be used to run arbitrary code on your machine . . . without using javascript or any actual vulnerabilities. The only mitigation is that Adobe at least asks the user if code might be run -- but some tricky social hacking can still cause unaware users to click OK on the wrong box.

Worse, another growing competitor to Adobe: Foxit PDF, does not even warn the user that code is about to be invoked. It just quietly lets the code run without any user interaction!

For a YouTube video demo of this nasty feature in action:
PDF: Launch a Command

For a downloadable test to try your luck with your favorite third party PDF reader see:
Escape from PDF credit to Didier Stevens.

And for the extension of this logic towards the inevitable PDF driven worm, see:
Are PDF's Wormable?

YouTube Video: PDF Worm Demo - No JavaScript Required

The authors are not releasing the method, but I can tell you that once the concept is released, which it has been, someone on the wrong side will figure it out soon enough.

Adobe, Foxit and other PDF reader providers need to look into this ASAP.

Edit: Thanks to theweaselking in the comment below -- Foxit Reader has an update that will change the behavior to match Adobe's product in this scenario. If you use Foxit make sure you've accepted the latest updates.

Of course - I would rather have three changes from both companies.

1) Make the message that asks the user for permission immutable.

2) Give us an option to turn off the third party viewer feature entirely -- just like we can turn off JavaScript in the Preferences. Such calls from within a PDF would be totally ignored.

3) Bonus! How about fixing Adobe and Foxit so they run properly as a Low Integrity Process in Vista and Windows 7 (and Windows Server 2008 / R2.) Mandatory Integrity Control in Win 7 and Vista works very well as another barrier to malware by forcing high risk processes to run at lower permissions than the OS. Unfortunately many popular utilities that should be considered high risk do not take advantage of this feature.

"We're suing you" spam technique tries to get you to open infected attachments

2010-03-18T12:02:00.000-06:00

It's my understanding (but I'm not a legal expert) that if you were actually being served as a defendant in ANY legal action, you would be getting physical paper delivered to you one way or another.

Email legal summons? I don't think so.

Real law firm, fake spam email, real virus. See the Wall Street Journal article.

This might also be construed as a denial of service on the actual law firms phone lines . . . I can't imagine the pain those guys must be feeling as their phone rings off the hook.

Dear NVidia . . .

2010-02-23T17:09:00.001-07:00

I don't want your stupid PhysX driver, nor do I want your "3D Vision Discover Driver."

Please give me the option during a driver update to not install those components in the first place.

At least I can uninstall them separately after the fact, but it's extra work for me and my clients. (And usually a second reboot before I can get back to work.)

Signed,
- meh

PDF Vulnerabilities, Adobe, Critical Updates and YOU

2010-02-13T21:41:00.001-07:00

For some time I've dreaded going through the update process for Adobe Reader and Acrobat. Let's face it; the process is painful and can take a long time if you don't have super-high-speed broadband.

But in the last year being current on Adobe patches has become as important as being current on Windows patches.

Last month we saw an explosion of exploits that entered the victims machine via malformed PDF files. Adobe patched Acrobat and Reader versions 8.x and 9.x to close that exploitable vulnerability in the middle of January.

Now it's one month later and we have a new vulnerability that's already being actively exploited by malware distributors. Adobe will be releasing another new update to block it this coming Tuesday, Feb 16th.

As painful as it is, if you accept PDF's via email or view PDF's on the Internet via any browser - you need to be completely up to date to protect yourself.

If you've been letting Adobe's auto-updater run and accepting updates when it offers them - the pain won't be too bad. If you turned it off in the past, or have ignored the update requests - then you've got up to an hour or so of updates to get through. I suggest you start now, then check again Tuesday night or Wednesday morning for the new patch when it's released.

Here's the painful part if you're behind:

1) If you are running any version older than 8.x, you need to upgrade NOW to 9.x. Get thee to www.adobe.com and download the newest Reader. (On a side note, while you are there, update your Adobe Flash and Shockwave plug-ins for your browser too!) If you bought and use Acrobat 5, 6 or 7 -- it's time to bite the bullet and get the newest version. Remove that old version completely . . . seriously. However there are alternatives that are more affordable. (See the list at the bottom of this post.) If this is you, be sure to completely UN-install the older version first, and reboot even if you are not asked before installing the new version.

2) Open Reader and click the Help, Check for Updates option. (If you're running Vista or Windows 7 you need to right click the Reader icon and "Run as Administrator" first.)

3) Allow the update to download and install. Reboot if asked, no need if not asked.

4) Repeat from #2 until you finally get the message that there are no new updates.

5) If you have Acrobat, repeat the entire process for that as well.

I just did this to a new clients old machine -- it took about an hour to download and install ALL the updates to bring his copy of Acrobat 8.0 completely up to date. It required two reboots. It required several iterations of steps 2 through 4.

My rant: Why can't Adobe provide roll-up updates that would bring any version of 8.x or 9.x completely up to date with one download and install cycle!? I mean jeez, join the 21st century already would you Adobe?

Now: if you have an ancient version of Acrobat, you should know that there is no need to pay Adobe 450 bucks or more to get the ability to create or edit PDF files. Gone are the days of their monopoly on the format. Here are some alternatives that range from free to "less expensive than Adobe" depending on your usage requirements.

If you need to create (but not directly edit) PDF's from any program you can use that programs Print To function using the excellent and free CutePDF Writer. It installs and behaves like a printer, but instead of paper it "prints" to a PDF file in your Documents folder.

If you own Office 2007, and you need to create PDF's only from Office programs, then you can download and install the free Microsoft Office 2007 Save as PDF or XPS add on directly from Microsoft's download site.

If you need to edit, merge, create forms and just about any other creative task relating to PDF's I suggest either CutePDF Professional or the new "Foxit Phantom PDF Suite". They both include page sizes for all professional fields, load very quickly compared to Adobe Acrobat Professional, and do not (yet) have the security problems plaguing Adobe products. (That may change if they become a big enough target.)

And of course, you could always get the latest version of Adobe Acrobat.

Compare features and price, do your research, and decide.

New attack vector via IE may prompt out of cycle hot-fix from Microsoft

2010-01-17T11:23:00.001-07:00

From http://www.itworld.com/security/93009/attack-code-used-hack-google-now-public
and http://news.cnet.com/8301-27080_3-10436083-245.html

“The dangerous Internet Explorer [ exploit ] ~~attack~~ code used in last month's attack on Google's corporate networks is now public.”

Short summary of action items:

If anyone you know still uses IE 6 or 7 – for any reason – get them to upgrade ASAP. IE 8 might be vulnerable on XP, likely not on Windows 7 at default security settings (although if the end-user has lowered security defaults on the Internet Zone, or turned off Protected Mode, then all bets are off.)

Firefox 3.5.7 with current versions of the NOScript + Adblock Plus plugins installed and properly used by the end-user is a fairly safe browsing tool.

Not browsing the web until a hot-fix is released is not likely a satisfactory solution, but tempting none-the-less . . .

New Trojan horse that encrypts files: the .vicrypt file extension

2009-11-03T11:35:00.000-07:00

Source: http://news.cnet.com/8301-27080_3-10388541-245.html

Symantec's technical description and removal tool:
http://www.symantec.com/security_response/writeup.jsp?docid=2009-102708-2133-99&tabid=2

There's a new Trojan propagating across the web that encrypts files and changes their extension to .vicrypt. Rather than popup enticements to "offer decryption services" (ransom-ware) to the victim, they are relying on end-users searching for that file extension, in the hopes of landing on the malware authors website, where a tool is being sold.

Now you can get a free removal and decryption tool from Symantec, see link above.

This virus is not yet wide-spread, and hopefully won't become so. But if you see that file extension on your system, you should review the details and get cleaned up.

Prepare for your Windows 7 Upgrade after October 22, 2009

2009-09-24T15:13:00.006-06:00

Here are a few tips to help prepare for your Windows 7 upgrade once it's released to the public on October 22nd.

- Run the Microsoft Windows 7 Upgrade Advisor :

From Microsoft: In general, if your PC can run Windows Vista, it can run Windows 7. But if you're not running Windows Vista, or are just not sure if your system is ready to run Windows 7, there's a quick way to do a simple check.

Just download, install, and run the Windows 7 Upgrade Advisor Beta. You'll get a report telling you if your PC can run Windows 7 and if there are any known compatibility issues. If an issue can be resolved, you'll get suggestions for next steps. For example, it may let you know that you need an updated driver for your printer and where to get it.

- Centralize or identify your data and take a full backup of it:

Make sure everything you care about is either located under your "My Documents" folder, or that you know where it is. When you perform an upgrade to Windows 7, you will find that making a full copy of your data onto an external storage device -- such as a USB drive, then deleting all your data on the old hard drive, will make for a much faster and smoother upgrade experience. Once you've completed the upgrade, copy your data from that external storage back to the proper folders.

- Get Windows 7 compatible drivers for all your system devices in advance:

Go to the sources for your devices: nvidia.com for NVidia video cards for example, Intel for your Intel network adapters, or your motherboard manufacturer for so-called integrated network adapters. Get a copy of each driver, expand it using WinZip or 7zip if needed, all into a special sub-directory on a separate partition or onto that external storage device you used earlier. At the very least get that network driver -- even if you skip the others -- so that once Windows 7 is up and running you can use auto-update to get further drivers as needed.

- Check your hard drives health:

Most problems that I've seen so far with interrupted upgrades were due to hard drive failures that happened before the upgrade. This may be an excellent time to upgrade your hard drive to a newer, faster model . . . You should at the very least force a full chkdsk on your drive. Open a CMD prompt (in admin mode under Vista, or normal under XP) and type: "chkdsk c: /f" and press enter. Answer "Y" without the quotes to any questions asked, then type EXIT and press enter. Now reboot your system and let the scheduled disk check proceed uninterrupted.

You can also do a deeper analysis using any of the excellent tools available online that can read your hard drives SMART status. All attributes from that analysis should read OK. If any show as weak, or failed, replace the drive. Here are two of my favorites:

Speedfan (use the SMART tab to check HDD status.)
Hard Disk Sentinel

- Add more RAM:

Now is the time to finally upgrade your on-board memory. If you're already at 3 or 4GB of RAM, disregard. If not, I recommend adding or replacing your RAM to get to the 4GB level. Windows 7 will run under less, but it will run great if it has more memory to use -- and so will your applications. If you're sitting at 2GB or less, it's highly recommended that you upgrade.

- Check your RAM's health:

One of the more . . . interesting . . . scenarios where an upgrade can fail is when some of your RAM has gone bad. It worked fine on the old system, but Windows 7 uses more RAM than older operating systems and will reveal weaknesses that you did not know existed. Before you upgrade - and even when you buy new RAM - you should test the installed memory to be sure it's in good shape.

A decent memory tester can be found at:
Memtest86+

Download the ISO and burn it to a CD, then boot to that CD and run the test through at least two full passes. If you get a 100% pass, you're good to go.

- Consider upgrading to the 64 bit version of Windows 7:

If your hardware is fairly recent, and you have 4GB or more of RAM, then you will find that Windows 7 64-bit will run faster, be more stable, and is more secure against some of the worst exploits on the internet than the 32-bit edition. This will likely require a clean install for you though, so it's up to you to balance your needs and scenario. Windows 64-bit is much more compatible with older applications than any previous 64-bit OS from Microsoft, plus there is a much larger library of drivers for old and new devices for 64-bit than ever before.

Migration in Process from Livejournal

2009-08-28T13:47:00.000-06:00

This space under construction . . . I'm in the process of migrating all my Livejournal entries (sadly, sans comments) over to Blogger. Due to a Google imposed limitation of 50 posts per day -- to prevent abuse -- this will take me at least a week from today.

Once the posts have been successfully moved, I will lock the LJ side and continue my musings about computer security right here on Blogger.

Thanks for your patience while the dust settles!

Thanks to http://linuxlore.blogspot.com for his excellent Blog2Blog application, which is making this chore much more feasible than I first suspected!

Texting While Driving PSA

2009-08-25T21:34:00.001-06:00

Parental guidance suggested

I personally feel that anyone that uses a cell phone and drives a car should view this. But be warned -- this is a very graphic video. I totally lost it when the little girl asked why her mommy wouldn't wake up.

