Saturday, February 18, 2006

2nd Mac virus that spreads over bluetooth.

Today we got a sample of rather interesting case, a Mac OS X Bluetooth worm that spreads over Bluetooth.

OSX/Inqtana.A is a proof of concept worm for Mac OS X 10.4 (Tiger). It tries to spread from one infected system to others by using Bluetooth OBEX Push vulnerability CAN-2005-1333.

If you are using OS X 10.4 make sure that you have latest security patches installed and you are safe from Inqtana.A and any future worm that tries to use same exploit.

Inqtana.A has not been met in the wild and it uses Bluetooth library that is locked into specific Bluetooth address and the library expires on 24. February 2006. So it is quite unlikely that Inqtana.A would be any kind of threat.

F-Secure : 2nd Mac virus


Google rips Justice Department in court papers

Right after I posted this, I ran across this USA Today article, and applaud Google. :)
Google rips Justice Department in court papers
By Michael Liedtke, The Associated Press
SAN FRANCISCO — Google criticized the Bush administration's demand to examine millions of its users' Internet search requests as a misguided fishing expedition that threatens to ruin the company's credibility and reveal its closely guarded secrets.

The Mountain View, Calif.-based company delivered its indignant critique Friday in a 25-page brief that marked its initial legal response to the U.S. Justice Department's attempt to force the online search engine leader to comply with a 6-month-old subpoena.

--MissM - Google rips Justice Department in court papers

Update: The Official Google Response to the DoJ motion
It includes a link to the 25 page pdf response from Google.

The Impact of Emerging Technologies: Google's Private Lives - Technology Review

Google's Private Lives

Its new desktop search application would make your personal files available for government searches without your knowledge.

By Dylan Tweney

A new search technology from Google makes it possible for law enforcement officials to examine personal documents from your hard drive, without your knowing it, according to the digital-rights advocacy organization Electronic Frontier Foundation (EFF).

Released last week, Google Desktop 3, the latest version of the company's desktop search utility, adds a "Search Across Computers" feature that automatically uploads files from a user's computer onto Google's servers. Then, when a search is performed on any computer owned by the user, Google Desktop will pull search results from both the Web and information stored on all the user's computers.

Certainly, such a feature will be handy for anyone trying to coordinate a project from different locations. Yet the idea of turning over private files to a public company is worrisome to privacy advocates. In fact, in a press release, the EFF has urged consumers to avoid the Search Across Computers feature because it would make consumers' files more vulnerable to subpoenas from government investigators as well as private litigants.

Of course, it's headlines news that Google (as well as its competitors) has already given in to pressure from a national government, by excluding censored content from its Chinese portal ( Although so far the company has resisted a U.S. Department of Justice subpoena asking it to turn over logs for millions of recent search terms, smaller subpoenas -- such as those for the search history of a particular user's IP address -- don't make the news, because they're often sealed.

This spells out the creepy feeling google desktop has always given me....

The Impact of Emerging Technologies: Google's Private Lives

PlayStation 3 costs $900, sez Merrill Lynch mob

I was reminded of how much Microsoft is losing on the hardware for the XBOX360.
So if you were gonna get a PS3, how much would you pay? Microsoft's plan on making business on the software side, seems to work for them.

Engadget is a great geek site, and they have a podcast that I listen to regularly.
PlayStation 3 costs $900, sez Merrill Lynch mob - Engadget

Fixing It With Knoppix

The link above is about fixing a Linux installation with Knoppix, even if it's not a Knoppix installation.

There is also one about fixing a Windows installation here.

Both are at Extreme Tech.

So, if those of less geeky inclination are wondering why we are always talking about using Knoppix or similar live cds to repair filesystems, I recommend these two articles as a good place to start.


Friday, February 17, 2006

Lavasoft's ARIES Rootkit Remover

"Lavasoft is pleased to launch a new Project ECO Tool, the ARIES Rootkit Remover, to get rid of the rootkit developed by First4Internet used by Sony BMG to hide their DRM (Digital Rights Management) software. "

Thursday, February 16, 2006

Mac Virus Hits the Streets!

