Archive for June, 2007

Computer Deals from TigerDirect

Here are some great computer deals we just got from Tigerdirect.com.

Gateway MX6955 Refurb Laptop Intel Centrino Core Solo T1350 1.86GHz 802.11a/b/g Wireless 1GB DDR2 100GB HDD DL DVDRW 15.4″ WXGA WinXP Media Center $499.97.

D-Link WUA-1340 USB 2.0 Wireless Adapter 54Mbps 802.11g (Recertified) $14.99 (US) $19.99 (CA).

US Modular 1024MB PC4200 DDR2 533MHz Memory $24.99 (US) $29.97 (CA) Price after $10 MIR, rebate expires 06/30/07.

Hitachi Deskstar T7K500 400GB 16MB SATA-300 OEM Hard Drive $79.99 (US) $89.97 (CA) Price after $40 MIR, rebate expires 06/30/07.

Abit LG-95Z Socket 775 Barebone Kit Intel Celeron D 420 OEM ATX Mid-Tower Case 450W PS $99.99 (US) $99.97 (CA) Price after $20 MIR, rebate expires 06/20/07.

US Modular 2048MB Dual Channel PC5400 DDR2 667MHz SODIMM Memory (2x1024MB) w/ US Modular RAM Boost 1GB USB Flash Drive $99.99 (US) $119.97.

Sceptre X20WG-Naga 20.1″ Widescreen LCD Monitor 5ms 1000:1 WSXGA+ 1680×1050 DVI Black Speakers $159.99 (US) $159.97 Price after $50 MIR, rebate expires 06/30/07.

Microsoft XBOX 360 Platinum System Refurbished Only $299.99 (US) $379.97 (CA).

Gateway GM5260 Refurb Desktop Computer Intel Core2Duo E6300 1.86GHz 2GB DDR2 320GB SATA II DL DVD?RW nVIDIA GeForce 7300LE Tuner Flash Reader WinXP Media Center $499.97 (US) $549.97.

Gateway MX6448 Refurb Laptop Computer AMD Turion 64 X2 DualCore TL-50 1.6GHz 802.11g Wireless 1GB DDR2 120GB HDD DL DVDRW, 15.4″ WXGA WinXP Media Center $499.97 (US) $549.97.

Planar PR5020 3000 Lumens XGA 1024×768 7.3 lbs DLP Projector $879.83 (US).

WOW Addons and Vista

Have seen quite a few searches by people having problems running World of Warcraft while running under Windows Vista, so I am dedicating a post just for that. They mostly concern running world of warcraft mods and addons.

From all that I have read, if WOW is installed in your program files folder, it can cause problems with Windows Vista because of some caching that can mess it up. For best results, install WOW outside of your program files folder. Also, make sure the addons are still enabled in the Blizzard UI by clicking on the addons button.

It should not matter what your OS is, this should have no affect on your addons or other WOW mods, unless you have had to re-install them. As you may have noticed using Windows XP, when you use the Windows zip program, the default behavior is to expand the files into a folder of the same name. So, if you are extracting a folder called CT Raid, it will actually extract it into another folder called CT Raid. So, if WOW is looking inside the CT Raid folder, it will only see another folder called CT Raid, it will not see any of the required files. So, this could be part of the problem users are having. When installing addons, it would probably be best to extract the zip files into My Documents and then copy over the actual folder with the programs to the addons folder, thus avoiding any of the extra folders.

There are also some issues posted on the WOW Forums concerning Windows Vista:

Vista may do a few things that are out of the ordinary when you installed it in the C:\Program Files\ or C:\Program Files (x86) folders – it may either not apply your settings or it won’t delete them properly.

* Resetting settings or settings that does not apply properly – Vista may deny you write access from the World of Warcraft folder if it is installed in the Program Files folder. You can remedy this by either right-clicking the game and selecting “Run as administrator” or to move it outside of the Program Files folder.

