PChucks Network News

Placebo AV - The Ultimate Solution

2008-08-02T19:04:00.000-07:00

From the well known security icon DOXdesk, we are told

Today's AV is a dead loss. But you can't simply not install any, or everyone will complain. That's where PlaceboAV comes in! It's the fantasic anti-virus solution that's super-fast and absolutely reliable... because it does nothing at all.

A detailed evaluation by a DSLReports Anonymous Poster boasts

PlaceboAV from 419 Software Development, the Nigerian anti-malware experts, is absolute magic!

I'm beta testing the soon-to-be-released ProPlus version which has anti-virus anti-rootkit, anti-spam, anti-popup, anti-adware and antiphlogistine in one small (only 22kb) package.

I had Norton, Kaspersky, NOD32, Trend, McAfee and Avira running on my PC and they all told me I had Vundo, Zlob, Mist, Badtrans, and several serious rootkit infections.

When I uninstalled them all and installed PlaceboAV ProPlus it gave my PC a clean bill of health on the first run. How's that for disinfection efficiency?

PlaceboAV never needs updates, and it won't slow down your PC because it uses no CPU resources.

The good news is that the 5 years ProPlus license will be free! (419 Software requires a notarized copy of your birth certificate and your credit card details and bank account password for identification purposes only.)

Best of all, if you join the beta team you get a bonus of 100,000 shares in the company for only $10,000.

My friends and business associates keep telling me I'm sending them infected emails, but they're still using the same old crappy AVs I got rid of, so what would they know?

Better get yours, folks, before the introductory price expires, and they go to 6 month subscriptions.

But, if you actually install it, heed this warning from DOXdesk.

DOXdesk is not responsible for any viruses you get whilst using PlaceboAV under the impression it is actually doing something. Well, we probably are responsible, but we're not going to do anything about it and you'll not get a penny out of us. Go away now.

And, if you're humour impaired, note the Wikipedia definition of placebo.

A placebo is a substance or procedure which a patient accepts as a medicine or therapy but which has no specific therapeutic activity for the condition. Any effect is thought to be based on the power of suggestion.

>> Top

419 Conference And Travel Scams Now

2008-02-11T12:21:00.000-08:00

Surely you're well used to the email that starts

Dear Sir,
I so desperately need your assistance.

and goes on to suggest to you how you can get $1,000,000 or more by helping some endangered African citizen smuggle a quantity of hidden funds, or maybe diamonds, into the USA. I bet you'll appreciate a new twist on that old 419 scam - where you are invited to a two site International Conference (first California, then Africa), and you pay only for your hotel booking in the African half of the conference.

PaperGhost, MVP - Security, presents an intriguing description of his invited participation, in the 2008 World Youths Organisation conference on ChilD Abuse and Racism.

Get your passports up to date, folks (not).

>> Top

Kaspersky Internet Security Falsely Identifies All BlogSpot URLs With Phishing Attack Warning Messages

2008-02-09T08:27:00.000-08:00

Kaspersky Internet Security, with its update of 8 February 2008, has apparently falsely identified all of "*.blogspot.com" as containing malicious code which indicates a phishing attack. Kaspersky customers, as well as numerous bloggers, are discussing this issue in their various support forums.

If your computer is protected by Kaspersky, you've probably already observed a warning, as most of my blogs are hosted on BlogSpot. My apologies to you, if you've been alarmed by this unfortunate problem already.

>> Top

RIAA Again, Admitting To Lies This Time

2008-01-23T14:36:00.000-08:00

The RIAA has been pushing our legislators for bills to protect their pocketbooks, such as the College Opportunity and Affordability Act of 2007. This was justified based upon a 2005 MPAA study, where they blamed 44 percent of the movie industry's losses on college students illegally downloading movies.

Associated Press MPAA Admits Mistake on Downloading Study reports

But now the MPAA, which represents the U.S. motion picture industry, has told education groups a "human error" in that survey caused it to get the number wrong. It now blames college students for about 15 percent of revenue loss.

And it gets better.

Mark Luker, vice president of campus IT group Educause, says it doesn't account for the fact that more than 80 percent of college students live off campus and aren't necessarily using college networks. He says 3 percent is a more reasonable estimate for the percentage of revenue that might be at stake on campus networks.

