Security|Networking|Hacking|Life. by 6e:69:63:6b:38:63:68

Social Engineering: The Art of Human Hacking - Essential Read for any Security Professional

2011-01-09T20:15:00.004-05:00

Chris Hadnagy of Social-Engineer.org has done a tremendous job on a ground breaking new SE book.
I must say after reading this book I feel as though the name "Kevin Mitnick" will now be replaced with "Chris Hadnagy" when referring to Social Engineering. I was amazed at how this was not merely a collection of experiences but an in depth, well researched, well organized crash course into the human psyche and the science behind human manipulation. My favorite chapter was number 6: "Influence: The Power of Persuasion" particularly the part on "Framing". This section really drove home the point that humans ARE hackable!
I appreciated how this book is not a "how-to" for would-be malicious hackers or con men. But a guide on the what, how and why techniques behind Social Engineering can be used for malicious purposes. In fact, Chapter 9 is dedicated to "Prevention and Mitigation" of SE attacks
The book is clear, concise and an easy read. This is a must read for anyone in the Information security field, but I think an essential guide for anyone in law enforcement, private security, or even John Q. Public looking to protect himself from being manipulated. Humans will always be the weakest link in security the infrastructure, but this book is a patch for our mental firewall. Highly Recommended.

Available at Amazon
And don't forget to check out Social-Engineer.org

Technical Analysis of the methods used by the Lower Merion School District webcam spying case.

2010-05-12T22:52:00.004-04:00

I recently had the pleasure of contributing to Social-Engineer.org on a very interesting topic. Most media outlets are focusing their attention on the "official" theft tracking software and neglecting to analyze the main computer management agent that is installed on the computers and it's capabilities. Thanks, Logan_WHD and the SE.org team for the post.

Click Here for the article.

2010-05-11T15:45:00.003-04:00

Watch this space.....

Social-engineer.org

2009-12-15T23:49:00.003-05:00

First of... Whoa first post since July! Zoinks! Busy Busy. Nice new adventures in Pen testing to write about in coming months though. I wanted to post a quick review of a site that ALL security professionals and penetration testers alike should be frequenting.

WWW.SOCIAL-ENGINEER.ORG

By far the best if not the only source of all things social engineering. Move over Mitnik! They are presently on their 3rd month of podcasts, all can say is its pure gold! Partnering with well known figures in the security industry such as mutts (lead Back|Track dev) and Re|ik (creator of fast-track and the new SET, social engineers toolkit) makes this a match made in hax0r Heaven! LoganWHD has taken this sometime fringe aspect of security, the HUMAN computer, and developed an awesome source for SE with the help of several members of the hacker community. John aka Elwood also brings years of law enforcement experience for a very well rounded framework for SE.

Bookmark this site, subscribe to the newsletter and get the podcast. You'll thank yourself!

Defcon 17 - Boing!!!

2009-07-02T15:01:00.006-04:00

Well its that time again. Vegas will once again be swamped with the likes of white, gray and black hats from all creeds, colors, income tax brackets and species. What an experience! If you have a chance to attend I HIGHLY recommend it. More info can be found here.... http://defcon.org Be sure to check the DEFCON forums for info on attending. I personally liked checking out some of the you-tube vids from previous years to get a feel for what to expect.

Simple truth.... expect anything and besides getting a flight and hotel, don't really plan anything else. For maximum fun just go with the flow. You may end up in some very cool places rubbing arms with people you've only read about in the hacker community.

This year should be very interesting. Cool talks lined up Johnny Long, Dan "attention whore" Kaminsky and , get this, Adam Savage from Mythbusters on the Discovery channel, will be there this year. Last HOPE in NYC he spoke, I saw it, he's a really cool guy. Hoping to meet him. His twitter is "donttrythis". Checkity check him out.

