Mumbles and Grumbles
Those little (and sometimes not so little) things that irritate me throughout the day.
$750,000 per month?!? Sometimes you feel like you're in the wrong business. Then they get 9 years in the pen. Good riddance! Interesting article to read, since this clown used zombie servers.
Trial shows how spammers operate
source: http://www.usatoday.com/tech/news/2004-11-14-spammer-trial_x.htm
Jaynes' business was remarkably lucrative; prosecutors say he grossed up to $750,000 per month. If you have an e-mail account, chances are Jaynes tried to get your attention, pitching software, pornography and work-at-home schemes
...
Prosecutors believe Jaynes had a net worth of up to $24 million, and they described one of his homes as a mansion, though the e-mail came from a house described as average.
Part of an e-mail from my registrar today (emphasis mine):
Under this new ICANN policy, the intent of a domain name registrant to transfer a domain name need not be confirmed with the registrar from which the domain name is being transferred. In fact, under the new policy if we are notified you want to transfer a domain name registered with pairNIC to another registrar and we ask you or the administrative contact to confirm a transfer request and neither of you respond to the confirmation request, pairNIC must let allow the transfer to proceed. pairNIC is concerned this may lead to unauthorized transfers of domain names.
To prevent unauthorized transfers, make sure your domain names are in “Transfer Lock” status. Check with your registrar for more details.
You can read the full ICANN policy at: http://www.icann.org/transfers/
I should say this ahead of time: I enjoy being the devil's advocate. Whether or not I agree or disagree with the point being made, I like open debate, and enjoy finding the other side of an argument. My mother claims I would argue with God Himself. She's probably right. Some of you have noticed this in comments I've left on your blogs. It's been tough not arguing everything this season, but I have to make an exception today.
Paul Mooney thinks a new videotape is proof positive of something. There are questions that need answered before that conclusion should be drawn.
1) There are 56 bunkers at the al Qaqaa facility. Are the bunkers in the tape the same ones from which the explosives are missing?
2) Are there images of empty bunkers on this tape? Did the reporters see any empty bunkers? Did the reporters visit and video every single bunker? The reporter's claims seemingly contradict the recollections of at least one soldier with them. http://newsmax.com/archives/ic/2004/10/28/225100.shtml. There is also some question as to whether or not the explosives shown in the photos and video are the sames ones that are missing.
3) Are the explosives missing from a single bunker, or more than one bunker?
4) I work for a logistics company. My brother is a 5th generation truck driver. I have some insight into what it would take to move 377 metric tons (about 350 US tons) of material. Max load on a 47' trailer (the usual kind you see on the road) is 20 US tons. That's at least 19 completely full semi trucks moving this stuff. That's a lot. Not to mention, the bunkers shown are not exactly primo loading docks. With skid loaders (aka forklifts) on docks built to trailer height (meaning the loaders can drive right onto the truck), it still can take an hour or more to fully load and secure a trailer. And that's in a modern warehouse working full speed with experienced loaders and lift operators. Manually lifting and loading one trailerful can take nearly a full day, if not more, and a heck of lot of people doing the loading.
The crates shown are marked as 40kg (roughly 88 pounds). This would put 25 boxes per metric ton, or nearly 9500 boxes that would need to be moved. This is no small chore. Seriously. Think of those large bags of dog food at the grocery store--the ones that used to weigh 50 pounds, but are now about 45 pounds, or roughly half of one of those bxes shown in the photos. Now, go move 19,000 of them onto waiting tractor trailers, manually. Get as many friends as you can to help. Do so quickly, in 100 degree heat.
5) The Defense Department has photos of big trucks doing something at this facility before our troops got there (http://washingtontimes.com/national/20041028-115519-3700r.htm). There are also photos of truck convoys moving from Iraq into Syria before the invasion.
6) Why are the boxes labelled in English? That's just weird. I could understand French or Arabic, but English? Maybe there's a good reason.
7) ABC News (http://www.abcnews.go.com/WNT/story?id=204304&page=1) raises questions as to the amount of material missing. The IAEA report states that only 3 tons were stored at the depot on their January 2003 visit. Sadly, this is a much more manageable amount to steal. You could load this amount easily on one of the two trucks shown in the DOD photo referenced above, and you could do so through a ventillation shaft as the IAEA suggested happened. 3 tons of anything that goes BOOM is still a dangerous amount, but doesn't quite deserve the level of hysteria currently being generated. For contrast, our troops have catalogued and destroyed some 400,000 tons of explosives.