Contrary to some pronouncements, Macs can get a virus. I'm disinfecting one of this virus right now.

As with so many virii, user interaction is necessary to get infected. This one arrives via Apple's iChat instant messenger.

The link above is to a story at The Inquirer and will point you to Sophos, who have more information.


Wednesday, February 15, 2006

Microsoft patch fails to install for some users | InfoWorld | News | 2006-02-15 | By James Niccolai

We were talking about this in Independent Computer Users Group chat. Did you get it installed?

Newsletter #53 February 2006

I found this on and found it very interesting. I've copied what I see as the BIGGEST IT opportunity. But, go to the page and he has some superb tips on troubleshooting network problems.
Separate the C and Si Problems

I've solved a lot of network problems, but this one was a toughie.

"I've got a DHCP server that is delivering IP addresses to two segments. The systems on the same segment as the DHCP server are getting IP addresses with no trouble, but the systems on the other segment, none of them work!"

My first question (and probably yours, if you're a network techie) is, "does the router between the two segments pass DHCP requests?" (In geek-ese, you may know that the other way to say this is "does the router support RFC 1542 BOOTP forwarding?") Or alternatively, I ask, "is there a DHCP forwarder on the second segment?"

"Yes," the person replies, explaining that the router passes BOOTP packets.

Hmmm. So what else might it be? Check IP connectivity -- does the router block any particular port? If it's in a network with an Active Directory and the DHCP server is on a 2000 or 2003 server, has that server been authorized in AD? No port blocks, and yes, it's been authorized. That's when I realize that it was a stupid question -- if DHCP weren't working, the first segment wouldn't have IP addresses. Ah, but what if -- a eureka moment! -- somehow (1) the DHCP server hadn't been authorized for the past six days and for some reason all of the systems on the nearby segment still had lease time left but all of the ones on the second segment had their leases run out earlier, and so were the canaries in the coal mine? So I tell the person to try to do an IPCONFIG /RENEW on one system on each segment. The one of the first segment succeeds, the one on the second doesn't.

Ready for the answer? It's simple: the guy had no idea what the heck BOOTP forwarding was, figured that his router guys must have allowed for that -- after all, they did go to a CCNA boot camp -- and just told me what I wanted to hear. In other words, it is always possible that the carbon-based parts of the network ("C" is the symbol for the element carbon) don't report reliable information, and so the problem lay not in the silicon part of the network ("Si" is the symbol for the element silicon) but in the carbon component. To paraphrase Shakespeare, "the fault, dear Brutus, lay not in the chips but in the people."

Don't misunderstand me, I'm not saying that everyone lies or is incompetent. But I am saying that under stress people don't always think as clearly as they should, and that network support people have had a lot of new things thrown in their laps in the past few years -- remember when we "discovered" security in 2001, or that we all need database servers whether we want them or not in 2004? -- without receiving a concomitant increase in staffing. We're all just human. We make mistakes. Think about how we make silicon-based systems more reliable: we cluster them. The same thing works for carbon-based units: more eyeballs looking at a problem often make for a more quickly-solved problem.

And -- this is important -- remember that we techies tend to think of computer problems in terms of the silicon side sometimes more than we do the carbon side. In fact, sometimes we see the carbon side as being sort of minimal, and only relevant in a few cases. But if you sit back and think about most of the things that you have to fix, you'll end up seeing that most of those problems have a carbon component that is at least as important as the silicon component. I mean, Trojans don't write themselves, y'know?

I think that IT requires mostly people skills, so I dispute that geeks are *NOT* good with people. :P

update: corrected to include *NOT*, oops.

Newsletter #53 February 2006

AJAX Poses Security, Performance Risks

The link is to a short article at eWeek. In it, the author comments on how much AJAX (and particularly the XML portion of it) can increase network traffic. Since Peter and I talked about that on the show, two weeks ago) I have been finding accounts of such systems increasing network traffic by figures spanning the range between 3.5 and 12 times! That really is a lot. Plus, outside of the increased packet transmissions and receptions, there are significant processing loads on the server side. No free lunch here, folks.