Here is a couple n3wb tips for maximum fun and $$ savings:

1) Shop for flight & hotel deals. This year from philly direct to vegas and 5 nights hotel at teh Circus Circus a friend and I scored tickets for about $500 a piece. giggity giggity! Unless you want non-stop, no-sleep, no-rest, skip the Riviera for lodging. 10000 hotels other than that one to stay at.

2)DRINK WATER: you're in the friggin desert for mitnick's sake!

3)You won't get much sleep, trust me! Prepare the week before by getting some good rest. out there the place just drains the living crap out of you. I found that fitting in like four hours here and there kept me going. Well that and lots and lots of monster, rockstar and 5 hour energy.

4)Black is cool to wear, hey we're hackers, its what we do. BUT, and its a HUGE BUT, bring black t-shirts that breathe! and shorts are a very good idea. jeans suck! :)

5) Leave room in your luggage for swag! You will totoally score some great stuff. (ie. t-shirts, or other crap you want to bring home.) And is it really nessasary to bring all your tech gear to the con? You may really only need a single system and any gear you may want to play with. Its easier in the long run also.

6)Don't access anything from Public Internet access points in or around the Riviera or anywhere really. Seriously. If you have access or actually own a 3g, GPRS, GSM, CDMA etc WLAN card, use it! Stay off the hotel net and the pub Defcon wifi/lan with anything you care about. It WILL be hacked and/or compromised. Don't be a victim of the "wall of sheep". (google it if you want more info). What I do is use either a sanitized/clean hd with nothing on it of value or use a bootable usb key with Back|Track. (remember to change the default password). But still remember not to check any webmail etc. SSL will not protect you. Ahh yes and one more bit of advice, skip the ATM at the Riv. trust me.... just bring enough cash ahead of time. ;)

7)Be humble. I don't care if you just hacked DOD or changed the Pres' blackberry ring-tone so that he's "rick-rolled" every time biden calls him. There will always be someone who can put you down. Once you go for the first time you'll understand, you can spot a arrogant hacker SOB from a mile away (**ehhemm,kaminsky,cough**). l33t h@xoR$ IMO are always very humble. Trust me sit back be silent unless you're asking questions. Make friends. Learn. No "measuring" of size going on here. Hacking is about learning.

All in all, sit back and take in the awesome exchange of knowledge and technical exploration available.

Hope to see you there! Remember to search for the offsec & remote-exploit ppl.

nick8ch

Security Certification Exam Cage Match

2009-03-17T00:56:00.010-04:00

What is the best group of letters to have after your name as a security professional?

I thought I would write a brief account of my experience with three of such certifications. Certified Ethical Hacker (CEH), GIAC Certified Penetration Tester (GPEN) and Offensive Security Certified Professional (OSCP).

CEH

My experience with the CEH certification started with a one week boot-camp type training session through a training center in Plano, TX. The training was very “by the book” and when I say that I mean “books”. During the first day we were given three large red books for a total of 2300+ pages of information AND a 500 page lab manual. In the classroom each had a small satellite desktop system loaded with WinXP-pro, win2000 and a BackTrack partition. The trainer we had was actually a very good trainer but the training lacked something. At the time I really couldn't put my finger on it due to my lack of experience with training sessions. More on that later as you will see.
During the training we were told several times that EVERYONE here WILL pass the exam. This made me feel as if the whole purpose of this training was ONLY to pass the exam and get that little piece of paper and those three letters after our name. The books mainly focus on the use of windows/linux based programs and utilities that are already made for a specific task. Very little practical knowledge or challenging exercises. For example a typical day session would be like this; “hello class, open to page such-n-such , we are going to see how to use wireshark to sniff packets.” Following 5-8 slides on the projector explaining what the ins and outs were, we would open the program and start sniffing. “Ok, any questions? Good, moving on to our next tool.....” Was this a Ethical Hacking course or a discussion of man pages?
Overall I am glad I took the class, 7 day session included the CEH and CHFI exam which was a breeze. I'm happy I have the certs because it does show a degree of knowledge in the field of security and penetration testing. But, in the list of security certifications I think the CEH is quickly loosing credibility due to the fact that very little security experience is needed to pass this exam. It is very close to MS certifications in that, a simple memorization of material will allow you to pass the exam. If you can memorize some command line switches for Nmap and Netcat, you can pass this.

