Tuesday, May 29, 2007

Critical Security Quicktime flaw in Mac OS X and Windows PC's

Apple released another critical patch this week for users of QuickTime. It fixes two serious vulnerabilities that could result in malicious code execution or private information disclosure to the attacker.

More info and the download on Apple's site at http://docs.info.apple.com/article.html?artnum=305531

Off topic backyard pics

Last fall I planted some bulbs and pruned the roses down to the ground in my garden along the back fence. I can't believe how much the greenery improved from all the abuse . . .

Here are some pics I shot of it early this morning.

Each thumbnail links to a medium resolution version around 350K give or take. Links pop a new tab or window. If you want large resolutions let me know . . . I might be talked into it. [grin]

Monday, May 21, 2007

Ouch, the irony of the aQuantive / MSFT deal

One of the dirty secrets of the malware industry is the identity of those that pay good money - BIG money - for all those pop-up ads. The delivery method for so many unwanted in-your-face targeted ads is via what we in the security industry refer to as "Adware" . . . or the more politically correct term "Malware."

180Solutions, WhenU, Gator, and several others play this game (or played - a couple claim to have gone mostly "clean" during this last year) by infecting computers with unwanted software that forces targeted ads on end-users based on a profile built by monitoring browsing habits. It's really sticky when someone gets infected with several competing malware applets and that nice high powered computer slows down to pre-i486 speeds.

It's so bad that a new industry focused on preventing and cleaning up malware has sprung into existence during the last few years, bringing us bandages like AdAware, Spybot, Spyware Doctor, Spysweeper, CounterSpy . . . and Windows Defender aka Windows Live protection services. Yeah, that Windows. From Microsoft. Remember that as I continue this rant.

Who orders those pop-up ads and funds malware companies?

Among several of the really big players that fund intrusive malware based advertising, aQuantive stands out in my mind after Fridays news that Microsoft is buying them for Six. Billion. Dollars. An overpriced desperate gesture on Ballmer's part in the face of Google's recent acquisition of DoubleClick (another source of funds for those malware applets.)

Want some eye popping proof? Check the hits from this Google search.

For an overview of money flow in malware based online advertising, check out Benjamin Edelman's article Intermediaries' Role in the Spyware Mess It's an older article, but still relevant today.

The links above will open in a new tab or window.

Saturday, May 19, 2007

Thursday, May 17, 2007

AMD versus Intel - some insight on the future

An excellent update by Tom Yager at InfoWorld: Intel FUD versus AMD fact

"In assessing these facts, three ancient axioms come to mind: Nice guys finish last, slow and steady wins the race, and haste makes waste. I’ll let you plug these in as the story unfolds.

[ . . . ]

At the CTO Summit, AMD laid out a fully finished 300mm wafer to touch and photograph, and we were shown specifics on the fab rollout schedule for AMD’s 45nm process. We got an advance look at new AMD/ATI chip-set technology as well, along with a completely new and radical AMD CPU, the nondisclosures on which lift this month. AMD is not running behind Intel. It is simply not practicing reactive engineering, and if you pay attention, you’ll see that AMD’s take on 45nm process, 300mm wafers, desktop chip sets, and dual-core mobile architecture are more than mere snapshots of the marketed leading edge, which is a coat of gloss on the present. AMD, through its partnership with IBM, defines the leading edge. Watch.

This makes me suspect AMD has a very pleasant surprise in store for consumers near the end of this year, if not sooner. If nothing else, I love the fact that close competition in the CPU market will continue - it's a win for us in both performance and price.

Watch for details by the end of May or early June.

Monday, May 14, 2007

Quicktime (Mac and PC) and WinZip (PC) flaws now being exploited

Vulnerabilities in two more popular programs were discovered a few months ago, but until now there wasn't much concern since no one was apparently exploiting them. That changed last week.

Apple has updates for QuickTime. "Available for: QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000."

WinZip for PC is more complex: If you use any version of WinZip prior to version 10, or you are already on version 11.1 - then you are safe from the current exploit. If you are using the first public release of version 10, there is a free (it had better be!) patch available now at their site.

Friday, May 11, 2007

FACTA may need to be updated

FACTA, or the US "Fair and Accurate Credit Transaction Act" aka the shredding law may need a major update soon.

Looks like shredding is no longer going to be a realistic method of destroying documents. May I suggest . . . an incinerator.

"It's been years in the making, but finally software designed to electronically piece together some 45 million shredded documents from the East German secret police went into service in Berlin on Wednesday. Now, a puzzle that would take 30 diligent Germans 600 to 800 years to finish by hand, according to one estimate, might be solved by computer in seven."

Orwell called it "DoubleThink"

In his novel, "1984" George Orwell coined the act of naming a negative law or rule with a positive sounding moniker "doublethink."

HBO Exec: Don't Call It DRM

Wednesday, May 9, 2007

Meme gone bad, very bad . . .

Thanks to for the tip, in a post today about the LJ Mojo meme.

"Remember that LJ Mojo meme that was going around the net like a bad plague? Well, some joker whose LJ name doesn't deserve the attention has cracked the site and replaced the pics with one that is extremely NSFW and rather gross at that, such that if somebody is reading back in your journal and runs across that, they get a very nasty surprise."

If any of you posted that meme, might want to go find it in your history and edit those entries.