NewsWeek, in MPAA admits mistake on downloading study reports

The original report, by research firm LEK, claims the U.S. motion picture industry lost $6.1 billion to piracy worldwide, with most of the losses overseas. It identified the typical movie pirate as a male aged 16-24. MPAA said in a statement that no errors had been found in the study besides the percentage of revenue losses that could be attributed to college students, but that it would hire a third party to validate the numbers.

It's time for our legislators to take a hard look at bills like H.R.4137. The MAFIAA has been out of control for some time, and this needs to stop.

>> Top

Talk About Mixed Emotions

2008-01-21T09:43:00.000-08:00

Hackers vs the RIAA. Hackers 1, RIAA 0.

Apparently the RIAA is so busy suing consumers that they forgot to hire a decent programmer. With a simple SQL injection, all their propaganda has been successfully wiped from the site.

As a networking / security consultant, I dislike hackers, even though I was one (very lame, I know) long, long ago.

Big smile of the week.

But I hate the RIAA (now calling themselves the MAFIAA - seriously!) even more. So I will say

Congrats

to the hackers.

>> Top

Alan Ralsky Indicted

2008-01-04T12:52:00.000-08:00

The Detroit Free Press reports, in Mich. spammer, 10 others indicted in alleged Chinese stock pump-and-dump scam, that

Michigan spam king Alan Ralsky , his son-in-law and nine others have been indicted in Detroit on charges of violating federal anti-spam laws

.

Unfortunately, the most serious charges carry a maximum penalty of 20 years in prison and a $250,000 fine. But, it's a start.

Happy New Year 2008.

>> Top

Captchas and Online Games

2006-12-02T19:35:00.000-08:00

This is a pretty long video (50 some minutes), but it's worth the time to watch. It discusses these issues, and more.

What is a Captcha, and why is it not the ultimate protection against automated attacks?
Why do I see a Captcha sometimes, when I'm looking at pictures?
Why are there so many free online games?
How does Google Images get their pictures labeled so accurately?
How do hackers and spammers setup multiple online accounts, using scripts, even with Captchas required by the online accounts?

Captchas and Online Games: Human Computation (Luis Von Ahn: July 26, 2006)

>> Top

MySpace? Stay Away!

2006-11-09T18:05:00.000-08:00

MySpace, as all active Internet services, is creating new possibilities for its members to "smarten up" their space, in this case, their home pages. In their attention to detail (or lack of attention), MySpace appears to make it possible for someone to create a home page that overwrites the portion of the screen whereon sits the account name and password, where you login.

Here is a very nice phishing opportunity. And the phishers didn't pass it up.

When you login, you innocently enter your account name (user name) and password. It's picked up by the phisher script, and added to their database. You login again, see your home page, and never realise that your details are now in the hands of the bad guys. Somewhere around 35,000 phishes, and you're one.

As reported in DSLR Forums Huge myspace phishing scam

MySpace is unable to recognize the risks when a new user creates their page to host a copy of the myspace login box that steal passwords.

We have verified that the simple scam has netted over 700,000 myspace login email addresses and passwords so far, and the data is still being collected as these trojan myspace pages are still scattered all over the site.

Note that 700,000 myspace login email addresses and passwords apparently resulted from a mere 35,000 individuals, each MySpace phish victim being fooled an average of 20 times each.

The average MySpace member is 13 and probably lacking in capital. The possibility of similar services, eBay and PayPal for instance, with duplicated account names and passwords, is probably going to keep the phishers happy for a while, though.

If you've used your MySpace account recently, you need to change your password there, and on any other accounts or services (eBay and Paypal, to start) where you're using similar account names and passwords. When you change your password, make it complex - not something simple like "password1".

If you've used your MySpace account recently, don't count on MySpace sending you a vulnerability warning. Get this done now.

>> Top

Another Reason To Avoid ICS

2006-10-31T09:01:00.000-08:00

I've told you so many times that using your computer to share your Internet service - using ICS - is not a good idea. My reasons center around the needless complexity, and load, placed upon the server.