GPEN

The GIAC Certified Penetration Tester certification is relatively new to the arena. Approximately 350 certified at the time I received mine last month. From the GIAC website: “The GPEN certification is for security personnel whose job duties involve assessing target networks and systems to find security vulnerabilities. Certification objectives include penetration-testing methodologies, the legal issues surrounding penetration testing and how to properly conduct a penetration test as well as best practice technical and non-technical techniques specific to conduct a penetration test.” The certification is based on the SANS 560 course material.

I did not attend any training for this exam and did not pay for it either. I received this certification basically on a dare :) Let me explain. GIAC decided that their certification didn't have enough publicity or wasn't being recognized so they decided to offer the $900 exam for free to people who had passed one of the rival certifications CEH & OSCP recently. I had just completed my OSCP as I will explain later and I decided to give it a whirl. The test was a 4hr 150 question multiple choice test that needed to be proctored at a testing center. Along with the exam I was given two free practice tests to take ahead of time. I passed those and scheduled my exam. Granted I didn't really study or prepare too much but I was able to pass.
With this certification I only have the exam to compare to the other two, so based on that, the exam still lacked something. I mean, could a person with a tech support level 1 have passed this exam. Well, multiple choice questions, 4 hours, I think so. This is really my point, where is the practicality of the exam? Does it show actual REAL working knowledge. If I can answer a question like; “Which of the following tools would be used to create a Reverse Bind TCP shell?”, does that make me a security professional? Um, no.
Now, let's talk about the last certification.

OSCP

The Offensive Security Certified Professional certification is also relatively new. It's a certification that proves that the individual has a real working knowledge of a real-world penetration testing environment. The training, a lab testing environment and Exam is included in a package. The training is called “Pen testing with backtrack”, instead of “Ofsec 101” as it was called previously. From their website: “an on-line course designed for network administrators and security professionals who need to get acquainted with the world of offensive security. The course introduces the latest hacking tools and techniques, and includes remote live labs for exercising the material presented to the students.”
So, the course is on-line and tremendously cheaper than other certifications. Is it any good? Thats a big NO! Its way way better. Its AWESOME. With the lab time you receive with your training, you get VPN access to a real-world pen-testing lab environment with several target machines and objectives and exercises throughout the training. This in itself is an amazing learning tool. You also have a dedicated windows system within the lab with several tools installed including Core Impact which most people haven't had access to due to the cost.
The training itself is CBT based using video and also you receive a very well written training manual that goes along with the training. Each section ends with an exercise and a “extra mile” type exercise that you can preform and document for extra points at the end of your course. All in all the training is A+! Since the pre-reqs for taking this training requires a previous understanding of TCP, network admin, etc. There isn't time wasted on very basic networking concepts. The training is by Mati Aharoni of offensive-security, a seasoned security professional with google being his resume'. He is also the main developer of the BackTrack security Linux distribution. So the training focuses on using BackTrack as the platform for pen testing. If you opt to get the lab time, which again I will say GET IT, If you sign up for the “Pen testing with backtrack” you will have the opportunity at the end of the training to attempt final challenges that have been designed to test all aspects of the training you went through. I give credit to the excellent training I received as being the reason I was able to blast through the GPEN exam. It is unlike previous technical training I have had in that it teaches you how to reason and think, not just fill your head with man pages from hacker tools. But enough about the training. Since we are mainly comparing the exams for the certifications. How did the OSCP fair?

