Trust SONY ?

On Oct. 31, Mark Russinovich broke the story in his blog: Sony BMG Music Entertainment distributed a copy-protection scheme with music CDs that secretly installed a rootkit on computers. This software tool is run without your knowledge or consent -- if it's loaded on your computer with a CD, a hacker can gain and maintain access to your system and you wouldn't know it.

The Sony code modifies Windows so you can't tell it's there, a process called "cloaking" in the hacker world. It acts as spyware, surreptitiously sending information about you to Sony. And it can't be removed; trying to get rid of it damages Windows.

This story was picked up by other blogs (including mine), followed by the computer press. Finally, the mainstream media took it up.

The outcry was so great that on Nov. 11, Sony announced it was temporarily halting production of that copy-protection scheme. That still wasn't enough -- on Nov. 14 the company announced it was pulling copy-protected CDs from store shelves and offered to replace customers' infected CDs for free.

Full story here.

The new Google Base (beta) service means you can add all types of information that they will host and make searchable online. Describe any item you wish to post with attributes, which will help people find it when searching Google Base, which may also be included in the main Google search index and other Google products like Froogle and Google Local.

Its free and all types of online and offline information and images are accepted. Interesting items already posted include non-profit organisations and recipes for tikka masala.

Google have also set out guidelines for what is prohibited such as product endorsing, gambling, illegal goods and hacking.

For more information visit: http://base.google.com/base/default

Why are you clicking on attachments still???? Do you just like pain or what?

Both Kaspersky Lab and Symantec have detected worm variants. Kaspersky noted three variants of E-mail-Worm.Win32.Sober, which Symantec identified as W32.Sober.S@mm.

The variants are modifications of the same program, according to Kaspersky. A "large number of samples" of the variants have been intercepted in e-mail traffic, indicating that the worms are spreading by spam containing infected messages, Kaspersky said in a statement. The variants arrive as an attachment to infected messages.

The messages might not have a subject line or text, but can be identified by the attachment name. The attachment names thus far identified are: Exceltab-packed_list.exe; Liste.zip; Reg-List-Dat_Packer2.exe; reg_text.zip; Word-Text.zip; Word-Text_packedList.exe; Word-Text_packedList.zip.

The worm activates only if a computer user clicks on the attachment, which causes a false error message, "WinZip Self-Extractor. WinZip_Data_Module is missing ~Error," to pop up, Kaspersky said. The worm variants copy themselves to the Windows system directory and then register the files to the system Registry so that the worm launches every time Windows is rebooted.

The Sunnyvale, Calif., chip maker is aiming to roll out a quad-core-capable processor family during 2007 and switch to an all-new processor architecture later this decade.

The quad-capable family will result in a wide range of four core processors, including offerings for desktops, notebooks and one for servers that can fit into machines with as many as 32 processors.

AMD aims to use its ability to step up on processor cores in 2007, along with its move to a new processor architecture around 2008 or 2009 as a means to meet its goals of maintaining what it sees as a technical lead over Intel Corp., its larger rival, while fostering a grow rate that's at least two-times the market average, company executives said in a meeting for analysts on Tuesday.

AMD hopes to use its Opteron chip's recent wins in rack-mount servers to gain more acceptance in areas such as blade servers, corporate desktops and business notebooks, over time, executives explained at the meeting.

Poor Skype. They started out last week with the best of intentions, releasing what they called an independent security evaluation of their VOIP product, and ended up with egg on their virtual faces as high risk security vulnerabilities came to light.

Skype, based in Luxembourg, has positioned its VOIP product as superior to any one else's in the field because the voice data is encrypted. Since Skype hasn't made its encryption scheme public, this has led to some questions on just how secure it is (and how much of a Calera backdoor was built in.) The author of the report, Tom Berson of Anagram Labs, is well respected in the security field and would seem to be a good choice to author such a reassuring effort.