* Settings and mods that won’t stay deleted – If you installed the game in the Program Files folder, Vista may redirect the game to look in another set of folders: c:\Users\\AppData\Local\VirtualStore\Program Files\World of Warcraft\
It will save all of your custom configurations there instead of the C:\Program Files\World of Warcraft folder. You can delete your settings by going to the folder above or moving the game outside of the World of Warcraft folder. Source: Windows Vista from the WOW Forums

Todays Tech 6/15/2007

Here are some of the more recent interesting tech stories.

eBay Experiment Demonstrates Frailty Of Google’s Monopoly For the past several days, Larry Dignan has been seeing what it’s like to live without Google. Each day, he’s been trying different, lesser-known search engines to see how they stack up. As he points out, this is essentially what eBay decided to do when it announced that it would cease Adwords spending on Google in the US market, at least for the time being.

Windows Ultimate Extras is a sham – where?s the responsibility? In a post titled ?Is Windows Vista Ultimate Extras a sham??, I voiced some of my concerns about Ultimate Extras and why I thought it was going to disappoint. A lot of people didn?t agree with me, suggesting we needed more time to allow ?progress? to happen. Well, I think now is a better time than any.

Dear AT&T: Please go to hell LA Times: AT&T to target pirated content: It joins Hollywood in trying to keep bootleg material off its network. Its network, the headline says. Not “the Internet”, but its network. If you had any illusions that what you get from the likes of AT&T is “the Internet”, you’ve just been corrected. Remember Ma Bell? Sheee’s back! And now she’s got the TV and “the Internet” as well as the phone.

Over 1 Million Potential Victims of Botnet Cyber Crime Today the Department of Justice and FBI announced the results of an ongoing cyber crime initiative to disrupt and dismantle ?botherders? and elevate the public?s cyber security awareness of botnets. OPERATION BOT ROAST is a national initiative and ongoing investigations have identified over 1 million victim computer IP addresses.

Google Video Flaw Raises Privacy Concerns by Exposing Usernames and Passwords It appears from Insomniac’s find that if you choose to share a video from Google Video to another social network (like MySpace, for example), your username and password get sent in plaintext on the http protocol (rather than the more secure https protocol).

Act now to stop Congress from legalizing spyware! The SPY Act, a new anti-spyware law, makes it impossible for consumer rights groups to sue DRM companies for putting spyware in their DRM (like Sony did last year, with its rootkit DRM). The irony is that spyware is already illegal, so all that this act does is immunize big media companies that sneak spyware onto your computer.

Report: MS Using New Heat Sinks to Alleviate 360 Failures New photos have surfaced that seem to reveal an improved cooling system within the 360, and the reports suggest that owners who have had their systems repaired are getting them back with the new heat sinks installed. Microsoft would not comment directly on this, but said “updating console components is commonplace.”

Yahoo defect endangers users — do web sites care? Every day, hundreds of defects known as “cross-site scripting,” or XSS for short, are discovered on web sites every day. (This is not even counting all those that don?t get disclosed.) And the peanut butter eating yahoos in Yahoo?s development organization are not immune to coding up such so-called XSS bugs.

iPods to blame for total eclipse of the art, says Hockney What?

Google vs eBay: First Round eBay

Looks like the lines have been drawn in the sand, and the nerds are stepping back to see what happens. eBay has pulled all of their text link advertisements from Google’s search engine in response to a party that Google has setup to conflict with eBay’s Live. The Google party, let freedom ring, is an attempt by Google to gets eBay stores to use Google Checkout, which eBay has blocked. eBay has said this is just one of those things they do to test to determine the best allocation of their advertising and marketing budget.

However, a source familiar with the situation said the move is an angry reaction by eBay’s management to Google’s decision to hold a protest party concurrent with the start of eBay Live, the company’s annual conference for merchants. Google has been reaching out to media to promote the party, aimed at eBay merchants who are upset that eBay doesn’t allow them to use Google’s Checkout online transaction system. eBay Live begins Thursday evening in Boston, which is the time and place Google has chosen for its protest party.

This person also said the situation is fast-developing and fluid, with high-ranking eBay executives holding meetings right now to discuss the extent of the decision. Source: eBay pulls ads from Google ad network

Here is the original blog announcement from Google.

