August 30, 2003

Harry meets Neo


It was only a matter of time (and talent) get your wallpaper here via Zahnna

Posted by Philip at 01:05 AM | Comments (0) | TrackBack

August 26, 2003

SoBig seems to be SoMuch more

http://www.silicon.com/news/500013-500001/1/5719.html?nl=d20030826


People need to be aware of the "So-Big" Internet virus/worm that is circulating now. It appears to be part of an organized set of experiments in how to effectively spread a virus that drops a "Trojan horse" or "back door" into a computer. This back door in turn may give a remote user access to your computer and any information stored on it.

What makes this virus special is it usually appears to come from someone you know or may have sent mail to (like a prospective employer). It places random subject lineson the messages it sends. On some it sends the socially engineered subject "Your Resume" or "Re: Resume".

Note: other Subject lines are generated as well. See the Silicon.com article above.

Now most people do not send emails with the subject line Resume but they might. People looking for jobs are usually thrilled to get a response (or what appears to be a response) to anything they send out and will eagerly open mail and attachments. That is social engineering like the I Love You virus that went around a while ago.

This virus needs your ACTIVE co-operation to actually work. The email will arrive with attachments in the form of a .pif file with different names. Trying to open the .pif attachment will execute the worm/Trojan horse.
Please note the program may say it is a picture attachment something like "coolpic.jpg.pif" or a word document like "resume.doc.pif". Many people will see the .jpg or .doc extension and not see/notice or understand the .pif appended to it. Examine attachment names thoroughly. No one should ever send you an attachment with a .pif or .exe file extension (there are several others but let's keep it as simple as possible).

This worm is very sophisticated and has it's own email engine. It will use your address book to construct emails that appear to be sent by some of your contacts to other of your contacts with a copy of itself attached.

The worm itself does no damage other than trying to spread itself. The backdoor installed however will run as a service and want access to the internet. This access will be blocked by the default installation of your firewall software, however many of us just click "allow access" to most applications without thinking about it. Once the Trojan has access to the net it notifies the "bad guys" that it is ready for instructions and sits and waits.

How to protect yourself:

You can set your email options to "quarantine" or block the opening of email attachments. This isn't practical for most of us but it SHOULD make us think before we click if we have to go change our email security policy to open an enclosed file. Opening an Email does NOT as a rule execute any programs so you can open emails. It is the attachments you need to look out for.

If you exchange attachments with people on a regular basis (you know who you are) you might want to place a "keyword" in the subject or body of the message that will let your friends know that you have really sent this message and can guarantee that it does not contain a virus. Worms will not know about this "keyword"... So people will always know if the mail is from you and not a virus posing as you.

Subscribe to an Antivirus service and set it to auto-update every night and then run a virus scan each day on all folders and compressed files. If it has an e-Mail scanning mode enable it. New variants of SoBig and other viruses are detected every day.

Install a firewall program. "ZoneAlarm" is free and easy to use, if you have Windows XP you can enable the built in IP Security Firewall service (IFS). When a "new" program wants access to the Internet as indicated by your firewall software ask yourself what is this program and why does it need access to the Internet? If you don't know ask Google about the program that wants access. This is a case where Just Say NO can be a good thing.

Often the Trojan horse software is named after a legitimate service that has been running on your machine. It installs itself in place of the legitimate service and changes your computer so the program is run every time you startup your machine. In most cases the name is a variant of the original service causing the firewall program to issue a warning that a new program needs internet access. The Trojan is designed to replace the service doing everything the service did before in addition to listening for instructions.

If you have had a firewall installed for several months chances are you rarely get prompted to allow a program internet access unless of course you installed a new program that needs to access the Internet. This usually sorts itself out after a few days of installing the firewall software. If you install a new program it may want access to the net to register itself or to look for updates, this is normal and expected behavior, if you haven't added anything recently you firewall software should be quiet and not inform you of new program needing access to the Internet

If you are using IRC/ICQ or P2P software you are increasing your exposure to viral threats. Sharing music files can be like sharing a dirty needle. IRC/ICQ is like having unprotected sex with multiple partners. A virus/worm does not just spread via email software.

Knowing the right thing to do is becoming more and more difficult. It is an unfortunate fact of Internet life. Practice safe computing. Keep your doors locked with a firewall and or router. A Virus scan is like getting a blood test to see if you have infections. e-mail scanners act like a prophylactic to prevent infections. Not opening attachments unless you know where they came from and what they are is just being responsible.