Of course, to make matters worse, vulnerabilities in the code showed up at the same time as the report's release. Skype says that the vulnerabilities affect Skype software for Windows, Mac OS X, Linux and Pocket PC. Skype goes on to say, "Skype can be made to execute arbitrary code through a buffer overflow when Skype is called upon to handle malformed URLs that are in Skype-specific URI types callto:// and skype://." Also, Skype could launch malicious code "during importation of a VCARD that is in a specific non-standard format."  "Full Article"

DRAM output continuing to grow, oversupply in the DDR and DDR2 segments will continue over the upcoming months, and the effects on memory price trends in both the contract and spot markets.

InSpectrum noted that the output ramp from both Taiwan and US makers were fairly stable in October, while a Germany-based memory maker reported output growth from its partners. Japan and Korea based vendors, in the meantime, continue to report escalating output.

Contract prices in the second quarter of November should drop further as some PC OEMs may receive special offers from memory makers. Heavy trading may expose traders to dramatic price drops, of up to 5% in single day, InSpectrum predicted.

This video series is designed specifically for individuals who are interested in learning the basics of how to create applications using Visual Basic 2005 Express Edition and Visual C# 2005 Express Edition. This includes over 10 hours of video-based instruction that walks from creating your first "Hello World" application to a fully functioning RSS Reader application. Learn how to write your first application today!!

For more information on software development with Visual Basic Express Edition or Visual C# Express Edition, you may be interested in these "Go Here"

Also the Visual Studio 2005 Express Edition Forums are very helpful. Link to the QuickStart.

Digital media delivery firm RealNetworks Inc. late Thursday shipped a major security update for its RealPlayer software to patch a pair of remote code execution vulnerabilities.

The security holes, which were reported to RealNetworks more than four months ago, could be exploited by malicious hackers to take complete control over a vulnerable machine.

According to eEye Digital Security, the company that discovered the bugs, the most serious flaw exists in the first data packet contained in a Real Media file.

By specially crafting a malformed ".rm" movie file, a direct stack overwrite is triggered, and reliable code execution is possible.

Affected software include RealPlayer 8, RealPlayer 10, RealOne Player v1, RealOne Player v2, RealPlayer Enterprise (Windows): RealPlayer 10 (Mac); RealPlayer 10 and Helix Player (Linux).

During October, 49.8 percent of the personal computers sold by retail stores in the United States contained an AMD processor, while 48.5 percent held a chip from Intel Corp., a report by Current Analysis Inc. shows. The San Diego, Calif., firm tracks sales at retail stores such as Best Buy.

Although it's not the first time AMD has surpassed Intel in one category or another at retail—AMD edged out Intel in desktops during September, for example, Current Analysis said—the October figures appear to show AMD riding a wave.

The Sunnyvale, Calif., company's retail market share surged from around 20 percent in June to almost 40 percent in July. Intel, meanwhile, saw its monthly numbers drop from near 80 percent in June to about 60 percent in July.

"Intel had no real low-end desktop offering in October. So it lost a lot of sales there," said Matt Sargent, the firm's director of research. Meanwhile, "The [Intel] Pentium 4 wasn't price competitive with [AMD's] Athlon 64. Those factors combined to submerge Intel in October."

NPD Group, which also measures retail sales, has spotted a similar trend for AMD and Intel. During September, the last month the firm has data for, AMD had 47.6 percent of desktops, while Intel had 46.9 percent, NPD figures show. But the situation reversed itself in notebooks, where Intel garnered 68.9 percent sales, while AMD had 21.7 percent.

A 301 permanent redirect is the redirection method recommended by the major search engines. Using a 301 redirect you are in effect telling the search engines the page has moved and to update their index. It also has the nice side benefit of redirecting the benefit of inbound links to the new page.

