Spyware, or, How I Hate Windows

(Security, because it’s spyware, but General Tech, because it’s not actually all that interesting, being spyware on Windows, but I figured I’d post a bit of my notes here.)
Linda’s mother asked me if I could have a look at her PC. It was giving her weird error messages when she tried to go into the Control Panel and such to remove software. She blamed it on Linda’s sister, who’d been using LimeWire on the machine, but I figured it could have been anything, so I agreed to have a look. (There’s some history between us regarding fixing computers, and I generally loathe looking at family PCs anyway, but I figured what the hell, I’d never seen that particular error message before.) So, mostly last night and a bit today, I had a look.

Continue reading “Spyware, or, How I Hate Windows”


My wife takes classes at a local university, and they have recently started using the iclicker. She got hers today, and I immediately started scheming. It’s $40 so I don’t really want to go out and buy another one just to take apart, but it’s still pretty tempting. All in all, I’m fairly disgusted by the whole thing (especially since I’m sure her uni is making a bit of a profit off selling her this thing). She has to go to their website – the company’s, not the university’s – in order to tie it to her student ID. Looks like it might be susceptible to jamming, at least (maybe a modified 900MHz cordless phone?). Unfortunately, my wife won’t let me take hers apart, but it might almost be worth sinking $40 into it to see what I can do with it. Of course, I wouldn’t use my knowledge for Bad, but I wonder how much thought has been put into this thing’s security? It’s tied to your student ID, after all.

Argus 3.0 on FreeBSD

After reading Tao of Network Security Monitoring, and other associated reading, I was all fired up to try getting some session data of my own. (Having a stepdaughter with her own internet-connected PC makes me leery too.)
So I tried argus from ports tree (2.0.6) and didn’t have much luck with it, although in retrospect I’m not sure that it just doesn’t like the tcpdump files I was passing it for some reason. I’ve been keeping all my documentation on this stuff in a private twiki, but I thought some of this information might be useful more generally, so I’m throwing it out onto the internets, Bejtlich-style.

Continue reading “Argus 3.0 on FreeBSD”

First they took away…

OK, it has to be said. This is probably not original to me, although I haven’t yet seen it elsewhere (I was camping last week and so was pretty out of touch).
What happens when The Evil Terrorists come up with a plot to destroy an airplane with stuff stashed in a prosthetic limb, using a pacemaker as a trigger? For extra laughs, they can use a wheelchair too. And let’s play a race card or two – find some cleancut fellow with black or yellow or white skin to carry it.
Why not just cut to the chase now, and force everybody to fly stark-naked after a two week cleansing in a monitored clinic? Crazy? So is dumping gallons of liquid into big barrels *surrounded by hundreds of people*. The terrorists with explosives in their bottles don’t have to make it past security – they just have to make it *to* security.
And my first source of news on this whole sports drink bottle foofarah was Kitchener’s own The Record, which had a front page article (continued to the second page for about 12 column inches) on how The New Rules aren’t all that bad, really.
My new rules are about this || close to “if I can’t walk, drive, bus, or train there, I’m not going”. Add that to my refusal to travel to the US now – nothing against you Yanks, I just hate the idea of requiring passports for me and my family at $75 a pop – and it looks like I’m going to be pretty static for a good long time to come.
Remember all those people crying about how we can’t let the events of September 11, 2001 change our lives, “or the terrorists will have already won”?
They’re winning.

Patches and security metrics

Long time no security talk. This is meant just as a quickie, to jot some thoughts down while they’re in my head and before I take off to The Big Blue Room for a week or so.
I was listening to the most recent pauldotcom podcast, and something struck me about it. They’re not alone, but Twitchy spent a good 60 seconds at least decrying Macs for the number of patches they received in the last update.
Now, I’m not the smug Mac user that he / they hate, but it strikes me that it’s just as foolish to base one’s perception of the security of a product based on the number of patches it receives (security-related or otherwise) as it is to use any other single metric to judge anything else. For instance, judging worker performance by the number of request items closed is crazy. Judging a salesman’s performance based exclusively on number of products sold is showing a lack of poor judgement. (If you’re going to use a metric there, make it repeat customers. I know for real estate and vehicles that’s a bit less convenient, but if the customer’s not happy, it’s not a good sale just because you have their money. But I digress.)
All operating systems (and suites of software) have tons of exploits. Pick your poison. To quote a bofh who shall remain nameless here, “I’ve always taken the position that if you can’t find anything bad to say about a language or an operating system then you don’t understand it.” The key is – and in fairness, Twitchy touched on this – to understand just what you’re getting into when you run OS X or Linux or FreeBSD or Windows. I run all of those, every day, for different reasons. I have OSes that I prefer over others, and while it would be exaggerating to say that I literally hate them all, there really are things about each one that I can’t stand. (And they *all* have very annoying, smug, userbases, albeit FreeBSD’s is much smaller because there’s far fewer end-users of that than any of the others named.)
Besides, if you’re gonna go by the number of patches metric, I’m pretty sure if one were to count up all the patches for all the Linux applications (yeah yeah, Linux is just the kernel, but what the hell can you do with just a kernel?) in the last month, it’s a lot more than 50. So there. Hell, Firefox+Thunderbird alone must be approaching that. :-) In other words, I see your OS X 0-day driver vulnerability (that got somebody at ShmooCon 0wned), and raise you a 0-day Linux file privilege escalation vulnerability (that got a major Linux distribution’s build box compromised). Rationalize that how you will – “but the Linux one required local user privileges already” – but in the end, it’s still a major hole that affected a *lot* of people, and it’s far from the only one.
NO operating system is safe by the sheer virtue of its philosophy or designers or hardware or the majority (or minority) of the people using them or any other reason. By extension, no OS is unsafe simply because it has a lot of patches. I’ve used a lot of them in my time, and believe you me, every OS sucks. Appeal to authority? Maybe. I don’t care.