Archive for February, 2007

1GB Gizmo Thumb Drive Only $11.99

Save with sweet new rebates at Crucial! Only $11.99 for a 1GB Gizmo! Overdrive
Buy a 1GB Gizmo! Overdrive (part# CT1GBUFDWHTH00) at Crucial.com for $24.99 or less, currently showing $21.99, between 2/22/07 and 3/8/07, and we’ll send you 10 bucks back by mail. Spend over $40 and you’ll get Free Shipping as well!

Standard Features:
Write speed up to 13MB/s (80X)
Read speed up to 25MB/s (160X)
USB 2.0 flash drive
Dual-channel controller for high-performance data transfer
Small form factor ? 64 mm by 20 mm (68 mm by 20 mm with cap)
Rapidly flashing LED light indicates when data is transferring
Plug and Play ? no drivers needed

The Crucial Gizmo! USB thumb drive is a miniature, portable flash storage device that plugs into your computer’s USB port. This thumb drive can store any kind of file on them, digital documents, music, movies, and photographs and more. About the size and weight of a pack of gum, the Gizmo! drive slips easily into your pocket, purse, or briefcase. The Gizmo! drive is a full-speed device, compatible with USB 2.0 and 1.1 ports. A true Plug and Play solution, the Gizmo! drive automatically appears as a removable drive when plugged in to the USB port of your computer.

1GB Gizmo! Overdrive $10 Rebate Rebate form is here.

Windows Vista Hardware Assessment

Microsoft has released a tool to help administrators scan their network for computers that are capable of running Windows Vista, it scans computers running Windows XP Professional, Windows Server 2003 and Windows 2000 Professional and Server operating systems, collects the inventory, and device information on a network of computers from one computer, the tool just wants the computers to support Windows Management Instrumentation (WMI). It outputs spreadsheets that provide detailed results of the inventory and assessment and word documents that summarize the results of the inventory and assessment for all computers that are currently running a Microsoft Windows client operating system.

The Windows Vista Hardware Assessment provides detailed analysis on hardware and device compatibility for Windows Vista. The tool also provides the option to check for updates to the compatibility data.

The analysis identifies which computers are already ready for Windows Vista migration and identifies the computers that could be ready for migration to Windows Vista after hardware upgrades. The tool identifies and recommends hardware upgrades, but does not recommend costly hardware upgrades, such as CPU upgrades.

The analysis also determines which hardware devices have device drivers available on the Windows Vista installation DVD, which hardware drivers can be downloaded from Windows Update, and devices which require contacting the manufacturer to obtain a device driver. Source: Windows Vista Hardware Assessment

Download the program from here.

Winfixer and Windows Live Messenger

Has anyone ever had Winfixer on one of their computers? I have and it is an ugly thing, I have NO idea where it came from, I don’t usually download stuff off of the net, so it had to be a website I visited, and I don’t normally just go surfing, I check a few news sources, and most of the time, nothing spammy is ever listed. Anyway, I removed it using Ewido Antispyware, but still ended up reloading the operating system, because it was so hard to get rid of, I wouldn’t have at all been surprised if it had opened some security holes and left other exploitable stuff lying around.

The malware commonly known as Winfixer aka Errorsafe is being distributed via MSN Messenger banner advertisements. This has been reported to secure@microsoft.com and they and the MSN ads team investigated and removed the ads.

Microsoft has issued an official statement as follows:

“Microsoft was notified of malware that was being served through ads placed in Windows Live Messenger banners. As a result of this notification we immediately investigated the reports and removed the offending ads, as this is a violation of our ad serving policy. We can confirm that the ads are no longer being served by any Microsoft system. We apologize for the inconvenience and are reviewing our ad approval process to reduce the chance of an occurrence such as this happening again. To help customers protect their PCs from malware threats, Microsoft recommends customers follow our Protect your PC guidance at www.microsoft.com/protect.” – Whitney Burk, Microsoft. Source: WARNING: Winfixer and Errorsafe being distributed via MSN Messenger banner advertisements

An article at Infoworld called Winfixer scareware, because most of the time it is advertised using those popup banners telling you that you are infected, click here to scan or remove, you know, those banners that look like system prompts from Windows, those that trick new users into clicking on them and installing this crap.

Security companies have labeled it as a “potentially unwanted program.” They believe the program falsely alerts users to problems with their computer and encourages them to purchase the application. It falls into an informally named category of program called “scareware,” whose creators try to bully users into downloading their program or face problems with their computer.