Your search = malware drive by?

2009-08-25T11:15:00.000-06:00

cnet posted an interesting summary from McAfee's SiteAdvisor:

http://news.cnet.com/8301-1009_3-10317029-83.html

Through no fault of her own, actress Jessica Biel is now the most hazardous celebrity on the Internet.

Fans searching online for Biel have a one-in-five chance of hitting a Web site with malware, according to McAfee's third annual report listing Hollywood's most "dangerous" online celebrities.

In general, hunting for Hollywood's in-crowd poses a much greater threat than searching for just about anyone else. For example, President Obama and first lady Michelle Obama ranked No. 34 and No. 39, respectively.

Add to this the fact that searching for things like "free wallpaper" or "free screen savers" can also land you on a compromised site that can infect the majority of machines . . . it's a parasite laden jungle out there.

But by far the worst infections these days still seem to propagate via email. Spammers send links or attachments -- and users still open them!

You -- you know who you are: stop that!

PDF Users - lock down your 'free' reader

2009-08-13T15:57:00.000-06:00

I've not yet figured out just why Adobe's PDF document structure needs JavaScript. It's a document, I read it, act or think on it, then close it! I don't need code handling ability within my document.

Perhaps someone in the know can enlighten me? Anyway . . .

For several weeks now there have been several viruses circulating that take advantage of a now-patched security hole in Adobe's PDF viewers, both the free and paid versions.

Patch your Adobe Reader
The first thing you should do is force a check for updates to your Adobe PDF viewer. Open Adobe Reader (7, 8 or 9) and click the menu item "Help, Check for Updates." Then click the small text saying "List Details."

Compare the left side of the list to the right side. Anything on the left side thats not listed on the right should be checked, and updated -- unless it's a Language Support update, that's optional.

If you are asked to reboot, do so.

Then check again . . . repeat until no new updates appear. At the end of this, you want to check your version and make sure it's at or higher than:

Reader 7: 7.1.3
Reader 8: 8.1.6
Reader 9: 9.1.3

Turn off JavaScript in Adobe Reader
Now that you've patched your Reader, I suggest you turn off the JavaScript feature entirely. You won't miss it . . . and it might help prevent trouble in the future.

Open Adobe Reader again . . .

Click the Edit menu item, select Preferences.

Find and click the entry on the left side for JavaScript, and click to clear the first check box labeled "Enable Acrobat JavaScript."

Be warned that earlier versions of the reader may prompt you to enable JavaScript every time you open a PDF document . . .

Click OK and close the Reader.

Done!

More info about this here: http://www.us-cert.gov/cas/techalerts/TA09-133B.html

Better yet, get rid of that bloated PDF viewer entirely!
Those interested in alternatives can Uninstall Adobe Reader and try the (free for personal use) Foxit Reader 3.0 instead. I recommend you decline the free toolbar they ask you to install, but other than that it's much faster than Adobe's product, and does not currently have the security vulnerabilities.

See http://www.foxitsoftware.com/pdf/reader/

Critical Security hole in Windows XP / Server 2003

2009-07-06T18:00:00.000-06:00

Microsoft announced today that a nasty security vulnerability has been discovered but not yet patched that allows a malicious remote website to remotely control your machine. It is being actively exploited around the Internet.

From http://www.msnbc.msn.com/id/31766751
Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

I easily found a few of these sites by analyzing several spam emails containing links to rogue domains announcing things like eCards, or purporting to have news about recent events (M Jackson or Obama for example.)

If you still use Windows XP or Server 2003 and you use Internet Explorer (any version) then you are vulnerable . . . Vista, Server 2008 and Windows 7 Beta/RC users are not affected. Oddly enough, users of the venerable Windows 2000 with SP4 are also not affected.

There is a workaround for this issue, although using it will disable certain types of motion video in the browser. For end-user friendly workaround instructions (as well as a method to remove the workaround -- which you WILL want to do once this is patched) go to Microsoft's page on the topic at:

http://support.microsoft.com/kb/972890

Once you get to that page, use the Enable Workaround (*Fix it*) button in the middle of the page and follow the prompts. After you have successfully enabled the workaround make sure to close and re-open IE -- or reboot -- before you continue surfing the web . . .

For advanced users / IT Admins you can find out more about this issue at:

http://www.microsoft.com/technet/security/advisory/972890.mspx

.

April 1st may be a nasty day if your system harbors hidden malware

2009-03-13T17:45:00.000-06:00

. . . of course this has been true for the last few years. April 1 seems to be a favorite time for malware criminals.

This year it's "Conficker" aka "Downadup." Since my last post about this rapidly spreading piece of nastiness, the virus has seen (at least) two updates from it's authors. The most recent edition is more aggressive about spreading itself and more resilient against detection and cleanup than any virus I've personally seen in years.

It installs at least two rootkit variants and uses known Windows exploits to spread on local networks -- bypassing any user interaction (such as surfing a compromised website or opening infected email) altogether. It's still using USB devices to spread through AutoRun - which makes me wonder why Microsoft hasn't offered to disable that for everyone through Automatic Updates.

It's short-term purpose in life -- so far -- seems to be getting as many machines infected as possible. Long-term it's a botnet awaiting commands from the criminal owners. Those commands could be anything from an update to currently infected machines to make them harder to detect and clean, to a DoS attack on the Internet infrastructure or specific targets, or sending spam from millions of infected workstations, or activating/installing key-loggers to steal your ID/Bank accounts.

I'm betting a combination of the above -- with the twist that the whole botnet will be up for hire and thus will change it's mission frequently and randomly as underworld buyers subscribe to services.

I am very much concerned that after April 1st we will all know a lot more than we wanted to about Conficker.

So what can you do about this?

a) Don't rely on Windows Automatic Updates (it's been known to get into a stuck state on certain machines.) Visit Microsoft's Update site and verify that you are completely caught up on all critical updates. If you see any available critical fixes then you should install them, reboot, and check again. (Some updates stack on older updates and won't appear until you catch up a bit.) Repeat the check, install the next layer, repeat until you show zero critical hot fixes on the list. Get to the manual update check from IE, the Tools menu, and select Windows Update. Or you can take a huge risk and click this link while using Internet Explorer (and hope that this blog post can be trusted): http://windowsupdate.microsoft.com/

b) Make sure you're running a current anti-virus/spyware product, and that your subscription is active. I'm not trying to play favorites, but you get what you pay for in most cases. Free AV products have not generally been as effective as pay-for versions (even within the same company/product group where a free version is offered - no names here.)

c) Lock down your wireless network if you use such at work or home with WPA2 - someone that's infected could wardrive your LAN and infect your machines if you leave your wireless open to the world. (Not to mention all the other crap they can do to you if you leave your network unsecured.)

d) Change your firewalls password from the factory default. (See your owners manual . . . )

e) Turn off AutoPlay (yes I know, I rag on this a lot - Microsoft should pay attention already.)

f) Use IE in High Security Mode and (if you have IE 8) Enable Protected Mode. (Vista IE 7 users get this by default) or better yet use FireFox 3.x in combination with NoScript.

g) If you can't do the above . . . then on March 31 turn your computer off, go outside, and enjoy some sunshine. Go find some nightlife too - away from your computer. You can come back on April 2nd. Maybe. Seriously folks -- these things spread so easily because we get lax about our personal safety online.

Would you drive on sagging bald tires with an engine light showing low oil with no seat-belt at very high speed on the interstate highway system?

Wait . . . don't answer that.

Paul Harvey

2009-02-28T21:47:00.000-07:00

Paul Harvey died today, less than a year after his wife passed away.

http://www.msnbc.msn.com/id/29447376/

He was 90 years old.

I used to listen to him faithfully every day when I still listened to radio.

What a voice. What a life. And now he's off to discover the rest of the story . . .

Clyde Tombaugh's 16 inch telescope pictures at Pluto Park, NM

2009-02-07T14:18:00.001-07:00

Clyde Tombaugh's (discoverer of the planet Pluto) 16 inch telescope has been
restored and installed at Rancho Hidalgo aka "Pluto Park" near Animas, New Mexico.

The opening ceremony occurred Wednesday afternoon, January 28, 2009.
Approximately 50 people attended the ceremony. Some of the key attendees
included Jack and Alice Newton; Walter Haas; David Levy; Michael Bakich;
several members of the New Mexico State University physics and astronomy
faculties; various amateur astronomers from Tucson, Las Cruces and surrounds;
and Patsy Tombaugh, Clyde Tombaugh's wife.

For more pictures by other attendees and an excellent write up on the event see
the blog entry on Astronomy.com by Michael Bakich: On the road: Party in Pluto Park.

Click on any picture below to download a larger version.

Clyde Tombaugh's 16 inch telescope.

Clyde Tombaugh's 16 inch telescope seen from below.

Patsy Tombaugh with her daughter Annette and Annette's husband Wilbur at Pluto Park.

Patsy Tombaugh and Michael Bakich at Pluto Park.

Clyde Tombaugh's 16 inch telescope at sunset at Pluto Park.

These pictures of Clyde Tombaugh's Restored 16 inch Telescope at Pluto Park by WaS are licensed under a

Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.

Educational

2009-02-06T13:22:00.000-07:00

"I think TV is very educational,

every time someone turns on a TV

I go in the other room and read."

- Julius Henry "Groucho" Marx

Fake "Parking Violation Tickets" used to lure victims to malware website

2009-02-05T10:00:00.000-07:00

Be sure that the ticket on your windshield is from the local authorities.

http://it.slashdot.org/it/09/02/04/183237.shtml

http://isc.sans.org/diary.html?storyid=5797

Mashup of this weeks ponderings

2009-01-24T20:07:00.000-07:00

Circuit City going bankrupt - and both they and the media still don't get the reason why. Too many articles blaming super-competitive behavior from Best Buy. That's not the reason. In fact BB should be watching closely because they are next to go under if they don't upgrade their act. Part of the problem is the economy, but CC's problems started well before we got into the current mess.

I believe that BB needs to start competing with online sales for computer and AV equipment, software etc. Look to Amazon, NewEgg, TigerDirect, CDW, and many other online retailers that are underselling BB. If BB fails to take online sales competition seriously - and by that I mean price matching and quality assurances - then BB will be out of business in a few years or less.

Windows 7 Beta - it looks like Vista, but feels and works MUCH better. I am a bit peeved about this. I think W7 should be the next service pack for those that purchased Vista. Don't take me for a MS hater - I'm not. Vista SP1 has its strengths, but it still feels unfinished and clunky. I personally think that there should be some consideration from MS for Vista adopters when W7 is released - and I don't mean their standard "Upgrade" discounted editions that won't let you do a clean install onto a system.

Windows 7 may entice most XP users to upgrade - assuming the economy rebounds in time. Vista users will want to upgrade so they can save what's left of their hair. Windows 7 combined with Windows Server 2008 is a powerful partnership for the enterprise.

Virus / worm / potential Botnet attack - still in progress. Downadup, Conflicker, call it what you will - is still spreading rampantly. Trouble is it doesn't seem to be doing anything. This has AV researchers worried, as it's entirely likely that all 12 Million plus infected computers may in fact be waiting for a specific date or deadline to activate and wreak havoc on the Internet. I am personally going out on a limb here, but it's almost beginning to look like a well funded terrorist attack in progress/preparation. This virus is sophisticated, but it's doing nothing ... yet! If whomever owns the botnet decides to use it as a Denial of Service attack machine, and assuming infections continue to increase at current rates, the infrastructure could be in trouble. See my previous post about this topic at http://netdef.livejournal.com/55150.html

I miss my kitty . . . been almost 18 months. Might be time to go find a new kitten.

The World's First IT Guy

2009-01-19T20:53:00.001-07:00

I'm still laughing over this one, but it might hurt later . . .

I told you so! Conficker Worm spreading ~ 10 Million computers in a week.

2009-01-16T17:13:00.000-07:00

I always wanted a post title like that . . .

The Conficker Worm is making it's rounds and may very well become the most aggressive and fastest spreading malware in history with a truly nasty payload. I'm not going to count the Melissa Virus or the "I Love You" Virus of a few years ago, because as rampant as they were, their payload was relatively benign.

