Feb 26, 2008

This is why I don't like Real Player

Responding to RealPlayer

Posted by Erica George
Thu, 21 Feb 2008 16:35:00 GMT

RealNetworks yesterday posted a response to StopBadware’s alert (and later full report) labeling its RealPlayer software versions 10.5 and 11 as badware. Unfortunately, Real seems to have chosen to explain away the issues we noted in its software, rather than working to change RealPlayer’s badware behaviors, missing the larger point of our report. What’s at issue is not whether downloading RealPlayer “actually hurts anyone,” but that both versions of RealPlayer which we reviewed limit the ability of computer users to make informed choices about what happens on their computers – which violates our guidelines.Real suggests that consumers might enjoy RealPlayer 10.5 Message Center’s ability to display ads. But as Real admits, many users find that type of ad annoying and unwanted. If an application’s default behavior disrupts a user’s normal and expected computer use with ads and does not disclose that fact clearly before the user chooses to install, it violates our guidelines.

Real’s blog post states that RealPlayer 10.5 is outdated, obsolete, and fully replaced by version 11. Many prominent web links for RealPlayer still lead to the download page for the older version. To truly make RealPlayer 10.5 obsolete, Real needs to do its best to take its outdated software out of circulation. We urge Real to stop distributing RealPlayer 10.5 and redirect the download page for 10.5 to the page for the latest version.

As Real explains in its response, there are legitimate reasons to bundle the Rhapsody player engine with RealPlayer 11. But not disclosing the inclusion of the Rhapsody player is a significant oversight, in contrast to other disclosures in the installation for RealPlayer 11. Users have a right to know if Rhapsody Player Engine is being installed on their computers. Users who choose to remove RealPlayer from their machines should also be able to remove anything that installed along with it just as simply. Real notes in its blog post that the Rhapsody player can be seen and uninstalled from the control panel. Expecting users to seek out a program they are not even aware is on their machine is simply not enough. For users to be able to make informed choices about what software is on their computers, bundled applications need to be disclosed and easily removable if the core application is uninstalled.

Also, if users have no idea that the Rhapsody player software is installed on their computers, they won’t know to keep it updated. Many media player engines have security flaws that have been exploited in the wild. Once these flaws are found they can be fixed with software patches – but only if the user knows to download the patch or updated version. If the Rhapsody player sits on a user’s computer for two or three years without security updates, it could become a serious and potentially harmful vulnerability.

When StopBadware chooses applications to research and report, we don’t focus only on applications that are clearly egregiously harmful. Trojans and keyloggers and other malware are bad, and the average consumer doesn’t need us to tell them that. Where consumers can use a little help, however, is in figuring out which commonly available applications require extra caution. When a computer user chooses to download an application, they are placing their trust in the software’s makers and distributors. It’s the responsibility of the companies behind consumer software to make sure their productsfully live up to that trust.

StopBadware believes that software applications should be held to a high standard of full
disclosure and user consent. That belief is the underlying principle for our software guidelines,
which we apply to determine if an application should be considered badware. Our computers are increasingly important parts of our lives, and we deserve to have control over the software that is on them.

We welcome a continuation of our dialog with the folks at RealNetworks, and we hope that Real will move to addressing the concerns we’veraised in its next update.

Feb 25, 2008

CBORD Group sold to Roper Industries

The CBORD group (CSGold, CSPrint and the like...) has been sold to Roper Industries for a cool 367 Million. You can read all about it here.

CBORD provides "card services" for many colleges campuses (including KU) around the world including theme parks and supermarkets.

I doubt this will mean anything to the customers but who knows. Moving away from Diebold can't really be a bad thing.

Feb 24, 2008

Critical VMware security alert for Windows-hosted VMware client versions Published

Critical VMware security alert for Windows-hosted VMware client versions Published:

Published: 2008-02-24,
Last Updated: 2008-02-24 12:19:22 UTC
by Raul Siles (Version: 1)

During the last couple of years intensive security research has been performed on virtualization environments, like VMware, Virtual PC, XEN etc. It has been mainly focused on finding new ways to detect if you are running inside a virtual machine (vs. a native host), and finding ways to escape from a virtual machine to the host (or to another virtual machine).

This new VMware vulnerability discovered by Core means a full scape from the guest virtual machine to the host is possible: "On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations."

It has been rated as critical by VMware and it affects all VMware client products on Windows, that is:

  • VMware Workstation 6.0.2 and earlier, AND 5.5.4 and earlier
  • VMware Player 2.0.2 and earlier, AND 1.0.4 and earlier
  • VMware ACE 2.0.2 and earlier, AND 1.0.2 and earlier

VMware on Mac OS (Fusion) and Linux are not affected by it.

By default, the shared folders feature is disabled in Workstation 6, Player 2, and ACE 2. Workstation 5, Player 1, and ACE 1 enable the shared folders feature by default, but exploiting this vulnerability still requires at least one folder to be configured as shared between the host and guest.

The impact on production environments is supposed to be limited as they tend to use the server versions. However, we, as security professionals, make an extensive use of virtualization technologies for multiple purposes: malware analysis, incident response, forensics, security testing, training, etc, and we typically use the client versions of the products, so... It is time to disable the shared folder capabilities!!, as no update or patch is available yet:

Workaround (from the VMware advisory)

Until VMware releases a patch to fix this issue, users of affected Windows-hosted VMware products should disable shared folders.