Are you an online seller attending eBay Live! in Boston this week? If so, join us for a celebration of user choice at the Google Checkout Freedom Party on Thursday night (6/14). To get to the party, just hop on the classic Beantown trolley in front of the Boston Convention Center and follow the freedom trail to the Old South Meeting House. We?ll use the same spot where revolutionaries launched the Boston Tea Party to celebrate freedom with free food, free drinks, free live music — even free massages. Join us and bring a friend. RSVP here. Source: Let freedom ring

But guess what? If you click on the link in the article to RSVP, the webpage says “Thank you for your interest in attending. This event will no longer take place as originally planned. We apologize for any inconvenience.” So Google has already backed down, and I don’t see any ads from eBay showing up yet, but that can take a few minutes to start back up for sure. I guess we will have to wait for the official announcements from both companies.

Here is the official announcement from Google about them canceling the let freedom ring party.

eBay Live attendees have plenty of activities to keep them busy this week in Boston, and we did not want to detract from that activity. After speaking with officials at eBay, we at Google agreed that it was better for us not to feature this event during the eBay Live conference. Source: Update to our event on 6/14

Microsoft Monthly Security Bulletin Released

Microsoft’s June security releases contain 6 new bulletins, 4 of which have maximum severities of “Critical”. They have also re-released 2 bulletins involving remote code execution.

MS07-030 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051).

MS07-031 Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840).

MS07-032 Vulnerability in Windows Vista Could Allow Information Disclosure (931213).

MS07-033 Cumulative Security Update for Internet Explorer (933566).

MS07-034 Cumulative Security Update for Outlook Express and Windows Mail (929123).

MS07-035 Vulnerability in Win 32 API Could Allow Remote Code Execution (935839).

They also re-released the two bulletins below:

MS07-012 Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667) (Updated to v2.0 to reflect applicability to Windows Server 2003 Service Pack 2, and explicitly noting that Platform SDK is not affected).

MS07-018 Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939) Updated to fix an issue whereby custom CMS2002 install paths could be reset in the registry to the default paths, as noted in KB article 924429 “known issues” section).

The Internet Explorer cumulative security update mainly is concerned with ActiveX controls in the browser that could allow hackers to seize total control over a user’s machine or to silently install software using web sites running the ActiveX controls. One update fixed a security hole that was already being exploited, since instructions were posted online.

Google Privacy Concerns and News

Lots of Google News going on today, especially when you talk about user data and privacy.

It all started with this post here, A Race to the Bottom:
Privacy Ranking of Internet Service Companies In which Privacy International says that Google is at the bottom of all the companies they “researched” and even though some companies come close, none are a endemic threat to privacy like Google is. Here is the conclusion of the report:

While there may be a temptation to focus criticism on Google’s privacy performance, it is important to note that not one of the ranked organizations achieved a “green” status. Overall, the privacy standard of the key Internet players is appalling, with some companies demonstrating either willful or a mindless disregard for the privacy rights of their customers. Even the better performing companies create lapses of privacy that are avoidable. With minimal effort most organizations can improve their privacy performance by at least one grade.

The current frenzy to “capture” ad space revenue through the exploitation of new technologies and tools will result in one of the greatest privacy challenges in recent decades. The Internet appears to be shifting as a whole toward this aim, and the opportunity to create market differentiators based on responsible privacy may diminish unless those avenues are explored immediately. We have been impressed by the good work being achieved by some sites, but consumers are right to feel aggrieved when companies fail to adopt the best privacy tools that are available.

On the basis of the evidence we have seen from this study, there is no excuse for any organization to ignore the opportunity to create strong privacy protections. The technologies are available, the expertise is abundant, and the market appears willing to favor sites that treat their customers with respect. We hope that the 2008 rankings will reflect this potential.

Danny Sullivan from Search Engine Land has the best coverage, so far, of the report in this post, Google Bad On Privacy? Maybe It’s Privacy International’s Report That Sucks, in which he goes step by step down the report to show that Google is at least as good as most of the ones they ranked higher than them, but, even so, Google has the most data on all users, and poses the biggest threat to users should the data get out.

Google Rated Bottom For Privacy Techcrunch coverage.

Google slammed in privacy report? Robert Scoble chimes in here, and says Google?s PR department needs to chime in and get their word out. Google’s main problem is lack of communication with it’s users, and this will be one of those cases.

Why I disagree with Privacy International from Matt Cutts. He says, and rightly so, that many companies gave user queries to the government, leaked millions of user queries or routinely sell user queries and they came off better in the report than Google did.