This new worm takes advantage of a multi-pronged attack to infect new victims. It's first intent is to create a new BotNet and "zombify" your computer. It's other mission is to steal passwords, personal info and account information in an attempt at mass identity theft.

It's using a vulnerability in Windows that was patched last month by Microsoft as the primary vector, then it attempts to use AutoRun on USB drives as well as a brute force Administrator account password hack once it gets inside a local area network.

So if you haven't yet, get patched completely to the most up to date versions you can, and turn off AutoRun on your clients and servers, and make sure all accounts on your systems that have Admin rights also have strong passwords. Even if you are using a home computer behind a firewall, make sure your account has a password.

More info here:
http://www.pcworld.com/article/157876/protecting_against_the_rampant_conficker_worm.html

Security updates for Firefox released yesterday

2008-12-17T11:17:00.000-07:00

Some fairly important security updates for Firefox 2.x and 3.x were released yesterday.

See http://www.mozilla.org/security/announce/ for more info on the bug fixes included.

If you still use Firefox 2.x, this release is the last planned upgrade . . .
http://en-us.www.mozilla.com/en-US/firefox/2.0.0.19/releasenotes/

For users of FireFox 3.x, see this page for news and info:
http://en-us.www.mozilla.com/en-US/firefox/3.0.5/releasenotes/

As always I highly recommend the excellent NoScript plugin for both versions to help make your online browsing experience safer. And remember to check for updates in your Tools:Add-ons menu option every time you upgrade to new builds of Firefox.

NoScript: https://addons.mozilla.org/en-US/firefox/addon/722

Get your out-of-cycle critical IE patch now

2008-12-17T11:02:00.000-07:00

The patch just went live on Windows Update. If you run Windows or Microsoft Updates manually via the browser or Vista Update program, look for references to any one of the following (depending on your OS):

MS08-078
KB961051
KB960714

"Security Update for Internet Explorer 7" (or 8, 6, etc.)

If you need to download and install the update manually (or have a lot of machines to update, or have older versions of IE), try this search query on Microsoft's site for MS08-078:

http://search.microsoft.com/Results.aspx?mkt=en-US&q=ms08-078

If you are otherwise current on updates, and use Auto-Updates, you will get this patch sometime during the next few days. Personally I would do a forced check to be sure.

Ultra-Critical out of cycle fix for IE coming tomorrow from Microsoft

2008-12-16T16:08:00.000-07:00

You might have heard about a nasty vulnerability in Internet Explorer that allows a malicous website to remotely take-over one's machine. Microsoft just announced a fix for this issue that will be released tomorrow. It should be available via automatic updates, but just in case I'll follow up tomorrow with links.

The announcement:
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx

More info about the vulnerability:
http://www.microsoft.com/technet/security/advisory/961051.mspx

If you previously applied any of the complex workarounds for this problem, you will need to reverse your changes before applying tomorrows update.

Get traditional -- send paper cards via snail mail for the holidays

2008-12-07T12:37:00.000-07:00

. . . Or call your family/friends/loved ones. Better yet send them a nice gift.

Whatever you do - forget about eCards. I personally think eCards are tacky anyway, but the real problem is that too many email virus spammers use fake eCards during the holidays to propagate their infections. Lately it's become darn near impossible to tell the fakes from the "legit" eCards.

We see this every holiday season, so here's your paranoid reminder for 2008:

http://blogs.technet.com/mmpc/archive/2008/12/02/merry-malware.aspx

Every year the ne’er-do-wells trundle out the same set of tricks to distribute their malware and take advantage of people’s better nature, and the additional opportunities for sensitive data theft as shoppers flock to the Internet to purchase gifts and other festive treats. Regardless of the simplicity of this basest style of social engineering attack, it must be successful or I guess we wouldn’t see so much of it every year.

The basic holiday-themed attack has varied little, if at all, through the years and across various holidays. Generally, the attacker sends a malicious e-mail that appears to notify the target that they have received an e-card that says “Happy ”. The e-mail also contains a link that the target can use in order to ‘see’ their card. Clicking on the link downloads a malicious executable that compromises the user’s machine, often opening a backdoor that places the machine under the attacker’s control. Colourful animations and music tend to feature in these lures (and who doesn’t like dancing snowmen/candycanes/santas/Christmas trees/champagne bottles, etc?) Of course, Christmas isn’t the only popular theme for bait, the New Year also finds its share of fans in the malware distributing underground.

So, while musing about the delights of the coming festive season, spare a thought for your safety online, and don’t be fooled by the dancing Santas.

Home firewalls and routers vulnerable to hacking . . . still

2008-12-04T15:04:00.000-07:00

Old bug, old news, and apparently STILL not being corrected by the Internet Service Providers that distribute these things to their customers. Unknown at this time is whether some of the combo Cable-Modem and Fiber routers have the same issue. (My bet is -- yes!)

The short story: the default login to most firewall/routers browser based configuration panel from the LAN side is unsecured - we're talking a known admin user and no (or a factory default that's widely known) password. The customer almost never logs in to change or set a new password, and the service tech that installs the router doesn't either.

This issue has also been around for a loooong time for retail Wi-Fi or Wired firewall/routers: the admin passwords for all brands and models are well-known (and it's a very short list) and if never changed by the customer they are vulnerable to this hack.

See http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212201777 for the full article. Excerpts below:

~~~snip~~~
A deadly attack typically associated with Websites can also be used on LAN/WAN devices, such as DSL routers, according to a researcher who this week demonstrated cross-site request forgery (CSRF) vulnerabilities in devices used for AT&T's DSL service.

The vulnerability isn't isolated to Motorola/Netopia DSL modems. It affects most DSL modems because they don't require authentication to access their configuration menu, he says. "I can take over Motorola/Netopia DSL modems with one request, and I can do it from MySpace and other social networks," Hamiel says. The attack uses HTTP POST and GET commands on the modems, he says.

CSRF vulnerabilities are nothing new; they are pervasive on many Websites and in many devices. "CSRF, in general, is a very old issue," says Hamiel, who blogged about the hack this week. "Most of the vulns found today are old. That's the point: Nobody seems to learn lessons anymore."

A CSRF attack on a DSL router could be launched from a social networking site, Hamiel says, using an image tag on a MySpace page, for example. "Everyone who viewed my MySpace page with AT&T DSL and the Motorola/Netopia DSL modem would be owned," he says.
~~~ snip ~~~

What can a hacker do to you once they have access to your routers configuration page?

1) They can create false DNS entries that will point you to their site instead of -- say -- your banks.

2) They can login to your home or small business network and snoop on your shared files.

3) If your computer has no password, or an easy password, they may directly login to your computer behind your firewall and install backdoor Trojans and use your broadband to send out more virii, spam and malware to others.

4) They can use your system as a proxy while they go do really bad things on the Internet. Later you get served papers (or the officers kick down your door at midnight) for crimes you did not know were being done on your connection.

Etc. Etc. Etc . . .

Lesson for the day (and most of my direct readers already do this, so pass the word to your family, friends and neighbors):

When you buy or take delivery on a DSL, Cable or auxiliary Wi-Fi or Wired router, log onto it at least once and change the Administrator password.

List of reputable Anti-Malware/Virus suites that have free editions or fully functional trials

2008-12-03T01:15:00.000-07:00

My top list of reputable Anti-Malware/Virus suites for Windows that have free editions or fully functional trials.

They're in no particular order of effectiveness at the time of this writing . . . these are all genuine and are usually listed within the top 10 AV products as tested by VB100. I am posting this as a reference because there are way too many pop-up ads for so called free scanners that are actually Trojans in and of themselves.

Remember that you should only run ONE real-time protection product at a time on your system. Don't install two or more and expect your computer to be stable.

Links provided in clear text so you can examine them for funny business.

SunBelt Software: Vipre - 15 day free trial. (Fully functional, Virus, Rootkit, Malware/Spyware protection and cleanup. Very useful for emergency cleanups.)
http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/

ESET NOD32 AV - 30 day free trial. (Mostly fully functional, Virus, Malware/Spyware protection and cleanup.)
http://www.eset.com/download/free_trial_download.php

Kaspersky Anti-Virus 2009 - 30 day free trial. (Mostly fully functional, Virus, Malware/Spyware protection and cleanup.)
http://www.kaspersky.com/trials

Sophos AntiVirus - 30 day free trial. (Fully functional, Virus, Malware/Spyware protection and cleanup. Free Rootkit analyzer also available, see below.)
http://www.sophos.com/products/small-business/eval.html

Sophos Anti-Rootkit - Free version. (Fully functional within the scope of the intended use, that is to find and delete rootkits - but it's not going to go after other malware or viruses on your system.)
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

Avira: AntiVir - Free version. (Good protection and system scans, but pops up nag screens from time to time asking you to upgrade to the pro version.)
http://www.free-av.com/

Avast!: Home Antivirus - Free version. (Good protection etc, free virus definitions seem to be about 4 days behind -- but I cannot prove that.)
http://www.avast.com/eng/avast_4_home.html

Grisoft: AVG - Free version. (Good protection etc, as with Avast the free virus definitions seem to be about a week behind -- but I cannot prove that.)
http://free.avg.com/

Since someone may ask -- I personally use the first on the list. It provides excellent scan and cleanup features including a special safe mode scanner and a boot-time rootkit scanner. Its real-time monitor has very low impact on system performance and the program has a very clean -- even simplistic -- UI.

New proof of concept script attack in all browsers bypasses AV detection

2008-11-22T13:19:00.000-07:00

From http://www.eweek.com/c/a/Security/Script-Fragmentation-Attack-Could-Allow-Hackers-to-Dodge-AntiVirus-Detection/

Stephan Chenette of Websense describes a new Internet attack vector that could allow hackers to bypass anti-virus protection at both the gateway and the desktop. The technique, called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis engines.

The attack works like this: Malware authors write benign client code and embed it in a Web page. The only content contained on the initial page will be a small JavaScript routine utilizing XHR or XDR. This code contains no actual malicious content, and the same type of code is found on all of the major legitimate Web 2.0 sites.

When a user visits the Web page, the JavaScript and the XDR or XHR will slowly request more code from other Web servers a few bytes at a time, thereby only allowing a user's gateway anti-virus engine to analyze a few seemingly innocuous bytes as it tries to determine whether or not the Web site is malicious.

Once received by the client, the bytes are stored in an internal JavaScript variable. The client will request more and more information until all the information has been transferred. Once it has been transferred JavaScript will be used to create a Script element within the DOM (Document Object Model) of the browser and add the information as text to the node. This in turn will cause a change to the DOM and execute the code in the script element.

According to Chenette, the entire process—from data being transferred over the network to triggering JavaScript within the DOM—can slip under the radar because no malicious content touches the file system. It's done completely in memory, and any content that is transferred over the network is done in such tiny fragments that anti-virus engines parsing the information don't have enough context or information to match any signatures.

The attack, which has not been seen in the wild by Websense, works on all the major browsers. Technically, however, it is not a browser vulnerability—it merely takes advantage of the way browsers work.

My initial thoughts: If this gets out into the wild, the only protection is to either turn off scripting entirely in Internet Explorer (which will cripple most legitimate websites), or use the excellent NoScript plugin for Firefox (and use it correctly.)

Rootkits, Trojans -- they may 'own' your USB thumbdrive

2008-11-20T10:45:00.000-07:00

A topic that I might have brought up before (too lazy to go find it) and which really hit home over this last weekend - USB portable storage devices and current malware are a match made in virus heaven.

Friend of mine called me in a panic - his main computer slowed down so he thought he might clean it up a bit. Made a full backup of his photo's and documents to a portable USB drive. Started the cleanup, saw some odd behavior, downloaded an alternate virus scanner trial, found nasty nasty stuff that he could not clean up, rebuilt the OS after formatting the drive -- and started to restore his files from that backup.

Remember that backup? The one he took from what was likely an already infected system? The second he inserted that drive into a USB port - wham! Infected again. That's when he finally called me . . .

Much like virus infections that spread via 5.25 and 3.5 diskettes in days of yore, a new generation of backdoor Trojans, Rootkits, Keyloggers, Botnet/Zombie infections and other malware use USB drives as an infection vector.

This is exceptionally nasty for consultants that use USB drives as their portable toolkit. They stick their drive into an infected computer, which infects their portable drive, which in turn infects the very next computer into which they insert said drive if Autoplay is turned on . . .

