Mage Pages

INTERNET - Online Piracy Fight, Push-Back

2012-01-23T06:14:00.000-08:00

"Hackers Retaliate Against DOJ in Raging Online Piracy Fight" PBS Newshour 1/20/2012

Excerpt

MARGARET WARNER (Newshour): It's one of the largest criminal copyright cases ever brought. The target is a website based in Hong Kong that's been used to share large files, including movies, videos, television shows, e-books, games, and music.

It's called Megaupload, and the heavily visited site is said to have 150 million registered users and 50 million visits a day. Now it stands charged with storing and distributing pirated material, and thus robbing copyright holders of more than $500,000.

Yesterday, the Justice Department shut it down and released indictments against seven executives. Four were arrested at the New Zealand mansion of its founder, who goes by the name Kim Dotcom.

Within hours, the hacker collective called Anonymous retaliated, shutting down the websites of the Justice Department and major media groups, including Universal Music and the Motion Picture Association of America. The government's crackdown came one day after this week's online protests against anti-piracy bills in Congress.

Another excerpt

CECILIA KANG, The Washington Post: So there's a lot of -- there's a lot of suspicion around the timing of this. But these are two -- one should keep in mind that these are two discreet issues. There's the federal indictment of a criminal case, and then there are the two bills right now that are being proposed on the Hill that I should say actually have been on hold, today were put on hold because of all the controversy around them.

INTERNET - Domain Names Controversy

2012-01-13T04:33:00.000-08:00

"Domain Names: Debating the Effects of a Dot-Anything World" PBS Newshour 1/12/2012

Excerpt

RAY SUAREZ (Newshour): Since the earliest days of the Internet, Americans have gone to Web addresses with familiar names to the right of the dot, as in dot-com or dot-org.

Starting today, the company that assigns what are called domain names is making a big change. It's rolling out a program meant to dramatically increase the number and kind of names. So, instead of a company like let's say Marriott being called Marriott.com, it might now choose to be called simply .Marriott.

But it is going to cost plenty, up to $185,000 just to apply for the new name. And the total economic stakes could add up to hundreds of millions of dollars. Some businesses and lawmakers are upset with what this could mean for commerce and the future of the Web.

We look at this now with Rod Beckstrom, the president and CEO of ICANN, the Internet Corporation for Assigned Names and Numbers. And Dan Jaffe is with the Association of National Advertisers, which is part of a coalition opposed to the rollout of the program.

WINDOWS - Window Management Utility

2012-01-05T12:43:00.000-08:00

This post is about WindowManager by DeskSoft

WindowManager helps you to improve your work flow by remembering and restoring the position and size of your programs and windows. Many programs don't remember their position and size between sessions and even Windows explorer does not always restore windows to their last position. This is where WindowManager steps in and makes sure your windows are placed exactly where you want them every time you open them. WindowManager even allows you to lock the position and size of any window, so that it will always open at the same spot no matter where you move it. The window handling is fully customizable and you can set up special rules for your favorite or most frequently used windows.

Key Features:
Remembers and restores the position and size of your recently used windows

Supports explorer windows, programs, dialogs, etc.

Special rules for moving or sizing only, etc.

Ignore list for preventing position or size change

Fully customizable

Now with full Windows 7 and 64 bit compatibility

Supported operating systems:
Windows XP

Windows XP x64

Windows Vista

Windows Vista x64

Windows 7

Windows 7 x64

Windows Server 2003

Windows Server 2003 x64

Windows Server 2008

Windows Server 2008 x64

NOTE: I have tried this utility and found that it interfered with ONE window on my WinXP system. It caused the window to open in the minimized mode EVERY TIME even though the shortcut was set for normal mode. I tested this by disabling the utility, then the window would open as expected. I have removed it from my system. This is by no means saying that other users MAY find the utility works for them, especially if you NEVER use the [Save] option.

SECURITY - Protecting Against Phishing

2012-01-05T10:17:00.000-08:00

"How to Boost Your Phishing Scam Detection Skills" LifeHacker 1/5/2012

Phishing scams—the ones that try to get you to provide private information by masquerading as a legitimate company—can be easy to uncover with a skeptical eye, but some can easily get you when you let your guard down for just a second. Here's how you can boost your phishing detection skills and protect yourself during those times when you're not at full attention.

Want to test your phishing IQ and find out what kind of scams you're most likely to miss? Take this test.

What You Can Do

The way most phishing scams find victims is through email, but sometimes you'll come across a phishing site in the wild as well. Either way, here are the basic principles you want to follow to keep a cautious eye out for these malicious traps.

Check the URL

Phishing scams are designed to look like official emails and web sites from actual companies, but they aren't actually those things—they're just imitations. Because the emails and web sites are imitations they'll probably look a little different from what you'd expect in general, but more importantly those sites can't have the same URL as the web site they're pretending to because they are different sites. To check the URL, just hover of the link you're thinking of clicking. At the bottom of your window you should see the URL displayed. Once you do that, you have to figure out if it is a good URL or a bad URL.

Using PayPal as an example, you'll generally see http://www.paypal.com as part of the URL. Sometimes you'll see something like http://subdomain.paypal.com as well. Both of these URLs are okay, because they end in paypal.com. A phishing URL, however, might look something like this: http://paypal.someotherdomain.com. In this case, "paypal" is attached to another domain name (someotherdomain.com). URLs like this are the ones you want to avoid.

Always Go Direct

The best thing you can do to avoid phishing scams is always go directly to the web site you want to visit rather than clicking a link. This way you don't have to figure out if the URL is safe or not because you'll be using a URL in your bookmarks (or your brain) that you already know is safe. Doing this can also help protect you from phishing scams when you let your guard down because you'll be in the habit of visiting sites directly rather than clicking links.

