Monthly Archives: April 2006

Windows Live Mail will be reducing advertisements.

Cool. They’re getting rid of the skyscraper advertisement to the right of the reading pane – never liked that ad:,guid,e6507db5-20d7-4727-83aa-a7c89a36640f.aspx

While we’re on the topic of the cost of security…

A brief article has just gone live at the Handlers Diary at the SANS Internet Storm Centre with by-line “Relay Reject Woes”

Pity that poor guy putting all that time and effort into fighting the spam-bots. 

The article brings to mind my experiences about 6 years ago; I’d just started taking care of a server running Novell and GroupWise.  Every night their server had been crashing and/or running extremely slowly and their current IT provider were unable to work out what the problem was.  They threw money at that server – more RAM, bigger hard drives, upgrading software, etc to no avail.

It didn’t take long for me to work out what was going on; mail relaying was enabled on the server (back in those days mail relaying was enabled by default) and said server was being brought to its knees every night by the spam load being pumped through it and the inevitable NDRs that were being generated.  The server was on every blacklist in existence and, of course, postmaster@ was not being monitored.  Damned if I know how the situation could have escaped the attentions of the IT support provider.

Ok, so I turn mail relaying off, but that did not resolve the situation.  Sure, it stopped the spam from being relayed, but it didn’t stop the stuff from being accepted in the first place and dumped into the BAD directory.  The server was STILL under an amazing load, and guess who had to pay the cost of the bandwidth being used.

Fast forward to current day and another server, this time running SBS.  This time there is no mail relaying enabled but we are still the recipient of ridiculous loads of spam.  Again, time and effort is devoted to trying to stem the flood – users a complaining about the level of spam getting into their inbox.  Now that Exchange has mail filtering the job is easier, but it still takes up way too much time.  Being a law firm, no email can be automatically deleted.  Every single filtered message must be checked to ensure it is not a legitimate email and NDRs must be enabled :o(

It irritates me that so much spam is getting to me unimpeded.  It irritates me that so much of that spam is coming from spam-bots owned by home users.  But there is little that *I* can do to solve the problem.  The problem has to be solved at the source, not the destination.

Then there are the baddies trying to log into my server for nefarious purposes using names like ‘webmaster’ or ‘postmaster’ or ‘admin’ or ‘asdfasdf’ (yeah right, like that last one is gonna work) or ‘Pete’ or ‘Fred’ or ‘Sam’. 

It irritates me that so much time and effort and cost is expended fighting the bad stuff.

Ransomware and lazy coders

I’ve just been reading this article about the latest “ransomware” to hit the streets:

I’m sure Kapersky will forgive me for quoting the sections pertinent to this post:

“I think we have an interesting development going on here, I think there are two different types of ransomware.   Real ransomware, which encrypts your data or does other nasty stuff.  And malware which claims to do all sorts of nasty stuff but actually doesn’t. It’s bluffing, like bluff poker.

Ransomware has gotten quite some media attention and now criminals are trying to simply bluff people into giving up their money, instead of having to write difficult code.”

Writing difficult code… its a good point.  Its amazing how much stuff out there nowadays is being created by script kiddies using various tools to generate their wares.  There was a virus generator around for a while (not sure if it it still is) and a rootkit generator as well.  But, when push comes to shove, those script kiddies ain’t that good – without the generators they use they wouldn’t be able to do what they’re doing.

The capabilities of malware, and of malware writers, have been a high point of focus for me lately.  Its been said that if we lock things down in one way the bad guys will simply find a way around our defences.  But, when I read things like the Kapersky article it reminds me that a lot of the stuff out there that won’t adapt to new defences.

The quick money.. the easy money.. that’s what the vast majority of bad guys are after.  Sure there are “professionals” out there (popular sentiment placing them in Russia and other eastern bloc countries) who write very sophisticated malware that can be extremely difficult to remove, and a small percentage of such malware is able to get through our firewalls, but what percentage of the bad guys out there have such abilities? 

It has been said that if we introduce a particular security feature, then the bad guys will see that feature and bypass it anyway.  I’ve been thinking about the sentiment over the past few days.  I’ve come to realise its a pervasive mindset, but its one that I’m finding hard to settle in my mind as ok.   Are we correct to *not* block 95% of the bad stuff via outbound filtering simply because 5% may get through anyway?  If we do block that 95%, how long will it take before that it adapts and neutralises our measures?  Will it adapt at all?

