Archive for December, 2005

Dec 30 2005

Signing off until next year

Published by under Blogging,Malware

I’m going to take a break from the blog and the computer for the next couple of days and come back on Monday.  Monday will also be my first official day blogging for ComputerWorld.  I’m not quite sure what my first topic will be over there, but check it out at http://www.computerworld.com/blogs/mckeay.  There’s just a placeholder there so far, but come Monday, I’ll be published on the website of nationally recognized trade publication.  Yay me!  2006 is starting to look like an exciting year from where I sit.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Dec 30 2005

Google AdSense site down

Published by under Malware

I just tried to get to the Google AdSense site, and it was down.  I wonder if this has anything to the malware that was found earlier today taking advantage of the AdSense program?

Edit: It’s back up this morning

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 responses so far

Dec 30 2005

Google AdSense trojan

Published by under Malware,Phishing, scams, etc.

A trojan has been sighted that targets Google Adsense.  The program infects the computer and serves up bogus web ads rather than the context-sensitive ads normally served up by Google.  It’s not immediately clear from the article if it is the system serving up the web page that is being infected or the end user’s machine that has to have been previously infected to serve up the bogus ads.  So far details on the issue are fairly sketchy, and most of them refer back to the Tech Shout aricle, but there’s a little more information on JenSense.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 29 2005

Sony and the EFF reach a tentative settlement

Published by under General,Malware

The Electronic Frontier Foundation has come to a tentative agreement that will settle a number of the class action lawsuits that have been brought against Sony.  I hope the Sony and the other music corporations will learn from this and take a little kinder and mature approach towards their customers in the future.

In related news, one of the RIAA’s primary tools for finding who has been sharing files is being challenged in court.  Called an ‘ex parte’ order, it’s basically a subpoena that allows the RIAA to go fishing through an ISP’s log files, and many judges have apparently been allowing this without much technical oversight.  The programmer, Zi Mei, is also challenging the validity of the IP addresses that the RIAA did find through these means.  Just because you had an IP they found in their logs at one time, doesn’t mean you were the one who ‘stole’ their music.  Off the top of my head, I can probably think of a dozen ways the logs could be wrong, and I’m sure there are dozens more a good network engineer could explain.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 29 2005

So what was my big news?

Published by under Blogging

I didn’t want to post it on the blog until the ink had dried; starting January 1st, I will be blogging for ComputerWorld.  This will be blogging in addition to what I do on a daily basis here, not a replacement for this blog.  Basically, one of the editors at ComputerWorld had seen my blog, notice that I occasionally have write something worth reading, and that I blog daily even if I don’t.  I’m really looking forward to this opportunity to expand my readership and a way to make a little money off of what has basically been a hobby until now.  Yeah, they’re actually going to pay me to blog.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

4 responses so far

Dec 29 2005

Why do people think no one’s listening to their cell phone conversations?

Published by under Privacy,Simple Security

I found this article while reading Geek News Central.  I have never understood why people have some expectation of privacy while on a cell phone.  When the average person gets on the cell phone, they tend to tune out the outside world, and expect the outside world to tune them out.  And in general, this is a reasonable expectation; no one cares if your talking to your kids about their chores, or your buddy about Sunday’s football game.  But those expectations are false when your talking about personal information.  You are broadcasting to everyone close enough to hear your voice, and while a number of automatic filters click into place for the average person while talking about minutia, when you start talking about your bank account, a lot of people start listening.  The illusion of privacy is just that, an illusion, and if you’re talking about something interesting, people will listen.  And there are a lot of people who will find your bank account information interesting.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 29 2005

Bleeding Snort Signature for WMF vulnerability

Published by under IDS,Malware

Bleeding-Edge Snort  has a  signature available for the WMF vulnerability. 

#by mmlange
alert tcp any any -> $HOME_NET any (msg:"BLEEDING-EDGE CURRENT WMF Exploit"; flow:established; content: "|01 00 09 00 00 03 52 1f 00 00 06 00 3d 00 00 00|"; content:"|00 26 06 0f 00 08 00 ff ff ff ff 01 00 00 00 03 00 00 00 00 00|"; reference: url,www.frsirt.com/exploits/20051228.ie_xp_pfv_metafile.pm.php; classtype:attempted-user; sid:2002734; rev:1;)


[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 28 2005

You can try this

Published by under Malware

If you’re worried about the 0-day Microsoft vulnerability in the handling of WMF files, you can try this hint that Dave Klienman suggested on the CISSP mailing list:

;from Dave:

Actually just change:

[HKEY_LOCAL_MACHINE\SOFTWARE

\Classes\SystemFileAssociations\image\ShellEx\Co
ntextMenuHandlers\ShellImagePreview]
@=”{e84fda7c-1d6a-45f6-b725-cb260c236066}”

To  @=””

And reboot.  Or unregister the image view DLL;

To un-register Shimgvw.dll, follow these steps:

1.

Click Start, click Run, type “regsvr32 -u %windir%\system32\shimgvw.dll” (without the quotation marks), and then click OK.

2.

A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround:
The Windows Picture and Fax Viewer will no longer be started when users
click on a link to an image type that is associated with the Windows
Picture and Fax Viewer.

To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).

The unregister steps were directly from the Microsoft advisory on this vulnerability, but in typical Microsoft fashion, they were three levels in and somewhere the average, or even above average user, would never find them.  I wouldn’t have found it if not for Dave’s post and the fact that other, similar vulnerability alerts had listed the same steps in an easier to find fashion.

I’m not going to be doing this to my computer, and I’m not really suggesting you do this either.  I’m just letting you know that this is an option.   A better option would be to upgrade to Firefox 1.5, which doesn’t use the vulnerable DLL when viewing WMF files.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 28 2005

That’s just plain silly

Published by under General

So this is what a Google employee does with his Chrismas bonus!

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Dec 28 2005

Another reason to encrypt the entire database

Published by under PCI

Here’s just one more reason to encrypt the entire database whether you consider the information sensetive or not.  Marriott International lost computer backup tapes containing sensitive information for more than 200,000 people.  That’s a lot of people.  Was this the incident that sparked the mysterious reports of a breach over the weekend, or does that incident have yet to be revealed?

How does a company manage to lose a backup tape anyways?  Most of the companies I’ve worked for have a rigid policy concerning backup tapes.  When they come out of the computer, they go immediately into a lock box that is stored in a secure off-site location, with several layers of tracking to follow them.  If they disappear along the way, it’s usually pretty obvious where in the system the tapes were interecepted.

There are two levels of encryption that could or should have been employed on these backups.  First of all, encrypt the data in the database.  Encryption has a cost, which is mainly measured in the speed of your databases and the CPU usage on the server.  Secondly, many backup services today offer the option of encrypting the data on the tapes.  Use that option.  Here, the trade-off is similar; it slows down the backup and can cause recovery issues if you lose the key.  But it’s worth the added level of security.  Encryption is cheap, rebuilding your reputation is not. 

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

No responses yet

Next »