I fell for a phishing scam once when I read the email right after I woke up in the morning. It was from my bank and they'd sent me a lot of verification notices lately since I'd been traveling and using my debit card all over the place. When I got another one, I didn't even think about it because I'd just woken up. I went to the site, filled in my info, and then immediately realized I'd just provided that information to a phishing scam site. I called the bank to let them know right away and got a new card, but had I changed my default behavior to calling the bank of visiting the bank's web site this probably wouldn't have happened. Of course, that's what I do now and it hasn't been a problem since.

What Your Browser Can Do For You

Detecting phishing scams on your own mainly require the mild paranoia and the behavioral adjustment described above, but there are a few other things you can do to make your everyday browsing safer.

Turn Off Form Autofill

One great feature of many web browsers is the autofill feature. It makes it really easy to fill out forms using information already stored in the browser. It also makes it easy for you to ignore the form you're filling out and just submit it, causing you to potentially miss a phishing scam when you're rushing through the process. While this precaution isn't necessary, and you might prefer the convenience of autofill to the safety benefits that deactivating it can provide, turning it off will provide a little added protection.

Utilize Your Browser's Built-In Tools

Most browsers come with some phishing protection built-in to help protect you, but it isn't always enable by default. Google Chrome keeps track of common phishing sites and can alert you when you visit one, but you may need to go through the short setup process to make it work. Firefox also offers phishing and malware protection in a similar way, and you can enable it in the Security section of Firefox's preferences.

Bump Up Your Phishing Protection with Web of Trust

Web of Trust is one of our favorite browser extensions because it automatically lets you know if a web site is trustworthy or not. While it can't possible verify every single site on the internet, it can make you aware of potentially harmful sites and phishing scams. All you have to do is install the extension for your browser and it will display a trust rating in your browser's toolbar. (You can read more about this here.) Web of Trust is available to download for Google Chrome, Firefox, Internet Explorer, Opera, Safari, and as a bookmarklet for other browsers.

WINDOWS - Win7 Menu Bars

2011-12-28T07:03:00.000-08:00

This is about turning ON Menu Bars in Windows 7 (Win7).

Menu Bar in Explorer (My Computer):

Click the [Start] logo-button and type folder options in the search-box, click Folder Options link displayed

Click the [View] tab and check [X] Always show menus

(click for better view)

IE 8 or 9, and Media Player Menu Bars:

Open Internet Explorer or Media Player

Right-click on a EMPTY area on the Tab Bar, then [X] check the Menu Bar option

CYBERCRIME - Battle Over Online Piracy

2011-12-19T07:04:00.001-08:00

"Film, Music Industries Battle Leading Internet Companies Over Online Piracy"
PBS Newshour 12/15/2011

Excerpts

JEFFREY BROWN (Newshour): Alright.

Markham Erickson, first, do you acknowledge piracy is a problem? I mean, all over the Internet, one can get copyright -- there are copyright violations.

MARKHAM ERICKSON, Open Internet Coalition: Well, sure. People are doing bad things on the Internet. And we agree that there are ways to try to deal with the very real problem of sites that are located outside of the jurisdiction of our court system and our legal system that are engaging in theft and illegal activity.

JEFFREY BROWN: What's the problem with the way they are proposing?

MARKHAM ERICKSON: The problem is, the proposals in Congress right now are not targeted to the problem of dealing with offshore illegal piracy.

We think there is a way to deal with that. And we've proposed a solution, which is to follow the money. The offshore sites are there to make money. They're there to profit from illegal activity. The companies I represent -- represent are some of the biggest ad networks and payment processors in the Internet ecosystem.

And they want to work with the rights-holders that, when an offshore site is engaged in illegal activity, they will shut off the economic lifeblood to those sites. And, if they do that, those sites will disappear.
----
JEFFREY BROWN: And what -- Mr. O'Leary, what about the proposed other -- the alternative route for dealing with this that he raised?

MICHAEL O'LEARY, Motion Picture Association of America: Well, I think that it's the -- to look at it from a positive perspective, it's encouraging to see a recognition that something has to be done about this problem.

I think that what we have concerns with the alternative proposal is that it sets up a separate court in the ITC. And that is not something which is necessarily used to deal with copyright. It's slow. It's bureaucratic. And, frankly, when someone is stealing from you, you don't have 12 to 18 months to work -- to let the bureaucratic court process work.

What we're proposing, what has bipartisan support, we have a broad support from not just the political spectrum, but across all types of American businesses is something which is a tool which will allow law enforcement to go after bad actors that are hiding overseas. We think it's more effective and more efficient.

COMMENT: As a techie in this area I support Mr. Erickson's view.

Note that Mr. O'Leary is NOT a computer network expert, he's only repeating what others have told him. His assertion that the proposed law is "more efficient" is wrong. Having the online payment processors shut-down payments to illegal sites is actually more efficient because it would NOT *require* courts at all. This could be done by the online payment processors themselves.

What the copy right industry SHOULD be doing is making a partnership with online payment processors to identify then block illegal sites. What I am proposing is that the film, music, and book industries with the online payment processors start their own origination to find, track, then block illegal sites.

The courts would only intervene IF a site disputes being blocked. Note that the online payment processors have total rights and control on just who they allow to use their services.

What is wrong with the proposed laws is that they will NOT work, because it can ONLY effect organizations within U.S. jurisdiction. They will have little effect on sites overseas that they are so concerned about.

SECURITY - Pentagon Seeks Hacker Help

2011-12-09T08:28:00.000-08:00

"Pentagon asks hackers for help with cyber security" by Joseph Straw, Daily News 11/8/2011

The Pentagon agency that invented the Internet is asking the hacker community for help in eliminating Defense Department computer vulnerabilities.