I can understand how forcing the bad guys to increase their level of sophistication is a bad thing – as the bad guys get better at what they do, and bypass more and more of our security measures, then things get harder and harder for us in the battle to win.  But, at the same time, without that crossing of swords we wouldn’t have seen the security improvements that we now have the benefit of – a lot of software either would not come to be, or would not have been improved.

Two new Internet Explorer KB articles.

Error message when you start Internet Explorer 6 on a Windows XP-based computer: “Runtime Error! Program: C:Program FilesInternet ExplorerIEXPLORER.EXE”;en-us;916245

(I am wondering if the above should refer to iexplore.exe, not iexplorer.exe – there is malware that uses an executable called iexplorer.exe, but that doesn’t seem to be the target of this article despite the reference to running a spyware check at the end of the article).


FIX: An access violation may occur when you use Internet Explorer 6 to visit a Web page that uses HTML Components to do DHTML scripting;en-us;910645

Encarta Instant Answers

Today we celebrate Queens day here in the Netherlands. Actually it is kind of confusing as it is supposed to be tomorrow, but as that is a sunday so they moved it one day ahead. And now to confuse you foreigners even more, tomorrow is not even the birthday of our current queen, it is the birthday of the previous queen. The current queen has her birthday in January, which is probably not the best season to have a public holiday.

But enough for this introduction,  I don’t know why, but I was playing with the Encarta Instant Answers a little bit and I though I would ask it who our current queen is. I must say the answer is a little surprising:

Encarta® Instant Answers: I don’t know about the Queen of the Netherlands, but I do know that the ruler of the Netherlands is German occupation.

Did I miss something? Have the Germans been ruling us all the time without us noticing it? Our royal family is German of course, if you go back long enough in time, but I think Encarta Instant Answers has been mixing up some articles about the Netherlands and the Second World War here.

The math of the gate

I have been able to create some nice mathematical formulas that describe the end position of the gate, based extension length and the different heading and pitch angles. Of course these equations are rather complex, with a lot of sine and cosine functions, so that makes them hard to solve by hand. So I think to do it with some smart computer program and that sort of works. But unfortunately this set of equations does not have a single solution, so a simple answer was not possible.

The next step I took is to implement these equations in a little tool that just tries to find the closest answer by trying a lot of different angles, etc. This worked rather well (and also rather fast), so I will be using this approximation for my gates later on.

Now the next step is to put some data for different aircraft types in the equations and see if I can create proper animations from that. I will be giving that a try over the next few days, but I think this is going to work fine.

Disable USB Drives via Group Policy

Windows Vista has a great new feature that will allow you to disable the use of external devices like USB drives, and/or CD/DVD drives.

Take a look at this walk-through to read up on how you can do it.

Viernes 28/04/2006

** Dedicado a la familia Font (y sus BBQ’s)  y a todos los Jordis **

El milagro:


Una solterona se entera que una amiga suya habia quedado embarazada solo con un ave maría en la iglesia de un pueblo vecino.

Unos días despues decide ir a esa iglesia con el deseo de quedar encinta al igual que su amiga.

    -Bueno días padre, saluda la solterona.
    -Buenos días hija, ¿en que puedo ayudarte?
    -Fijese padre que me enteré que una amiga vino aqui y quedó embarazada con un ave maría.
    -No hija, fue con un padre nuestro, pero ya lo despedimos….



Un ama de casa recibe a su amante durante el día mientras su esposo está en el trabajo. Sin ella saberlo, su hijo de 9 años se escondió en el armario.
Inesperadamente, su esposo llega a casa. Ella esconde a su amante en el armario. El niño ahora tiene compañía y se produce el siguiente diálogo:

- El niño: “Está oscuro”.
- El amante: “si lo está”.
- El niño: “tengo una pelota de baseball”.
- El amante: “qué bien”
- El niño: “me la quieres comprar?” El amante: “no, gracias”
- El niño: “mi papá está afuera”
- El amante: “está bien, cuanto quieres?”
- El niño: “250EUR”

Semanas después ocurre lo mismo, y el niño está en el armario otra vez con el amante y…

