Blogger Maintenance January 9 Morning

January 8, 2007

In Blogger Help Group: Scheduled Blogger Outage Tuesday, January 9th, 2007, Helper warns us

Just wanted to give you all a heads-up that the old Blogger will be down for a couple hours tomorrow (Tuesday, January 9th, 2007). This scheduled outage applies to the old Blogger from 7:45am-9:45am PST. You will not be able to post to old Blogger blogs or access any old Blogger blogs on Blog*Spot during this time. We also will not be allowing any new accounts or new blogs to be created on the new Blogger during this outage. Google Groups will be also be undergoing planned maintenance on Tuesday the 9th. Accordingly, some features may be temporarily unavailable (including the Blogger Help Group).

Old Blogger, New Blogger, and Blogger Help Group all down at the same time. Might be a good day to take off.


Custom Domain Names Hosted By Blogger

January 5, 2007

Until this week, if you wanted to have a Blogger blog, you had two choices – host the blog on Blog*Spot (as a subdomain of Blog*, or host it offsite (with your choice of domain).

Now, there’s a third choice – have a blog hosted by Blog*Spot, but with the domain name of your choice. All of the features of New Blogger, under your custom domain name. But beware, this is yet another Beta product (if not by name, by nature), and various problems have been identified, to date.

Welcome to PChuck’s Network

December 31, 2006

Microsoft Windows is an incredibly complex operating system. Making an installation of computers running Windows work, at all, is a challenge. Making one work properly is even more of a challenge. Fortunately, thanks to the Internet, the problems which you may be observing today may have already been discussed, and resolved, by other folks before you. And there are many websites to give you advice, based upon those experiences.

Now, many websites offer you learned advice on various subjects; some on Windows Networking, as PChuck’s does. Many websites are procedure oriented. If you know what to do, they will give you details showing you how you can use a particular wizard. But – if you don’t know what to do, or how to solve a given problem, how are you going to find a solution? That’s like using a dictionary – some folks think that you can learn how to spell a word, by looking it up in a dictionary.

PChuck’s is organised by goal. For problem solving, it’s organised by symptom. Now, it’s not finished – few websites are ever actually finished. But give it a shot – it may have an answer or two for you.

If this is your first visit here, you may wish to start with the introduction, How To Get The Most Out Of PChuck’s Network.

Having reviewed the site introduction, you may find that there are several ways to benefit from the material here.

And check out my Links page, for extra interests of mine.

More articles are added frequently, and existing articles are revised even more frequently. Check here regularly, using a newsfeed reader for best results. And tell your friends about PChuck’s Network!


Common Problems and Resolutions

“Error = 5” aka “Access Denied”
“Error = 53” aka “Name Not Found”
Intermittent Connectivity Problems When Computer Is Idle
Intermittent Server Visibility Caused By The Restrictanonymous Setting
Intermittent WiFi Connectivity Problems Caused By WiFi Client Manager Conflicts
Internet Access Problems Caused By DNS Problems
Internet Connectivity Problems Caused By A Corrupt Or Hijacked Hosts File
Internet Connectivity Problems Caused By The MTU Setting
Irregularities In Access To Individual Shares On A Single Server
Irregularities In Access To Network Neighborhood (Workgroup)
Network Access Affected By Limited Or No Connectivity
Network Access Affected By LSP / Winsock / TCP/IP Corruption
Network Access Affected By NetBIOS Over TCP/IP Being Inconsistently Set
Network Access Affected By Physical Networking Issues
New Network Connections Wizard Functionality Damaged By System Restore
Server Access Affected By IRPStackSize
Server Access Affected By User Not Granted Requested Logon Type
Server Access Affected By Maximum Simultaneous Connections
Server Visibility Affected By The Invisibility Setting
Server Access And Visibility Affected By Personal Firewalls
Server Access and Visibility Affected By Less Known Registry Settings
Well Known, Yet Mysterious, Errors May Have Simple Resolutions



Asking For Help For Internet Connectivity Problems
Asking For Help For Network Neighborhood Problems
Hacking Defined
Layered Security
Malware (Adware / Spyware)
Networking Your Computers
The NT Browser and Windows Networking
Restrict Your Privileges
Solving Network Problems
Troubleshooting Internet Connectivity
Troubleshooting Network Neighborhood (Windows Networking)
WiFi Networking
WiFi Security
Windows Networking – Elementary
Windows Networking – Advanced
Windows XP File Sharing


Current Events

August 26, 2006: Hacker sentenced to 37 months in prison
August 21, 2006: Pizza Order Credit Card Scam
August 13, 2006: August 2006 Patch Tuesday Report
August 7, 2006: Bots And You
July 6, 2006: Bump Keys – A Growing Security Problem
June 16, 2006: Patch Tuesday for June 2006
June 8, 2006: R.I.P., Windows 98, 98SE, ME, and XP SP1
June 7, 2006: Sharing The Pain
June 6, 2006: Happy Devil’s Day

And more current events in PChuck’s Network News, and in Today’s Security Alert.