The Defense Advanced Research Projects Agency, or DARPA, hosted a meeting this week for defense stakeholders and civilian computer experts, acknowledging that it has to start thinking differently about cyber security, Wired.com reported.

And the computer networks that run U.S. infrastructure are so vulnerable to cyber attack that the White House should think twice before even attacking emerging adversaries, a national security expert said.

Richard Clarke, who advised ex-Presidents Bill Clinton and George W. Bush, added that U.S. defense networks are "as porous as a colander."

Their Goliath scale leaves them especially vulnerable to tiny attacks, the Associated Press and Wired reported.

Clarke, who claims his early 2001 warnings to the Bush administration about the emerging threat of Al Qaeda went unheeded, issued the new warnings as tensions escalate between the U.S., Israel and their shared adversary Iran.

Last month Wired reported that a mundane virus called a key logger - one that surreptitiously records keyboard typing - was found on the computers used to remotely pilot Air Force drones targeting terrorists overseas.

In 2009 national security officials disclosed that Russian and Chinese agents had penetrated the U.S. electric grid and left behind software to help map the systems.

INTERNET - Open Letter on "IP Act" and "Online Piracy Act"

2011-11-30T07:59:00.000-08:00

"An open letter to Senator Leahy regarding Internet censorship" on Newsgroups: alt.politics.usa.constitution

Dear Senator Leahy;

I am very concerned about the over-reaching authority which appears to be in the Protect IP Act and the Stop Online Piracy Act.

References:

Protect_IP_Act

Stop_Online_Piracy_Act

I am a software developer on the Internet. My main site is nodes.net which I have owned since 1998. I am working on a "quality discernment system" to advance the concept of an "intelligent web."

An integral part of the vision I hold is for individuals to "endorse" specific URL's on the web. These URL's could be something I call "metalinks" which are basically re-programmable re-directs to other web sites. These MetaLinks allow people to make a short, easy-to-
remember link for a web search or a web page.

For example, http://oil.nodes.net will redirect you to Energy Prices at Bloomburg. http://occupy.news.nodes.net will produce a search of news for "occupy" at Google news. There are many other search engines which are being included in this syntax at nodes.net

For example, http://vermont.wiki.nodes.net will take people to Wikipedia's entry for Vermont. I didn't program this metalink specifically. It is automatic. You can search for any word or phrase by substituting your word(s) for "vermont" in this URL.

In similar fashion http://05401.weather.nodes.net will take people to the weather for Burlington, VT and http://paris.time.nodes.net will take people to the current time in Paris. There are several dozen of these interfaces to other web sites and there will be hundreds, even thousands more in the near future.

I am concerned that the legislation currently being considered will limit the development of new technology to create an "intelligent web."

While the Metalinks currently in use have all been defined by someone I plan to allow intelligent software to create metalinks in the future.

It would be unwise to restrict the use of intelligent software to define links in my opinion. It's wrong to assume that all links are created by individuals operating independent of each other. Links could be a result of composite or collaborative intelligence.

In the future, metalinks will represent our "collective intelligence" or "community wisdom." That's what I'm working on now. I'm working to
create an "intelligent web." The concept I am working with is "augmented human intelligence" rather than "artificial intelligence."

I am asking you to put this legislation on the shelf for a minimum of 30 days, until 2012, so that there can be more input by the public and
a more careful analysis of what it means for all of us.

Consideration is a virtue. Please consider the effects this legislation would have on me and others who are working to advance the evolution of human intelligence on the Internet.

Sincerely,

Steve Moyer
Internet Developer
Founder, NODES Network
http://steve.nodes.net ( see what can be done with my technology )

P.S. You can see a link of all the Metalinks currently in existence, not including automatic search interfaces, at http://metalinks.nodes.net

CYBERCRIME - JoD Protections, Pro and Con

2011-11-30T07:56:00.000-08:00

"How Effective Is Justice Department Crackdown on Counterfeit Goods Dealers?" PBS Newshour 11/29/2011

Excerpt

GWEN IFILL (Newshour): We look now at the government crackdown on the online sale of counterfeit goods. The Justice Department used Cyber Monday, the biggest online shopping day of the year, to shut down 150 websites that were allegedly peddling fake shoes, sporting goods and handbags. But was this the right approach?

Joining us to discuss that are Steve Tepp, chief intellectual property counsel at the U.S. Chamber of Commerce, and Larry Downes, author of "The Laws of Disruption," a book about law and innovation in the digital age.

More significant excerpts

STEVE TEPP, U.S. Chamber of Commerce: It's a massive problem that's growing every day, because many of these sites are located outside the United States, where there is no remedy.

For the sites located in the U.S., or at least where their domain name is registered in the U.S., dot-com, dot-net, then our enforcement agencies, like the Immigration and Customs Enforcement and the Department of Justice, who are both doing fantastic work on this, protecting the American people, can go to court and seize those domains with a court order.

That's what happened yesterday, and that's 150 domain names that will not be used to steal American jobs, to harm American consumers today.
----
LARRY DOWNES, "The Laws of Disruption": Well, first, it should be noted that, you know, what we're seizing here is not the website itself, just the domain name. It's a largely symbolic act.

What happens is, the site is still there. It can be accessed directly from the I.P. address. Or what often happens is the site comes back a little bit later under another domain name. So whether that is effective or not, it doesn't matter.

WINDOWS - CD/DVD Disappears From My Computer

2011-11-23T07:22:00.000-08:00

This is a "this has never happened to me before" post.