If you do online banking or taxes, if you have purchased something via the Internet or participated in an online auction, if you have disclosed personal information in an email to friends and family, this information is at risk. Take care of it.

And MAC and Linux users... don't be smug there are worms and Trojans that affect you too. They don't make the news because there are so few of you but you too can be hacked cracked and whacked

Posted by Philip at 10:50 AM | Comments (0) | TrackBack

August 23, 2003

A day of rest

Since joining the ranks of the employed (however temporary it may be) I actually look forward to weekends again, where you can do laundry and shopping and yard work and every thing else you couldn't get done while you were chained to a desk. What follows is kind of geeky but if you are interested read on and laugh at hubris... and if you don't read on have fun with customer support.

I'm the fix-it guy. Somethings I can fix no sweat others I am not so good at (personal relationships seem to be difficult) but it doesn't stop me from wanting to fix things or trying to fix things. I get a problem and I get obsessed. FOAF brings over a nice new laptop running XP, seems when he gets on-line (dialup lowlife...) wierd stuff happens (like the computer shuts down)... I smile and shake my head you been infested with lovsan I say.

Sure enough there it is. I find the dropper and infections with a cursory search. First thing to do is kill the process running that keeps you from deleting the file you need to. So the three fingure salute is issued to bring up the task manager.

Task manager appears and disappears WTF!!??!! Whoa this is unexpected. OK so I can't shut down the dirty bastid that is running I get rid of everything else. I know that the way this thing starts is, the registry has an entry in it that will start it up before you even get a chance to log in. So off to regedit to remove the offending entry, once I reboot everything will be OK and I can delete the persistant file. Run.... regedit, launches and shuts down just like task manager what the hell?

OK this isn't LovSan something else is going on. FOAF has Norton Anti-Virus on his computer but it isn't running, OK launch that puppy and do a scan... no virus is found. Hmmmm

The Virus definition file is a year old.

OK this laptop can't dial out but I can plug it in to my home network... Don't worry I plug it into the DMZ in front of my router/firewall. Plug it in behind and the virus will spread itself to all the machines that are not running ZoneAlarm or other firewall software.

Once on the net I get to the MS update site and download all the critical updates that can be installed (note XP Expess SP1 download is NOT express it takes for fucking ever to apply). Update the Norton anti virus and run the scan again.

This time bingo I find lovsan no problem I already know it is there. It also finds the Welchia worm.


Now the Welchia worm was some kind hearted individual's attempt to stop lovsan. This virus installs as a service using the same security hole as lovsan. It then tries to download the Microsoft patches that closes the hole and thus prevents you from getting lovsan. Cool except that it doesn't work. It just gunks up the net with useless traffic. It's a virus/worm and doesn't help the situation, as easy as lovsan to remove if you can get a handle on it (task manager and regedit) which I don't have.

As the scan continues spybot is located. So here I am with a real dirty machine. Spybot is the virus that doesn't play nice. It infests a critical system service.. actually it replaces a critical system service that needs to be loaded when the computer boots. Can't shut it down can't change the system registry can't clean or quarentine the infected files.

Shit. On to the net where I learn spybot is reported as rare and easy to remove. So easy to remove there is no tool to download to help you remove it.

Search some more and you find this bugger has caused untold grief to lotsa people. Fortunately there are instructions on how to remove this obnoxious POS.

You can download tools that do the job of regedit and taskmanager, the virus doesn't know about these (dialup users are out of luck as dialup connections are dropped by lovsan)

So I do it the hard way (I could have downloaded the tools but it isn't my computer). Disable the restore point software. Boot to safe mode delete the POS worm run the virus scan again and quarentine the other bad boys.

Reboot and all is well. Nope... turns out the system is full of spyware as well. So clean that crap out too.

Whew... I'm thinking I am glad I didn't have to do this on all my computers.

Moral of the story.... Charge FOAF beaucou bucks to clean out and update this computer, except I can't because I'm obsessed.

Don't use IRC don't use Kazaa or other P2P software unless you know what you are doing, and if you do then you deserve all the crap that will flow your way.

I charge $250 an hour plus expenses.

