Some fairly important security updates for Firefox 2.x and 3.x were released yesterday.
See http://www.mozilla.org/security/announce/ for more info on the bug fixes included.
If you still use Firefox 2.x, this release is the last planned upgrade . . .
http://en-us.www.mozilla.com/en-US/firefox/2.0.0.19/releasenotes/
For users of FireFox 3.x, see this page for news and info:
http://en-us.www.mozilla.com/en-US/firefox/3.0.5/releasenotes/
As always I highly recommend the excellent NoScript plugin for both versions to help make your online browsing experience safer. And remember to check for updates in your Tools:Add-ons menu option every time you upgrade to new builds of Firefox.
NoScript: https://addons.mozilla.org/en-US/firefox/addon/722
Wednesday, December 17, 2008
Get your out-of-cycle critical IE patch now
The patch just went live on Windows Update. If you run Windows or Microsoft Updates manually via the browser or Vista Update program, look for references to any one of the following (depending on your OS):
MS08-078
KB961051
KB960714
"Security Update for Internet Explorer 7" (or 8, 6, etc.)
If you need to download and install the update manually (or have a lot of machines to update, or have older versions of IE), try this search query on Microsoft's site for MS08-078:
http://search.microsoft.com/Results.aspx?mkt=en-US&q=ms08-078
If you are otherwise current on updates, and use Auto-Updates, you will get this patch sometime during the next few days. Personally I would do a forced check to be sure.
MS08-078
KB961051
KB960714
"Security Update for Internet Explorer 7" (or 8, 6, etc.)
If you need to download and install the update manually (or have a lot of machines to update, or have older versions of IE), try this search query on Microsoft's site for MS08-078:
http://search.microsoft.com/Results.aspx?mkt=en-US&q=ms08-078
If you are otherwise current on updates, and use Auto-Updates, you will get this patch sometime during the next few days. Personally I would do a forced check to be sure.
Tuesday, December 16, 2008
Ultra-Critical out of cycle fix for IE coming tomorrow from Microsoft
You might have heard about a nasty vulnerability in Internet Explorer that allows a malicous website to remotely take-over one's machine. Microsoft just announced a fix for this issue that will be released tomorrow. It should be available via automatic updates, but just in case I'll follow up tomorrow with links.
The announcement:
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
More info about the vulnerability:
http://www.microsoft.com/technet/security/advisory/961051.mspx
If you previously applied any of the complex workarounds for this problem, you will need to reverse your changes before applying tomorrows update.
The announcement:
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
More info about the vulnerability:
http://www.microsoft.com/technet/security/advisory/961051.mspx
If you previously applied any of the complex workarounds for this problem, you will need to reverse your changes before applying tomorrows update.
Sunday, December 7, 2008
Get traditional -- send paper cards via snail mail for the holidays
. . . Or call your family/friends/loved ones. Better yet send them a nice gift.
Whatever you do - forget about eCards. I personally think eCards are tacky anyway, but the real problem is that too many email virus spammers use fake eCards during the holidays to propagate their infections. Lately it's become darn near impossible to tell the fakes from the "legit" eCards.
We see this every holiday season, so here's your paranoid reminder for 2008:
http://blogs.technet.com/mmpc/archive/2008/12/02/merry-malware.aspx
Every year the ne’er-do-wells trundle out the same set of tricks to distribute their malware and take advantage of people’s better nature, and the additional opportunities for sensitive data theft as shoppers flock to the Internet to purchase gifts and other festive treats. Regardless of the simplicity of this basest style of social engineering attack, it must be successful or I guess we wouldn’t see so much of it every year.
The basic holiday-themed attack has varied little, if at all, through the years and across various holidays. Generally, the attacker sends a malicious e-mail that appears to notify the target that they have received an e-card that says “Happy”. The e-mail also contains a link that the target can use in order to ‘see’ their card. Clicking on the link downloads a malicious executable that compromises the user’s machine, often opening a backdoor that places the machine under the attacker’s control. Colourful animations and music tend to feature in these lures (and who doesn’t like dancing snowmen/candycanes/santas/Christmas trees/champagne bottles, etc?) Of course, Christmas isn’t the only popular theme for bait, the New Year also finds its share of fans in the malware distributing underground.
So, while musing about the delights of the coming festive season, spare a thought for your safety online, and don’t be fooled by the dancing Santas.
Whatever you do - forget about eCards. I personally think eCards are tacky anyway, but the real problem is that too many email virus spammers use fake eCards during the holidays to propagate their infections. Lately it's become darn near impossible to tell the fakes from the "legit" eCards.
We see this every holiday season, so here's your paranoid reminder for 2008:
http://blogs.technet.com/mmpc/archive/2008/12/02/merry-malware.aspx
Every year the ne’er-do-wells trundle out the same set of tricks to distribute their malware and take advantage of people’s better nature, and the additional opportunities for sensitive data theft as shoppers flock to the Internet to purchase gifts and other festive treats. Regardless of the simplicity of this basest style of social engineering attack, it must be successful or I guess we wouldn’t see so much of it every year.
The basic holiday-themed attack has varied little, if at all, through the years and across various holidays. Generally, the attacker sends a malicious e-mail that appears to notify the target that they have received an e-card that says “Happy
So, while musing about the delights of the coming festive season, spare a thought for your safety online, and don’t be fooled by the dancing Santas.
Thursday, December 4, 2008
Home firewalls and routers vulnerable to hacking . . . still
Old bug, old news, and apparently STILL not being corrected by the Internet Service Providers that distribute these things to their customers. Unknown at this time is whether some of the combo Cable-Modem and Fiber routers have the same issue. (My bet is -- yes!)
The short story: the default login to most firewall/routers browser based configuration panel from the LAN side is unsecured - we're talking a known admin user and no (or a factory default that's widely known) password. The customer almost never logs in to change or set a new password, and the service tech that installs the router doesn't either.
This issue has also been around for a loooong time for retail Wi-Fi or Wired firewall/routers: the admin passwords for all brands and models are well-known (and it's a very short list) and if never changed by the customer they are vulnerable to this hack.
See http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212201777 for the full article. Excerpts below:
~~~snip~~~
A deadly attack typically associated with Websites can also be used on LAN/WAN devices, such as DSL routers, according to a researcher who this week demonstrated cross-site request forgery (CSRF) vulnerabilities in devices used for AT&T's DSL service.
The vulnerability isn't isolated to Motorola/Netopia DSL modems. It affects most DSL modems because they don't require authentication to access their configuration menu, he says. "I can take over Motorola/Netopia DSL modems with one request, and I can do it from MySpace and other social networks," Hamiel says. The attack uses HTTP POST and GET commands on the modems, he says.