This was no Q&A exam. The OSCP exam is designed to test you as a Penetration Tester. Last time I checked when you were testing a company's network they don't hand you a test with multiple choice questions. So this is where the OSCP, in its awesome practicality, stands above the rest. (The exam is 24 hours, yes that's right, 24 hours to complete.) You are given VPN access to a separate and dedicated only to you specially designed lab for your exam. You are then given objectives to complete. Basically you are told to find, exploit, document and prove exploitation of several systems in the exam lab. Hence the need for 24 hours, and I tell you I almost used all of the exam time (thank you red bull). The system could really be any operating system and you have no prior information regarding what is in the lab you are connected to. It truly is a test of EVERYTHING you were trained on in the course. It will test you to the very limits of what you are capable of and it is a true challenge. Following the exam, you submit your notes and proof of exploits and your are then graded.

Conclusion

With so many people passing themselves off as “Security Professionals”, I think more than ever it is imperative that the individual show practical real-world knowledge of Penetration testing. For instance, do you only take a written test for your drivers license? Of course not. So why do some of the so called “best” security certifications not test REAL working knowledge? Many certifications test the individual on book knowledge and totally ignore the fact that when you are preforming a penetration test you are in essence a malicious hacker for that project, so you in turn need to think like one. You have to think offensively from a black box perspective and the OSCP nails that in all aspects of the training and exam. In my opinion this certification & training should be mandatory for anyone looking to break into the field of penetration testing. Yes other certifications look great on a resume' but as time goes on and the OSCP becomes more well known I think you will see more and more companies looking at this setting the bar for security certifications.

Internal Network Policies Part 3:

2009-03-02T17:13:00.002-05:00

The Enemy of my Enemy is my Enemy? Huh?

Yes, that statement may seem odd but it's true. Sometimes the greatest threat can come from within. In the last two articles we discussed how an employee of your own company could compromise your entire network by doing something as simple as downloading & sharing the latest Britney Spears song. But what are the implications of this action? Are your employees trying to sabotage your company? Most likely, No. But are your employees performing an action that is inadvertently compromising your information integrity? They might be....

What have you implemented as a company policy or procedure, to educate your employees of the fact that the action they take may impact the company in a negative way? Most of the time nothing of this sort is done, Why?

The problem lies in the fact that most network administrators dwell too much on making things “work” and not enough on making things “secure”. But what does this involve? It's much more than enforcing strong passwords or insisting that the staff not take out of the premises data that may expose information that could lead to a breach. It involves an overall education of what can be done with a small portion of access to your company's network. For example, what information could I gain from a single e-mail login from say,.. a sales person? Any inside information available there? Perhaps information regarding a product that you have a niche in? Do you ever send financial information to a sales person? The point is this, information you would normally pass off as insignificant between members of your own company may seem common but, to the a rival company or malicious entity could be very lucrative. What would be the cost to your company if that information was in the open? Could you lose your advantage or perhaps a crucial bid to a large contract?

Information is everything.

It is the life blood of your way of making money with your product or service.

How do you protect that?

By understanding the flaws that threatened the integrity of that information. Only by understanding how the “would be” attacker of your company thinks, will you understand what really is at risk here. If you do not have someone who understands this very fundamental aspect of information security on your IT team, GET ONE. The need of the cookie cutter “bachelors degree in computer science” is long gone. WORKING knowledge in the REAL world of computer technology and networking is ESSENTIAL.

To the CEO and management personal that are reading this, I write this: there are more vulnerabilities in the software you run each day on your office PC than you can count. And I'm not talking about viruses, ad-ware or spy-ware. Real threats. More and more each day. I don't say this to frighten you but to educate you on the fact that when it comes to “conventional” knowledge of Information Technology, nowadays, it just doesn't cut it. You need to think beyond the out-of-the-box mentality of network security. Norton, McAfee, etc will NOT save you from the real threats that lurk out there. You need real active, intelligent staff in place to deal with the threats that exist.

