Archive for July, 2007

Security, Mostly Malware, News

Microsoft patents the mother of all adware systems Instead of quoting the whole article or trying to re-write it here, click the link and read for yourself some of the information unearthed in a patent filing by Microsoft which Ars Technica says would be the mother of all adware. But that?s a good thing because the patent says so. “It would inspect “user document files, user e-mail files, user music files, downloaded podcasts, computer settings, computer status messages (e.g., a low memory status or low printer ink),” and more. How could we have been so blind as to not see the marketing value in computer status messages?” Sounds great……not.

Ransomware… Holding Corporate America Ransom! Have you been targeted by ransomware? Did you get a message similar to this one?

“Hello, your files are encrypted with RSA-4096 algorithm (http://en.wikipedia.org/wiki/RSA). You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us. To decrypt your files you need to buy our software. The price is $300. To buy our software please contact us at: tristanniglam@gmail.com and provide us your personal code -xxxxxxxxx. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system. If you will not contact us until 07/15/2007 your private information will be shared and you will lost all your data — Glamorous team.”

Prevx.com says hold up before you pay anything, they already have a decryptor for the files. They have a good program, it has removed some stuff on computers I have scanned that nothing else would, Spybot, Adaware, Ewido, etc.

How Good Are You at Recognizing Fake Websites and Spam Emails ? Think you are good at spotting phishing websites and emails? Take the test from McAfee and see for yourself.

More Info on Windows Vista SP1

Looks like some beta testers could be getting their copies of sp1 tomorrow, July 19th, the same day they announce their earning for the fiscal year of 2007. There are some testers who already have early copies of the service pack, at least according to Mary Jo Foley, and yesterday they made available a beta of Windows Drivers Kit (WDK) that is being prepared to coincide with the release of the service pack, the code is available on the Microsoft Connect website. Here are some of the fixes and features you can expect;

Performance tweaks lessening the amount of time it takes to copy files and shut down Vista machines.

Improved transfer performance and decreased CPU utilization via support for SD Advanced Direct Memory Access (DMA).

Support for ExFat, the Windows file format for flash memory storage and other consumer devices.

Improvements to BitLocker Drive Encryption to allow not just encryption of the whole Vista volume, but also locally created data volumes.

The ability to boot Extensible Firmware Interface (EFI) on an x64 machine.

Improved success rate for firewalled MeetingSpace and Remote Assistance connections.
Source: Microsoft starts priming the pump for Vista SP1 Preview

One tester said he was disappointed because they are rushing the product to meet timetables instead of making a better product. The expected release date is still in November of 2007.

Windows Vista Drivers

Here is a great list started by Ed Bott, The Vista Master Driver List, where is he listing network drivers, sound drivers, system drivers, video drivers and more.

I?m trying to keep track of download locations for Vista-compatible drivers for common hardware types in a single location. To that end, I?ve set up the Vista Master Driver List page. The rules are as follows:

1. Only primary download locations (official sites run by hardware maker) are allowed. I don?t trust or recommend third-party sites that allow direct downloads of drivers.

2. Whenever possible, I?m linking to the information page or the search page rather than the driver file itself. Linking to the file runs the risk that you?ll grab the wrong driver, miss an update or a readme file, or bypass other important information that might be on the info page. Source: Vista drivers

Robert McLaws Says Chris is Picky with his UI

Robert McLaws takes the writer of the Associated Press story Six months on, Vista users still griping Some working around flaws or sticking with Windows XP, I mentioned it here, because she only got one side for her story. He said Chris Pirillo has made his career complaining about Windows, it comes to him naturally.

This may be news to Jessica Mintz of the Associated Press, but not every Vista user has been griping. While it’s easy to look to Chris Pirillo’s 52-minute rant on Vista, people forget that Chris has made his professional career out of griping about Windows. He’s been complaining about Vista since the first time I showed it to him in 2004. So going to Chris for an opinion of *any* version of Windows is likely to produce a 52-minute rant on fonts, spacing, pixel alignment, and his feelings on usability. I consider Chris a friend, but the guy’s about as nit-picky about UI as they come… I’m actually surprised he hasn’t just switched to the Mac yet.

I’ve been using Windows Vista for just as long as Chris has (if not longer), and while my beta testing problems were well documented, I haven’t had too many issues since RTM. I’m running with UAC on, and I don’t run into UAC prompts all that often. I’ve rarely had driver issues (except for the first few weeks when Acer didn’t update their US support site), and all three machines in my house are running it. Overall, I love Windows Vista, and I can’t stand touching Windows XP. Heck, my mom and kid sister use it every day too, and they’ve hardly ever called me about tech-support issues. Source: Windows Vista: Six Months In, Your Mileage May Vary

He also said, “But unless the AP is going to have Zogby do a customer satisfaction survey (or unless they do some, uh, investigative reporting, and get both sides of the story), I think the best way to explain the public’s experiences with Vista is “Your Mileage May Vary”.” While he admits he’s had some driver issues, he is very happy with it, as is most of his family.