Now we have a new reason to avoid ICS. This week, ICS is being used as an attack vector. NetworkWorld: New Windows attack can kill firewall points out

The code, which was posted on the Internet early Sunday morning, could be used to disable the Windows Firewall on a fully patched Windows XP PC that was running Windows' Internet Connection Service (ICS).

So, if you're running ICS because you have 2 computers, and you think that Windows Firewall protects you, think again. Even if your computer is fully patched, if you have ICS behind WF, you are at risk.

Perimeter protection, aka a NAT router, is the only real protection.

>> Top

And Now Fake Codecs

2006-10-26T22:59:00.000-07:00

So an EBud just sent you an E-Card greeting, supposed to be soo cute. And you play it, and you get a notice

Your player needs an extra codec. Shall we find it for you?

STOP! Right now, it's time to close the browser, flush your cache, and restart the computer.

Sometimes, you may see the above advice when surfing to various web sites that provide free movies (and no, we won't discuss what type of movies, though this problem is more common on certain types). It's the same thing though. The content (E-Card, online movies, whatever) is the attraction. The trojans are the payload. It's all just another way of hacking your computer.

Lavasoft News Beware - Desktop Hijacks on the Rise Again says

Watch out for the Zlob Trojan that poses as a codec needed to view a video, then installs a fake virus and urges its victims to download a rogue anti-spyware program to remove it.

And again we see the repeated advice

...even a spoofed e-mail that claims to be Windows Update (Microsoft never sends updates via e-mail)

as if I haven't harangued you about that before.

The best prevention is avoidance. Stay safe.

Email Offering IE7? PASS!

2006-10-18T17:20:00.000-07:00

Did you recently get email from "support@microsoft.com"? How many times have I pointed out that

Microsoft does not email software offers or updates.

Today, The Register: Trojan download site spoofs IE7 release outlet points out that

Hackers have created a bogus Internet Explorer 7 download site that attempts to load Trojan code onto the PCs of visiting surfers.

Traffic to the malicious website is being driven by a spoofed email message, claiming to be from support@microsoft.com, offering a link to download Release Candidate 1 (RC1) of Microsoft Internet Explorer 7.

Once again, here's a clue.

Microsoft does not email software offers or updates.

And, if you ignore the warning, yet another chance to become part of a growing trend: botnet membership, a club that you do not need to join.

Would You Like Fries With Your Virus?

2006-10-18T07:29:00.000-07:00

A couple years ago, music giant Sony got caught loading their customers with hidden software, when they were stupid enough to load "extra content" from legally purchased CDs onto their computers.

Today, we hear of Apple, who shipped a small quantity of iPods infected with a virus.

As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

And earlier this week, we hear that MacDonalds in Japan gave out MP3 player infected with yet another virus.

We haven't seen these players ourselves, so we can't confirm how exactly you would get hit by this trojan, but some sources report you only had to plug it into your Windows PC.

Once again, practice Layered Security on all computers. Please. Botnets are more and more useful, so don't contribute to the population.

The Good Guys Win One

2006-10-04T18:32:00.000-07:00

From Nigeria, actual tape of a cybercafe raid, with a band of 419 scammers arrested.

Interestingly, those not directly involved in the scamming still profit. Neighbours outside the cafe didn't react well to the arrests being made.

A New Security Risk: Your Old Cell Phone

2006-08-31T20:59:00.000-07:00

In Dufus Or Joe Job Victim?, we looked at an idiot who sold a laptop computer, and came to regret it. Amir probably deserved what came to him, but it doesn't mean that we shouldn't learn from his mistake.

So how about your cell phone? You may be surprised to learn that it's a small computer. It may have an amazing storage capacity, and what's stored there can cause you embarassment, if you give away, lose, or sell the phone. Apparently, what's stored on your cell phone can be resurrected, even if erased - just as the contents of your computers hard drive can be recovered.

CNN Technology: Cell phones won't keep your secrets discusses experiences where

Curious software experts resurrected information on 10 used phones (purchased on eBay), including the racy exchanges between guarded lovers, and
One company's plans to win a multimillion-dollar federal transportation contract.
E-mails about another firm's $50,000 payment for a software license.
Bank accounts and passwords.
Details of prescriptions and receipts for one worker's utility payments.
The recovered information was equal to 27,000 pages -- a stack of printouts 8 feet high.