Diagnostic Procedures and Tools

CPSServ (NOTE: Requires download of PSTools (free).
Command Windows
Event Viewer
Finding, and Tracking, Computers On Your Network
Local Security Policy Editor
My Personal Toolbox
Net Config
Network Setup Wizard
Registry Editor
Services Wizard
Static Route Table
System Restore
Watching What Your Computer Is Doing
Windows Explorer
WiFi Environment Analysis
WindowsUpdate Log Interpretation


Using The Internet Properly

Bottom Post, Please
Download Software Selectively
Help Us To Help You
Getting Help On Usenet – And Believing What You’re Told
How To Contact Me
How To Post On Usenet And Encourage Intelligent Answers
Interactive Problem Solving
Please Don’t Hijack Threads
Please Don’t Spread Viruses
Provide Diagnostic Data As Text, No Attachments or Images
Provide Essential Details When Asking For Help
Please Use BCC:


Networking / Security

Ad-Aware or Spybot S&D? You Decide
Beware Of Hidden Physical Personal Firewalls
Components Definition – Networking
Design Your Network Properly
Have Laptop Will Travel?
Computer Uniqueness and Security Needs
ICS Is Not The Only Possible Solution
Make Your Wireless Computer Connect Only To Your Network
NAT Router – What Is It?
NAT Routers With UPnP – Security Risk, or Benefit?
Online System Virus Scanning Services
Pop-Ups – How To Deal With Them
Protect Yourself – Restrict Your Privileges
Protect Yourself When Using A Public Computer
Protect Yourself When Using A Public WiFi LAN
Protect Your Hardware – Use A UPS
Quick Networking With A CrossOver Cable
Setting Up Two Routers On The Same LAN
Sharing Dial-up Internet Service With A Router
Spam Spam Spam – Spam Spam Glorious Spam: Early Spam, and Modern Spam.
SSID Broadcasts
WEP Just Isn’t Enough Protection Anymore
WiFi Will Never Be As Fast As Ethernet


Windows Networking / File Sharing

Address Resolution On The LAN
Browsing and Multiple Subnets
Domain vs Workgroup? Plan Properly
Cleanup Your Protocol Stack
Components Definition – Windows Networking
Local Name and Address Resolution On Your Computer
One Use For IPX/SPX
Setting Up File Sharing Properly
Windows 9x (95/98/ME) and the Browser
Windows NT (NT/2000/XP/2003) and the Browser
Windows XP / 2000 On A Domain

Today’s Security Alert

December 30, 2006

The Internet is a wonderful place to spend time – whether personally, professionally, or socially, you can travel to distant lands, and meet folks from the comfort of your bedroom / home office.

But it’s absolutely NOT a place to casually provide details about your self. And when you travel by internet, you absolutely must protect the vehicle (your computer) that you travel in. So stay aware what’s happening in Internet security.

12/12 If you have Yahoo Messenger, you may need to be aware that a new phishing attack, which uses YM, has started. IM security firm IMLogic reports in New Yahoo IM Phishing Attack Surfaces

The attack, IM.Marphish2.Yahoo, attempts to steal personal information by dupong a user into believing that they are in violation of Yahoo’s Terms of Service. The user is instructed to contact the “abuse department” through a URL that points to the domain.

As always, please be very careful when presented any IM message that includes a URL. If the message is not part of an active conversation, OR if it’s from anybody that you don’t recognise, examine it with great suspicion. If you get an IM message, that contains a URL, from a friend, and you’re not in the middle of an active chat with that friend, take the time to verify that the message was intentionally sent. You could be helping both of you by doing this.

11/29 Yesterday, a friend wrote me for advice, as she was contemplating the purchase of a DVD burner for her recently purchased computer. I told her

Please don’t buy a Sony product.

And she didn’t. She bought a competitor’s product. This accomplished 2 things:

  1. One less sale for Sony.
  2. One more sale for a Sony competitor.

I just lit a candle. Will you light any?

11/23 Success – of a sort! BusinessWeek Online Sony’s Escalating “Spyware” Fiasco reports that

Overnight, Get Right with the Man dropped to No. 1,392 on Amazon’s music rankings. By Nov. 22 — after the news made headlines and Sony was deep into damage control, pulling some 4.7 million copy-protected disks from the market — Get Right with the Man was even further from Amazon’s Top 40, plummeting to No. 25,802.

