Archive for March, 2007

Windows Vista News 3/31/2007

More news about windows vista.

Microsoft makes copying Vista a monster task With Windows XP, antipiracy measures were a bit of an afterthought. But with Windows Vista, Microsoft had pirates in its sights from the get-go.

Apple Adds Vista Support to Boot Camp Apple on Wednesday pushed an update to its Boot Camp dual booting feature, providing support for the 32-bit version of Windows Vista, as well as updated drivers for various hardware included with Intel Macs.

Update on Microsoft Security Advisory 935423 Little more info from Microsoft on the Windows animated cursor vulnerability, how long they have known, time of the first attack, how they are fixing it, etc.

Microsoft: Rise in attacks on Vista loophole Just a day after release, the vulnerability in the ani files has caused hackers to pick up the pace on their attacks on some versions of Windows.

Windows Vista Update Solves IPod Issues Microsoft patched a bunch of bugs earlier this week, including the one involving the iPod. Grab the update here.

3 reasons Vista lets down gamers Hardware incompatibilities, backward incompatibility and lack of directX 10 games, visit the site for details.

3rd Party Patches Critical Windows Flaw Not content to wait for Microsoft to remedy the issue, independent security firm eEye released a temporary patch for a critical flaw affecting Windows that can lead to a crash-restart-crash loop. But Microsoft does not recommend such third-party patches.

Windows Vista ATI Radeon Kernel Mode Driver Denial of Service A weakness has been reported in Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Living With Vista: First 30 Days With the new version of Windows finally out, early users say they’re bedeviled by hardware and software problems–but some love the OS anyway.

Vulnerability in Windows Animated Cursor Handling

A security vulnerability in how Windows renders cursors and icons is being investigated by Microsoft, this vulnerability affects Windows 2000, 2003, Windows XP, and Windows Vista, but, if you already have IE7, you should be okay as the protected mode will protect you. Also, if you use Outlook 2007 you are okay as it uses Microsoft Word to display email messages.

Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

As a best practice, users should always exercise extreme caution when opening or viewing unsolicited emails and email attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability. Microsoft intends to actively share information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks. Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site. Source: Microsoft Security Advisory (935423) Vulnerability in Windows Animated Cursor Handling

Microsoft suggests reading your email in plain text as a work around.

Read e-mail messages in plain text format if you are using Outlook 2002 or a later version, or Windows Mail to help protect yourself from the HTML e-mail preview attack vector.
Microsoft Outlook 2002 users who have applied Office XP Service Pack 1 or a later version can enable this setting and view e-mail messages that are not digitally signed or e-mail messages that are not encrypted in plain text only.

Caveat: Reading e-mail in plain text on Windows Vista Mail does not mitigate attempts to exploit the vulnerability when Forwarding and Replying to mail sent by an attacker.

Note: Reading e-mail in plain text on Outlook Express does not mitigate attempts to exploit this vulnerability.

Impact of Workaround: E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally:

The changes are applied to the preview pane and to open messages.

Pictures become attachments so that they are not lost.

Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.

McAfee Avert Labs Blog has posted a video here.

Cisco CallManager Vulnerabilities

Cisco announced this week that their Cisco Unified CallManager and Cisco Unified Presence Servers are vulnerable to remote attacks by using specially crafted ICMP and UDP packets. Cisco has already released patches for them, here.

CallManager servers, which process VoIP calls on a network, can be crashed by sending attack traffic to TCP ports 2000 or 2443 to the server; these ports are used by Cisco’s proprietary call control protocols ? Skinny Call Control Protocol (SCCP, or “Skinny”) and Secure SCCP. This vulnerability exists in CallManager versions 3.x, 4.x and 5.0 (CUCM 6.0, the latest version (announced this month), is not affected, nor is the Presence Server).

Cisco says CallManager and the Presence Server are affected by attacks involving floods of ICMP Echo Requests (pings), or specially crafted UDP packets. The ping-flood vulnerability, which affects only CallManager 5.0 and Presence Server 1.x, could be used to crash call-processing or presence services on the respective servers.

The UDP vulnerability affects the IPSec Manager Service on CallManager and Presence Server, which uses UDP Port 8500. With this less severe vulnerability, an attack could not stop calls from being placed or received on a Cisco VoIP network, but could cause the loss of some features, such as the ability to forward calls or deploy configuration changes to clusters of CallManager and Presence Servers. Source: Cisco VoIP and presence servers vulnerable to new attacks

If you don’t want to load the patches yet, you can block these things at your router on the outside connections to your networks.

Permit TCP Port 2000 (SCCP) and TCP Port 2443 (Secure SCCP) to CallManager systems only from VoIP endpoints.

ICMP Echo Requests, Type 8, should be blocked for CallManager and Presence Server systems (although this could affect network management applications and troubleshooting).

UDP Port 8500 for IPSec Manager should be permitted only between CallManager/Presence Server systems configured in a cluster deployment.

The Register says,

CallManager versions 3.3, 4.1, 4.2 and 5.0, as well as Presence Server version 1.0, are affected by a number of security bugs. The vulnerabilities involve unspecified errors in the handling of large amounts of ICMP Echo packets and within IPSec Manager service, both of which might be used to launch denial of service attacks against vulnerable Cisco Unified CallManager and Presence Server software installations.

A separate bug means that CallManager software PBX systems might be taken down by port scanning. Source: Cisco wraps up against VoIP DoS bugs

The Grum Trojan

If you get an email trying to get you to download MSFT IE7.0 Beta 2, don’t. It is a spam email trying to get you to download a Trojan called Grum, and besides, if you have been paying attention, you’ll know that IE7 is already out and no longer even in beta. They even come with this nice, pretty graphic.