Windows XP and Vista News and Tips

Some stuff I didn’t get a chance to comment on this week.

Mark Minasi is one of those guys tech people look up too, published many books on technology and always seems to be on top of and in the middle of everything Windows related. He has a monthly newsletter and this one has some great Windows Vista info in it. This month he talks about Windows Vista Complete PC backup system, using it to backup to an unsupported network drive, Windows Vista does not recognize Windows XP’s roaming profiles, and Software License Manager.

CompletePC Trap: Never Lower Your Drive Size
I love Vista’s new CompletePC backup system. In case you’ve not looked into it, CompletePC Backup has a few neat features:

It backs up entire drive letters to a VHD (virtual hard disk) format. The process takes quite a while the first time you do it, but the incremental backups are quite quick, in my experience.
The beauty of the VHD format is that it allows you to create multiple snapshots of a disk, all stored in one file. Even better, the file format is smart enough to just hang onto the incremental information, so that even if you’ve done a complete save of, say, your C: drive ten times over the past few days, the VHD file won’t be ten times the size of your data. Instead, the backup will probably be only a few percent larger than the current size of the data on your hard disk.

Here’s the really neat part: restoring a CompletePC backup. When storing your system information to the VHD file, CompletePC removes the hardware-specific parts of the backup. Result: you can restore your CompletePC backup to another system as a bare-metal restore, regardless of the make and model of the system that you’re doing the restore on. So, for example, suppose you have an Acme laptop running Vista on a given motherboard chipset, ATI video chipset, and an IDE (“PATA”) hard disk. You make a CompletePC backup of that system. Then the Acme laptop dies and you buy a Zephyr laptop that features a different motherboard chipset, an Nvidia video chip, and a SATA hard disk. You boot the Zephyr laptop with the Vista Install DVD and use CompletePC Restore to restore your Acme laptop’s data and operating system to the much-different Zephyr… and it works. (This assumes that Vista has or can find drivers for the stuff in the Zephyr, of course.) Source: Mark Minasi’s Windows Networking Tech Page Issue #63 July 2007

Six months on, Vista users still griping Some working around flaws or sticking with Windows XP. Jessica Mintz talks to Chris Pirillo about Windows Vista and him upgrading back to Windows XP.

Microsoft re-assures partners on Vista compatibility Microsoft has used its annual Worldwide Partner Conference (WPC) to stress that it’s working to solve stubborn compatibility problems between Windows Vista and partner products.

Vista’s advanced speech recognition technology The fake Steve Jobs talks about Vista’s speech recognition, includes video of someone using it to write a perl script.

Critical Windows Update Causing Problems

One of the updates that Microsoft sent out on Tuesday, the MS07-040: Vulnerabilities in the .NET Framework could allow remote code execution, has issues. There are already 6 kb articles discussing problems caused by this update, from the SANS Internet Storm Center,

The reports we got so far seem not to lead to any specific thing that happens in many cases, just various things going haywire. We really do appreciate the heads-up warnings we get from our readers as it allows to write little warnings like this one.

We’d like to offer a double advise at this time:

If you run into trouble do call Microsoft and open a case, it’s the only way to get attention to the problem from those who know best how to fix it. It should be free. In the US: call 1-866-PCSAFETY, check their website for other countries, support with patches should always be free.
Do read through for your specific combination of .NET framework version and you specific OS the relevant KB, some of them were prepared in anticipation of certain problems. They are all linked from KB 931212. Source: MS07-040: .NET update trouble

So, if you have been having trouble since you updated, it could be causing you some problems, here are the kb articles that have been released, so far, concerning this update.

Description of the security update for the .NET Framework 1.0 for Windows XP Media Center and Windows XP Tablet PC: July 10, 2007

Description of the security update for the .NET Framework 1.0 for Windows Vista, Windows Server 2003, Windows XP, and Windows 2000: July 10, 2007

Description of the security update for the .NET Framework 1.1 for Windows Server 2003: July 10, 2007

Description of the security update for the .NET Framework 1.1 for Windows XP and Windows 2000: July 10, 2007

Description of the security update for the .NET Framework 1.1 for Windows Vista: July 10, 2007

Description of the security update for the .NET Framework 2.0 for Windows Vista: July 10, 2007

Description of the security update for the .NET Framework 2.0 for Windows Server 2003, Windows XP, and Windows 2000: July 10, 2007

Windows Live OneCare 2.0 Public Beta

Interested in testing out the new beta version of Windows Live OneCare? Then get yourself over to the Windows Live OneCare 2.0 Beta website, signup and download it now. They mention you won’t be able to activate it if you already are running a version using your current login information, but they give you the info on what you need to do on the blog post listed below. Windows Live OneCare is one of those set it and forget it protection programs that gives you persistent protection against viruses, hackers, and other threats. It also performs regular tune-ups to help keep your PC running at top speed, and helps you back up important documents. Not interested in beta testing? They also have a 90 day free trial of the current release of the product.