Solutions do exist though. My personal solution - which I use in my business - is to use USB thumb drives with a Write Protection Switch (a physical slider switch on the side of the drive that sets the drive to read-only mode and cannot be bypassed by software) while in the field. I also keep a full redundant backup of my software toolkit in safe storage. (Not to mention I scan my thumb drives after every client visit.)

So you set the drive to read/write when copying data to it from a safe computer. Switch the thing to read only while using it in other computers.

The only trouble is that if you need to write/save a file to the drive while visiting another computer - you had better make darn sure that a) that other computer is running a current and trustworthy anti-malware suite and b) that your own computer at your home or office has autoplay turned off and c) that afterwards you think very hard about using that drive in any other computer before getting it scanned from a safe location.

The other problem is that finding a USB drive with a physical "Write Protection Switch" is fairly difficult. I've got two different brands in my toolkit now. It took some serious google-fu to locate them and even more effort to find a vendor that sold the models. (Iomega and Kanguru for those curious - the Kanguru is fast and secure, but much more pricy.)

I've said it before, here it is again (and updated for Vista users):

I've often wished that the Autoplay feature was turned off by default in Windows. It would also be nice if there was an easy way to turn it off somewhere in the user settings . . . but it's a tad more complicated.

Autoplay is not really needed anyway, it's annoying when you insert a CD that you just want to browse, and it's been the vector for virii several times in the past. Just remember that if you turn it off, and you insert a CD from which you want to install something, you will need to browse to that CD and find the Setup program manually instead of waiting for the Autoplay setup to start automatically. I like having to start setup manually better anyway, gives me more control over my system.

To turn Autoplay off, find the heading for your operating system below.

Windows XP Home

1) Create a new TXT file and open it in Notepad.

2) Paste the code below into your new text file.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000FF

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

3) Save the file, close it in Notepad, and rename the file to end in the ".reg" extension.

4) Double click the REG file to import the setting into your registry. Click OK when it asks if this is something you want to do . . .

5) Reboot and done for Windows XP Home.

Windows XP Professional

1) Click Start, Run and enter GPEDIT.MSC

2) Go to Computer Configuration, Administrative Templates, System.

3) Locate the entry for "Turn Off Autoplay" and Enable it for All Drives.

4) Close the Policy Editor and reboot . . . done for Windows XP Professional!

Windows Vista

Note: Be certain you have installed Vista Service Pack 1 and have all the most recent patches before applying this change.

1) Create a new TXT file and open it in Notepad.

2) Paste the code below into your new text file.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000FF

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

3) Save the file, close it in Notepad, and rename the file to end in the ".reg" extension.

4) Right click the new REG file and select "Run as Administrator" to import the setting into your registry. Click OK when it asks if this is something you "really" want to do . . .

5) Reboot and done for Windows Vista!

For more information, see Microsoft's KB article on AutoRun/AutoPlay at http://support.microsoft.com/kb/953252

NVidia Tesla Update - supercomputing at the desktop

2008-11-20T09:48:00.000-07:00

Update regarding a post I made almost a year and a half ago, NVidia's Tesla may be changing our definition of super-performing personal computers.

For those with enough cash - around 10 grand for the base model - you can get your very own personal "Super-Computer!"

Seriously - can you imagine what this could do for very small scientific research companies?

Each processor can sustain one teraflop. Need more power? Add processors . . . up to four for now and possibly more in the future.

More info:
http://www.eweek.com/c/a/IT-Infrastructure/Nvidia-Details-Personal-Supercomputer-Design-Based-on-Tesla-GPU/

http://www.nvidia.com/object/tesla_computing_solutions.html

Long term data storage

2008-11-13T15:58:00.000-07:00

I've been subscribing to the theory for several years that the best way to safely store data for long terms was to use redundant hard drive spindles, and keep up with maintenance. That used to be valid, because no optical storage media had been invented that was rated for any kind of decent long term retention. (10 years max used to be the rule of thumb - with no assurances whatsoever.)

Sometime in the last few years optical technology greatly improved the longevity of certain media types. I missed that . . .

So the question today I started researching was "how do I store all my family digital photo's safely?"

So far it looks like (Edit: hypothetical - they don't appear to exist yet on the market) Gold Media DVD+R is the way to go. Proper storage in a cool, dry, dark place in acid free liners also seems to be critical.

One of the preferred SATA burners on the market for good quality burns:
Samsung SH-S223F

Found several good articles on the topic, but wondering if anyone here has direct experience with this problem. If you have some tips, please post them below!

Links of worth so far:

http://adterrasperaspera.com/blog/2006/10/30/how-to-choose-cddvd-archival-media

http://www.infinite0.com/archives/99

http://www.clir.org/pubs/reports/pub121/contents.html

November 2008 Patch Tuesday

2008-11-11T15:22:00.000-07:00

If you're not set to use automatic updates on Windows (XP and Vista), be sure to fully catch up your patching today.

There was a super-critical out of cycle patch released 2 weeks ago, plus several critical patches released today.

You really want these security fixes . . . two of these vulnerabilities are being actively exploited right now.

Users of Grisoft's free AVG: don't delete that file until you check this . . .

2008-11-11T15:18:00.000-07:00

http://securityandthe.net/2008/11/10/avg-virus-scanner-removes-critical-windows-file/

Quote:

An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll (netdef: a critical system file for Windows)contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.

Both AVG 7.5 and AVG 8.0 were affected by the update; a revised signature database has just been published that corrects this issue. People that have removed the user32.dll can either boot from their original Windows CD and choose the repair option, or use another CD to boot from and restore the file from C:WindowsSystem32dllcache.

A short break from computer topics . . . Bread!

2008-11-07T10:24:00.000-07:00

One of my many side hobbies is baking. This morning I discovered an excellent resource for artisan bread at http://www.artisanbreadinfive.com/ . . .

Am I allowed to "gleee?" (cough)

They are pushing a book, which I will likely buy -- but many recipes are listed in full on that site. I predict a very pleasant smelling weekend in my home as I try making their Pletzel. :D

US Presidential malware spam

2008-11-05T20:04:00.000-07:00

From http://www.f-secure.com/weblog/archives/00001530.html . . .

"Not a big surprise at all that a spam run distributing malware talking about Obama being elected the new US President started this morning (US time).

The link points to a website that looks like it contains a video and to view it the user has to download a new flash player, adobe_flash9.exe."

Installing that fake Adobe update releases a very nasty trojan with rootkit onto your computer.

Edit: suggests (in comments below) that users may be sure their Adobe products are updated safely by going directly to the source - rather than trust any pop up message announcing an update. This would work for Adobe Reader, Flash, Shockwave, Air, and Adobe Media Player. For Reader you can update from within the program itself. For other Adobe products, try www.adobe.com and follow the free product links from their front home page.

Guard your domains - new wave of phishing attacks

2008-11-03T09:50:00.000-07:00

Last week one of my clients forwarded an email to me that purported to be from Network Solutions - a well-known domain name registrar. The news looked fairly alarming. The emails stated that their domains had expired and were on the auction block - but if the victims would log onto the site and provide full contact info etc, they would be sent instructions on how to renew the domain before it was auctioned away forever . . .

The link in the email "looked" okay, but it was formatted in HTML and the true link went to a very dangerous web page.

Phishing attack for CC numbers / money?

Not exactly -- or more precisely, not ONLY that. Turns out that there is a new wave of phishing attempts for known, established domain names. The criminals behind the attacks are trying to spoof you into giving up your domain registrar account credentials so they can impersonate you just long enough to transfer that tasty domain into their anonymous ownership.

http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=211800362

"The new phishing attacks are a way for spammers, malware writers, and fake antivirus writers to keep their operations running . . .

By grabbing legitimate domains, the cybercriminals secure safer cover for their operations. "With these phishing attacks, they'll get access to domains owned by good people."

Expect to see more of these attempts from all domain registrars (eNom, Network Solutions, GoDaddy, etc.) I also expect to see these phishing attacks combine malware infections that will attempt to infect your workstation with key loggers.

Don't click the links in those emails!

New things to guard against in 2009 (Part 1 - Keys)

2008-11-01T16:18:00.000-06:00

Long has it been advised to protect your personal information in public. Things like guarding your PIN from being observed at POS counters and ATM machines. Keeping a finger over your CC numbers as much as possible in public when they are out of your wallet. Don't carry your SS card in your wallet / purse. Watch for odd looking attachments on card readers (although lately that's not as effective, new black market card readers can be inserted inside some gas station pump CC slots.)

Now comes software that can duplicate your car and house keys from surveillance photos.

http://www.jacobsschool.ucsd.edu/news/news_releases/release.sfe?id=791

"UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key.

. . . advances in digital imaging and optics have made it easy to duplicate someone's keys from a distance without them even noticing."

In one demonstration of the new software system, the computer scientists took pictures of common residential house keys with a cell phone camera, fed the image into their software which then produced the information needed to create identical copies. In another example, they used a five inch telephoto lens to capture images from the roof of a campus building and duplicate keys sitting on a café table about 200 feet away.

That bubble you hear popping? Yeah, their golden parachutes are collapsing . . .

2008-09-29T12:27:00.000-06:00

http://www.msnbc.msn.com/id/22425001/vp/26944027#26944027

http://www.msnbc.msn.com/id/26884523/

"Like the Iraq war and the Patriot Act, this bill is fueled on fear and hinges on haste," said Democratic Rep. Lloyd Doggett, R-Texas.

Tornado aftermath

2008-06-07T20:26:00.000-06:00

A quick update/status from the tornado that passed near our home last week, and some advice for everyone to prevent a nasty aftershock in any emergency that involves the power grid.

Our home was undamaged. It missed us by about 2 miles. My car not-so-much, as I was driving out of the actual path of the storm and got whacked by hail the size of baseballs. Nothing that can't be repaired easily. I can tell you that the sound your car makes when being bombarded by hail of that magnitude is amazing.

The aftermath? If the power goes out for an entire city, go, immediately, unplug everything you value. Your computer, the stereo, TV, the fridge, freezer, clock radios, get it all off the grid. The local power company was in a hurry to get everything running after 48 hours of darkness. When they flipped the big master switch, the resulting city-wide surge zapped thousands of appliances and electronics into oblivion. The wise among us did not suffer any damage from the power up. The unwise lost not only electronics, in some cases the surge was powerful enough to burn out house wiring.

Just saying . . .

Impossible!

2008-06-07T20:18:00.000-06:00

The only way to discover
the limits of the possible
is to go beyond them
into the impossible.

- Arthur C. Clarke

More on the Apple Safari vulnerability

2008-06-03T14:42:00.000-06:00

Shocking quote from the person that found "part" of the vulnerability:

From http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx

"I can only say that Microsoft's suggestion for a workaround is not enough. This combined Safari/IE vulnerability might still be successfully exploited, even if the user will change Safari's download location. Also, the Safari "Carpet Bomb" vulnerability can be used in combination with vulnerabilities in other products, so even if MS fixes their vulnerability, Safari users will still be vulnerable.

The current best solution is to stop using Safari until Apple fixes their vulnerability."

(Bold typeface in quote added by me . . .)

Also, if you want to know what the first part of the vulnerability in Safari could potentially do to your desktop -- see this site (pics and tech info):

http://www.oreillynet.com/onlamp/blog/2008/05/safari_carpet_bomb.html

New attack on Apple Safari under Windows XP or Vista

2008-05-30T19:52:00.000-06:00

Microsoft posted a security advisory today concerning users of the Apple Safari web browser under Windows XP or Vista. This particular security vulnerability does not occur on other operating systems combined with Safari.

http://www.microsoft.com/technet/security/advisory/953818.mspx

"Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed."

You can mitigate the attack vector by simply changing the default download destination path in Safari from the Desktop (a side rant here, NO program should ever select the Desktop as it's default storage location . . . ) to another folder on your hard drive. I recommend you create a downloads folder on your C: drive (or another drive if you have more than one partition) and point Safari at that location.

Under XP open "My Computer" or under Vista "Computer."

Open the C: drive (or your preferred hard drive.)

Right click on any white space and select New Folder. Name it "Downloads" or something appropriate.

