Revolver Map.

Saturday, August 9, 2008

VISTA Security?

LAS VEGAS -- Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.
In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they've found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.
By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user's machine.
Researchers who have read the paper that Dowd and Sotirov wrote on the techniques say their work is a major breakthrough and there is little that Microsoft can do to address the problems. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it.
"The genius of this is that it's completely reusable," said Dino Dai Zovi, a well-known security researcher and author. "They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.
"What this means is that almost any vulnerability in the browser is trivially exploitable," Dai Zovi added. "A lot of exploit defenses are rendered useless by browsers. ASLR and hardware DEP are completely useless against these attacks."
Many of the defenses that Microsoft added to Vista and Windows Server 2008 are designed to stop host-based attacks. ASLR, for example, is meant to prevent attackers from predicting target memory addresses by randomly moving things such as a process's stack, heap and libraries. That technique is useful against memory-corruption attacks, but Dai Zovi said that against Dowd's and Sotirov's methods, it would be of no use.
"This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista," Dai Zovi said. "If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they're safe because they're .NET objects, you see that Microsoft didn't think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force."
Microsoft officials have not responded to Dowd's and Sotirov's findings, but Mike Reavey, group manager of the Microsoft Security Response Center, said Wednesday that the company is aware of the research and is interested to see it once it becomes public.
Dai Zovi stressed that the techniques Dowd and Sotirov use do not rely on specific vulnerabilities. As a result, he said, there may soon be similar techniques applied to other platforms or environments.
"This is not insanely technical. These two guys are capable of the really low-level technical attacks, but this is simple and reusable," Dai Zovi said. "I definitely think this will get reused soon, sort of like heap spraying was."

Tuesday, July 29, 2008

Vista vs XP

Are vista sales really going as well as Microsoft reports say? I was curious so did a bit of research and found some useful polls and articles that blow their figures out of the water. It appears they are trying to convince themselves that they made the right move, or else they think the consumer is to stupid to know the difference.
Several vendors initiated a Vista to Xp crossgrade. Basically, if a customer ordered a computer and it came with Vista installed, the customer could get an Xp license instead.Microsoft does not count the crossgrade as a sale for Xp. Rather, they count it as a sale for Vista. Now, combine that data with public statements from vendors that Xp is outselling Vista on an average of 3 to 1. Now go take a look at Microsoft's sales statements for Vista and for Xp, and you'll note a startling difference. Microsoft's finance numbers do not add up if one accepts the numbers Microsoft has floated for sales. Care to guess how the numbers appear to be adding up? If you are thinking that Vista is selling worse than Windows ME, you'd probably be close to what appears to be reality. Now, Microsoft reported back in July,of 2007, that 60 million copies of Vista had been sold. Now start subtracting the crossgrades to Xp that are not counted as sales. Microsoft needs to take a hard look at the market and the feedback they’ve received and be honest with themselves. After a ton of time developing Vista, I can imagine that the last thing Microsoft wants to do is publicly admit that it’s not the product it was supposed to be and their sales figures seem to back them up. It’s important to note, though, that new PCs that are shipped with Vista and then downgraded to Windows XP, are counted as Vista sales. Westminster College, last year, purchased around 90 computers with Windows Vista. Every single one was upgraded to XP. Now, I know that 90 computers is a miniscule fraction of PC sales, but they are far from the only organization with a similar policy that purchased computers with Vista.
Change, for change's sake, is never a good idea. And while you can understand Microsoft's desire to refresh the Windows UI (all those Mac OS X screen shots look so much prettier than XP), Vista's designers seem to have cut off their nose to spite their face. Regardless, the usability "improvements" in Vista are unlikely to make IT's list of compelling reasons to move away from XP anytime soon. After all is said and done, I believe the number of people, and businesses running vista are far below the number of licenses sold. I think it accounts for a lot of MAC's moving up the ladder and the Linux uptake has to account for a few cases. I personally know of several individuals, and companies that switched and most went back to XP, some gave Linux a shot. The reasons I heard most often was, “our software won't run correctly on vista.” With windows seven due in 2009, or 2010, it appears Microsoft is starting to get a little concerned about vista. A lot of this information came from InfoWorld, Tech Republic, and various forums, and windows techies.

