Welcome to PChuck's Network News.

Friday, June 16, 2006

PirateBay Strikes Back

PirateBay, one of the larger BitTorrent trackers, and based in Sweden, was recently under attack by the MPAA / RIAA. PirateBay is trying to keep the RIAA / MPAA from strangling the future of recorded music.

Well, PirateBay is back.

Patch Tuesday Was This Week

And already trouble calls are coming in.

If your computer connects by dialup to the Internet, you may find problems, after applying Critical Patch MS06-025 (KB911280).

Microsoft currently is requesting individual problem reports, from anybody experiencing problems with dialup service, after appling the patch. ISC / SANS Potential Patch Problem with MS06-025 reports:

They want each customer to open their own case. You need to mention MS06-025 breaking dial up and your case will be created and then added to the master case. The number to use to contact Microsoft for free support, for issues such as these, remains the same: 1-(866) PC-SAFETY.

Thursday, June 08, 2006

R.I.P., Windows 98, 98SE, ME, and XP SP1

Windows 98, 98SE, and ME have reached the end of their support lifecycles.

Support for Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition (Me) ends on July 11, 2006, which is the July 2006
Monthly Bulletin Release date. This means Microsoft will end public and
technical support on July 11, 2006. This also includes security updates.

Also, an anticipated update to Windows Explorer won't be provided, either. See the FAQ.

After extensive investigation, we’ve found that it’s not
feasible to make the extensive changes necessary to Windows Explorer on
these older versions of Windows to eliminate the vulnerability.

Windows XP SP1 will be soon reaching the end of its support lifecycle, too. Update, before it's too late.

Wednesday, June 07, 2006

Sharing The Pain

Last year, Microsoft produced a very popular video called We Share Your Pain, where they describe a Microsoft Quality Assurance program where their employees are properly motivated to not cause problems by writing problem code.

The program (regrettably mythical) includes a rather special desk chair used by Microsoft employees. The chair would punish the employee, who writes the defective code, in several possible ways. One way, demonstrated by the engineer of the chair, would involve

2 needles, released from the bottom of the chair, into the fleshly part of the buttocks

unorthodox, but effective - it's more people related

This month, we learn that even Steve Ballmer felt the pain once. He tried to cleanup an infected computer, unsuccessfully. Even a crack team of Microsoft engineers could not clean up this computer.

According to the teller of the tale, Jim Allchin, the brilliant mind behind Windows Vista and Windows XP,

Ballmer eventually gave up and instead lugged the machine back to Microsoft's Redmond, Wash. campus. There, several engineers spent several days, burrowing deep into the system to figure out the problem. Imagine, CSI: Redmond.

It turns out there were more than a hundred pieces of malware of various types. Things that these engineers using Microsoft's own private tools could not ferret out and fix.

There are many points to this tale. Most will say that it merely indicates that malware is out of control. Those folks would be wrong.

The point here is that, if you depend upon periodically cleaning up your computer, you are wasting your time. Eventually, cleaning up your computer won't work. Some malware is written to protect itself from being removed.

The best way to not share the pain, or ever feel the pain, is to protect your computer. Keep malware off your computer, and your network. Layer Your Security. That's the answer.

Tuesday, June 06, 2006

Happy Devil's Day

Today is 6/6/6, and we have a new devil noted.

Taking a cue from some earlier bad guys, the virus of the week, GpCode.af, will encrypt the contents of your hard drive, then leave you a message directing who to contact. Upon sending email to the instructed address, you will supposedly be provided with payment instructions.

This threat appears rather alarming.

  • One expert, Harry Waldron, notes that
    ...at the moment, we're still not 100% sure how this virus penetrates victim computers.
  • This devil is using a very high level encryption - One version uses RSA 330 bit. To bring this to an understandable reference, for those of you who have seen the WEP cracking video - I don't think you'll be recovering your computer, if infected by GPCode, quite as quickly as the demo shows a WEP AP being cracked.
  • F-Secure Virus Descriptions : Gpcode calls this
    ...a type of criminal activity that has not been seen for a long time.

Kaspersky Labs has very specific instructions for you, should you find yourself infected.

Kaspersky Lab strongly recommends that anyone who has had files encrypted should contact the Virus Lab. Under no circumstances should users give in to blackmail, as this will encourage the authors of this program to create new versions.

We certainly don't want this behaviour to spread. What if the bad guys discover that it's simpler to simply scramble your data, then ask for money? What do you do when the "password" that they deliver to you, in response to your "payment", doesn't work? Do you think you'll get your money back?

Interesting spam out too. SANS Diary Spam - spam - spam reports
Some of our readers report receiving messages apearing to originate from themselves, with only numbers as subject and body.

The number in the body, according to several DSL Reports members, appears to be

SANS Diary Spam - spam - spam further notes that

Some guesses as to what the cause of the spam might be have been received by now and I'd like to point out a few:

  • Today's date is the number of the beast, it might attract some old style hackers.
  • There is a possible link to Bagle seeding as it was done in the past and we might need to expect a new variant of it soon.

It's now 18:00 here in California. Most parts of the world are already into 6/7. Devils Day is almost over.

I don't think it's effects will end very soon though.

Friday, June 02, 2006

Firefox V1.5.0.4

Firefox V1.5.0.4 is out - it resolves several known security issues, and is marked Critical.

As I noted with V1.5.0.3, it is now downloading automatically. If you have Firefox installed, it may have already updated. If not, you may wish to do this at your convenience, or let the automatic update feature perform the update for you. It's your choice.

If you don't have Firefox yet, why not?