- El niño: “está oscuro”
- El amante: “si lo está”
- El niño: “tengo un guante de baseball”
- El amante: “cuando quieres” El niño: ” 750EUR “
- El amante: “ni hablar, niño, gracias”
- El niño: “mi papá esta afuera”, pagas ó grito?
- El amante: “está bien” pero quédate calladito


Días después, el papá le dice al niño, “coje tu guante y pelota, vamos a jugar baseball afuera. ” el niño dice, “no puedo papi. Los vendí. ” el papá le pregunta, “Por cuanto los vendiste?” El niño dice, ” 1.000 EUR” El papa dice, “Eso es terrible, no debes de cobrar de más a tus amigos. Eso es más de lo que esas dos cosas valen. Te voy a llevar para la iglesia para que te confieses. “


Van para la iglesia y el papá le explica al Sacerdote lo que pasó y manda al niño para el confesionario y cierra la puerta.


El niño dice, “está oscuro”.
Y el Sacerdote contesta: , “No empieces a tocarme los huevos. . .”

¿Alguna vez se han planteado cómo nace un pueblo?

Pues muy fácil:

Llega un tío a un desierto, pone un bar, y alrededor empiezan a construir casas. ¡Por lo menos en España!. La prueba es que en España hay pueblos sin escuela, sin ayuntamiento, sin farmacia, sin cuartelillo…., pero sin bar…¡ Ni de coña!

¿Y saben cuál es el motivo? Que en los bares podemos hacer muchísimas cosas que no se pueden hacer en casa… En un bar puedes tirar al suelo las cabezas de las gambas… Tíralas en casa y verás la que se lía… en el bar tiras las cabezas de las gambas y las tapan con serrín.  

¿Qué se cae una cerveza?. ¡La tapan con serrín!

¿Qué se cae un borracho?.¡Lo tapan con serrín!

¡Será por serrín!.

Otra cosa no, pero en un bar hay más serrín que en la tumba de Pinocho.
El bar también sirve para quedar con los colegas. Porque mi casa es tan pequeña que sólo cabemos tres (y sin el móvil), Y, claro ¿dónde vas a quedar si no? ¿En una ferretería?. ¿En la farmacia? ¿Y que vas a pedir, tres chupitos de Bisolvon y dos lexatines?. ¿O en la Iglesia?..Y eso… que… pensándolo bien… una iglesia es lo más parecido a un bar… Hay un señor detrás de una barra, vino, música, gente… y a veces hay hostias… Y los domingos, a la hora del aperitivo, los dos  sitios se ponen hasta el culo. Eso sí, en los bares hay más buen rollito que en la Iglesia…  Porque mientras que en la Iglesia pasa un tío con una panera para que sueltes algo, en el bar discutes por pagar.

¿Dónde más pasa eso?. ¿En la Comunidad de vecinos?. ¿Se imaginan que discutiéramos por invitar en la Comunidad de Vecinos, por ejemplo?:  

-          ¡Chssst!. La parabólica la pago yo.

-          Pero si tú ya pagaste la caldera…

-           Â¡Qué más da!… ¡Si no vamos a salir de pobres!.

Eso sí, en un bar, lo más importante es el camarero. Los camareros se pueden dividir básicamente en dos tipos: el camarero ÁGIL… y el AGIL-ipollado. El AGIL, según entras por la puerta, te limpia la mesa, te acerca el servilletero, te pone una caña y te dice: – Van dos cero, pierde el Madrid, ha bajado el índice Dow Jones y el político menos valorado es Mayor Oreja … ¿te pongo  una de oreja? El AGIL-ipollado se reconoce porque parece que esté saliendo de la anestesia: ni te oye, ni te ve. Tú le estás haciendo señas, como si estuvieras aparcando un avión, pero el tío pasa por tu  lado sin mirarte, como un médico de la Seguridad Social. Que entras por la mañana, y cuando por fin te hace caso… A ver. ¿qué va a ser?. – ¿Que qué va a ser…? ¡Dentro de nada de noche, huevazos!. Pero donde el bar alcanza la gloria es cuando hay partido.

