The idea of a police car roaring down the street to catch a roving "Doom" junkie using someone else's wireless LAN may seem silly, but there are real dangers if your network plays host to strangers. The hazards you might face include eavesdropping, theft of data, painful legal hassles or even a conviction for computer-related crimes.
Read the rest of the article @ infoworld.com
Yet again, a worm that exploits weaknesses in the Windows™ operating system are rampaging the Internet and apparently, knocking out several corporate networks. How could this happen?
Consider this. One laptop on a home network gets infected because the owner doesn't have the know-how to protect it. The owner then goes to Starbucks, because s/he sure like some coffee. While there, s/he connects to the wireless network, where there are also other laptops connected. Although these laptops may be protected at home and at work, they may not be protected from other computers on the same network, so some of the other laptops here gets infected as well. These people then take their laptops to work, connect to their network, and start spreading the worm at worm. Instant disaster!
I'm not picking on Starbucks, I just happen to know many Starbucks locations have wireless hotspots...
So, this means that corporate security policy needs to extend beyond the corporate network and into their employees homes, which could be a logistical nightmare. Not only that, but the computers needs to be configured in such a way that they will not accept connections from sources that are not explicitly trusted. So, before you head out on the road with your laptop, make sure to patch it up, and set it up in such a manner that it will not allow access to port 445 from anywhere...
It never ceases to amaze me what people are spamming about. The latest addition to the spamoron list is Spamis, an apparent Seattle company. They are spamming, I assume, a whole bunch of people complaining about spam from Microsoft. So, spam complaining about spam? Isn't that the pot calling the kettle black? Anyway, there's two interesting things about this spam. First, it doesn't come directly from Spamis, but rather from what appears to be regular residential computers, and second, they seem to like Microsoft enough to use their software to distribute their spam. So, add spamiz.biz, spamis.org, spamis.cc and spamis.info to your spam filters. For more wonderful info about Spamis, check out Martey DoDoo's blog entry.
So, I got my own blog space too. I cheated a little and are using MSN for the actual blog, and just loading it in a frame on here. Anyways, if you want to keep track of my NerdMobile, check the blog...
Microsoft have decided to re-classify certain adware and spyware products as benign. Read the full article at eWeek.com. Anti-Spyware was probably one of the best thing coming out of Redmond in a long time, but now one has to wonder...
Alright, so not exactly "back", but at least in town. Nerds On Site are getting into the Boston area, starting with yours truly. Expect to see a red VW Beetle in the greater Boston Area real soon.
Computer Associates have purchased Tiny Software, the maker of Tiny Firewall for Windows™. At the same time, Cisco have purchased NetSift.
Apparently, people are willing to give up their passwords for a cup of coffee. Any wonder that security is an uphill battle?
As most can see from the numbers on the left, the biggest sinner with regards to port scans this month, as well as the last couple of months have been the so-called "Messenger spam". Most of this junk comes from China, at least in my logs, and the biggest sinner at this point is Shanghai Telecom, with just about 50% of all the Messenger spam hits on my firewall. Congratulations to Shanghai Telecom for this wonderful achievement. May this company have an interesting year.
Audioslave is giving you a free song of their new album. Your Time Has Come is a full version of the song, and you can play it ten times before the licence expires. Note: Windows Media Player required.
The new Audioslave album titled Out of Exile will be released on 5/24. Preorder now!
I've added a couple of pages on how to get started with Gran Turismo 4. A little off the usual topics, but still something that I enjoy, so...
I've completely redone my piece on securing Windows. It's now a much more comprehensive article including tips for web browsers and e-mail clients as well as how to secure your windows computer.
Thanks to the great CSS tutorial at glish.com, I think I've gotten the columns worked out.
AnandTech has an interesting piece on values cases for those of you into building your own computers.
Tom's Hardware Guide has published their Readers' Choice Awards 2004 results.
Tom's Networking has a review of the ZyXEL HS-100W 802.11G router with parental controls and subscription content filtering.
Newsfactor has a nice review of the IBM TotalStorage NAS 100.
The redesign is more work than I thought. No two browsers displays the pages the same. Some adds extra padding, some write beyond defined areas and others expand the defined area...
I'm going from using tables to using columns defined using CSS, so there may be some design inconsistencies on various pages. It should be all done in a couple of days...