CSRF vulnerabilities are nothing new; they are pervasive on many Websites and in many devices. "CSRF, in general, is a very old issue," says Hamiel, who blogged about the hack this week. "Most of the vulns found today are old. That's the point: Nobody seems to learn lessons anymore."
A CSRF attack on a DSL router could be launched from a social networking site, Hamiel says, using an image tag on a MySpace page, for example. "Everyone who viewed my MySpace page with AT&T DSL and the Motorola/Netopia DSL modem would be owned," he says.
~~~ snip ~~~
What can a hacker do to you once they have access to your routers configuration page?
1) They can create false DNS entries that will point you to their site instead of -- say -- your banks.
2) They can login to your home or small business network and snoop on your shared files.
3) If your computer has no password, or an easy password, they may directly login to your computer behind your firewall and install backdoor Trojans and use your broadband to send out more virii, spam and malware to others.
4) They can use your system as a proxy while they go do really bad things on the Internet. Later you get served papers (or the officers kick down your door at midnight) for crimes you did not know were being done on your connection.
Etc. Etc. Etc . . .
Lesson for the day (and most of my direct readers already do this, so pass the word to your family, friends and neighbors):
When you buy or take delivery on a DSL, Cable or auxiliary Wi-Fi or Wired router, log onto it at least once and change the Administrator password.
The short story: the default login to most firewall/routers browser based configuration panel from the LAN side is unsecured - we're talking a known admin user and no (or a factory default that's widely known) password. The customer almost never logs in to change or set a new password, and the service tech that installs the router doesn't either.
This issue has also been around for a loooong time for retail Wi-Fi or Wired firewall/routers: the admin passwords for all brands and models are well-known (and it's a very short list) and if never changed by the customer they are vulnerable to this hack.
See http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=212201777 for the full article. Excerpts below:
~~~snip~~~
A deadly attack typically associated with Websites can also be used on LAN/WAN devices, such as DSL routers, according to a researcher who this week demonstrated cross-site request forgery (CSRF) vulnerabilities in devices used for AT&T's DSL service.
The vulnerability isn't isolated to Motorola/Netopia DSL modems. It affects most DSL modems because they don't require authentication to access their configuration menu, he says. "I can take over Motorola/Netopia DSL modems with one request, and I can do it from MySpace and other social networks," Hamiel says. The attack uses HTTP POST and GET commands on the modems, he says.
CSRF vulnerabilities are nothing new; they are pervasive on many Websites and in many devices. "CSRF, in general, is a very old issue," says Hamiel, who blogged about the hack this week. "Most of the vulns found today are old. That's the point: Nobody seems to learn lessons anymore."
A CSRF attack on a DSL router could be launched from a social networking site, Hamiel says, using an image tag on a MySpace page, for example. "Everyone who viewed my MySpace page with AT&T DSL and the Motorola/Netopia DSL modem would be owned," he says.
~~~ snip ~~~
What can a hacker do to you once they have access to your routers configuration page?
1) They can create false DNS entries that will point you to their site instead of -- say -- your banks.
2) They can login to your home or small business network and snoop on your shared files.
3) If your computer has no password, or an easy password, they may directly login to your computer behind your firewall and install backdoor Trojans and use your broadband to send out more virii, spam and malware to others.
4) They can use your system as a proxy while they go do really bad things on the Internet. Later you get served papers (or the officers kick down your door at midnight) for crimes you did not know were being done on your connection.
Etc. Etc. Etc . . .
Lesson for the day (and most of my direct readers already do this, so pass the word to your family, friends and neighbors):
When you buy or take delivery on a DSL, Cable or auxiliary Wi-Fi or Wired router, log onto it at least once and change the Administrator password.
Wednesday, December 3, 2008
List of reputable Anti-Malware/Virus suites that have free editions or fully functional trials
My top list of reputable Anti-Malware/Virus suites for Windows that have free editions or fully functional trials.
They're in no particular order of effectiveness at the time of this writing . . . these are all genuine and are usually listed within the top 10 AV products as tested by VB100. I am posting this as a reference because there are way too many pop-up ads for so called free scanners that are actually Trojans in and of themselves.
Remember that you should only run ONE real-time protection product at a time on your system. Don't install two or more and expect your computer to be stable.
Links provided in clear text so you can examine them for funny business.
SunBelt Software: Vipre - 15 day free trial. (Fully functional, Virus, Rootkit, Malware/Spyware protection and cleanup. Very useful for emergency cleanups.)
http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/
ESET NOD32 AV - 30 day free trial. (Mostly fully functional, Virus, Malware/Spyware protection and cleanup.)
http://www.eset.com/download/free_trial_download.php
Kaspersky Anti-Virus 2009 - 30 day free trial. (Mostly fully functional, Virus, Malware/Spyware protection and cleanup.)
http://www.kaspersky.com/trials
Sophos AntiVirus - 30 day free trial. (Fully functional, Virus, Malware/Spyware protection and cleanup. Free Rootkit analyzer also available, see below.)
http://www.sophos.com/products/small-business/eval.html
Sophos Anti-Rootkit - Free version. (Fully functional within the scope of the intended use, that is to find and delete rootkits - but it's not going to go after other malware or viruses on your system.)
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Avira: AntiVir - Free version. (Good protection and system scans, but pops up nag screens from time to time asking you to upgrade to the pro version.)
http://www.free-av.com/
Avast!: Home Antivirus - Free version. (Good protection etc, free virus definitions seem to be about 4 days behind -- but I cannot prove that.)
http://www.avast.com/eng/avast_4_home.html
Grisoft: AVG - Free version. (Good protection etc, as with Avast the free virus definitions seem to be about a week behind -- but I cannot prove that.)
http://free.avg.com/
Since someone may ask -- I personally use the first on the list. It provides excellent scan and cleanup features including a special safe mode scanner and a boot-time rootkit scanner. Its real-time monitor has very low impact on system performance and the program has a very clean -- even simplistic -- UI.
They're in no particular order of effectiveness at the time of this writing . . . these are all genuine and are usually listed within the top 10 AV products as tested by VB100. I am posting this as a reference because there are way too many pop-up ads for so called free scanners that are actually Trojans in and of themselves.
Remember that you should only run ONE real-time protection product at a time on your system. Don't install two or more and expect your computer to be stable.
Links provided in clear text so you can examine them for funny business.