Launch Safari. Under the Edit menu select Preferences.

At the option where it states Save Downloaded Files to:, select the new folder you created on your system.

Courage

2008-05-30T13:37:00.000-06:00

Courage does not always roar.
Sometimes it is a quiet voice
at the end of the day, saying...
"I will try again tomorrow."

- Unknown

If you build it, they will come . . .

2008-05-23T19:50:00.000-06:00

Playground kit, (some assembly required) assembled. check

Polished gravel delivered and spread, to prevent skinned knees. check

Letting the neighborhood ~~kids~~ cubs come over to play. check

If you run IIS or SQL on any current flavor of Windows . . .

2008-04-17T23:45:00.000-06:00

You might want to check this out -- soon -- and see if your configuration is at risk. Mitigation suggestions are included on the linked page.

http://www.microsoft.com/technet/security/advisory/951306.mspx

I smell a new worm rising from the dank depths of "teh inter-tubes . . ."

"Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability."

If you administer a website on a Windows Server based host, as opposed to a Unix or Linux based host, I strongly advise you to grab a backup of your entire site, and its databases (if you have such) right now.

There is a key phrase in the security alert that alarms me:

1) "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs."

Anytime MS talks about out-of-cycle updates, I take any other disclaimers they spout about "Microsoft not being aware of any attacks attempting to exploit the potential vulnerability" with a unhealthy dose of proverbial salt. Play it safe -- act as if the vulnerability is already actively being used to hack sites and servers.

Vista SP1 Support

2008-03-24T15:26:00.000-06:00

Quick note here for those that might be in need of help with Vista Service Pack 1 . . .

1) If you have not yet installed it, make sure you have the latest device drivers installed for your video and network cards before installing SP1. There have been reports of some people being greeted by a black screen on reboot after SP1 was completed - because their video driver was not compatible. The only solutions in that scenario are a complete clean re-install from the Vista Bootable DVD, or installing a new video card for which Vista has native support.

Among other guilty devices; the embedded graphics card on certain Intel 945 chipset motherboards seems to be causing this problem for people that did not first upgrade to Intel's latest driver before installing SP1.

Same goes for certain embedded network cards, leaving you with no easy way to download a newer driver after SP1 is installed. There's always sneaker-net of course.

2) If you have installed it and are having trouble, here is the "super secret" direct support page from Microsoft - which includes free phone support. Super Secret because they are not advertising the fact that they do provide free support to any legal owner of Vista trying to install SP1.

By "any legal owner" they include full retail purchases, upgrade versions, and now all OEM versions.

Here it is: https://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11274&gprid=500921

Don't drink the water?

2008-03-09T13:20:00.000-06:00

They're getting into our highland watersheds. Deep into our planet's underground natural reserves. Seeping into rural wells from septic tanks and cattle fields. Leaching into your cities reservoirs. Passing through your town's sewage treatment plants and flowing directly back into the source of your drinking water. Very few -- if any -- municipal water suppliers check or filter for them. Same goes for most bottled water companies.

Caffeine.

Acetaminophen and ibuprofen.

Prescription medications for pain, infection, high cholesterol, asthma, epilepsy, mental illness and heart problems.

Anti-convulsant, anti-epileptic and anti-anxiety medications.

Metabolized angina medicine and the mood-stabilizing carbamazepine.

Antibiotics of all types.

Naproxen, estrone (a human gender hormone) and clofibric acid (a metabolized anti-cholesterol drug byproduct.)

Trenbolone, an anabolic steroid used to make cattle grow faster and illegally used by some athletes to enhance muscle building.

Some key quotes:

"The federal government doesn’t require any testing and hasn’t set safety limits for drugs in water."

"There’s evidence that adding chlorine, a common process in conventional drinking water treatment plants, makes some pharmaceuticals more toxic."

"Recent laboratory research has found that small amounts of medication have affected human embryonic kidney cells, human blood cells and human breast cancer cells. The cancer cells proliferated too quickly; the kidney cells grew too slowly; and the blood cells showed biological activity associated with inflammation."

"Pharmaceuticals also can produce side effects and interact (me: in sometimes unexpected ways) with other drugs."

"One technology, reverse osmosis, removes virtually all pharmaceutical contaminants but is very expensive for large-scale use and leaves several gallons of polluted water for every one that is made drinkable."

. . . which possibly means that the safest water to drink in our nation may be from the huge reverse osmosis desalination plant on the northwest coast of the big island of Hawaii.

Read on: (first part of three -- the other two are forthcoming.)
AP Probe Finds Drugs in Drinking Water.

This guy totally understands cats . . .

2008-03-07T21:57:00.000-07:00

Official home of the 'Simon's Cat' films from Tandem director Simon Tofield.

Simon's Cat 'Cat Man Do'

Simon's Cat 'Let Me In!'

That is all. (Isn't it enough?)

Thought for you, yes you -- you know who you are . . .

2008-02-27T19:21:00.000-07:00

Before you begin a thing,
remind yourself that difficulties
and delays quite impossible to foresee are ahead.
If you could see them clearly,
naturally you could do a great deal to get rid of them
but you can't.
You can only see one thing clearly
and that is your goal.
Form a mental vision of that
and cling to it through thick and thin.

- Kathleen Norris

That e-Valentine card might be an infection

2008-02-12T08:52:00.000-07:00

STORM WORM VIRUS Alert

"With the Valentine's Day holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software (malware). The e-mail directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet connected device and causes it to become infected and part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.

The Storm Worm virus has capitalized on various holidays in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail. Valentine's Day has been identified as the next target.

Be wary of any e-mail received from an unknown sender. Do not open any unsolicited e-mail and do not click on any links provided."

Friends don't let friends install RealPlayer

2008-02-04T12:50:00.000-07:00

It's not the first time RealPlayer has been accused of underhanded privacy invading practices, and it may not be the last. In my opinion there's really no reason to have the application on your system. Opt instead for standards compliant media players that won't deliver ads or spy on your Internet usage patterns.

We find that RealPlayer 10.5 is badware because it fails to accurately and completely disclose the fact that it installs advertising software on the user's computer. We additionally find that RealPlayer 11 is badware because it does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled.

For video I really like VLC media player . . . a free cross platform format agnostic player that can just about do it all.

For audio I suggest the bare-bones system resource friendly FooBar2000. It's footprint on your system is so low that you can generally use it to play your music in the background even when playing resource heavy games without glitching or causing any performance degradation. It will decode almost all of the current music formats, including my current favorite high definition FLAC file sound files -- a non-lossy open source compression method that lets complex music be heard without the distortion inherent in MP3's.

FooBar2000's UI is not terribly pretty looking, but it does what it's supposed to do very well, including the somewhat unique option to channel your music digitally directly to high end sound cards -- bypassing the Windows API's -- thus preserving the signal path and enhancing performance for those with golden ears. It's also one of the best mass tagger editors for MP3's in existence, so you can fix the labels on entire albums with one broad stroke instead of having to repeat and rinse for every track.

Links pop in new tabs or windows . . .

This old house

2008-01-15T18:10:00.000-07:00

Last year our heating bill averaged $320 per month during winter.

We installed a new furnace this summer -- prices on furnaces are amazingly good during the off season. It's one of those new-fangled high efficiency dual mode modals. It replaced a dinosaur three times it's size in the basement - a brand our installer did not recognize.

This winter has been every bit as cold outside as last, but the house feels warm (it didn't last year) and our average bill for this winter -- so far -- has been hovering around $110 per month.

This makes me a happy camper. At this rate the new furnace will pay for itself in five years.

Welcome to our Imperial Big Brother (Your ISP)

2008-01-10T09:51:00.000-07:00

First it will be to catch copyright pirates. Then it will be to identify your marketing tastes -- think adware on the pipe, instead of your client, with no way to clean it out! And finally they will use it to mistakenly identify you as an enemy of the state because you clicked an middle-eastern pr0n banner.

http://bits.blogs.nytimes.com/2008/01/08/att-and-other-isps-may-be-getting-ready-to-filter/

More coverage on the issue:
http://news.google.com/news?tab=wn&ned=us&hl=en&ned=us&q=Network-level+filtering+&btnG=Search+News

Happy New Year

2008-01-01T11:15:00.000-07:00

My favorite link that I want to share with you for the new year:

MIT OpenCourseWare . . .

To learn . . .

2007-12-28T10:32:00.000-07:00

Teachers open the door.

You enter by yourself.

- Chinese Proverb

OnStar and General Motors: Analog service ending Jan 1st 2008

2007-12-23T11:30:00.000-07:00

For a full explanation of what's happening, see the Edmonds article:

Telematics Digital Transition Hits Speed Bump

All links pop . . .

Summary:

Thanks to an FCC ruling in 2002 made with their endorsement, cellular-communications carriers no longer will be required to support their old analog-technology cellular networks beginning in early 2008. Any analog subscriber who still wants their telematics service to work has to get with the program and obtain the new technology somehow.

OnStar was launched in 1996 using proven analog technology and mainly Verizon Wireless networks, which had the broadest geographic coverage of the cellular-network alternatives at the time. But because Verizon is disabling its analog networks on January 1, 2008, OnStar can't ensure coverage to its subscribers who have analog systems after that date.

If you own a 2002~2005 GM vehicle with analog OnStar, you may or may not be able to get an upgrade to continue OnStar service. Most vehicles older than 2002 cannot be upgraded! Most newer than 2006 are already equipped with digital OnStar service.

If you use analog Onstar your service will stop on January 1, 2008 - worse it will devalue your used vehicle even if you don't personally subscribe to OnStar.

Details, helpful links to determine if your vehicle can be upgraded, and the dirt on the fine print.

1) Analog OnStar service will stop January 1st, 2008.

2) If your GM vehicle is newer than 2002 and is not already fitted with Digital OnStar service you might be eligible for an upgrade. Some vehicles were made up through 2004 that are not upgradable. Go write down your VIN and enter it on this secured (https) site to find out if your car can be upgraded:

https://www.myonstar.com/adt.os

3) Onstar Upgrade Information:

- OnStar Analog to Digital Transition and Upgrade Offer Among other things, you may have to subscribe for one additional year at $199/year plus a $15 fee for the upgrade. If you did not subscribe to OnStar in the last year and you get this upgrade, you will also be charged a $100 activation fee in addition to the subscription and upgrade fee.

- GM and OnStar FAQ.

4) However -- GM may be requiring upgraders to subscribe to three more years! I can't find confirmation beyond this leaked internal article: HTML Version, PDF Original. They may also be refusing to upgrade some cars that OnStar states are eligible . . .

5) Your OnStar phone number WILL change when you upgrade from analog to digital service.

6) This is for US only, Canada is not yet switching.

7) The upgrade may only be done at a GM dealership. You must pay your dealership all related fee's at the time of service.

8) The new digital service has a shorter effective range from any given cell tower to your car than the older analog service. It also has a smaller overall service area. This means that if your car breaks down, or you have an accident, in urban or remote areas that your OnStar service might not work. Subscribers within most metro areas and along most interstates should be okay.

9) Owners of older GM OnStar equipped cars may be out of luck both in terms of receiving service and because their used vehicle will be further devalued. GM's offer to give OnStar subscribers with older cars small credits towards newer vehicles is laughable. There is a lawsuit that is attempting to achieve class-action status. No idea of what that might accomplish, if anything . . . time will tell. The GM offers may well be better than the individual rewards from the lawsuit. Trouble is, there is no set guideline from GM to it's dealers on what offer to make - it will depend largely on your dealer and perhaps on what new car you buy.

If you play Eve Online - an important announcement

2007-12-07T10:45:00.000-07:00

If you don't play Eve Online . . .

News today says that a recent update for Eve Online, the so-called Trinity patch, contains a very serious mistake/bug . . . it deletes a system critical file named BOOT.INI in the root directory of your system drive IF your boot drive is NOT on the default drive C: . . . (this is not as uncommon as some might think.)

If you have not yet rebooted since applying the Eve Online patch - DON'T reboot until after you verify that you don't have the issue, or until after you fix the problem! If you reboot without the missing file, and you don't have an alternate boot disk handy, you may be well and truly - using the correct technical jargon - f*cked.