I have an internal DVD-RAM drive (DVD Recorder, multi-foremat) and when I opened My Computer I noticed that it was missing. All my other drives (internal and external) did show.

I've had this DVD drive for years with no problems.

So, what to check:

Rebooted and checked BIOS to see the DVD drive listed

Used Device Manager, under DVD/CD-ROM drives to see list (see screenshot)

My HP DVD Writer was listed in both places.

Normally this drive was listed as G: but there was no such drive in My Computer.

Solution:

Open Disk Management (in Computer Management) and scroll-down to where your CDs are shown in the right (see screenshot). Each drive SHOULD have a Logical Drive Letter assigned.

I found that one CD/DVD drive had no Logical Drive Letter.

You right-click on the drive on the right panel, select Change Change Drive Letter and...., then (in this case) [Add] a drive letter. The dialog will show the next available letter.

In this case it showed G: which is what my HP DVD Writer should have been. Clicked [OK] and my DVD displayed AFTER I closed Computer Management.

(click for better view)

Note that this screenshot was taken AFTER I reassigned my HP DVD Writer as G:, and CD-ROM 0 is actually my external DVD-Recorder.

SECURITY - Worm, the First Digital World War

2011-11-22T06:24:00.000-08:00

"Book Chronicles Fight to Save Web From Sophisticated Computer Worm" PBS Newshour 11/21/2011

Excerpt

MARGARET WARNER (Newshour): In November 2008, computer security experts began detecting a new, highly sophisticated computer worm. They called it Conficker. Ultimately, it invaded at least 12 million computers worldwide.

The story of the campaign to defeat it is chronicled in a new book, "Worm: The First Digital World War." The author is journalist Mark Bowden.

COMMENT: I'm a computer specialist and IT Technician by trade, so I am aware of BOTnets and other malware.

There are protections for users, one mentioned in video is to keep your Windows OS updated.

The specific tool is Microsoft's Malicious Software Removal Tool downloaded during updates (or via their PC Security site).

There is a simpler protection method. This malware cannot be use, or get on your system, IF you are NOT ONLINE. If you do not have a pressing reason to be online, don't; either disconnect your internet or log-off your system. Even better, turn off your PC when you are not actually using it.

Lastly, run a GOOD Antivirus Utility. All that I know of will protect you from KNOWN BOTnet malware.

UTILITIES - Move from WinXP to Win7

2011-11-03T04:57:00.000-07:00

This post is for those who want to move your old WinXP system to a Win7 system.

CAUTION: I have not used this utility, so I cannot verify LapLink's claims.

PCmover Pro from LapLink

The Easiest Way to Move to Windows 7!

PCmover is the ONLY software that moves programs, files and settings from your old PC to your new PC – even restore from an image (or old hard drive) or perform an in-place upgrade.

The easy-to-use wizard will guide you in selecting which programs, files and settings you want on your PC. When complete, your new computer will have the personality and functionality of your old PC. And, PCmover is safe – it removes nothing from your old PC, won’t overwrite anything on your new PC, and includes an easy "Undo" feature.

Looking at the edition comparison table on their Overview page, the Professional edition is the only one worth the money. Also note the inclusion of their "High Speed Transfer Cable" if you order the boxed utility.

Also note the [Docs & Requirements] tab on the linked page. You can get the PDF docs to evaluate if this utility will do what you want.

FIREFOX - Possible Windows Error Dialog on Launch

2011-10-20T12:03:00.000-07:00

This is about an occasional problem with the Firefox browser.

This problem happened to me after:

Upgrading from Firefox 6 to Firefox 7

Then after installing a new Add-on

I did some research on the Firefox Support Forum I found the solution.

The problem is getting a Windows error dialog when Firefox cold-launches using your [Favorites] menu. By "cold-lunch" I mean when Firefox is NOT already running.

(click for larger view)

I stress this is a Windows dialog that appears BEFORE Firefox opens.

This is the fix found on the support site and it does work:

Firefox Win Error Fix

Registry Editor (regedit)

CAUTION: Editing the registry incorrectly can damage your system. Do not attempt these steps if you are inexperienced or uncomfortable using the Registry Editor.

BEFORE making changes, from the tree hierarchy on left of REGEDIT, backup the "open" folder for EACH entry listed below by righ-clicking the folder and using [Export]. Save the result as the branch-name but change "\" to dashes.

NOTE: Make the changes in the order they appear on the tree. (order shown here)

Use the directory tree hierarchy to navigate to the following and DELETE the "ddeexec" registry key:
HKEY_CLASSES_ROOT\FirefoxHTML\shell\open\ddeexec

HKEY_CLASSES_ROOT\FirefoxURL\shell\open\ddeexec

HKEY_CLASSES_ROOT\HTTP\shell\open\ddeexec

HKEY_CLASSES_ROOT\HTTPS\shell\open\ddeexec

After making the changes and closing the Registry Editor, Log Off then Log On.

Now use your [Favorites] menu to launch a site. The Windows error dialog should not appear.

Note that others have had this problem, and why it happens is not known.

WINXP - Make Icons Display Quicker

2011-10-07T14:48:00.000-07:00

In Windows XP every time you open My Computer to browse folders XP automatically searches for network files and printers. This causes a delay in displaying your icons. This also applies to your [Start] Favorites menu.

You probably see the "default" windows icon and as you scroll it changes to the correct icon. This is how to stop that...

Open My Computer

Click on the Tools menu and select Folder Options

Under Folder Options, select the View tab

Uncheck the very first box that reads "Automatically search for network folders and printers"

Click [Apply] or [OK]

You should see a dramatic increase in speed when Windows displays your icons.

NOTE: I've tested this on 2 WinXP desktops and it works.

