Dec 29, 2008

Google Reader Rant

I just can't say enough about Google Reader. I've been using it now for at least a year and it's truly the only place I go for news. You can really customize what feeds you see in an easy to understand and organize manner. It's easily readable on my iPhone and it tracks what items I've read from any system. It's easy to drill down and read just the items I'm interested in at the time. I can keep up to date on any number of subjects from local news to games or politics. Here is a list of a few features I use in Google Reader.
  • Easy to share or email stories and links to friends
  • Easy to star items for later reading
  • Grouping news feeds for quick access to specific news
  • Access from multiple platforms and locations
  • Import files from other RSS readers
  • Manage all subscriptions from a single page
  • Informative feed suggestions based on current subscriptions
  • Stats for tracking dead feeds
The Google team has done a great job keeping Reader up to date and current with a simple, recently updated interface that keeps me coming back for news day after day.

Rosetta Stone for Unix

Bruce Hamilton has a handy command translator for various flavors of Unix. He calls it a Rosetta Stone for Unix. It includes a large variety of information on Unix flavors from OS X to SunOS 4. If you take care of a variety of systems (or for some reason need to create a new user in AIX) this site has some great information for you.

Nov 21, 2008

G4 Cube Debian Install

I came across a complete G4 Cube and just had to do something with it. Just a little searching brought me to Cubeowner where I found a nice tutorial. It's installing now.

Here is a link to the Debian install ISO.

**Update** Very simple and easy install. Not a bit of trouble. Updating the system now via wireless (it found and configured my Airport card).

Sep 29, 2008

Remote Access Tools

MRemote is a great tool for accessing all types of remote access tools.

Sep 15, 2008

Forensics Blog

SANS has a new Computer Forensics blog up and running over at Wordpress. I'll add a link to the appropriate sidebar. For those interested, there are a lot of great forensics links on the SANS forensics page.

Sep 11, 2008

Identity Theft Poster

I came across this poster in my local post office and couldn't help but think how hard it will be for this guy to pass himself off as a "Mary Smith".

Sep 5, 2008

New Chrome EULA

I like the changes to Chrome EULA. It looks much better...
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services.
I can't imagine what they were thinking with the previous one. It must have been a mistake. Especially for an open source project. Glad to see the changes are retro-active too.

Sep 2, 2008

Aug 19, 2008

Microsoft Security Sites

Microsoft has a couple sites that offer good information for Home users to keep there information safe. Microsoft Security At Home has information about email scams, password safety and machine security.

The Microsoft Password checker will give you a good idea of how strong your passwords are and how strong they should be.

Unfortunately most people coming to these sites don't need this information. What we really need is a way to get people who NEED this information to READ this information.

Aug 11, 2008

Gmail Woes

Apparently Gmail is having some major issues. Being the geek that I am, I have numerous Gmail accounts and they are all giving me this error...

We’re sorry, but your Gmail account is currently experiencing errors. You won’t be able to use your account while these errors last, but don’t worry, your account data and messages are safe. Our engineers are working to resolve this issue.

Please try accessing your account again in a few minutes.
I'm sure they will solve the problem soon. I can't live without my GMAIL!

CERT Home Security Pages

CERT offers a lot of great security information for all types of computer users from advanced businesses to home users.

The Home Network Security page and the Home Computer Security page are two great resources for home users.

Aug 9, 2008

Zendesk Helpdesk Software

I noticed a Google ad for Zendesk the other day so I thought I should add them to my list of links on the sidebar. I have no experience with the software but the page is nice and who would like something with "zen" in the title?

Aug 8, 2008

Antiphishing Website is a nice resource for antiphishing information. They have an extensive list of whitepapers and resources to help prevent phishing attacks. Plus a link to a new term I have not seen before; crimeware. I have added them to the links on the sidebar.

Aug 5, 2008

Seven Popular Online Blunders

Consumer Reports has a nice list of the Seven Common Online Blunders. Some of them can lead to identity theft or at least a couple hours/days rebuilding your workstation.

Aug 4, 2008

Firefox Addons: Better Gmail 2

Better Gmail 2 is a great Firefox addon that can do a few nice things for Gmail. Most importantly it can force an encrypted connection (https). But it also has various skins to brighten up the Gmail interface. I highly recommend it.

Aug 2, 2008

Apple patches DNS, kinda

It looks like Apple tried but didn't quite complete the task. There will certainly be another update. Let's hope it's sooner rather than later.

Jul 30, 2008

Facebook and the F.B.I.

The F.B.I. is warning of email spam that mentions “F.B.I. vs. Facebook" and attempts to infect the machine with the Storm Worm if the included link is followed.

They offer a great list of precautions to take when dealing with email.
  • Do not respond to unsolicited (spam) e-mail.
  • Be skeptical of individuals representing themselves as officials soliciting personal information via e-mail.
  • Do not click on links contained within an unsolicited e-mail.
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
  • Validate the legitimacy of the organization by directly accessing the organization's website rather than following an alleged link to the site.
  • Do not provide personal or financial information to anyone who solicits information.

Open Source Monitoring Tool

GroundWork Monitor is a nice looking open source monitoring application. I'll add it to the link list on the right.

