Posts by Celtic Ferret

Required information

What inquiring minds really need to know from WikiLeaks is the precise brand of prophylactic that failed; sort of a "Consumer Reports" function.

Gaming the web 2.0 crowd...

This should be taught in schools...

Speaking of that...

RT@Ofsted: "Primary schools to teach Twitter and Wikipedia"

http://notnews.today.com/2009/03/26/rtofsted-primary-schools-to-teach-twitter-and-wikipedia/

The PC Decrapifier

http://pcdecrapifier.com/

Scroogle scraper

Pretty much gave up on Yahoo! when they acquired Claria's "database that should have been destroyed."

Here's a good read:

What Microsoft wants from Yahoo

http://www.techuser.net/microsoft-yahoo.html

See also

http://en.wikipedia.org/wiki/Talk:Claria_Corporation#Rise_of_the_dreaded_undead.21

But if you actually want to find something your best bet hands-down IMHO is

http://www.scroogle.org/

The Software Vendor License Agreement

The Software Vendor License Agreement - a counter-agreement for those shrink-wrap or "clickwrap" EULAs (End User License Agreements) software companies make you agree to. Highly recommended reading:

http://cexx.org/svla.htm

@Rich: Scroogle for "malware for Macs"

First rogue application for Macintosh system

http://www.f-secure.com/weblog/archives/00001362.html

Opener Malware, October 2004 (aka SH.Renepo.A / SH.Renepo.B)

http://www.macintouch.com/opener.html

Hackers debut Mac OS X adware

http://www.theregister.co.uk/2006/11/24/mac_os_x_adware/

Mac OS X malware latches onto Bluetooth vulnerability

http://www.theregister.co.uk/2006/02/17/macosx_bluetooth_worm/

Good read: "Detecting and avoiding malware and spyware"

http://www.thexlab.com/faqs/malspyware.html

They provide links to learn more about:

The OSX.Macarena virus

The kernel extensions of the Sony rootkit

OSX.Exploit.Launched (Trojan horse)

OSX.Inqtana.A, which propagates via Bluetooth®

OSX.Leap.A deletes, infects, or corrupts files and attempts to spread through iChat.

MacOS.MW2004.Trojan,

Spector commercial spyware

The devil IS the detail

Next it will be that your GPS can be used to unlock your car doors, or your X-Box can disable your home security system, or your pacemaker can be used to give you nightmares, or that RFID tag in your toothpaste tube can give you ED.

"We really must be able to depend on shrink-wrapped products to be malware-free."

Quite a few outfits have been shipping shrink-wrapped malware for years. Complete with EULAs that state that it is unfit for any purpose and limiting your legal recourse.

So far as I know, no malware to date is capable of causing real physical harm. That would be next. That ringtone synched to your theta waves. That subliminal message in that spam that makes you "buy our stuff" and then "assassinate this political figure."

Remember Queensryche's - Operation Mindcrime (1988)?

Precisely what is that image at the bottom of

http://www.johndiesattheend.com/jdate2/intro.html

?

Coming soon to a toaster near you...

"Consumers will have to be careful with any device that can be connected to a PC, including USB thumb drives, GPS devices, mobile phones, video players, set top boxes, portable hard drives, memory card readers, and eventually even microwave ovens and other appliances, he said."

"Kodak works very closely with our suppliers to see that they have the latest version of antivirus software on the manufacturing systems," Landry said. "We also ask that any PCs in the factory are not connected to the Internet."

Kodak is not among the manufacturers whose products were allegedly compromised by the Trojan horse program.

This appears to be BS ("Business-Speak" :)

The local CVS Pharmacy has a Kodak photo development kiosk. I use it because it accepts USB thumbdrives. When I first used it it was glacial slow, and the storeperson said it had become infected. Another issue was that it was out of a special paper it used in one bin, and I got to observe the boot process. Win2k with NO anti-virus!

My general comment at the time was to always scan your media (memory card, thumbdrive, whatever) when returning from a public kiosk. (I didn't consider Trojan Horses, actually. But that was before the Sony rootkit incident and most people didn't know what a rootkit was.)

I suppose microwaves, toaster ovens, coffee machines and even the lowly toaster will soon have "recipe cards" that can piggyback something that could give you a $30,000 phone bill. Imagine trying to explain that it was your toaster that made all those calls to AnalCreamPieCumFartCocktailAssault.com...

WinXP SP3 ≠ WinVista

Like that "random number generator Microsoft is bundling with (Fistula) SP1 with the backdoor exploitable by the National Security Agency?

http://www.schneier.com/blog/archives/2007/12/dual_ec_drbg_ad.html

Or more "Digital Consumer Enablement?"

Actually, this is completely backwards. It should be

Review: Windows XP

http://dotnet.org.za/codingsanity/archive/2007/12/14/review-windows-xp.aspx

"I have finally decided to take the plunge. Last night I upgraded my Vista desktop machine to Windows XP, and this afternoon I will be doing the same to my laptop..."

Connection

I've no idea how LinkScanner does it, but I think there should be a big bat handle toggle switch on the front of the computer. Up - red light - network connected. Down - green light - ethernet clock pulse only; no external connection.

One switch for every NIC in the box. (Remember the reset switch? And how invaluable it was for software debugging? Sometimes the mobo circuitry is there but the box builder omitted the switch/wires/connector to cut costs.)

Anyway, LinkScanner could use multiple NICs paired with multiple web connections and multiple browser instances (even dial-up) to accomplish scanning in a honeypot. One issue is malware targeting specific countries that wouldn't be triggered if you were coming from the wrong country code, and I'm sure there are additional issues because several people think the current trend of these "safe site" apps are rather worthless.

This should be an opportunity

One of our boxes got struck by lightning so we had to enter the new hardware fray. New (cheap & fast) business desktops are Vista preinstalled with maybe no XP drivers available anywhere. Things have gotten real ugly..

I cannot believe that there are no websites out there that give new hardware boxes that have XP drivers available. Take the Compaq Presario SRS5250NX in this weeks Staples advert for US$540 (before their @#$%& "easy rebates"). I should be able to plug "SRS5250NX" into a javascript and know if my XP will have video/audio/network. I did find one outfit that will make a new XP box (www.jncs.com) but there have to be hundreds. Anyone know?