Edit: has more info. Looks less like a hacking job and more like a deliberate switch by the meme's author - with the added bonus of making public the participants dating claims.

Google suggestions are misogynistic

Try this search (assuming Goggle has not yet fixed the issue.)


Credit to about a thousand other blogs and Digg for highlighting this issue in the last 24 hours.

Do our language usage patterns counter our mission to bring balance to our society?


Compare the above with other Google searches, such as:

she creates
she built
she composed
she studied

They all elicit a prompt similar to "Did you mean: he studied

How many more can you find? :(

Early morning thoughts

Keep away from people
who try to belittle your ambitions.
Small people always do that,
but the really great make you feel
that you, too, can become great.

- Mark Twain

Friday, May 4, 2007

Creative Soundcards - rant

Creative may never see another dollar from me again. I own(ed) an Audigy Sound card.

From the beginning my experience with that card was mixed. Hardware acceleration was awesome, when the card didn't crash. And it wasn't only me . . . but it took more than a year after I bought the card before Creative finally released a driver update that fixed the random crash. X-Fi owners faced similar, if not worse, problems.

Now comes Vista. Which was released in usable (from a Developers point of view at least) Beta form darn near a year before it's release to all major hardware venders/manufacturers. Creative totally dropped the ball, they did not have Vista drivers available at release. Today they still don't - unless you have one of their X-Fi cards.

To be sure, it's not all Creative's fault. Microsoft pulled the rug out from under them with a totally new way to address sound card DSP chips. But Creative had a year to get ready.

So now the final nail in the coffin: Creative just announced that they have begun working on a Audigy series Vista driver. And hidden in the announcement is this key phase: " . . . hope to offer this product as a low-cost upgrade." So - is that a typo? An accident from someone that failed to get the right proof-reading from marketing?

Here is the complete announcement as it appeared originally:

"When we released the first beta of ALchemy for X-Fi, we hoped customers would appreciate our efforts. Within only a few months, the response from users and the press has been overwhelmingly positive. Many of our customers have asked if we could adapt ALchemy to Audigy series sound cards. The X-Fi and Audigy series sound cards are built on different hardware architectures, and therefore require separate development efforts. However, based on the requests to date, we are pleased to announce that we have begun development of an implementation of ALchemy for Audigy series sound cards, and hope to offer this product as a low-cost upgrade to interested Audigy owners later this year."

The Trojan that might get even the paranoid user's CC number

Symantec has the skinny on a new Trojan that is just now beginning to make the rounds in the wild. It's not yet widespread, but be prepared just in case you run into it.

"Recently we came across an interesting Trojan sample, detected by Symantec as Trojan.Kardphisher. The Trojan is not very technical - it's really just another classic social-engineering attack. What makes it interesting is that the author has obviously taken great pains to make it appear legitimate."

The Trojan presents screens on boot up that state you need to re-activate Windows. The twist is that during the process it asks the user for their CC information.

The screenshots in question look very much like the original Windows Activation screens, same theme, color, logos, etc. Even the "engrish" which is generally a dead giveaway is fairly polished. Worse, if you refuse to cooperate the Trojan shuts down your system immediately - a tactic that is also used by Microsoft when Windows Genuine Advantage thinks you stole their system. The next time you power-up, you are again given the fake option to re-activate your Windows installation - complete with the request for your CC info.

Fake Windows Activation Trojan

Arm yourselves and your computer-challenged family members with this simple reminder:

The real activation process from Microsoft will NOT ask for your Credit Card. Nor will their support staff.

I'm half expecting the next step from Trojan authors using this tactic to include an 800 number purporting to be for Microsoft Support but that will connect you to some mafia-run phone center. There they would -- in theory -- collect even more personal information with which they could steal your entire identity.

Wednesday, May 2, 2007

New phishing attack method - dial * 72

This simply amazes me. It's not the method (see below) but the fact that people actually fall for this. I guess I should not be surprised -- even after multiple warnings people still open junk email with attachments from unknown senders -- which exposes them to keylogging trojans or worse.

SecureWorks posted the details, partially copied below: (I changed the phone number.)

"The victim receives an email from the phisher telling them that their bank needs to verify their phone number immediately. If they do not confirm their phone number their account will be suspended. The instructions are as follows:

Step 1- Go to your phone and Dial *72
Step 2- Dial 7075551212 (XYZ Bank Secure Line)
Step 3- Your phone is confirmed.

You will receive a call from us in 1 h for final verification!

If you have confirmed your phone, you can continue the update process:

By calling these phone numbers, the bank customer is actually forwarding their calls to the phisher's number. The calls will continue to be forwarded until the victim notices they are not getting any calls.

After the victim confirms their phone number, they are asked to update their personal info, social security number, bank account number, credit card number, etc.

If the bank customer cooperates, then the phisher has all of the banking and personal information needed to begin making fraudulent transactions on the victim's bank account. If the customer's bank calls them to query an odd transaction during the period that their calls are being forwarded, the phisher will receive the calls and confirm that the fraudulent transaction is legitimate."

Tuesday, May 1, 2007

Critical exploitable bugs in Trillian and WinAmp

Two separate bugs, both being exploited.

Trillian has released an update to fix things up. Get it here:

No fix for WinAmp yet, best advice is don't open untrusted MP4 files. MP3's are safe.

More info about these bugs at

Trillian: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=522

WinAmp: http://secunia.com/advisories/25089/