I'll update here after I have more information on the application. A friend of mine is configuring it now. On the surface it looks similar to Nagios.

Jul 28, 2008

Howto Update the SPSS 16 License Server IP Address

I had to update the IP address of the SPSS 16 license manager on a number of prototype machines today and I couldn't track it down in the SPSS directory. I had to turn to Google who tracked it down on an SPSS site for me.
Check the appropriate spssprod.inf file. This file is located in the product installation directory on the desktop computer. Open spssprod.inf and make sure DAEMONHOST is set to the correct name or IP address of the computer on which the license manager is running. If you are using redundant servers, this should be blank.
Much easier than putting site license files on each machine. I should have done this years ago.

Jul 15, 2008

Maryland Discloses Personal Data Online

Security Fix is reporting the latest disclosure of personal data on the web via state run web sites. Apparently they are allowing anyone to search court records revealing all sorts of personal information including SSNs and home addresses.

Jul 3, 2008

Google Opens Access to Ratproxy Tool

Google has announced on their security blog that Ratproxy will now be offered as Open Source. Ratproxy...
is designed to transparently analyze legitimate, browser-driven interactions with a tested web property and automatically pinpoint, annotate, and prioritize potential flaws or areas of concern
I don't know that I will be installing this at home but it's certain to be a good tool for the right location.

"Microsoft Office" Available for Rental

Slashdot has a story announcing that Microsoft will begin to be offered at Circuit City stores for $70/year.

I find it amazing that people will still pay for software just because it's the "industry standard" when there are so many alternatives out there that work just as well for free. If you can't grasp the idea of Google hosting your application there is always OpenOffice. Even Apple has decided Microsoft has held the reigns too long. iWork offers about the same group of applications for just a little more than 1 year of Microsoft Office.

Jun 2, 2008

Phishing and ID Theft Information

We have been hit with a large amount of Phishing email lately. Someone forwarded these resources to a list I am on. Great links with helpful information.

Phishing FAQ from USC

Online Tips from the FTC

ID Theft help from the FTC

May 30, 2008

Appeasing your IT Department

These are all pretty good. Certainly they have been around a while but still funny.

How To Appease The I.T. Dept.

01. When you call us to have your computer moved, be sure to leave it buried under half a ton of postcards, baby pictures, stuffed animals, dried flowers, bowling trophies and children's art. We don't have a life, and we find it deeply moving to catch a fleeting glimpse of yours.

02. Don't write anything down. Ever. We can play back the error messages from here.

03. When an I.T. Person says he's coming right over, go for coffee. That way you won't be there when we need your password. It's nothing for us to remember 700 screen saver passwords.

04. When you call the help desk, state what you want, not what's keeping you from getting it. We don't need to know that you can't get into your mail because your computer won't power on at all.

05. When I.T. Support sends you an E-Mail with high importance, delete it at once. We're just testing.

06. When an I.T. Person is eating lunch at his desk, walk right in and spill your guts right out. We exist only to serve.

07. Send urgent email all in uppercase. The mail server picks it up and flags it as a rush delivery.

08. When the photocopier doesn't work, call computer support. There's electronics in it.

09. When something's wrong with your home PC, dump it on an I.T. person's chair with no name, no phone number and no description of the problem. We love a puzzle.

10. When an I.T. Person tells you that computer screens don't have cartridges in them, argue. We love a good argument.

11. When an I.T. Person tells you that he'll be there shortly, reply in a scathing tone of voice: "And just how many weeks do you mean by shortly?" That motivates us.

12. When the printer won't print, re-send the job at least 20 times. Print jobs frequently get sucked into black holes.

13. When the printer still won't print after 20 tries, send the job to all 68 printers in the company. One of them is bound to work.

14. Don't learn the proper term for anything technical. We know exactly what you mean by "My thingy blew up".

15. Don't use on-line help. On-line help is for wimps.

VLAN Information

Here is a great writeup on VLANs. I had a question about them recently and this really helped me understand how they work.

May 20, 2008

OSU Parking server hacked

OSU Parking Services and Transit Incident

Oklahoma State University has discovered that a server under the control of OSU Parking and Transit Services had been accessed from another country without authorization. The database contained confidential information, specifically the names, addresses and Social Security numbers of OSU faculty, staff and students who had purchased a parking permit between July 2002 and March 2008.

Upon discovering this intrusion, the IT Information Security Office immediately removed the server from the network to evaluate server activity to ascertain if personal information had been accessed. The confidential information has been removed from the database.The illegal access was limited to the parking and transit server.

As a result of its investigation, OSU believes the intruder's purpose and only action was to use the OSU server for storage capacity and bandwidth to upload and distribute illegal and inappropriate content. OSU contacted and worked with federal law enforcement authorities.

After evaluation of all available data related to this incident, OSU found no evidence which would indicate that the database was copied or viewed by the hacker; however, OSU cannot say with 100 percent certainty that the hacker did not access personally identifiable information.

We are not aware of any instances of misuse of this information or of any identify theft as a result of the temporary availability of this information. OSU recommends you carefully review any bills or financial transactions you receive in the near future to ensure that the charges associated with your accounts are accurate.