Implementing a 301 permanent redirect is different depending on the operating system and/or programming language you are using on your server:

IIS Redirect
In internet services manager, right click on /old-file.htm
Select the radio titled "a redirection to a URL".
Enter the redirection page.
Check "The exact url entered above" and the "A permanent redirection for this resource"
Click on 'Apply'
Apache Redirect
Create a file called .htaccess in your root directory and add the following line:

Redirect 301 /current.htm http://www.domainname.com/blabla.htm
ColdFusion Redirect
Edit the file /current.htm and put the following code:

<cfheader statuscode="301" statustext="Moved permanently">
<cfheader name="Location" value="http://www.domainname.com/blabla.htm">

PHP Redirect
Edit the file /current.htm and put the following code:

<?php
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://www.domainname.com/blabla.htm" );
?>
ASP Redirect
Edit the file /current.htm and put the following code:

<%@ Language=VBScript %>
<%
Response.Status="301 Moved Permanently"
Response.AddHeader "Location", " http://www.domainname.com/blabla.htm"
%>
ASP .NET Redirect
Edit the file /current.htm and put the following code:

<script runat="server">
private void Page_Load(object sender, System.EventArgs e) {
Response.Status = "301 Moved Permanently";
Response.AddHeader("Location","http://www.domainname.com/blabla.htm");
}
</script>
HTML Redirect
Edit the file /current.htm and put the following code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Your Page Title</title>
<meta http-equiv="REFRESH" content="0;url=http://www.domainname.com/blabla.htm">
</HEAD>
<BODY>Optional page text here.

Ira Winkler: Author of "Spies among us" wrote a opinion article which should make you concerned. When you read this, it almost sounds like the plot of a cheesy science fiction novel, where some evil uberhacker is seeking world domination, while a good uberhacker applies all his super brain power to save the world. Sadly, this isn't science fiction, and we don't typically have uberhackers on our side.

Talk of these hacks is going on within the intelligence and defense communities in the U.S. and around the world. The attacks were even given a code name, Titan Rain, within the U.S. government. The attackers appear to be targeting systems with military and secret information of any type. They are also targeting the related technologies. "Full Article"

Two new versions of a virus first reported in May are staging renewed attacks against computers in Russia, encrypting files and then extorting money from victims to decode the files.

After an infection, the Russian-language instructions let victims know how many of their files have been encrypted. Translated, the warning says, "If you want to get these damn files in the decrypted format" then write to the e-mail address given. The message goes on to say, "P.S. And be thankful that they were not completely erased!"

The viruses, called JuNy.A and JuNy.B, search for more than 100 file types by extension, according to a warning issued by Websense Inc. The renewed attack was first reported on a weblog published by Kaspersky Lab Ltd.

It's suspected that the virus enters a computer after a user visits a certain Web site and then exploits a vulnerability. Another theory is the virus is activated after a user runs some type of executable code containing the virus. In the last couple of years, however, virus writers have moved away from writing malicious code simply to display their skills and are increasingly trying to make money. 

Trend offers some removal information. Troj_Juny.A Troj_Juny.B

FXP T@gging is a method for taking over a piece of a Windows server that is open to the Internet. Hackers create a directory on the drive whose name has characters that confuse the Windows operating system. James R. Twine discovered the problem in the most unpleasant way, but the discovery led to a solution, which is now available as shareware or enterprise software.

If you try to delete the directory or files in the normal manner, the OS will tell you you're trying to delete a file that cannot exist because its file name is illegal. You have to work against the OS to delete the hackers' files.

The point to remember here is that this illegal traffic can gobble up a lot of bandwidth. If a hacker put these files on your server, you want to get rid of them. Twine has produced a piece of software to make deleting them easier.

He says he became interested in the problem by accident. He was testing an unrelated piece of software on a friend's server. He had the friend open FTP access, and it was tagged in less than a week.

Deleting the files is time consuming and frustrating. Sometimes, after working against the OS to delete the files, you have to reboot it frequently. In any case, Twine says that the process requires using several different methods.

In order to avoid this time consuming process, he wrote software that goes directly into the OS. He calls it Delete FXP Files because the people who tag servers call themselves FXP groups.

fxp = File eXchange Protocol it's sending files from one ftp to the other, because usually it's a lot faster than upping it manual, with your own connection. It can be used also to make a server send files to another server (hint hint).

Timing their effort to coincide with national Cyber Security Awareness Month and Halloween, the U.S. Federal Trade Commission (FTC), Consumer Action and Microsoft are urging consumers to protect themselves from the threat of zombies, computers that are infected with malicious code so they can be controlled remotely by other people for illegal purposes.

