AlienSplicer

Archive for the ‘Technology’ Category

We’ve all seen them while searching the web. Sites that are comprised entirely of click-advertisements. What I hadn’t realized before, was just how large a problem this is.

Bob Parson, CEO and Founder of GoDaddy.com, writes in his blog, Hot Points, about domain name “add/drop” abuse — the practice of registering a domain name, dropping the registration for a full refund just before the five day Add Grace Period ends, then re-registering the domain and doing it all over again. While the domain is registered, the owner puts up a page on the site that is comprised entirely of advertisement links based on, or loosely categorized by, the domain name. This abuse of the domain registration process can lockup domain names indefinitely without costing the abuser a dime while they turn a potential profit from the advertisement links.

I’ve personally watched as two domain names we’ve been patiently waiting to expire were caught up in this abuse. If we’re very lucky, they won’t be profitable and we’ll get a chance at them again down the road, but if they earn so much as a dime, they can be lost virtually forever.

Bob points out that this form of abuse is on the rise, increasing by 1500% in just one year — nearly 30 million domain names!

He also suggests a likely solution. ICANN (Internet Corporation for Assigned Names and Numbers) currently collects a $.25 fee for every domain name registration kept past the grace period — a fee they are not getting from “add/drop” domains. Bob suggests ICANN change their policy to make the 25 cent fee non-refundable and collect it at time of registration. Although he believes this will cause the “add/drop” abuse to stop immediately, it requires ICANN to take action, something they have historically been slow to do.

Frankly, I agree that this would be a win/win solution to the problem. This small fee would definitely stop add/drop abuse, is not so much as to cause a hardship on a registrant that may make a legitimate error, and would provide a fractional increase of registration fees collected by ICANN due to these occasional errors.

In July, Microsoft will no longer support Windows 98, 98SE, or Me.

In late 2002, Microsoft published a new Life-Cycle Policy, stating that Windows 98, 98SE and Me would reach End of Life in 2003 and 2004. Although these versions of Windows are no longer available, they have continued to receive certain updates, such as security patches, and many people with older computers continue to use them today. However, in July, the risk of continuing to operate computers with these old versions of Windows will increase.

This last January, Microsoft published an End of Support statement, saying that they will no longer be providing support or updates for these versions of Windows past July 11, 2006. Although they indicate that they will continue to provide access to already existing documentation and patches, I suspect it will only be a matter of time before these are also no longer available.

So, what are your options? Microsoft, of course, would have you purchase a new version of Windows, such as XP Home or Professional, to replace your no-longer-supported version. Unfortunately, many of the systems currently running Windows 98/98SE/Me simply don’t have the speed or memory resources required to support XP, or even Windows 2000. Depending on the age of your hardware, you might be able to get away with increasing your memory to 512Mb or greater — I know of a couple of 750MHz Pentium III systems w/512Mb or RAM that are running Windows XP Home, but they tend to run very, very slowly. To get adequate use out of XP, you will probably have to replace your computer.

Whether or not you decide to replace your system, this might be an opportunity to look at an alternative to Windows for your aging machine: NetBSD, FreeBSD, OpenBSD, or one of the many Linux distributions — all of which perform rather well on these older computers as well as today’s hottest systems.

There are various headlines this weeks regarding Microsoft’s release of new ‘critical’ updates for Windows, Office, and other products. In all, there appear to be patches for 20 different vulnerabilities. Although all but one of the patches are already included in XP Service Pack 2, the one that’s not covers multiple security issues with Internet Explorer.

The most severe vulnerability being fixed is an exploit that would allow an attacker to take complete control over the affected machine, allowing them to remotely run programs — most likely turning the system into a zombie for sending spam or for participating in Distributed Denial of Service attacks on other systems.

Regardless of the version of Microsoft Windows you use, if you haven’t done so in the last couple of days, you should run Windows Update today and at least install the Critical updates. Microsoft has committed to publish updates once a month, but I would recommend you check for updates every week, or turn on Automatic Updates.