Even so; not all the hype surrounding AJAX is misleading. There are significant benefits to using the technologies in many cases. The problem is one of choosing when these technologies are appropriate to use and when they are not.


Tuesday, February 14, 2006

Who Said MegaHertz Don't Matter Any More?

Apple has just begun shipments of their MacBook laptop using the Intel Core Duo cpu. Apple is offering three different clock speeds; 1.83, 2.0 and 2.16 GHz. I've been to the stores to see one and without exception, the customers, or prospective customers are speaking in terms of GHz, again. To me, it seems they are more comfortable doing that than measuring performance in terms of flops or throughput or any other metric.

Now AMD is pushing the Opteron 256 at 3.0 GHz and I hear that spoken of in terms of clock speed, as well. The chip companies have no one but themselves to blame for this, of course, but I do believe these last two releases have reversed all the changes in consumer thinking that they had labored so hard to foster. One slip of the lip, as it were.

I'm really interested in whether Intel, IBM and AMD will try to reinstate other metrics or simply give in and go back to clock speeds to differentiate their models in the pubic eye.


Site Advisor

This sounds like a good idea and if implemented well, I think it will improve web security for a lot of users.

Basically, Site Advisor gives you the results of automated searches which rate the conduct of the web site you want to view. Should it deliver adware, spyware or (Heaven forbid)something worse, the application will alert you. There will be two versions of the software; one paid for and one free. I'm not quite clear on the differences so I can't comment on that.

Done well, this could mean a virtual end to "drive-by downloads" and spyware bundled with desireable applications. All the user has to do is pay attention, though I must admit I know more than a few who will not do so, no matter what. Versions are available for Internet Explorer and Mozilla Firefox and function as browser extensions.

I intend to install and test this and if any or our listeners want to do so, we can pool our experiences for a report on the show in a week or three.


Monday, February 13, 2006

tech.memeorandum @ 11:05 AM ET, February 13, 2006

Microsoft's Anti-Spyware program is causing troubles for people who also use Symantec's Norton Anti-Virus software; apparently, a recent update to Microsoft's anti-spyware application flags Norton as a password-stealing program and prompts users to remove it.
Update: 10:58 p.m. ET: I heard from Microsoft, and they say the problem is limited to customers running Symantec Antivirus (SAV) Corporate Edition versions 7, 8, 9 or 10 or Symantec Client Security (SCS) versions 1, 2 or 3 in combination with Windows AntiSpyware Beta 1. "The beta software will prompt and allow the user to remove a registry key containing subkeys belonging to these Symantec products. The deletion of these registry keys will cause all versions of the SAV and SCS software to stop operating correctly. No files are removed in this situation, only registry keys."

The rest of the statement Microsoft sent me says: "Once this issue was discovered, Microsoft quickly released a new signature set (5807) to remove this false positive. Both companies are working jointly together to identify the number of affected customers, which we believe to be very limited. Microsoft and Symantec are working jointly on a solution to restore normal operation of the Symantec software. Until this solution is available, customers can utilize System Restore in Windows XP to restore to an earlier point prior to the removal of the registry keys, or reinstall their client software."


tech.memeorandum @ 11:05 AM ET, February 13, 2006

Sunday, February 12, 2006

OnComputers Radio show Podcast 02-12-06

This is the On Computers Radio show podcast for 02-12-06. If you prefer, you can download the same file here via ftp.

A Fix for Zone Alarm Phoning Home

I haven't used Zone Alarm in a while and so missed when the story broke. However; it appears ZA phones home to servers controlled by Zone Labs. No one has given a satisfactory explanation of why this behavior was coded in, to the best of my knowledge. There are four servers involved.

This little article in The Inquirer details how to block this behavior, using the hosts file in ZA itself. It's easy to implement.