"Most people toss their phones after they're done; a lot of them give their old phones to family members or friends," said Miro Kazakoff, a researcher at Compete Inc. of Boston who follows mobile phone sales and trends.

Think next time, before you give your old phone away.

One Small Bit Of Good News

2006-08-26T22:37:00.000-07:00

21 year old Christopher Maxwell was sentenced to 37 months in federal prison on Friday for hacking, that in the estimate of the Seattle FBI's cybersquad, netted Maxwell and two unnamed teenage accomplices "more than $100,000".

Maxwell, holding back tears, pleaded for probation in lieu of prison time.

I am a 21-year-old boy with a good heart and I made a mistake. I never realized how dangerous a computer could be. I thank God no one was hurt.

The judge was not taken by the tears, or the plea. While Pechman took Maxwell's age and lack of criminal record into account, she said the prison term was necessary to provide a deterrent to other hackers.

Victims of the hack included

Colton Unified School District in California.
Northwest Hospital in Seattle.
The US Defense Department.

and doubtless thousands of unknown private computers that will never be identified.

He got off lightly, but it's a start. Hopefully the FBI is getting better at this now.

Pizza Order Credit Card Scam

2006-08-21T08:31:00.000-07:00

OK, tonite you want a pizza for dinner. So you call your local pizza restaurant, and have one delivered.

But there's a problem. They don't accept cash payments anymore - it's pay by credit card only.

Right now is when you should smell a rat. But you're hungry, and you want to smell pizza. So you give them the number, they take your order, and you hang up.

Your pizza never comes, and your credit card is now being used in a major shopping spree by the guy who just took your order. And he's not a pizza call center employee.

The bad guys convinced AT&T to route calls, intended for the pizza shop, to their phone number.

Hello, Big Cheese Pizza. How can I rip you off today?

The police know about this in Southern California, but it's possible that it's going on elsewhere. You don't really know.

What's the story here? >>> AT&T Service Reps must be really gullible.

August 2006 Patch Tuesday Report

2006-08-13T21:48:00.000-07:00

Last week, Microsoft issued 12 security patches, 9 which they rated as Critical (Patch ASAP), and 3 Important (Patch As Soon As Convenient). ISC / SANS rated those patches, for computers used as network clients, as 2 Extra Critical (PATCH NOW), 8 Critical, and 2 Important.

One of those patches, MS06-040 (KB921883), fixes a vulnerability in the Server service (remember that almost all Windows computers will run the Server service, even though they may not be dedicated servers).

Today, ISC SANS issued MS06-040: BOLO -- Be On the LookOut (NEW), stating that

Over the weekend there was a botnet doing fairly wide scale scanning for hosts affected by the vulnerabilities in the MS06-040 advisory. While technically a botnet, it was spreading in a worm like fashion.

MS06-040 is one of the two patches that were rated as PATCH NOW by ISC SANS. Among the advice given:

If you have not done so yet:
- Roll out the MS06-040 patches ASAP.
- Do not forget to reboot those machines after patching!

MS06-040 has passed from vulnerability, to Proof Of Concept exploit, and to active exploit in progress. This is a serious situation, as documented by US CERT. Patch Now, please.

For convenient immediate downloads, I offer direct links here. Or you can use Windows Update, or Automatic Update.

Take a system checkpoint first.
Verify your Operating System name and service pack level:
- My Computer
- Properties
Download the most urgent patches, properly chosen for your operating system and service pack level, to an organised folder on your disk.
- MS06-040 (KB921883)
- MS06-042 (KB918899)
Run each update, from the folder, using Windows Explorer.

Ongoing Stories.

Bots And You

2006-08-07T20:03:00.000-07:00

For those of you who are maybe living in a cave (and if so, what ISP services you?), of the millions of computers in the world, a good portion of them are not controlled completely by the person who is paying for their Internet service. These computers, hijacked by a successful hacking campaign, and controlled by another person, we call bots. One bot is useless; bots are maintained in collections, called botnets. A botnet could range in size from 10,000 to 1.5 million hijacked computers.