SunBelt Software: Vipre - 15 day free trial. (Fully functional, Virus, Rootkit, Malware/Spyware protection and cleanup. Very useful for emergency cleanups.)
http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/
ESET NOD32 AV - 30 day free trial. (Mostly fully functional, Virus, Malware/Spyware protection and cleanup.)
http://www.eset.com/download/free_trial_download.php
Kaspersky Anti-Virus 2009 - 30 day free trial. (Mostly fully functional, Virus, Malware/Spyware protection and cleanup.)
http://www.kaspersky.com/trials
Sophos AntiVirus - 30 day free trial. (Fully functional, Virus, Malware/Spyware protection and cleanup. Free Rootkit analyzer also available, see below.)
http://www.sophos.com/products/small-business/eval.html
Sophos Anti-Rootkit - Free version. (Fully functional within the scope of the intended use, that is to find and delete rootkits - but it's not going to go after other malware or viruses on your system.)
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
Avira: AntiVir - Free version. (Good protection and system scans, but pops up nag screens from time to time asking you to upgrade to the pro version.)
http://www.free-av.com/
Avast!: Home Antivirus - Free version. (Good protection etc, free virus definitions seem to be about 4 days behind -- but I cannot prove that.)
http://www.avast.com/eng/avast_4_home.html
Grisoft: AVG - Free version. (Good protection etc, as with Avast the free virus definitions seem to be about a week behind -- but I cannot prove that.)
http://free.avg.com/
Since someone may ask -- I personally use the first on the list. It provides excellent scan and cleanup features including a special safe mode scanner and a boot-time rootkit scanner. Its real-time monitor has very low impact on system performance and the program has a very clean -- even simplistic -- UI.
Saturday, November 22, 2008
New proof of concept script attack in all browsers bypasses AV detection
From http://www.eweek.com/c/a/Security/Script-Fragmentation-Attack-Could-Allow-Hackers-to-Dodge-AntiVirus-Detection/
Stephan Chenette of Websense describes a new Internet attack vector that could allow hackers to bypass anti-virus protection at both the gateway and the desktop. The technique, called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis engines.
The attack works like this: Malware authors write benign client code and embed it in a Web page. The only content contained on the initial page will be a small JavaScript routine utilizing XHR or XDR. This code contains no actual malicious content, and the same type of code is found on all of the major legitimate Web 2.0 sites.
When a user visits the Web page, the JavaScript and the XDR or XHR will slowly request more code from other Web servers a few bytes at a time, thereby only allowing a user's gateway anti-virus engine to analyze a few seemingly innocuous bytes as it tries to determine whether or not the Web site is malicious.
Once received by the client, the bytes are stored in an internal JavaScript variable. The client will request more and more information until all the information has been transferred. Once it has been transferred JavaScript will be used to create a Script element within the DOM (Document Object Model) of the browser and add the information as text to the node. This in turn will cause a change to the DOM and execute the code in the script element.
According to Chenette, the entire process—from data being transferred over the network to triggering JavaScript within the DOM—can slip under the radar because no malicious content touches the file system. It's done completely in memory, and any content that is transferred over the network is done in such tiny fragments that anti-virus engines parsing the information don't have enough context or information to match any signatures.
The attack, which has not been seen in the wild by Websense, works on all the major browsers. Technically, however, it is not a browser vulnerability—it merely takes advantage of the way browsers work.
My initial thoughts: If this gets out into the wild, the only protection is to either turn off scripting entirely in Internet Explorer (which will cripple most legitimate websites), or use the excellent NoScript plugin for Firefox (and use it correctly.)
Stephan Chenette of Websense describes a new Internet attack vector that could allow hackers to bypass anti-virus protection at both the gateway and the desktop. The technique, called script fragmentation, involves breaking down malware into smaller pieces in order to beat malware analysis engines.
The attack works like this: Malware authors write benign client code and embed it in a Web page. The only content contained on the initial page will be a small JavaScript routine utilizing XHR or XDR. This code contains no actual malicious content, and the same type of code is found on all of the major legitimate Web 2.0 sites.
When a user visits the Web page, the JavaScript and the XDR or XHR will slowly request more code from other Web servers a few bytes at a time, thereby only allowing a user's gateway anti-virus engine to analyze a few seemingly innocuous bytes as it tries to determine whether or not the Web site is malicious.
Once received by the client, the bytes are stored in an internal JavaScript variable. The client will request more and more information until all the information has been transferred. Once it has been transferred JavaScript will be used to create a Script element within the DOM (Document Object Model) of the browser and add the information as text to the node. This in turn will cause a change to the DOM and execute the code in the script element.
According to Chenette, the entire process—from data being transferred over the network to triggering JavaScript within the DOM—can slip under the radar because no malicious content touches the file system. It's done completely in memory, and any content that is transferred over the network is done in such tiny fragments that anti-virus engines parsing the information don't have enough context or information to match any signatures.
The attack, which has not been seen in the wild by Websense, works on all the major browsers. Technically, however, it is not a browser vulnerability—it merely takes advantage of the way browsers work.
My initial thoughts: If this gets out into the wild, the only protection is to either turn off scripting entirely in Internet Explorer (which will cripple most legitimate websites), or use the excellent NoScript plugin for Firefox (and use it correctly.)
Thursday, November 20, 2008
Rootkits, Trojans -- they may 'own' your USB thumbdrive
A topic that I might have brought up before (too lazy to go find it) and which really hit home over this last weekend - USB portable storage devices and current malware are a match made in virus heaven.
Friend of mine called me in a panic - his main computer slowed down so he thought he might clean it up a bit. Made a full backup of his photo's and documents to a portable USB drive. Started the cleanup, saw some odd behavior, downloaded an alternate virus scanner trial, found nasty nasty stuff that he could not clean up, rebuilt the OS after formatting the drive -- and started to restore his files from that backup.
Remember that backup? The one he took from what was likely an already infected system? The second he inserted that drive into a USB port - wham! Infected again. That's when he finally called me . . .
Much like virus infections that spread via 5.25 and 3.5 diskettes in days of yore, a new generation of backdoor Trojans, Rootkits, Keyloggers, Botnet/Zombie infections and other malware use USB drives as an infection vector.
This is exceptionally nasty for consultants that use USB drives as their portable toolkit. They stick their drive into an infected computer, which infects their portable drive, which in turn infects the very next computer into which they insert said drive if Autoplay is turned on . . .
Solutions do exist though. My personal solution - which I use in my business - is to use USB thumb drives with a Write Protection Switch (a physical slider switch on the side of the drive that sets the drive to read-only mode and cannot be bypassed by software) while in the field. I also keep a full redundant backup of my software toolkit in safe storage. (Not to mention I scan my thumb drives after every client visit.)
So you set the drive to read/write when copying data to it from a safe computer. Switch the thing to read only while using it in other computers.
