Archive for January, 2007

Steve Jobs Introduces the iPhone

From MadTV, a nice spoof of Steve Jobs introducing the iPhone.

Dell is Selling Windows Vista PC’s Today

According to the WSJ, Dell computers will begin selling computers loaded with Windows Vista tonight, and if you check their site, in fact, they have already started.

The Wall Street Journal (subscription required) has some unidentified sources claiming that Dell will begin selling personal computers with Vista tonight just before midnight eastern standard time. These first movers will get their new Vista-loaded computers on Tuesday, the official launch day of Vista for home users. My question:

Will there be a spike or drop in Dell orders tonight? Source: Dell Taking Orders for Vista PCs TONIGHT!

So it has begun. Most people will probably get their first exposure on their work or university pc, I have an upgrade copy coming for my Dell laptop, so, hopefully I will be using it on one pc soon, and I will give my opinion on it soon thereafter. Otherwise, I will stick to Windows XP until most of the bugs are worked out, how about everyone else?

Job Postings and More

I just added a help wanted section to this site, Technology Jobs, jobs in programming, engineering, analyst positions, jobs specializing in linux, Oracle, management positions and more.

I’ve also expanded the Computer Store, we now list Compact Flash, Computer Cases, Computer Desktops, Digital Cameras, GPS, Hard Drives, Hardware Firewalls, IPod Accessories, LCD Displays, Memory, Monitors, Networking, Notebook Computers, Peripherals, Printers, Projectors, Software, UPS, USB Drives, Wireless Adapters, and Wireless Routers. More great deals on all kinds of computer equipment to come. Be sure to check out the Hot Deals page, listing coupons and specials from HP, Dell, Sony, Toshiba, Overstock, Newegg and more.

We are listing over 700 technology related videos on the Tech Video section, check em out. Some of the most popular are the Gears of War Glitches, Windows XP Videos, Video Game Reviews, and the Zune Videos.

Free Steganography Software Tools

With my interest in Compute forensics, I can’t help but be interested in Steganography Software Tools, which allow you to hide things in files, such as hiding a zip file at the end of a gif file. The article even gives you some valid reasons to use such a tool, although, most likely, they won’t be one you actually use.

Remember those invisible ink kits from when you were a kid? You’d write a secret message that no one could see unless they had a black light or the decoder marker. The digital equivalent of invisible ink is steganography software, apps that embed files and data inside other files, hidden from everyone who doesn’t know any better.

You don’t have to be a trained spy plotting international espionage to put steganography to good use. With some free tools for both the Mac and PC, you can embed secret information in image, PDF, HTML and MP3 files for fun or profit

• You suspect someone’s illegally distributing your copyrighted PDF’s or images, so you add hidden copyright information in them using stego tools to double-check.
• You want to exchange information like passwords or sensitive images over an insecure transmission protocol, like email.
• You want to embed secret files available only to a select few in a public forum.
• You want to impress your friends and co-workers with your sneaky ways

Source: Hide Data in Files with Easy Steganography Tools

Video Showing Storm Worm Outbreak

This is a cool video from F-Secure showing how fast the Storm Worm broke out.

Windows Vista vs. OS X Link Bait

Robert Scoble posted some great link bait today, starting a Windows Vista vs. Mac OS X debate to pump up the demand for his latest video, in which he talks to four big time technology guys, Fred Davis. Co-founder of Wired Magazine, Sam Levin. Co-founder of the Stanford Mac user?s group, and the guy who does Cool Mac Picks, Harry McCracken, Editor in Chief of PC World, and Jeremy Toeman, who used to work at SlingMedia and is very knowledgeable about all sorts of HD video stuff. Sounds like it could be fun, but the fun has already started in his comments.

So, I thought it?d be fun to do it again in 2007 now that Microsoft is shipping Windows Vista. Yeah, fresh meat for the whole debate! (Or was that just the burritos we were eating?) This presented an interesting opportunity to invite four interesting people over to the house last night who would give me insights from both sides of the aisle. Of course Maryam and I gave them some social lubricant and Tres Amigos? burritos, and recorded it. We burned through two tapes (almost two hours). One thing that?s a given in our industry: we?ll never tire of talking about Apple vs. Microsoft. Even, when, as Fred Davis points out below, there?s not all that much to talk about (the discussions were a lot more fun back in 1989 when there was a truly huge difference between the two OS?s). Source: Windows Vista vs. Mac OSX, the two-hour definitive word

70 comments and counting as of this writing with plenty more to come, I am sure. He will post the video when Microsoft releases the consumer version of Windows Vista on January 31st.