Wednesday, July 23, 2008

Gael Duval, the founder of Mandrake/Mandriva Linux distributions started a new project after his departure, from Mandriva, in 2006. It is called ULTEO, and can be found at http://www.ulteo.com Back in the early nineties, when I first started hearing about the internet, I imagined it to be a place I could connect to, use software onsite, store my data onsite, and not have to have a computer bloated with store bought software. This appears to be the goal of ULTEO. There is an excellent interview with Mr. Duval located here:
http://www.thejemreport.com/content/view/282/1/
I downloaded his project, a virtual desktop, residing on my windows XP partition, signed up as a user, and am now testing everything to see how it works. You sign on to a Linux desktop, use its programs, save the data, which resides onsite, or you can save it locally. It is still in its early stages and there is not every program that you might want, or need. There are different levels of subscriptions, so I can see a use for individuals, and even small business operators. This frees up my windows partition so I can use it for the only thing it is good for, playing games, offline. Maybe Mr. Duval is ahead of his time, but this comes as close as I imagined 15 years ago.
I can look ahead 20 years, and find myself holding a small device, telling it to open, having a laser scan my retina, a holographic screen appearing, another retina scan and my Linux desktop appears. Doing what I need to do, and telling it to close.
Check it out at http://www.ulteo.com/
You could be looking at part of the future of computers.

Monday, June 23, 2008

Hosting Company

If anyone is looking for a hosting company, DO NOT USE HOSTONCE.COM! You cannot communicate with them. I have had problems getting mail thru their server, multiple times. Last week,(June 17), I sent an email to support@hostonce.com and told them I was unable to access my mail and my domain. 30 minutes later it worked and I checked my mail and the original was bounced back. Today,(June 23), I sent them another email that I haven't been able to access my mail server for the last 4 days. The message was bounced back and I still can't get my mail. I logged onto the control panel and checked the email heading and it said all accounts were listed on the left and to delete click to the right. There were no accounts listed and I had 4 set up. I proceeded to add an account, using the same setting I had used before. It said the account was ready. I log off and check my mail and I get an error message that a problem occurred. I guess I don't have to mention that they are running windoze 2003 servers. I will be transferring to another company as soon as possible.
UPDATE:
I was unable to access my homepage today, instead a window came up saying this domain had expired. On April 24, 2008 I paid for another year, which will expire in July, 2009. I have their receipt of the payment, and their email, and a hard copy of both. I have sent them a copy and am giving them until Monday, July 28 to put the site back up. I will file a complaint with the BBB, and this will be my last association with Hostonce.com. If the site is deleted, then our association will end immediately. BTW, I have not received any notification that the domain would be taken down.
UPDATE:
Monday July, 28. I checked my domain and it is still showing expired, but I clicked on a small button to renew and the following popped up.

This domain has expired
It will be deleted in the next few days. If you are the owner of this domain, you still have a chance to renew it.

Domain Name Expires
oldator.com 24-JUL-09
It seems that the domain listed above has already been renewed. The domain should be reactivated shortly. You do not need to renew it now. If you still see this message in 72 hours, please contact us.
To renew this domain or to request further information please contact us at debbie@hostonce.com.

I clicked on the email link to debbie@hostonce.com and sent her a message. This is the reply.
X-Account-Key: account2
X-UIDL:
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path:
Received: from cdptpa-mxlb.mail.rr.com ([10.127.255.82])
by cdptpa-imta05.mail.rr.com with ESMTP
id <20080728171731.TOZF16122.cdptpa-imta05.mail.rr.com@cdptpa-mxlb.mail.rr.com>
for ; Mon, 28 Jul 2008 17:17:31 +0000
Return-Path:
X-Cloudmark-Score: 0
X-RR-Connecting-IP: 64.79.50.183
Received: from [64.79.50.183] ([64.79.50.183:4826] helo=mail.hostonce.com)
by cdptpa-iedge02 (envelope-from )
(ecelerity 2.2.2.30 r(24171M)) with ESMTP
id CF/D5-26270-B2FFD884; Mon, 28 Jul 2008 17:17:31 +0000
From:
To:
Subject: Message Delivery Failure
Date: Mon, 28 Jul 2008 13:06:04 -0400
Message-ID:
Precedence: bulk


Message could not be delivered. Error was: The mailbox is not available on this system

The following recipient(s) could not be reached:

[SF:hostonce.com/debbie]

Message contents follow:

Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.123]) by 183.hostonce.com with MailEnable ESMTP; Mon, 28 Jul 2008 13:06:04 -0400
Received: from [192.168.1.100] (really [72.190.53.177])
by cdptpa-omta02.mail.rr.com with ESMTP
id <20080728171725.SSTG15817.cdptpa-omta02.mail.rr.com@[192.168.1.100]>
for ; Mon, 28 Jul 2008 17:17:25 +0000
Message-ID: <488DFF3F.3080103@tx.rr.com>
Date: Mon, 28 Jul 2008 12:17:51 -0500
From: Harry
User-Agent: Thunderbird 2.0.0.0 (X11/20070429)
MIME-Version: 1.0
To: debbie@hostonce.com
Subject: oldator.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

It was renewed in April, and then shut down with no notification. VERY
POOR WAY TO RUN A BUSINESS!

