Jesper Johansson's Blog

Fake Anti-Malware is Apparently Microsoft's Fault

2009-10-24T17:20:00Z

Munir Kotadia, an IT Journalist in Australia, has finally managed to figure out how to blame Microsoft for the fake anti-malware epidemic. Apparently, the reason is that "Microsoft could save the world from fake security applications by introducing a whitelist for apps from legitimate security firms" and, presumably, has neglected to do so out of sheer malice. I'm clearly not a thinker at the same level as Munir; maybe that is why I don't fully get this white list he proposes. Does...(read more)

How Delegation Privileges Are Represented In Active Directory

2009-10-21T04:21:00Z

One of the last areas where more tool support is needed is in monitoring the various attributes in Active Directory (AD). Recently I got curious about the delegation flags, and, more to the point, how to tell which accounts have been trusted for delegation. This could be of great import if, for instance, you have to produce reports of privileged accounts. KB 305144 gives a certain amount of detail about how delegation rights are presented in Active Directory. However, it is unclear from that article...(read more)

Web Of Trust: RIP

2009-10-14T05:16:00Z

It's official. I just received an e-mail from Thawte notifying me that, as of November 16, 2009, the most innovative and useful idea in PKI since its inception, the Web of Trust , will die. Thawte was founded 14 years ago by Mark Shuttleworth. The primary purpose was to get around the then-current U.S. export restrictions on cryptography. Shuttleworth also had an idea that drew from PGP: rather than force everyone who wanted an e-mail certificate to get verified by some central entity - and pay...(read more)

Passwords are here to stay

2009-10-11T05:54:00Z

At least for the short to medium term. That is the, quite obvious, conclusion drawn in a Newsweek article entitled "Building a Better Password." The article goes inside the CyLab at Carnegie-Mellon University to understand how passwords may one day be replaced. It is interesting reading all around. The article is not without some "really?" moments though, such as this quote: The idea of passphrases isn't new. But no one has ever told you about it, because over the years, complexity—mandating...(read more)

And finally, standard user malware

2009-09-01T06:21:00Z

Today I finally got wind of my first piece of true standard user malware. MS Antispyware 2008 has turned standard user. The version in question installs the binaries in c:\documents and settings\all users\application data\<something>, and makes itself resident by infecting HKCU\...\Run. Curiously, the legitimate anti-malware program (one of the top 3) failed to detect the infector. Obviously, this version is much easier to remove than the ones that require admin privileges. However, MS Antispyware...(read more)

Microsoft Poland Empowers White People

2009-08-26T05:53:00Z

In an absolutely astonishing move Microsoft's Polish subsidiary decided to do some photoshopping on its Business Productivity Infrastructure page to tailor it to the Polish market. Here you can see the U.S. original . In one of the least sensitive moves this year, the Polish subsidiary decided that black people in Poland do not need to be empowered, so here you can see what its version of that page looked like for a few hours today. As you can see from the current version on the Polish site ...(read more)

Is it ActiveX that is the problem?

2009-08-09T20:04:00Z

Last week, an expert from Verizon, nee Cybertrust, posted a note about the Active Template Library (ATL) security vulnerability over on the Verizon Business Security Blog . For home users, the phone company now advises you to use a different browser, ostensibly because IE and ActiveX are inherently insecure. I felt that quite missed the point that (a) browsers are software, and (b) all software has vulnerabilities, and (c) extension technologies in browsers add functionality, which (d) is implemented...(read more)

Warning: The software you are installing does not match your mental model

2009-07-21T05:10:00Z

This morning I talked to my dad. After a few minutes of polite small talk, I heard the 10 little words I have come to dread: “I had some problems with my computer the other day.” The video card on his laptop had died. The screen was just black. He has a Dell Vostro, so he called Dell Technical Support. They sent a contractor technician out; with a motherboard. The technician, having no real qualifications other than the need for a job; and no real training other than how to fill out the...(read more)

Steve Riley Lands On His Feet

2009-07-10T23:13:00Z

In May, in one of the more inexplicable moves this year, Microsoft laid off my good friend Steve Riley, four days before he was to deliver half a dozen presentations at TechEd. Fortunately, it did not take Steve long to find a new gig. This Monday, he starts as the latest Evangelist & Strategist for Amazon Web Services ! I'm very very happy for Steve, and very excited about what he can do in that role. Web Services are where the future is, and Steve is extremely well suited to the role. Please...(read more)

A better, more reliable, work-around for the Microsoft Video Control Vulnerability

2009-07-10T06:09:00Z

For the past few days I've been following the Microsoft Video Control Vulnerability with interest. Basically, it's another vulnerable ActiveX control that needs killbitted. Last night, Microsoft posted a work-around which involves using a Group Policy ADM template (ADM is the template format that was deprecated in Vista and Windows Server 2008). Unfortunately, the template tattoos the registry, which is not really recommended. I contemplated for a while writing a work-around for this issue...(read more)

Are Identity Theft Services Worth The Cost?