If you meet all three of these criteria:

1) You started downloading the Eve Online upgrade from Trinity Classic Graphics Content to Premium Graphics Content BEFORE 04:00 GMT on Dec 6 2007

2) You do NOT use Vista for Eve Online (only Windows XP, Windows 2000, etc are impacted)

3) You have at least 2 hard disks or logical partitions and the OS into which Eve Online is installed resides on the second drive, NOT on drive C:

. . . Then you might need to repair your system.

Check to see if the file BOOT.INI still exists on your system drive. This is typically Drive C:, and if you meet criteria 3 above I expect you to already understand the difference between the boot drive and the system drive.

If your BOOT.INI file is missing, here are Eve's support recommendations to restore your system. http://www.eve-online.com/updates/bootinifix.asp

Good luck!

"Master, I have a big head . . . and little arms."

2007-11-30T20:50:00.000-07:00

I'm reading much drama and angst over the new flagging feature for LJ. The LJ powers posted an update with some clarifications, but the main problem I see with the system has not been addressed -- more on that in a moment after I rant about some of their other comments.

Some clarification of their clarifications.

LJ sez: "As additional measures to prevent abuse of the flags, only accounts registered for over a month may use the flagging feature, and use of the flags is limited to five per user every twenty-four hours. Misuse of this sytem [sic] will result in the user's flags not counting towards the threshold for review."

That's about the only good clarification within the update. Now someone tell them to fix their spelling. Moving on . . .

LJ sez: "Most importantly, logged in users over 18 will not see any of the changes made by the settings of this program unless they choose to. You won't see any of the lj-cuts related to this system and your friends page will appear exactly as it always has. We feel it's important that this doesn't impact adults using LiveJournal."

However -- in your user view settings located at http://www.livejournal.com/manage/settings/ you might notice that the default setting way at the bottom of the page is "Use Moderate Filtering." So if you don't like having your content censored, and you've entered in a birthdate indicating you are over the age of 18, you should go now and "fix" that setting to "Do not filter my results."

LJ sez: "This system will not accept flags on friends-only content. Although a flag icon may be present on the navigational strip, if you click it while viewing friends-only content it will only give you the option to flag the journal. Friends-only content is not affected by or included in any part of this system.

How does that actually make this feature useful to concerned parents? The kids that want to hide their emo thoughts from the adults have already marked their journals friends only, so the children are well educated about how that feature works. Meanwhile the predators here are likely marking their stuff friends only and adding their targets to their own friends list and luring the kids to view their stuff. Remember folks, you add people to your list so others can see your private entries. Not the other way around. This feature seems exactly backwards to me.

LJ sez: "The date of birth used when you create your account is the way that your age is calculated by LiveJournal. If you did not enter a date of birth when you registered, it will default to the date on your profile (which you can enter but hide on the Edit Profile page). If a user has not entered a date of birth, the first time they click on an lj-cut generated by these systems they will be prompted to enter a date of birth. That will then be the system-recorded age (so they shouldn't have to enter it again)."

This . . . this is my main concern. For this feature to be at all worth having, there must be a way to verify the age claimed by the user. For now, any person who is under 18 years old and wants to see "Adult Content" on LJ is simply going to lie about their age.

Worse, I cannot think of anyway to verify ages that isn't draconian in nature -- and even those methods are easily spoofed. There isn't a foolproof way for websites to gather proof of anyone's age without drastic and privacy threatening measures. Credit cards? Not even. Fax paper records? Steal Dad's or Mom's ID for a few minutes. There. Is. No. Good. Way.

Greater minds than LJ can afford have been struggling with this problem for years. We still don't have a good answer.

I'm just not sure how well this plan was thought through.

Master? Master?

Have we really become

2007-11-25T09:07:00.000-07:00

Biloxi's recovery shows post-Katrina divide

Two years later; Many Katrina victims still have no power, but they can see their wrecked homes and FEMA trailers at night by the glare of nearby -- newly rebuilt -- casino signs.

Yet in the wrecked and darkened working-class neighborhoods just blocks from the waterfront glitter, those lights cast their colorful glare over an apocalyptic vision of empty lots and scattered trailers that is as forlorn as anywhere in Katrina's strike zone.

"At night, you can see the casino lights up in the sky," Shirley Salik, 72, a former housekeeper at one of the casinos, said this month while standing outside her FEMA camper with her two dogs. "But that's another world."

It seems shocking, but the stark realist in me accepts this disparity in our societies priorities. And that saddens me deeply.

I need to rethink MY priorities.

More phishing - Equifax customers alerted

2007-10-31T17:06:00.000-06:00

Dear Equifax Customer,

We’re sorry to inform you about a recent “phishing” attack on Equifax. Phishing" or "spoofing" is an e-mail threat where fraudulent e-mails appear to be from a well-known company and ask you to provide, update or confirm certain confidential information – such as User ID or password.

This week, we detected e-mail phishing activity by fraudsters attempting to solicit sensitive personal information, including user IDs and passwords, from Equifax customers and consumers. For your protection, please know that Equifax never sends out requests for personal information via e-mail or phone.

If you received an e-mail that appears to be from Equifax and requests personal information, please do not respond and delete the e-mail immediately. If you did respond to an e-mail that appears to have been from Equifax, and you provided personal information, such as your user ID and password, please let us know by following the “Contact Us” links from www.equifax.com so we can assist you further.

As a general rule, to help safeguard your identity – we recommend that you never click anywhere within a suspected “phishing” or “spoofing” e-mail, and never hit “reply”.
At Equifax, your privacy is extremely important to us and we wanted you to know about this unfortunate situation. Your continued trust and confidence in Equifax is greatly appreciated.

Sincerely,

Your Equifax Personal Solutions team.

I have seen the future, or, why Microsoft needs to wake up

2007-10-27T14:00:00.000-06:00

I hate to be a party pooper the weekend that Microsoft is finally seeing a rally for their share price. But some thoughts arise about the situation, and something new in the field has crept into view - silently in the night so to speak.

First the events that sparked this round:

Microsoft announced higher than expected earnings due mostly to Halo 3, Vista and Office 2007 -- with a dash of Windows Live and other server offerings in the mix.

Just prior to the market news, we heard that Microsoft decided not to continue any appeals to their loss in the European anti-trust cases and will settle for a cash payment (which in the broad view of things is a tiny payment indeed: only 357M!) They also settled the lawsuit against them in South Korea.

So what's really driving this rally, and will it last?

I believe that investor interest has increased because of both the above events. Either taken singly may not have spiked the rally. The trouble is, as soon as the next big lawsuit comes along we'll be back into fuzzy territory and investors will once again look elsewhere, which will drive MSFT back down at worst. At best it will hover at current prices for a long period of time until that uncertainty is resolved.

Meanwhile back at the farm:

While we've been focusing on the big news about Microsoft, their battle with the EU, the states desire to renew and extend oversight from the US anti-trust case and slipping dates for Longhorn and Dynamics NAV . . . Sun has been going open source with their operating system and file technologies. That in itself is perhaps not too remarkable. What's interesting is the way a legal fight between a patent troll company named "Network Appliance" and Sun is evolving over a file system called ZFS that Sun gives away for free.

It's my belief that Sun is in the clear in this matter. They have years and volumes of prior art for the technology. The patent troll, according to some rumors, may be a shill for Microsoft (shades of SCO vs IBM/Linux) but in the end this will not matter.

The reason this is significant may be due to the way that Sun is reacting to the lawsuit. It may change the market for us forever. And if Microsoft refuses to open their eyes it may well be the turning point and endanger their future market dominance.

Sun's CEO posted a blog entry explaining the position they will take in response to the situation at http://blogs.sun.com/jonathan/entry/harvesting_from_a_troll . . .

Notice the URL which I left unchanged instead of href'd.

Key points:

1) Sun indemnifies all its customers against IP claims like this.

2) Sun protects the communities using their technologies under free software licenses. Even Apple . . . who is using ZFS in the upcoming Leopard OS X.

Those two points are unprecedented, as far as I know. If Sun succeeds in their counter-suit and defense against Network Appliance and if they indeed make good their promises to protect their customers, the market may see a change in how business is done concerning enterprise class software and services.

Permission to speak freely

2007-10-20T13:26:00.000-06:00

"My freedom is more important than your faith."

- Pat Condell

Thanks to fiveforfun for the heads up!

Email spam gets noisy

2007-10-19T13:48:00.000-06:00

Stock "pump and dump" spam is migrating to audio. (Link pops)

If you see email from an unexpected sender with an attachment purporting to be elvis.mp3, ljcooldj.mp3, or "nameyourartisthere.mp3" . . . you might want to mark it as spam and delete it unheard.

Anger and dismay over the iPhone update

2007-10-11T12:32:00.000-06:00

Seen today on the DailyTech site (link pops . . .) -- buried in the comments:

"To me, it's like GM breaking into my garage and slashing my tires and taking a baseball bat to my windshield because I put new headers on my Vette!

Voiding my warranty? Sure. Having the company purposely destroy my property that I legally purchased just because they don't like the way I use it?

No."

I don't have an iPhone. After observing Apple's treatment and attitude towards it's paying customers I am fairly sure the temptation to own one will never cross my mind again.

Upon observing traffic today while riding a motorcycle

2007-10-08T19:43:00.000-06:00

Anger makes you smaller,
while forgiveness forces you to grow
beyond what you were.

- Cherie Carter-Scott

Anti-Phishing training

2007-09-30T20:34:00.000-06:00

The music needs some work; but the information you learn through this interactive tutorial about Internet Phishing scams could save you from ID theft.

http://cups.cs.cmu.edu/antiphishing_phil/

Anti-Phishing Phil is an interactive game that teaches users how to identify phishing URLs, where to look for cues in web browsers, and how to use search engines to find legitimate sites.

Our user studies have found that user education can help prevent people from falling for phishing attacks. However, it is hard to get users to read security tutorials, and many of the available online training materials make users aware of the phishing threat but do not provide them with enough information to protect themselves.

. . .

Anti-Phishing Phil was developed by members of the CMU Usable Privacy and Security Laboratory with funding from the US National Science Foundation (Cyber Trust initiative) and ARO/CyLab.

I managed to get every answer correct. Can you?

Microsoft Excel 2007 flunks Math 101 . . .

2007-09-28T12:40:00.000-06:00

I bet someone somewhere got really excited when their financial spreadsheet showed $34,465 over their bank statement.

Try this in your spreadsheet program:

Enter the formula =77.1 * 850 into a cell.

What you should see is the result 65,535.

If you're running Excel 2007 (and if you're reading this before the upcoming patch is released) then you may see the incorrect result 100,000 . . . More "accurately," Microsoft says the calculation is correct behind the scenes, but Excel is failing to display the solution correctly.

It appears that any formula that results in one of about 12 solutions triggers this calculation bug.

The specifics for you spreadsheet guru's may be perused at http://blogs.msdn.com/excel/archive/2007/09/25/calculation-issue-update.aspx .

Patch is coming, although it's a guess whether it will make this months patch cycle.

Edit: In spite of the above claim that the error is limited to what's displayed, if you reference the cell that display's the incorrect value in another calculation (this IS a spreadsheet after all, so duh, yes we're likely to do that) the secondary calculation will use the incorrect value too.

Windows XP availability extended to June 2008

2007-09-28T11:58:00.000-06:00

Behind the scenes: Business customers (and many home user customers) demanded that they be allowed to purchase Windows XP Professional into the next 2008 fiscal budget year instead of being forced to "upgrade" to Vista. Why? Vista has much higher hardware requirements, raising costs for companies that simply want to run office applications. It also has (still) some severe compatibility issues with many older printers -- including some commercial grade printers like large scale plotters.

One case in point: last year a client of mine purchased a $50,000 plotter to print out architectural plans. Vista does not support it, and the printer manufacturer has not released Vista drivers.

So this week Microsoft announced that it will extend the deadline for XP sales to June of 2008. Even that may not be enough to satisfy some customers. There's pressure on MS to extend even further than that . . .

In my inbox today:

2007-09-24T14:08:00.000-06:00

Integrity without knowledge
is weak and useless,
and knowledge without integrity
is dangerous and dreadful.

- Samuel Johnson

The Death of Net Neutrality?