WINXP - Changing Registry Entries

2011-10-07T14:15:00.000-07:00

This article is about changing Registry entries, especially using filename.reg downloaded from WEB sites.

First, the WARNINGS:

If it ain't broke, don't fix it DEFIANTLY applies to the Registry

If you are NOT technically-incline, DO NOT DO THIS

Do NOT trust downloaded filename.reg files, open them in NOTEPAD FIRST and see what they change

Make a backup of the Registry Branch from the tree (left-pane) BEFORE executing the REG-file, using the [Export] option, and assign a unique filename (see example below)

Only AFTER you have a backup of the Registry Branch being changed, execute the filename.reg

Backing up the Registry Branch also applies to any manual changes you make

EXAMPLE file disablerefresh.reg:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"NoNetCrawling"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"Max Cached Icons"="12000"

The Registry Branches that should be backed-up in from example file above, are (see example screenshot)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer

(click for better view)

CYBERSECURITY - Internet WEB Threat

2011-09-13T05:13:00.000-07:00

"Hacker Rattles Security Circles" by SOMINI SENGUPTA, New York Times 9/11/2011

Excerpt

He claims to be 21 years old, a student of software engineering in Tehran who reveres Ayatollah Ali Khamenei and despises dissidents in his country.

He sneaked into the computer systems of a security firm on the outskirts of Amsterdam. He created fake credentials that could allow someone to snoop on Internet connections that appeared to be secure. He then shared that bounty with people he declines to name.

The fruits of his labor are believed to have been used to tap into the online communications of as many as 300,000 unsuspecting Iranians this summer. What’s more, he punched a hole in an online security mechanism that is trusted by millions of Internet users all over the world.

Comodohacker, as he calls himself, insists he acted on his own and is unperturbed by the notion that his work may have been used to spy on antigovernment compatriots.

“I’m totally independent,” he said in an e-mail exchange with The New York Times. “I just share my findings with some people in Iran. They are free to do anything they want with my findings and things I share with them, but I’m not responsible.”

In the annals of Internet attacks, this is likely to go down as a moment of reckoning. For activists, it shows the downside of using online tools to organize: an opponent with enough determination and resources just might find a way to track their every move.

It also calls into question the reliability of a basic system of trust that global Internet brands like Google and Facebook, along with their users, rely upon. The system is intended to verify the authenticity of a particular Web site — to ensure, in effect, that Gmail is Gmail, and that the connection to the site is encrypted and difficult for an outsider to monitor.

Hundreds of companies and government authorities around the world, including in the United States and China, have the power to issue the digital certificates that the system relies upon to verify a site’s identity. The same hacker is believed to be responsible for attacks on three such companies.

In March, he claimed credit for a breach of Comodo, in Italy. In late August came the attack on the Dutch company DigiNotar. On Friday evening, a company called GlobalSign said it had detected an intrusion into its Web site, but not into more confidential systems.

Armed with certificates stolen from companies like these, someone with control over an Internet service provider, like the Iranian authorities, could trick Internet users into thinking they were safely connected to a familiar site, while eavesdropping on their online activity.

Fearing the prospect of other breaches similar to those carried out by this hacker, Mozilla, the maker of the Firefox Web browser, last week issued a warning to certificate authority companies to audit their security systems or risk being booted off Firefox.

“It is a real example of a weakness in security infrastructure that many people assumed was trustworthy,” said Richard Bejtlich, the chief security officer of Mandiant Security in Alexandria, Va. “It’s a reminder that it is only as trustworthy as the companies that make up the system. There are bound to be some that can’t protect their infrastructure, and you have results like this.”

SOFTWARE - Linux Ubuntu on IBM Mainframes?

2011-09-08T07:25:00.000-07:00

"Mainframe Ubuntu Linux?" by Steven J. Vaughan-Nichols, ZDNet 9/7/2011

When you think of “Ubuntu Linux,” you probably think of the community Linux distribution and the Linux desktop. That’s great, but Canonical, Ubuntu’s parent company, also wants you to think of Ubuntu as a server and cloud operating system platform. To that end, Canonical has been working with IBM to get Ubuntu certified on IBM’s high-end System P Power hardware line and System z mainframes.

Yes, that’s right little Ubuntu Linux may soon be certified and running on top-of-the-line IBM enterprise hardware. Before this, Canonical worked successfully with IBM on bringing Ubuntu certifications for IBM’s x86-powered System x and BladeCenter lines.

Officially, all Canonical has to say is “Our company policy is that we don’t comment on any rumors that might be circulating. We’ll of course keep you well informed of any news that comes out of Canonical.” Away from public relations though I’m hearing that Canonical and IBM have working hard on expanding Ubuntu’s reach on IBM hardware.

If all goes well, Ubuntu will be officially supported on System p within the month and it will be certified on the Z mainframes by year’s end. This is happening because Canonical is working hard on increasing its business market share. While Ubuntu is arguably the single most popular Linux distribution with individuals, it’s always lagged behind most Red Hat and SUSE, formerly Novell, in business. Canonical wants to change that.

In order to do that, Canonical has been improving its partnerships with Original Equipment Manufacturers (OEMs); major server companies such as Dell, and its enterprise customers. This next step into high-end business computing with IBM makes perfect sense in pursuing this strategy.

As for IBM? Linux has been very, very good for IBM over the last decade and they’re getting to like Ubuntu. Historically, IBM has allied with Red Hat and Novell/SUSE. But, as IBM’s VP of Open Systems Development, Dan Frye told me recently, IBM is operating system and Linux agnostic. IBM will support what its customers want, and so, it appears to me, that IBM’s customers must now be asking for Ubuntu. Sometime soon it looks like they’ll be getting it.

This could be a very big win for the Linux world.