Posted by Philip at 02:22 PM | Comments (1) | TrackBack

August 22, 2003

Deconstructing Spam

Well this is what it looks like when it arrives in your mailbox (not mine!) obnoxious full of links to web sites that download crap you don't want and will spend months tracking down and removing unless you have a nice spyware watcher that stops the ad watchers cold. Insert shameless plug for Ad-Aware.

This one's for you Mark. And the VO. I want that Bill Giffith stuff.

Here is what I turned it in to. Links work have fun. There is no way back to me via the links, but you will like where you go.

Posted by Philip at 12:13 AM | Comments (0) | TrackBack

August 21, 2003

Welcome to Portland Mr. President

Bush

We got a visit from George the II today, just my luck I am working and couldn't go down and welcome him Portland style. We only worked up a few thousand demonstrators who had to get to North Portland to a private college with no parking (for protesters) not quite the 50K that showed up in the Park Blocks a few weeks before the war was Fait Acompli, but still a respectable showing for a midweek mid morning visit.

It amazes me how we can turn out 2000 people for a $500 a plate rubber chicken (this just in it was 500 @ $2000 a plate my bad) but can't get a small tax raise to help out the state school system. The raise barely passed this year raises the tax bill of couples making more than $70,000 a whopping $130, geeze do you think they can afford $11.50 a month, specially when Bushy is giving them back more than that in tax cuts and deficits...

Posted by Philip at 02:57 PM | Comments (0) | TrackBack

August 19, 2003

New Tool for MT Bloggers Zempt 0.3

Since I can't read Salon Blogs tonight I am playing with a new (to me) tool for creating entries for the blog.

Theoretically this is a "better way" to post to MT Blogs like Just Playing Fair with Balance

I should be able to format paragraphs this one centered.
This paragraph should be aligned to the right.
This to the left.
Stand up Sit Down Fight Fight Fight

Oh and I turned off the comments for this post so there!

OK OK I turned them back on and added a link to Zempt in the title. Nice little tool so I sent them a fiver they were only asking for a buck.

Spell check should werk as well

Posted by Philip at 09:47 PM | Comments (1) | TrackBack

August 18, 2003

Testing

The Salon Blog community seems to be a little slow today so this is just a tickle to see what happens.... ah the blogging life, if you can't get your fix what do you do?

Posted by Philip at 10:42 AM | Comments (2) | TrackBack

August 16, 2003

Politics

I am a political person but I don't have a political blog. I am one of those dyed in the wool 60's radical leftist communist pinkos. I don't hide it, my friends on the left and the right know where I stand and I don't apologize for my opinions.

But for me politics are personal and not something I feel moved to blog about. I'm new to blogging so that may change.

I will and can comment on the whole Fair and Balanced furball. Fox you are anathema, yea you gots numbers and yes I may be a minority but I still know shit from shinola. Fox you are shit. Co-opting "Fair and Balanced" is an exercise in corporate double-think. You can't watch ten minutes of Fox News without knowing where their bread is buttered. It is not fair and never balanced, the other side takes it up the ass and gets paid for it on Fox they have whores who call themselves liberals who sit and take it. I am nobody, but I could take Bill O'Reilly apart one on one on LIVE TV without breaking a sweat. Yeah he can tell me to shut up, I'd love to get his intellectual nuts in a vise.

I have nothing against conservative politics, NeoCons who are in power now are a different animal. I've heard of the Shipping News how about the Scripted News?

If I wasn't just playing (fair and with balance) I would be angry. A stranger in a strange land.

Posted by Philip at 06:13 PM | Comments (2) | TrackBack

August 14, 2003

End of Summer

Not sure what I would do with out Mark keeping track of time for me. He is publishing his Virtual Occoquan the best of Salon Blogs on Sunday with his guest editor Rayne. This issues theme "End of Summer".


Picture via the web no attribution available. Used under doctrine of fair use.

dew on parched grass
A skein of geese flying south
All summers must end



Now the rant.....

Hey wait a damned minute what is with this "End of Summer" stuff? As I write this it is only August 14th we still have more than a whole month of summer left officially. The End of Summer my ass! Have you been reading the papers? The Alps are melting for christ's sake. 3000 dead in France, British Breweries running dry, Germans working OVERTIME to meet the thirsty drinkers demands.

I think this may be some wishful thinking on someone's part. Don't get me wrong I love the Fall, especially in these here parts, but that will not happen by the calendar or the clock it will be when the rain starts and stays for days on end. This is life in the rain forest of the Pacific Northwest.