OSU President Burns Hargis said, "This breakdown in security is totally unacceptable. We are conducting a full review and will take whatever steps are necessary to protect our network from unauthorized access. This is a serious matter and we will deal with it aggressively. We regret the circumstances and concern this situation has caused."

Apr 21, 2008

Great Network Monitor and Mapping Tool

Someone sent this across a list at work and it was recommended by many people. I'll have to check it out when I get a chance.

New Bigger and Better Eee Pc coming soon...

ASUS Showcases Expanded Eee PC Family of PCs at CeBIT 2008

And to think I almost bought one of the current ones. I guess no matter how you go about it there will be an upgrade right around the corner.
Expanding the Eee PC Family
ASUS has made several innovative improvements with the next generation of the
Eee PC – dubbed the Eee PC 900. These new technologies will bring about a brand
new concept for Internet access with 1G of memory, larger storage of up to 12GB, and wider 8.9-inch screens. These new Eee PCs will cost 399 Euro each, and will be available in summer this year – to select countries on the first wave of launch. All of these new models will be Windows ready, and will provide users with a chance to enjoy a brand new PC experience while on the go.
As long as there are plenty of expansion slots I don't care so much about the storage. It's the larger screen that makes this one more appealing.

Apr 15, 2008

New Malware Threat Center

The non-profit group SRI has opened a Malware Threat Center that will track the most aggressive malware attacks. It looks to be a great service. I'll be sure to check back for other resources and possible news feeds.

Apr 11, 2008

Latest Microsoft exploit seen in the wild

Symantec Threatcon Level 2

Published: 2008-04-10,
Last Updated: 2008-04-11 14:01:03 UTC
by Deborah Hale (Version: 1)

It appears that Symantec has raised the Threatcon to Level 2 this afternoon.

It seems that their honeypots have sniffed out "In-the-Wild Exploit attempts" targeting the vulnerability identified in MS08-021 which allows remote code execution in GDI if a user opens a specially crafted EMF or WMF image file. Microsoft announced this in their latest super Tuesday release.

If you haven't already patched do so now and don't forget to remind your users not to open image files.

Apr 9, 2008

Patch your Adobe Flash Players

Adobe Flash Player Vulnerabilities

added April 9, 2008 at 07:34 am | updated April 9, 2008 at 10:36 am

Adobe has released Flash Player to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or conduct cross-site scripting attacks.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-100A.

US-CERT encourages users to review Adobe Security Bulletin APSB08-11 and upgrade to Flash Player to help mitigate the risks.

Apr 7, 2008

Ubuntu 7.04 Feisty Fawn on USB

Reposted here on Blogger from my old Drupal install.

With just a little help I managed to get the latest Ubuntu running on a new 2GB USB stick. I must say I am impressed. I had a few setbacks but the whole thing only takes a few minutes so starting over isn't that big of an issue.

First thing is this tutorial. It works flawlessly for most of the work. I even cut and pasted a lot the commands. As noted the default Feisty Fawn ISO does not support persistent mode so I had to hunt down a patched ISO for the build part.

I used an old Dapper Dan live CD for my system to work from. It recognized all my hardware (Dell Optiplex 745 Core DUO) and the commands from the tutorial are identical (you will have to apt-get lilo, syslinux, and mtools).

This is the patched image for the build due to the problems with the default Feisty Fawn. I put this ISO on a spare 1GB USB stick since it doesn't fit on a CDR. I mounted this ISO as the "ubuntuCD" referred to in the tutorial.

The only trouble I had after building the USB image was with my laptop. I have a Dell Latitude D810 and for some reason I was getting "missing operating system" when attempting to boot from the USB drive. It worked fine on the Optiplex but not in the laptop. I reviewed the tutorial and decided to run the lilo command (lilo -M /dev/sdb) on the drive. After that it worked perfectly.

I can't say how impressed I am with the 7.04 build of Ubuntu. It works wonderfully on my laptop. It found all my devices and looks beautiful. I just joined my wireless network and I was up and running.

One thing I have figured out. The update component of Ubuntu will destroy the custom USB install. You will have to update the ISO and build it into the 1st partition of the install if you want updates. The good news is that if you do hose your entire USB install you just have to rebuild the 2nd partition. The first partition acts as a LiveCD and allows you to "fix" any problems you might have with the custom side of things.

Apr 3, 2008

Bits vs. Bytes

This document is intended for novice use.

A bit is the smallest unit of information that can be stored or manipulated on a computer; it consists of either zero or one. Depending on meaning, implication, or even style it could instead be described as false/true, off/on, no/yes, and so on. We can also call a bit a binary digit, especially when working with the 0 or 1 values.

A bit is not just the smallest unit of information, but for sake of discussion it can be said that a bit is also the largest unit of information a computer can manipulate. The bits are bunched together so the computer uses several bits at the same time, such as for calculating numbers. When a "bunch" means eight bits then it is called a byte.