The only trouble is that if you need to write/save a file to the drive while visiting another computer - you had better make darn sure that a) that other computer is running a current and trustworthy anti-malware suite and b) that your own computer at your home or office has autoplay turned off and c) that afterwards you think very hard about using that drive in any other computer before getting it scanned from a safe location.
The other problem is that finding a USB drive with a physical "Write Protection Switch" is fairly difficult. I've got two different brands in my toolkit now. It took some serious google-fu to locate them and even more effort to find a vendor that sold the models. (Iomega and Kanguru for those curious - the Kanguru is fast and secure, but much more pricy.)
I've said it before, here it is again (and updated for Vista users):
I've often wished that the Autoplay feature was turned off by default in Windows. It would also be nice if there was an easy way to turn it off somewhere in the user settings . . . but it's a tad more complicated.
Autoplay is not really needed anyway, it's annoying when you insert a CD that you just want to browse, and it's been the vector for virii several times in the past. Just remember that if you turn it off, and you insert a CD from which you want to install something, you will need to browse to that CD and find the Setup program manually instead of waiting for the Autoplay setup to start automatically. I like having to start setup manually better anyway, gives me more control over my system.
To turn Autoplay off, find the heading for your operating system below.
Windows XP Home
1) Create a new TXT file and open it in Notepad.
2) Paste the code below into your new text file.
3) Save the file, close it in Notepad, and rename the file to end in the ".reg" extension.
4) Double click the REG file to import the setting into your registry. Click OK when it asks if this is something you want to do . . .
5) Reboot and done for Windows XP Home.
Windows XP Professional
1) Click Start, Run and enter GPEDIT.MSC
2) Go to Computer Configuration, Administrative Templates, System.
3) Locate the entry for "Turn Off Autoplay" and Enable it for All Drives.
4) Close the Policy Editor and reboot . . . done for Windows XP Professional!
Windows Vista
Note: Be certain you have installed Vista Service Pack 1 and have all the most recent patches before applying this change.
1) Create a new TXT file and open it in Notepad.
2) Paste the code below into your new text file.
3) Save the file, close it in Notepad, and rename the file to end in the ".reg" extension.
4) Right click the new REG file and select "Run as Administrator" to import the setting into your registry. Click OK when it asks if this is something you "really" want to do . . .
5) Reboot and done for Windows Vista!
For more information, see Microsoft's KB article on AutoRun/AutoPlay at http://support.microsoft.com/kb/953252
Friend of mine called me in a panic - his main computer slowed down so he thought he might clean it up a bit. Made a full backup of his photo's and documents to a portable USB drive. Started the cleanup, saw some odd behavior, downloaded an alternate virus scanner trial, found nasty nasty stuff that he could not clean up, rebuilt the OS after formatting the drive -- and started to restore his files from that backup.
Remember that backup? The one he took from what was likely an already infected system? The second he inserted that drive into a USB port - wham! Infected again. That's when he finally called me . . .
Much like virus infections that spread via 5.25 and 3.5 diskettes in days of yore, a new generation of backdoor Trojans, Rootkits, Keyloggers, Botnet/Zombie infections and other malware use USB drives as an infection vector.
This is exceptionally nasty for consultants that use USB drives as their portable toolkit. They stick their drive into an infected computer, which infects their portable drive, which in turn infects the very next computer into which they insert said drive if Autoplay is turned on . . .
Solutions do exist though. My personal solution - which I use in my business - is to use USB thumb drives with a Write Protection Switch (a physical slider switch on the side of the drive that sets the drive to read-only mode and cannot be bypassed by software) while in the field. I also keep a full redundant backup of my software toolkit in safe storage. (Not to mention I scan my thumb drives after every client visit.)
So you set the drive to read/write when copying data to it from a safe computer. Switch the thing to read only while using it in other computers.
The only trouble is that if you need to write/save a file to the drive while visiting another computer - you had better make darn sure that a) that other computer is running a current and trustworthy anti-malware suite and b) that your own computer at your home or office has autoplay turned off and c) that afterwards you think very hard about using that drive in any other computer before getting it scanned from a safe location.
The other problem is that finding a USB drive with a physical "Write Protection Switch" is fairly difficult. I've got two different brands in my toolkit now. It took some serious google-fu to locate them and even more effort to find a vendor that sold the models. (Iomega and Kanguru for those curious - the Kanguru is fast and secure, but much more pricy.)
I've said it before, here it is again (and updated for Vista users):
I've often wished that the Autoplay feature was turned off by default in Windows. It would also be nice if there was an easy way to turn it off somewhere in the user settings . . . but it's a tad more complicated.
Autoplay is not really needed anyway, it's annoying when you insert a CD that you just want to browse, and it's been the vector for virii several times in the past. Just remember that if you turn it off, and you insert a CD from which you want to install something, you will need to browse to that CD and find the Setup program manually instead of waiting for the Autoplay setup to start automatically. I like having to start setup manually better anyway, gives me more control over my system.
To turn Autoplay off, find the heading for your operating system below.
Windows XP Home
1) Create a new TXT file and open it in Notepad.
2) Paste the code below into your new text file.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
3) Save the file, close it in Notepad, and rename the file to end in the ".reg" extension.
4) Double click the REG file to import the setting into your registry. Click OK when it asks if this is something you want to do . . .
5) Reboot and done for Windows XP Home.
Windows XP Professional
1) Click Start, Run and enter GPEDIT.MSC
2) Go to Computer Configuration, Administrative Templates, System.
3) Locate the entry for "Turn Off Autoplay" and Enable it for All Drives.
4) Close the Policy Editor and reboot . . . done for Windows XP Professional!
Windows Vista
Note: Be certain you have installed Vista Service Pack 1 and have all the most recent patches before applying this change.
1) Create a new TXT file and open it in Notepad.
2) Paste the code below into your new text file.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"
3) Save the file, close it in Notepad, and rename the file to end in the ".reg" extension.
4) Right click the new REG file and select "Run as Administrator" to import the setting into your registry. Click OK when it asks if this is something you "really" want to do . . .
5) Reboot and done for Windows Vista!
For more information, see Microsoft's KB article on AutoRun/AutoPlay at http://support.microsoft.com/kb/953252
NVidia Tesla Update - supercomputing at the desktop
Update regarding a post I made almost a year and a half ago, NVidia's Tesla may be changing our definition of super-performing personal computers.
For those with enough cash - around 10 grand for the base model - you can get your very own personal "Super-Computer!"
Seriously - can you imagine what this could do for very small scientific research companies?
Each processor can sustain one teraflop. Need more power? Add processors . . . up to four for now and possibly more in the future.