Google is WRONG On Consumer Privacy says Donna Bogatin, she says Google doesn’t even know where all of the user data is, let alone be able to anonymize it. Peter Fleischer, Google’s privacy point man, says, ?It?s actually very hard to answer the apparently simple question: ?where?s my data? You can?t pin-point the location of the clouds.?

Microsoft’s June 2007 Patch Tuesday

Microsoft has released the latest bulletin for the monthly patch Tuesday, it includes 4 critical updates and a couple not so critical, affecting most versions of supported Windows, IE and Outlook, to name a few.

This is an advance notification of six security bulletins that Microsoft is intending to release on June 12, 2007.

This bulletin advance notification will be replaced with the June bulletin summary on June 12, 2007. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification. Source: Microsoft Security Bulletin Advance Notification for June 2007

They have also decided that next Tuesday will be the day they start pusing Windows 2003 service pack 2. You will have to click on the update icon, and accept the agreement to download it, so, it shouldn’t do it automatically, yet. You can block Windows 2003 service pack 2 using this tool provided by Microsoft.

Microsoft announced availability of Windows Server 2003 SP2 in mid-March, and made the update available for download at that time. A number of security experts and Most Valuable Professionals criticized Microsoft?s decision to release SP2 on March 13, which was a Patch Tuesday. Admins usually have their hands full implementing the usual bunch of security fixes; they don?t need to be thinking about a whole new service pack at the same time, Microsoft?s critics said. The proximity of the SP2 release date and the earlier-than-usual start of Daylight Saving Time also angered some admins. Source: Microsoft to push Windows Server 2003 SP2 via Automatic Updates on Patch Tuesday

The patches and fixes in SP2 are cumulative and will work on Windows Server 2003, Windows Server 2003 R2 and Windows Server 2003 SP1 machines. It also will update Windows Storage Server R2; Windows Unified Data Storage Server; Windows Compute Cluster Server; Windows Small Business Server 2003 R2; and Windows XP Professional x64 Edition systems.

Julie Amero Granted New Trial

Finally, some justice in the Julie Amero case, Judge Hillary B. Strackbein has granted Julie Amero a new trial based on the fact that the Norwhich Police detective, Mark Lounsbury, provided erroneous testimony, i.e., did not know what he was talking about, and the jury may have relied at least in part on his testimony. The Judge cited additional forensic analysis done by the state after the guilty verdict, and said it contradicted the testimony of the state’s computer witness. The article posted on the courant.com website made it sound like she would not be tried again.

But today, Smith said state would take no position on Dow’s motion for a new trial, making it unlikely she will be tried again. Smith also acknowledged that erroneous information about the computer was presented during trial.

Amero, who was pregnant at the time of the incident on Oct. 19, 2004, faced as many as 40 years in jail following the January verdict. Her sentencing was postponed four times this spring as the state considered new evidence in the case.

Amero’s case became a hot issue for bloggers throughout the country, many of whom sharply criticized the guilty verdict. Strackbein criticized the bloggers today, saying they tried to “improperly influence” the court. Source: Amero Granted New Trial

I wonder how the Judge means that bloggers tried to improperly influence the court? The tech community was very active in this case because we all new it was crap, but I hadn’t heard anything about bloggers being pushy or anything, so I really don’t know what she is referring to.

What is funny, is the article in the Norwhich Bulletin, the local rag that has pushed the fact that she was guilty from the beginning, posted an article about this story, here, and the first line said she “claims pornographic images on her classroom computer were the result of pop-up ads”. Claims? Sounds pretty obvious to me Greg, even the State admitted they were wrong, can’t you?

Congratulations Julie, hopefully this is the end, if you want to contribute to her fund to help pay for her defense, visit the blog they setup here, because you know she will have to foot the entire bill for being wrongly accused.

Note: I have a big rundown of what happened previously in the case posted in this article, Teacher Porn Case and Computer Forensics.

Web Server Software Breakdown: Malware Distribution

A great write-up on the Google Online Security Blog about the percentage of each web server platform that is distributing malware or hosting browser exploits that lead to drive-by-downloads.