Personally, I think the explosives were gone before the troops got there, and this means (to me) we didn't move in Iraq soon enough.
So apparently when I open ActiveSync, and navigate Explore >> Mobile Device, I'm supposed to see the SD and CF card (both being memory cards at the time, but the CF card is switched out for the WiFi card). Well, I don't see these cards. Anyone have any idea? I have an Axim X5 running Pocket PC 2003. The cards work fine from the Axim, I just can't copy anything to them without a utility like MighySync (http://www.mydocsunlimited.com/html/mightysync.html). I'd prefer to access these cards directly, like you're supposed to. Dell is no help.
<update 04-2005>
Upgrading to ActiveSync 3.8 remedied the problem. Download it from http://www.microsoft.com/windowsmobile/downloads/activesync38.mspx.
</update>
So I registered for one of the ASP.NET webcasts for today (10/18), scheduled for 9:00AM PDT. That would make it noon Eastern. I clicked my link to view the webcaset, and I'm greeted by this message:
This webcast took place 10/18/2004 9:00:00 AM PDT.
A recorded version of this webcast will be available at 10/19/2004 9:00:00 AM PDT which you can view at your convenience.
According to The World Clock, it's currently 8:48 AM Pacific. Huh? A 90 minute webcast that is supposed to start in 10 min is already over? We don't switch clocks until 10/31.
I wonder what they recorded this morning, and when they did it?
Got the DVD from the last MSDN Connections (Aug/Sep), and tried installing the VS 2005 beta. I keep getting prompted to “Insert Visual Studio 2005 DVD”. Anyone else having this problem, or know of a fix? No matter how many times I hit OK, the prompt comes back.
Schwarzenegger Signs Anti-Spyware Bill
source: http://www.newsfactor.com/story.xhtml?story_id=27251
A new California law requires software makers and Web site operators to disclose whether they put spyware on a user's computer. Once considered a mere nuisance, spyware has lately been recognized as a serious security threat.
It's a start, but still, the sleaze will be sleazy.
Court says any sampling may violate copyright law
source: http://www.usatoday.com/tech/news/techpolicy/2004-09-08-sampling-ruling_x.htm
A federal appeals court ruled Tuesday that rap artists should pay for every musical sample included in their work — even minor, unrecognizable snippets of music.
Exactly how “minor” or “unrecognizable” must a snippet be? Three notes in a different pitch? Don't laugh--that's the crux of the case:
The case centers on the NWA song 100 Miles and Runnin, which samples a three-note guitar riff from Get Off Your Ass and Jam by '70s funk-master George Clinton and Funkadelic. In the two-second sample, the guitar pitch has been lowered, and the copied piece was "looped" and extended to 16 beats. The sample appears five times in the new song.
What's next? Music publishers of instructional materials laying claim to C#? Royalties for “Hello, world“?
This isn't as off-topic as it might first appear. Copyright law is pretty much copyright law. Given SCO's lawsuits as to who owns UNIX/LINUX, better be careful with that “suitcase” of code. There are only so many commands in a language, and the compiler determines how a lot of them go together.
I give up on 'viruses' (correctly: 'viri'). But I'm still going to fight the good fight on “data is” and “indexes”.
“Data” is the plural of “datum”. Data are, datum is. Shame on Microsoft! 2073A Coursebook, Module 6, page 8:
Data is physically stored on a data page in ascending order
No, data are stored.
And, despite how the system tables (e.g., sysindexes) are named, and what they say on page 11 of module 6, the proper plural of “index” is “indices”.
This is another frightening thought regarding your e-mail “privacy“. Although this ruling was for different circumstances than Google's AdWords in your GMail inbox, it does support Google's ability to do so.
source: http://www.newsfactor.com/story.xhtml?story_id=25730
Three judges debated the Wiretap act of 1968, the Electronic Communications Privacy Act of 1986, the Stored Communications Act, and various cases of electronic snooping before ruling that it was okay for an Internet service provider to eavesdrop systematically on the content of e-mails and use the information it gleaned for commercial gain.
Don't touch my base--it might be loading.