Cisco Router Vulnerabilities

Cisco has posted a notice on three vulnerabilities they just patched concerning routers and switches running their Cisco IOS or Cisco IOS XR software, that could enable someone to craft an IP option Denial of Service (DoS) attack. You can view all of Cisco’s security advisories here Cisco Security Advisories and Notices. Here is a quote from the most dangerous flaw,

Cisco routers and switches running Cisco IOS or Cisco IOS XR software may be vulnerable to a remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet’s IP header. No other IP protocols are affected by this issue.

To determine the software running on a Cisco product, log in to the device and issue the show version command to display the system banner. Cisco IOS software will identify itself as “Internetwork Operating System Software” or simply “IOS”. On the next line of output, the image name will be displayed between parentheses, followed by “Version” and the IOS release name. Cisco IOS XR software will identify itself as “Cisco IOS XR Software” followed by “Version” and the version number. Other Cisco devices will not have the show version command or will give different output. Source: Cisco Security Advisory: Crafted IP Option Vulnerability

Sans Internet Storm Center has released an article describing all three,

Crafted TCP Packet can cause denial of service (cisco-sa-20070124-crafted-tcp)
A remotely-exploitable memory leak in the Cisco IOS software could lead to a denial of service condition. This vulnerability applies to much of the IOS 12.0, 12.1 and 12.2 code base.

Crafted IP Option vulnerability (cisco-sa-20070124-crafted-ip-option)
By sending certain ICMP, PIMv2, PGM or URD packets with a specific IP option set to a Cisco IOS or IOS XR device, an attacker could cause the device to reload or even execute arbitrary code. This applies to a wide variety of releases.

IPv6 Routing Header vulnerability (cisco-sa-20070124-IOS-IPv6)
Certain crafted IPv6 Type 0 routing headers could crash a device running IOS. Source: Cisco vulnerabilities

Cisco has released Applied Intelligence Response bulletins for each vulnerability, which could help you detect someone trying to exploit these vulnerabilities.

Detecting and mitigating cisco-sa-20070124-crafted-tcp
Detecting and mitigating cisco-sa-20070124-crafted-ip-option
Detecting and mitigating cisco-sa-20070124-IOS-IPv6

As Brian Krebs of Security Fix said, it’s time to reboot the Internet again,

Cisco Systems Inc., the company whose hardware routers are responsible for handling the majority of the world’s Internet traffic, today issued patches to fix at least three very serious security holes in its products. This is generally not something that the average user needs to worry about, but I’m blogging on it because the flaws do have the potential to cause some problems that Internet users could experience in a very real way (i.e. e-mail and Internet access temporarily goes bye-bye).

Most Internet service providers will stagger the installation of these patches so as not to disrupt customers’ online connectivity, but one of these flaws appears to be so easy to exploit that if the bad guys figure out how before ISP get around to patching then we could very likely see portions of the Internet go dark soon. source: Time to Reboot the Internet Again

Ah, such is the Internet, if it wasn’t for security vulnerabilities all we’d have left to talk about would be which platform is better, Windows, Linux or OS X.

Windows Vista News of the Day

Quite a bit of Windows Vista news today, to start off, Microsoft is giving Windows Vista users 90 days of free wi-fi from T-Mobile. Anyone with Windows Vista installed will be able to access any of T-Mobile’s 8,234 wi-fi locations for free, and users who already have Vista installed should be able to use it starting around January 26th.

As part of its promotional efforts surrounding the launch of Windows Vista, Microsoft said Wednesday that for 90 days after the debut of the next-generation operating system, customers would be able to use T-Mobile Hotspot Wi-Fi for free on laptops running Vista. Those with advance copies of the operating system would be able to take advantage of the program beginning January 26, Microsoft said.

The service would be available at any of T-Mobile’s 8,234 locations across the United States, including Starbucks, Borders bookstores, FedEx Kinko’s location, select Hyatt Hotels & Resorts, airports, and the airline clubs of American, Delta, United and US Airways. The only requirement to access the service is a computer with Windows Vista installed. Source: Free T-Mobile Hotspot for Vista Users

Ars Technica has released OEM pricing information for Windows Vista, usually, it is discounted heavily, but only the business and ultimate editions are actually discounted this time around.