A byte also happens to be how many bits are needed to represent letters of the alphabet and other characters. For example, the letter "A" would be 01000001; my initials "KJW" would be 010011000100110101010110. To make this a little bit easier to see where the bytes are it is customary place a comma every four digits, to make what are sometimes called nibbles: 0100,1100,0100,1101,0101,0110. That's not really much easier for people to read or write--and many computer engineers, programmers, and analysts need to read and write even longer binary codes than this.

It so happens that there are only 16 different ways to write 0's and 1's four times. So something called hexademical code can be used to make the numbers shorter by translating each nibble (or half-a-byte) like this:

Binary: 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
Hexademical: 0 1 2 3 4 5 6 7 8 9 A B C D E F

So my initials would look like this:

(or bytes)
(or nibbles)
0100 1100 0100 1101 0101 0110
(also nibbles)
4 B 4 C 5 7

So of course "4B4C57" is much easier to understand than "010011000100110101010110". To make it even a little bit easier to use commas are usually put in every 4th hexademical character just like was done for the binary digits. That would make my initials look like "4B,4C57". A group of 4 hexademical characters -- which would be 16 bits long -- is called a halfword.

Copyright © 1999 Kevin J. Walsh /KJW

Emacs Reference Card

Leaving Emacs

suspend Emacs (or iconify it under X)              C-z
exit Emacs permanently C-x C-c


read a file into Emacs                             C-x C-f
save a file back to disk C-x C-s
save all files C-x s
insert contents of another file into this buffer C-x i
replace this file with the file you really want C-x C-v
write buffer to a specified file C-x C-w

Getting Help

The Help system is simple. Type C-h and follow the directions. If you are a first-time user, type C-h t for a tutorial.
remove Help window                                 C-x 1
scroll Help window ESC C-v

apropos: show commands matching a string C-h a
show the function a key runs C-h c
describe a function C-h f
get mode-specific information C-h m

Error Recovery

abort partially typed or executing command         C-g
recover a file lost by a system crash M-x recover-file
undo an unwanted change C-x u or C-`
restore a buffer to its original contents M-x revert-buffer
redraw garbaged screen C-l

Incremental Search

search forward                                     C-s
search backward C-r
regular expression search C-M-s
reverse regular expression search C-M-r

select previous search string M-p
select next later search string M-n
exit incremental search RET
undo effect of last character DEL
abort current search C-g
Use C-s or C-r again to repeat the search in either direction. If Emacs is still searching, C-g cancels only the part not done.


entity to move over                        backward      forward

character C-b C-f
word M-b M-f
line C-p C-n
go to line beginning (or end) C-a C-e
sentence M-a M-e
paragraph M-- M-"
page C-x [ C-x ]
sexp C-M-b C-M-f
function C-M-a C-M-e
go to buffer beginning (or end) M-<>

scroll to next screen C-v
scroll to previous screen M-v
scroll left C-x <>
scroll current line to center of screen C-u C-l

Killing and Deleting

entity to kill                             backward      forward
character (delete, not kill) DEL C-d
word M-DEL M-d
line (to end of) M-0 C-k C-k
sentence C-x DEL M-k
sexp M-- C-M-k C-M-k

kill region C-w
copy region to kill ring M-w
kill through next occurrence of char M-z char

yank back last thing killed C-y
replace last yank with previous kill M-y


set mark here                                      C-@ or C-SPC
exchange point and mark C-x C-x

set mark arg words away M-@
mark paragraph M-h
mark page C-x C-p
mark sexp C-M-@
mark function C-M-h
mark entire buffer C-x h

Query Replace

interactively replace a text string                M-%
using regular expressions M-x query-replace-regexp
Valid responses in query-replace mode are:
replace this one, go on to next                    SPC
replace this one, don't move ,
skip to next without replacing DEL
replace all remaining matches !
back up to the previous match ^
exit query-replace ESC
enter recursive edit (C-M-c to exit) C-r

Multiple Windows

delete all other windows                           C-x 1
delete this window C-x 0
split window in two vertically C-x 2

split window in two horizontally C-x 3

scroll other window C-M-v
switch cursor to another window C-x o

shrink window shorter M-x shrink-window
grow window taller C-x ^
shrink window narrower C-x -
grow window wider C-x "

select buffer in other window C-x 4 b
display buffer in other window C-x 4 C-o
find file in other window C-x 4 f
find file read-only in other window C-x 4 r
run Dired in other window C-x 4 d
find tag in other window C-x 4 .


indent current line (mode-dependent)               TAB
indent region (mode-dependent) C-M-"
indent sexp (mode-dependent) C-M-q
indent region rigidly arg columns C-x TAB

insert newline after point C-o
move rest of line vertically down C-M-o
delete blank lines around point C-x C-o
join line with previous (with arg, next) M-^
delete all white space around point M-"
put exactly one space at point M-SPC

fill paragraph M-q
set fill column C-x f
set prefix each line starts with C-x .