You’ll need to fill in your email address and country to get the download, which has the following new features:

• Multi PC management – designate a hub PC and then add additional PCs to your
• OneCare circle using a common Windows Live ID. You can then see the status of the other PCs within the group.
• Printer Sharing – share your printer with all the PCs in your OneCare circle
• OneCare Online Photo Backup – paid storage is available online for photo backups
• Securing wireless networks – if your router is supported OneCare 2.0 will allow you to secure your wireless network
• Startup tuneup
• x64 support

Source: Windows Live OneCare 2.0 goes into public beta

Windows Security Bulletins and Security News

Lots and lots of computer security related news recently, the IE and Firefox brouhaha concerning a high security risk with how IE handles a “firefoxurl://” URI (uniform resource identifier), Haute Secure blocks malware, Microsoft security bulletins and Facebook pimping da crudware baby.

Firefox and IE together brew up security trouble News.com article about the Firefox and IE combo flaw that could allow someone to compromise their machine remotely.

Site Advisor 2.0: Haute Secure Launches To Detect and Block Malware Little review of Haute Secure from Michael Arrington, he says, “Haute Secure launched moments ago: it?s a new browser plug-in that the company says will detect and block malware before it has a chance to infect your computer. The timing couldn?t be better as news spreads of more Windows-based vulnerabilities.”

Haute Secure They block bad sites and then let you decide if you want to allow it or not. Sounds like the UAC feature of Windows Vista, but I haven’t tried it yet myself.

Microsoft Security Bulletin MS07-036 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) This critical security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities as well as other security issues identified. These vulnerabilities could allow remote code execution on your computer if a user opens a specially created Excel file. Users whose accounts are not configured to run as Administrator will be less impacted than those who do. This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, this update is rated important. This update is also rated important for the Excel Viewer 2003, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.

Microsoft Security Bulletin MS07-039 – Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) This critical security patch resolves a vulnerability in Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition, and remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

Facebook found pimping crudware Facebook has become the latest website to be found pushing services that deliver highly deceptive security warnings designed to trick users into buying software. Purveyors of this scam are making use of Facebook Flyers, small ads that get posted on Facebook pages associated with a specific region. At 5,000 impressions for just $10, it’s a bargain.

Windows Vista SP1 and Vista Readyboost News

Here are a couple Vista service pack 1 related stories.

Vista ReadyBoost Suckage & Vista resume sluggishness Problems with a computer resuming from S3/S4 sleep are related to the encryption key that is created with the Readyboost file. Apparently, the key is created once per windows session, so, sometimes when resuming from sleep, Vista realizes it needs to rebuild the Readyboost file because of the key, so, while it is trying to come out of sleep mode, while it is paging data to the memory, it is also rebuilding the Readyboost file. So, on resume, if you notice your computer thrashing the hard drive and poor resume performance, you know why. This is supposed to be fixed in Windows Vista SP1.

Vista SP1 beta 1 to launch in mid-July Looks like Microsoft is planning on beta testing the Vista SP1 in mid July with a final release date of November 2007.

Microsoft’s OEM catch-22: XP still in the driver’s seat Now more than half a year into the launch of Windows Vista, it’s beginning to look as though Microsoft may have a rebellion on its hands, at least in the corporate world. While Windows Vista continues to sell like hotcakes via OEMs to consumers, businesses are calling up those same OEMs and asking how they can get Windows XP instead.

Security News Roundup 7/06/2007

Hacker?s eBay: Legitimate Marketplace or Organized Blackmail? Well, there are only 4 items listed, so it’s hardly an eBay, but it is interesting nonetheless. From Techcrunch, The product FAQs state that all purchasers will be ?carefully evaluated? to ?minimize the risk of selling the right stuff to the wrong people.? But there is only one appropriate buyer for most vulnerabilities (Yahoo, in the case above); it?s unclear who else should be authorized to purchase such information.

The company says that they are simply trying to take activity that?s happening underground into a legitimate marketplace. Perhaps, but this thing doesn?t seem to be fully baked.

It doesn’t seem fully baked for sure, I wonder what the real intent is? The server ip address is owned by California Regional Intranet, Inc. in San Diego, a company that sounds like a regional jail.

MPack Clearance Sale! Looking to create some mischief or make some money? The Mpack is on sale at 85% off, now, I wonder why they would drop the price so low? Must’ve realized people could get it for free somehow.

Google: Our data retention is not data protection watchdogs’ business The retention of search engine query data is a security matter and not one for Europe’s data protection officials, according to Google’s global privacy chief. Peter Fleischer said that its retention of user search data was “just not their field”. Ohh, sounds like a challenge.

iPhone Hacking News Update: iPhoneInterface Tool is Out!! We have successfully written a tool named iPhoneInterface allowing for some basic manipulation of things on the phone, and are releasing it tonight. We are including source code so you can understand the techniques we have used so far. We will be expanding the functionality of this tool significantly tomorrow.