James's profileJazzman's PlacePhotosBlogListsMore  |  Tools Help |
|
May 18 Does Microsoft have a backdor into your Computer?Does the Government have a backdoor into your computer? Recently, an article on PC World about thwarting botnets,made a curious statement: "The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows." The article went on to state: "Microsoft security experts analyze samples of malicious code to capture a snapshot of what is happening on the botnet network, which can then be used by law enforcers, Cranton said. "They can actually get into the software code and say, 'Here's information on how it's being controlled.'" While doing some research on this, I ran across this Article that raises some interesting questions: First in my mind is the question of whether the DETAILS of the reporting mechanism built into Microsoft's Malicious Software Removal Tool are reported accurately on Microsoft's Download Site The site states: "Reporting component: The Malicious Software Removal Tool sends information to Microsoft if it detects malicious software or finds an error. The specific information that is sent to Microsoft consists of the following items: • The name of the malicious software that is detected • The result of malicious software removal • The operating system version • The operating system locale • The processor architecture • The version number of the tool • An indicator that notes whether the tool is being run by Microsoft Update, Windows Update, Automatic Updates, the Download Center, or from the Web site • An anonymous GUID • A cryptographic one-way hash (MD5) of the path and file name of each malicious software file that is removed from the computer If apparently malicious software is found on the computer, the tool prompts you to send information to Microsoft beyond what is listed here. You are prompted in each of these instances, and this information is sent only with your consent. The additional information includes the following: • The files that are suspected to be malicious software. The tool will identify the files for you. • A cryptographic one-way hash (MD5) of any suspicious files that are detected. You can disable the reporting feature. For information about how to disable the reporting component and how to prevent this tool from sending information to Microsoft, click the following article umber to view the article in the Microsoft Knowledge Base" If it is TRUE that the tool PROMPTS you for info, and you say no ( although I do admit that most John Q. Public coputer users will probably say "Yea, ok..sure Microsoft, help me out here" and click yes to the prompt), does it still do what the article in PC World states: "Analysis by Microsoft's software allowed investigators to identify which IP address was being used to operate the botnet,..."? There is an easy way to find out, which I will do in some tests I plan on running later, namely, downloading the tool and running it on a system that is infected with the known malware the tool reportedly scans for, run a port monitoring tool that will allow you to see what traffic is going into and out of your computer, clicking "No" on the prompt, and monitoring the port monitor to see if traffic is generated to an outside ip address after clicking no. Personally, I don't use the tool, and remove its automatic inclusion from Windows Update on all computers I manage simply because the tool itself a non-essential update, third party tools like Spybot Search and Destroy are more comprehensive and effective that the Malicious Software Removal Tool is. Nevertheless, questions remain: Did Microsoft purposely hide the fact that it discloses the information reported by the tool to law enforcement? Should law enforcement have access to your computer information? And one of the best questions I've seen so far, from the article on Iniltrated.Net: : "How about the potential to give Microsoft a warrantless order to discover who doesn’t like a President’s “health care plan”, or who is irrate and whatever policy; Will Microsoft sift through a machine to retrieve relevant data to disclose to authorities?" You decide, John Q. Public: Do you want this tool on your computer???? May 09 Windows XP Service Pack 3 a Bust so farIF you are planning on installing Windows Service Pack 3 for Windows XP, DON'T! Once again, Microsoft has released an upgrade/service pack without testing appropriately and causing end users all kinds of frustration and issues, making some PC's unusable and unable to boot. Here is some reading for those interested: Continuous Reboots Plague Windows XP SP3 Users Windows XP SP3 Creating Havoc Problems with XP SP3 and your AMD-based computer? Don't say I didn't warn you! April 28 Huge Microsoft SQL Injection AttacksRecently, there has been a lot of traffic and discussion regarding massive attacks against Microsoft IIS powered websites, the United Nations and the British Government being affected, along with thousands of other sites. The attack takes advantage of Microsoft’s IIS servers ability to allow generic commands
that don’t require specific table-level arguments. The