"The only way to slow the spread of zombies and other online threats is by going after them as resolutely and in as many ways as possible," says Tim Cranton, director of Microsoft's Internet Safety Enforcement programs.

Microsoft maintains more than 130,000 MSN Hotmail "trap" accounts to investigate patterns within spam. These accounts catch e-mail sent by spammers to potential e-mail addresses. But, as all spam investigators quickly learn, investigating spam after it's delivered is like tracing an unwanted letter with an illegible (or fake) return address. Most spammers protect their identities by sending mail through zombies or using other masquerading tricks, making it fruitless to trace spammers based on the name listed in the "From" line in the e-mail's header.

But Microsoft's zombie investigation gave the company new insight into how it, as a technology developer and e-mail provider, can fight spam and zombies, as well as how to fight the creators of zombies in court.
"By inserting ourselves in the spammers' path and looking upstream, we have been able to see things we have never been able to see before," Cranton says.

Specifically, Microsoft was able to uncover the IP addresses of the computers that were sending spamming requests to the quarantined zombie, along with the addresses of the Web sites advertised in the spam.
To prove these spamming requests were not isolated examples, Microsoft compared the Web sites advertised in the quarantined zombie's spam to those listed in spam in the MSN Hotmail trap accounts.

Cranton says the researchers found numerous identical matches, and were able to determine that approximately 13 distinct spamming operations either helped create or exploit the zombie code placed on the quarantined computer.

These spammers, who are currently unidentified, are named as "John Doe" defendants in the civil lawsuit Microsoft filed in state court in King County, Wash., on Aug. 17. Filing a "John Doe" lawsuit allows Microsoft to use legal discovery tools – such as third-party subpoenas – to help learn the defendants' true identities.

A rootkit being spread through AOL's popular instant messaging client and AOL chat rooms.

Bundled within the previously identified W32/Sdbot-ADD worm, the lockx.exe rootkit file is installed when users click on the file link within the IM window. Though neither the worm nor the rootkit file are new, it appears to be the worm's first foray into the AIM (AOL's Instant Messenger) network. What's more troubling is that rootkits haven't previously been spread via IM.

Attackers can automatically pass the worm along to users on the Buddy List. Additionally, the rootkit can shut down anti-virus software, alter the users' search page, run CPU usage to 100 percent and automatically download unwanted programs such as 180Solutions, Zango, MaxSearch and others.

After watching Qrio dance, there is no doubt Sony is not just playing with toys here.

According to the WebWatch report, released Wednesday, 80 percent of all American Web surfers are at least somewhat concerned about the threat of identity theft posed by engaging in online activities.

As a result of those concerns, at least 30 percent of the 1,500 people interviewed for the survey said they have reduced the amount of time they access the Internet.

In addition to going online less frequently, 53 percent of the respondents told WebWatch that fears of ID theft have stopped them from giving out their personal information to Web sites and online marketers, while 25 percent said they are no longer purchasing items from e-commerce sites.

Americans are also increasingly skeptical regarding images they find on the Web, with 47 percent reporting that they have viewed what they believed to be manipulated pictures online. Despite that trend, 67 percent said they trust online news sites to use genuine photographs.

While this data is concerning to anyone who owns a web based business. The upside is that it appears that many people are becoming more savvy. With this the first reaction is of course to simply avoid all on line transactions. It is clear that with doubt that everything you see or read might not actually be true. Let's hope that people will learn that going out in town can be equally dangerous. Where ever your credit card is handed to someone who walks to the register with it the same dangers of the web are also present.

Some level of paranoia is a good thing to protect your identy from theft. Making informed decisions about when to offer their trust to a specific web business is very important. I personally like the injections about blogging web sites being untrustworthy. It would seem that the people are smart enough to form their own opinions.

The Measurement Factory has conducted two surveys of Internet-connected domain name servers (DNS) on behalf of Infoblox. The surveys consisted of several queries directed at each of a large set of external DNS servers to estimate the number of systems deployed today and determine specific configuration details.