Microsoft, which called Winfixer “malware,” did not detail how the ads appeared. However, the Center for Democracy and Technology (CDT), a civil liberties and consumer group in Washington, D.C., has investigated how questionable ads promoting spyware and other malicious software have appeared on ad networks. Source: Microsoft falls victim to shady ‘scareware’

They removed the ads as fast as they could, which is good, but, how do they stop this in the first place? It certainly is hard to do, there are so many players involved when something like this happens, it can be hard to track, but not impossible. There is always a money trail, somewhere, somehow, they are making money and no matter how hard they try to hide, it is usually possible to track them. It is very easy for someone to place an ad at a network, and change what is being displayed, where the user lands, popping up other sites, there are many ways to get an ad approved and change it later to the malicious code or website.

The Infoworld article has a few comments from our favorite spyware slayer, and kung fu master Paper Ghost, and he says the Winfixer operation is probably very complicated.

Those Damn Third Parties Again

Just wanted to post a quick comment on those damn third parties that companies like Direct Revenue and Zango/180solutions always seem to blame.

If it wasn’t for those third parties they blame, no one would have their crapware/adware installed on their pc’s, and these companies know it, that is why they use them. Let others do it, and blame them when they get caught. Lather, Rinse and Repeat. It’s win win for adware companies, they get their “software” installed on millions of pc’s and make boatloads of money doing it, all the while blaming these damn third parties. Apparently it has worked very well for Direct Revenue, after bringing in 23 million by installing their adware on millions of computers using security holes, drive by downloads and however else they could get it installed, they have just hit with a fine from the FTC for 1.5 million dollars.

Unbelievable.

According to the FTC’s charges, Direct Revenue and its affiliates installed adware, including programs that produced pop-up ads, on users’ machines without properly disclosing what the software would do. In some cases, Direct Revenue affiliates exploited browser security flaws to install adware. The result, said the FTC, was “unfair and deceptive methods to download adware onto consumers’ computers and then obstruct them from removing it.”

Under the agreement, New York-based Direct Revenue will pay $1.5 million as “ill-gotten gains.” The marketing company is also barred from delivering ads to anyone who installed its software before Oct. 1, 2005, unless they respond to specific opt-in messages.

“Direct Revenue is pleased with today’s settlement,” the company said in a brief statement posted to its Web site. Source: Adware maker settles with FTC for $1.5M

Of course they are pleased with the deal, who wouldn’t be happy they could make over 20 million after fines. Jon Leibowitz criticized the size of the settlement, glad someone did, he said in his dissent that he would rather go to trial and risk losing than allow these losers to line their pockets with 20 million. We still have some hope that the State of New York will do the right thing and hit them really hard.

Oh, and all of those new articles talking about the settlement that talk about it being popup ads, like this one from the LATimes, Marketer behind pop-up ads to pay $1.5-million penalty, really do the whole thing a dis-service, in my opinion.

Internet Plus Your Desktop = Bad News

Google just fixed a flaw in their desktop search product, one that could’ve allowed an attacker to search their computer for anything and possibly could’ve allowed them to take over their computer by running malicious code. This vulnerability was first reported to Google on January 4th and was patched by Google on February 1st, long before the public even knew about it. Google is automatically updating their software, but if you are worried you can download their latest version by following this link , where you can also download other free software from Google.

In addition to its bug fix, Google has added, “another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future,” Schnitt said. “We have received no reports that this vulnerability was exploited,” he added.

For this attack to work, the criminal would have to first go through a number of steps, including hacking Google.com to find a cross site scripting vulnerability on the Web site — something that has been done several times in the past year, according to Watchfire.

If successful, however, the attack would be devastating. A criminal could search for anything on the computer or even take over the victim’s computer by tricking Google desktop into running malicious software stored on another computer, Watchfire claims. Source: Google patches serious desktop flaw

Sounds like a lot of steps to exploit a vulnerability like this one, but, as the article said, several cross site scripting vulnerabilities were discovered on Google last year alone. This just goes to show what can, and WILL, eventually happen as the desire for companies to own users desktops with their little applications, the more stuff you have running on your computer, the more stuff has access to the internet, the more trouble we will eventually have. Google search is great, but will not be running on my computers, who needs that kind of search power on their desktop anyway, doesn’t everyone just throw everything in folders in MyDocuments anyway?