2007-09-06T12:23:00.000-06:00

http://www.businessweek.com/ap/financialnews/D8RG2JAG0.htm

"The Justice Department on Thursday said Internet service providers should be allowed to charge a fee for priority Web traffic.

The agency told the Federal Communications Commission, which is reviewing high-speed Internet practices, that it is opposed to "Net neutrality," the principle that all Internet sites should be equally accessible to any Web user.

Several phone and cable companies, such as AT&T Inc., Verizon Communications Inc. and Comcast Corp., have previously said they want the option to charge some users more money for loading certain content or Web sites faster than others."

Not happy about this development. Not happy at all.

More info: http://www.savetheinternet.com/

Office usage hints for the regular user

2007-08-24T16:21:00.000-06:00

I have to give a shout out to this column because it's so darn clear and well written that . . . well, I have to.

This is for you and for my clients that see my blog.

Hate reading manuals? Want some concise hints in plain English with a blunt attitude on how to use some of the more useful but hard to understand features in Microsoft Office? Then you need to check out Crabby Office Lady's help column. (Link pops.)

I have the understanding that she started this without approval from her upper management, (they were out of town that week) but the initial feedback from readers was so overwhelmingly positive that they decided to let her write more . . . and eventually they gave her space on the official Office site.

We so need more open and frank information like this from Microsoft on their other products.

Seriously, go check it out already, what are you still doing here? :)

Ethanol is the new "pork"

2007-08-07T10:30:00.000-06:00

Ethanol is a false promise.

It's not sustainable in the US, and in fact ethanol likely won't decrease our dependency on foreign oil by any level that's meaningful. It doesn't appear that it will get better either, as recent energy reports from our leaders in the field concerning ethanol are confused, if not outright lies to placate the voting public.

"Interestingly, the RFA's page on industry statistics shows that ethanol production in 2006 was 4.86 billion gallons. This is 116 million barrels. Somehow using 116 million barrels of ethanol, with a per barrel BTU value of just over half that of a barrel of oil, displaced 170 million barrels of oil. To be precise, 116 million barrels of ethanol contain the BTU equivalent of 64 million barrels of oil."

(Links open in new tab or window.)

Risk taking

2007-08-04T12:15:00.000-06:00

If you don't risk anything
you risk even more.

- Erica Jong

Another MP3 eating worm strikes

2007-08-04T11:30:00.000-06:00

It's not the first, but it's the latest spreading infection to go after your media files. When it strikes it deletes every MP3 file it can find on your hard and removable drives.

The W32.Deletemusic worm spreads via Autoplay, a function in Windows that starts up a designated program when you insert removable media such as a CDROM or USB drive.

The best prevention is to turn off Autoplay. I've often wished that the Autoplay feature was turned off by default in Windows, it would also be nice if there was an easy way to turn it off somewhere in the user settings . . . but it's a tad more complicated.

Autoplay is not really needed anyway, it's annoying when you insert a CD that you just want to browse, and it's been the vector for virii several times in the past. Just remember that if you turn it off, and you insert a CD from which you want to install something, you will need to browse to that CD and find the Setup program manually instead of waiting for the Autoplay setup to start automatically. I like having to start setup manually better anyway, gives me more control over my system.

To turn Autoplay off, find the heading for your operating system below.

Windows XP Home

1) Create a new TXT file and open it in Notepad.

2) Paste the code below into your new text file.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000B5

3) Save the file, close it in Notepad, and rename the file to end in the ".reg" extension.

4) Double click the REG file to import the setting into your registry. Click OK when it asks if this is something you want to do . . .

5) Reboot and done for Windows XP Home.

Windows XP Professional

1) Click Start, Run and enter GPEDIT.MSC

2) Go to Computer Configuration, Administrative Templates, System.

3) Locate the entry for "Turn Off Autoplay" and Enable it for All Drives.

4) Close the Policy Editor and reboot . . . done for Windows XP Professional!

Windows Vista

1) Create a new TXT file and open it in Notepad.

2) Paste the code below into your new text file.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000FF

Got Alarm?

2007-07-25T19:50:00.000-06:00

If you have an alarm system for your home or business, and it uses wireless analog to communicate with the dispatcher, you may want to contact your alarm vender soon.

AMPS (analog mobile phone system) has been around since the early 1980's. It forwards intrusion, fire or medical alerts to your monitoring company, who then dispatch an appropriate response. It may be the primary comm system for your alarm, or it could be the backup method - used if an intruder cuts the phone cable to your building.

There are over 26 million installations using AMPS in the US.

On Feb 18, 2008 AMPS will be cut off because our national phone providers think running the analog system is too expensive. They successfully lobbied the FCC to allow them to stop providing analog service.

There is a replacement system, based on modern digital systems. Most alarm systems should be upgradeable. But the timeline to get that upgrade is fairly short.

More info:
http://www.alarm.org/pressreleases/2007/pr072507_amps.htm

Note to self: it's the battery stupid!

2007-07-24T22:38:00.000-06:00

Two weeks ago my Vulcan crapped out 320 miles from home on the return leg from a PGR mission in Utah. One moment I was cruising along at 75 mph, the next my engine went completely dead. No lights, no dash, no starter.

Yanked in the clutch and coasted to a stop on the shoulder.

Tried to start it again . . . no power. Nada. Wait for 20 minutes, turn the key, the dash lights up -- but when I press the starter a funny sound from deep inside goes "clunk" and everything dies. 45 seconds later the dash comes back to life all by itself. Repeat, rinse, same result.

Two bikers stopped to lend assistance. We mucked around with wires, connectors, checked the safety interlock switches (all three of them - clutch, stand and upright detector).

One of us had a small multimeter in the pack. Battery showed 12.8 volts - about optimal according to my manual. No shorts, no opens anywhere on the circuit.

End up waiting at a small town named Silt, CO for my partner to arrive with the trailer -- a 4.5 hour drive. We load it up and go home.

IN the garage I start tracing things out with my Fluke. Started at the alternator (thinking it had fried), checked the regulator/rectifiers, and ended up checking darn near every wire, cable, component, switch, relay and fuse on the system. Everything checked out.

Battery gets a fresh charge, try again - same symptom as above.

I finally decided to spring for a new battery . . . filled it up, charged it last night and . . . everything works! Charging circuit is fine, I am getting 12.8 volts on the new battery at rest, and it's charging fine at 14.1 volts @ 1800 rpm and up.

Funny thing, the old battery still shows 12.8 volts right now, but it's definitely gone bad. And on this Vulcan Classic Fi - it killed the bike even while running. Odd that.

Firefox 2.0.0.5 released

2007-07-19T14:28:00.000-06:00

Most Firefox users will see a prompt to auto-update sometime over the next few days, or you can get it now.

http://www.mozilla.com/en-US/firefox/2.0.0.5/releasenotes/

Among other fixes, this release patches the "Remote code execution by launching Firefox from Internet Explorer" bug that I wrote about last week.

Perhaps this is where I'm going wrong?

2007-07-19T08:32:00.000-06:00

Dwell as near as possible
to the channel in which your life flows.

- Henry David Thoreau

Adobe Flash Player critical vulnerabilities

2007-07-12T16:45:00.000-06:00

For Mac, Windows and Linux users:

Adobe has announced the release of three critical patches for Flash Player, a plug-in used by your browser to display Flash content.

You can visit the Adobe Flash page to get updated. If you use more than one browser (IE, Firefox, Opera, Safari etc) you should repeat the process for each browser.

Details about the fixes at:
http://www.adobe.com/support/security/bulletins/apsb07-12.html

Patch or upgrade your browser at:
http://www.adobe.com/go/getflashplayer/

If you cannot upgrade to version 9.x (certain older systems), Adobe has also released these patches for version 7.x at:
http://kb.adobe.com/selfservice/viewContent.do?externalId=d9c2fe33&sliceId=1

"Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Users are recommended to update to the most current version of Flash Player available for their platform.

Adobe categorizes this as a critical issue and recommends affected users upgrade to version 9.0.47.0 (Win, Mac, Solaris) or 9.0.48.0 (Linux)."

Also - a reminder that Microsoft released several critical patches for their operating systems and Office last Tuesday. You know what to do if you don't use auto-updates.

Cross-Browser Command Injection Vulnerability

2007-07-11T09:40:00.000-06:00

How many Firefox users disable, remove or entirely stop using IE once they install Firefox?

A new vulnerability has been discovered that allows IE to call Firefox and pass parameters that could compromise a users system and allow a remote attacker to take complete control over your computer. As of this writing, there is no official fix from either Microsoft nor the Mozilla group. After an initial flurry of finger pointing, this looks to be the fault of BOTH organizations: IE for not validating calls to external URI's, and Firefox for using a registered handler method that is outdated and known to be insecure.

If you have Firefox installed, then you are probably safe if you only use Firefox and if you set Firefox to be your default browser. You can also de-register the handler that IE uses to call Firefox.

If you don't have Firefox installed, you are immune to this particular attack.

Standard warnings and disclaimers apply if you edit your registry manually! Do so at your own risk. If you are not comfortable with the process, then wait for an official patch and browse cautiously.

Find and backup (export), then delete the FirefoxURL "command" reg key and it's default value at:
[HKEY_CLASSES_ROOT\FirefoxURL\shell\open\command]

The default value will look something like (depending on your Firefox install location):
@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -url \"%1\" -requestPending"

Reboot . . .

Note that if you update Firefox this reg key may be re-written - which is fine if that update includes a future as-yet-to-be-released patch for this problem.

Details about the vulnerability may be found at:

http://larholm.com/2007/07/10/internet-explorer-0day-exploit/
(Including a "safe" test to see if you are vulnerable - good to use after you implement the reg-key workaround above.)

http://secunia.com/advisories/25984/

http://news.com.com/8301-10784_3-9741435-7.html

Edit: Workaround no longer needed. Get patched instead with the new version of Firefox: http://www.mozilla.com/en-US/firefox/2.0.0.5/releasenotes/

Open Source cell phone arrives

2007-07-10T15:30:00.000-06:00

Why I don't care about the iPhone . . .

A direct comparison between the iPhone and the OpenMoko Neo 1973.

Get one.

SDK and Developers Info.

(Links open in new tab or window)

This new device is first revision, and it's missing a few features, but the concept rocks. Look to the next version to fill in the missing pieces and enter the mass market.

Edit: Did I mention this is carrier agnostic? And Quad-Band?

You thought you were free . . .

2007-07-03T13:30:00.000-06:00

The following is a slight rewrite of a small portion of the book "They Thought They Were Free, The Germans, 1933-45" by Milton Mayer.

My apologies to the original author and publisher for mangling Mr. Mayer's prose.

"What no one seemed to notice," said a colleague of mine, "was the ever widening gap, after 2007, between the government and the people. Just think how very wide this gap was to begin with, here in the United States. And it became always wider. You know, it doesn’t make people close to their government to be told that this is a people’s government, a true democracy, or to be enrolled in the National Guard, or even to vote.

"What happened here was the gradual habituation of the people, little by little, to being governed by surprise; to receiving decisions deliberated in secret; to believing that the situation was so complicated that the government had to act on information which the people could not understand, or so dangerous that, even if the people could not understand it, it could not be released because of national security. And their sense of identification with Bush and Cheney, their trust in them, made it easier to widen this gap and reassured those who would otherwise have worried about it.

"This separation of government from people, this widening of the gap, took place so gradually and so insensibly, each step disguised (perhaps not even intentionally) as a temporary emergency measure or associated with true patriotic allegiance or with real social purposes. And all the crises and reforms (real reforms, too) so occupied the people that they did not see the slow motion underneath, of the whole process of government growing remoter and remoter.

. . .

"But your friends are fewer now. Some have drifted off somewhere or submerged themselves in their work. You no longer see as many as you did at meetings or gatherings. Informal groups become smaller; attendance drops off in little organizations, and the organizations themselves wither. Now, in small gatherings of your oldest friends, you feel that you are talking to yourselves, that you are isolated from the reality of things. This weakens your confidence still further and serves as a further deterrent to — to what? It is clearer all the time that, if you are going to do anything, you must make an occasion to do it, and then you are obviously a troublemaker. So you wait, and you wait.