What can you do as management? Have a conversation with your IT staff or IT provider. Ask them to explain what the TCP/IP stack involves and what tools such as NMAP and Netcat do. Do they understand the various forms of encryption when it comes to wireless? What's the difference between WEP & WPA? Or better yet, keep it short and simple, ask them to give you a detailed report on what steps they have taken to ensure that threats externally and internally are being actively defended against. With this report you should be able to determine what, if any, defense has been implemented against such attacks.

These queries are just the bare minimum in what a qualified IT person should be able to answer today. Why? Because setup and installation of your network is, for the most part, taken care of by the software/hardware manufacturer. Most setup of even enterprise networks is “wizard driven”, meaning automated or really easy. The rest, including securing your information, is up to your staff or IT provider, the human element. Make sure you are protected, in these critical financial times, you cannot afford to lose money due to an information breach.

If you have any questions about this series of articles or need assistance in assessing whether or not your information security is up to par, contact the MAEA. We have a qualified IT and Security staff that can answer your questions.

Nick Hitchcock

OSCP, CEH, CHFI, MCP

NHT Consulting

www.nhtconsulting.com

nickh@nhtconsulting.com

Back|Track 4 Public is now available!

2009-02-11T10:13:00.006-05:00

Our friends over at Remote-Exploit & Offensive-Security have rolled out the public version of BT4. The ISO and VMware editions are available via the following links:

http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-iso
http://www.remote-exploit.org/cgi-bin/fileget?version=bt4-beta-vm

You can distribute the ISO and VM, but the team asks that you would please forward the above links for people to download from. This will give them good estimates on how many downloads are being made initially. Thanks and Enjoy!!

Greetz to muts, loganWHD, ziplock, ReL!k, MisterX, ZeroChaos, jabra, omar,TheX1le, and the whole team..... cheerz!
You can thank the team yourself on IRC, freenode net on #remote-exploit.

BackTrack 4 and ShmooCon 2009

2009-02-10T12:25:00.006-05:00

I was privileged to be a part of the Remote-Exploit/Offensive-Security team this last weekend at the Washington DC based Hacker Con, ShmooCon. Was an awesome time. Many new friends made and many old acquaintances met again. I was able to be a part of distributing the new beta version of BackTrack 4. This has not been publicly available yet but should be shortly. Keep checking the Back|Track blog over at http://backtrack4.blogspot.com.

Here are a few pics from the event. Was a great time! http://flickr.com/photos/35146528@N07/

Enjoy... More info to come...

Internal Net Policies part 2

2008-12-26T13:35:00.005-05:00

Internal Company Network Policies

Part 2: A framework for your IT procedures.

In our last edition of the journal, part 1 touched on the need of your company to have a good internal network policy for your employees and the need to enforce it. In this part we will touch on just how you go about doing that.

Is it a Policy, a Standard or a Guideline?

We frequently hear people use the names "policy", "standard", and "guideline" to refer to documents that fall within the policy infrastructure. We are focusing in on “policy” for our discussion.

A policy is typically a document that outlines specific requirements or rules that must be met. In the information/network security realm, policies are usually point-specific, covering a single area. For example, an "Acceptable Use" policy would cover the rules and regulations for appropriate use of the computing facilities.

This is different from a standard which is typically a collection of system-specific or procedural-specific requirements that must be met by everyone. For example, you might have a standard that describes how to harden a Windows workstation for placement on an external (DMZ) network. A guideline is typically a collection of system specific or procedural specific "suggestions" for best practice. They are not requirements to be met, but are strongly recommended. Effective security policies make frequent references to standards and guidelines that exist within an organization.

A Security Policy indicates senior management’s commitment to maintaining a secure network, which allows the IT Staff to do a more effective job of securing the company’s information assets. Ultimately, a Security Policy will reduce your risk of a damaging security incident.

What is right for me?