Vista Home Basic $99 (full version retail: $199)
Vista Home Premium: $119 (full version retail: $239)
Vista Business: $149 (full version retail: $299)
Vista Ultimate $199 (full version retail: $399)

It must be noted that the OEM license that comes with Vista is indeed similar to the Windows XP OEM license in that it forbids any kind of transfer between machines. We expect that DIYers won’t have problems swapping parts, but technically you won’t be able to move a license to a brand-new box in two years without falling out of compliance. Source: OEM pricing for Windows Vista comes into focus

Another article today from Digital Chosunilbo, the English version, a Korean website, warns it’s readers to check with their favorite online sites, banking institutions and portals because Windows Vista does not like Active-X.

When Microsoft releases its next-generation Windows operating system in Korea next week, local Internet users will find that it doesn’t work with many of their favorite Web sites. A Hangul version of the new OS, called Vista, hits shelves Jan. 31, but the new OS is incompatible with many Korean online banks, portals, games sites and malls.

Three government bodies — the Ministry of Information and Communication, the Ministry of Government Administration and Home Affairs, and the Financial Supervisory Service — warned Tuesday about the expected confusion. The problem is that Vista doesn’t play well with a software program called Active-X that is widely used in Korean Internet sites. Without support for Active-X, online services that Koreans use everyday like banking, stock trading, and shopping won’t be available. Vista users will also experience problems with government sites in applying for and printing documents and certificates. Source: Microsoft Vista to Cause Confusion for Korean Net Users

While it is true that Windows Vista will have trouble with some of these websites, it is because of IE7 Active-X Opt-in which only allows controls you say can run or high-volume, trusted controls like Flash. I guess this was another reason not to use the highly insecure Active-X controls, as most Korean websites apparently do.

Teacher Porn Case and Computer Forensics

I posted recently about a teacher who has been convicted of visiting porn sites in front of her class, Kelly Middle School in Norwich, and exposing same students to pornography and whatever else was on the screen at the time. She was charged with 10 counts of risk of injury to a minor, or impairing the morals of a child, and while 6 counts were dropped, she was convicted on the other four. This teacher, Julie Amero, faces 40 years in prison and will be sentenced on March 2, 2007 in Norwich Superior Court.

To say that this is a miscarriage of justice is an understatement. It appears to me that this is all about the conviction now, and the fact that these people don’t want to lose. In a post yesterday on the Norwich Bulletin, the prosecutor for the case David J Smith said all she had to do was turn it off, but that she let it go on for “hours”.

“I think the state proved she was the person using the computer at the time the pornographic Web sites were accessed,” Smith said. “By her own testimony, she allowed those hardcore pornographic images to be accessible in a class of 11-, 12- and 13-year-old children. All she would have to do was turn off the monitor or cover the monitor. But she allowed the situation to go on for hours.” Source: Teacher porn case draws world’s ear

This is the first time I saw anyone mention it going on for hours, so I don’t really know what that is referring to, but, she was a substitute teacher, the normal teacher logged her in and told her not to turn it off because she wouldn’t be able to get back on. So, I guess that is why she just didn’t turn the computer off, that, and being overwhelmed with porn and not knowing what to do in such situations. Without proper training, what would you do?

The main thrust of this post is how Computer Forensics combined without a full knowledge of how a computer works and why and where data is stored can be a very dangerous thing. This is the definition of computer forensics at wikipedia:

The simple definition of Computer Forensics, “… is the use of specialized techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage. Computer forensics requires specialized expertise that goes beyond normal data collection and preservation techniques available to end-users or system support personnel.” (Kroll-OnTrack). This process often involves investigating computer systems to determine whether they are or have been used for illegal or unauthorized activities. Mostly, computer forensics experts investigate data storage devices, either fixed like hard disks or removable like compact disks and solid state devices. Computer forensics experts:

1. Identify sources of documentary or other digital evidence.
2. Preserve the evidence.
3. Analyze the evidence.
4. Present the findings.

Source: Computer forensics

The police detective Mark Lounsbury says he knows she visited those sites and that by looking at the source code he could tell that it was not popup based. From today’s article on the Norwich Bulletin:

Norwich Detective Mark Lounsbury maintained his investigation showed Amero knowingly accessed sites, which included meetlovers.com and femalesexual.com, along with others with names too graphic to print.

In examining the computer’s hard drive, Lounsbury said he found numerous instances in which graphic images would have appeared on the computer screen. He said he can differentiate between what is and what is not a pop-up based on the source codes.