The survey results revealed that many organizations often disregard these critical systems, which perform the functions necessary to make their presence available and accessible on the Internet. The Internet Systems Consortium's BIND software, which performs the domain name resolution function, is often out of date, opening the door to malicious attacks. And, the systems are sometimes mis-configured, potentially compromising network availability.

Following is a summary of the significant survey results:

There are an estimated 7.5 million external DNS servers on the public Internet

Over 75% domain name servers (of roughly 1.3 million sampled) allow recursive name service to arbitrary queriers. This opens a name server to both cache poisoning and denial of service attacks.

Over 40% allow zone transfers from arbitrary queriers. This exposes a name server to denial of service attacks and gives attackers information about internal networks.

In almost 33% of the cases, all authoritative name servers for a zone were on the /24 same subnetwork. This leaves network open to accidental and deliberate denial of service attacks.

Only 60% of the name server records delegating each zone matched the intrazone name server records . Mis-matched records may decrease the number of servers available for resolution, reduce redundancy, increase load, and leave a zone susceptible to denial of service attacks.

57% run the most recent, secure versions of BIND (9.x):

For more information, a press release and reports including methodology, complete results and all findings are available.

Press release Report: June 2005 Report: April 2005

October's round of patches proves how easily people become gun shy about going to get these patches first. Microsoft must understand that these slip ups like October produced makes people take a wait and see approach again. This simply is not in the best interest of MS, making people apprehensive about patching their machines.

While I have read MS position on the first error with MS05-051 the excuse that these things are complex. They went on to explain that we have a difficult job matching the time to deliver the fix against any possible errors. While this is complex for MS; imagine what it is for your mother or grandmother who has no idea what MSDTC is and why they need it, or want it in the first place.

Only a "limited" number of customers have been affected by this problem, and customers who received Update MS05-050 automatically or who correctly followed the steps in Microsoft's security bulletin won't be affected, Microsoft said. More information about the problem can be found here. 

In addition, there has been a significant increase in computer scanning activity -- apparently by hackers looking for targets to attack once an exploit becomes widely available. If you run Windows 2000, you should be very concerned.

The search engine Jux2 has put itself up for sale on the auction Web site eBay, a sign of the times for the hyper-competitive search industry. Winning bid: US $101,100.00

Why are we selling? We started jux2 in our spare time as a research tool to answer questions we had about search. jux2 succeeded both as a research tool (generating thousands of searches per day and providing rich data that answered our questions) and with the search cognoscenti. We felt honored to receive critical acclaim and favorable reviews from many power searchers. To do justice to the opportunity ahead of jux2 would take more time than any of us has right now. So, we’re hoping this auction will put jux2 into the hands of someone who can take it to the next level.

Buying jux2 is a great way to get into the rapidly growing Internet search industry. This auction’s winner will receive sole ownership of a fully operational meta-search engine, including the following:

• The software code running the jux2 meta-search web site

• Written instructions on how to maintain and add to the code

• The graphic files for updating the UI (including a design for adding a fourth search engine)

• The legal rights to the jux2 brand name

• Ownership of the www.jux2.com URL

The winner will not receive any of jux2’s physical assets. You’ll need your own servers, hosting facilities, etc. Also, in the future, we cannot guarantee jux2 will have access to search results from Google, Yahoo, and other search engines. You’ll have to negotiate your own search result access deals.

The first variants were detected after midnight on Thursday and ESET's ThreatSense(TM) technology immediately stopped a new variant of the Sober family of worms, once again underlining the need for proactive protection. ESET's NOD32, a unique anti-threat solution, uses advanced technology, which employs heuristic analysis to detect malicious threats in real-time.
   
   Win32/Sober.R, a part of the Sober family, has a highly-encrypted piece of code that attempts to terminate security software cleaner tools, such as McAfee's Stinger. The worm tries to remove old versions of the Sober virus and in scanning for specified files, can cause the machine to slow down significantly. Sober.R arrives as a .zip file attached to emails written in English or German. The worm can detect regional domain names, which determines the language of the message. Using its own SMTP engine, Win32/Sober.R sends mass-emailed copies of itself to additional email addresses. The message sender is spoofed and the message body may be 'signed' by the names Rita, Sandra, Nicole, Hannelore, Kerstin or Elke.
   