I've been observing, and writing about, botnets for some time.

In November 2004, some bad guys very deviously hijacked a German advertising server, and 4 other servers, and delivered the Bofra / IFrame exploit to 5,000 - 10,000 computers. These computers became part of a botnet.
In May 2005, we saw a practical application of a botnet, as the Sober worm was used to distribute spam relevant to a German political battle.
This year, we have botnets being used to hijack Blogger blogs, and create networks of blogs serving spam.

Most people don't realise that botnets are both the attack vehicle, and the payload of a successful attack.

Bump Keys - A Growing Security Problem

2006-08-06T13:56:00.000-07:00

Securing your computers, and your network, begins with physical security. This is one reason why WiFi Security is so important, and so problematic.

But, if you're depending upon a cylinder lock on your front door, to restrict physical access to your network, you need to be aware of the newest threat - Bump Keys.

This looks real scary. But is it real? One would hope not.

Well, in typical You Tube fashion, when you watch that video, you will have a choice of several others like it in the You Tube library. Watch the others too. One video - maybe somebody's imagination. Two videos - maybe a game by some college studants. Five videos, a DSLR Forums thread, and an MSNBC article - a very real problem.

Stolen Computers And You

2006-07-11T20:02:00.000-07:00

There are probably millions of computers, all over the world, being used or controlled by someone who is not legally entitled to do so. We've discussed botnets before. Once used mainly for spam delivery, they are now being used for hijacking Blogger blogs.

Since blogs and instant messaging, together, is replacing email for those tired of spam, the spammers have turned to spam blogs, or splogs. And botnets are being used to hijack legitimate blogs, with value to search engines, and make them part of splog nets.

Right now, this activity is, I believe, limited to attacks against Blogger blogs. It doesn't take too much imagination, though, to see the same techniques being used against online communities like MySpace and Yahoo 360.

PirateBay Strikes Back

2006-06-16T15:56:00.000-07:00

PirateBay, one of the larger BitTorrent trackers, and based in Sweden, was recently under attack by the MPAA / RIAA. PirateBay is trying to keep the RIAA / MPAA from strangling the future of recorded music.

Well, PirateBay is back.

Patch Tuesday Was This Week

2006-06-16T15:32:00.000-07:00

And already trouble calls are coming in.

If your computer connects by dialup to the Internet, you may find problems, after applying Critical Patch MS06-025 (KB911280).

Microsoft currently is requesting individual problem reports, from anybody experiencing problems with dialup service, after appling the patch. ISC / SANS Potential Patch Problem with MS06-025 reports:

They want each customer to open their own case. You need to mention MS06-025 breaking dial up and your case will be created and then added to the master case. The number to use to contact Microsoft for free support, for issues such as these, remains the same: 1-(866) PC-SAFETY.

R.I.P., Windows 98, 98SE, ME, and XP SP1

2006-06-08T19:12:00.000-07:00

Windows 98, 98SE, and ME have reached the end of their support lifecycles.

Support for Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition (Me) ends on July 11, 2006, which is the July 2006
Monthly Bulletin Release date. This means Microsoft will end public and
technical support on July 11, 2006. This also includes security updates.

Also, an anticipated update to Windows Explorer won't be provided, either. See the FAQ.

After extensive investigation, we’ve found that it’s not
feasible to make the extensive changes necessary to Windows Explorer on
these older versions of Windows to eliminate the vulnerability.

Windows XP SP1 will be soon reaching the end of its support lifecycle, too. Update, before it's too late.

Sharing The Pain

2006-06-07T08:05:00.000-07:00

Last year, Microsoft produced a very popular video called We Share Your Pain, where they describe a Microsoft Quality Assurance program where their employees are properly motivated to not cause problems by writing problem code.

The program (regrettably mythical) includes a rather special desk chair used by Microsoft employees. The chair would punish the employee, who writes the defective code, in several possible ways. One way, demonstrated by the engineer of the chair, would involve

2 needles, released from the bottom of the chair, into the fleshly part of the buttocks

unorthodox, but effective - it's more people related

This month, we learn that even Steve Ballmer felt the pain once. He tried to cleanup an infected computer, unsuccessfully. Even a crack team of Microsoft engineers could not clean up this computer.