"But the one great shocking occasion, when tens or hundreds or thousands will join with you, never comes. That’s the difficulty. If the last and worst act of the whole regime had come immediately after the first and smallest, thousands, yes, millions would have been sufficiently shocked - if, let us say, the illegal suspension of presidential term limits in 2008 had come immediately after the Twin Towers attack in 2001. But of course this isn’t the way it happens. In between come all the hundreds of little steps, some of them imperceptible, each of them preparing you not to be shocked by the next. Step C is not so much worse than Step B, and, if you did not make a stand at Step B, why should you at Step C? And so on to Step D.

"And one day, too late, your principles, if you were ever sensible of them, all rush in upon you. The burden of self-deception has grown too heavy, and some minor incident, in my case my little boy, hardly more than a baby, saying ‘Muslim swine,’ collapses it all at once, and you see that everything, everything, has changed and changed completely under your nose. The world you live in — your nation, your people — is not the world you were born in at all. The forms are all there, all untouched, all reassuring, the houses, the shops, the jobs, the mealtimes, the visits, the concerts, the cinema, the holidays. But the spirit, which you never noticed because you made the lifelong mistake of identifying it with the forms, is changed. Now you live in a world of hate and fear, and the people who hate and fear do not even know it themselves; when everyone is transformed, no one is transformed. Now you live in a system which rules without responsibility even to God. The system itself could not have intended this in the beginning, but in order to sustain itself it was compelled to go all the way.

"You have gone almost all the way yourself. Life is a continuing process, a flow, not a succession of acts and events at all. It has flowed to a new level, carrying you with it, without any effort on your part. On this new level you live, you have been living more comfortably every day, with new morals, new principles. You have accepted things you would not have accepted five years ago, a year ago, things that your father could not have imagined.

"Suddenly it all comes down, all at once. You see what you are, what you have done, or, more accurately, what you haven’t done (for that was all that was required of most of us: that we do nothing). You remember those early meetings of your department in the university when, if one had stood, others would have stood, perhaps, but no one stood. A small matter, a matter of hiring this man or that, and you hired this one rather than that. You remember everything now, and your heart breaks. Too late.

"You are compromised beyond repair."

More spam

2007-06-29T11:28:00.000-06:00

Be alert for email claiming to be an e-card or online card.

Three managed email servers that I run just got spiked with hundreds of these in the last hour.

Variants of the subject line include:

You've received a postcard from a family member!
You've received a postcard from a friend!
You've received a postcard from your wife [/husband /spouse]!

And as states in his post about the topic:

This is how "zombie" systems are created. With a solid zombie PC network under their control, professional spammers can send out those millions of canadian drugstore/viagra/penis enlargement e-mails you get daily.

There's always a temptation to open a suspected attachment when you've got good virus scanning software installed. DON'T!!!:

Perhaps the most dangerous part is that, when SANS ran it through 30 different anti-virus programs, only a quarter of them picked up ecard.exe as a suspect download.

The goal of the virus programmer is to come with stuff that commercial virus scanners aren't aware of.

Just. Don't. Open. It.

Phishing / spoofed emails purporting to be from Microsoft

2007-06-29T11:15:00.000-06:00

According to several sources around the Internet we've seen a dramatic rise this month in phishing emails claiming to be from microsoft.com. The gist of the scam is that a critical update for Outlook, Windows or some other Microsoft application is available and should be installed immediately. Reports state that some of these emails contain an attachment - the supposed fix - while others state that the email contains links to downloadable content.

These links or attachments are not real fixes, but instead are (typically) trojans designed to turn your computer into a botnet slave.

Worse, these spoofed emails often address you by name, which makes them harder to distinguish from the real thing. That also means they may originate from an infected computer of someone you know, and that person has your contact information.

You might have heard that Microsoft never sends out email about current or upcoming critical hotfixes. This is not the case, which unfortunately makes the phishing attempts easier to conduct.

Here are the facts:

1) Microsoft does send out email alerts, but only for those people that opt-in to receive such reports via Security, Technet, MSDN or Partners at microsoft.com. Each security email that Microsoft sends is signed with a certificate or PGP key (although it's up to the user to verify the key.)

2) Such emails NEVER contain executable attachments of any kind. Nor do they contain links that directly download installable patches.

3) The emails usually contain links to online reports hosted on microsoft.com about the vulnerability or bug in question.

What you should do:

If you know you've never signed up for such email notifications, delete any such unexpected emails you receive -- don't click attachments or links within them. Even better zap them before opening or reading them.

Whether or not you remember signing up for these email updates from Microsoft you should treat any email with caution. It's my recommendation that you not click links in such emails, but instead visit the official update.microsoft.com site to see what updates are available. From there you may also visit the reports or knowledge base articles about the updates.

Administrators for multiple systems should already know where to go to read about patch details for various operating systems and application groups.

Links embedded in this entry open in a new window or tab.

Ms. T.

2007-06-27T23:59:00.000-06:00

Cats have a language all their own. Ms. T. had several ways of telling us what was on her mind.

The following is a short list that she taught us:

Merroowwww: "It's dinner time, and I'm starving, get busy already!" (Even though there was generally still some food in her bowl from lunch.)

Merl?: "Can I come up onto your lap? I know you're busy with the shiny screen, but I want up."

Mew! with head butting: "I need to be pet, brushed and loved. NOW!"

Silent look with slitted eyes: "I like you. A lot. Keep up the petting." (Note: this works in reverse - most cats respond favorably and will come to you when you slit your eyes at them without blinking.)

Matph!: "There's a spider in the kitchen, come take it away. I"M not touching it."

MerROW?: "Where are you?" (Repeated until we went to her -- or until she found us.)

Chi-i-i-i-rrruppur-r-r-r-r: "Absolutely contented with life, ahh yes, right there below my chin."

M-e-e-a-a-p??: "Can I please have another kitty cookie?" Alternately: "More catnip please?" (Sounds like a broken meow with spaces.)

I met Ms. T. a little over 10 years ago. She came as part of a package deal along with my soul mate. As I understand events, Ms. T showed up on a certain doorstep the day my partner moved into a new apartment. She had been abandoned by the previous occupant. My partner took her to a vet, who informed her that she had a very healthy 1+ year old cat. A few shots and a spaying later she was taken back home and began a journey across 16 years of life with my partner - 10 of which were shared with me.

I got used to having her on my lap while at the computer. She was very polite about it, would keep off the keyboard (mostly) and was content to snuggle into me for hours while I worked.

Last Friday she began having problems walking up and down the stairs. Saturday saw some improvement in mobility but she stopped eating. Sunday evening she started to slide downhill fast. Monday morning at 2:30 she woke us up crying under the bed. She was unable to walk, and could not understand why her back legs would not support her weight. Her body was already cooler than normal. All morning we kept her warm, gave her water via bottle and tried to make her comfortable. We had planned to take her to a Vet later that morning, but she didn't make it that long. I am not sure it would have made any difference anyway.

It feels odd blogging without her on my lap. I never thought it would be this hard to lose her. I've lost several pets over the years, but this seems far harder than those previous losses.

She was special. She was dearly loved as a part of our family.

The last thing she said early Monday morning to us was "MerROW?" She died in my arms shortly after . . .

In memory

2007-06-25T13:25:00.000-06:00

. . . of Ms. T. April 15, 1990 to June 25, 2007.

The CPU war just escalated

2007-06-21T12:20:00.000-06:00

The press release from NVidia reads NVIDIA® Tesla™ GPU Computing Processor Ushers In the Era of Personal Supercomputing. NVidia (so far) very carefully fails to mention any hint that their new Tesla branded GPU could possibly be a future competitor to AMD, Intel, or IBM's PowerPC CPU lines.

After all, it's a Graphics Processor Unit, right?

I don't think so. I think the CPU market just entered a revolutionary battle unlike any we have seen in the past. If the claims are true (and they seem to be verified by several leading research centers, see links from the press release) then this is more than an incremental improvement -- it's a major jump in processing technology available this coming August that surpasses anything Intel or AMD has announced into the next two years.

Here's a hint: MRI (Magnetic Resonance Imaging) processing speeds increased on Tesla from 245 to 415 times previous speeds over CPU or older GPU based computing solutions. There's more, but you can read the details yourself over on the NVidia site. (links pop) Performance increases are so good that in many cases scientific computing that took weeks and a cluster of machines can now be done in days or hours on a single machine.

My feeling is that this is NVidia's shot across the bow of the entrenched CPU market leaders. They may not remove the misleading "GPU" designation for a while yet, but make no mistake: this technology has the potential to completely change what we consider a "Desktop PC." And it's about time!

And they've done it right: the first generation of Tesla can be installed onto almost any existing PC with a modern PCI express bus. They've released a free API. There are several open source simulations that you can immediately download. The entry barriers (other than price, tba) are very low.

We moved from slide rules to programmable calculators and were amazed at the changes to our lives. Then we moved to the personal computer -- that box sitting under or near your desk today contains more power than most supercomputers built 12 years ago.

It's time for a jump in processing power to the next order of magnitude.

Raccoon update

2007-06-02T12:25:00.000-06:00

Mom-coon made it back twice last night and retrieved two of her young - both of the females. I sat near our kitchen window in the dark until 4 AM and saw her make the snatch both times. Her new nest must be some distance away, as it took her about 90 minutes round trip. I surmise that she spent the rest of the night foraging since the male baby was still there this morning.

Everything I found via Google indicated that if we could keep him warm, hydrated and fed for the day she may very well retrieve him tonight. According to the sources she won't try during daylight.

So my partner and I made the trip out to a local pet store and found something called Kitten Milk Replacement. Normal cows milk has lactose, which does not agree with young raccoon tummies. He's taken two feedings so far, and seems to like the stuff.

Tonight I will set him back by the tree and see if his mother will come get him. If not, we'll take a trip to Boulder on Sunday to deliver him to professionals.

If anyone is interested, here are the links I've been using as sources today:
http://www.nancycarolwillis.com/pages/faq.html#raccoons
http://www.mnsi.net/~remocoon/babies.htm

Edit - 12:30 AM June 3rd: I think we were successful at re-uniting him with his mother tonight. I missed the snatch, but he was gone as of 12:20 AM. Funny how one can become so attached to something for which one gave care - even as short a time as it was.

Fair hunting little brother. Perhaps someday you will cross my yard at night while I stand outside for air and you will -- for a moment -- gaze back and wonder. But I really hope you scoot your butt into the shadows and play it safe.

Abandoned coon babies

2007-06-02T00:42:00.000-06:00

Nothing like a nice romantic fire to warm up an unseasonably cool spring evening. Arrange the tinder, get the match lit . . . and frantically put it out when one hears sudden cries of panic and mad scrabbling from the flu. A few minutes of dusty investigation revealed a family of raccoons living in the chimney. Mom grabbed one of the young ones and lit out for parts unknown . . . and never returned.

Called animal control -- in this town they don't deal with coons. Suggested we call a pest control company. Called two and they can't make it out until Monday. Asked them what would happen to the babes and were told they would be euthanized.

Bleah . . .

After some creative engineering, much sneezing and a twisted back I extracted three more young coons. They can't walk, much. So cute you want to pet them - but I know better. Two females and a male.

Went to the hardware store for wire mesh and blocked off the chimneys (both of them, just in case mom-coon got any ideas about an easy move.)

Placed the three baby coons into a bucket with a towel and set them at the base of the one and only tree close enough to the house where mom-coon would most likely access our roof and chimneys.

That was four hours ago and the poor things are still there. Hungry and cold.

So now what? Anyone know the best method of reuniting the kids with mom? Any suggestions would be welcome!

Critical Security Quicktime flaw in Mac OS X and Windows PC's

2007-05-29T18:52:00.000-06:00

Apple released another critical patch this week for users of QuickTime. It fixes two serious vulnerabilities that could result in malicious code execution or private information disclosure to the attacker.

More info and the download on Apple's site at http://docs.info.apple.com/article.html?artnum=305531

Off topic backyard pics

2007-05-29T11:20:00.000-06:00

Last fall I planted some bulbs and pruned the roses down to the ground in my garden along the back fence. I can't believe how much the greenery improved from all the abuse . . .

Here are some pics I shot of it early this morning.

Each thumbnail links to a medium resolution version around 350K give or take. Links pop a new tab or window. If you want large resolutions let me know . . . I might be talked into it. [grin]