Their email links don't work, there is no phone number listed, so you can't communicate with them.
Says a lot about what they think of their customers. Sorry I ever signed up with them.

Monday, April 14, 2008

New laptop


I bought a new Toshiba laptop Friday, April 4,'08. It is an intel dual processor, 2gig ram, 200 gig SATA hard drive, 128 meg video memory. It came with VIRUS, I mean VISTA, but that was gone in 2 days. I downloaded PCLinuxOS 2008 Gnome and wiped windoze completely. It runs much faster with Linux, uses less resources, and has a better 3D desktop than the aero interface. It found all the exotic hardware, set it up, and is running happily along. I tried to get the salesman to remove VISTA and sell it without an OS, but he said he couldn't because they were locked in with Micro$oft, had a contract with the devil. It's a shame you are forced to pay for an OS you don't intend to use, and it also counts as a sale for windoze, even though it isn't running windoze now. News has come out that VISTA is less secure than XP, of course the company says the opposite. Vista also comes loaded with DRM, which controls how you can use it, and how you can't. I can use my Linux OS any way I want, I have the option of re-mastering the distro to personalize it, give it away to both my friends, install it on as many computers as I care,make as many copies as I want, and not have to worry that it is NOT reporting back to the company, or sending any info concerning my use of the system.

Tuesday, April 1, 2008

The origin of the computer virus, etc.

Article in PCLOS magazine:

Computer columnist Robert Cringely wrote, back in 2001:

"The wonder of all these Internet security problems is that they are continually labeled as 'e-mail viruses' or 'Internet worms', rather than the more correct designation of 'Windows viruses' or 'Microsoft Outlook viruses.' It is to the credit of the Microsoft public relations team that Redmond has somehow escaped blame, because nearly all the data security problems of recent years have been Windows-specific, taking advantage of the glaring security loopholes that exist in these Microsoft products."

----

In November of 2003, John Dvorak wrote:

"The [Outlook Express] product has been under fire since its release, and almost every major virus uses Outlook's open-door security policy to turn individual mailboxes into spam-o-matic emailing machines."

----

Several years have passed and those words still ring as true today as they did in 2003 - or 2001. Microsoft appears clearly unable or unwilling to clean up their software to the degree that it requires. Their frequent "critical updates" seem to be little more than sticking bandaids on a highway trauma victim. Even the much-vaunted "Patch Tuesdays" have been described as an invitation for the exploit writers to test and send out their next round of viruses and trojans.

The mainstream media virtually never makes the distinction between "computer" trojans/viruses and "Microsoft" trojans/viruses. Maybe the mainstream media doesn't know any better. Or maybe the mainstream media gets a heck of a lot of advertising revenue from Bill Gates.

In my view, it's this simple. Windows desktop and server PCs are a train wreck on the Internet that have caused literally billions of dollars of damage to computer users and businesses. That is not the cost of doing computer business. That is the cost of doing bad computer business.

Maybe you didn't know this - and that's not your fault. But the fact is, you were sold a PC that had severe security problems in the fundamental design of its software, and even worse problems in its default setup. If it weren't for the agreement you made in the form of the MS EULA (yes, you agreed to it) you might even have grounds for a class action lawsuit.

But it's time to wake up. Now you know better. And my message is simple - run something besides Windows, at least when you're connected to the Internet. Chances are, your machine can run both Windows and Linux. I'll even help you set it up. Use Linux to surf and do email. Run Windows for what it's safe for - playing games. With your network cable unplugged, please.

Or buy a Macintosh. But please, don't sit there and wonder why your inbox is flooded with spam while running five hidden tasks on your zombied Windows PC that is spreading viruses and flooding the Internet with even more spam without your permission or knowledge.

Ahh, but you have an antivirus program installed. Great. There's just one problem. The new hackers aren't bored kids sitting in their parent's basements playing at hacking your PC. The new hackers are highly trained, well-financed, professional criminals. Do you seriously think that they can't afford to buy a current copy of Norton/Symantec or McAfee and thoroughly test their trojans and viruses against the same antivirus you have? The easy accessibility of VM (virtual machine) software even leads to the possibility that some of the new trojans may have their own virtual machine, or exploit existing VM software and literally run Windows as a guest operating system - from which vantage point they would be impossible to detect from Windows, regardless of what kind of antivirus you're running.

http://it.slashdot.org/article.pl?sid=06/03/11/0130221

And even at their best - at their absolute best, antivirus programs will always be a jump behind the bad guys . When a new virus is created it takes time to notice the virus; to report it to the antivirus companies, for the companies to dissect the virus and figure out how to identify it; then more time to figure out how to clean or disable it; then more time to add that to an update file and get that file distributed. We're talking quite a few days. How long does it take a virus to spread globally? Hours.