The most important thing to remember when starting the process of developing a Security Policy is that there is no “right” or “wrong” way to go about it. No one policy will work for every organization. There is no generic template that will meet every need. A fantastic policy for Company ABC might be useless to Company XYZ. That being said, a Security Policy must be a custom document that reflects your company’s specific security needs. In fact, a useless Security Policy is worse than no policy. Companies that boast of Security Policies thicker than a ream of paper are often the ones that have no idea what those policies say. The false sense of security provided by an ineffective policy is dangerous. The point of a Security Policy is not to create “shelfware” that will look good in a binder, but rather to create an actionable and realistic policy that your company can use to manage its security practices.

A Great Framework

Having an Information Technology framework for your company is an essential first step in how your technology is being handled internally. Thankfully there is a great framework to help companies accomplish this. The Information Technology Infrastructure Library, called the ITIL, is a tool that can help you. It is a customizable framework of good practices designed to promote quality computing services within your company. ITIL provides a systematic approach to the provisioning and management of IT services. The core parts of this framework include Service Strategy, Service Design, Service Transition and Service Operation, including incident management and security management.

Stay tuned for part 3.........

Nick Hitchcock

OSCP, CEH, CHFI, MCP

NHT Consulting

www.nhtconsulting.com

Internal Net Policies. Part 1

2008-12-26T13:25:00.004-05:00

I thought a good start to the "re-invigoration" of this blog would be to post a couple articles that have been written for other publication. Enjoy...

Internal Network policies

Part 1: File Sharing

Your company has the convenience and accessibility once thought to be science fiction. Files can be transferred to the other side of the planet within seconds. Communication is a snap. Even within the past five to ten years the speeds available in certain areas for Internet have doubled, tripled or even more in speed. But with this convenience as with anything comes abuse. Could your network at this moment be being used for something other than what you intended it?

Does your company have an internal network policy?

A recent national survey of U.S. white-collar workers commissioned by ISACA found that more than one-third (35%) of employees have violated their company’s information technology (IT) policies at least once and that nearly one-sixth (15%) of employees have used peer-to-peer file-sharing at least once at their place of business, opening the door to security breaches and placing sensitive business and personal information at risk. Do you have a policy in effect to prevent this?

What exactly is the risk?

Many file sharing programs are just that, they “share” files. How so? In many popular easy-to-use file sharing applications, during the initial setup the application may look for files, primarily media files, to allow other users of that particular file sharing network to access. With that in mind think of the following scenario:

Bob wants to install a file-sharing program on his computer at work for something relatively harmless. He just wants some music to listen to at work. During the setup of the file-sharing application the program installs wonderfully and Bob is ready to get some music and get productive at work. But, there is a problem. During the setup, the file-sharing application found a few media files in a directory to share, one is named “widget-demo.avi” and another is “jingle-music.mp3”. The major problem in this is not the fact that it may have shared your commercial video or jingle music, but that, when this file-sharing program shares those files, it shares the entire contents of that file folder. What else could be in that folder? Perhaps “Q4-earnings.xls”, “Board_of_Dirs_minutes.doc” or maybe “CompanyFinancial.qbb”. You get the point, this can be very dangerous.

Conclusion

File sharing is very useful in some aspects of legitimate business. But, this is only one of the various security risks in allowing a file-sharing application to be installed on an unattended client machine. The fact is most file sharing applications can bypass any firewall security you may have in place negating any steps or investments you may have made to stop network attacks.

This is one of the many parts of a full network policy that your company should have. In upcoming articles we will discuss other aspects of a network policy and how to enforce these without restricting productivity.

Nick Hitchcock,

OSCP, CEH, CHFI, MCP

NHT Consulting

www.nhtconsulting.com

Amazing how things stay around on the net

2008-12-25T12:53:00.003-05:00

So here I am thinking to myself while redesigning my website, "man I should have one of them there blogs to post hack/sec stuff." So I do what everybody else seems to have done and I go to blogspot.com
I start to sign up and dang! someone already used "nhtc"! I proceed to follow the link and low and behold its ME from 2005. Wow I have a short memory.