More info:
http://www.eweek.com/c/a/IT-Infrastructure/Nvidia-Details-Personal-Supercomputer-Design-Based-on-Tesla-GPU/
http://www.nvidia.com/object/tesla_computing_solutions.html
Thursday, November 13, 2008
Long term data storage
I've been subscribing to the theory for several years that the best way to safely store data for long terms was to use redundant hard drive spindles, and keep up with maintenance. That used to be valid, because no optical storage media had been invented that was rated for any kind of decent long term retention. (10 years max used to be the rule of thumb - with no assurances whatsoever.)
Sometime in the last few years optical technology greatly improved the longevity of certain media types. I missed that . . .
So the question today I started researching was "how do I store all my family digital photo's safely?"
So far it looks like (Edit: hypothetical - they don't appear to exist yet on the market) Gold Media DVD+R is the way to go. Proper storage in a cool, dry, dark place in acid free liners also seems to be critical.
One of the preferred SATA burners on the market for good quality burns:
Samsung SH-S223F
Found several good articles on the topic, but wondering if anyone here has direct experience with this problem. If you have some tips, please post them below!
Links of worth so far:
http://adterrasperaspera.com/blog/2006/10/30/how-to-choose-cddvd-archival-media
http://www.infinite0.com/archives/99
http://www.clir.org/pubs/reports/pub121/contents.html
Sometime in the last few years optical technology greatly improved the longevity of certain media types. I missed that . . .
So the question today I started researching was "how do I store all my family digital photo's safely?"
So far it looks like (Edit: hypothetical - they don't appear to exist yet on the market) Gold Media DVD+R is the way to go. Proper storage in a cool, dry, dark place in acid free liners also seems to be critical.
One of the preferred SATA burners on the market for good quality burns:
Samsung SH-S223F
Found several good articles on the topic, but wondering if anyone here has direct experience with this problem. If you have some tips, please post them below!
Links of worth so far:
http://adterrasperaspera.com/blog/2006/10/30/how-to-choose-cddvd-archival-media
http://www.infinite0.com/archives/99
http://www.clir.org/pubs/reports/pub121/contents.html
Tuesday, November 11, 2008
November 2008 Patch Tuesday
If you're not set to use automatic updates on Windows (XP and Vista), be sure to fully catch up your patching today.
There was a super-critical out of cycle patch released 2 weeks ago, plus several critical patches released today.
You really want these security fixes . . . two of these vulnerabilities are being actively exploited right now.
There was a super-critical out of cycle patch released 2 weeks ago, plus several critical patches released today.
You really want these security fixes . . . two of these vulnerabilities are being actively exploited right now.
Users of Grisoft's free AVG: don't delete that file until you check this . . .
http://securityandthe.net/2008/11/10/avg-virus-scanner-removes-critical-windows-file/
Quote:
An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll (netdef: a critical system file for Windows)contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.
Both AVG 7.5 and AVG 8.0 were affected by the update; a revised signature database has just been published that corrects this issue. People that have removed the user32.dll can either boot from their original Windows CD and choose the repair option, or use another CD to boot from and restore the file from C:WindowsSystem32dllcache.
Quote:
An update for the AVG virus scanner released yesterday contained an incorrect virus signature, which led it to think user32.dll (netdef: a critical system file for Windows)contained the Trojan Horses PSW.Banker4.APSA or Generic9TBN. AVG then recommended deleting this file; this causes the affected systems to either stop booting or go into a continuous reboot cycle. So far, the problem only appears to affect Windows XP, but there is no guarantee that other versions of Windows don’t have the same issue.
Both AVG 7.5 and AVG 8.0 were affected by the update; a revised signature database has just been published that corrects this issue. People that have removed the user32.dll can either boot from their original Windows CD and choose the repair option, or use another CD to boot from and restore the file from C:WindowsSystem32dllcache.
Friday, November 7, 2008
A short break from computer topics . . . Bread!
One of my many side hobbies is baking. This morning I discovered an excellent resource for artisan bread at http://www.artisanbreadinfive.com/ . . .
Am I allowed to "gleee?" (cough)
They are pushing a book, which I will likely buy -- but many recipes are listed in full on that site. I predict a very pleasant smelling weekend in my home as I try making their Pletzel. :D
Am I allowed to "gleee?" (cough)
They are pushing a book, which I will likely buy -- but many recipes are listed in full on that site. I predict a very pleasant smelling weekend in my home as I try making their Pletzel. :D
Wednesday, November 5, 2008
US Presidential malware spam
From http://www.f-secure.com/weblog/archives/00001530.html . . .
"Not a big surprise at all that a spam run distributing malware talking about Obama being elected the new US President started this morning (US time).
The link points to a website that looks like it contains a video and to view it the user has to download a new flash player, adobe_flash9.exe."
Installing that fake Adobe update releases a very nasty trojan with rootkit onto your computer.
Edit: suggests (in comments below) that users may be sure their Adobe products are updated safely by going directly to the source - rather than trust any pop up message announcing an update. This would work for Adobe Reader, Flash, Shockwave, Air, and Adobe Media Player. For Reader you can update from within the program itself. For other Adobe products, try www.adobe.com and follow the free product links from their front home page.
"Not a big surprise at all that a spam run distributing malware talking about Obama being elected the new US President started this morning (US time).
The link points to a website that looks like it contains a video and to view it the user has to download a new flash player, adobe_flash9.exe."
Installing that fake Adobe update releases a very nasty trojan with rootkit onto your computer.
Edit:
Monday, November 3, 2008
Guard your domains - new wave of phishing attacks
Last week one of my clients forwarded an email to me that purported to be from Network Solutions - a well-known domain name registrar. The news looked fairly alarming. The emails stated that their domains had expired and were on the auction block - but if the victims would log onto the site and provide full contact info etc, they would be sent instructions on how to renew the domain before it was auctioned away forever . . .
The link in the email "looked" okay, but it was formatted in HTML and the true link went to a very dangerous web page.
Phishing attack for CC numbers / money?
Not exactly -- or more precisely, not ONLY that. Turns out that there is a new wave of phishing attempts for known, established domain names. The criminals behind the attacks are trying to spoof you into giving up your domain registrar account credentials so they can impersonate you just long enough to transfer that tasty domain into their anonymous ownership.
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=211800362
"The new phishing attacks are a way for spammers, malware writers, and fake antivirus writers to keep their operations running . . .
By grabbing legitimate domains, the cybercriminals secure safer cover for their operations. "With these phishing attacks, they'll get access to domains owned by good people."