Sure the days are growing shorter but there is still more light than dark.
Mornings are cooler and there is often dew on the grass a sure sign that our dry season is winding down, but we are pushing 90 today with real heat predicted for later in the week. Maybe even an honest to goodness thunderstorm or two for us people living in a place where lightning bolts truly are scarce. Never know you miss them until you don't have them. In a quarter century of living up here there are very few memorable thunderstorms and all of them are usually memorable.

Back to School sales are in full swing or will be shortly. Monday Night Football has started up, so all the economic indicators are pointing to the imminent demise of summer but I am not ready to let go just yet. I like to squeeze every last drop of sunshine out of the season build up those endorphins and brain chemicals that sustain me through our long dark rainy season. Refuse to call it winter unless it snows, not that it has snowed down in the valley recently, not even an ice storm is grounds to declare winter.

And the kicker is for many of our citizens it is the End of Winter that approaches
We tend to have this Northern Hemispherical arrogance. My friends in Oz are gearing up for Summer mate. They are getting ready to put their shrimp on the barbie and drink copious amounts of Fosters or Tooheys or Piss Weak. The South Pole emerges from it's long night and life returns to the men and women who wintered over in that cold place. South Africans are celebrating the end of a long winter, In India the monsoons will be coming to an end, and a return of the sweltering heat that oppresses that country is not looked forward to.

The End of Summer is relative. And it ain't one of my favorite relatives. Long live Summer! Our time is measured my friends, one summer gone is one less to live and play in.

Posted by Philip at 01:47 PM | Comments (0) | TrackBack

August 13, 2003

Day 2

I guess working is like riding a bicycle you don't forget how.

New names and faces to remember, although there are a few familiar ones. I'm on double secret probation to see if I have what it takes to contribute.

I understand completely the need to husband your cash in a start-up. The last one I was with didn't do all that poorly, they were actually purchased by a public firm when IPO's just were NOT going to happen so the sweat equity turned into a nice little bonus; little being the operative word. For you see Unca Sam gets his fair share of the profits as soon as you turn those options into shares (you haven't sold a thing you bought cheap and that is taxable FMV - Strike Price = profit even though you haven't sold a thing it's a paper chase) So to keep Unca happy you have to sell some of those new shares as short term capital gains which are taxed higher than if you held the stock for a year to pay for the realized rather than actual profit. If you are lucky the remaining stock will still be worth something after this bear market and you can sell more stock to pay off your capital gains bill and of course selling adds downward pressure to the price.... What a furball. ackkkkk. Give me computers any day, the neighbour got bit by the love-san worm. It had a cute trick where his auto-connect would dial out, msblast would try an RPC call and the RCP service would fail forcing a reboot of his PC. Wheels within wheels.

So back to cubicle land, the commute's a dream nice flat farm land with a slight downhill run into town. Almost a bike lane that you get to share with assorted debris and road kill. Then the wonder of MAX our Potlandia Burb connection, light rail all new and shiny, bike friendly and given the distance covered only slightly more expensive than a car to use, about 45 cents a mile in my case. Of course the intangibles of actually getting my heart rate above 60 beats per minute for 30 minutes or so twice a day has got to be worth something, unless we have a finite number of heart beats in our destiny, in that case I am rushing toward the end.. He died with his Lycra on. I've added a link to the PNW Blogger ring check out some of my fellow web-foots, blogging gives new meaning to the term web foot.

Enjoy, but be careful out there cause when you least expect it.... Wham!

I am not running for Governor of California. That makes me special! Out to do a little shooting star gazing.

Posted by Philip at 12:39 AM | Comments (0) | TrackBack

August 08, 2003

Employment

Looks like I am going to land back in high tech. It feels good to know you have somewhere to be on Monday.

I have been invited to a tryout at Kryptiq a startup which develops and integrates HIPPA compliant applications for the Medical industry. My career has been varied I have to say that. Scientific Computing, high speed I/O and RTOS, Telecommunications, VOIP, eCommerce, and now Medical software. One of the good things is Medicine is an established business model funded as needed. Now it is up to me to perform and earn a spot on the team. No doubt in the need for the product. Not a .com outfit.

Posted by Philip at 07:05 PM | Comments (0) | TrackBack