Posts Tagged ‘Alex Eckelberry’

Julie Amero Sentencing Delayed Again

I forgot to post this the other day, but, the Julie Amero case has been delayed again, this time without a reason given, but, hopefully, it is to help her case. It has been delayed until April 26, 2007 in the Norwich Superior Court. The Norwhich Bulletin, the local “newspaper”, is still spinning it like she was some drooling pervert and we are her fervent supporters.

Amero has been portrayed by her growing number of fervent supporters as the helpless victim of pop-up pornography ads.

Amero never denied the porn appeared on the computer. She said she had done everything she could to prevent the children from seeing the computer screen that day. The examination of her computer showed she had accessed the Internet for nearly the entire school day, with porn sites accessed for several hours during that time. Source: Amero sentencing put off until April

Sorry Greg, but it is awful easy for people who know computers to pick out some bullshit information and call someone on it, like when Lounsbury, the gentleman who did the wonderful forensics job on the computer, said “You have to physically click on it to get to those sites”. Hello, red flag, it just records every website visited, it doesn’t matter how it was initiated. Anyway, good luck Julie, hopefully Alex Eckelberry and some of the other computer experts can help you get away from the Keystone cops.

In a related story, apparently, students at the Hebron elementary school were sent home a link that was supposed to go to a farm they were going to visit on a field trip, but, as things sometimes go on the Internet, it didn’t turn out that way. Instead, up popped a porn site that had bought the domain name after it was accidentally allowed to expire.

Vasquez said that instead of seeing images of the farm, her daughter found graphic sexual images on the site.

Vasquez said she informed the school, which then sent out letters to the students’ parents, trying to explain what had happened.

Superintendent Ellie Cruz said that the school checked the site a few weeks ago and it was fine, but the farm did not renew its Web site address, and a pornographic company bought it. Source: Students Sent Home With X-Rated Web Link

Wonder who is going to jail for this flub up?

Be the first to comment - What do you think?  Posted by Jimmy Daniels - April 5, 2007 at 1:44 pm

Categories: Computer Forensics   Tags: , ,

Sucks to be an IT Manager

If you add one blog to your feed reader, or subscribe to an alert from google blog alerts, it should be to the Sunbelt Blog, it always has tons of good info about what kind of security things they are currently going through, spam, spyware and virus they are fighting, but it also includes all kinds of good tips and tricks they find on other sites, plus there is always good commentary by Alex Eckelberry about all thing tech. I first read about the Julie Amero case on that blog, and hopefully, they have been instrumental in helping her out, I haven’t heard anything yet.

But a post I just read concerning IT managers and the first quarter of 2007 is so true. There are so many things that can cause them problems of all sorts, new operating system, new version of Office and a new version of IE7.

IE 7 rollouts. Legacy software breaking and certificate problems. Here are a couple of posts I just picked off our NTSysadmin forum:

Right now, when a user uses IE6 and goes to a https website that does its own certificate (like ours) it comes up and gives them the option to view the certificate then install. Then no more issues.

But with IE7, NOOOOOOOOO, it blocks the content and maybe, perhaps it’ll let the user through if they beg, but maybe it won’t.

Other than removing IE7 off all the machines (which is the current solution), is there any way for IE7 to trust us? I even did that http://domain/certsrv and installed the certificate manually (which works with IE6) but it won’t freaking work with IE7. Source: When life sucks to be an IT manager

Definitely worth a daily check if you have no feed reader. They also touch on something that could be big to, the change in daylight savings time could be big, I guess I will be preparing for it this coming week. Ugh.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - March 3, 2007 at 11:49 pm

Categories: Tech News   Tags: , , ,

USAToday Gives Norwhich a Failing Grade

Nice write-up in the USAToday about the Julie Amero case, if that’s what you want to call it, it is more like one of those old fashioned railroad jobs, where they decided she was guilty and that’s what happened.

Imagine you know next to nothing about computers. You’re a substitute teacher for a seventh grade class. There’s a computer in the classroom and, knowing you’re going to be sitting there for a while, you ask a fulltime teacher if you can use it. He logs you in with his password and tells you not to shut it off because you couldn’t get back on.
Not that you have a clue about this stuff, but that computer is running Windows 98 and the outdated Internet Explorer 6.02. Its filtering and anti-virus software have expired, and it has no anti-spyware software.

You step out of the classroom for a moment. When you get back the kids are clustered around the computer, checking out hairstyle websites. But one is actually a link to porn sites, and it loads a Trojan onto the unprotected computer.

Suddenly, pop-ups start appearing, X-rated popups. Source: Police, school get failing grade in sad case of Julie Amero

The writer did misspell her name in the title, he must be like me, I never remember to spell check the title either. He really sums it up when he says, “Thus according to that jury, “not having the sense to turn off a computer” is a multi-count felony punishable by 40 years in prison. Wow.” I wish Alex Eckelberry and everyone working on the computer forensics of this case good luck and hope they can find all of the proper evidence to help show she’s inoocent. If there is anything I can do to help, please let me know.