The wrath of fans killed Sony’s CD copy controls, with the company pulling 52 titles off retail shelves, beginning the week of Nov. 14. But the wrath of bands could be far worse for the company — and for efforts to protect content in general.

Singers and songwriters are increasingly expressing frustration at devices used by record companies to protect digital content from widespread theft that results when CDs are copied repeatedly or popular tracks are given away on peer-to-peer (P2P) networks, such as LimeWire and BitTorrent.

Maybe, just maybe, Sony and the rest of the RIAA will decide that their customers (the ones that remain) deserve their respect, not their contempt. If they wish to stay in business, anyway.

11/22 The shenanigans by Sony aren’t the only thing to worry about this month. The Register Password-stealing keyloggers skyrocket warns us that

Hackers are on target to release more than 6,000 keystroke loggers in 2005, a 65 per cent increase from the 3,753 keyloggers released last year.

And their delivery mechanisms are getting pretty sophisticated too. ISC SANS More Sober Variants warns of the latest Sober variant, which may arrive in your Inbox disguised as a letter from a US Government agency like the CIA or FBI (as if).

Be paranoid. Be very paranoid.

11/21 The lawsuits against Sony have started. Mark Lyon, of, has a comprehensive list of the various actions underway around the world.

11/18 The whole Sony problem started some time ago. I first reported it, personally, over 2 weeks ago. Today, SSX4life, in BBR Forums Sony – Opinion and Future, points out

If you put a frog in a boiling pot of water it will try to jump out and struggle for dear life. However if you put a frog in a cold pot of water and slowing bring it up to temp the frog will more than willing sit and boil to death.

If Sony and other music, software, “tech” company’s slowing remove the rights of the consumer to a CD / DVD / Peice of software that you purchased then then what will happen to the every day consumer…

This is a small quote from this very long thread, and several like it, in BBR Forums and elsewhere.

It is very dark here, and this blog is a very small candle. I’m going to light it, though, and join the Sony Boycott. If you care about your rights, as a consumer of electronic content, you should join the boycott, and sign the petition, too. Demand your rights – it’s your money that pays the salaries of Sony, and of the RIAA.

11/17 As predicted yesterday, Sony’s uninstall procedures created a vulnerability worse than the original rootkit. Websense Security Labs have now published an alert stating

Websense® Security Labs™ has received reports of websites that are using the Sony DRM uninstaller as a means to perform malicious actions on end user machines.

Any user who has downloaded and run the Sony uninstaller program is susceptible to this attack.

Various security software vendors, such as Sophos and Symantec, have produced reliable rootkit removal programs. I do not recommend that you use any software provided by Sony.

11/16 How much deeper can Sony go? The Inquirer Sony DRM infection removal vulnerability uncovered points out what many have discovered

According to Freedon To Tinker, the web based installer is a worse vulnerability than the original rootkit. More on the story here, FTT goes into detail. It seems the ‘cure’ from Sony involves downloading an ActiveX control called CodeSupport. This is a signed control that lets just about anyone download, install and execute arbitrary code on your machine.

And to do themselves still more harm, they still claim to have only 20 infected CD titles out in the wild. USA Today Bad things hide in PCs using Sony BMG software reports

Sony says 20 CD titles use this form of copy protection, from British firm First 4 Internet, but it won’t say which titles. The Electronic Frontier Foundation, a non-profit civil-liberties group, identifies 19 on its website from artists including Neil Diamond, Van Zant, Celine Dion and Switchfoot.

However, many watchers of Sony have identified way more than 20. Such as IdiotAbroad, which currently lists 47.

11/15 The Sony issue gets bigger each day. Wired News Sony Numbers Add Up to Trouble reports that AT LEAST half a million computers are out there, infected with Sony’s dirty work. That number was arrived at by technical research, it is absolotely accurate at the mimimum, and is most likely a lot lower than the actual count.

11/14 The Electronic Frontier Foundation has now entered the picture. In the BBR Forum Microsoft will wipe Sony’s ‘rootkit’ and more, a copy of the advice sent Sony by the EFF, regarding what Sony needs to do to make its image right with its customers, was presented. We will now see how responsive Sony is.

11/14 The discussion about Sony’s activities is continuing, and it appears that the Rootkit discovered recently is just the tip of the iceberg. Check out BBR Forums SONY throws in the towel … for now, for a very fast moving thread with diverse opinions.

Also, for a comprehensive, and dynamic, list of CDs (or things that look like CDs but aren’t), that you do not want to buy, see the CDR Bad CD list.

11/13 Here’s a neat game. You load a free keylogger on your computer, downloaded from WhatPulse. You form teams, and try to beat each others keystroke counts. WTH?