2009-03-24T04:01:00Z

The Consumer Federation of America just published a report on identity theft services entitled " Are Identity Theft Services Worth The Cost? " The conclusion is that many are not, and that regulation is needed in that industry. It is a very interesting read....(read more)

Please do not e-mail my social security number

2009-01-28T05:38:00Z

Recently I had a very interesting incident. I wrote an article some time in 2008 and the publisher paid me a little bit of money for it. That means the publisher must send a report to the Internal Revenue Service (IRS - the U.S. tax department) reporting that they paid me, as well as send me a form called a 1099 form that I can use to report this money on my tax return. A few days ago the comptroller for the publisher sent me an e-mail asking for my social security number (my national ID number for...(read more)

Kip Hawley: "No, the TSA is Necessary Because This is War!"

2008-12-24T10:44:00Z

CBS News did a story a few days ago on the Transportation Security Administration (TSA). Basically it was a tit-for-tat between Bruce Schneier , security pontificator extraordinaire, and Kip Hawley, the administrator of the TSA. Mr. Hawley's maintans that the TSA provides a necessary service because we are at war, and the obvious battleground, apparently, is airplanes. Surely, we must all realize that just because the terrorists used airplanes once, they can't possibly have enough imagination...(read more)

One "Hacker" Attempts to Rule The World

2008-12-24T10:40:00Z

Wired, always a source for amusement and interesting literature, just carried a story on a "hacker" (the magazine's use of the term equates to "criminal") who attempted to dominate the market in stolen credit cards. It's a neat story about an unsavory character who is not going to get enough prison time. If you are too busy to read it, here is a synopsis: --- Once upon a time, there lived in a far away land an evil dark lord. He lived in a dark castle with all kinds of...(read more)

You need to manually undo your MS08-078 mitigations

2008-12-18T17:57:00Z

Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-alt:"Calisto MT"; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-alt:"Times New Roman"; mso-font-charset:0; mso-generic-font-family...(read more)

Lock your USB Token

2008-12-16T07:10:00Z

Recently, Lev Bolotin of Clevx gave me a production sample of a USB token with a keypad on it. It's a pretty neat idea for certain uses. My immediate thought went to BitLocker in Windows Vista. You can store the BitLocker key on a USB stick, but you cannot prevent anyone who gets their hands on the USB stick from stealing the key. Nor can you require a PIN and the USB stick to unlock your drive . With Lev's stick, however, you can put a PIN on the USB stick itself. Unless you enter the PIN...(read more)

Believe it or not; DRM for Zune is down!

2008-12-16T06:21:00Z

Shocking, yes, I know, but in only four hours this evening Microsoft has managed to alienate over 150 additional customers with its insistence on Digital Rights Management (DRM). This time it is the DRM component of the Zune store that is down, according to the 164 posts so far over on the Zune forums . OK, so realistically, that probably means that about 100 times that many customers have been alienated, including my oldest son who is unable to use the $15 worth of Zune points that his mother just...(read more)

What do you think, should I do it?

2008-11-16T16:44:00Z

I get a fair bit of blog spam - comments advertising everything from sexual enhancers to fake anti-malware. This one just came in this morning: Sweet! I can turn off all the blog spam just by e-mailing the criminals? Or, could it possibly be that this is a clever ruse find out what my e-mail address is so they can send their junk there too? Hmm. I think I'll just forward this to abuse@gmail.com....(read more)

Fun Experiences at Airport Security

2008-11-15T16:13:00Z

For a while I've been thinking about writing something about interesting times I've had at various airport security checkpoints; security theater, as they have come to be known. There is the obvious shoe removal arguments and the ill-defined rules on electronics (my camera is larger and has more electronics than most laptops, but that can stay in the bag, laptops can't), but there have been more interesting stories. Got any of your own? Share them! Around November 2001 a colleague of...(read more)

XP Antivirus in the News

2008-11-07T10:05:00Z

Several helpful people just pointed me to some articles on XP Antivirus and its various variants. In case you do not remember, XP Antivirus was the subject of an article I wrote for The Register a few months back. It turns out that the scammers got hacked, and the hacker posted some internal accounting details on the web. As suspected, this is a sophisticated business making millions of dollars. It even appears to have an affiliate program. In case you have not seen the articles yet, here are a few...(read more)