Of all the business cliche's of the past few years, “touch base” is one that I absolutely despise. I can put up with “office” becomming a verb, and I'm usually more concerned with who cut the cheese than who moved it. Despite what one may think, the path from good to great is not a checklist, and you can't be Level 5 because you want (or declare yourself) to be. Warring tribes are a great way to design consumer electronics, until the Japanse can design better products cheaper and quicker, and then get ripped off by the Koreans or Chinese. So maybe skip the tribes, the natives will always restless because they do not suffer fools gladly.
I can cope. I can “bin“, “cubbyhole“ and “cubicle farm“ as well as anyone else. Just please, refrain from touching base. The whole notion feels creepy, like my personal space is being invaded.
This was set off by an e-mail from the SSWUG after I had to register to try and read Kent Tegel's new article (I'd put a link but I haven't paid for the membership since I just bought a new house and still have bills for ankle surgery in March). The founder of SSWUG was just “touching base”. Said do in the subject. Creepy. Maybe I won't join after all.
source of complaint: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/vbtskcontrollingtheappearanceofthewebinterface.asp
Bullet point 1 states:
Never use Cascading StyleSheet (CSS) properties for absolute positions. Specifying absolute positions prevents elements from being automatically positioned and sized.
<!-- Do not do this -->
<DIV id = idFindWhatLabel style = "position: absolute; left: 0.98em; top: 1.2168em; width: 4.8em; ... >
And yet, here's part of the sample code for Bullet Point 2, using that thing they just told you not to use:
<div style='position:absolute; left: 0; top: 0; ...
Additionally, nice consistent use of quotes to surround attributes.
Also, it would be really cool if you'd either allow the frame to scroll, or wrap long lines of code. I might want to see the entire line!
Source: http://www.ecommercetimes.com/story/34842.html
Security experts had been waiting for a couple of weeks for the shoe to fall. On June 11, US-CERT, the government-funded computer-security watchdog at Carnegie Mellon University warned that a flaw in Microsoft Internet Explorer could allow a Web site to dump malicious programs onto Windows computers. The alert was highly unusual because CERT normally avoids public warnings about vulnerabilities until patches to fix them are available.
By Friday, June 25, it became clear why the experts were worried. Reports started flowing from security services that unsuspecting computer users were being hit by a program that could log their keystrokes, grab account information and passwords, and send them back to a computer in Russia. The initial assault was stopped over the weekend by shutting down the Russian site and updating antivirus software to deal with the program, known as either JS.scob.trojan or download.Ject. But the basic vulnerabilities remain, and a second wave of attacks seems likely.
*********************************
IIS Answers Security Bulletin
IIS Download.JCT
06/25/2004
*********************************
A new attack is making the news and when that happens, people go wild so I though it would prudent to release a rare bulletin.
Two things: First this is an IIS 5 attack. Microsoft has released a statement that sort of says the attack exploits vulnerabilities that are fixed by MS04-011. However they do NOT go so far as to say that applying MS04-011 will definitely fix the problem.
News articles can be found at http://www.msnbc.msn.com/id/5290386/ and http://www.infoworld.com/article/04/06/24/HNnewattack_1.html
But the real details are at http://isc.incidents.org/
Snort rules can be found at http://snort.infotex.com/cgi-bin/viewcvs.cgi/Stable/VIRUS_Unknown_IIS_Worm?r1=1.7&only_with_tag=MAIN
Microsoft's typically introverted response is http://www.microsoft.com/security/incident/download_ject.mspx.
If you have problems and/or want to discuss or report issues, please join the IIS 5 discussion list at www.iislists.com. Further bulletins will be coming as the facts are determined.
Thanks,
Brett Hill
IIS MVP
Source: http://www.eweek.com/article2/0,1759,1617046,00.asp
When visitors to a few particular Web sites—including popular auction, shopping and price-comparison sites—request pages that include the malicious graphics, the code automatically downloads itself onto their machines. Once installed, the code unpacks itself and loads a keystroke logger on the PC.
NetSec officials said the attack seems to exploit a vulnerability in Internet Explorer.
The code then forces the machine to contact two IP addresses—one in Russia and one in the United States. The Russian site is hosted on a broadband connection and is part of a network known for spamming and other transgressions.