OK, the keylogger has been checked out, and this version is free from anything malicious. All that it does is count keystrokes. But what about future versions, or imitators versions? At best, this game is blurring the line between malware and irresponsible game playing. And what happens if this gets bought out by the bad guys? I just know one of them must be looking at this right now – it’s just perfect for exploitation.

My personal opinion? Encouraging folks to install a keylogger, even something benign (right now) is not something I would recommend. I don’t think this is post Sony paranoia speaking – I would always feel this way. I think this is irresponsible. What do you think?

11/12 BTW, I’m curious. Are there any folk out there reading this, who think that the whole Sony Rootkit thing is much ado about nothing? Well, now that the story is out, folks are looking backwards at previously reported problems. Look at, for instance BBR Security Forum Some earlier signs of Sony’s rootkit…, with a list that bears investigation.

11/12 Sony has backed down, at least publicly. In BBC News World Edition Sony stops making anti-piracy CDs

Sony has said it will suspend the production of music CDs with anti-piracy technology which can leave computers vulnerable to viruses.

I will try to keep an open mind, but for right now, Sony is off my Christmas shopping list.

11/11 The Sony Rootkit story just gets better and better. NPR (National Public Radio, for those of you not USA citizens) did a piece on it Sony Music CDs Under Fire from Privacy Advocates. They interviewed Sony BMG’s Global Digital Business President Thomas Hesse, who had the gall to say for the record

Most people, I think, don’t even know what a rootkit is, so why should they care about it?

And here is my favourite interpretation of that blunder, from BBR Forums First Virus found that uses Sony Rootkit…

Most people, I think, don’t even know what a rootkit is, so we can get away with it.

And here’s a short list of other websites, which I have found, which are also discussing this:

11/10 The Sony Rootkit issue is not going to go away. The Electronic Freedom Foundation, in Are You Infected by Sony-BMG’s Rootkit?, provides an inventory of CDs that are using Copy Protection and the Sony Rootkit.

Now, as predicted, the bad guys are now using the Sony Rootkit to hide their own malware. The security firm Sophos reports in Trojan horse exploits Sony DRM copy protection vulnerability

Experts at SophosLabs™, Sophos’s global network of virus and spam analysis centres, have detected a new Trojan horse that exploits the controversial Sony DRM (Digital Rights Management) copy protection included on some of the music giant’s CDs.

The Troj/Stinx-E Trojan horse appears to have been deliberately spammed out to email addresses, posing as a message from a British business magazine.

Typical emails look as follows:

Subject: Photo Approval Deadline

And legal action has started in Italy. As reported by SmartHouse Police Called In To Investigate Sony

The group, calling itself the ALCEI-EFI (Association for Freedom in Electronic Interactive Communications – Electronic Frontiers Italy), filed a complaint about Sony’s software with the head of Italy’s cyber-crime investigation unit, Colonel Umberto Rapetto of the Guardia di Finanza.

Please let Sony know what you think of their antics. The RIAA has to be brought into control, and maybe this is one battle which may help. See The Sony Boycott Blog for other ideas about how to take action.

11/2 Is using a WiFi network, that you didn’t setup, theft? Some believe it is, others believe it’s not. I think there are a lot of grey areas.
If you have any feelings one way or the other, join BBR Forums (it’s free), and participate in this, and similar, discussions.

10/31 The RIAA continues to dig itself into a hole. Sony is now selling music which comes with self-installing software, in an attempt to enforce Copy Protection. If you try to play, for instance Get Right with the Man by the Van Zant Brothers, as distributed by Sony / BMG, on the CD player on your computer, you will have to install special drivers. These drivers protect themselves as a Rootkit.

When you try to play any similarly Copy Protected music, which is protected by First4Internet’s DRMServer, you will first have to agree to a EULA. Upon agreeing to the EULA, DRMServer will be installed on your computer. To protect DRMServer, which runs a process $sys$DRMServer.exe, your system will be modified to prevent you from even seeing any traces of processes named $sys$(anything) on your system. This, my friends, is a Rootkit.

This assinine and poorly constructed attempt, to subvert the integrity of your computer, was recently discovered by Mark Russinovich, author of RootkitRevealer and a multitude of other very useful system utilities. Mark further discovered that, if you attempt to un install the DRMServer drivers, your CD player will become inoperative. This, my friends, is a badly written Rootkit.

Mark further discovered that the Rootkit will hide other files, such as one that he created in a test.

I studied the driver’s initialization function, confirmed that it patches several functions via the system call table and saw that its cloaking code hides any file, directory, Registry key or process whose name begins with “$sys$”. To verify that I made a copy of Notepad.exe named $sys$notepad.exe and it disappeared from view.

This, my friends, is a dangerous Rootkit. What if one of the bad guys writes a very bad application, with programs using names protected by DRMServer, and gets it installed on your computer?