Are you afraid to learn how to use Linux or a MacIntosh? Don't be. Remember, you weren't born knowing Windows, and the transition is easier than you think. Personally, I'd be a LOT more afraid of passing out my credit card numbers, my social security number and my address. I'd be a LOT more afraid about giving out all my bank account information and passwords. I'd be a LOT more afraid of the FBI knocking at my door wanting to know about the illegal porn I've been emailing out.

Awwww, it couldn't be that bad, could it? Consider, in 2004, the Norwegian telco provider, Telenor shut down a server controlling a "bot-net" of 10,000 "zombie" PCs.

http://www.theregister.co.uk/2004/09/09/telenor_botnet_dismantled/

But 10,000 PCs - that's nothing, right? OK, how about this: In September of 2005, Dutch police arrested a trio controlling a zombied network of 1.5 million (yes, million) PCs - all Windows machines, every last one of them. And the zombie software is getting smarter - new zombies are using peer-to-peer technology and coordinating with multiple master servers. You can't just cut one head of the hydra and think you've killed it anymore.

It's 2007 now and the currents levels of spam, viruses and trojans points to even bigger networks. Much bigger. And none of the people using these millions of PCs even suspect anything is wrong with their computer. None of them have any reason to doubt that their antivirus protected them. None of them think for an instant that their machine is part of the problem. And neither do you.

Look at it this way. You worked hard. You saved. You bought your PC. You thought you owned it. But Bill Gates gave it away to some Ukrainian criminal organization. They're the ones running your PC, and the only reason you can use it at all is because you have their permission. And you still want to surf the web with Windows?

Be my guest. But when you get tired of wondering why your browser doesn't go where you want it to, when you get your fill of the slow machine that used to be fast, when you start wondering if your entire identity isn't for sale on a foreign website... give me a call.

Your Linux friend,

Neptune

Friday, March 28, 2008

My mom went home.

My mom went home March 17, 2008. She had fulfilled her allotted time on earth, and God took her back to be with Him. The good news is I will see her again one day. About a week before she passed away I had called her and she asked if there was any way I could record her testimony, over the phone. I told her I could anytime. I was talking to her a few days before she went home and she was anxious to get it done as quickly as possible. I set everything up and told her to start talking. It was recorded on tape and transferred to a computer, and then converted to an MP3 and put on a CD. I have listened to it several times. We used to talk every week and I guess it will be a while before I can get over the void that has been left. She was in a nursing home in Savanna, Illinois and was buried in Marion, Illinois. The funeral was held at Cedar Grove United Methodist Church in Dogwalk. My nephew, Pastor Troy Green, of Emporia, Virginia conducted the service. As he stood up to start the service someone's phone rang and played, "When The Saints Go Marching In". Troy said that was very appropriate.

Monday, February 4, 2008

Giants beat Patriots

Hated to see New York beat the Pats, but was glad the Pats did not end up with a perfect season. That record belongs to the 1972 Miami Dolphins. Brady seemed to be out of sync for this game and the defensive line could not stop the Giants. Personally, this was the most uninteresting game I have ever watched. I don't really see the Giants starting any kind of dynasty, or NE going downhill. Next season will be a lot more interesting.

Monday, January 14, 2008

Microsoft

Whats up with Microsoft's updates? I use XP for games, but make sure to keep it updated for the latest security patches, with it being a "swiss cheese" OS. After the last update my start page will come up with no icons, and no taskbar. Have to do a reboot. BSOD's are more common, and I get a message that windows explorer has encountered a problem and must close. Never had any of these problems before the last update. Computer is about 6 months old and does get a lot of use, but I could run 98SE for about a year before doing a format and re-install. Looks like I may have to do it with XP after 6 months. start up and shut down have slowed to a crawl and a lot of applications take a long time to open. My Linux partition is the same age and it is still as fast as the day it was installed. Of course I realize we are comparing apples and oranges here, a quality OS against a Microsoft product.

Dallas Cowboys VS NY Giants

Well, Dallas done it again! Dallas came to play and the Giants came to win. Offensive line could not protect Romo and the receiver's couldn't hold onto the ball. The one bright spot was Marion Barber,s running the ball. Pitiful performance by a team with a 13 and 3 record, and with opportunities to win the game.