To disable shared folders in the Global settings:
  1. From the VMware product's menu, choose Edit > Preferences.
  2. In the Workspace tab, under Virtual Machines, deselect the checkbox for Enable all shared folders by default.
To disable shared folders for the individual virtual machine settings:
  1. From the VMware product's menu, choose VM > Settings.
  2. In the Options tab, select Shared Folders and Disable.

Feb 21, 2008

Images: How to bypass FileVault, BitLocker security | CNET News.com

Images: How to bypass FileVault, BitLocker security | CNET News.com

OSU Bows to RIAAs Demands for Student Names

I hope this isn't a sign of what's to come in the Big 12.

University Bows to RIAAs Demands for Student Names - jcgam69 writes "Hours after a federal court judge ordered Oklahoma State University to show cause why it shouldn't be held in contempt for failing to respond to an RIAA subpoena, attorneys for the school e-mailed a list of students' names to the RIAA's attorneys. But now that the RIAA has what it wanted, the group is unsure about how to go about sending out its pre-litigation settlement letters. Some of the students are represented by an attorney, meaning that the RIAA is barred from contacting them directly."

Read more of this story at Slashdot.

What is Spyware?

What is it?

Spyware is a very active and dangerous threat to any computer connected to the internet where users browse the web. If new toolbars or multiple popup ads and banners suddenly appear while you are browsing the web, you most likely have some kind of Spyware or Adware. However, even if you don't see this type of behavior you may still be infected. These applications can remain silent in the background collecting information about where you go and what you do on the internet. Then it uploads this information to home servers while your machine is idle. Sometimes this activity takes place while you are trying to use the machine. This can make your internet connection or any type of activity on your machine very slow and almost unresponsive.

What can I do about it?

There are several applications that will clean and remove most Spyware. However, some of the more advanced products require many steps and possibly rebooting your machine several times.

Since most of these nasty applications simply open the door to other nasty applications you rarely have just one. For this reason you need to make sure you remove every part of every application or your machine will simply become re-infected in a matter of seconds. This is why more than one application is recommended when trying to secure against or recover from Spyware infections.

It is important to note that many Spyware applications will disguise themselves as a Spyware removal tool. Make sure to "Google" any application before installing. Most likely, someone has experienced that application before and this will give you a hint on its reputation.

To defend against Spyware I recommend the following steps.
  • Use Firefox for all browsing unless you are at a KNOWN TRUSTED SITE that requires IE.
  • Install some or all of the applications below.
  • Browse wisely.
    • Never click a link in an email. If you must open a link from email, copy then paste it into your browser.
    • NEVER click any link or button from a popup window. Popups will appear as a new browser window. Unless you intentionally started that application, do not click on any links or buttons. If in doubt don't click anything, do an "alt-F4" to close the window.
    • Keep your eye on the address bar. Make sure you haven't wandered onto an un-trusted or shady site. People browse the web so quickly anymore it is easy to follow links onto a site that should not be trusted. Most reputable sites will not try to hide the site name. If you think you are at USBank.com it should say that in the address bar, not just an IP address.
  • Keep Windows up to date.
  • If you are really paranoid you can use the Noscript plugin for Firefox.
  • Browse the Internet from behind a Firewall that blocks attacks on certain ports. Make sure this Firewall is checked and updated regularly.
Safe Anti-Spyware Applications
  • Spybot-S&D: A freeware program maintained and updated with new spyware information regularly. A great tool to remove Spyware from your PC, also be sure to click on the "Search for Updates" button and then if any new updates are displayed, make sure they are checked and then click "download updates". Additionally after you have updated click the immunization button to prevent many common Spyware instances on your PC in the future.
  • Ad-Aware: Another freeware program for searching and removing Spyware. The interface is more user friendly, however the freeware version does not contain any sort of preventative measures against future Spyware infections.
  • Webroot's Spy Sweeper is an excellent product with a full-featured demo that is free to download. The free demo allows you to update your Spyware definitions once. Ongoing protection and definition updates are fee-based.
  • SpywareBlaster: SpywareBlaster does not clean spyware and Adware from your system, but it can help prevent it. SpywareBlaster does not run in the background, so your system won't take a performance hit if you decide to install it. This program is freeware, however the automatic update feature is fee-based.
  • Google Toolbar: Among its other features, the Google Toolbar includes a popup blocking feature. The Google Toolbar is freeware.
  • House Call: Not really a download, but an online virus scanner that can bypass problems in Windows that allow certain viruses to prevent themselves from being deleted from your system. Unfortunately it requires ActiveX, an insecure Internet Explorer to run (there is a Netscape only version, but it seems to be very buggy). The advantages outweigh this small problem, however.
  • Microsoft's Antispyware: Microsoft's Anti-Spyware solution, which is based on the award-winning Giant AntiSpyware Suite. This product is still in Beta, but it is effective at cleaning certain types of threats (Spyware Agents, for example) that other virus/spyware scanners can't detect/clean.

We'll see how this works...

This is a test of the Blogger interface. I'd like to see how much I can do before transferring domains off Drupal.