Case Change

uppercase word                                     M-u
lowercase word M-l
capitalize word M-c

uppercase region C-x C-u
lowercase region C-x C-l
capitalize region M-x capitalize-region

The Minibuffer

The following keys are defined in the minibuffer:
complete as much as possible                       TAB
complete up to one word SPC
complete and execute RET
show possible completions ?
fetch previous minibuffer input M-p
fetch next later minibuffer input M-n
regexp search backward through history M-r
regexp search forward through history M-s
abort command C-g
Type C-x ESC ESC to edit and repeat the last command that used the minibuffer. The following keys are then defined:
previous minibuffer command                        M-p
next minibuffer command M-n


select another buffer                              C-x b
list all buffers C-x C-b
kill a buffer C-x k


transpose characters                               C-t
transpose words M-t
transpose lines C-x C-t
transpose sexps C-M-t

Spelling Check

check spelling of current word                     M-$
check spelling of all words in region M-x ispell-region
check spelling of entire buffer M-x ispell-buffer


find a tag (a definition)                          M-.
find next occurrence of tag C-u M-.
specify a new tags file M-x visit-tags-table

regexp search on all files in tags table M-x tags-search
run query-replace on all the files M-x tags-query-replace
continue last tags search or query-replace M-,


execute a shell command                            M-!
run a shell command on the region M-_
filter region through a shell command C-u M-_
start a shell in window *shell* M-x shell


copy rectangle to register                         C-x r r
kill rectangle C-x r k
yank rectangle C-x r y
open rectangle, shifting text right C-x r o
blank out rectangle M-x clear-rectangle
prefix each line with a string M-x string-rectangle


add global abbrev                                  C-x a g
add mode-local abbrev C-x a l
add global expansion for this abbrev C-x a i g
add mode-local expansion for this abbrev C-x a i l
explicitly expand abbrev C-x a e

expand previous word dynamically M-/

Regular Expressions

any single character except a newline              .   (dot)

zero or more repeats *
one or more repeats +
zero or one repeat ?
any character in the set [ : : :]
any character not in the set [^ : : :]
beginning of line ^
end of line $
quote a special character c "c
alternative ("or") "_
grouping "( : : :")
nth group "n
beginning of buffer "`
end of buffer "'
word break "b
not beginning or end of word "B
beginning of word "<>
any word-syntax character "w
any non-word-syntax character "W
character with syntax c "sc
character with syntax not c "Sc


save region in register                            C-x r s
insert register contents into buffer C-x r i

save value of point in register C-x r SPC
jump to point saved in register C-x r j


enter the Info documentation reader                C-h i
Moving within a node:
   scroll forward                                  SPC
scroll reverse DEL
beginning of node . (dot)
Moving between nodes:
   next node                                       n
previous node p
move up u
select menu item by name m
select nth menu item by number (1-5) n
follow cross reference (return with l) f
return to last node you saw l
return to directory node d
go to any node by name g
   run Info tutorial                               h
list Info commands ?
quit Info q
search nodes for regexp s

Keyboard Macros

start defining a keyboard macro                    C-x (

end keyboard macro definition C-x )
execute last-defined keyboard macro C-x e
append to last keyboard macro C-u C-x (
name last keyboard macro M-x name-last-kbd-macro
insert Lisp definition in buffer M-x insert-kbd-macro

Commands Dealing with Emacs Lisp

eval sexp before point                             C-x C-e
eval current defun C-M-x
eval region M-x eval-region
eval entire buffer M-x eval-current-buffer
read and eval minibuffer M-ESC
re-execute last minibuffer command C-x ESC ESC
read and eval Emacs Lisp file M-x load-file
load from standard system directory M-x load-library

Simple Customization

Here are some examples of binding global keys in Emacs Lisp. Note that you cannot say ""M-#"; you must say ""e#".
(global-set-key ""C-cg" 'goto-line)
(global-set-key ""C-x"C-k" 'kill-region)
(global-set-key ""e#" 'query-replace-regexp)
An example of setting a variable in Emacs Lisp:
(setq backup-by-copying-when-linked t)

Writing Commands

(defun command-name  (args)
(interactive "template")
An example:
(defun this-line-to-top-of-window (line)
"Reposition line point is on to top of window.
With ARG, put point on line ARG.
Negative counts from bottom."
(interactive "P")
(recenter (if (null line)
(prefix-numeric-value line))))
The argument to interactive is a string specifying how to get the arguments when the function is called interactively. Type C-h f interactive for more information.

Copyright c 1993 Free Software Foundation, Inc.
designed by Stephen Gildea, May 1993 v2.0
for GNU Emacs version 19 on Unix systems
Permission is granted to make and distribute copies of this card provided the copyright notice and this permission notice are preserved on all copies.
For copies of the GNU Emacs manual, write to the Free Software Foundation, Inc., 675 Massachusetts Ave, Cambridge MA 02139.

Apr 1, 2008

JiggletheCable Purchased by LPGroup

The LPGroup, a small independent research and development Think Tank based in Lawrence, KS, has purchased for an undisclosed amount. It is unclear what the plans are for the service and no announcement has been made. We will continue to update this story throughout the day.

Mar 27, 2008

Nice Safari for Windows EULA mistake

I really can't stand this new auto-install mentality of software developers anymore. It seems any application you install has some sort of online auto-update feature. This is a perfect example of how dangerous it can be. At least we used to have the choice of installing a vulnerable product. Now it can happen even without our knowledge.