SECURITY - Fraudulent SSL Certificate for Google.com

2011-08-30T07:57:00.000-07:00

"Fraudulent certificate triggers blocking from software companies" H Security 8/30/2011

A fraudulent SSL certificate for "*.google.com" issued by Dutch certificate authority (CA) DigiNotar, possibly to the Iranian government or its agents, has triggered a wave of updates from software makers to stop applications trusting the CA. The certificate was issued on 10 July to unknown persons in Iran.

Several security experts, such as Moxie Marlinspoke, confirmed that the SSL certificate came from DigiNotar; one pastebin entry detailed the contents of the suspicious certificate, while another called for the "internet death sentence" because the company's "carelessness may have resulted in deaths in Iran". The Electronic Frontier Foundation said in a blog posting that it believes the attacks have been used to intercept searches and private email. It is unknown who the certificate was actually issued to and whether or not any other bogus certificates were issued.

The attack was initially noticed by Google Chrome users because Chrome 13 and later implements certificate pinning which ensures that the browser will only accept certificates for Google from a whitelist of certificate authorities; DigiNotar was not a CA on the whitelist and users of Chrome were alerted that something was amiss with the certificate they were being presented. The certificate was revoked yesterday, 29 August, at 16:59 GMT, but because many browsers do not check for revoked certificates by default, software vendors have had to take action to prevent the continued exploitation of the bogus certificate. It is also currently unknown if any other bogus certificates were issued by DigiNotar, therefore the vendors are opting to block all certificates signed by the CA.

Microsoft has released a security advisory and updates for all supported Windows operating systems – including Vista SP3, Server 2008 SP2 and Windows 7 SP1 – which revoke trust in the CA's root certificate. Windows XP SP3 and Server 2003 SP2 will receive separate updates as these systems do not use the centrally managed Microsoft Certificate Trust List.

Mozilla has announced that it is releasing updates for Firefox (3.6.21, 6.0.1, 7, 8 and 9) and Firefox Mobile (6.0.1, 7, 8 and 9), Thunderbird (3.1.13 and 6.0.1) and SeaMonkey (2.3.2), which will also revoke trust in DigiNotar's root certificate. Mozilla has also released instructions on how to delete the DigiNotar Root CA certificate from Firefox manually.

Google is also disabling DigiNotar's certificate in Chrome "while investigations continue" even though Chrome detected the fraudulent certificate. The Chrome browser was only able to do that for google.com subdomains and if there are other fraudulent certificates for other domains Chrome would be unable to detect the deceit.

This is the second fraudulent certificate incident this year: in March, SSL certificates for addons.mozilla.org, Yahoo, Skype, Microsoft Live and Google were created by an intruder into a Comodo reseller.

TECHNOLOGY - Apple Without Steve Jobs?

2011-08-26T04:45:00.000-07:00

"What Will Happen to Innovation at Apple With Jobs Out as CEO?" PBS Newshour 8/25/2011

Excerpts from transcript

RAY SUAREZ (Newshour): It was all a far cry from the days when Steve Jobs and co-founder Steve Wozniak began building their now ubiquitous brand, from scratch, in a California garage. They scored an early hit with the Apple II, the first consumer-grade computer to catch on. By the mid-1980s, the company was in a slump, and Jobs was forced out.

But he returned in 1996, and Apple began a turnaround. Still, in a rare interview in 2007, he said his work was never about creating the next big thing.

STEVE JOBS: We don't worry about stuff like that. We just try to build products that we think are really wonderful and that people might want. And sometimes we're right, and sometimes we're wrong.
----
RAY SUAREZ: Walt Mossberg, whether it's consumer electronics, entertainment, even computing, which is where it all started, this has been a big impact player, hasn't it?

WALTER MOSSBERG, The Wall Street Journal: Well, you know, Ray, I think Steve Jobs is a historic figure.

He's not only a historic figure in business, but really in America. He has not only disrupted and innovated in computers and consumer electronics for all those products we saw just now listed, but he has, in the process, shaken up and revolutionized the music industry, the movie industry, publishing industry. Even the retail industry, the Apple store chain that he built, is widely admired.

And on the side, while he was doing all that, he bought a little company called Pixar and turned it into the most successful studio in Hollywood and revolutionized animation.
----
WALTER MOSSBERG: But the devotion to product is -- goes beyond just those words. It's really a devotion to designing products for actual users. You know, a lot of computer companies -- Hewlett-Packard is a good example in what they are doing in spinning off P.C.s -- are really much more interested in selling to businesses, selling to intermediaries, like I.T. departments.

Steve Jobs calls those orifices. He's much more interested in designing something for the actual consumer, whether they're in a big company or just a family. And that -- and he's a perfectionist about it. And he's surrounded himself with other people who are just laser-focused on that.

The other thing, Ray, I think is incredibly important is, they don't just make little innovations based on market research. They take big risks and make big bets on what they think the next thing that people will want is, even if the people don't know it themselves at the time.

SECURITY - AES Crypto Broken

2011-08-22T11:01:00.000-07:00

"AES crypto broken by 'groundbreaking' attack" by Dan Goodin, The Register 8/19/2011

Updated, Cryptographers have discovered a way to break the Advanced Encryption Standard used to protect everything from top-secret government documents to online banking transactions.

The technique, which was published in a paper (PDF) presented Wednesday as part of the Crypto 2011 cryptology conference in Santa Barbara, California, allows attackers to recover AES secret keys up to five times faster than previously possible. It introduces a technique known as biclique cryptanalysis to remove about two bits from 128-, 192-, and 256-bit keys.