vulnerability is the result of poor coding and input handling by the the creators of the sites, not a specific Microsoft flaw. To read More: Go HERE and HERE April 22 How to remote shutdown your Windows XP machine with a text message and OutlookWant to remotely shutdown your computer in a somewhat interesting and novel way? Tim Matheson over at The Tim Matheson Blog Shows us a nice way to do it via EMAIL. Try it! February 03 Send Secret Messages to your FriendsHere is a quick and easy way to send secret messages or files to your friends using just a common .jpeg picture: 1. Create a folder and put a .jpeg picture file in the folder. The picture can be anything you wish. Note the path to the folder (c:\foldername) 2. Open notepad and type your message you want to send. Save it with whatever name you want. To send a file, select the file you want to send. Use Winrar to create a .rar file with your message or file. 3. Put the .rar file you created in the same directory or folder as the .jpeg picture in step one. 4. Open a command prompt ( Start-> run->cmd) 5. In the command window, navigate to the folder you created (cd c:\foldername) 6. In the command prompt window, type /b nameofpicture.jpg + nameofrarfilecreated.rar nameofcombinedfile.jpg 7. Double-click the "nameofcombinedfile.jpg" you just created and it will open as a picture. Right-click it and choose "open with" Winrar, however, and you will see the files you hid inside the picture and can extract and save them. 8. You can even zip the nameofcombinedfile.jpg, and password protect it if you like. December 22 Paying Down Your Debt Raises Alarms With Homeland SecuritySince 9/11, many legislative changes made by our Government have passed quietly, in the name of “protection from terrorists”, garnering little or no media coverage. These changes have been systematically taking away the civil liberties of the American People. If you are one of the few Americans who have risen out of apathy and are not susceptible to the constant mind control techniques of the Government controlled Media, then you are aware of these changes and are hopefully making your voice heard. Today I ran across an article from the Scripps Howard News Service, written by Bob Kerr of the Providence Journal, that shows an appalling example of just how far the Powers That Be can reach into your life. The article details the case of a couple in Texas that decided to pay off a substantial amount of their personal debt, and the extremely concerning issues they encountered as a result. Were you aware that if you are a financially responsible person, you may be targeted by the Department of Homeland Security as a “potential threat” to the Nation’s Security? Read bout it HERE, then call your Congressman. I know I’m going to. This is “a reminder that a small piece of privacy has been surrendered.” Piece after small piece, soon there is nothing left. Will we wait until it is all gone, before acting? September 20 Microsoft updates Windows whether you want it to, or NOTInteresting story from Scott Dunn over at Windows Secrets:
"Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates. Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching. Files changed with no notice to users In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC. It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings — without notifying users. When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything. This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears. For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it. Microsoft provides no tech information — yet To make matters even stranger, a search on Microsoft's Web site reveals no information at all on the stealth updates. Let's say you wished to voluntarily download and install the new WU executable files when you were, for example, reinstalling a system. You'd be hard-pressed to find the updated files in order to download them. At this writing, you either get a stealth install or nothing. A few Web forums have already started to discuss the updated files, which bear the version number 7.0.6000.381. The only explanation found at Microsoft's site comes from a user identified as Dean-Dean on a Microsoft Communities forum. In reply to a question, he states: * "Windows Update Software 7.0.6000.381 is an update to Windows Update itself. It is an update for both Windows XP and Windows Vista. Unless the update is installed, Windows Update won't work, at least in terms of searching for further updates. Normal use of Windows Update, in other words, is blocked until this update is installed." Windows Secrets contributing editor Susan Bradley contacted Microsoft Partner Support about the update and received this short reply: * "7.0.6000.381 is a consumer only release that addresses some specific issues found after .374 was released. It will not be available via WSUS [Windows Server Update Services]. A standalone installer and the redist will be available soon, I will keep an eye on it and notify you when it is available." Unfortunately, this reply does not explain why the stealth patching began with so little information provided to customers. Nor does it provide any details on the "specific issues" that the update supposedly addresses. System logs confirm stealth installs. In his forum post, Dean-Dean names several files that are changed on XP and Vista. The patching process updates several Windows\System32 executables (with the extensions .exe, .dll, and .cpl) to version 7.0.6000.381, according to the post. In Vista, the following files are updated: 1. wuapi.dll 2. wuapp.exe 3. wuauclt.exe 4. wuaueng.dll 5. wucltux.dll 6. wudriver.dll 7. wups.dll 8. wups2.dll 9. wuwebv.dll In