Here is another, slightly less techie oriented, viewpoint of Sony’s sorry mess. Be patient, this article is on a slow server.

Please let Sony know what you think of their latest attempt to continue a system which was valid, only marginally, in the 1950’s.

10/9 Vista is Coming! I just recently spent 4 very intense and brief days in Seattle, as a guest of Microsoft, at MVP Summit 2005. I got my first actual look at Vista, and was treated to half a dozen very detailed descriptions about technical features of Vista. Security wise, it is 2 to 4 times as significant as Windows XP, as Windows XP SP2 was to Windows XP RTM. I can’t say more, but I will be updating my personal impression of it, as time permits. Watch this blog.

8/26 Occasionally there is good news. Today, just 2 weeks after Zotob hit the Internet, the US FBI and others arrested two suspects in its creation. CNet Nes.Com reports in Arrests made in probe of worm that hit ABC, others that the two suspects arrested are suspected of creating both the Mytob and Zotob worms.

This is only a start, but maybe fear of arrest, and fear of execution (as the good news on 7/26 described), might lessen the onslaught of malware just a bit.

But don’t stop protecting yourself just yet. Just don’t give up.

8/17 ZDNet Security Windows worms knocking out computers reports on the ongoing evolution and spread of Zotob, with the latest family member which Symantec has named Zotob.G. F-Secure suggests that the newer versions of Zotob are the product of rival gangs, each busily creating their own botnets.

“We seem to have a botwar on our hands,” Mikko Hypponen, chief research officer at Finnish software security firm F-Secure said in a statement issued on Wednesday.

“There appear to be three different virus-writing gangs turning out new worms at an alarming rate, as if they were competing to build the biggest network of infected machines,” he said.

Please patch your systems. If your system is infected, you might not notice anything right now. When the bots are activated, that might change.

8/16 The Zotob threat in particular, and the MS05-039 vulnerability in general, having stabilised (not gone away, just stabilised), ISC SANS is Back to InfoCon Green. Zotob is now just another worm, in the background noise on the Internet. Like other worms, it continues to mutate, and has most recently been identifed by Symantec as Zotob.E, which is an IRC Bot.

Zotob this afternoon successfully infected CNN, ABCNews, and the NYTimes.

Your computer could be next, so protect yourself. Patch up. But please, and this is an important distinction here, do not protect yourself indiscriminatly.

8/15 Zotob continue to evolve.

ISC SANS Zotob Update now reports that Zotob is adding a mass mailer to its payload. In Other Words, Zotob has now become part of the spammers world, and is probably providing financial reward for its releaser. Anybody surprised?

In another unfortunate turn of events, ISC SANS Zotob affecting some XP SP2/2003? recommends that you protect your servers by disabling anonymous connections. Note that they cover themselves by saying “…this will require testing to ensure it does not break valid applications.”.

Seemingly a harmless and simple change to make, it has been my experience that, if you depend upon seeing a neat list of all of the computers on your network, in a portion of your desktop known as “My Network Places”, or “Network Neighborhood”, that disabling anonymous connections will also disable any server from being displayed there. I’m trying to get a confirmation out of Microsoft. Right now, if you are reading the SANS diary referenced above, please don’t go disabling all anonymous connections, at least without knowing the possible consequences.

8/14 ISC / SANS now reports the detection of the first worm to use the MS05-039 vulnerability. The new worm, Zotob, has been reported by Symantec currently in two strains – Zotob.a and Zotob.b.

So the predictions from Friday, which prompted SANS to go to a Yellow Alert, have been proven to be correct.

Patch up, folks. Please.

8/12 Happy Black Tuesday Week, everybody. Yes, last Tuesday was the first Tuesday of the month. And Microsoft issued a suite of updates, including 3 Critical ones. You may see them reviewed in the SANS Diary Microsoft Security Bulletins for August.

Don’t go away yet, though – this gets better. Today’s SANS Diary POC code available for multiple updated MS vulns announces that, of the 6 vulnerabilities admitted to by Microsoft, no less than 4 of them have Proof Of Concept code published, which will exploit the announced vulnerabilities.

And we’re not done yet. The MS05-039 vulnerability, Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588), is expected, by SANS, to become a critical issue over the weekend. Three separate exploits for that vulnerability have been announced during the past 24 hours. Proof Of Concept code is expected to be superseded by active attacks, during the next few days.

The Internet Storm Center main page is now at Yellow Alert. This is only the second time that I can remember this being the case since they implemented the colour system.

Both Microsoft, and SANS (and myself) all recommend that you apply all Critical Patches – MS05-038, MS05-039, and MS05-043 – at your most immediate convenience, if not sooner; and the other three – MS05-040, MS05-041, and MS05-042 – soon afterwards. All users of the Internet thank you for your cooperation.