“This research is groundbreaking because it is the first method of breaking single-key AES that is (slightly) faster than brute force,” Nate Lawson, a cryptographer and the principal of security consultancy Root Labs, wrote in an email. “However, it doesn't compromise AES in any practical way.”

He said it would still take trillions of years to recover strong AES keys using the biclique technique, which is a variant of what's known as a meet-in-the-middle cryptographic attack. This method works both from the inputs and outputs of AES towards the middle, reusing partial computation results to speed up the brute-force key search. The technique is designed to reduce the time it takes an attacker to recover the key.

Lawson continued:

This technique is a divide-and-conquer attack. To find an unknown key, they partition all the possible keys into a set of groups. This is possible because AES subkeys only have small differences between rounds. They can then perform a smaller search for the full key because they can reuse partial bits of the key in later phases of the computation.

It's impressive work but there's no better cipher to use than AES for now.

AES remains the favored cryptographic scheme of the US government. The National Institute of Standards and Technology commissioned AES in 2001 as a replacement for the DES, or Digital Encryption Standard, which was showing signs of its age.

The research is the work of Andrey Bogdanov of Katholieke Universiteit Leuven; Microsoft Research's Dmitry Khovratovich; and Christian Rechberger of Ecole Normale Superieure in Paris. Bogdanov and Rechberger took leave from their positions to work on the project for Microsoft Research. ®

Update

Vulture Central has been deluged with missives from outraged readers complaining about the use of the word “broken” in the headline. "Broken" in cryptography is the result of any attack that is faster than brute force. The biclique technique described here allows attackers to recover keys up to five times faster than brute-force. AES may not be completely broken, but it's broken nonetheless.

What's more, theoretical attacks against widely used crypto algorithms often get better over time. As Root Labs' Lawson has noted, MD5 wasn't compromised in a single 2004 paper. Rather, people successively found better and better attacks against it, starting in the mid 1990's.

WINDOWS - MFT and MFT Zone

2011-08-15T13:41:00.000-07:00

This is about the Windows NTFS Master File Table (MFT) and MFT Zones.

From SearchWindowsServer.com, Master File Table:

The master file table (MFT) is a database in which information about every file and directory on an NT File System (NTFS) volume is stored. There is at least one record for every file and directory on the NTFS logical volume. Each record contains attributes that tell the operating system (OS) how to deal with the file or directory associated with the record.

Detailed information about a file or directory such as the type, size, date/time of creation, date/time of most recent modification and author identity is either stored in MFT entries or in space external to the MFT but described by the MFT entries. For a complete list of MFT attributes, click on "View" (in Explorer aka My Computer) in an open folder containing at least one file or subfolder and then click on "Choose Details." You can select which attributes you want made visible by checking or unchecking the boxes in the left-hand column of the resulting pop-up window.

Screenshot of MFT Data List
(click for better view)

MFT Zone, excerpt from PCGuide.com

As more files and directories are added to the file system, it becomes necessary for NTFS to add more records to the MFT. Since keeping the MFT contiguous on the disk improves performance, when an NTFS volume is first set up, the operating system reserves about 12.5% of the disk space immediately following the MFT; this is sometimes called the "MFT Zone". This is a substantial chunk of real estate to reserve, but bear in mind that it is still usable. Regular files and directories will not use this space until and unless the rest of the disk volume space is consumed, but if that occurs, the "MFT Zone" will be used. Eventually, if there are enough entries placed in the MFT, as it expands it will use up the "MFT Zone". When this happens, the operating system will automatically allocate more space elsewhere on the disk for the MFT. This allows the MFT to grow to a size limited only by the size of the volume, but this fragmentation of the MFT may reduce performance by increasing the number of reads required for some files, and the MFT cannot generally be defragmented.

WARNING: The main reason for posting this article has to do with a major problem that can occur (and did to me just the other day).

This has to do with the "Delayed Write" on hard drives. On modern hard drives data is not written to the drive real-time. The data is stored in a memory cache, sometimes the drive itself has a cache.

A major problem occurs when the copy of the drive's MFT kept is in memory cannot be written to the drive. You get a error dialog stating that "delayed write" failed and it lists "$MFT" which is the hidden filename. The dialog will also state that "data has been lost."

In my case, this happened when I tried to Restart/Reboot my system, and the error was for to my USB External Hard Drive and the usual tools could not fix (rebuild) the MFT. I suspect a USB hard drive interface hardware failure.

This will make the hard drive inaccessible. Your system may be able to see the hard drive, but it will show as NOT partitioned. Therefore ALL your data on the drive is lost/inaccessible.

This CAN happen to any hard drive, but External Hard Drives are especially susceptible if the interface (USB or Firewire) goes bad during actual operation. I believe that USB External Hard Drive are most susceptible because of all the other USB devices that you connect to your USB ports. A glitch in another USB device at a critical moment, causes a problem on the USB External Drive (like a Delay Write failure of the $MFT).

SOFTWARE - EaseUS Partition Master Pro

2011-08-12T06:34:00.000-07:00

An excellent hard drive partition utility, EaseUS Partition Master Professional.

All Partition Master Pro's features can be seen in the sidebar of the screenshot of the Main Dialog.

Especially note the "WinPE bootable disk" under Tools. This is also available from Partition Master's start menu list as "Create bootable disk." Partition Master comes with an ISO image that is written (using either option) to a CD and runs the entire utility when you boot to the CD. This is the best feature, and I suggest using this CD for the most trouble-free method of using this utility especially for operations on your boot disk (C:).

Note the dark purple color designates a Primary Partition, the cyan is a Logical Partition.

In the screenshot, both Disk1 and Disk2 are external Firewire Hard Drives, and are seen by Windows (WinXP SP3) first.

(click for better view)

NOTE: This is better than MimiTool's Partition Wizard Pro.