/me proceeds to smack himself in the head with a large trout
(irc folks will get that one hehe)

Stay tuned for more.

Windows Critical Updates, More improtant than your data?!?!

2005-12-19T08:28:00.000-05:00

So there I am, asleep in bed, well sort of. I wasn't sleeping very well that night to begin with but to get to my story. Here comes 3am and what do I hear that breaks the silence of the early morning? Well, its my fancy little "Exiting Windows" wav file. "Hmm" I think. That's odd, because I'm not at my computer and surely nothing on this planet would just make my computer just shut down. So like a good nerd, I have to get up and see what the heck is going on. My system comes back up and to my amazement, I see a nice little balloon message pop up from Microsoft...."You computer was recently AUTOMATICALLY RESTARTED because of a critical update."

OK... I will let that soak in for a second.........

Ok, You got that? AUTOMATICALLY RESTARTED!!!!

Let's look at a simple equation. Microsoft or another technology firm, finds a flaw in windows that may lead to the ability to allow a person to compromise the weakness and damage your data. Sounds simple enough right? Now, the problem is so high on the list of windows problems that someone decides this needs to be applied IMMEDIATELY!!. Good enough, sounds like good ole' MS is looking out for us.

But, here is my point. MS comes out with a patch to fix a problem so that users WILL NOT lose their valuable data, by rebooting automatically and possibly leading to the loss of DATA!?!?!

AHHHHHHHHHHHHHHHHHHHH! Anyone else following me on this?

Here is what happens in Microsoft Speak. "As it turns out, the reboot is actually expected behavior. You have Automatic Updates on your system configured to Automatically download recommended updates for my computer and install them on a schedule. When one or more of those updates requires a reboot, the system gets rebooted."

So it's my fault? Oh i feel better. Thanks. Enngg! Wrong.

If any of you remember a virus back about four or so years ago, (can't remember the exact name but I think it was "Sircam") This viruexploiteded a critical flaw in NT based OS's (XP is NT based) that caused the system to rebooinexplicablyly when thpersonne logged on to their internet service provider. This virus maker cause "millions" of dollars of damage. They were caught, sent to prison and so forth.
Microsoft has made the exact bi-product with this Auto update feature. NowI'm'm not likening MS to a criminal, although there are times I want to. BUT, this problem needs to be addressed at the highest level. This really is an inconvenience for the user and sometimes worse. Perhaps you were working on a term paper at night, went to bed without saving, it happens to everybody sometimes, we forget to save. But thats ok until BAM! MS restarts your computer!

Nope! that's not what I want.

So here are the options........

1) Turn off Automatic Updates.
- Well, some people have no problewithth doing this, but with the amount of time that it takes for someone to use MS bulletin and use it maliciously, I wouldn't recommendnd it. Yodon'tnt always remember to run the manual updates. So I would leave this on.

2)Wait for a fix?
- In speaking to MS employeeee at a recent MS event, I don't think there is one coming soon. Unless someone REALLY has a fit. It will come to a head, but MS is too busy with their regular biz.

3)Hacked registry fix.
EUREKAKA! There we go That's what we need. Let's just turn it off! It turns out there is a registry entry that gets rid of this annoyance and will allow you to save your data and reboot on your own. Don't you feel better now? I know I do! :)

Here is the link, save to your desktop, double click and say "yes" to add it to the registry.

"Turn off auto reboot" fix

Happy Computing! and Pass this info on!
Nick H

Eating Fatty McDonald's food may soon Pay off!

2005-12-12T16:33:00.000-05:00

I think we now officially are in a true digital age, here is an interesting little story in the New York Times.

"If the Walt Disney Company has its way, McDonald's Happy Meal toys could be replaced with portable media players that hold Disney movies, music, games or photos, according to a pending patent application. Users could add files to the devices by earning points with food purchases.