8/11 The bad buys are getting either more brazen – or more desperate – you decide which.

Since people are getting more and more suspicious of ANY email that asks them to fill out private information online (which is good), ZDNet Security: New scam asks people to fax away data reports that the scammers are now asking you to download a form, fill it out, and fax it to a toll free phone number.

Whether the bad guys giving you a phone number is a stupid move on their part (you can give the number to the police, who can locate the bad guys), or a genius move (the bad guys know you would try to do that, so you would never believe that it was a scam), is being debated.

One thing is obvious: You can not trust ANY email that asks you for ANY personal data, in any form. End of story.

8/3 The Internet is a big community, composed of lots of little communities. And the bad guys, and potentially bad guys, are getting into the act, in new ways, all of the times.

Everybody wants a new ways to get “eyes” – that is, to put up a web pages, and get visitors to come once, and come back, over and over. One of the newer ways is to provide online databases, “free” to all who wish to participate. Create a new type of community, in other words.

What a neat idea. NOT.

A couple months ago, we had the Birthday Reminder database. Send us your email address, and your birthday. And send us your friends email addresses, and their birthdays. And “we” (our automated mailer) will email YOU when one of your friends birthdays is coming up. What a deal.

Can you say “Identity Theft”? I bet you can, if you try.

This month, we have blatent online databases – Online Contact Databases. According to SANS It Takes a Village…, a popular service Plaxo now lets you store all of your contacts data in their “free” online database. And then emails all of YOUR friends and invites them. And it’s all free. Right.

To broadly paraphrase one Internet wise guy, “If someone emails YOU and tells you that YOUR birthday and / or email address has been added to their online database, and asks you to add your friends to your entry, please forget that I’m your friend.”.

Seriously. DO NOT EVER add my name, birthday, email address, or anything about me, to any online database without ME telling you to do so, and what database to add it to. And don’t be holding your breath waiting for me to name one that I consider safe. And if I do find one, chances are, it won’t be free.

TANSTAAFL. I’ll be a nice guy.

7/29 And a new worm hits the Internet. The worm, Hagbard.A, passes itself off as an IM from one of your friends, and trys to trick you into downloading a free version of a hot video game, as, according to ZDNet Security, Worm poses as pirated ‘Grand Theft Auto’.

Except what installs itself on your computer is no game, it’s a server program, so YOU can serve up another copy of the worm to your former friends. As one of YOUR former friends just did to you.

Be skeptical, folks. And when you get an IM with a URL in it, always ask yourself if your friend would actually send that. Then ask your friend to verify.

7/28 When asked for technical advice, by someone with AOL, I’m usually tempted to say something curt like “If you have AOL, then you’re beyond my ability to help you”. A lot of Networking and Security snobs will say that anyway.

Today, that attitude shouldn’t apply. If you have AOL, particularly Bring Your Own Internet, where you pay for AOL content but have another ISP, you’re just like any Internet user. So, since you hopefully understand about the need for Defense In Depth, aka Layered Security, you setup a NAT router and / or a personal firewall, just like any other Internet user. And you’re just as safe as any other Internet user. Right?


With the AOL Bring Your Own Internet service, you setup a Virtual Private Network between your network and AOL. You get AOL content, but it’s safer than the rest of the Internet, because the VPN means no unsafe traffic from non-AOL sources. If you can trust AOL, then you’re safe.

Unfortunately, the AOL VPN goes from your computer, thru your personal firewall, and thru your NAT router, as protected content. Neither your personal firewall nor router filter it in any way. And if the AOL content ever becomes dangerous, your network is wide open. Lawrence Baldwin, of myNetWatchman, provided Why you should block AOL Client on a corporate network, which explains the problem in more detail, some time ago.

Today, SANS offers The Penetrating Packets: Spam E-Mail (scroll down a bit from the top of their page, there’s no direct link), which is a real live example of how someone’s AOL connection, thru his home network, caused contamination of an actual workplace network.

If you have AOL (and I won’t get into what I don’t like about it), particularly AOL with BYO Internet, please examine how your firewall / router / other Layered Security is setup. Please harden your network with a bit of extra care. Don’t trust the AOL backbone any more than you must.

7/26 As a follower of Christianity, we are taught to love our enemies. Nonetheless, it’s hard not to feel some small bit of pleasure in reading SecurityFocus Russian spammer murdered.

Apparently, even though spamming is not illegal in Russia, someone there saw fit to end his arrogant abuse of the Internet.

The elimination of one bad guy can only be a small improvement in the world; Lord willing, more of his coworkers might be hoped to follow him. We have the right to enjoy the Internet and all of its legitimate improvements upon our lives without having to put up with abuse by Kushnir and his peers.