The Symantec Mail Security 8240 is targeted at SMBs with 100-1000 employees, and offers anti-spam and anti-virus services. Newsfactor.com has more.
Sonicwall recently released their TZ150, a small firewall for small companies with a small price tag. It includes subscription services for Gateway anti-virus/Intrusion prevention and content filtering.
Tom's Hardware Guide has a nice review of a StorCase InfoStation Condenses Business Storage unit. It's a 1U unit which can fit 10 2.5" hard drives. The Seagate Savvio drives maxes out at 74GB, but with 10 of those, you still have plenty of room. With two channels, you can share the unit between two computers, or just let one have it all. With redundant power supplies and a LAN port which seems to promise a web based interface.
For those who have been waiting for the TLS article, well, this isn't it. This article deals with easing management of wireless users as well as restricting access to your wireless access point.
I've just put up two pages (yes, two!) on how to secure your WLAN using Radius, certificates and Active Directory. These three works together to authenticate any connections to your wireless network. Unless authentication is successful, the client will not be allowed to communicate with the wireless network. In addition, with WPA and AES encryption, you'll have better encryption and the encryption keys will be changed at an interval that you select. Part 1 deals with all the goodies on the Windows server and the wireless access point, part 2 deals with configuring the client.
Boy gets a bat from Reggie Sanders and baseball signed by Hall of Fame pitcher Nolan Ryan.
Well, last months top spammer (most rejected by my spam filters) were meditay.com, presumably someone selling all sorts of "male enhancement" drugs or anti-depressants. Who knows and who cares. They seem to be keeping it up this month as well (pun intended).
So far this months, the spamoron of the month appears to be resumeresources.ca, a Canadian job placement company who are so desperate they have e-mailed me over 1600 times so far this month, and they're doing a bad job at it, as they have not gotten my e-mail address correct even once!
Should be no surprise to anyone that Messenger spam is still number one with more than twice as many hits as Phatbot/Gaobot/Agabot, which has made a big comeback. Beagle backdoor scans is bumped to the third spot, and Sasser (port 5554) comes in as number four. A new entry for the Bobax worm (port 5000) in fifth spot, and another new entry in sixth spot is the Domwis trojan (port 559).
The friendly people over at www.boredguru.com have the solution on how to remove this process from your computer. Full details on their site.
Msgr spam (ports 1026-1029/UDP): 3220
Beagle backdoor (port 2745/TCP): 1120
MyDoom backdoor (port 3127/TCP): 346
Kuang (port 17300): 334
RPC/LSA exploit (port 1025/TCP): 268
SQLSlammer (port 1434/UDP): 232
Dameware exploit (port 6129/TCP): 224
SQL weak passwd (port 1433/TCP): 192
SubSeven Trojan (port 27374/TCP): 156
SWAT (port 901/TCP): 130
Again, spam attacks against the Messenger service (not to be confused with MSN or Windows Messenger) are taking the title as "most hit port of the month". One thing that is not reflected in these numbers are the various versions of the Gaobot worm (see Symantec panel over on the right). This worm attempts to connect using the backdoors left by other worms and a number of known exploits (such as the RPC, LSA and SQL exploits). Without comparing source IP addresses and timestamps of the probes, it's hard to determine if it's the Gaobot worm or just individual exploit hits.
In a troubling decision by a Northern California District Court Judge, spammers have won (at least temporarily) another small victory against anti-spam measures. Spamcop, which receives and handles a large amount of spam complaints on a daily basis, and forwards these complaints to the offenders ISP, have been ordered to cease forwarding these complaints. Full article at news.com.com
Strike one was of course the CAN-SPAM legislation, which serves to legitimize spam rather than ban it.
There's a new graphic over there on the right. It shows the number of port probes I'm getting. It's updates once an hour to show trends.
A little late, but here's the top five sinners of March. Topping the list are Windows Messenger spam. I'm also seeing a lot of the same on port 1028 and 1029 (UDP). Coming in at a distant second are the MyDoom/Novarg probes. That also includes all the MyDoom "killer" worms such as Welchia, DoomHunter and DeadHat. Probes for backdoors left by several variations of the Beagle worm comes in third, followed by SQLSlammer and Phatbot. SubSeven is still alive and well in 8th place, followed closely by Kuang on port 17300 in 9th.