We examined about 70,000 domains that over the past month have been either distributing malware or have been responsible for hosting browser exploits leading to drive-by-downloads. The breakdown by server software is depicted below. It is important to note that while many servers serve malware as a result of a server compromise (by remote exploits, password theft via keyloggers, etc.), some servers are configured to serve up exploits by their administrators.

Compared to our sample of servers across the Internet, Microsoft IIS features twice as often (49% vs. 23%) as a malware distributing server. Amongst Microsoft IIS servers, the share of IIS 6.0 and IIS 5.0 remained the same at 80% and 20% respectively. Source: Web Server Software and Malware

Now, I can already here the Linux and Mac crowd going, of course they are number one, their security sucks, etc, etc. What is interesting about this post, is the breakdown by country of origin.

See that? Almost all of the IIS web servers in China and about 75% of them in South Korea are distributing malware or hosting browser exploits. They attribute that in the article to software piracy, mostly because you can’t update it if it is pirated, of course, but I am sure part of it is that it makes it easier to host the browser exploits and malware, etc. Although, in Germany, Apache is the most likely web server to get you infected, in contrast to most other areas. Always try to keep your web server software as patched as you can, and only host with companies that are proactive about doing such things, if there are any out there.

There are several tools out that can help you check your website to see if it is ditributing malware, one such tool is Spybye, and on their site they list a couple others.

During HotBots last month, I presented a paper on a systematic approach for detecting malware on the web called “The Ghost In The Browser”. The paper enumerates all the different ways in which a web page can become malicious and contains some measurements on the prevalance of drive-by-downloads; an in depth analysis of 4.5 million URLs detected 450,000 that were surreptitiously installing malware. All the more reason for tools such as SpyBye. Fortunately, I am not the only one working on such tools. Christian Seifert from the New Zealand Honeypot Alliance recently announced a web interface to their Capture honey client which runs a browser against URLs specified by you. In a similar vein, Shelia is a tool that scans your mail folder and follows URLs contained in it for malware and exploits. Source: SpyBye: Finding Malware

I believe the author was one of the writers of the Ghost in the Browser paper, I first mentioned here.

Todays Gaming News

Here are a bunch of gaming news articles or blog posts from today and the past day or so.

Valve hardware survey shows gamers yet to embrace Vista In terms of operating systems, Windows XP again led the pack with 93 percent. Only 5.27 percent of respondents had upgraded to Windows Vista, with the rest on Windows 2000 or Server 2003. The low uptake of Vista even among high-end gamers will undoubtedly make some developers rethink whether or not to invest heavily in DirectX 10, which is Vista-only. Many gamers reported that they tested Vista but went back to XP for various reasons?when DirectX 10-capable graphics cards become more mainstream and Vista graphics drivers achieve higher levels of maturity, the Vista numbers should increase.

Starcraft 2 beta keys for all Blizzcon visitors? Details are surfacing about the fun and games that is Blizzcon 2007. Today, Blizzard announced some of the swag that you can expect when you attend this August.

Rockstar Dismisses Talk of GTA IV Delay Two of of the biggest games due in 2007 are Halo 3 and Grand Theft Auto IV. As luck would have it, they’re coming out within a couple weeks of one another – despite what you may have heard to the contrary.

Xbox 360 getting next-gen ‘Pac-Man’ Microsoft, together with Namco Bandai Games America, on Tuesday announced a new version of the classic arcade Pac-Man at the Pac-Man World Championships in New York’s Times Square. Pac-Man Championship Edition will have the first new mazes in 26 years. The new title is set to be available Wednesday morning on the Xbox Live Marketplace for 800 Microsoft points. Yawn.

Alienware’s Hangar18 HD Entertainment Center goes on sale Alienware’s new Hangar18: HD Entertainment Center (announced at CES) fires a direct shot at Sony, Velocity Micro, and the other PC vendors still hanging on in the home theater PC game. Equipped with a built-in 200-watt surround sound amplifier, an HDMI output, 802.11 a/b/g Wi-Fi, and a Gyration Media Center remote (the keyboard costs $50 extra), the Hangar18 looks about as well-stocked as the competition. It even trumps both Sony and Velocity Micro by giving you the option to upgrade to two over-the-air HD tuners and two analog tuners, for a total of four cable streams from which you can watch or record video.