Her husband has started a blog where you can donate to help pay for her case, Julie Amero. From the blog,

George Orwell was a little off, but not by much. Technology has engulfed the average American at an alarming rate. To think that it is possible for the average layperson to understand all the ins and outs of how a computer works is just not reasonable. What’s worse, our employer’s don’t know any more than we do, and they rely on us to identify problems when they happen. If you are lucky, your employer will know what to do when a crisis happens with your system. If not you?ll end up like Julie arrested, ridiculed, demeaned and left with useless teacher’s degree in special education.

The illicit pornography industry is a business with estimated profits in excess of $2 billion annually. That?s a lot of reasons to attract rogue scriptwriters to circumvent any patch that Microsoft can come up with. Make no mistake, these programmers do not care about you or anyone else for that matter. Regardless of where these rogue programmers are located, they operate under the radar of social conscience and in my opinion are or should be considered terrorists or criminals at the very least.

Julie is scheduled to be sentenced on Friday March 2nd, next week.

Be the first to comment - What do you think?  Posted by Jimmy Daniels - February 24, 2007 at 7:02 am

Categories: Computer Forensics   Tags: , , ,

Could a Spyware Ridden Machine Get you 40 Years in Jail?

As anyone who has ever read this blog knows, I always try to tie these spyware, adware posts back to my friends from Zango, those guys who never do anything wrong, it’s always an affiliate or another website. While Zango is not mentioned, I bet money one of their programs was installed, hehe. But I just read this article from Computer World by Preston Gralla, Porn-surfing teacher: Spyware made me do it!, who obviously should not be posting about spyware, as it appears he does not have a clue and his blog post is a complete joke.

A recent court case found a Connecticut substitute teacher guilty of surfing for pornographic sites in front of her seventh grade class, and now, she faces 40 years in prison. Wow, forty years, I was watching something on TV the other night where two guys killed someone and the max they could and did get was 15 years. But this teacher could get forty years? That is just plain wrong. Anyone who is involved in anyway with school systems know, most teachers aren’t prepared for something like this, the teacher was probably as overwhelmed and shocked as the students were when it happened and was just trying to get them to close down. And if it has happened to you, when you click the x to close a popup, one or many more can popup on you, making it look like you may have actually clicked on the popup itself.

Not only that, the prosecutor wanted to know, but if in fact spyware was on the PC, why didn’t the teacher merely turn off the computer or pull the plug on it?

Julie Amero had no answer.

Lawyers have come up with some novel defenses over the years, including the “Twinkie defense” in which a lawyer argued that defendant Dan White’s eating of Twinkies and drinking Coca-Cola proved that he was depressed, and so not responsible for his actions in murdering San Francisco Mayor George Moscone and Supervisor Harvey Milk in 1978. The defense was partially successful; White was convicted of voluntary manslaughter rather than murder.

Luckily, it seems as if the spyware-made-me-do-it defense doesn’t cut it in court. For once, justice prevails. Source: Porn-surfing teacher: Spyware made me do it!

A substitute teacher is just that a substitute, and has not been in similar situations, and probably had no idea unplugging the machine or turning off the projector would have been the best way out, plus, the school system has to have content filtering in place to be able to get E-rate money to help fund all of the computers, internet access, etc. The school systems filters should’ve prevented most porn sites from popping up to start with, so, why isn’t the school system on trial and not the teacher?

And according to a quote from Alex Eckelberry, who is President of Sunbelt Software, they didn’t even check for spyware.

The court actions of the case were flawed as well. For example, one source reports that the Trial Judge, Hillary Strackbein, was seen falling asleep during proceedings and made comments to the jury that she wanted the case over by the end of the week. It was also reported that Judge Strackbein attempted to pressure the defense into an unwanted plea deal, in place of a trial. The defense attorney for Amero, moved for a mistrial shortly before closing arguments Friday, based on reports that jurors had discussed the case at a local restaurant.?

Was justice done here? A bad spyware infestation can splatter a machine full of porn popups and it?s a bit unnerving to think that a teacher could get hard prison time for something that was likely to have been completely innocent.

