Digital Choke Daynotes

What's a Daynote?

"Daynotes" are daily (usually) journal entries of interesting happening and discussions. They are not 'blogs', which are often just a collection of links to other information (although we do include links occasionally). Daynotes are much more interesting (we hope).

These "Digital Choke Daynotes" were inspired by the collection of daily journals of the "Daynotes Gang" (see sites at .com, .net), a collection of daily technical and personal observations from the famous and others. That group started on September 29, 1999, and has grown to an interesting collection of individuals. Readers are invited and encouraged to visit those sites for other interesting daily journals.

If you have comments, send us an email. A bit more about me is here. You might also enjoy our little story about the death of the 'net.

Reports

An Evil Phishing Technique 8/5/05
Simple Steps for Reducing Spam 3/25/05
FireFox "Phishing" Alert 2/8/04
A Phishing Report for Dr. Pournelle (pdf) 12/20/04
Simple Steps for Safe Wireless Home Network 11/29/04
Simple Steps for Safe Computing 10/19/04
Home Computer Security & Configuration Checklist 8/18/04
Phishing for Fun & Profit 8/11/04
A Simple Recipe for Internet Domination? 7/14/04
Is That a Felony on Your Computer? 10/19/03
Email: not absolutely positively delivered
Anti-Spam Server
What I Did On My Summer Vacation (July 2003)
The "Digital Choke" story

"Digital Choke" story

Monday, November 21, 2005 mail link the story

Another day, another security warning.

This one is for an unpatched exploit for IE 5.5 and 6.x. The exploit, if hosted on an evil web site, will allow a visit to a page on that evil web site to run a program on your computer. Not a good thing, but tempered somewhat by the fact that the exploit can only run a program that already exists on your computer. And it will run as the currently logged-on user.

So, for example, if you visit the evil web page, it could run the Calculator program on your computer. That wouldn't be too bad. And it's not clear if the evildoer could include parameters as part of the command. For instance, "format c:" ... which could not be a good thing.

I suspect there will be a quick update coming from Microsoft. Not clear (as I write this) if an anti-virus program could catch it. There's some information, including a 'Snort' (firewall) block for it, at the Internet Storm Center (http://isc.sans.org).

You can also find this (and other techie stuff) at the "Digg" site (http://www.digg.com), which is fast becoming a threat to the folks at Slashdot. Things change rapidly on that site, so quite a bunch of stuff to look at.

Last week, I found a very interesting article about "colored bubbles" (http://www.popsci.com/popsci/science/0a03b5108e097010vgnvcm1000004eecbccdrcrd.html). It turns out that making a soap-type bubble with full color is quite difficult. The Popular Science article told about the guy that finally figured it out ... after 11 years of experimenting. It's going to be a commercial product soon; see their site at http://www.zubbles.com .

And, the Sony root kit story continues. Texas and the EFF is suing Sony about this. But the real story, as Dan Seto reminds me, is that why it took over a year for anyone to find it? See Dan's post here at http://www.seto.org/mt-diary/archives/2005/11/release_the_hou.html , then look at Bruce Schneier's post about that here: http://www.wired.com/news/print/0,1294,69601,00.html .

Finally, for you shoppers out there: want to know what the ads are going to be for the big day-after-Thanksgiving shopping day (here in the States)? At our house, Pam and our daughters (Stacy and Christine) love to get up very early on that day to hit all the stores. They leave the house about 530am, get all their bargains, and then are back by about 11:00am. My job is to stay home with the grandkids (tough work ... although it requires watching endless kid shows on TV).

The Interweb is going to help out with that effort this year. Go to http://www.bfads.net , where's you'll find a whole list of stuff to buy. The neat thing about that site is that they will keep track of your shopping list. Just click on an item, and it adds that item to your shopping list.

I've started on my list. Now I'll just need to check out the 'price guarantees' for the various stores to see if I can do a bit of pre-ordering.

Tuesday, November 22, 2005 mail link the story

In the "Why Didn't I Think of That?" department, I give you the "Million Dollar Home Page" (http://www.milliondollarhomepage.com). Wherein a clever Brit divided up his home page into one million pixels, and is selling them for $1 (US) a pixel (100-pixel minimum). You buy a block of pixels, put your image in there, and wait for the clicks to come through.

Successful for the Brit (he's over the $660K mark so far), and the buyers are seeing more traffic. Lots of imitators out there, but this is the first I heard of it.

Looks like the latest Sober virus variant is getting a bit more active. McAfee has rated it a "medium risk". Here at the office, our email filter software has protection against it. All mail is scanned, any attachment (and it's contents) are scanned, and we block any attachment with an executable inside (even in zips). Any password-protected zip file is also blocked. That protection has worked well for us.

Wednesday, November 23, 2005 mail link the story

Ah, the day before "Turkey Day" here in the States. And two days before "Black Friday", where many (including the female members of my family) will get up at 5am just to go shopping. I'm staying in bed (it's my job to babysit the grandkids), even when the grandkids wake up and want to watch TV in "Poppa's Bed". Then, when they start to get restless, we'll go downstairs and get some breakfast. I'm planning on frozen waffles and juice. Then we'll watch some more movies on TV until it gets a bit warmer to go outside to play in the back yard. Although I need to fix my wireless network, I was having problems connecting the Thinkpad to the wireless network last night.

I've already printed out my shopping list from the Black Friday Ad's site (http://www.bfads.net). Since my birthday is coming up, I'm aiming for a few things on that list. A bit of Interweb research tomorrow, and I'll be ready with my order to the shopping girls.

I'm noticing an increase in a new variant of the Bagel virus. At this writing (900am PST), the major AV vendors are just starting to notice increased number of mass-mailing of this malware. F-Protect seems to be more pro-active in their detection; their blog has released 5 updates to their detection today. McAfee's current detection files (4634, dated yesterday) does not detect this one yet.

The email contains a randomly-named ZIP file (mine were 'nathanial.zip' and 'harry.zip') that contains a file called "1.exe".

It was caught by our corporate mail server because our mail filtering software (SurfControl) has a rule that blocks all incoming executables. SurfControl uses McAfee's engine to detect for viruses, and didn't catch the executable as a virus. But since we block all incoming executables, we are protected against these 'zero-day' attacks.

I recommend that you implement similar precautions of blocking any email with an executable attachment. And, of course, the usual "don't open attachments or run programs attached to emails" rule (I tell you three times).

There are also a bunch of new "Sober" malware emails making the rounds, as was discussed yesterday. These are "from" the CIA, FBI, or other places warning you that they caught you browsing to the darker side of the Interweb. Just click on the link, and you'll become the latest addition to the spammers bot-net. Similar warnings to prevent infection.

For those of you three loyal readers, happy turkey day ... even if you don't have a turkey day in your part of the world.

... more later ...
Last Week	Next Week	Prior Weeks	mail	bookmark	The Digital Choke story	Visitors