The plan could work something like this: A customer enters a restaurant and buys a meal, receiving the portable media player and an electronic code that authorizes a partial download of a movie, video or other media file, which can be downloaded while in the restaurant, according to a United States Patent and Trademark Office application filed by Disney. Then, with each subsequent return, the customer earns more downloadable data, eventually getting an entire movie or game.

Earning a large file, like a movie, might require five trips - a compelling incentive for a customer to return to the restaurant."

Yeah I'll take a Number 3 supersized with a chunk of Star Wars Episode III please! Ahh CRAP! I already have 5 first half's of the movie! This sucks!

Once again corporate America pushes society towards digital obesiety.
Yum Yum

MS Excel Vulnerability

2005-12-12T10:13:00.000-05:00

MS Excel Vulnerability? Yup another one. Although this time its a very humerous story how this came to light.

Eweek had this to say:
---------------------------
What's the retail value of a security vulnerability in Microsoft Corp.'s Excel spreadsheet program? At last check: $53 and counting.

An unknown security researcher chose a novel way to issue a warning for a code execution flaw in Excel—posting it for sale on eBay. But the auction was pulled late Thursday after discussions between Microsoft and eBay Inc.

When the auction was squashed, the bidding had reached $53 and had attracted 19 offers.

A spokeswoman for Microsoft confirmed that the eBay listing was indeed a legitimate security flaw in Excel. "[We] have not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time, but will continue to investigate the public reports to help provide additional guidance for customers," the spokeswoman said in a statement sent to Ziff Davis Internet News.

The spokeswoman said the company was investigating the report and working with eBay to determine the appropriate course of action to protect Excel users.

In the listing, posted by a seller named "fearwall," the issue is described as a zero-day vulnerability that was discovered on Dec. 6, 2005 and reported to Microsoft.

The seller openly taunts the software giant, poking fun at the company's delays in providing fixes for known security bugs. "It can be assumed that no patch addressing this vulnerability will be available within the next few months. So, since I was unable to find any use for this by-product of Microsoft developers, it is now available for you at the low starting price of $0.01 (a fair value estimation for any Microsoft product)," the listing read.

It said a percentage of the proceeds from the auction would be contributed to various open-source projects.

"Microsoft representatives get 10 percent off the final price. To qualify, you MUST provide @microsoft.com e-mail address and MUST mention discount code LINUXRULZ during checkout," it added.

The seller also provides brief details on the flaw, which occurs because Excel does not perform sufficient data validation when parsing document files.

"As a result, it is possible to pass a large counter value to "msvcrt.memmove()" function which causes critical memory regions to be overwritten, including the stack space. The vulnerability can be exploited to compromise a user's PC," according to the listing.

"It is feasible to manipulate the data in the document file to get a code of attacker's choice executed when [a] malicious file is opened by MS Excel. The exploit code is not included in the auction. You must have very advanced skills if you want to further research this vulnerability," it added.

The seller promised to provide the winning bidder with two .xls files—one file is the original Microsoft Excel document, the other one is a copy of the same document modified to demonstrate the vulnerability.

"The demonstration merely triggers the exception causing Excel to crash. It does not do anything malicious. A detailed description of the vulnerability will be provided in the message body."

---------------

So Keep your eye on e-bay becuase you never know when a security hole will come up!
Oh, and if you get a mysterious spreadsheet from anyone, it would probably be a good idea not to open it right now.

That is of course only a problem if you're using excel. :)

Well here it goes.

2005-12-12T09:18:00.001-05:00

Hello All,
Well after much consideration (at least 5 minutes) I decided to launch this blog. Interesting term "Blog" sounds like a 1950's SiFi movie about brain-eating aliens. hmm....
Anyway, Here it goes. I will try to keep this updated as much as possible. You will find all things Technology related here and also the occasional rant usually about big business or something to that effect.

ENJOY!!