Category: Tech

Posted on
by

Netcraft reports on a series of malicious banner ads using a vulnerability in Internet Explorer 6 to spread the Bofra virus. Clicking on the banners sends you to a website that uses the recently-discovered IFRAME vulnerability to infect your computer. Of note are the facts that there is no patch for this yet, and XP SP2 is affected (whoops, I misread that part).

The Register found the ads on their own website and identified the source as ad server Falk AG. They have pulled Falk AG’s ads from their rotation and apologized to their readers. Netcraft adds that Falk AG’s clients include high-profile sites such as A&E, NBC, and Sony. The ad company has issued a statement, but the page currently consists of the line “Server Engine: Application error.”

Update 3pm: The statement from Falk [archive.org] is readable now. Apparently someone broke into one of their network load balancers and reconfigured it to redirect ads to the malicious site. Once they discovered it, they shut down the affected system and started checking the rest. The malicious ads ran for a total of about 6 hours on Saturday.

Update Tuesday: the Internet Storm Center has posted a write-up of the attack response.

Of course, there are several ways to protect yourself from this type of attack.

Browse Happy. Online. Worry-free. Switch today.

Posted on
by

OK, chalk this one up in the “What the heck?” column:

The limitation of the Photon Hypothesis

According to the electromagnetic theory of light, its energy is related to the amplitude of the electric field of the electromagnetic wave, W=eE^2(where E is the amplitude). It apparently has nothing to do with the light’s circular frequency v.

To explain the photoelectric effect, Einstein put forward the photon hypothesis. His paper hypothesized light was made of quantum packets of energy called photons. Each photon carried a specific energy related to its circular frequency v, E=hv. This has nothing to do with the amplitude of the electromagnetic wave.

And so on. It triggered a number of spam tests, including forged headers, a failed SPF check, and appearances in both Razor and DCC, which means a lot of other people got the same mail. It’s plain text, no attachments, and the only link in the message is to a physics site. As near as I can tell, someone’s just randomly sending out a physics paper by email. That leads to the question: why?

Posted on
by

Perhaps you’ve heard of electoral-vote.com. Over the past few months, the site’s author has been collecting data from various polls and trying to predict which candidate is likely to carry each state. Each state’s support is classified as strong, weak, or barely there, or a straight tie, making it a more useful gauge than a simple red/blue map.

Yesterday’s data showed a strong win for Kerry, 298 electoral votes to 231. This morning it shows a virtual tie: 262 for Kerry, 261 for Bush.

This morning the “votemaster” also writes about dealing with a simultaneous denial-of-service attack and Slashdotting (or “flash crowd” as he prefers to call it), and he talked about his previous Slashdotting experience… with a rebuttal to claims that Linux was stolen from Minix.

Yes, the “votemaster” is none other than Andrew Tanenbaum, author of the MINIX operating system, one-time teacher of Linus Torvalds, and an interviewee for Samizdat, the Microsoft-funded study that attempted to prove that Linux couldn’t possibly have been developed honestly. Tanenbaum was disturbed by the leading questions, and incensed when his responses were taken out of context and used to support a position he categorically refuted. He and others posted rebuttals before the book even saw print, and by the time it was actually published, it was essentially a nonissue.

Posted on
by

Yesterday morning, I remarked to Katie that it seemed odd that with the vast number of “zombie” computers infected with remote control programs via viruses, trojans, spyware, etc., their primary use so far has been sending spam. After 7-odd years of distributed computing projects ranging from demonstrating weaknesses in encryption schemes to searching for extra-terrestrial radio signals via SETI@Home, and reports that access to zombie nets is selling on the black market, you’d think someone out there would be trying to crack into the DoD or something. (That last link refers to phishing attacks, but the current form of phishing is very tightly coupled with spam.)

Last night I saw proof that zombies are at least branching out a little: they’re not just being used for email spam, but they’re also being used for comment spam. Starting around 8:30, someone started posting pairs of comments every 20-30 minutes. The content and links were identical each time, except for some random numbers in the (probably bogus) email and at the end of the body… but the IP address was different each time.

I caught it around 10:00, added “poker” to the list of moderation triggers, figured they’d give up when they saw their comments weren’t posting, and after another 3 pair (that’s not a legal hand, is it?) I just closed comments on the two posts.

Update 6pm: After a long afternoon dealing with server recovery issues, I checked my email and found about 40 “Please approve…” notices, starting around 1:45 and running all afternoon. All from the same blog spammer. A bit more aggressive than yesterday’s, because they hit a new post every time, but this batch all went straight into moderation. You’d think after you posted 20 comments and none of them showed up, you’d get the clue that it’s not worth posting 20 more…

Update 9am: I installed a plugin last night to block those comments from even reaching the moderation queue. Then laaate last night I noticed that it was screwing up comments with apostrophes, so I disabled it. The moderation notices started coming in immediately. 60 of them from around midnight to about 6am this morning. And none were ever displayed on the site. (Thank you, WordPress!)

Posted on
by

I saw this CNET headline — Microsoft battles piracy with free software — and my first thought was that they were using some GPL’ed/BSD’ed/etc. tool for tracking or some such. No, they’re just giving away free software to people who will let them remotely verify that their OS installation is legit. Which makes perfect sense once you get out of the open-source/Free software (with a capital F) mindset.

In other news, I feel like I’ve spent the entire month of October rebuilding, recovering, restoring, repairing, reinstalling and retrofitting computers.

Strike that. I have spent the entire month doing that. *Sigh*

Posted on
by

This showed up in the spamtraps today:

Subject: Truth of the matter

Dear Sir,

This letter can only define Nigeria Scam, a.k.a. 419. If this mail look like scam to you delete it, we are looking for serious minded person.

As we all know, top officials do loot funds out of the country with non-residence foreigners. When they try and fail, the world hears it as fraud/scam, but when they go through, nobody or a newspaper writes it.

This trade is huge here and people are making lots of money out there in most foreign countries. Though the government are mapping out sophisticated strategies to checkmate unauthorized dealers. From the president to the cleaner in the house, they are all into this trade.

And so on.

This has got to be the most brazen variation I’ve seen — and the first one that admits what it is up front. Of course it goes on to try to convince you that no, this one’s the real thing, we’re only trying to cheat other people, not you, because you wouldn’t fall for that sort of thing, would you?

I’m trying to figure out whether the proper response to this is “WTF” or “O_o” or just “Unbe-flipping-lievable.”

Posted on
by

SpaceShipOne has won the X-Prize! This morning it completed its second trip to the edge of the atmosphere within one week (the prize stipulates it must be within two weeks!)

The Scaled Composites team made history in June with the world’s first privately-funded manned space flight, and last week they made a deal with Virgin to licence the technology for space tourism. The $10 million X-Prize won’t offset the cost of developing SpaceShipOne (estimated at $20 million in the radio story I heard), but it is a prototype, and prototypes always cost more because you’re still experimenting.

The runner-up in the race to the X-Prize, the DaVinci Project, plans to keep going. This is great news as well, because the more different types of craft we have, the less chance one accident will ground the world’s space fleets.

The flights are still suborbital, but the process and technology have been shown to work.

ยปAll pages site-wide with this tag