I fixed a small blunder with the math for the port scan graph over there on the left side. It should now be scaled properly at all times.
March traffic/virus analysis should be done over the weekend.
I've been receiving a ton of viruses to an unpublished e-mail account that's only been given to very few companies for specific news letters, so someone has sold me out! Not only that, but I'm getting rejection messages from other companies saying that this account attempted to send them a virus infected e-mail! Now, if you can't trust "reputable" companies to respect their own privacy rules and not give your e-mail addresses out, then who can you trust?
I don't have the full list of devices that they've released new firmware for, but it looks like WAP54, WET54 and WRT54 all got new firmware with an updated web interface and a couple of fixes. From what I can tell from the WAP54 update, it does resolve that reboot issue that was in version 1.08 (which made it unusable). And, the interface looks pretty good, too.
Two new big players seen in the January network probe data. Although the MyDoom/Novarg worm is getting all the press (and rightfully so), the Backdoor.OptixPro trojan is what comes in on the top spot on my report for January. With regards to probes, it beats MyDoom with a 4:1 ratio. Kuang (port 17300) comes in second place, and SubSeven in a close third. Windows Messenger spam comes in fourth, narrowly beating Swat (port 901, web admin tool for samba) and SQLSlammer (port 1434).
Every now and then there are people accusing ZoneAlarm of being spyware. So, I decided to take a look. After capturing data for a week, I'm ready to share the results.
Apparently, Los Angeles County feels that the term "master/slave" is inappropriate. I found this little tid-bit on Security-Forums.com.
Somehow, my stylesheet got messed up yesterday while I was working on another website. Didn't notice until this morning. But, it's fixed now.
Oh, and one more thing: "hot linking" to images in my wallpaper section are no longer possible. If you want to use one of them as a background for your webpage, please copy the image to your own server...
I hate the Swen worm, and I'll tell you why: It has it's own SMTP engine, and it is of the sucky kind... I've received over 10,000 e-mails to the e-mail address I use on Usenet. Yes, that's over ten thousand messages, all of a size that's about 14KB, and they're all being rejected. And 10 minutes later, there's another one from the same address. You got to get anti-virus software, people, this is getting insane!
Accessify.com has a neat feature that'll simplify the task of creating CSS styled list items for navigation. I've implemented this for the main navigation links here. There's one little annoying thing: IE 5.5 adds some extra padding to the left of the text, while IE 6 and Opera 7 displays it correctly...
A page on how to configure and secure your Linksys WAP54G Wireless Access point has just been added.
Product recommendation of the month: SpamCatcher from MailShell. It's an excellent anti-spam tool that works with any pop3 mail client. There's also a special version for Outlook alone (works with Exchange server and POP3 servers). It catches more or less all the spam I'm getting, with very few false positives (there's an "approve sender" feature to compensate for these). It's definitely the best anti-spam tool for mail clients that I've tested. Go check it out!
At http://www.ubergeek.tv/switchlinux/ there's another switch parody. This one is a flash cartoon, and it's well done. Check it out, have a laugh.
On the left hand side of this page you can see the live (updated every 15 minutes) port probes logged by my firewall. It's very interesting that port 445 (used by W2K and XP for MS Networking) has taken off, and also that the majority are coming from the same class B network that I'm on. I'm guessing a lot of people are still not using any kind of firewall. What's also interesting is that I'm not seeing one single port 445 probe on the firewall at work. I'm seeing port 139, but no 445. And then there's 17300, the Kuang Weird trojan; these probes are coming from all over the place, only a few from each IP address (yes, I know who you are). Guess the script kiddies are looking for an easy way in, and unfortunately, people without a firewall or proper anti-virus protection are prime targets.
I'll put together a pretty graph of the last three months of probes next week, once I have the final numbers for May.
The guys over at DrunkGamers.com certainly had some fun making this parody of the Apple Switch ad campaign. I got it in two formats right here for you:
I've pieced together a 42 second clip from the game WRC for the PS2. It gives you a look at what the game really looks like. For those who want to know, each grand prix consists of 5 stages of about 3 minutes of racing. Not quite what I was hoping for, but a lot of fun anyways.