2005/07/26 The increasing popularity of blogs has now drawn its share of imiitators, including the bad guys. A Blog, which is simply a bulletin board or discussion forum with easy to use software, can be setup by most folks with any technical skills, and that apparently includes some bad guys, who are now luring the innocent to their sites from email and Instant Messages.

According to ZDNet Security Phishing twist relies on bogus blogs, once lured to a malicious blog, the unwary victim’s computer becomes infected with software designed to steal sensitive information, such as passwords and bank account information. In a later article Attackers lurk on photo sites, firm warns, we learn of one noted case

When a victim clicks on a link, the computer becomes infected. In one case, a greeting card was displayed and a tune played in the background while spyware was being installed on the compromised PC, Websense said.

Once again, if you’re going to surf the web, particularly from IM and email, please protect your computer.

2005/07/15 Are you one of 220 million US consumers who are trying to get a copy of your government mandated free credit report? According to SecurityFocus Report: Squatters a major problem for credit-report site, if you don’t type in the URL very carefully, you may quite possibly end up on one of 200 imitation or openly bogus websites.

At best, you will be charged a $35 fee for the same information which is available from the genuine website for nothing. In extreme cases, you may become an identity theft victim, if you unknowingly provide your SSN and other details to one of the more malicious websites.

The link to the genuine website is above. Or, type the URL very carefully, as “”. Or, as Paul Dixon recommends, contact the credit bureaus by phone or mail.

2005/07/14 Oh by the way, for those of you using Firefox (and I hope that includes most of you!), Firefox V1.0.5 has just been released. Install it, please.

2005/07/13 Another chapter in one of my favourite serial security articles – Follow the Bouncing Malware VI: Hypnotized and EULAgized was published today. For those of you who are new to this web page, FTBM is a repeating yet every changing look into how clever the malware authors of the world are getting.

Follow the Bouncing Malware is a SANS feature that started about a year ago, as one unprotected computer was exposed to the Web, and its ensing infections recorded in detail. It was so popular that it’s author has repeated his experiment 5 times since the original, with something new each time.

2005/07/12 Happy Patch Tuesday! Microsoft released 3 critical patches today. Start patching.

2005/07/12 So, almost 2 weeks since the last alert. Boring? Not really. True, there haven’t been too many new threats. I’d guess that the bad guys have been too busy managing their ongoing activities, selling their services, and traveling to the bank with all their illegally earned cash, to create any new threats.

Who needs new threats? The increase in botnet activity quadrupled in April thru June of this year, compared to the previous quarter. That’s from a McAfee Quarterly Report, as reported by ZDNet Security: Computer hijacking on the rise.

Don’t be part of the increase – keep your computer clean – practice Layered Security.

2005/06/28 Earlier this month, I alerted you to an old threat that had just been enhanced by its creators, making it even more of a nuisance. Bagle, renamed MitGlieder, had been released in a new, enhanced, form with extra powers.

Well, ZDNet Security reports that MitGlieder.BQ was released last weekend. So keep being very careful what email you open – look out for surprises, because this one is a surprise that you don’t want!

2005/06/22 If you use secure websites that require a username and password, make sure that you protect yourself against phishing attempts from malicious websites. The latest threat? If you surf to a malicious website, that isn’t already blocked by a Layered Defense, the website could open a window from a website that you trust, then a pop-up window on top of that from their own website. If the pop-up window doesn’t display any details about where it comes from, you could be fooled into thinking that it’s from the trusted website underneath.

You enter your username and password to the trusted website into the phishing window, and the bad guys now have your username and password.

The solution? Don’t trust pop-up windows that don’t include an address bar or a lock icon that verifies that it came from a certified source.

See if you’re vulnerable! Run the Secunia Multiple Browsers Dialog Origin Vulnerability Test.

For more details, read Microsoft Browser Windows Without Indications of Their Origins may be Used in Phishing Attempts, and ZDNet Pop-up vulnerability found in major browsers.

>>Yesterday’s Alerts

Another Use For PKBlogs

December 27, 2006

Every week or so, you’ll see a complaint from someone.

Hey everybody – report – it’s being used to spread lies about me (my employer, my girlfriend, etc).

Now, it’s not a bad idea to alert others to problem blogs and similar websites. But when you do it using an open link, the search engines will be putting that link into their databases, when they come thru the forum and find it.

And that’s not hurting the blog, or its owner.

Half the folks reporting the abusive blogs are the blog owners. They want quick readership, and search engine hits.

And if they were to go into a forum, and say

Hey everybody – check out!

they would be labeled as a spammer.