Expect to see more of these attempts from all domain registrars (eNom, Network Solutions, GoDaddy, etc.) I also expect to see these phishing attacks combine malware infections that will attempt to infect your workstation with key loggers.
Don't click the links in those emails!
The link in the email "looked" okay, but it was formatted in HTML and the true link went to a very dangerous web page.
Phishing attack for CC numbers / money?
Not exactly -- or more precisely, not ONLY that. Turns out that there is a new wave of phishing attempts for known, established domain names. The criminals behind the attacks are trying to spoof you into giving up your domain registrar account credentials so they can impersonate you just long enough to transfer that tasty domain into their anonymous ownership.
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=211800362
"The new phishing attacks are a way for spammers, malware writers, and fake antivirus writers to keep their operations running . . .
By grabbing legitimate domains, the cybercriminals secure safer cover for their operations. "With these phishing attacks, they'll get access to domains owned by good people."
Expect to see more of these attempts from all domain registrars (eNom, Network Solutions, GoDaddy, etc.) I also expect to see these phishing attacks combine malware infections that will attempt to infect your workstation with key loggers.
Don't click the links in those emails!
Saturday, November 1, 2008
New things to guard against in 2009 (Part 1 - Keys)
Long has it been advised to protect your personal information in public. Things like guarding your PIN from being observed at POS counters and ATM machines. Keeping a finger over your CC numbers as much as possible in public when they are out of your wallet. Don't carry your SS card in your wallet / purse. Watch for odd looking attachments on card readers (although lately that's not as effective, new black market card readers can be inserted inside some gas station pump CC slots.)
Now comes software that can duplicate your car and house keys from surveillance photos.
http://www.jacobsschool.ucsd.edu/news/news_releases/release.sfe?id=791
"UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key.
. . . advances in digital imaging and optics have made it easy to duplicate someone's keys from a distance without them even noticing."
In one demonstration of the new software system, the computer scientists took pictures of common residential house keys with a cell phone camera, fed the image into their software which then produced the information needed to create identical copies. In another example, they used a five inch telephoto lens to capture images from the roof of a campus building and duplicate keys sitting on a café table about 200 feet away.
Now comes software that can duplicate your car and house keys from surveillance photos.
http://www.jacobsschool.ucsd.edu/news/news_releases/release.sfe?id=791
"UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key.
. . . advances in digital imaging and optics have made it easy to duplicate someone's keys from a distance without them even noticing."
In one demonstration of the new software system, the computer scientists took pictures of common residential house keys with a cell phone camera, fed the image into their software which then produced the information needed to create identical copies. In another example, they used a five inch telephoto lens to capture images from the roof of a campus building and duplicate keys sitting on a café table about 200 feet away.
Monday, September 29, 2008
That bubble you hear popping? Yeah, their golden parachutes are collapsing . . .
http://www.msnbc.msn.com/id/22425001/vp/26944027#26944027
http://www.msnbc.msn.com/id/26884523/
"Like the Iraq war and the Patriot Act, this bill is fueled on fear and hinges on haste," said Democratic Rep. Lloyd Doggett, R-Texas.
Saturday, June 7, 2008
Tornado aftermath
A quick update/status from the tornado that passed near our home last week, and some advice for everyone to prevent a nasty aftershock in any emergency that involves the power grid.
Our home was undamaged. It missed us by about 2 miles. My car not-so-much, as I was driving out of the actual path of the storm and got whacked by hail the size of baseballs. Nothing that can't be repaired easily. I can tell you that the sound your car makes when being bombarded by hail of that magnitude is amazing.
The aftermath? If the power goes out for an entire city, go, immediately, unplug everything you value. Your computer, the stereo, TV, the fridge, freezer, clock radios, get it all off the grid. The local power company was in a hurry to get everything running after 48 hours of darkness. When they flipped the big master switch, the resulting city-wide surge zapped thousands of appliances and electronics into oblivion. The wise among us did not suffer any damage from the power up. The unwise lost not only electronics, in some cases the surge was powerful enough to burn out house wiring.
Just saying . . .
Our home was undamaged. It missed us by about 2 miles. My car not-so-much, as I was driving out of the actual path of the storm and got whacked by hail the size of baseballs. Nothing that can't be repaired easily. I can tell you that the sound your car makes when being bombarded by hail of that magnitude is amazing.
The aftermath? If the power goes out for an entire city, go, immediately, unplug everything you value. Your computer, the stereo, TV, the fridge, freezer, clock radios, get it all off the grid. The local power company was in a hurry to get everything running after 48 hours of darkness. When they flipped the big master switch, the resulting city-wide surge zapped thousands of appliances and electronics into oblivion. The wise among us did not suffer any damage from the power up. The unwise lost not only electronics, in some cases the surge was powerful enough to burn out house wiring.
Just saying . . .
Impossible!
The only way to discover
the limits of the possible
is to go beyond them
into the impossible.
- Arthur C. Clarke
the limits of the possible
is to go beyond them
into the impossible.
- Arthur C. Clarke
Tuesday, June 3, 2008
More on the Apple Safari vulnerability
Shocking quote from the person that found "part" of the vulnerability:
From http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx
"I can only say that Microsoft's suggestion for a workaround is not enough. This combined Safari/IE vulnerability might still be successfully exploited, even if the user will change Safari's download location. Also, the Safari "Carpet Bomb" vulnerability can be used in combination with vulnerabilities in other products, so even if MS fixes their vulnerability, Safari users will still be vulnerable.
The current best solution is to stop using Safari until Apple fixes their vulnerability."
(Bold typeface in quote added by me . . .)
Also, if you want to know what the first part of the vulnerability in Safari could potentially do to your desktop -- see this site (pics and tech info):
http://www.oreillynet.com/onlamp/blog/2008/05/safari_carpet_bomb.html
From http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx
"I can only say that Microsoft's suggestion for a workaround is not enough. This combined Safari/IE vulnerability might still be successfully exploited, even if the user will change Safari's download location. Also, the Safari "Carpet Bomb" vulnerability can be used in combination with vulnerabilities in other products, so even if MS fixes their vulnerability, Safari users will still be vulnerable.
The current best solution is to stop using Safari until Apple fixes their vulnerability."
(Bold typeface in quote added by me . . .)
Also, if you want to know what the first part of the vulnerability in Safari could potentially do to your desktop -- see this site (pics and tech info):
http://www.oreillynet.com/onlamp/blog/2008/05/safari_carpet_bomb.html
Friday, May 30, 2008
New attack on Apple Safari under Windows XP or Vista
Microsoft posted a security advisory today concerning users of the Apple Safari web browser under Windows XP or Vista. This particular security vulnerability does not occur on other operating systems combined with Safari.
http://www.microsoft.com/technet/security/advisory/953818.mspx
"Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed."