The article goes on to say how you aren't in any legal danger by installing Safari on your PC. It's obviously a mistake from Apple. The EULA for a Windows product says that you can't install it on a non-Apple machine. That is just not possible. Jonathan Kramer, a lawyer for the Kramer Telecom Law Firm, says "You can't enforce a term that's impossible."

Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks

recoiledsnake writes
"The new Safari 3.1 for Windows has been hit with two 'highly critical'(as rated by Secunia) vulnerabilities that can result in execution of arbitrary code. The first is due to an improper handling of the buffer for long filenames of files being downloaded, and the second can result in successful spoofing of websites and phishing. This comes close on the heels of criticism of Apple for offering Safari as a update for approximately 500 million users of iTunes on Windows by default, and reports of crashes. There are currently no patches or workarounds available except the advice to stay clear of 'untrusted' sites."

Further, Wormfan writes
"The latest version of Safari for Windows makes a mockery of end user licensing agreements by only allowing the installation of Safari for Windows on Apple labeled hardware, thereby excluding most Windows PCs."

Mar 24, 2008

Trend Micro gets hacked

Of course it involves porn :/

Mass Hack Attack

Posted by Laureli Mallek Wed, 19 Mar 2008 17:04:00 GMT

As Cnet and ITNews reported, Trend Micro got hacked last week. It was later discovered that users who visited the site got lucky in a big way: “We now know that the redirect on the site was broken code,” Mr Sweeny, Trend Micro’s spokesperson told ITnews. “It didn’t work properly and didn’t infect anybody.”

Additionally ITNews reported that a different wave of infection has formed, and it involves working code. This second mass attack is different, since it attempts to trick users into manually downloading an infectious codec.

The difference is linked with the modes of assault, ASP versus phpBB, AvertLabs explains. ASP attacks tend to focus on exploits that manipulate vulnerabilities in browsers or other software. The phpBB attacks use social engineering by exploiting the cognitive biases of users. I give the latter approach more points for interaction and creativity to manipulate users. Those points (sadly) get negated by the terminal result of those efforts.

Maybe the 200,000 users who went for the faux-porn offer (enough that they tried to download the player) should remember if the prize is too big, its probably not worth th download.

Mar 22, 2008

Microsoft Releases Windows Vista Service Pack 1

Microsoft Releases Windows Vista Service Pack 1

added March 19, 2008 at 04:53 pm

Microsoft has released Windows Vista Service Pack 1. This Service
Pack provides updates to increase reliability, performance,
compatibility, and security.

US-CERT encourages users review the following Microsoft articles:

Mar 20, 2008

Patch your Macs!

Apple patches a pile of flaws
Published: 2008-03-19

Apple also updated its Safari Web browser on Tuesday, correcting 13 issues that affect the application running on the Mac OS X and Windows operating system, according to the company's advisory. Many of the flaws manifest as cross-site scripting issues, but at least one vulnerability could allow remote code execution. More information about the patches can be found on Apple's security site.

Consumer technology company Apple released two updates on Tuesday to fix more than a hundred flaws in its Mac OS X operating system, the OS's open-source components and the company's Safari Web browser.

The software patch for the Mac OS X closes at least 95 security holes in various parts of the operating system and the system's open-source components, though many of the flaws do not affect the latest version of the operating system, Mac OS X 10.5 "Leopard". Applications with a high number of patches include the Apache Web server (10 issues), the Clam AV antivirus scanner (19 issues), PHP Web software (10 issues), and the X11 graphics library (14 issues), the company said in its advisory.

The updates are the second time this year that the company has fixed vulnerabilities in its operating system. Apple has also patched its multimedia platform, QuickTime, and updated the iPhone earlier this year.

More information about the patches can be found on Apple's security site.

If you have tips or insights on this topic, please contact SecurityFocus.

Mar 6, 2008

Paypal doesn't like Safari

PayPal to Safari users: 'Ditch it'

By Jeff Smykil | Published: February 29, 2008 - 10:30AM CT

While current browser share estimates for Apple's Safari web browser hover somewhere in the 4.5 percent range, Safari is attracting some unwanted attention from PayPal, the eBay-owned payment company. PayPal is urging its users to ditch Safari and instead use alternative browsers such as Internet Explorer 7, IE 8, Firefox 2, Firefox 3, or even Opera.

The reason for the warning is Safari's lack of anti-phishing technology. Currently the Apple browser does not alert users to sites that could be phishing for your info, and it lacks support for Extended Validation. PayPal is, of course, a popular site among phishers in their neverending search for personal information, user IDs, and passwords.

While it's not entirely fair singling out Safari (other Mac browsers like Camino also also lack this support), it is perhaps at least a helpful reminder of the threat. Embarrassingly enough, (what don't I keep from you folks?) I have fallen for a PayPal-related phishing scam. It was early in the morning and I realized my error as soon as I hit enter; nonetheless, there was the possibility that the phishers got my login information. At least I was lucky enough to realize I screwed up and was able to change my login information on that, and other sites, right away.

I use Camino as my full-time browser, so Safari didn't fail me, but it would have. As annoying as I sometimes find the antiphishing features at work where I use a PC, the small annoyance would have saved me an even larger one in the end.