Funny Google Earth Video

Here is a funny video about Google Earth. Name one person who doesn’t look up their address first to see if they can see where they live. Download Google Earth by clicking this link, where you can get Google Earth and loads of other free programs, and then look at satellite images of your house or address, straight from space.

Drive-by Pharming

Or, did you configure that router or just plug it in?

A new security problem with some of the most popular wireless routers, could cause much pain and heartache to users and their security on the internet. Researchers have discovered a new attack vector, they are calling it Drive-by Pharming, in which a malicious website could host some javascript that could change the DNS settings on wireless routers that are still using the default login password. This would allow them to re-direct any and all traffic coming through that router to a DNS server that they setup, making it possible for them to send all traffic coming through that router wherever they want. They could create fake banking sites to lure users into entering their banking info, which they could use to take money from your bank account. This is similar to phishing, but this attack would appear seamless as they are re-directed without their knowledge, whereas, when you get a phishing attempt, it is just an email trying to get you to click on a link which sends you to their fake site. This would catch everybody that they had a site set up for, banks, Paypal, stores, etc, and they would have no idea until the money started disappearing. Here is what the researches posted in December.

Inexpensive broadband routers are a popular way for people to create an internal, and sometimes wireless, network in their homes. By purchasing such a router and plugging it in, they can have a network set up in seconds. Unfortunately, by visiting a malicious web page, a person can inadvertently open up his router for attack; settings on the router can be changed, including the DNS servers used by the members of this small, quickly erected internal network. In this paper, we describe how a web site can attack home routers from the inside and mount sophisticated pharming attacks that may result in denial of service, malware infection, or identity theft among other things. Our attacks do not exploit any vulnerabilities in the user’s browser. Instead, all they require is that the browser run JavaScript and Java Applets. We also propose countermeasures to defeat this type of malware — new methods that must be used since the traditional technique of employing client-side security software to prevent malware, is not sufficient to stop our proposed attacks. Source: Technical Report TR641: Drive-By Pharming

This is available in PDF format, here. Symantec has a video on this page Drive-By Pharming: How Clicking on a Link Can Cost You Dearly, and some more info.

For background info, the DNS system, or domain name system, is what allows us to just type in www.bank.com in our browser to display that webpage. Each website has at least one ip address, sometimes more, sometimes shared, that we connect to, the DNS system is like a big phone book that our computer checks to find out where to go. When you type in www.bank.com, your computer checks several spots to see how to get to the website, the DNS servers have all of the domain names mapped to ip addresses, so when you type in www.bank.com it checks DNS and the DNS says go to this ip address. If a hacker changed your DNS server to one of theirs, then they can tell your computer where to go. So, when you typed in www.bank.com, it would tell it to check a different ip address, one that was hosting the hackers version of the website, where they could record all of your info as you type it in. Now they have your info and can do whatever you can do in your bank account because they have your userid and password. They only thing that could possibly give it away, is when it tries to log you in, you don’t actually login, they could setup some re-direct to the real bank, where you could login, but this could cause problems to, as your computer thinks www.bank.com is on a different ip address and would end up sending you back to the hackers site, causing even more confusion on your end. But, there are probably workarounds to that as well, such as depositing a hosts file on your computer, etc.

The easiest work around is to change the password on your wireless router, in most cases it is pretty simple and definitely worth the time to keep this from happening to you. Instead of detailing each individual router, here are some links to information on some of the different routers and how to change the default password.

D-Link When clicking this link, it will ask you where you are, US, Canada, etc, pick your country and then come back to this link and click it again and it will then take you straight to the page.

Linksys

Netgear

As you can see, it is pretty simple to change it, and to login to most routers, you would connect to http://192.168.0.1 I say most because I have seen a couple that used a different default ip address, the one that comes to mind is one of Microsoft’s. You can probably find the spot to change the password very easily, use the links above if you have trouble locating it.

I will try to post these malicious sites here as we, the security researchers and other security sites find them, and as always, lets be careful out there.

Windows Vista and Second Life Troubles

Microsoft recently threw a splashy party for the release of Windows Vista inside of Second Life, the much talked about virtual world online, but users running Vista may have had trouble connecting to the service. Linden labs is currently working on an important upgrade to the Second Life viewer, something that needs to be done before they can attempt a fix for users who are having trouble.

A spokesman for Linden Lab said the fixes will likely be ready in a couple of weeks.

In a test of Second Life-Vista compatibility on a Dell XPS m1210, the operating system didn’t work properly with the virtual world because of an unsupported graphics driver.