   "The author of the Sober worms is very aware of the AV industry, as this variant appeared during the Virus Bulletin conference in Dublin," said Andrew Lee, chief technology officer of ESET. "It may be that the author is trying to maximize the amount of time before detection by releasing at a time when a significant portion of the antivirus industry is tied up at a conference. However, ESET customers were protected from the Win32/Sober.R worm in real-time due to our powerful, ThreatSense heuristics." 
    
 ESET is providing a free remover for the Win32/Sober.R worm, which can be downloaded at www.eset.com.

Intel Corp. is shipping Xeon server multiprocessors with dual core.

The new dual-core Xeon chips for two-processor servers promise up to a 50 percent improvement over systems with two single-core processors, said Shannon Poulin, director of product marketing at Intel's Server Platform Group.

Both Intel and Advanced Micro Devices Inc. launched dual-core chips this year as a way of gaining performance while controlling power consumption. AMD initially focused on servers while Intel started with chips for desktop computers.

As a result, the new Xeon is arriving about six months after AMD's dual-core Opteron chip made its debut.

Intel's chips will benefit from an ability to handle two tasks, or threads, at once using a technology called Hyper-Threading. As a result, a two-core Xeon chip in a two-processor server can execute eight threads.

Last month, Microsoft issued no new security bulletins as part of its monthly update.

This month, though, the tune has changed, as nine patches are on tap, some of them rated as "critical." According to reports, Windows XP itself may also be getting a Service Pack 3 release in 2006.

True to form, Microsoft is vague in its advance bulletins about patches and has not disclosed the specific issues that will be addressed. Eight of the issues set to be patched will involve Windows, and there's one that specifically affects Microsoft Exchange.

Internet Explorer is among the Windows applications that are likely to be patched. Security firm Secunia reports that there are numerous unpatched vulnerabilities in IE. Among them is the "XMLHTTP" HTTP Request Injection vulnerability which "can be exploited by malicious people to manipulate certain data and conduct HTTP request smuggling attacks."

Great Britain's Cable & Wireless and Sweden's Telia are viewed by experts as the most likely suitors for the U.S. assets of bankrupt carrier PSINet. While Canadian carrier Telus signed a letter of intent with PSINet to acquire all of the fallen carrier's assets in that country, no buyer has yet emerged for any of the U.S. assets — mainly the company's backbone and Web hosting facilities.

Events following PSINet's Chapter 11 filing suggest that those assets will be significantly devalued by the time any offer materializes.

Last week, Cable & Wireless temporarily disconnected from PSINet's pipes, claiming that PSINet is not holding up its end of their peering bargain, which calls for equal bandwidth exchanges. "We notified PSINet 60 days ago that we have seen a precipitous drop in the amount of traffic hosted in the network, the flow becoming unequal," said Chad Couser, a spokesman at Cable & Wireless.

The move is a prelude to PSINet's loss of tier 1 status for its backbone, a somewhat nonscientific category applicable mostly to large carriers that barter their long-distance Internet Protocol traffic. If PSINet can't peer with Cable & Wireless as an equal, its traffic requirements are likely not up to par with other backbones, which means it would have to buy transit from larger carriers.

It's likely that the move could cost PSINet some big customers such as EarthLink, which buys PSINet's wholesale dial-up service. EarthLink's connection with PSINet was down for two days recently before being restored, with PSINet signing a letter of intent saying it would meet Cable & Wireless' peering criteria by increasing traffic flows.

Cable & Wireless itself has been pegged by many in the financial community as a potential acquisitor of PSINet assets. Another potential buyer is Telia, which put together a bid on ZipLink's backbone last year, according to financial industry sources. Another potential buyer of PSINet assets is U.S. up-and-comer Velocita. UUnet founder Rick Adams is also rumored to be interested in the company's Web hosting assets.