You can mitigate the attack vector by simply changing the default download destination path in Safari from the Desktop (a side rant here, NO program should ever select the Desktop as it's default storage location . . . ) to another folder on your hard drive. I recommend you create a downloads folder on your C: drive (or another drive if you have more than one partition) and point Safari at that location.
Under XP open "My Computer" or under Vista "Computer."
Open the C: drive (or your preferred hard drive.)
Right click on any white space and select New Folder. Name it "Downloads" or something appropriate.
Launch Safari. Under the Edit menu select Preferences.
At the option where it states Save Downloaded Files to:, select the new folder you created on your system.
http://www.microsoft.com/technet/security/advisory/953818.mspx
"Microsoft is investigating new public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apple’s Safari for Windows has been installed."
You can mitigate the attack vector by simply changing the default download destination path in Safari from the Desktop (a side rant here, NO program should ever select the Desktop as it's default storage location . . . ) to another folder on your hard drive. I recommend you create a downloads folder on your C: drive (or another drive if you have more than one partition) and point Safari at that location.
Under XP open "My Computer" or under Vista "Computer."
Open the C: drive (or your preferred hard drive.)
Right click on any white space and select New Folder. Name it "Downloads" or something appropriate.
Launch Safari. Under the Edit menu select Preferences.
At the option where it states Save Downloaded Files to:, select the new folder you created on your system.
Friday, May 23, 2008
If you build it, they will come . . .
Playground kit, (some assembly required) assembled. check
Polished gravel delivered and spread, to prevent skinned knees. check
Letting the neighborhoodkids cubs come over to play. check
Polished gravel delivered and spread, to prevent skinned knees. check
Letting the neighborhood
Thursday, April 17, 2008
If you run IIS or SQL on any current flavor of Windows . . .
You might want to check this out -- soon -- and see if your configuration is at risk. Mitigation suggestions are included on the linked page.
http://www.microsoft.com/technet/security/advisory/951306.mspx
I smell a new worm rising from the dank depths of "teh inter-tubes . . ."
"Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability."
If you administer a website on a Windows Server based host, as opposed to a Unix or Linux based host, I strongly advise you to grab a backup of your entire site, and its databases (if you have such) right now.
There is a key phrase in the security alert that alarms me:
1) "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
Anytime MS talks about out-of-cycle updates, I take any other disclaimers they spout about "Microsoft not being aware of any attacks attempting to exploit the potential vulnerability" with a unhealthy dose of proverbial salt. Play it safe -- act as if the vulnerability is already actively being used to hack sites and servers.
http://www.microsoft.com/technet/security/advisory/951306.mspx
I smell a new worm rising from the dank depths of "teh inter-tubes . . ."
"Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008. Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability."
If you administer a website on a Windows Server based host, as opposed to a Unix or Linux based host, I strongly advise you to grab a backup of your entire site, and its databases (if you have such) right now.
There is a key phrase in the security alert that alarms me:
1) "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs."
Anytime MS talks about out-of-cycle updates, I take any other disclaimers they spout about "Microsoft not being aware of any attacks attempting to exploit the potential vulnerability" with a unhealthy dose of proverbial salt. Play it safe -- act as if the vulnerability is already actively being used to hack sites and servers.
Monday, March 24, 2008
Vista SP1 Support
Quick note here for those that might be in need of help with Vista Service Pack 1 . . .
1) If you have not yet installed it, make sure you have the latest device drivers installed for your video and network cards before installing SP1. There have been reports of some people being greeted by a black screen on reboot after SP1 was completed - because their video driver was not compatible. The only solutions in that scenario are a complete clean re-install from the Vista Bootable DVD, or installing a new video card for which Vista has native support.
Among other guilty devices; the embedded graphics card on certain Intel 945 chipset motherboards seems to be causing this problem for people that did not first upgrade to Intel's latest driver before installing SP1.
Same goes for certain embedded network cards, leaving you with no easy way to download a newer driver after SP1 is installed. There's always sneaker-net of course.
2) If you have installed it and are having trouble, here is the "super secret" direct support page from Microsoft - which includes free phone support. Super Secret because they are not advertising the fact that they do provide free support to any legal owner of Vista trying to install SP1.
By "any legal owner" they include full retail purchases, upgrade versions, and now all OEM versions.
Here it is: https://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11274&gprid=500921
1) If you have not yet installed it, make sure you have the latest device drivers installed for your video and network cards before installing SP1. There have been reports of some people being greeted by a black screen on reboot after SP1 was completed - because their video driver was not compatible. The only solutions in that scenario are a complete clean re-install from the Vista Bootable DVD, or installing a new video card for which Vista has native support.
Among other guilty devices; the embedded graphics card on certain Intel 945 chipset motherboards seems to be causing this problem for people that did not first upgrade to Intel's latest driver before installing SP1.
Same goes for certain embedded network cards, leaving you with no easy way to download a newer driver after SP1 is installed. There's always sneaker-net of course.
2) If you have installed it and are having trouble, here is the "super secret" direct support page from Microsoft - which includes free phone support. Super Secret because they are not advertising the fact that they do provide free support to any legal owner of Vista trying to install SP1.
By "any legal owner" they include full retail purchases, upgrade versions, and now all OEM versions.
Here it is: https://support.microsoft.com/oas/default.aspx?ln=en-us&prid=11274&gprid=500921
Sunday, March 9, 2008
Don't drink the water?
They're getting into our highland watersheds. Deep into our planet's underground natural reserves. Seeping into rural wells from septic tanks and cattle fields. Leaching into your cities reservoirs. Passing through your town's sewage treatment plants and flowing directly back into the source of your drinking water. Very few -- if any -- municipal water suppliers check or filter for them. Same goes for most bottled water companies.
Caffeine.
Acetaminophen and ibuprofen.
Prescription medications for pain, infection, high cholesterol, asthma, epilepsy, mental illness and heart problems.
Anti-convulsant, anti-epileptic and anti-anxiety medications.
Metabolized angina medicine and the mood-stabilizing carbamazepine.
Antibiotics of all types.
Naproxen, estrone (a human gender hormone) and clofibric acid (a metabolized anti-cholesterol drug byproduct.)
Trenbolone, an anabolic steroid used to make cattle grow faster and illegally used by some athletes to enhance muscle building.
Some key quotes:
"The federal government doesn’t require any testing and hasn’t set safety limits for drugs in water."
"There’s evidence that adding chlorine, a common process in conventional drinking water treatment plants, makes some pharmaceuticals more toxic."
