Welcome to PChuck's Network News.

Monday, May 29, 2006

Dufus or Joe Job Victim? Your Call



Amir sold a laptop, used, on E-Bay. Mistake 1.

Amir didn't think to wipe the drive on the laptop. There were lots of interesting pictures, and more, on the drive. Mistake 2. Big mistake.





Oh yeah, the laptop didn't work, and it lacked features as advertised. Mistakes 3 and 4.

Amir took 2 months to send the laptop to the purchaser, and ignored repeated refund requests from the purchaser. Mistakes 5 and 6.


The guy who purchased it knew how to remove the hard drive and extract the contents. And he knew how to create a blog. Now that blog, The Broken Laptop I Sold On Ebay, and subsequent blog Amir Massoud Tofangsazan: The Blog Continues is Amir's problem. (Note 8/17): The latter selection has more relevant content; the former appears to have mutated into a splog.

Always, and I mean Always, Clean the Hard Drive Before Dumping Your PC. I'll bet Amir will, the next time.

Tuesday, May 23, 2006

419 Operations To Be Recognised By African Governments?

This is a stretch, but just a small one.

IANA awarded the 41.0.0.0/8 subnet to AfriNIC in April 2005.

It takes VERY little imagination to see the 41.9.0.0/16 being a subnet valued by someone. Maybe a Nigerian industrial ISP?


5/23/2006 14:46:09 whois -h whois.arin.net 41.9.0.0

OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU

NetRange: 41.0.0.0 - 41.255.255.255
CIDR: 41.0.0.0/8
NetName: NET41
NetHandle: NET-41-0-0-0-1
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
Comment:
RegDate: 2005-04-12
Updated: 2005-07-12

OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net

OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc@afrinic.net

# ARIN WHOIS database, last updated 2006-05-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

There's no way that this is a mere coincidence. Blocks 36.0.0.0/8, 37.0.0.0/8, and 39.0.0.0/8 are all available. Don't believe me? Do a WhoIs lookup on "36.0.0.1". Use either
or any WhoIs type tool that you like. Check it.

Somebody in either AfriNIC or IANA has a wicked sense of humour.

Thursday, May 18, 2006

There's A Sucker Born Every Minute

That's an old saying traditionally attributed to the ancient showman P.T. Barnum. Nowadays, that translates into every second.

If you are a MySpace user, you may have gotten a bulletin (mass mailed notice from any one of your "friends") offering you software to track who is viewing your profile. As reported in the Washington Post blog When Spyware Performs as Advertised, when you click on the link in the bulletin (and that's your first mistake), you eventually end up on a page where they state that


the tracking software isn't really available quite yet -- but hey, there's some free adware from 180Solutions Inc. instead!

When you click on the icon that reads "After posting a bulletin CLICK HERE to gain access to myfriendspy.com info," an installation agreement for Zango pops up. Zango is the much-maligned product of adware maker 180Solutions, which of course monitors what you search for and where you go online.

So, though disappointed to not get free tracking software, the sucker (no I meant to say the customer) installs Zango instead. Instead of YOU seeing when your friends view your profile, Zango then watches what YOU do online.

But at least YOU are warned when you install Zango aka MyFriendSpy. They don't hide themselves, like spyware of ancient times. So of course Zango isn't spyware.

Right. Heck, Zango gives you free software to change the colour of your display name. And promises you free access to all Zango supported content across the Internet.


This way to the egress
.

Wednesday, May 17, 2006

Win Some, Lose Some

This week, the good guys lost one.

This is a battle that few were aware of, mainly just the security experts. I only read about it in the news like everybody else.

Several months ago, an Israeli security firm, BlueSecurity, took overt action against the leading world spammers. The spammers, seriously threatened by the action, employed Russian criminals, who used the millions of botted computers in the world, and responded against BlueSecurity and its major customers. Today, BlueSecurity admitted defeat by the spammmers, and closed its doors.

The BlueSecurity website, which earlier today contained a brief statement of defeat, now does not even exist. A quote from the former website, provided by DSLR Forums Spammers Defeat Blue Security:


Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users.

However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against any members of the Blue Community.

After recovering from the attack, we determined that once we reactivated the Blue ommunity, spammers would resume their attacks. We cannot take the responsibility for n ever-escalating cyber war through our continued operations.


During the past few weeks, in some of the security forums discussions about this event, some security experts noted a substantial decrease in the spam level. BlueSecurity did make a difference, during their brief struggle. But it was a short lived difference.

Watch your mailboxes.

Tuesday, May 09, 2006

May 2006 Black Tuesday Report

We have 2 Critical vulnerabilities reported by Microsoft today.


  1. MS06-019, aka 916803 - Remote Code Execution.
  2. MS06-020, aka 913433 - Remote Code Execution.

Monday, May 08, 2006

Does IPV6 Have A Future?

One guy thinks not. Todd Underwood, Chief Operations and Security Officer of Renesys Corporation, has some interesting opinions about IPV6. Interestingly enough, some of his observations echo mine.


  • IPv6 is a new network protocol with no interoperability with IPv4 (and no, tunnels don't count).
  • Since virtually every important feature of IPv6 has been back-ported to IPv4 (auto-configuration, security, QoS), there's no compelling reason for any individual user or end-site to want IPv6 service.
  • There are a lot of reasons not to want it. There's no content to look at. This is largely because there are no users. There are no users because there are no other users. And so on.

I became aware of its shortcomings when I tried to assist with a network problem that, in its final analysis, originated from Teredo Tunneling. IPV6 apparently is not compatible with Windows Networking, in Windows XP. Windows Vista has native IPV6 support, built-in to its newly designed IP stack. But I don't think that Vista will drive IPV6, nor vice versa.

Wednesday, May 03, 2006

Firefox V1.5.0.3

Firefox V1.5.0.3 is out - it fixes a possible denial of service vulnerability, and is marked Critical.

If you haven't disabled Automatic Updates in your Firefox installation, it may soon upgrade automatically. My advice? Download and upgrade on your own, when it's convenient. Better than having your bandwidth ties up unexpectedly, or having the computer reboot on you when it's not convenient.

Update 2006/05/11: ISC / SANS reports a Proof Of Concept exploit, published by SecurityView, against a vulnerability in V1.5.0.3 and prior versions. Consider using the workaround described in the SANS article.