Link: http://isc.sans.org/diary.php?date=2004-06-24
UPDATE - Several readers have responded and confirmed that this is a wide-spread issue. Here is what we know so far:
- An IIS server's configuration is somehow modified so that "enable document footer" is enabled for various (if not all) files and linked to the new .dll file(s) in \winnt\system32\inetsrv. This might be done with the help of a program called agent.exe installed via one of the multiple known IIS vulnerabilities. (Thanks, Patrick and Ben!)
- When a visitor browses the site, all of the objects with their properties set to "enable document footer" are sent to the client browser with the JavaScript appended to the end of the file. If the visitor is running an updated version of AV software, the modified files (which include images as well as .html) are detected as being infected.
- The visitor's browser is re-directed to the Russian URL listed below where a known Trojan program (msits.exe) is downloaded, along with some additional malware. Again, if the user's machine is updated with current AV software, this malware is detected and blocked. (Thanks, Michael!)
- The earliest reported infection was on June 20th (four days ago).
What we DON'T know, and can use some help in figuring out, is how the malware is installed on the IIS server to begin with. Is there a zero-day floating around? Is it via a known vulnerability and the use of agent.exe as mentioned above? (Ed Skodis, one of our handlers, suggested that perhaps the IIS system admin used a local copy of IE to browse a site and pulled down hostile JavaScript. Does that jive with anybody's findings?)
Our concern is that there might be an IIS zero-day floating around. We won't list the sites that are reported to be infected in order to prevent further abuse, but the list is long and includes businesses that we presume would normally be keeping their sites fully patched.
[original diary entry follows]
A reader pointed us to an IIS discussion group (microsoft.public.inetserver.iis.security) where several IIS administrators discovered some strange .dll files on their web servers in the past 24 hours. According to the discussion on that list, they are all 1kb .dll files. They were deposited in the \winnt\system32\inetsrv directory with names like iis7xy.dll where x is a random number that appears to be between 1-3 and y is a random character or number.
The .dll's contain JavaScript similar to the string below. I've intentionally added some spacing to defang it a bit:
... code snipped out ...
There are other reports in the past 24 hours indicating that this JavaScript has been seen appended to text files and other file types.
The Storm Center would like to know if others are seeing this phenomena and if there are any ideas about it origin or intent (other than being an attempt to download malware - that's obvious.) The IP address in the JavaScript points to a Russian site, and at the time of this writing it is still active. A note of caution - that site will attempt to insert malicious code onto a visiting machine. Use extreme caution if you decide to visit it.
Marcus H. Sachs
Handler on Duty
(Hat tip: IIS5 mailing list from iislists.com)
Source: http://www.wired.com/news/business/0,1367,63962,00.html
Florida state officials are considering taxing home networks that have more than one computer, under a modified 1985 state law that was intended to tax the few businesses that used internal communication networks instead of the local telephone company.
Officials from Florida's Department of Revenue held a meeting on Tuesday to see whether the law would apply to wired households, and exactly who would be taxed. About 200 people attended, including community and business representatives.
More dispatches from the “scum-of-the-earth” department.
Spying on spyware
EarthLink and Webroot Software released a report Wednesday, revealing that nearly one of every three computers scanned in April for Trojan horse programs or system monitor spyware was infected.
http://news.com.com/2100-7343_3-5236735.html
My original thought for this entry came from this article:
Ireland Works to Stay in the Outsourcing Game
But over the past three years, the attractively low wages found in China, India and Eastern Europe have eclipsed Ireland's financial advantages, spurring many global companies to switch allegiances and scale back or cancel their plans for Irish operations.
The point was going to be don't be a source of cheap labor, but rather be a source of good brain power. Cheap begets cheap--if that's what you do, that's what you'll attract (to paraphrase Forrest Gump: innovative is as innovative does). America is an amazingly innovative country, in part because we have so many garages (topic for a future post), but also our culture and spirit of "can do" yankee ingenuity attracts innovative people from all over the world. It's a matter of mindset more than anything else--there are people in every corner of the world with the ideas and talent. More places should foster innovation rather than the status quo (a giant popping noise may result from many heads being removed from derrieres).
Reading on, Ireland got the hint:
Now Ireland is clawing back to reclaim its status as a major outsourcing destination by emphasizing its work force's brainpower and flexibility, instead of lower costs. A new government-sponsored marketing campaign touts the Irish labor force's ability to work at all levels of the business process, from factory floor to executive suite.
One final thought: that bit about not being the lowest cost provider, but rather having a labor force that can work at all levels, well, that's what America has, too. Look homeward!