According to the teller of the tale, Jim Allchin, the brilliant mind behind Windows Vista and Windows XP,

Ballmer eventually gave up and instead lugged the machine back to Microsoft's Redmond, Wash. campus. There, several engineers spent several days, burrowing deep into the system to figure out the problem. Imagine, CSI: Redmond.

It turns out there were more than a hundred pieces of malware of various types. Things that these engineers using Microsoft's own private tools could not ferret out and fix.

There are many points to this tale. Most will say that it merely indicates that malware is out of control. Those folks would be wrong.

The point here is that, if you depend upon periodically cleaning up your computer, you are wasting your time. Eventually, cleaning up your computer won't work. Some malware is written to protect itself from being removed.

The best way to not share the pain, or ever feel the pain, is to protect your computer. Keep malware off your computer, and your network. Layer Your Security. That's the answer.

Happy Devil's Day

2006-06-06T09:57:00.000-07:00

Today is 6/6/6, and we have a new devil noted.

Taking a cue from some earlier bad guys, the virus of the week, GpCode.af, will encrypt the contents of your hard drive, then leave you a message directing who to contact. Upon sending email to the instructed address, you will supposedly be provided with payment instructions.

This threat appears rather alarming.

One expert, Harry Waldron, notes that
...at the moment, we're still not 100% sure how this virus penetrates victim computers.
This devil is using a very high level encryption - One version uses RSA 330 bit. To bring this to an understandable reference, for those of you who have seen the WEP cracking video - I don't think you'll be recovering your computer, if infected by GPCode, quite as quickly as the demo shows a WEP AP being cracked.
F-Secure Virus Descriptions : Gpcode calls this
...a type of criminal activity that has not been seen for a long time.

Kaspersky Labs has very specific instructions for you, should you find yourself infected.

Kaspersky Lab strongly recommends that anyone who has had files encrypted should contact the Virus Lab. Under no circumstances should users give in to blackmail, as this will encourage the authors of this program to create new versions.

We certainly don't want this behaviour to spread. What if the bad guys discover that it's simpler to simply scramble your data, then ask for money? What do you do when the "password" that they deliver to you, in response to your "payment", doesn't work? Do you think you'll get your money back?

Interesting spam out too. SANS Diary Spam - spam - spam reports

Some of our readers report receiving messages apearing to originate from themselves, with only numbers as subject and body.

The number in the body, according to several DSL Reports members, appears to be

969

SANS Diary Spam - spam - spam further notes that

Some guesses as to what the cause of the spam might be have been received by now and I'd like to point out a few:

Today's date is the number of the beast, it might attract some old style hackers.
There is a possible link to Bagle seeding as it was done in the past and we might need to expect a new variant of it soon.

It's now 18:00 here in California. Most parts of the world are already into 6/7. Devils Day is almost over.

I don't think it's effects will end very soon though.

Firefox V1.5.0.4

2006-06-02T09:41:00.000-07:00

Firefox V1.5.0.4 is out - it resolves several known security issues, and is marked Critical.

As I noted with V1.5.0.3, it is now downloading automatically. If you have Firefox installed, it may have already updated. If not, you may wish to do this at your convenience, or let the automatic update feature perform the update for you. It's your choice.

If you don't have Firefox yet, why not?

Dufus or Joe Job Victim? Your Call

2006-05-29T21:06:00.000-07:00

Amir sold a laptop, used, on E-Bay. Mistake 1.

Amir didn't think to wipe the drive on the laptop. There were lots of interesting pictures, and more, on the drive. Mistake 2. Big mistake.

Oh yeah, the laptop didn't work, and it lacked features as advertised. Mistakes 3 and 4.

Amir took 2 months to send the laptop to the purchaser, and ignored repeated refund requests from the purchaser. Mistakes 5 and 6.

The guy who purchased it knew how to remove the hard drive and extract the contents. And he knew how to create a blog. Now that blog, The Broken Laptop I Sold On Ebay, and subsequent blog Amir Massoud Tofangsazan: The Blog Continues is Amir's problem. (Note 8/17): The latter selection has more relevant content; the former appears to have mutated into a splog.