Feb 26, 2008

This is why I don't like Real Player

Responding to RealPlayer

Posted by Erica George
Thu, 21 Feb 2008 16:35:00 GMT

RealNetworks yesterday posted a response to StopBadware’s alert (and later full report) labeling its RealPlayer software versions 10.5 and 11 as badware. Unfortunately, Real seems to have chosen to explain away the issues we noted in its software, rather than working to change RealPlayer’s badware behaviors, missing the larger point of our report. What’s at issue is not whether downloading RealPlayer “actually hurts anyone,” but that both versions of RealPlayer which we reviewed limit the ability of computer users to make informed choices about what happens on their computers – which violates our guidelines.Real suggests that consumers might enjoy RealPlayer 10.5 Message Center’s ability to display ads. But as Real admits, many users find that type of ad annoying and unwanted. If an application’s default behavior disrupts a user’s normal and expected computer use with ads and does not disclose that fact clearly before the user chooses to install, it violates our guidelines.

Real’s blog post states that RealPlayer 10.5 is outdated, obsolete, and fully replaced by version 11. Many prominent web links for RealPlayer still lead to the download page for the older version. To truly make RealPlayer 10.5 obsolete, Real needs to do its best to take its outdated software out of circulation. We urge Real to stop distributing RealPlayer 10.5 and redirect the download page for 10.5 to the page for the latest version.

As Real explains in its response, there are legitimate reasons to bundle the Rhapsody player engine with RealPlayer 11. But not disclosing the inclusion of the Rhapsody player is a significant oversight, in contrast to other disclosures in the installation for RealPlayer 11. Users have a right to know if Rhapsody Player Engine is being installed on their computers. Users who choose to remove RealPlayer from their machines should also be able to remove anything that installed along with it just as simply. Real notes in its blog post that the Rhapsody player can be seen and uninstalled from the control panel. Expecting users to seek out a program they are not even aware is on their machine is simply not enough. For users to be able to make informed choices about what software is on their computers, bundled applications need to be disclosed and easily removable if the core application is uninstalled.

Also, if users have no idea that the Rhapsody player software is installed on their computers, they won’t know to keep it updated. Many media player engines have security flaws that have been exploited in the wild. Once these flaws are found they can be fixed with software patches – but only if the user knows to download the patch or updated version. If the Rhapsody player sits on a user’s computer for two or three years without security updates, it could become a serious and potentially harmful vulnerability.

When StopBadware chooses applications to research and report, we don’t focus only on applications that are clearly egregiously harmful. Trojans and keyloggers and other malware are bad, and the average consumer doesn’t need us to tell them that. Where consumers can use a little help, however, is in figuring out which commonly available applications require extra caution. When a computer user chooses to download an application, they are placing their trust in the software’s makers and distributors. It’s the responsibility of the companies behind consumer software to make sure their productsfully live up to that trust.

StopBadware believes that software applications should be held to a high standard of full
disclosure and user consent. That belief is the underlying principle for our software guidelines,
which we apply to determine if an application should be considered badware. Our computers are increasingly important parts of our lives, and we deserve to have control over the software that is on them.

We welcome a continuation of our dialog with the folks at RealNetworks, and we hope that Real will move to addressing the concerns we’veraised in its next update.

Feb 25, 2008

CBORD Group sold to Roper Industries

The CBORD group (CSGold, CSPrint and the like...) has been sold to Roper Industries for a cool 367 Million. You can read all about it here.

CBORD provides "card services" for many colleges campuses (including KU) around the world including theme parks and supermarkets.

I doubt this will mean anything to the customers but who knows. Moving away from Diebold can't really be a bad thing.

Feb 24, 2008

Critical VMware security alert for Windows-hosted VMware client versions Published

Critical VMware security alert for Windows-hosted VMware client versions Published:

Published: 2008-02-24,
Last Updated: 2008-02-24 12:19:22 UTC
by Raul Siles (Version: 1)

During the last couple of years intensive security research has been performed on virtualization environments, like VMware, Virtual PC, XEN etc. It has been mainly focused on finding new ways to detect if you are running inside a virtual machine (vs. a native host), and finding ways to escape from a virtual machine to the host (or to another virtual machine).

This new VMware vulnerability discovered by Core means a full scape from the guest virtual machine to the host is possible: "On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations."

It has been rated as critical by VMware and it affects all VMware client products on Windows, that is:

  • VMware Workstation 6.0.2 and earlier, AND 5.5.4 and earlier
  • VMware Player 2.0.2 and earlier, AND 1.0.4 and earlier
  • VMware ACE 2.0.2 and earlier, AND 1.0.2 and earlier

VMware on Mac OS (Fusion) and Linux are not affected by it.

By default, the shared folders feature is disabled in Workstation 6, Player 2, and ACE 2. Workstation 5, Player 1, and ACE 1 enable the shared folders feature by default, but exploiting this vulnerability still requires at least one folder to be configured as shared between the host and guest.

The impact on production environments is supposed to be limited as they tend to use the server versions. However, we, as security professionals, make an extensive use of virtualization technologies for multiple purposes: malware analysis, incident response, forensics, security testing, training, etc, and we typically use the client versions of the products, so... It is time to disable the shared folder capabilities!!, as no update or patch is available yet:

Workaround (from the VMware advisory)

Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders.