But, if they “report” the blog by

Hey everybody – report – it’s being used to spread lies about me (my employer, my girlfriend, etc).

they are guaranteed instant readers. Just like folks who drives by a car wreck will slow down to look, folks who drive by a forum post

Hey everybody – report – it’s being used to spread lies about me (my employer, my girlfriend, etc).

will go and look there. They have to look – if they are going to report the problem, they have to see the problem first. And the search engines will be right behind them, pumping up the value of the blog.

And ringing the cash register of the blog owner.

And half the time, the content of the blog will be so lame, it’s not even worth reporting. But the blog gets the hits anyway.

So what are you going to do?

Enter PKBlogs, and other anonymising proxy servers. PKBlogs was previously developed to provide access to Blog*Spot web sites, when the Pakistan government had a block against “*”. PKBlogs stepped up, and provided that access, as a public service.

But they can be used for any anonymous access to any “*” web site, and not just for Pakiatanis. And what better way than

Hey everybody – report somehateblog. Check them out as – it’s being used to spread lies about me (my employer, my girlfriend, etc).

The public gets informed, and the search engines see no link to the problem blog. Problem solved.

Logging In To Blogger

December 26, 2006

With the coming of New Blogger, logging in to the right account (Old / New) should be more straightforward.

  1. Clear cache and cookies, and restart your browser.
  2. Login using the new, improved Blogger Login screen.

You’ll have separate, well defined choices.

  1. Old Blogger, using your Blogger account.
  2. New Blogger, using your Google account.

Make the choice wisely. Blogs using the old template may or may not be visible and accessible from New Blogger, and vice versa. If you login, and your blog isn’t listed, or if listed isn’t accessible, then logout, and login again carefully.

But the first time that you use the new login procedures, be sure to clear cache and cookies, first. Blogger appears to be reusing addresses, cookies, and scripts, even though they are providing a new set of servers (“”, instead of “”, for instance). If one of your cookies continues to point your browser to “”, guess what will happen?

No, I can’t say for sure. But I’ll bet that you’re not as likely to see your dashboard, when it does.

Start cleanly, and clear cache and cookies, before you login to The New Blogger for the first time.

New Blogger

December 20, 2006

Beta Blogger is now called New Blogger 2006 – and this is an Old Blogger blog. And now, we have The Real Blogger Status – New.

Does anybody remember New Coke?

Well, New Blogger 2006 is substantially improved over Old Blogger. The improvements are substantially more significant than New Coke over Classical Coke.

And now, you can see my improved blogs.

A Tale Of Three Corporations

December 16, 2006

Here are three major players in the Internet / IT world.

  • Google.
  • Microsoft.
  • Mozilla.

I’ll wager that none of the three have any executives who play golf (throw a Frisbee?) with each other, regularly.

Each company released some software, recently.

  • Google released Blogger Beta on August 14.
  • Microsoft released Internet Explorer V7 on November 14.
  • Mozilla released Firefox V2 on October 24.

Consider those dates, then tell me how likely is it that Google tested Blogger Beta to work with either Firefox V2, or Internet Explorer V7? I’ll bet better than even money that neither Firefox V2, nor Internet Explorer V7, was part of the Blogger testing platform.

That being the case, maybe we can’t blame Blogger for all of the problems with Blogger Beta, or with Blogger in general. If you upgraded to Firefox V2 or Internet Explorer V7 recently, and you’re having problems with Blogger, maybe you need to look at your computer, before you complain to Blogger.

You probably (better) have other hardware / software that’s protecting you, provided by neither of the above three, that you have to consider too.

Your Blog Is Forever

December 13, 2006

According to Blogger Help This blog looks abandoned, can I have its address?

Blogger accounts and Blog*Spot addresses do not expire.

That’s good news – if you’re the blog owner. Short of your blog being hacked, what you publish will remain online forever. Of course, your ability to maintain your blog and URL will be subject to your ability to maintain the account that administers the blog.

That’s bad news – if you’re the wanna be publisher to the URL, and that URL is not available.

Periodically, we see the question

I want to publish my blog to this URL. There’s a blog at that address, but it hasn’t been updated in years. Can Blogger give me that address?

And the answer is, of course

No. See the Blogger Help post.

And, inevitably, the next question

Can Blogger help me contact the owner?

and that answer is

No. If you see an email address on the blog, use it.

The email address, for many Bloggers, is half of the authentication, to the account used for maintaining the blogs. Would you want Blogger giving out your email address to anybody who asked for it? Nope. So would you expect Blogger to give you somebody else’s email address?

And Now For Something Completely Different – Hidden BlogRolls In Blogger Beta

December 11, 2006

And now, another feature that will make Blogger Beta look a small bit shinier. Blogger based BlogRolls are now hidable, similar to MultiStyle Label Lists.

Just a small step to reclaim some sidebar space.