Always, and I mean Always, Clean the Hard Drive Before Dumping Your PC. I'll bet Amir will, the next time.

419 Operations To Be Recognised By African Governments?

2006-05-23T14:46:00.000-07:00

This is a stretch, but just a small one.

IANA awarded the 41.0.0.0/8 subnet to AfriNIC in April 2005.

It takes VERY little imagination to see the 41.9.0.0/16 being a subnet valued by someone. Maybe a Nigerian industrial ISP?

5/23/2006 14:46:09 whois -h whois.arin.net 41.9.0.0

OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU

NetRange: 41.0.0.0 - 41.255.255.255
CIDR: 41.0.0.0/8
NetName: NET41
NetHandle: NET-41-0-0-0-1
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
Comment:
RegDate: 2005-04-12
Updated: 2005-07-12

OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc@afrinic.net

OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc@afrinic.net

# ARIN WHOIS database, last updated 2006-05-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

There's no way that this is a mere coincidence. Blocks 36.0.0.0/8, 37.0.0.0/8, and 39.0.0.0/8 are all available. Don't believe me? Do a WhoIs lookup on "36.0.0.1". Use either

All Net Tools SmartWhois
DNS Stuff WHOIS Lookup

or any WhoIs type tool that you like. Check it.

Somebody in either AfriNIC or IANA has a wicked sense of humour.

There's A Sucker Born Every Minute

2006-05-18T11:10:00.000-07:00

That's an old saying traditionally attributed to the ancient showman P.T. Barnum. Nowadays, that translates into every second.

If you are a MySpace user, you may have gotten a bulletin (mass mailed notice from any one of your "friends") offering you software to track who is viewing your profile. As reported in the Washington Post blog When Spyware Performs as Advertised, when you click on the link in the bulletin (and that's your first mistake), you eventually end up on a page where they state that

the tracking software isn't really available quite yet -- but hey, there's some free adware from 180Solutions Inc. instead!

When you click on the icon that reads "After posting a bulletin CLICK HERE to gain access to myfriendspy.com info," an installation agreement for Zango pops up. Zango is the much-maligned product of adware maker 180Solutions, which of course monitors what you search for and where you go online.

So, though disappointed to not get free tracking software, the sucker (no I meant to say the customer) installs Zango instead. Instead of YOU seeing when your friends view your profile, Zango then watches what YOU do online.

But at least YOU are warned when you install Zango aka MyFriendSpy. They don't hide themselves, like spyware of ancient times. So of course Zango isn't spyware.

Right. Heck, Zango gives you free software to change the colour of your display name. And promises you free access to all Zango supported content across the Internet.

This way to the egress

Win Some, Lose Some

2006-05-17T19:07:00.000-07:00

This week, the good guys lost one.

This is a battle that few were aware of, mainly just the security experts. I only read about it in the news like everybody else.

Several months ago, an Israeli security firm, BlueSecurity, took overt action against the leading world spammers. The spammers, seriously threatened by the action, employed Russian criminals, who used the millions of botted computers in the world, and responded against BlueSecurity and its major customers. Today, BlueSecurity admitted defeat by the spammmers, and closed its doors.

The BlueSecurity website, which earlier today contained a brief statement of defeat, now does not even exist. A quote from the former website, provided by DSLR Forums Spammers Defeat Blue Security:

Over the past few months we were able to leverage the power of the Blue Community and convince top spammers responsible for sending over 25% of the world's spam to comply with our users' opt-out list. We were making real progress in eliminating spam from the lives of our users.

However, several leading spammers viewed this change as a strategic threat to their spam business. The week before last, these spammers launched a series of attacks against us, taking down hundreds of thousands of other websites via a massive Denial-of-Service attack and causing damage to ISPs, website owners and Internet users worldwide. They also began a relentless campaign of email intimidation against any members of the Blue Community.

After recovering from the attack, we determined that once we reactivated the Blue ommunity, spammers would resume their attacks. We cannot take the responsibility for n ever-escalating cyber war through our continued operations.

