Saturday, October 28, 2006

Australian Spammer Fined AU$5.5m

Now, here's something that makes me cry tears of joy! Wayne Robert Mansfield, a well known Australian spammer and his company Clarity 1 (also trading as Business Seminars Australia and Maverick Partnership) were taken to Federal Court by the ACMA (the Australian Communications and Media Authority) in March of 2006. The ACMA claimed, basically, that he contravened the Australian Spam Act 2003 (Cth) by sending over 56 million unsolicited commercial emails.

Well, finally this has been not only won by the ACMA, but the Federal Court Justice Robert Nicholson fined Clarity1 the sum of AU$4.5m and Wayne Robert Mansfield the sum of AU$1m. That's a total sum of AU$5.5m (approximately US$4.2m). In delivering his decision and the fine, the Judge stated that this spammer had caused "real loss or damage to the recipients ... in the form of direct financial costs associated with purchasing blocking and filtering software (and) other financial costs in the form of lost time and productivity ... ". Hooray for Justice Robert Nicholoson - it looks like we have Federal Court Judges who actually have an understanding of the Internet in Australia, and the ACMA was fortunate enough to have one appointed to their hearing.

At least people in Australia who are responsible for enforcing Laws on the Internet have a clue, unlike one particular US Senator Ted Stevens (R) who made what has come to be known as the most stupid ever claim about the Internet - that "it's, it's a series of tubes". Obviously the stupid senator knows nothing about the Internet, which is fine as he's only the Chairman of the Senate Committee on Commerce, Science and Transportation who was investigating Net Neutrality at the time. Go "The Daily Show". :)

Oh, you have to watch this (DJ Ted Stevens)!

Regards,

The Outspoken Wookie

Thursday, October 19, 2006

How could I possibly resist?

Well, I couldn't.

Apple, the company who constantly claimed that their old PowerPC line of processors were sooooo much faster than the Intel processors, who switched to Intel and immediately claimed that these new Intel processors were sooooo much faster than the old PowerPC processors, who keeps claiming that their computers are so fast that they are illegal in some countries, and who is slowly losing market share each day has decided to give Windows users a nice little surprise when they buy a new Video iPod.

What Apple has decided to do is to drop the quality control of their iPod building plants (outsourced, I might add) to the point where they have allowed the RavMon.E trojan (which Apple mistakenly calls a virus - you think that they should know better) to be shipped at no extra charge on a select number of video iPods.

Of course, in keeping with Apple's style, they have kept the real figures to themselves - they have never been a company to come out with believable statistics before, so how could we believe any figures they released on this issue anyway?

As of now, all currently shipping units have been checked and cleared of the virus - that is, they have decided to actually quality control their Video iPods. Oh, yay - isn't that big of them?

And, then, to top this all off, they "are upset at Windows for not being more hardy against such viruses" - what, the viruses (in this case, trojans) that Apple distributes, or viruses (trojans) in general? Did they not think that maybe because they have what, just around 3% of the market share that people simply couldn't be arsed writing viruses, trojans and other malware as the whole idea of writing them is to infect as many people as they can - and 3% is just not worth the effort!

Anyway, here's to Apple for distributing a trojan, not actually knowing the difference between a trojan and a virus, and for being upset at Microsoft for them (Apple) distributing this trojan. Keep up the good work!

Regards,

The Outspoken Wookie

Saturday, October 14, 2006

Legally forced to write vulnerable code? You're kidding?

With the backing of the EU - and probably ONLY because of the backing of the EU did these two even start bitching and moaning about this - McAfee and Symantec have won their battle to have Microsoft allow kernel access to non-kernel developers, malware authors and anyone who can understand how to download an SDK and use an API to give them access to the core part of Windows Vista x64.

This is one of the most brain numbingly stupid decisions Microsoft has been forced to make in the history of Microsoft's brain numbingly stupid decisions.

I DO NOT want malware authors to have easy access to the kernel in Vista x64. I don't even want them to have easy access to a Vista x86 kernel! I'd prefer malware authors learned how to fill their baths with hot, fuming sulfuric acid before their next... oh, that's probably no good as they would be unlikely to bathe in quite a while.

Now, in addition to this idiocy, the EU is insisting on making their annual budget deficit up by direct debiting Microsoft's bank account. Know an easy way to stop this madness? yup - you guessed it. Microsoft should simply not make Vista or Office 2007 available for sale in any EU countries. They should add a bit to their EULA stating that if anyone in the EU is purchasing Microsoft software from a foreign country then they are under the jurisdiction of that foreign country's legal system when it comes to complying with Licensing. They should also add a bit that states something like "EU residents may only purchase this software from a US based reseller - purchase from anywhere else is not permitted and the EULA transfers no rights of usage, installation, copying or anything else unless a EU resident has bought this software from a US reseller" to make sure that this jurisdiction is something that Microsoft completely agrees with.

Then they could close the gaping wound they have just made to the safety of my computers, my network and most importantly my data by allowing malware authors (and I include McAfee and Symantec in that class - have you seen their software lately) and start making decisions based on "Secure by design" instead of "Holes added to save us billions in litigation".

McAfee, Symantec and the EU have a LOT to answer for! Can I sue them when some 14 year old script kiddie uses the holes they forced Microsoft to open to invade my privacy?