Excerpt of “New Trojan program squashes adware” by Paul Roberts on ComputerWorld:

A new Trojan horse program that attacks and removes troublesome advertising software, known as adware, is circulating on the Internet, according to antivirus company Symantec Corp.

The program, called Downloader.Lunii, was discovered on Monday. When run, it attempts to kill off computer processes and delete files used by common adware programs like Powerscan and BargainBuddy. However, Lunii isn’t entirely benevolent. Like other Trojan horse programs, it also modifies the configuration of Microsoft Windows machines and attempts to download files from a remote location, Symantec warned.

This Trojan horse propiates via email. I have maintained for sometime now that executable programs have no business being sent via email. If they were blocked automatically by mail servers, the number of virus, worm, and trojan incidents would drop significantly. It may sound heavy-handed, but this is a very easy solution to implement and is very effective.

In Paul Boutin’s “Fight Virus With Virus” on MSN’s Slate, he mentions how the Blaster antidote worm, Nachi, was just as draining on network resources as Blaster itself:

”As the Blaster worm circled the globe, the do-gooder released a worm called Nachi that infiltrated the same security hole as Blaster. But Nachi wasn’t a Blaster variant, it was a Blaster antidote: It erased copies of Blaster it found on PCs it invaded, then downloaded and installed a Windows update from Microsoft to secure the computer against further Blaster (and Nachi) attacks. Ingenious! There was only one problem: Nachi overloaded networks with traffic, just like Blaster had.” [emphasis added]

Boutin says antidote viruses are a good idea, if written correctly so as not to cause further network issues, and even suggests how they should behave:

”What we need is a final MyDoom variant—let’s call it MyDoom.Omega—that breaches the exact same security holes as versions A through O, yet spreads itself slowly and carefully to prevent traffic jams.”

I admit that fighting viruses with viruses is a sexy idea, and it might work. However, I dislike the idea of them spreading in the usual viral manner by actively searching out and attacking any vulnerable machine they can find. I would prefer the anti-virus to be more reactive than proactive; to sit patiently on an inoculated system, listening for the signature of a specific viral attack, then to launch an attack against the offending machine and inoculate it. The anti-virus would then sit patiently again, on both machines, waiting for the next viral attack. After a number of months of inactivity, the anti-virus should quietly remove itself from the inoculated system to free up the computer resources it had been using.

This behavior might be a bit slower in spreading itself across the internet, but it is a far-sight less aggressive than Nachi and would only target those machines already known to be infected. It would also be self-limiting in life-span. Behaviors that are much easier to defend in the court of public opinion and, perhaps, a court of law.

This server will be physically moving to a new location this week — causing an interruption of service. I had hoped to avoid the interruption by setting up a new server and slowly migrating data and services to it. Unfortunately, the timing hasn’t worked out for the new server, so we must move this server instead.

All services (email, www, etc) and domains hosted on the server will experience an outage beginning Tuesday afternoon/evening and ranging from several hours to a couple of days, depending on how long it takes the server’s new address to propagate throughout the web.

I apologize for the inconvenience this may cause.

A couple of weeks after this move is complete, the new server — faster, more memory, more disk, better backups — should finally be ready to go. Migrating to it should be a much smoother transition than this week’s move.

Update:
The server will get moved on Thursday, instead of Tuesday.

Recently, I came across “Optical Storage Sings the Blues,” from ComputerWorld as well as several other articles which discuss a new family of laser disk technology that can store up to 20GB of data on a single DVD-like disk, or up to 30GB on optical disks housed in protective cartridges. This is 400-600% more capacity than today’s DVD’s! For the most part, this is achieved by switching the infrared laser found in CD & DVD drives with a blue laser — blue light has a shorter wavelength, producing thinner laser beams which can write more data to what is basically the same media.