During the past few weeks, in some of the security forums discussions about this event, some security experts noted a substantial decrease in the spam level. BlueSecurity did make a difference, during their brief struggle. But it was a short lived difference.

Watch your mailboxes.

May 2006 Black Tuesday Report

2006-05-09T13:54:00.000-07:00

We have 2 Critical vulnerabilities reported by Microsoft today.

MS06-019, aka 916803 - Remote Code Execution.
MS06-020, aka 913433 - Remote Code Execution.

Does IPV6 Have A Future?

2006-05-08T13:43:00.000-07:00

One guy thinks not. Todd Underwood, Chief Operations and Security Officer of Renesys Corporation, has some interesting opinions about IPV6. Interestingly enough, some of his observations echo mine.

IPv6 is a new network protocol with no interoperability with IPv4 (and no, tunnels don't count).
Since virtually every important feature of IPv6 has been back-ported to IPv4 (auto-configuration, security, QoS), there's no compelling reason for any individual user or end-site to want IPv6 service.
There are a lot of reasons not to want it. There's no content to look at. This is largely because there are no users. There are no users because there are no other users. And so on.

I became aware of its shortcomings when I tried to assist with a network problem that, in its final analysis, originated from Teredo Tunneling. IPV6 apparently is not compatible with Windows Networking, in Windows XP. Windows Vista has native IPV6 support, built-in to its newly designed IP stack. But I don't think that Vista will drive IPV6, nor vice versa.

Firefox V1.5.0.3

2006-05-03T14:34:00.000-07:00

Firefox V1.5.0.3 is out - it fixes a possible denial of service vulnerability, and is marked Critical.

If you haven't disabled Automatic Updates in your Firefox installation, it may soon upgrade automatically. My advice? Download and upgrade on your own, when it's convenient. Better than having your bandwidth ties up unexpectedly, or having the computer reboot on you when it's not convenient.

Update 2006/05/11: ISC / SANS reports a Proof Of Concept exploit, published by SecurityView, against a vulnerability in V1.5.0.3 and prior versions. Consider using the workaround described in the SANS article.

February 7, 2006 - The Mozilla Firefox V1.5 Exploit Is Out

2006-02-07T08:28:00.000-08:00

Last week, the Mozilla folks released Firefox V1.5.0.1. This version includes many changes, driven by security and stability needs, including one major known vulnerability, a potential for remote code execution.

This week, the bad guys released an exploit, that uses the latter vulnerability, as part of the Metasploit Framework. Metasploit Framework, in layman's terms, is a sophisticated library of hacking tools. If your computer is successfully hacked, Metasploit Framework can be used to program your computer with any of a number of different tools, at the will of the hackers.

What does this mean to you? Quite simply, if you're using Firefox (and I hope that you are), it's time to upgrade. Firefox V1.0.7 is vulnerable to many problems fixed by V1.5.0.1. Do everybody a huge favour, and move ahead. V1.5.0.1 has been out for a week, and is widely in use. You too should be using it.

PChuck's Network News NewsFeeds

2005-06-09T10:47:00.000-07:00

This blog is PChuck's Network News. This post is PChuck's Network News NewsFeeds, and you are looking at the blog itself. What you see is a lot easier for you to read, than for computers to do so. There's another copy of your blog, that's designed for computers to read.

The other copy is called the blog (site) feed. The site feed is read by a newsfeed reader. If you would like to be informed, automatically, when this site (or any of millions of other sites on the Internet) is updated with new and interesting articles, you get a newsfeed reader, and subscribe to one or more feeds.

You have several choices, for newsfeed readers.

Browser based: Bloglines, Google Reader, Sage (for FireFox)
Cross platform: BottomFeeder
Microsoft Windows: FeedDemon, NewsGator
Mac OS X: NetNewsWire

You have several feed choices, for PChuck's Network News. You can take any of these feed URLs, and subscribe using any of the above (or numerous other) newsfeed readers.

	Atom	RSS
Comments	Blog Comments - Atom	Blog Comments - RSS
Posts	Blog Posts - Atom	Blog Posts - RSS

Please note that the above 4 feeds are just suggestions of what you may subscribe to, to get the most out of my blog.