Regards,

The Outspoken Wookie

Sunday, October 08, 2006

Please Write Vulnerable Code

OK, I'm no big fan of Symantec and their sloppily written, resource intensive, bug ridden rubbish they call code. You probably all know, or are about to learn, that we don't support their software as we know how much grief it causes on computers. You know that when we approach a potential client who is running Symantec software on their network that if the client doesn't agree to have those machines formatted and rebuilt (servers, workstations, whatever) then we'll shake hands and walk away. We do not support Symantec software because we know that there's nothing we can do to make it work well, and that our clients will be unimpressed with the results of our work, purely because of this crap called Symantec software that they are running. So, we say no.

Same goes for McAfee - their products, too, are sub par. We don't support any of their crap, either.

Now, as you may have read in Jesper's blog, both Symantec and McAfee are bitching and moaning at Microsoft because Microsoft is closing some of the more insidious holes in their OS - they are disallowing 3rd party vendors access to the kernel. Well, at least in Vista x64, they still (stupidly) allow this access in the 32-bit version of Vista. What these two "security" vendors want is for Microsoft to continue writing vulnerable code.

What Symantec and McAfee have asked of Microsoft is that Microsoft writes vulnerable code.

Yes, that's right. They want to have a vulnerable OS so that they can be seen as the saviours of the modern OS. Well, guess what? Its not going to happen. Microsoft doesn't write the most secure code on the planet - I think that's common knowledge. But Symantec and McAfee are nowhere near as good at coding as Microsoft's programmers are. I know who I'd rather have writing the security in my OS - the guys who write the OS, not some 3rd party who has not yet shown they have a clue.

Any Judge who's asked to make a decision on whether Microsoft should be allowed to write secure code, or to have to open holes into the most critical parts of their OS to be exploited by virus writers, 3rd party developers with no OS kernel level experience whatsoever and all other malware authors will have a "no brainer" decision to make.

Who here wants to vote for yet another insecure OS from Microsoft, just because some other "security" company wants it to be left open to hackers where Microsoft wants to tighten the security?

Ooh, the silence is deafening!

Regards,

The Outspoken Wookie

Monday, October 02, 2006

Simply in the pursuit of being equally unfair to everyone

I'm sure this was found purely to keep the card table balanced, but there's been a recent vulnerability found in Firefox that already has had the source code for the exploit published. I mean, what happened to responsible disclosure?

The good folks over at SecuriTeam have made mention of this in their blog. They also say, and I agree, that this will likely be patched by the Mozilla dev teams significantly faster than the recently discovered and also currently exploited holes in some Microsoft IE ActiveX controls that I mentioned yesterday.

[Update: This vulnerability was a hoax. So, as well as responsible disclosure discussions should we also be having "this is not funny" discussions? - HT 2006-10-04]

Anyway, no matter which web browser you use: Internet Explorer, Firefox, Opera, Linx, etc, you need to make sure that you keep an eye out for official security patches and apply them as soon as they are released (for critical issues) and also keep an eye out for active, unpatched exploits and have a look at the workarounds suggested. This helps to assist your browsing experience to be a pleasant experience. And life's all about enjoyment, isn't it? :)

Regards,

The Outspoken Wookie

Sunday, October 01, 2006

More Vulnerable ActiveX Controls

Yes, just after Microsoft was finally coaxed into releasing an "out of band" patch for the actively exploited VML vulnerability last week, along came another vulnerability. Microsoft is yet to fix an earlier vulnerability in the DirectAnimation Path ActiveX Control that was found the week before the VML vulnerability.

I do wonder why we all have to try so hard to get Microsoft to release critical security patches for actively exploited vulnerabilities, such as the WMF vulnerability in December 2005, this VML issue, the DAXCTL issue and the recently discovered WebViewFolderIcon control vulnerability - sure, this one was only discovered a few days ago and is being actively exploited already, but Microsoft will try to get the patch in their regular "Black Tuesday" patches, or wait until next month. Absurd, if you ask me, to wait that long for actively exploited vulnerabilities to be patched.

Now, Jesper has already mentioned this vulnerability in his blog, complete with a workaround which will disable the vulnerable control (and also for the DAXCTL issue) which is great. Microsoft has published a Security Advisory with similar information in it.

The issue here is that not many admins look at either Jesper's blog nor the Microsoft Security Advisories, which - to my way of thinking - is frightening. I can understand the "I can use both buttons on a mouse so they made me the sysadmin of our network" people not knowing enough to secure their systems - it isn't a job they asked for and isn't a job they know how to perform properly, but I cannot understand nor accept that professional sysadmins don't keep up to date on the latest security issues relating to the systems under their control. That is "DCM Slip" fodder if ever there was any.

The bigger issue, not caused by, but at least enhanced by those sysadmins who are not keeping up with security issues, is that according to Internet Storm Centre at SANS, this issue is being actively exploited. The exploit at least installs a rootkit, and possibly does other malicious things. This is bad. Most decent AntiVirus programs should be detecting this and any variants. I know NOD32 has been detecting variants since 28 September 2006, and Trend since 30 September, 2006.

Security is not an endpoint, it is a journey. We can never, ever secure our machines - we can only increase their level of protection.

Regards,

The Outspoken Wookie