XP, the following files are updated: 1. cdm.dll 2. wuapi.dll 3. wuauclt.exe 4. wuaucpl.cpl 5. wuaueng.dll 6. wucltui.dll 7. wups.dll 8. wups2.dll 9. wuweb.dll These files are by no means viruses, and Microsoft appears to have no malicious intent in patching them. However, writing files to a user's PC without notice (when auto-updating has been turned off) is behavior that's usually associated with hacker Web sites. The question being raised in discussion forums is, "Why is Microsoft operating in this way?" How to check which version your PC has If a system has been patched in the past few months, the nine executables in Windows\System32 will either show an earlier version number, 7.0.6000.374, or the stealth patch: 7.0.6000.381. (The version numbers can be seen by right-clicking a file and choosing Properties. In XP, click the Version tab and then select File Version. In Vista, click the Details tab.) In addition, PCs that received the update will have new executables in subfolders named 7.0.6000.381 under the following folders: c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups.dll c:\Windows\System32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll Users can also verify whether patching occurred by checking Windows' Event Log: Step 1. In XP, click Start, Run. Step 2. Type eventvwr.msc and press Enter. Step 3. In the tree pane on the left, select System. Step 4. The right pane displays events and several details about them. Event types such as "Installation" are labeled in the Category column. "Windows Update Agent" is the event typically listed in the Source column for system patches. On systems that were checked recently by Windows Secrets readers, the Event Log shows two installation events on Aug. 24. The files were stealth-updated in the early morning hours. (The time stamp will vary, of course, on machines that received the patch on other dates.) To investigate further, you can open the Event Log's properties for each event. Normally, when a Windows update event occurs, the properties dialog box shows an associated KB number, enabling you to find more information at Microsoft's Web site. Mysteriously, no KB number is given for the WU updates that began in August. The description merely reads, "Installation Successful: Windows successfully installed the following update: Automatic Updates." No need to roll back the updated files. Again, it's important to note that there's nothing harmful about the updated files themselves. There are no reports of software conflicts and no reason to remove the files (which WU apparently needs in order to access the latest patches). The only concern is the mechanism Microsoft is using to perform its patching, and how this mechanism might be used by the software giant in the future. I'd like to thank reader Angus Scott-Fleming for his help in researching this topic. He recommends that advanced Windows users monitor changes to their systems' Registry settings via a free program by Olivier Lombart called Tiny Watcher. Scott-Fleming will receive a gift certificate for a book, CD, or DVD of his choice for sending in a comment we printed. I'll report further on this story when I'm able to find more information on the policies and techniques behind Windows Update's silent patches. Send me your tips on this subject via the Windows Secrets contact page. Scott Dunn is associate editor of the Windows Secrets Newsletter." April 26 Microsoft Malware Protection CenterAccording to Microsoft, this portal will be launced in July. Click on the Pic to get there.  April 17 Gonna Buy One This YearAlways wanted one...going to get one this year come Hell or High Water!  April 16 Something to think aboutWhen the power of love is greater than the love of power, the world will know Peace... --unknown Author. Think about it people. Nuff said.... April 12 FIX: Red X instead of Pictures in OutlookEvery Once in a while, Outlook seems to be unable to show pictures in emails. Numerous suggestions and solutions have been posted on various help forums, however, I have found that this one works 99.9% of the time. Try this before anything else:
This has been around a while, but a lot of old links referring to the fix have disappeared, so I am re-posting it here. April 11 Free top 40 Tools for The IT Guy:I'm lazy tonight so I didn't make this pretty, but here they are: Free top 40 Tools for The IT Guy: 1. UBCD4Win http://www.ubcd4win.com/ March 07 Playindies.comHey, Check it out people, a great Site for Independant Film and Music. The site is called Playindies.com and they should be live in a couple of days! Playindies
 February 16 Hewlett-Packard Secrets From a Former EmployeeFrom The Consumerist A former Hewlett-Packard worker could barely wait for their non-disclosure-agreement to end so they could spill 14 company secrets to The Consumerist. 1: Many HP Printers, like their laser printers, have a built-in page-count after which they won't work. This resides in the a transpart sometimes called image or drum kit. Rather than get the printer fixed, it's often cheaper to buy a new printer, OR you can do a NV ram reset. It resets everything in the printer, including all the page counts, but it's not without risks. 2: To get past the voice prompt system, repeatedly say "Agent." It will take two or three repetitions, but it will get you to a human. 3: If a set of cartridges cost more than the printer, don't buy the printer.