Here is where it gets dangerous, because this cop says he knows it to be true, he is influencing the jury, the judge, and the public because he is an “expert” in this case. This expert was using software called ComputerCop, available here, software that was created years ago, as this case actually happened in October of 2004 and is just now coming to trial, a software program that was designed to restore deleted files, it did not check where or how they got there. So, he looked at the URLs recorded in the registry, looked at the images and determined she had to go there, and it could not be from a popup. The article also said this is the very first time this software has ever been used as an acceptable tool for convicting someone in a court case.

“To my knowledge, this is the first conviction using ComputerCop software as an acceptable tool for police officers to conduct a computer forensic examination that is acceptable to the court,” Jacobs said.

That is mostly because it’s not really designed for that. Her defense lawyer had their own guy, Herbert Horner, who has worked in computers since 1966, called in as their expert witness who forensically copied the suspect’s hard drive and did their own examination. He said their antivirus programs send security alerts because it detected the spyware, and that the spyware was tracking the computer before the day of the incident. Some of his findings:

Most significantly, we noted freeze.com, screensaver.com, eharmony.com and zedo.com were being accessed regularly.

On October 19, 2004, around 8:00 A.M., Mr. Napp, the class’ regular teacher logged on to the PC because Julie Amero being a substitute teacher did not have her own id and password. It makes sense that Mr. Napp told Julie not to logoff or shut the computer off, for if she did she and the students would not have access to the computer.

http://www.hair-styles.org was accessed at 8:14:24 A.M., A click on the curlyhairstyles.htm icon on the http://www.new-hair-styles.com site led to the execution of the curlyhairstyle script along with others that contained pornographic links and pop-ups. Once the aforementioned started, it would be very difficult even for an experienced user to extricate themselves from this situation of porn pop-ups and loops.

All of the jpg’s that we looked at in the internet cache folders were of the 5, 6 and 15 kb size, very small images indeed. Normally, when a person goes to a pornographic website they are interested in the larger pictures of greater resolution and those jpgs would be at least 35 kb and larger. We found no evidence of where this kind of surfing was exercised on October 19, 2004.

We asked the prosecution to arrange for the defense to have unfettered access to the internet so that we could reenact the events of October 19, 2004. It was not granted. I went to court with two laptops and a box full of reference material prepared to very clearly illustrate what happened to Julie Amero. But, the prosecution objected because they were not given “full disclosure” of my examination. I was allowed to illustrate two screens, that of the www.hair-styles.org , and www.new-hair-styles.com sites.

If there is an appeal and the defense is allowed to show the entire results of the forensic examination in front of experienced computer people, including a computer literate judge and prosecutor, Julie Amero will walk out the court room as a free person. Source: The Strange Case of Ms. Julie Amero: Commentary by Mr. Herb Horner

But they didn’t let him testify because her lawyer forgot to tell the prosecution about him, and since the prosecution case did not check for spyware or anything else that could’ve caused these websites to popup, there is no sure way to tell for sure whether she visited them or whether a website or software caused them. Also, the school system had not paid their bill for their content filter, and this caused it not to update, so, something that should’ve blocked it to start with was not even running, which, if you ask me, puts the blame squarely on the school system. I’ll quote one more person from the Norwich bulletin article to wrap this up:

Since the computer search by investigators did not include spyware, malware or adware — typically advertising integrated into software — there is no way to decisively prove she was the cause of the sexually explicit sites showing up on screen, he said.

Nancy Willard has worked in the field of educational technology for 17 years and spent the last decade focusing on effective management of Internet use in schools and youth risk online. She said the school should have a policy in place to report technical concerns.

“Since none of the technology protections can be trusted to be entirely safe, every staff member and student should be taught that the action to take, if inappropriate material appears, is to turn off the screen and report the problem to the technical department so that the department can investigate and resolve the problem,” Willard said.

Technical fixes are never going to provide total protection, Willard said.

So true. I work for our state school system and I have been to forensic training classes, so I know a little bit about what we are talking about. Hopefully Julie’s defense will be able to get Mr. Horner or someone else in so they can show how these things can happen innocently and how the prosecution did not really prove she visited these websites on purpose. Anyone involved in the case can feel free to contact me if they need some direction.

How to Upgrade from Windows XP to Windows Vista

Here is a nice little video that shows you how easy it is to upgrade, or downgrade depending on your point of view, from Windows XP to Windows Vista.

We also have listed a bunch of Windows XP Videos and a bunch of Windows Vista Videos, and be sure to check out the most viewed videos of the week.