PRIVACY - Facial Recognition Technology and Social Networking

2011-08-05T11:57:00.000-07:00

"Profile pics on social media sites pose privacy risk, researcher warns" by Jaikumar Vijayan, ComputerWorld 8/5/2011

Excerpt

Facial recognition tech makes it easier to combine offline, online identities

Imagine walking down a street and having a total stranger being able to instantly pull up your name, date of birth, Social Security number, your last blog item and other data on their smart phone.

That could soon happen, said Alessandro Acquisti, associate professor of IT and public policy at Carnegie Mellon University's Heinz College.

In a presentation at the Black Hat conference here this week, Acquisti demonstrated how it's becoming easier for strangers to identify people and infer detailed information about them from their publicly available images on sites such as Facebook and LinkedIn.

The trend has "ominous implications for privacy," Acquisti said. "I'm here to raise awareness of what I feel is going to happen."

Acquisti detailed the results of a series of experiments he conducted in which he applied off-the-shelf facial recognition tools to publicly available Facebook profile images to uniquely identify individuals. In one of the experiments, Acquisti and his team of researchers attempted to glean the true identities of individuals who had posted their images under assumed names on an online dating site

First, they used a search engine and an API they developed to automatically extract about 275,000 publicly available profile images of Facebook members in a particular city.

They then did the same with publicly available images of individuals in the same city who had posted on the dating site. Acquisti used a facial recognition tool called Pittsburgh Pattern Recognition (PittPatt) developed at CMU to see whether he could find matches between the dating site images and the Facebook profile pictures.

In all, about 5,800 dating site members also had Facebook profiles. Of these, more than 4,900 were uniquely identified. The numbers are significant because a previous CMU survey showed that about 90% of Facebook members use their real name on their profiles, Acquisiti said. Though the dating site members had used assumed names to remain anonymous, their real identities were revealed just by matching them with their Facebook profiles.

In another experiment, Acquisti's team took webcam photos of nearly 100 students and tried to match those images with the pictures on each student's Facebook profile.

Students were asked to pose for three photos and then fill out a short survey. While the surveys were being filled out, the webcam images were run against PittPatt to see whether a match could be found on Facebook.

In that experiment, about 31% of the students were correctly matched with their Facebook profiles -- in about 3 seconds.

CYBERSECURITY - Massive Spying Campaign

2011-08-05T08:04:00.000-07:00

"Massive Campaign of Cyber Spying Uncovered" PBS Newshour 7/4/2011

Excerpts from transcript

MARGARET WARNER (Newshour): For at least five years, a high-level hacking campaign infiltrated the computer systems of more than 70 governments, corporations and public and private organizations in 14 countries. So says the Internet security firm McAfee, which uncovered the massive campaign and dubbed it Operation Shady RAT.

A summary released by McAfee yesterday identified -- identified the perpetrator only as one specific state actor.
----
MICHAEL JOSEPH GROSS, Vanity Fair: This is an unprecedented campaign of cyber-espionage, demonstrates with absolute clarity now that there are just two kinds of organizations, those that have been compromised and those that haven't, as Dmitri Alperovitch, the guy who discovered this campaign, has often said.

What happened is, they went into more than 70 organizations, everything from the International Olympic Committee to giant corporations, to tiny nonprofits, in 30 different organizational categories in 14 countries. They took out government secrets, design schematics, legal contracts, negotiation plans for business deals, every kind of sensitive information you can think of.

In many cases, these organizations were compromised for at least a year, in some cases, more than two years. And there's a really interesting pattern to the evolution of the attacks that suggest where they may have come from.

MARGARET WARNER: And that is?

MICHAEL JOSEPH GROSS: That is China.

"Revealed: Operation Shady RAT" by Dmitri Alperovitch, McAfee Labs 8/2/2011

Excerpt

For the last few years, especially since the public revelation of Operation Aurora, the targeted successful intrusion into Google and two dozen other companies, I have often been asked by our worldwide customers if they should worry about such sophisticated penetrations themselves or if that is a concern only for government agencies, defense contractors, and perhaps Google. My answer in almost all cases has been unequivocal: absolutely.

Having investigated intrusions such as Operation Aurora and Night Dragon (systemic long-term compromise of Western oil and gas industry), as well as numerous others that have not been disclosed publicly, I am convinced that every company in every conceivable industry with significant size and valuable intellectual property and trade secrets has been compromised (or will be shortly), with the great majority of the victims rarely discovering the intrusion or its impact. In fact, I divide the entire set of Fortune Global 2000 firms into two categories: those that know they’ve been compromised and those that don’t yet know.

McAfee Global Threat Intelligence

SECURITY - Cybercrime, Attacker Arrested

2011-07-28T05:23:00.000-07:00

"British Police Make Arrest in Net Attacks" by SOMINI SENGUPTA, New York Times 7/27/2011

Excerpt

The British police announced the arrest on Wednesday of a 19-year-old man who they said was the spokesman of the online vigilante group Lulz Security, which has claimed responsibility for a string of attacks on the Web sites of government agencies and private corporations.

In a statement, the police said the man used the online alias Topiary and had been picked up during a raid on a residence in the Shetland Islands, the rugged archipelago off the northeastern coast of Scotland. The police said they were also questioning a 17-year-old but had not arrested him.

On Twitter, Topiary described himself as a “simple prankster turned swank garden hedge.” His missives were often facetious, suggesting the handiwork of someone who relished playful language.

Lulz Security, the offshoot of a larger and more amorphous hacker group called Anonymous, has said it was responsible for attacks on the sites of PBS, the Senate, the Arizona Department of Public Safety and a company associated with the F.B.I.