It's considered a "throwaway" printer. HP service techs are told to
spend no more than 30 minutes working on these because at that point,
you are costing HP money. 4: HP cartridges have a warranty separate from their printer. The printer might be out of warranty, but the cartridges might not be. Cartridge goes plooey, call in. 5: Any HP printer that has been on the market for 6 months has its tech support outsourced. This means you might wind up talking to India, Canada or Costa Rica. Of the three, Canada at least speaks a variant of American. 6: If you have been told that you will receive a part by a certain date, follow up immediately. HP Parts Store was recently moved to Central America. HP Parts Store isn't talking to HP Tech Support because the Tech Support CSR can see what is in the HP PS inventory and knows when they're bullshitting. Every other part of HP hates HP Parts Store because of lost inventory, improper procedures, missed shipments, etc. 7: Using non-HP cartridges in your printer will void your warranty, and sometimes makes stuff blow up real good. The tech support will hang up on you if it is proven that the damage was caused by non-HP cartridges. 8: Just because the sales people say that your HP printer can use 120lbs paper doesn't mean it actually can. You want the straight dope on a printer? Call up HP tech support or check the website. 9: If your printer is just out of warranty and you have a problem with it, call tech support anyway. You will first likely be directed to a "warranty agent." Tell them firmly that you have an "extended warranty" and they will forward you on to tech support under "customer claims warranty." The Tech Agent MUST give you support as per HP policy. 10: Don't yell at the Tech Support CSRs. Most of them make just over minimum wage and just want to get the call over. If you have a problem, firmly request a supervisor. 11: If you threaten a lawsuit, HP CSRs are told to stop the call immediately and hang up. 12: Many HP CSRs are cross-trained into other departments. It doesn't hurt to ask if they know about the product or problem if you get misrouted. 13. HP's Beta Software website is at: http://www.hp.com/pond/ljbeta/. Only beta because it hasn't been put on the distribution cds yet. A lot of drivers here will do stuff that the installation cds won't. Also has fixes. HP maintains similar unadvertised websites throughout their system... 14. http://www.hp.com/pond/pnp Point and print = a new hp toy.Update: 9 More: 1: Yes, the imaging drum/image transfer assembly will stop the printer from working if you go over the page count. Anything with the word "transfer." Be careful with the NV ram reset because it erases everything. 2: Support for home computing products is done via flow chart. 3: HP considers countries like Canada to be not worth the time or effort to market to. The market base in there is equivalent to one of the smaller American States. If you are calling in from Canada, you have to prove that you are in warranty and some of the features that Americans get, Canadians don't. 4: Often heard from US customers: "Thank god you speak American! You're not someone from Inja(India)!" Even CSRs hate dealing the HP outsource center in India. I wasn't joking about speaking a "variant of American." Yes, I speak English. 5: Back door link to HP. Only for onsite Tech Support: http://learning.compaq.com/wbt/e9-10200-wb/default.htm 6: Outsourced companies pay their people crap and like all things, you get what you pay for. If it were to become unionized, the company would fold up like a house of cards. 7: With regards to HP Parts: Here's an example of a conversation had by a CSR:
"Oh, you haven't gotten your wingding yet? Okay, you should have gotten
that a couple of days ago. Can I put you on hold while I deal with
that?" (uses other line to call HP Parts, sees on his screen what is in
his inventory) "Hey, this is Dude over in CSR, how come Mr. Yoda hasn't
gotten his wingding yet?" The most frustrating part of being a CSR at the outsource center is when you call up the customer a few days later and no, they haven't gotten the part you promised them they'd get and then you get your ear chewed off. 8: I just wish I could give you the "stupid customer stories" because some of them are hilarious. Others are hair pulling. There's the one customer who used an HP printer from Eastern European country and plugged it straight into an American electrical socket and the magic blue smoke came out. Then there's a customer who thought that printing cardboard was a good idea because the sales guy told them so. 9: In training our trainer said that if it takes longer than
30 minutes to troubleshoot (low end printer) we are then costing HP
money and should just replace it. December 02 How to get rid of the Annoying Information Bar in IE7This tutorial is written for those experienced computer users who understand how to configure Internet Explorer Security Settings, and what all the settings mean. Internet Explorer 7 DOES improve security, however, for IT professionals who know what they are doing, IE7’s “improved security” is annoying and we can do without the idiotic “bloop” sounds and frustrating information bar popups
Windows XP Pro: Go to Start->Run->gpedit.msc Double-click the “Turn off the Security Settings Check Feature” entry and choose “Enable Explanation: This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk. ( NOTE: this means that the annoying bar will not pop up) NO MORE ANNOYING INFORMATION BAR!!! If you enable this policy setting, the security settings check will not be performed. If you disable or do not configure this policy setting, the security settings check will be performed. November 16 Royale Noir: secret XP theme uncoveredFrom I Started Something.com A New XP Theme!  "Looking at it from the big picture, Royale Noir is a welcomed alternative to the extremely small collection of verified-by-Microsoft XP themes. However being incomplete, it is not recommended for the general consumers. Enthusiasts are welcomed to try it to stand out from the crowd, but even still, you’ll feel right at home with the familiar Luna/Royale style." Download "Extract fExtract files to “c:\windows\resources\themes\royale noir” and double click on “luna.msstyles”. Select “Noir” from color scheme. Code-signed by Microsoft. No UXTheme hack required. I take no credit for this amazing find. W3bbo did an amazing job uncovering this mystery XP theme, hats off to him!" |
|
|