"Recent laboratory research has found that small amounts of medication have affected human embryonic kidney cells, human blood cells and human breast cancer cells. The cancer cells proliferated too quickly; the kidney cells grew too slowly; and the blood cells showed biological activity associated with inflammation."
"Pharmaceuticals also can produce side effects and interact (me: in sometimes unexpected ways) with other drugs."
"One technology, reverse osmosis, removes virtually all pharmaceutical contaminants but is very expensive for large-scale use and leaves several gallons of polluted water for every one that is made drinkable."
. . . which possibly means that the safest water to drink in our nation may be from the huge reverse osmosis desalination plant on the northwest coast of the big island of Hawaii.
Read on: (first part of three -- the other two are forthcoming.)
AP Probe Finds Drugs in Drinking Water.
Friday, March 7, 2008
This guy totally understands cats . . .
Official home of the 'Simon's Cat' films from Tandem director Simon Tofield.
Simon's Cat 'Cat Man Do'
Simon's Cat 'Let Me In!'
That is all. (Isn't it enough?)
Wednesday, February 27, 2008
Thought for you, yes you -- you know who you are . . .
Before you begin a thing,
remind yourself that difficulties
and delays quite impossible to foresee are ahead.
If you could see them clearly,
naturally you could do a great deal to get rid of them
but you can't.
You can only see one thing clearly
and that is your goal.
Form a mental vision of that
and cling to it through thick and thin.
- Kathleen Norris
Tuesday, February 12, 2008
That e-Valentine card might be an infection
STORM WORM VIRUS Alert
"With the Valentine's Day holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software (malware). The e-mail directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet connected device and causes it to become infected and part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.
The Storm Worm virus has capitalized on various holidays in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail. Valentine's Day has been identified as the next target.
Be wary of any e-mail received from an unknown sender. Do not open any unsolicited e-mail and do not click on any links provided."
"With the Valentine's Day holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software (malware). The e-mail directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet connected device and causes it to become infected and part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.
The Storm Worm virus has capitalized on various holidays in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail. Valentine's Day has been identified as the next target.
Be wary of any e-mail received from an unknown sender. Do not open any unsolicited e-mail and do not click on any links provided."
Monday, February 4, 2008
Friends don't let friends install RealPlayer
It's not the first time RealPlayer has been accused of underhanded privacy invading practices, and it may not be the last. In my opinion there's really no reason to have the application on your system. Opt instead for standards compliant media players that won't deliver ads or spy on your Internet usage patterns.
We find that RealPlayer 10.5 is badware because it fails to accurately and completely disclose the fact that it installs advertising software on the user's computer. We additionally find that RealPlayer 11 is badware because it does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled.
For video I really like VLC media player . . . a free cross platform format agnostic player that can just about do it all.
For audio I suggest the bare-bones system resource friendly FooBar2000. It's footprint on your system is so low that you can generally use it to play your music in the background even when playing resource heavy games without glitching or causing any performance degradation. It will decode almost all of the current music formats, including my current favorite high definition FLAC file sound files -- a non-lossy open source compression method that lets complex music be heard without the distortion inherent in MP3's.
FooBar2000's UI is not terribly pretty looking, but it does what it's supposed to do very well, including the somewhat unique option to channel your music digitally directly to high end sound cards -- bypassing the Windows API's -- thus preserving the signal path and enhancing performance for those with golden ears. It's also one of the best mass tagger editors for MP3's in existence, so you can fix the labels on entire albums with one broad stroke instead of having to repeat and rinse for every track.
Links pop in new tabs or windows . . .
We find that RealPlayer 10.5 is badware because it fails to accurately and completely disclose the fact that it installs advertising software on the user's computer. We additionally find that RealPlayer 11 is badware because it does not disclose the fact that it installs Rhapsody Player Engine software, and fails to remove this software when RealPlayer is uninstalled.
For video I really like VLC media player . . . a free cross platform format agnostic player that can just about do it all.
For audio I suggest the bare-bones system resource friendly FooBar2000. It's footprint on your system is so low that you can generally use it to play your music in the background even when playing resource heavy games without glitching or causing any performance degradation. It will decode almost all of the current music formats, including my current favorite high definition FLAC file sound files -- a non-lossy open source compression method that lets complex music be heard without the distortion inherent in MP3's.
FooBar2000's UI is not terribly pretty looking, but it does what it's supposed to do very well, including the somewhat unique option to channel your music digitally directly to high end sound cards -- bypassing the Windows API's -- thus preserving the signal path and enhancing performance for those with golden ears. It's also one of the best mass tagger editors for MP3's in existence, so you can fix the labels on entire albums with one broad stroke instead of having to repeat and rinse for every track.
Links pop in new tabs or windows . . .
Tuesday, January 15, 2008
This old house
Last year our heating bill averaged $320 per month during winter.
We installed a new furnace this summer -- prices on furnaces are amazingly good during the off season. It's one of those new-fangled high efficiency dual mode modals. It replaced a dinosaur three times it's size in the basement - a brand our installer did not recognize.
This winter has been every bit as cold outside as last, but the house feels warm (it didn't last year) and our average bill for this winter -- so far -- has been hovering around $110 per month.
This makes me a happy camper. At this rate the new furnace will pay for itself in five years.
We installed a new furnace this summer -- prices on furnaces are amazingly good during the off season. It's one of those new-fangled high efficiency dual mode modals. It replaced a dinosaur three times it's size in the basement - a brand our installer did not recognize.
This winter has been every bit as cold outside as last, but the house feels warm (it didn't last year) and our average bill for this winter -- so far -- has been hovering around $110 per month.
This makes me a happy camper. At this rate the new furnace will pay for itself in five years.
Thursday, January 10, 2008
Welcome to our Imperial Big Brother (Your ISP)
First it will be to catch copyright pirates. Then it will be to identify your marketing tastes -- think adware on the pipe, instead of your client, with no way to clean it out! And finally they will use it to mistakenly identify you as an enemy of the state because you clicked an middle-eastern pr0n banner.
http://bits.blogs.nytimes.com/2008/01/08/att-and-other-isps-may-be-getting-ready-to-filter/
More coverage on the issue:
http://news.google.com/news?tab=wn&ned=us&hl=en&ned=us&q=Network-level+filtering+&btnG=Search+News
http://bits.blogs.nytimes.com/2008/01/08/att-and-other-isps-may-be-getting-ready-to-filter/
More coverage on the issue:
http://news.google.com/news?tab=wn&ned=us&hl=en&ned=us&q=Network-level+filtering+&btnG=Search+News
Tuesday, January 1, 2008
Subscribe to:
Posts (Atom)