To disable shared folders in the Global settings:
  1. From the VMware product's menu, choose Edit &gt; Preferences.
  2. In the Workspace tab, under Virtual Machines, deselect the checkbox for Enable all shared folders by default.
To disable shared folders for the individual virtual machine settings:
  1. From the VMware product's menu, choose VM &gt; Settings.
  2. In the Options tab, select Shared Folders and Disable.

Feb 21, 2008

Images: How to bypass FileVault, BitLocker security | CNET

Images: How to bypass FileVault, BitLocker security | CNET

OSU Bows to RIAAs Demands for Student Names

I hope this isn't a sign of what's to come in the Big 12.

University Bows to RIAAs Demands for Student Names - jcgam69 writes "Hours after a federal court judge ordered Oklahoma State University to show cause why it shouldn't be held in contempt for failing to respond to an RIAA subpoena, attorneys for the school e-mailed a list of students' names to the RIAA's attorneys. But now that the RIAA has what it wanted, the group is unsure about how to go about sending out its pre-litigation settlement letters. Some of the students are represented by an attorney, meaning that the RIAA is barred from contacting them directly."

Read more of this story at Slashdot.

What is Spyware?

What is it?

Spyware is a very active and dangerous threat to any computer connected to the internet where users browse the web. If new toolbars or multiple popup ads and banners suddenly appear while you are browsing the web, you most likely have some kind of Spyware or Adware. However, even if you don't see this type of behavior you may still be infected. These applications can remain silent in the background collecting information about where you go and what you do on the internet. Then it uploads this information to home servers while your machine is idle. Sometimes this activity takes place while you are trying to use the machine. This can make your internet connection or any type of activity on your machine very slow and almost unresponsive.

What can I do about it?

There are several applications that will clean and remove most Spyware. However, some of the more advanced products require many steps and possibly rebooting your machine several times.

Since most of these nasty applications simply open the door to other nasty applications you rarely have just one. For this reason you need to make sure you remove every part of every application or your machine will simply become re-infected in a matter of seconds. This is why more than one application is recommended when trying to secure against or recover from Spyware infections.

It is important to note that many Spyware applications will disguise themselves as a Spyware removal tool. Make sure to "Google" any application before installing. Most likely, someone has experienced that application before and this will give you a hint on its reputation.

To defend against Spyware I recommend the following steps.
  • Use Firefox for all browsing unless you are at a KNOWN TRUSTED SITE that requires IE.
  • Install some or all of the applications below.
  • Browse wisely.
    • Never click a link in an email. If you must open a link from email, copy then paste it into your browser.
    • NEVER click any link or button from a popup window. Popups will appear as a new browser window. Unless you intentionally started that application, do not click on any links or buttons. If in doubt don't click anything, do an "alt-F4" to close the window.
    • Keep your eye on the address bar. Make sure you haven't wandered onto an un-trusted or shady site. People browse the web so quickly anymore it is easy to follow links onto a site that should not be trusted. Most reputable sites will not try to hide the site name. If you think you are at it should say that in the address bar, not just an IP address.
  • Keep Windows up to date.
  • If you are really paranoid you can use the Noscript plugin for Firefox.
  • Browse the Internet from behind a Firewall that blocks attacks on certain ports. Make sure this Firewall is checked and updated regularly.
Safe Anti-Spyware Applications
  • Spybot-S&D: A freeware program maintained and updated with new spyware information regularly. A great tool to remove Spyware from your PC, also be sure to click on the "Search for Updates" button and then if any new updates are displayed, make sure they are checked and then click "download updates". Additionally after you have updated click the immunization button to prevent many common Spyware instances on your PC in the future.
  • Ad-Aware: Another freeware program for searching and removing Spyware. The interface is more user friendly, however the freeware version does not contain any sort of preventative measures against future Spyware infections.
  • Webroot's Spy Sweeper is an excellent product with a full-featured demo that is free to download. The free demo allows you to update your Spyware definitions once. Ongoing protection and definition updates are fee-based.
  • SpywareBlaster: SpywareBlaster does not clean spyware and Adware from your system, but it can help prevent it. SpywareBlaster does not run in the background, so your system won't take a performance hit if you decide to install it. This program is freeware, however the automatic update feature is fee-based.
  • Google Toolbar: Among its other features, the Google Toolbar includes a popup blocking feature. The Google Toolbar is freeware.
  • House Call: Not really a download, but an online virus scanner that can bypass problems in Windows that allow certain viruses to prevent themselves from being deleted from your system. Unfortunately it requires ActiveX, an insecure Internet Explorer to run (there is a Netscape only version, but it seems to be very buggy). The advantages outweigh this small problem, however.
  • Microsoft's Antispyware: Microsoft's Anti-Spyware solution, which is based on the award-winning Giant AntiSpyware Suite. This product is still in Beta, but it is effective at cleaning certain types of threats (Spyware Agents, for example) that other virus/spyware scanners can't detect/clean.

We'll see how this works...

This is a test of the Blogger interface. I'd like to see how much I can do before transferring domains off Drupal.