We need far more evidence than what is available to come to the conclusion that “justice was done”. In fact, all the available evidence shows quite the opposite — that this might just be a grave miscarriage of justice. Source: Alex Eckelberry

I have recently had the chance to attend several classes on computer forensics, so sure, the police found evidence that those sites were visited, but ANY window that is opened on the computer will show up in the cache and list of websites visited. The fact that neither the defense nor the prosecution tried to show how it happened is incomprehensible to me. If it was one website that caused this to happen, it would be so easy for them to repeat what happened. This quote from computer crimes investigator in an article on the Norwhich Bulletin is very telling,

“You have to physically click on it to get to those sites,” Smith said. “I think the evidence is overwhelming that she did intend to access those Web sites.” Source: Teacher guilty in Norwich porn case

You do NOT have to click on any link, it can be loaded from spyware apps, malware, or other malicious websites, it can be loaded from a website, that was loaded in a popup, from a website that was loaded in another popup, from another website that was loaded in a popup, and as the saying goes, on and on and on. This is just a case of one investigator only having the tools to do forensic investigation and not the knowledge of how a computer works to go along with it. Anyone involved in the Julie Amero case feel free to leave me a message at 304-521-2582 or an email to webmaster at tipsdr.com with “Julie Amero case” as the subject and I will be happy to explain how this could happen with the teacher only opening one “innocent” webpage on her computer. The 40 years should go to the spyware makers or to the school system, not this substitute teacher.

2 comments - What do you think?  Posted by Jimmy Daniels - January 13, 2007 at 12:25 am

Categories: Computer Forensics, Education, Malware, Protect Children Online, Security, Spyware Info   Tags: , , , , , , , ,

Authentium Circumvents the PatchGuard Kernel Protection

I’ve posted before about how security companies are up in arms about the new Windows PatchGuard protection from Microsoft that can block any application from accessing, or “hooking” Vista’s kernel commands, a technique utilized by vendors in sophisticated anti-tampering and behavior monitoring tools, and used by hackers in attacking computer systems with rootkits. Authentium says they have circumvented this feature using a loophole that allowed the operating system to support older hardware.

The company, based in Palm Beach Gardens, Fla., maintains that it has built a version of its Authentium ESP Enterprise Platform that can bypass PatchGuard without setting off the desktop alarms produced by the security feature when the Vista kernel is compromised.

When a program of any kind attempts to modify the kernel on a system running PatchGuard, which is already available in 64-bit versions of Microsoft’s Windows XP OS, the computer produces a blue screen and stops all other Windows applications from running.

Authentium said its workaround allows it to access the kernel without incurring the shut-down.

The company specifically said that it is using an element of the kernel meant to help the OS support older hardware to bypass the feature. The loophole allows the company’s tools to infiltrate Vista’s kernel hooking driver, and get out, without the OS knowing the difference. Source: eWeek

Looks of good reading there, including more info on PatchGuard and links to other articles where security companies have taken Microsoft to task over it. One industry insider says he thinks McAfee and Symantec have already done this themselves, but are keeping the heat on for a different reason,

At least one industry watcher believes that Symantec and McAfee have developed methods of their own for working with, or circumventing, PatchGuard, and contends that the firms have only kept the heat on Microsoft over the feature to keep antitrust regulators alert to Microsoft’s continued push into their territory.

Which makes sense, they have to protect their bread and butter. Alex Eckelberry from Sunbelt has posted a few articles on PatchGuard, but the one he posted today actually made a lot more sense than the other complaints I have seen from Symantec,

The lesson? We cannot predict how malware authors will work in the future, and that is one reason why PatchGuard is such a potentially dangerous technology.

PatchGuard creates a barrier to the kernel, against which security vendors (the major defensive bulwark for Microsoft) can’t get in to to help the operating system against an attack, at least without permission through APIs.

The ability of security companies to fully support the 64 bit Windows platform itself, a fact that Gartner’s Neil McDonald recently highlighted in his warning that if enterprises use HIPS technology, they should postpone deployment of Vista. After all, the APIs won?t even be available until 2008!

HIPS (which stands for Host Intrusion Prevention System), uses methods at the kernel to prevent certain types of attacks. HIPS is part of our Kerio line and it?s also part of other products out in the market. For example, our HIPS functionality helps protect against buffer overflow attacks, by watching for system functions being called from memory locations where they shouldn’t be called. As another example, our Kerio Server Firewall uses HIPS to provide application lockdown.

McAfee, Symantec and other companies, like Sunbelt, need this access. For Symantec, it?s around a number of technologies they’ve implemented at the kernel, including Tamper Protection, which prevents hackers from attacking Symantec products themselves. For us, it’s around HIPS, but it could also affect other technologies that we are developing.

Now, every other article I have read on PatchGuard and these security companies, and I could have missed a bunch I am sure, has just pretty much been whining about how Microsoft won’t allow use access to the kernel, this is the first good explanation of why they need this access. If some new threat, remember Code Red, comes out that requires access to the kernel to prevent it, then these security companies will have to ask Microsoft for an API to the kernel, where, before they could have just added the extra functionality. And we all know how long it takes Microsoft to issue patches, what will they do if a new threat comes out, will they help security vendors fix it, or will they try to fix it themselves?

1 comment - What do you think?  Posted by Jimmy Daniels - October 25, 2006 at 3:50 pm

Categories: Microsoft News, Security, Software, Virus Info   Tags: , , , , , , ,