The problems come only weeks after Microsoft put on its glitzy launch event for Vista inside Second Life. The company hosted a streaming concert of rave musician Praga Khan on January 30, and it was promoted in 10 Second Life locations, including within islands known as Strawberry Estate, Sanctuary Rock and Isle of Lesbos, according to the blog of Miel Van Opstal, an employee in Microsoft’s Belgium office and a self-described “enthusiast evangelist.” Source: No ‘Second Life’ for Microsoft’s Vista

There was a post commenting on this on the Second Life blog and one user commented about an open source viewer for Second Life that is currently working for lots of people who were having trouble, though some are still having crashes with it.

I?m surprised no one?s mentioned this, but there *IS* a way for people to get their Second Life Fix on Windows Vista. On the Second Life Forum, a generous user by the name of ?Lockhart Cordoso? has provided a version of the Second Life Opensource client to do some modifications that allow SL to run on ATI cards. However, it doesn?t neccesarily run perfectly, some users do report crashes still. But while LL and ATI work to get things fixed up properly, this client will be more than functional for ones? basic needs.

The thread in the forum can be found here:
Second Life Forums

As of February 12th, 2007, you can find the client downloadable here:
VistaSL Setup-1.13.3.2.exe
Please refer to the Forum Thread for assistance, and check for updated versions there!

I?ve been using it for the past few days. While it is slower than XP run SL on my computer, I have found it to work well enough to converse with friends and build. If you can?t/don?t wish to change your video card to an nVidia, or you are a notebook user (like me), give it a try! And don?t forget to give Lockhart Cordoso a thank you note! Source: Windows Vista Status

So, all you Second Lifers, if you are already running Vista, there may be hope. Although, there did seem to be lots of users who are running Vista and are not having problems, though it is possible it’s because of a different video card.

Dell Vista Upgrade

Looks like another day of no good news about Windows Vista, to start, lots of people are complaining to Dell because it is taking so long to get their “free” upgrade copy of Windows Vista. Looks like the upgrade copies will not start shipping until the end of February, the earlier you submitted yours, the earlier you will get it as they are doing it first in first out, as they should.

Many customers are now asking when we will start shipping the Vista Upgrade. Dell expects to begin shipping the upgrade in the latter part of February. The upgrade availability for some systems like the XPS 710 and 710 H2C will take longer. Like I mentioned in a previous post, we’re still validating some drivers for high-end graphics cards and gaming peripherals, and still testing compatibility with some gaming software. When we have updated information for XPS 710 and 710 H2C customers, I’ll blog about it in a future post. Source: When Will My Vista Upgrade Ship?

This stinks, it will probably be late March before I get mine, seems like I submitted it a couple or three weeks ago, so it may be awhile. They are including a Dell upgrade assistant DVD, to help customers with the upgrade process. If the www.dellvistaupgrade.com site is telling you your service tag is not being recognized as being valid, go to the Dell Blog and leave a comment, making sure you include your email in the email address field, and they will have a CSR contact you to figure out the problem.

25% Off Select Dell Dimensions and Inspirons

Here are some of the latest deals from Dell.com.

For a limited time only, receive 25% off instantly, plus a FREE Dell 725 color printer when you purchase online specially configured Dell Dimension desktops. Applicable Order Codes: 6VAFF-DDDWAR4, 6VAFF-DDDWBR3, and/or 6VAFF-DDDWBR2 Limited time offer: Beginning 2/15/07 through 2/22/07 6:00am CST.

25% off Select Inspiron 1501 Notebooks!

25% off Select Inspiron E1405 Notebooks!

25% off Select Dimension E520 Desktops!

25% off Select Dimension E521 Desktops!

Dimension E521 Featured at $739 after $170 instantly off! AMD Athlon 64 X2 Dual-Core Processor 3800+ running Genuine Windows Vista Home Premium with 2GB Shared1 Dual Channel2 DDR2 Memory and a 20-inch E207WFP Dell Widescreen Digital Flat Panel Display! Only $739 after $170 instantly off!

Inspiron E1505 Featured at $899 after 14% instantly off! Intel Core Duo T2250 (1.73GHz, 2MB L2 Cache, 533MHz FSB), FREE Upgrade to Genuine Windows Vista Home Premium, 1GB Shared1 Dual Channel2 DDR2 SDRAM at 533MHz, 2 Dimm and a 80 GB3 5400rpm SATA Hard Drive. Only $899 after 14% instantly off!