El bar es el TEMPLO DEL FUTBOL. Antes había unos carteles en los que se leía: “Estupendos berberechos”, “Tenemos nécoras deliciosas”. Ahora no, ahora ponen: “HOY: DEPOR-REAL MADRID…” Y en todo el día no se habla de otra cosa… Nada más entrar pides una caña y el camarero te dice: – “Zidane tiene osteopatía de pubis”. Y ésa es la gran diferencia entre el bar y tu casa: nunca se discute por el mando. En el bar no hay zapping: Si hay partido, se ve el partido; si hay patinaje artístico, se ve el partido; si hay “Informe Semanal”, se ve el partido; y si hay peli porno en el Plus… se graba el partido y PUNTO PELOTA!!

Y para terminar algunas colaboraciones:

Lavabos públicos en Cadiz (By Xavi): (161 Kb)

Gato en un partido de futbol (By Melon): (64 Kb)

Video: “Gesto de amor” (By Dani): (654 Kb)

Buen finde a tutti,

When does self-responsibility kick in?

The Web site has highlighted a Russian ‘smartbomb’ for purchase that allegedly targets unpatched PCS:

According to itnews, Websense has reported that 1,000 sites are using the smartbomb, which can be purchased for as little as US$10.00.

The worrying thing that caught my attention about the report is that according to the statistics from just one attacker site, over 1,770 PCs were successfully compromised via a vulnerability that was patched back in April 2003!!!  I find it amazing that there are still computers out there that are vulnerable to an exploit that was patched three years ago.

The second most successful exploit for the highlighted attack site was one that targeted createTextRange, which was patched on April 11 – Websense reports that 1,507 PCs were compromised via that vulnerability.

There is only so much that we, as computer professionals, can do to protect people from themselves. Sooner or later every computer owner has to take responsibility for their own PCs, for their own security, and for their own education.

We’re having an interesting discussion in a security focused mailing list at the moment about reports that Windows Vista’s outbound firewall abilities will be disabled by default because the corporate end of town want it that way.

Some of the reasons given for why the decision is ok are, to me at least, staggering – for example:

1. The average user is not going to be interested or will freak out;
2. Stuff may get through anyway;
3. If you force them to learn they’ll start using another OS;
4. The public doesn’t want to be educated;
5. Computer manufacturers/ISPs won’t like the cost of supporting confused users.

So…. computer manufacturers/ISPs won’t like having to wear the cost of support calls – big deal.  Let’s think about cost.  How much money do you think is spent fighting, for example, spam? Spam that comes from compromised home computers?  How much money has been and continues to be spent by corporations and private citizens paying for the bandwidth absorbed by said spam?  How many corporations have had to spend money on various attempts to ward off spam whether it be software or hardware solutions.  How many have had to upgrade their hardware to cope with the demand?  How much money do you think has been spent is fighting denial of service attacks from compromised home machines? How much money is spent fighting to take down phishing sites on compromised home machines? How much money has been lost to the criminals behind phishing sites? (the last report I read mentioned losses running into the millions).

Users who are not willing to educate themselves are a risk to themselves and other internet users.  Their compromised machines pump out spam; their compromised machines are used for denial of service attacks; their compromised machines are used to host phishing websites.

I am a finite resource; my associates are a finite resource; sooner or later we have to say “listen, you’re harming the community at large, get with it or get out’.

Therefore, if forcing users to ‘get educated’ ends up with their choosing a different operating system, then I’ll show them the way and shut the door behind them.  Its one less thing to worry about.  If forcing users to learn about and use things like firewalls and patching leads them to choose a different operating system – there’s the door.

If home users are not educated – if they will not take responsibility for their own machines – then spam will not go away, denial of service attacks will not go away, phishing web sites will not go away.  That’s the reality folks.

Another article at Eweek from earlier this month noted that “recovery from malware [is] becoming impossible:,1895,1945808,00.asp

I have met Mike Danseglio (the guy who was interviewed for the article) - I attending training sessions that he held back in April 2005 in Singapore and still have his business card on my desk.  I remember how we left his sessions thinking “we’re screwed”.  I also remember that we wanted to cancel all the other sessions for the rest of the day so that we could continue working with and learning from Mike.

When I look at the risk to the internet community at large from compromised machines spewing crap I wonder how the heck people can say that not pushing for user education is ok. 

Evento MEDC en Niza

Tenemos un nuevo evento de carácter técnico cerca, esta vez se trata del MEDC (Mobile and Embedded Devcon) que tendrá lugar del 6 al 8 de Junio en Niza, Francia.

Más información en:


Recent Comments