Category Archives: Miscellaneous

General stuff that doesn’t go anywhere else

Curiosity killed the Network

Secure Network Technologies Inc is a company responsible for providing many business related security services.  One of those services includes security auditing of participating organizations.  I had to laugh as I read a report submitted to Dark Reading, by Steve Stasiukonis, in which SNTI infiltrated a credit union by scattering USB drives containing Trojan software in the parking lot for employees to find.

I made my way to the credit union at about 6 a.m. to
make sure no employees saw us. I then proceeded to scatter the drives
in the parking lot, smoking areas, and other areas employees
frequented.

Once I seeded the USB drives, I decided to grab some coffee and
watch the employees show up for work. Surveillance of the facility was
worth the time involved. It was really amusing to watch the reaction of
the employees who found a USB drive. You know they plugged them into
their computers the minute they got to their desks
.

The credit union probably utilizes all sorts of expensive security mechanisms, only to be infected by a pure disregard for security by curious employees. 

Now I know why the federal government makes their employees participate in countless security briefings – at least if you infect their computer network you cannot say you didn’t know, and they can nail you to the wall for it.

http://www.darkreading.com/document.asp?doc_id=95556&WT.svl=column1_1

I’m Here

Well, here I am in Las Vegas, day #1 of the Mix conference. I’d have posted sooner but my hotel doesn’t offer Internet (sucky) – thank God for Microsoft conferences 🙂

So far I have taken advantage of Microsoft’s hospitality by – eating breakfast, tapping into the free wireless with my PDA, and playing with Windows Vista in the free Internet lounge.

Well, the keynote’s about to start, just enough time to grab another cup of coffee (the nights are long in Las Vegas).

More Later.

Died?

Have I died?

Fortunately (or unfortunately for some) I have not, but I have been insanely busy, and have had no time to read the blog posts of others, never mind write any blog posts of my own.  My current daytime project (let’s call it Fred) has been occupying all of my daytime working hours and many a good evening, but the good news is that it is drawing to a close.  Fred is due to finish at the end of February (horrah), after which time I have big plans to learn some really cool new technologies, which I am sure to blog about (at least those technologies that I am permitted to blog about). 

Technologies on my conquer list this year include: Windows Communication Foundation, Windows Presentation Foundation, a peek at Windows Vista, and Visual Studio Team System.  Hopefully Fred won’t interfere.

Meanwhile, it’s back to another couple of weeks of working late, and seeing new posts in my feed reader for Boing Boing top over a few hundred. 

TTFN.

Ding! Rob has posted again…

If, having your feed reader tell you that there is a new post on my blog, is not enough, then I come to your rescue with MSN Alerts.  Click the image link below (or on the side bar of my blog) and you can subscribe to receive an email or cell phone notification whenever I post a message on my blog.  Now you’ll know that I have something to say, when your cell phone beeps, as you’re driving home in your car 🙂

Time for a change

Aside of being busy at the office this week, as the project I am working on revs up into its implementation phase, I have been devoting a lot of my spare time looking into getting one of these

A friend of mine says that he can always tell how busy someone is by the number of posts on their blog. 🙂  This would explain  the apparent lack of posts on my site recently.

So, the time has come to change my wheels, I have chosen the 2006 Scion TC because it’s the closest match to my VW Jetta 1.8T Wolfsburg in features and driver performance, and Scion’s are Toyota built, and so come with a reliability history.  I took a test drive in one earlier this week, and managed to have some fun on the open road.

As soon as I find a new home <sniff> for my v-dub <sniff>, I shall be wiping away the cobwebs from the entrance to my gold reserve and heading on over to the Toyota dealer to pick me up a shiny new TC.  I plan to get navigation this time, and I am considering the Pioneer AVIC-D1, which provides complete US GPS navigation, XM satellite radio, XM satellite traffic, and IPOD integration.  Once I make my purchase of both car and expensive toy navigation unit I shall blog about it.

Sony is still advising users to install their rootkit…

Quoted from:  http://cp.sonybmg.com/xcp/english/howtouse.html

To install the software on this disc, you
must have Administrator rights on your computer.
Administrator rights are typically the default
setting for home computers, however, in many
work environments it is not the default setting.
If you do not have Administrator rights, log
out of your account and log in as an Administrator
.

The above statement should cause a light bulb to illuminate in your head. 

Q: Why would a least privileged user (LUA) require administrative permissions to play an audio CD on a Windows/Mac computer?
A: Because it is trying to install something nasty on your computer.

Yet another reason why I am an advocate for LUA.

Avoiding Sony’s DRM Rootkit

It may not have escaped your attention that Sony has been featured in
the news a lot recently, concerning proven allegations about Sony BMG
installing DRM root kits on Windows computers, belonging to consumers:

http://news.bbc.co.uk/2/hi/technology/4400148.stm

Essentially, root kits are malicious pieces of software that are
installed in the lower-levels of the Windows operating system, which
can hide from anti-spy ware and anti-virus checkers.  Sony
claim that they employed the use of root kits to install digital rights management
software on Windows PCs to limit the damage to the corporation as a
result of piracy.  Consumers believe that Sony has gone too far in
their efforts.  The root kit was originally discovered by Mark
Russinovich
after running “root kit revealer” – an application,
engineered by Sysinternals, to find root kits on a Windows platform –
on his computer.

So, how do you avoid Sony’s root kit, and any other root kit that might be lurking in software?

Operate your PC under LUA.  Root kit installers need access to low-level OS functions, drivers, and possibly the kernel to operate – non of these areas are available when running as LUA

LUA will not protect you from root kits hidden in software that you
actively install as an administrator, but will prevent passive
installers from burying root kits in your Windows operating system
without your knowledge.  So, you will still need to be diligent
when installing software (know where the software came from, is it
reputable?, is there any known press about the use of root kits
associated with the software vendor?), but will not have to worry so
much about hidden software being installed when you plop an audio CD or DVD in your
computer.