This should be welcome news to IT departments responsible for archiving strategic company information, such as financial, customer, or product design databases. Today, these archival processes use tapes, which are stored in climate-controlled vaults. But even under controlled conditions, magnetic media has a very limited life-span and the information on archive tapes must be moved to new tapes every couple of years. Depending on a company’s archive requirements — fourteen or more years in some cases — this “refresh” process can become very expensive and time consuming.

To combat this problem, IT shops have begun to use CD’s and DVD’s for some archives. But these disks have only a tiny fraction of the storage capacity of modern data tapes. And in some industries, such as mechanical and electronic engineering, design databases can be 10-20 gigabytes or larger, making CD and DVD media impractical. Although blue storage disks are still much smaller than today’s 80-320GB tapes, they are just large enough to be practical for many long-term archival requirements.

This technology is expensive today — around $3000 a drive and $40 per disk — but it has already started appearing in IT shops. Sony, one of a few manufactures, says they shipped about 60,000 drives world-wide last year. This is only a drop in the bucket compared with the 200 million CD and DVD drives shipped during the same time-frame. As the technology becomes more widely used in the industry, it’s price will start to come down.

I expect that in three to five years, these drives should be within the consumer price point of today’s CD and DVD drives — opening new possibilities in the movie and home computing market. Imagine having the entire multi-year run of all five Star Trek series and movies, along with full commentary from cast members, directors, and special-effects artists on a single disk! Being able to backup the 250GB hard drive in my PC on fewer than 4 dozen disks might be nice too.

It has always been our policy to block and quarantine emails that contain Windows executables in order to help prevent email viruses, or worms, from propagating through the fox.phoenix.az.us domain. The recommended method of emailing executables has been to archive/compress them and send the zip file instead.

Unfortunately, this is no longer acceptable. Email viruses are making increasing use of compressed (zip) files to spread themselves across the Internet. Until further notice, emails bearing zip files will now also be blocked.

The anti-spam software SpamAssassin™ has now been fully implemented, tuned, and running at fox.phoenix.az.us for the last month. The results have been an overwhelming success! In the last month, we’ve quarantined 98% of all incoming spam messages and have had less than a 1% false positive rate.

Excerpts of “New Computer Virus Clogs E-Mail Inboxes” by Riva Richmond from WashingtonPost.com:

A new strain of one of the most virulent e-mail viruses ever spread quickly worldwide Tuesday morning, causing fresh annoyance to users worn out by last week’s outbreak of the Blaster worm.

The new virus, named “Sobig.F” by computer security companies, attacks Windows users via e-mail and file-sharing networks. It also deposits a Trojan horse, or hacker back door, that can be used to turn victims’ PCs into senders of spam e-mail.

. . .

The e-mail message that carries Sobig.F has the subject line “Re: Details” and the message “Please see attached file for details.” If a recipient clicks on the attachment, which can have multiple names ending in the .pif file extension, the computer will be infected.

The virus will then send itself out to names found in the victim’s address book and will use one of these names to forge a return address. As such, the infected party may not quickly learn of the infection, while an innocent party may get the blame for helping to propagate it.

Like all the other Sobig viruses, this version is programmed to self-destruct after two weeks, in this case on Sept. 10.

Excerpt of “New Fast-Spreading Sobig Worm Adds to ‘Worm Week’” by Elinor Mills Abreu from Reuters:

Sobig.F, a variant of an older worm, began spreading on Monday in Europe and has infected an estimated tens of thousands of Windows-based computers, said Patrick Hinojosa, chief technology officer at Panda Software, based in Madrid.

It arrives in e-mail and includes a variety of subject lines, including “Your details,” “Thank you!,” “Your application” and “Wicked screensaver.” It has caused some corporate e-mail systems to grind to a halt, according to Sophos Inc.

When the .pif or .scr attachment is opened, Sobig.F infects the computer and sends itself on to other victims using a random e-mail address from the address book.

It also prepares the computer to receive orders and tries to download files from the Internet, said Hinojosa. It was unknown exactly what files they were, he said.

If the infected computer is on a shared network, the worm tries to copy itself to the other computers on that network.

The worm is programmed to stop spreading on Sept. 10.