This thing was a bear to reverse, by the way. It performs a lot of remote thread injection and defense itself nicely. It blocks IDA Pro, it kills OllyDbg, it blinds a bunch of processes, and the main process (%User%\Local Setting\Temp\winlogon.exe) sleeps quietly if it?s being traced too much. This kept hosing up my XP analysis box. A pretty good sandbox analysis is on the Anubis project website. So far Anubis is the only sandbox that did anything useful with it. Here?s a list of domains we?ve seen used so far for this one (with many more missing from this list):

abnoba.net
66.98.149.237
cincinnatifeet.com
cyberbutt.com
gc-music.com
arrestingphotography.com
kcmancandy.com
manualshop.com.ar
monella.net
tvz-archive.com
nottyweb.com Source: Today?s Other Malware Threat: IE7.0.exe

Always beware of emails trying to get you to visit a website or download something, I know there are lots of newsletters that link to websites, but usually you subscribe to those, so you should know those are okay. Just pay attention, don’t run as administrator and keep anti virus and a spyware removal program handy.

Tech News 3/28/2007

Some technology stories making the headlines today/yesterday.

Yahoo Mail to offer unlimited storage In May, Yahoo will start giving users unlimited storage with their email, up from 1GB in the free version.

HP Exits Media Center Business, Drops DEC Line HP is no longer going to sell PC’s made specifically as digital entertainment centers, they will still offer PC’s loaded with the Media Center software, though.

Microsoft Sends Secret Dossier on Reporter, to Reporter Microsoft says he is long winded…

Retrial for Microsoft piracy case Microsoft to get retrial in case of teacher using pirated Microsoft software.

Why Microsoft should buy DoubleClick Reasons Microsoft should buy them and how it would help.

MySpace sues Spamford Wallace The King is back in the news again, no it’s not Elvis, it’s the Spam King, Spamford, er, I mean, Sanford Wallace.

How to Import All Your Archive Email Into Gmail Great tutorial on how to import your email from Outlook into Gmail. I don’t know about you all, but I just hate knowing that someone else could be reading my email and I would not know about it.

IP Subnetting Made Easy

One of the great things about having a blog is I can do whatever I want with it, this post is on learning IP subnetting and I have found a good video to go with it, so I am bumping it up to today and adding the IP subnetting video, one of the many training videos from Cisco, will and possibly some more info later.

If you’ve ever struggled to learn IP subnetting, here is a detailed bookmark for you. Essentially, subnets are smaller networks inside of a larger one, breaking up IP networks helps avoid wasting IP addresses and this little guide will make it seem easy. Wish I had this when I first started to learn networking and Cisco routers, would’ve made it much easier. Years later, I had a teacher give me some of the same advice and I thought, where have you been.

IP subnetting is a fundamental subject that’s critical for any IP network engineer to understand, yet students have traditionally had a difficult time grasping it. Over the years, I’ve watched students needlessly struggle through school and in practice when dealing with subnetting because it was never explained to them in an easy-to-understand way. I’ve helped countless individuals learn what subnetting is all about using my own graphical approach and calculator shortcuts, and I’ve put all that experience into this article. Source: Techrepublic

Check out this great quick reference from the article.

Google Maps Close Up

This is pretty cool right here, I’ve never been able to get so close to the earth using Google Earth, but apparently, using Google Maps, you can zoom in pretty close in some areas. That one guy actually looks like he is looking at the satellite. Via Shawn Hogan. Click this link to download Google Earth,

Look at it in Google Maps here for a REALLY detailed image from space.

Of course we’ll probably find out that Google uses images from planes as well.

Tech News for 3/27/2007

Here are some tech news worth reading.

Web Services Coming To Twitter Twitter, a social network in which users text message Twitter and people can see what they are doing, will be offering web services soon. Yee hah, guess I won’t use any of that either.

Meet the W580: the Walkman phone with street style Introducing the W580 WALKMAN phone, store up to 470 full-length tracks, has a 2.0 megapixel camera tucked discretely within the slider itself, plus stacks of gaming, fun sports and entertainment features.

Why a $100 XBox can be better than the Apple TV Lower price: $99 sure is cheap compared to $300, Open standards for types of files: Being able to play DivX or WMV content is good and It also plays games: It’s still a games console, after all.

What Everyone Ought to Know About Agloco Remember All-Advantage, one of the biggest pay to surf companies that fell apart? They’re back and here is what you need to know about their next “big deal”.

Canonicalization update Pick a version of your url, with or without the www, and stick to it by using a 301 redirect.

Wikipedia rival makes its debut Citizendium, a self-proclaimed “citizens’ compendium” of general knowledge, works much like Wikipedia in that anyone can submit information, but this community, however, requires users to register with their real names, and its articles are governed by an editorial board.

John McCain’s MySpace Page “Enhanced” Have you ever had your MySpace page hacked into? Well, don’t feel all alone, so has John McCain.

Microsoft Backs New Technology Company: ZenZui Aims to Change the Way People Use Mobile Devices Microsoft is getting into the content for mobile devices game.

The wisdom of orkut This might be interesting if you use Orkut, then again, it might not.

Desktop Apps, reborn as hybrids Not desktop apps, not web apps, but hybrids. Makes sense with Internet speed increasing and hard drives growing so big.

Numenta – Has Artificial Intelligence Arrived? Jim, are you there Jim? Very interesting read, check out the white paper while you are at it.

Windows Vista Videos and Support

Here are some of the Windows Vista Videos that have been uploaded to the video section, you can see some of the latest videos using the vista tag search.

Here are some of the latest articles that include the text windows vista tips.

Linux Videos

We’ve been posting some linux and ubuntu linux videos to the video section, if you have any good linux instructional videos or know where to find some, please let us know at webmaster at tipsdr.com.

Google News: