VERY,VERY HOT READS, I Would Read The News In This Thread This Thead Is To post Any Thing Ye Want About The News,,NEWS WAS MOVED,READ MY FIRST POS...

Google admits censorship,


p2p news / p2pnet: Here’s what Google's help entry on censorship used to read:

Google does not censor results for any search term. The order and content of our results are completely automated; we do not manipulate our search results by hand. We believe strongly in allowing the democracy of the web to determine the inclusion and ranking of sites in our search results. To learn more about Google’s search technology, please visit ...

But that's changed, points out Google Blogoscope, quoting Gary Price on SearchEngineWatch.

Here's what the Google Help Center says these days:

Does Google censor search results?

It is Google's policy not to censor search results. However, in response to local laws, regulations, or policies, we may do so. When we remove search results for these reasons, we display a notice on our search results pages. Please note: For some older removals (before March 2005), we may not show a notice at this time.

Oh.

If you're Google, censorship is OK, then.

Microsoft and Yahoo would agree.

Meanwhile, the company is at the same time being roundly criticized for kowtowing to Communist China and warmly praised not kowtowing to US president George W. Bush, who's demanding that the company hand over certain search data in the interests of anti-terrorism.
http://p2pnet.net/story/7756

 

Ok ireland, i read your first post to this and you said we could post anything here..
First let me say, you have provided us all with a wealth of information.. very detailed informaion on a host of subjects. Thank you very much. Its gonna take me some time to read thru it all. Now for something completely informative, but on another level.



Did you notice someone has a red sharpie in the very left of this picture? I just noticed that, and believe me, i have looked at this picture more than once.. Is that some kind of magic trick? LOL

 

Gadgets to Go: The Latest in Tech Travel Toys
Small wonders for hitting the road.

PC World
Monday, January 30, 2006; 4:10 AM

Faster, smaller, smarter: The latest mobile gadgets promise to entertain, enlighten, or connect today's tech-savvy traveler. Due to arrive by midyear, these portable powerhouses include a phone fit for video sent via a high-speed network; a pair of USB flash drives with smarts; a durable yet small headset; and a monitor in an eyepiece.

Headset With Staying Power:Nokia wants to steer heavy-duty talkers to its new BH-900 Bluetooth headset. Due in spring for about $100, the BH-900 is rated for an impressive 8 hours of talk time and up to 180 hours of standby time; in addition, the device supports noise cancellation and echo reduction.

Informative Flash Drive:Lexar's JumpDrive Mercury is a USB flash memory device for people who like to know just how much available storage they're packing in their pockets. Expected in April in 1GB and 2GB versions (about $100 and $170, respectively), the drive presents a built-in gauge that indicates how much space is still free.

See It All, Anywhere:If the image on a video iPod seems small to you, eMagin's Eyebud 800 can blow it up--right in your face. Just plug the headset into any video-capable iPod or other personal video player and position its eyepiece close to your right or left eye for an experience eMagin likens to watching a 105-inch screen from a distance of 12 feet. For those who might find the outside world distracting, the Eyebud 800 comes with a rakish eyepatch for the other eye. We photographed a preproduction unit; look for the shipping product this summer with a price tag of about $599.

Fast Phone:Samsung's zx20, due this spring, may look like just another clamshell phone, but it's expected to be the first commercially available handset to support Cingular's HSDPA (High-Speed Downlink Packet Access) BroadbandConnect service. The 3G speed (about 400 to 700 kilobits per second, according to Cingular) should come in handy when you try the phone's video- and music-on-demand capabilities. Pricing will be determined by carriers.

What's On:Royal's EZVue Vista USB flash drive shows the names of stored files or directories on a scrollable two-line display. Versions will range in capacity from 128KB to 1GB, priced from $50 to $150.

 

Windows Vista boss on Vista

p2p news / p2pnet: Will Microsoft's forthcoming Vista spell the end of the security problems which have plagued, and continue to plague, the company.

Not from the look of it, despite a Seattle Times intro to a Q&A with Windows Boss Jim Allchin.

He is, says the story, "putting final touches on software that could finally help people start feeling safe and secure using a PC, if all goes according to plan".

However, that opening to a talk with the retiring (literally, not figuratively) Allchin, who, "gave an overview last week of Windows Vista, the new version of Microsoft's flagship software that Allchin's team is set to deliver before … the end of 2006," may be a trifle broad.

He said Vista is, "on track to go on sale by the holidays."

But Vista, formerly Longhorn, has for already suffered from one long delay after another and Allchin also says, "I will also make a cautionary notice that I will not ship this product if it doesn't achieve the quality that's demanded by our customers.

"So although everything looks great right now, quality will be the deciding factor. I feel pretty good right now and we'll see how it goes the rest of the year."

Bill and the Boyz haven't so far paid much attention to the quality demanded by their customers, especially when it comes to security issues.

But time will tell.

Meanwhile, "Will you make a version of Vista for Apple computers, now that they're using Intel processors?" – asks the Seattle Times.

Allchin: We have no plans to move Vista to the Macintosh hardware.

On "all the security advances in Vista," will concern fade away over the next couple of years"? - wonders the Q&A.

That's Allchin's dream he says, "so I'll have to see if my dream comes true. To some degree, when we did Windows 2000 and Windows XP, we worked on trying to take away the reliability stigma that PCs had. By that I mean I don't think people even think about their machines having to be rebooted, not like they used to be in the old days.

"It used to be very common to reboot your Windows 9x machine." It was indeed. In short, the premature release of a faulty product wasn't a problem. But, "I think we did a very good job there," says Allchin.

"I hope we can do the same thing on safety and security with Windows Vista," the story has him saying.

"We are going to do a huge change with Windows Vista on this, but it truly is something that isn't going to go away for a very long time.

"We are going to make it much less of an issue, but it's still going to have to be something that people are aware of."

Also See:
Seattle Times - Q&A with Jim Allchin of Microsoft, January 31, 2006

(Monday 30th January 2006)
http://p2pnet.net/story/7761

 

VSO-Software: New ConvertXtoDVD Version 2.0
Posted by Herbert on 30 January 2006 - 08:39 - Source: VSO Software

The following text is a complete press release, unmodified by CD Freaks. If you don't want to view these kind of news posting you can disable them in your preferences page once logged in. Please send your press releases to news@cdfreaks.com

How to watch your PC movies on any DVD player ?
VSO-Software: New ConvertXtoDVD Version 2.0



VSO Software announces a new product ConvertXtoDVD. This product is actually a new version of the well known DivXtoDVD. This version has integrated the requests through VSO surveys and introduces many new major features.



VSO ConvertXtoDVD allows you to convert and then burn your video files that were originally only playable on your PC so that they are now playable on any DVD Player. ConvertXtoDVD handles your everyday digital multimedia life, extending support beyond AVI files, XVid, MPEG 1/2/4, VOB, MOV, and now WMV 3 and HD formats and more.



We clearly underestimated the common usage of WMV formats in our previous version. We were expecting people to use much more exotic formats when in fact they are still using a lot the default software that comes with Windows! With new support of WMV3, the creation of a DVD from files of your digital camera becomes a 1 click task." says Claire Waledisch which manages a part of the technical support in VSO-Software. Once again VSO-Software listens to their users and has implemented their requests.



One of the most exciting features introduced is the option to create DVD Menu automatically from the conversion file list. You can make a personalized menu as well as define how you would like your DVD to be read (AutoStart the movie, loop the videos ). Therefore, ConvertXtoDVD is a must-have for busy people who want to put TV episodes or their personal camcorder movies onto DVDs with excellent quality.

At a glimpse, the interface of ConvertXtoDVD is clear and easy to use with direct access to essentials functions. But once you become familiar with it , you discover many options to customize your project. For example, by adding subtitles ( .SRT or .SUB/IDX ) with a total control of the font and color. To name a few others, files using multiple audio tracks can be tuned and useless audio can be removed to save space and quality. And last but not least the biggest change made to this version (which is not visible to the user) is the new conversion engine. The engine has been rewritten to handle more cases due to the diversity of the source channels. The engine is now faster and you can set a balance between conversion speed and quality. The DVD looks exactly like your original files.

This new version implements a PULL-DOWN option, extremely advantageous when you need to convert videos from PAL to NTSC or NTSC to PAL, which are the 2 TV Standards.

ConvertXtoDVD contains the VSO Burning engine, used by popular 3rd party software too. You can use your favorite media wether it is DVD+R or -R , double-layer or RW family. We encourage you to look at the VSO Database results posted online a few weeks ago.
You would find interesting results about the best DVD drive manufacturers and media.

ConvertXtoDVD can be purchased online for a cost of 35 euros / USD, but the existing users of DivXtoDVD can upgrade to this version free of charge. The program will be available at the beginning of February

Features and Specifications

* Supported video formats: DivX, Xvid, MPEG4, MOV, AVI, WMV, WMV HD, DV, and more...
* Supported sources : existing files, digital camera, TV / Sat , capture card.
* Supported audio formats: AC3, DTS, PCM, OGG, MP3, and more...
* Can merge up to 6 hours of material from several movies or episodes.
* Handles subtitles files (.SRT .SUB/IDX ) with color and font selection
* Video format choice: NTSC, PAL, or automatic and PULL-DOWN
* Picture output: Widescreen, Fullscreen, or automatic
* Create Automatic chapters or edit your owns
* Fast preview mode to check if the source is loaded correctly
* Save the DVD structure on hard drive or burn it to a blank DVD
* Reliable burn engine integrated (supports all DVD formats)
* Customizable interface (themes, dockable windows)
* Variable options and settings for advanced users
* Control of the conversion speed vs quality
* Fast and quality encoder ( typically less than 1 hour for converting 1 movie )
* DVD Menu control ( auto-start, loop etc )
* DVD Menu edition ( background, fond, color )
* Multilingual support (available languages...)
* Optimized for Windows 2000 / XP / Vista

Want to know if ConvertXtoDVD will meet your needs, VSO Software offers you a free trial of ConvertXtoDVD downloadable here:
http://www.vso-software.fr
http://www.cdfreaks.com/news/13008

 

Audioholics interview with Microsoft HD-DVD Program Manager
Posted by Dan Bell on 30 January 2006 - 14:40 - Source: Audioholics

This news is a bit old, but we are getting close to release of the first generation of new equipment concerning the blue laser. We decided to make everyone aware of this interview, just in case you had not seen it like us, we thought better late than never! It seems to hold some information of value that may not be common knowledge and can make for some good discussion points for us here as well. We know already that Microsoft favors the HD-DVD format as they are sure that it is more consumer and PC friendly than the rival Blu-ray, or at least this is the stance at the moment. So, it should be interesting to read an interview held with Sage Schreiner, HD-DVD Program Manager at Microsoft, right? The show being referred to here is of course the CES 2006.

Audioholics: The second question I had is based on some feedback I received from the RCA booth whereby they indicated that the titles were not currently mastered in 1080p. Are you aware of whether the movie studios are planning on re-releasing HD DVD software titles in the 1080p format once the second generation players are available? The overarching question is - are the studios aware of any eventual plans for 1080p and the timeline for these second generation players?

Sage: The initial / first generation content will be encoded at 1920x1080p/24. Case in point, playback from a PC, right now, will output 1920x1080p/24 without doing any conversion steps.

The primary issues around encode quality are: quality of the source, encode method used, and bit rate. Modern codecs, like VC1, are capable of delivering a better quality encode at a more moderate bitrate than MPEG2. The primary limitation you will see with 1st generation movies in either format is the use of MPEG2 to encode, even at high bit rates. On a quality 1920x1080p display, MPEG2 will not look as good as VC1 (or H.264). Most (if not all) of what was on display in the HD DVD booths was VC1. You may want to investigate the actual encoding method of a given movie to really get a handle on its likely quality.

It's not a very long interview, but the questions that they do ask are good ones. To see what else Mr. Sage has to say, head on over to this link at Audioholics!
http://www.cdfreaks.com/news/13009

as below

HD DVD Interview with Microsoft

I was able to interview Sage Schreiner, HD DVD Program Manager at Microsoft, regarding some observations I made at CES this year. These primarily had to do with the differences between Blu-ray Disc and HD DVD in terms of resolution, specs of the released players and the HD DVD media. Here is the interview:

Audioholics: When does HD DVD plan to release 1080p output players? All of what we saw at the show was 1080i.

Sage: The HD DVD players announced so far will not support 1080p outputs -- yet. This is in part because the latest version of HDMI (the only one supporting 1080p as mandatory) is still being finalized. There are CE [consumer electronics] HD DVD players "in the works" that will ship later and are expected to have 1080p outputs, but nothing has yet been announced.

Also note that advanced 1080p displays can also do their own conversions from 1080i to progressive. There are no limitations in HD DVD as a format (i.e., both BD and HD DVD support the same native formats: 720p/60, 1080i/60, 1080p/30). It’s only a player or a display issue whether there’s a conversion to 1080p/60.

Finally, note that PC playback will always be progressive playback. Ditto the Toshiba laptop announced at CES; it will playback 1080p.

Audioholics: The second question I had is based n some feedback I received from the RCA booth whereby they indicated that the titles were not currently mastered in 1080p. Are you aware of whether the movie studios are planning on re-releasing HD DVD software titles in the 1080p format once the second generation players are available? The overarching question is - are the studios aware of any eventual plans for 1080p and the timeline for these second generation players?

Sage: The initial / first generation content will be encoded at 1920x1080p/24. Case in point, playback from a PC, right now, will output 1920x1080p/24 without doing any conversion steps.

The primary issues around encode quality are: quality of the source, encode method used, and bit rate. Modern codecs, like VC1, are capable of delivering a better quality encode at a more moderate bitrate than MPEG2. The primary limitation you will see with 1st generation movies in either format is the use of MPEG2 to encode, even at high bit rates. On a quality 1920x1080p display, MPEG2 will not look as good as VC1 (or H.264). Most (if not all) of what was on display in the HD DVD booths was VC1. You may want to investigate the actual encoding method of a given movie to really get a handle on its likely quality.

Audioholics: So even the first generation of media will be encoded in 1080p/24, but HD DVD players (for now) will provide only 1080i/720p support?

Sage: Just to be clear, the content is all 1080p/24, not 1080i. As an FYI, while 720 is an HD format, I don't know of anyone encoding 1st generation movies at 720p.

Audioholics: It seemed that BD did a better job at pushing 1080p/24 and stating that their players will be 1080p compatible when they come out (though there were a few players that claimed 1080i/720p output).

Sage: Again, keep in mind that the content will be encoded in the same format in both BD and HD DVD – mostly 1080p/24. It’s only a player or display issue whether it’s displayed to 1080i/1080p. Once HDMI is finalized, we expect HD DVD players to begin including 1080p outputs.

By the way, from my own booth touring, the only 1080p BD player that I saw was the Pioneer Elite player. All of the others were 1080i players.

Audioholics: Will Microsoft's Xbox 360 eventually feature a generation 1 HD DVD player (720p/1080i)?

Sage: I don't believe that the specifics of Xbox 360 playback were announced.

Audioholics: I want to make sure that our facts are correct and that we are not missing out on any important factors in our coverage of the two formats. Is there any additional insight or information you would like to provide?

Sage: A couple of additional notes:

* All 1st generation HD DVD players will ship with iHD support, allowing much more flexible interactivity design than DVD.
* All 1st generation HD DVD players will ship with features such as Picture-in-Picture, that content authors can take advantage of.
* All 1st generation HD DVD players will ship with network connectivity.

As you may have seen in TG Daily, key interactive features (e.g., PIP, Networking) won’t be available in the original BD players. Samsung’s player specs in the BDA booth didn’t even include BD-J. So, much of the interactivity in the BD spec is optional.

Audioholics: Thanks a ton for taking the time to speak with us about this and helping to clear up some of the misconceptions associated wth the format and its generation 1 release.

- Clint DeBoer
http://www.audioholics.com/ces/CEStechnology/HDDVDCESinterview.php

 

Do you want UK identity cards?

Tell this man

By Ambrose McNevin: Monday 30 January 2006, 12:30
FRIDAY FEBRUARY 3rd 2006 is the final day for businesses, people or interest groups to let Whitehall know what they think about the proposed strategy on transforming government through technology.

In the words of the Ian Watmore, the man behind “Transformational Government, Enabled by Technology” it is time to move from strategy to delivery.

But you do have a final few days to let him know what you think of his strategy.

Prime Minister, Tony Blair says: “This strategy has my full support and I’m going to do everything I can to make it happen.”

The strategy document is available online (see below) and covers everything from how the government wants to engage with suppliers (it spends £14 billion annually on technology) to Identity cards.

On I.D. cards it says: “Identity Management: Government will create an holistic approach to identity management, based on a suite of identity management solutions that enable the public and private sectors to manage risk and provide cost-effective services trusted by customers and stakeholders. These will rationalise electronic gateways and citizen and business record numbers. They will converge towards biometric identity cards and the National Identity Register. This approach will also consider the practical and legal issues of making wider use of the national insurance number to index citizen records as a transition path towards an identity card.”

You’ll find the strategy document here.
http://www.cio.gov.uk/transformational_government/strategy/contents/

If you wish to proffer an opinion you can do so by writing to Ian Watmore , former head of egovernment and now head of the Prime Minister’s delivery unit at:

ian.watmore@cabinet-office.x.gsi.gov.uk

Or drop them a line:

Strategy Team, eGovernment Unit, Cabinet Office, 3rd Floor, Stockley House, 130 Wilton Road, London SW1V 1LQ

Or call: Tel: 020 7276 3160µ

http://www.theinquirer.net/?article=29354

 

January 30, 2006

ADVANCED WINDOWS CARE..........Slow down, freeze and blue-screen crash are over. Advanced WindowsCare thoroughly examines the Windows system, accurately detects the bottlenecks for slowing down and crashing, fixes these problems and repairs Windows. All work will be done with 30 seconds and 1 click. The intuitive interface makes Advanced WindowsCare the perfect tool for Non-IT professionals.....(free).....GO THERE!
http://www.iobit.com/WindowsCare.htm

 

BURRRN.......... Burrrn is a little tool for creating audio CDs from various audio files. Supported formats are: wav, mp3, mpc, ogg, aac, mp4, ape, flac, ofr, wv, tta, m3u, pls and fpl playlists and cue sheets. You can also burn EAC’s noncompliant image + cue sheets! Burrrn can read all types of tags from all these formats (including ape tags in mp3). Burrrn uses cdrdao.exe for burning.....free).....GO THERE!
http://www.burrrn.net/?page_id=4

 

BOOTING FROM USB..........Booting a computer from your USB flash drive may seem like a daunting task, but it is actually quite easy. With the right equipment and some basic knowledge, this very useful technique can be taken advantage of in all sorts of different circumstances .....(free).....GO THERE!
http://www.hddsaver.com/content/18/index.html

 

WINDOWS ERROR MESSAGES UTILITY.......... MS Windows Error Messages is a small utility that will allow you to look up MS Windows error code numbers and display a descriptive message explaining what the numeric code actually means. If you have software programs that produce numeric error codes now you can find out what they really mean. MS Windows Error Messages also provides a facility to display all of the error codes and messages defined for your version of MS Windows. MS Windows Error Messages will run on MS Windows Millenium Edition and 98 as well as MS Windows 2000 and 95/NT systems (Go to System Utilities).....(free).....GO THERE!
http://www.gregorybraun.com/

 

Felten and Halderman on DRM: II

p2p news / p2pnet: Professor Ed Felten (left) and Alex Halderman are working on 'Lessons from the Sony CD DRM Episode' in which they're analyzing, "several not-yet-discussed aspects of the XCP and MediaMax CD copy protection technologies" as they try to, "put the Sony CD episode in context and draw lessons for the future".

They're posting section drafts on Felten's Freedom to Tinker Blog, emphasising the sections are part of the draft and shouldn't be formally quoted or cited.

The final, complete version will be posted on Felten's blog.

We have the first three posts here and below, in order of appearance, are the latest two >>>>>>>>>>>>>>>>>>>>>>>

CD DRM: Unauthorized Deactivation Attacks
Freedom to Tinker - January 29, 2006
[Part of the technical core of the paper]

As described previously, active protection methods rely on installing and running software components that interfere when ordinary software tries to access the disc. If an adversary can remove or deactivate the active protection software, then the DRM scheme will fail to prevent arbitrary use or ripping of the music on the disc. In this section we discuss such deactivation attacks.

One attack strategy is to manually deactivate or uninstall the active protection software. This can be done by using standard system administration tools, which are designed to find, characterize, and control the programs installed on a machine. This attack is very difficult to stop if the user has system administrator privileges on the machine.

Deactivating MediaMax

The MediaMax active protection software is simple to deactivate since it is comprised of a single device driver with a consistent service name, sbcphid. The driver can be removed by using the Windows command sc delete sbcphid to stop the driver, and then removing the sbcphid.sys file containing the driver code. Once the driver is deactivated, MediaMax-protected albums can be accessed as if they were unprotected.

Defenses Against Deactivation

To counter these deactivation attacks, a vendor might try to use technical tricks to evade detection and frustrate removal of the active protection software. The best example of this kind of defense is the rootkit-like behavior of XCP, famously discovered by Mark Russinovich [citation], as described earlier.

When XCP installs its active protection software, it also installs a second program—the rootkit—that hides the software’s presence. Specifically, it conceals any file, process, or registry key with a name that begins with the prefix $sys$. The result is that XCP’s main installation directory, and most of its registry keys, and almost all of its individual files and processes are made invisible to normal programs and administration tools.

The rootkit is installed as a kernel-level driver named $sys$aries and set to automatically load early in the boot process. When the rootkit starts, it hooks several Windows system calls by modifying the system service dispatch table, the kernel’s KeServiceDescriptorTable structure. This structure is an array of pointers to the kernel functions that implement basic system calls. The rootkit changes five of these addresses so that they point to functions within the rootkit. When an application invokes one of these patched system calls, it is handled by the rootkit instead of the original function in the kernel. The rootkit calls the real kernel function with the same parameters and filters the results before returning tem to the application.

The system calls intercepted by the rootkit are:

* NtQueryDirectoryFile — This function is used to list the contents of a directory; the rootkit version filters out directory entries that begin with $sys$, rendering such files and directories invisible to applications.
* NtCreateFile — This call is used for creating and opening files. The rootkit version returns an invalid filename error when programs attempt to open existing files with names starting with $sys$, protecting XCP’s files from reading or writing by other programs.
* NtQuerySystemInformation — One use of this function is to obtain a list of running processes. The rootkit filters out any processes with names prefixed by $sys$, making them invisible to other applications.
* NtEnumerateKey — This function returns a list of the subkeys of a registry key. The rootkit filters the results to remove subkeys with names starting with $sys$. Note that it does not conceal individual fields within the registry (”values'’ in Windows parlance) with names starting with $sys$.
* NtOpenKey — This function opens a registry key for reading or modifying. The rootkit intercepts this function call but does not alter its behavior. Its authors may have intended to restrict access to hidden registry keys in the same way that the hooked NtQueryDirectoryFile call restricts access to hidden files, but for some reason they did not ship a working implementation of this behavior.


The rootkit begins each intercepted function by checking the name of the calling process. If the process’s name begins with $sys$, the rootkit returns the results of the real kernel function without alteration. This allows XCP’s own processes to bypass the rootkit’s filters for a complete view of the system.

The XCP rootkit increases users’ vulnerability to many kinds of attacks because it can be used to hide arbitrary software, not just XCP. The rootkit is indiscriminate about what it conceals—any files, registry keys, or processes with names beginning in $sys$ will be hidden. Spyware and malware authors can leverage this functionality on systems where the rootkit is installed. This saves attackers the trouble of installing their own rootkits, but more importantly, it gives them access to a rootkit in situations where they would not be able to install one themselves because of the system’s security policies.

Only kernel-level processes are allowed to patch the Windows system service dispatch table, and only privileged users—normally, members of the Administrators or Power Users groups—are allowed to install such processes. (XCP iteslf requires these privileges to install.) Malicious code executed by an unprivileged user wouldn’t normally be allowed to install a rootkit that intercepted system calls in the kernel. However, if the XCP rootkit is installed, its cloaking behavior applies to all users regardless of their security privileges. Unprivileged malware can adopt the $sys$ prefix to become invisible to both privileged and unprivileged users. This privilege escalation attack has already been exploited by at least two Trojan horses discovered in the wild [citations].

Another privilege escalation attack facilitated by the XCP rootkit allows an unprivileged application to crash the system. Russinovich demonstrated this problem using an automated testing program he created called NTCRASH2 [citation]. This utility makes repeated system calls with randomly generated invalid parameters. The original Windows kernel functions handle invalid inputs correctly and the system remains stable, but with the XCP rootkit installed, certain invalid inputs result in a system crash.

We investigated the specific circumstances when these crashes occur. The rootkit’s implementation of NtCreateFile can cause a crash if it is passed an invalid pointer as its ObjectAttribute argument, or if it is passed a valid ObjectAttributes structure that points to a ObjectName structure with an invalid Buffer pointer. We do not believe that an attacker could exploit these flaws to execute code; however, they do allow an unprivileged user to bring the system to a halt. As Russinovich and other have pointed out, these problem illustrates the security danger of installing software in secret. Users experiencing system instability due to these rootkit bugs would have great difficulty diganosing the problem, since they likely would be unaware of the rootkit’s presence.

Deactivating XCP

Deactivating XCP’s active protection software is more complicated because it is comprised of a number of processes that are more deeply entagled in the system configuration, and because these files are hidden by the XCP rootkit. Deactivation can be accomplished by a three-step procedure.

The first step is to deactivate and remove the rootkit. This is the same procedure used to deactivate MediaMax. The only change is that the driver’s name is aries.sys. Disabling the rootkit and then rebooting the system exposes the previously hidden files, registry entries, and processes (ones with names prefixed with $sys).

The second step is to edit the system registry to remove references to XCP’s filter drivers and CoDeviceInstallers. XCP uses the Windows filter driver facility to intercept commands to the CD drives and IDE bus. If these filter drivers are not removed, the CD and IDE device drivers will fail to initialize after the program files for the filter drivers are deleted. This can cause the CD drives to malfunction, or, worse, cause the system to fail to boot because the IDE device driver is disabled. XCP’s filter drivers can be neutralized by editing the

Windows Registry to remove any reference to a driver named $sys$cor from any registry entries named UpperDrivers or LowerDrivers. The CoDeviceInstallers can be neutralized by removing any lines containing $sys$caj from any list of CoDeviceInstallers.

The third step is to delete the XCP services and remove the XCP program files. Services named $sys$lim, $sys$oct, cd_proxy, $sys$drmserver, and $sys$cor can be deactivated using the sc delete command, and then files named crater.sys, lim.sys, oct.sys, $sys$cor.sys, $sys$caj.dll, and $sys$upgtool.exe can be deleted. After the system is rebooted, the two remaining files, named CDProxyServ.exe and $sys$DRMServer.exe can be removed.

After performing these steps, XCP will now deactivated, and only the passive protection on XCP CDs will continue to be in force. Of course, these steps could easily be automated, creating a point-and-click tool for removing XCP.

CD DRM as Spyware

Tactics like the rootkit function, and the engineering of programs so that removal attempts can system instabilty, iare often used by spyware programs. That active DRM systems would be drawn to the same tactics as spyware should come as no surprise, as the two have the same goal: to prevent a user from removing unwanted software. In both cases, the user wants to remove the software (if he can find it) because the software provides no value to the user and can only harm him.

These tactics harm users, primarily by undermining users’ ability to manage their computers. If users lose track of which programs are running on their computers, they lose the opportunity to remove or patch programs that are malfunction and to remove unneeded programs. Maintaining a secure configuration is difficult already, and spyware tactics make it even more difficult. Though it is not surprising that spyware tactics would have attraction for DRM designers, it was a bit surprising that mass-market DRM vendors chose to use those tactics despite the risk of harming users. If only one vendor had chosen to use such tactics, we could write it off as an aberration. But two vendors made that choice, which is probably not a coincidence.

We suspect that the explanation may lie in the DRM vendors’ platform building strategy, which relies on keeping the software installed on as many computers as possible, coupled with the risk tolerance of DRM startup companies. The vendors may not have realized the extent of damage they could be causing, but they must have known that they were doing some harm. Our hypothesis is that the vendors allowed the lure of platform building to override the risk to users.

Authorized Uninstallers

Once users began to complain about the spyware-like behavior of the XCP and MediaMax software, the vendors offered access to uninstallers that would remove their software from users’ systems. Uninstallers had been available previously, but they were very difficult to obtain. For example, to get the original XCP uninstaller, a user had to fill out an online form involving some personal information, then wait a few days for a reply email, then fill out another online form and install some software, then wait a few days for yet another email, and then finally click a URL in the last email. We can think of no explanation for the complexity of this procedure, other than a desire to deter users from uninstalling the software.

The uninstallers, when a user did succeed in getting one of them, did not behave like ordinary software uninstallers. Normally an uninstaller is a standalone program that the user runs, either by double-clicking it or by using a system-provided user interface to designate the program to be removed. One advantage of ordinary uninstallers is that they can be acquired and used by any user who has the software.

The first XCP uninstaller did not work this way. Instead, the uninstaller was customized for each user, so that it would work only for a limited time and only on the computer on which the user had filled out the second form. This meant, for example, that if a user uninstalled the XCP software but it got reinstalled later—as might happen if the user inserted an XCP-bearing CD—the user could not use the same uninstaller again but would have to go through the entire process again to request a new one.

Customizing the uninstaller in this way is more difficult for the vendor and increases customer support costs, compared to a more traditional uninstaller, so a rational vendor would not do it unless there was some benefit. Most likely, the benefit is to the vendor’s platform building strategy, which takes a step backward every time a user uninstalls the vendor’s software. Customizing the uninstaller allows the vendor to contol who receives the uninstaller and to change the terms under which it is delivered in the future.

As user complaints mounted, Sony-BMG announced that unrestricted uninstallers for both XCP and MediaMax would be made available to all users from the vendors’ web sites. Both vendors chose to make these uninstallers available as ActiveX controls accessed via a web site.

By an unfortunate coincidence, both uninstallers turned out to open the same serious vulnerability on any computer where they were used.

MediaMax Uninstaller Vulnerability

The MediaMax uninstaller employed a proprietary ActiveX control called AxWebRemove.ocx created and signed by MediaMax author SunnComm. When users visited the MediaMax uninstaller web page, Internet Explorer prompted them to install the control. Then the web page invoked one of the control’s methods to uninstall MediaMax. This method, Remove, took two parameters: key, and validate_url. The key parameter was a single-use code provided by MediaMax technical support, and the validate_url parameter specified a web page that would validate the key and deliver executable code to perform the actual uninstallation.

When Remove is called from the web page, is issues an HTTP GET request to the provided url to validate the key. If it is valid, the server responds with the message true, {uninstall_url, where uninstall_url is the URL of a DLL file containing code to uninstall MediaMax. The control retries this DLL file from the Internet and saves it to a temporary location, then calls a function in the DLL named ECF7() to perform the uninstallation. If the function returns sucess, the control issues a second HTTP GET request to validate_url to report that the uninstall was sucessful and that the single-use key should be retired.

This design is vulnerable because the control accepts an arbitrary validate_url parameter and does not check that the DLL specified by the key validation server is authentic. The ActiveX control is not itself removed during the uninstallation process, so its methods can be invoked later by any web page without further browser security warnings. A attacker can create a web page that invokes the Remove method and provides a validate_url pointing to a page under the attacker’s control. This page can return an uninstall_url pointing to a DLL created by the attacker. When the MediaMax control executes the uninstall function in this file, arbitrary attacker code will execute on the user’s machine.

XCP Uninstaller Vulnerability

The XCP uninstaller contains the same design flaw and is only slightly more difficult to exploit. XCP’s ActiveX-based uninstaller invokes a proprietary ActiveX control named CodeSupport.ocx. (Early versions of XCP’s rootkit removal patch utilized the same control.) Usually this control is installed when users perform the second step in the three-step XCP uninstall process. In this step, the user is prompted to explain why they are requesting to uninstall XCP. The user’s response is sent to an XCP server along with a pseudorandom code generated by the ActiveX control. The same code is written to the system registry. Eventually the user receives an email with a link to another web page that uses the ActiveX control to remove XCP, but only after verifying that the code sent with the request matches the code in the local system registry. This check ensures that the uninstaller is only used on the machine from which the uninstallation request was made. As a consequence of this design, the control may be present on a user’s system even if she never performed the step in the uninstallation process where XCP is removed.

Matti Nikki first noted that the XCP ActiveX control contains some suspiciously-named methods, including InstallUpdate(url), Uninstall(url), and RebootMachine() [citation]. He demonstrated that the control remained installed after the XCP uninstallation was complete, and that its methods (including one that restarted the computer) were scriptable from any web page without further browser security warnings.

We found that the InstallUpdate and Uninstall methods have an even more serious flaw. Each takes as an argument a URL pointing to a specially formatted archive that contains updater or uninstaller code and data files. When these methods are invoked, the archive is retrieved from the provided URL and stored in a temporary location. For the InstallUpdate() method, the ActiveX control extract from the archive a file named InstallLite.dll and calls a function in this DLL named InstallXCP().

Like the MediaMax ActiveX control, the XCP control does not validate the download URL or the downloaded archive. The only barrier to using the control to execute arbitrary code is the proprietary format of the archive file. We determined the format by disassembling the control. The archive file consists of several blocks of gzip-compressed data, each storing a seperate file and preceded with a short header. At the end of the archive, a catalog structure lists metadata for each of the blocks, including a 32-bit CRC. The control verifies this CRC before executing code from the DLL.

With knowledge of this file format, we constructed an archive containing sample (benign) exploit code. The most difficult detail was the CRC, which is computed with an apparently proprietary algorithm that proved tedious to reverse engineer. We saved the trouble by having the ActiveX control compute the CRC for us. The control checks the CRC by computing a CRC for the file data in the archive and verifying that it matches the CRC specified in the archive catalog. We inserted a break point where the comparison occurs and ran the control on an archive containing code we prepared. We then took the CRC computed by the control and placed it in the archive catalog. Thus modified, the archive passed the CRC check and the ActiveX control executed our code. (This illustrated why digital signatures, rather than CRCs, must be used to validate code from untrusted sources.)

This procedure would allow a malicious web site to execute arbitrary code on the user’s machine. Like the MediaMax uninstaller flaw, it is especially dangerous because users who have completed the uninstallation may not be aware that they are still vulnerable.

Obviously, these vulnerabilities could have been prevented by careful design and programming. But they would not have been possible at all if not for the decision to deliver the uninstallers via this ActiveX method rather than using an ordinary download. We conjecture that the vendors chose to use ActiveX in this way because they wanted to retain the ability to rewrite, modify, or cancel the uninstaller later, and that this desire was driven at least in part by the vendors’ platform building strategy.

Summary of Deactivation Attacks

When all is said and done, there is little a CD DRM vendor can do to stop users from deactivating active protection software. A user can do this via ordinary security and system administration tools; attempts by the vendor to interfere with these tools are harmful and will trigger a strong backlash from users. In practice, vendors will probably have to provide some kind of uninstaller — users will insist on it, and some users will need it to deal with the bugs and incompatibilities that crop up occasionally in any complex software. Once an uninstaller is released, users will be able use it to remove the DRM software. Ultimately, determined users will be able to keep CD DRM software off their machines.

>>>>>>>>>>>>>>>>>>>>>>>

CD DRM: Attacks on Installation
Freedom to Tinker - January 30, 2006
[Part of the technical core of the paper]

Active protection measures cannot begin to operate until the DRM software is installed on the user’s system. In this section we consider attacks that either prevent installation of the DRM software, or try to capture music files from the disc in the interval after the disc has been inserted but before the DRM software is installed on the computer.

Autorun

Both XCP and MediaMax relies on the autorun feature of Windows. Whenever removable media, such as a floppy disc or CD, is inserted into a Windows PC (and autorun is enabled), Windows looks on the disc for a file called autorun.ini; if a file with that name is found, Windows executes commands found in it. Autorun allows a disc to pop up a splash screen or simple menu, for example to offer to install software found on the disc. However, the autorun mechanism will run any program that the disc specifies.

Other popular operating systems, including MacOS and Linux, do not have an autorun feature, so this mechanism does not work on these other systems. XCP ships only Windows code and so has no effect on other operating systems. MediaMax ships with both Windows and MacOS code on the CD, but only the Windows code can autorun. The MacOS code relies on the user to double-click an installer on the CD, which few users will do.

Current versions of Windows ship with autorun enabled by default, but the user can choose to disable it. Many security experts advise users to disable autorun, to protect against disc-borne malware. If autorun is disabled, the XCP or MediaMax active protection software will not load or run.

Even if autorun is enabled, the user can block autorun for a particular disc by holding down the Shift key while inserting the disc. This will prevent the active protection software from running.

Even without disabling autorun, a user can prevent the active protection software from loading by covering up the portion of the disc on which it is stored. Both XCP and MediaMax discs contain two sessions, with the first session containing the music files and the second session containing DRM content, including the active protection

software and the autorun command file. The first session begins at the center of the disc and extends outward; the second session is near the outer edge of the disc.

By covering the outer edge of the disc, the user can cover up the second session’s files, effectively converting the disc back to an ordinary single-session disc. The edge of the disc can be covered with nontransparent material such as masking tape, or by writing over it with a felt-tip marker. Exactly how much of the disc to cover can be determined by iteratively covering more and more until the disc’s behavior changes, or by visually inspecting the disc to look for a difference in appearance of the disc’s surface which is often visible at the boundary between the two sessions.

Temporary Protection

Even if the copy protection software is allowed to autorun, there is a period of time, between when a protected disc is inserted and when the active protection software is installed, when the music is vulnerable to copying. It would be possible to have the discs immediately and automatically install the active protection software, minimizing this window of vulnerability, but legal and ethical requirements should preclude this option. Installing software without first obtaining the user’s consent appears to be illegal in the U.S. under the Computer Fraud and Abuse Act (CFAA) as well as various state anti-spyware laws [citation].

Software vendors conventionally obtain the user’s consent to installation of their software by displaying an End User License Agreement (EULA) and asking the user to agree to it. Only after the user agrees to the EULA is the software installed. The EULA informs the user, in theory at least, of the general scope and purpose of the software being installed, and the user has the option to withhold consent by declining the EULA, in which case no software is installed. As we will see below, the DRM vendors do not always follow this procedure.

If the discs didn’t use any other protection measures, the music would be vulnerable to copying while the installer waited for the user to accept or reject the EULA. Users could just ignore the installer’s EULA window and switch tasks to a CD ripping or copying application. Both XCP and MediaMax employ temporary protection mechanisms to protect the music during this time.

XCP Temporary Protection

The first time an XCP-protected disc is inserted into a Windows machine, the Windows autorun feature launches the XCP installer, the file go.exe located in the contents folder on the CD. The installer displays a license agreement and prompts the user to accept or decline it. If the user accepts the agreement, the installer installs the XCP active protection software onto the machine; if the user declines, the installer ejects the CD and exits.

While the EULA is being displayed, the XCP installer continuously monitors the list of processes running on the system. It compares the image name of each process to a blacklist of nearly 200 ripping and copying applications hard coded into the go.exe program. If one or more blacklisted applications are running, the installer replaces the EULA display with a warning (shown at right [in the paper version, but not here]) indicating that the applications need to be closed in order for the installation to continue. It also initiates a 30-second countdown timer; if the any of the applications are still running when the countdown reaches zero, the installer ejects the CD and quits. [Footnote: Similar application blacklisting techniques have been used in other security contexts. The client software for World of Warcraft, a massively multiplayer online role playing game, checks running applications against a regularly updated blacklist of programs used to cheat. [citation]]

This technique might prevent some unsophisticated users from copying the disc while the installer is running, but it can be bypassed with a number of widely known techniques. For instance, users might kill the installer process (using the Windows Task Manager) before it could eject the CD, or they might use a ripping or copying application that locks the CD tray, preventing the installer from ejecting the disc.

The greatest limitation of the XCP temporary protection system is the blacklist. Users might find ripping or copying applications that are not on the list, or they might use a blacklisted application but rename its executable file to prevent the installer from recognizing it. Since there is no mechanism for updating the blacklist on existing CDs, they will gradually become easier to rip and copy as new applications not on the blacklist come into widespread use. Application developers may also adapt their software to the blacklisting technique by randomizing their process image names or taking other measures to avoid detection. [Footnote: An extreme extension of this would be to adopt rootkit-like techniques to conceal the copying application’s presence, just as XCP hides its active protection software.]

MediaMax Temporary Protection

The MediaMax system employs a different—and highly controversial, if not illegal—temporary protection measure. It defends the music while the installer is running by installing, and at least temporarily activating, the active protection software before displaying the EULA. The software is installed without obtaining consent, and it remains installed (and in some cases, permanently active) even if the user explicitly denies consent by declining the license agreement. This practice is uncomfortably close to the behavior of spyware and may be illegal.

Prior to license acceptance, both MediaMax version 3 and version 5 discs install the active protection driver. (At this writing, version 5 is the current version. To our knowledge, there was no version 4.) The driver file sbcphid.sys is copied to the Windows drivers directory, configured as a service in the registry, and launched. Initially, the driver’s startup type is set to “Manual,'’ so it will not re-launch the next time the computer boots; however, it remains running until the computer is shut down and remains installed permanently. Albums that use MediaMax version 5 additionally install components of the MediaMax player software before displaying a license agreement—almost 12 megabytes of programs and data that are stored in %programfiles%\Common Files\SunnComm Shared. These files are not removed if the EULA is declined.

Even more troublingly, under some common circumstances the MediaMax installer will permanently activate the active protection software (by setting its startup type to “Auto,'’ which causes it to be launched every time the computer boots). This behavior is related to a mechanism in the installer apparently intended to upgrade the active protection software if an older version is already installed. Under the following scenarios, it is triggered even if the user previously declined the EULA:

* The user inserted a CD-3 (older version of MediaMax) album, then sometime later inserts an MM-5 (current version of MediaMax at this writing) album.
* The user inserted an MM-5 album, then sometime later inserts a CD-3 album.
* The user inserted an MM-5 album, reboots, then sometime later inserts the same album or another MM-5 album.


These steps do not have to take place in a single session. They can happen over a period of weeks or months, as users purchase new albums.

We can think of two possible explanations for this behavior. Perhaps the vendor, SunnComm, did not test these scenarios to determine what their software did, and so did not realize that they were activating the software without consent. Or perhaps they did know what would happen in these cases and deliberately chose these behaviors. Either possibility is troubling, indicating either a badly deficient design and testing procedure or a deliberate decision to install software after the user denied permission to do so.

Even if poor testing is the explanation for activating the software without consent, it is clear that SunnComm deliberately chose to install the MediaMax software code on the user’s system even if the user did not consent. These decisions are difficult to reconcile with the ethical and legal requirements on software companies. But they are easy to reconcile with the vendor’s platform building strategy, which rewards the vendor for placing its software on as many computers as possible.

Even the activation of temporary protection software before the user consents to anything raises troubling ethical questions. It is hard to argue that the user has consented to loading and running software merely by the act of inserting the disc. Most users do not expect the insertion of a compact disc to load software, and although many (but not all) of the affected discs did contain a statement about protection software being on the discs, the statements generally were confusingly worded, were written in tiny print, and did not say explicitly that software would install or run immediately upon insertion of the disc. Some in the record industry argue that the industry’s need to block potential infringement justifies the short-term execution of the temporary protection software on every user’s computer. We think this issue deserves more ethical and legal debate.

Passive Protection

Another way to prevent copying before active protection software is installed is to use passive protection measures. Passive protection exploits subtle differences between the way computers read CDs and the way ordinary CD players do. By changing the layout of data on the CD, it is sometimes possible to confuse computers without affecting ordinary players. In practice, the distinction between computers and CD players is less precise. Older generations of CD copy protection, which relied entirely on passive protection, proved easy to copy in some computers and impossible to play on some CD players [citation]. Furthermore, computer hardware and software has tended to get better at reading the passive protected CDs over time as it became more robust to all manner of damaged or poorly formatted discs. For these reasons, more recent CD DRM schemes rely mainly on active protection.

XCP uses a mild variety of passive protection as an added layer of security against ripping and copying. This form of passive protection exploits a quirk in the way Windows handle multisession CDs. When CD burners came to market in the early 1990s, the multisession CD format was introduced to allow data to be appended to partially recorded discs. (This was especially desirable at a time when recordable CD media cost tens of dollars per disc.) Each time data is added to the disc, it is written as an independent series of tracks called a session. Multi-session compatible CD drives see all the sessions, but ordinary CD players, which generally do not support the multisession format, recognize only the first session.

Some commercial discs use a variant of the multisession format to combine CD audio and computer accessible on a single CD. These discs adhere to the Blue Book [citation] or “stamped multisession'’ format. According to the Blue Book specification, stamped multisession discs must contain two sessions: a first session with 1–99 CD audio tracks, and a second session with one data track. The Windows CD audio driver contains special support for Blue Book discs. It presents the CD to playing and ripping applications as if it was a normal audio CD. Windows treats other multisession discs as data-only CDs.

XCP discs deviate from the Blue Book format by adding a second data track in the second session. This causes Windows to treat the disc as a regular multisession data CD, so the primary data track is mounted as a file system, but the audio tracks are invisible to player and ripper applications that use the Windows audio CD driver. This includes Windows Media Player, iTunes, and most other widely used applications.

Using a specialized procedure, it is possible to create discs with this flavor of passive protection with standard CD burning hardware and software [citation].

Limitations

This variety of passive protection provides only limited resistance to ripping and copying. There are a number of well-known methods for defeating it. Advanced ripping and copying applications avoid the Windows CD audio driver altogether and issue MMC commands [citation] directly to the drive. This allows programs such as Nero [citation] and Exact Audio Copy [citation] to recognize and read all the audio tracks. Non-Windows platforms, including Mac and Linux systems, read multisession CD more robustly and don’t suffer from the limitation that causes ripping problems on Windows. The felt-tip marker trick can also defeat this kind of passive protection, as noted above.

(Monday 30th January 2006)
http://p2pnet.net/story/7765

 

Google China protests

p2p news / p2pnet: Bill Gates may think it's OK for Google to help Communist China out with Net censorship, but millions of people around the world disagree with him. Vehemently.

If you're one of them, email Google bosses Larry Page and Sergey Brin, ceo Eric Schmidt, and PR people David Krane, Debbie Frost and Elliot Schrage.

ActionNetwork has made it easy with an auto-email function on its China/Tibet protest site. Here's its suggestion, but you can edit it on the site.
http://actionnetwork.org/campaign/googleaction




I am outraged at Google's hypocritical decision to join hands with the Chinese government in its propaganda efforts. Google's decision to custom-build its search platform to Chinese authorities' specifications is more than just censorship.

It's active participation in the Chinese government's efforts to repress and undermine Tibetans, democracy advocates, people of faith, and anyone working for freedom and human rights.

By censoring search results on critical topics such as "Tibet," you are promoting Beijing's wildly distorted version of history and truth. This is indefensible.

Under China's totalitarian regime, the internet is a critical tool for people seeking justice. Your decision to help the Chinese government thwart this effort renders your motto "Don't be evil" an ironic joke.

Please re-read your "Ten Things" company principles and do the right thing by ending your partnership with the Chinese government.

ActionNetwork points out, "Under China's totalitarian regime, the internet is a critical tool for Chinese citizens and Tibetans to improve their political situation.

"Google has become an active partner in the Chinese government's efforts to repress their own citizens along with Tibetans, Uighurs, Falun Gong practitioners, and anyone else standing up to Chinese authorities and demanding human rights and self-determination."

(Thanks, Mingma)

Boing Boing has an item featuring pix from Telendro showing protesters from Students for a Free Tibet demonstrating in front of Google's HQ and, "Paul Boutin has discovered that one way to thwart internet filters is too spel yur serch qweries inkorreckly," it says going on:

"Over at News.com, Declan McCullagh reports that Google.cn not only omits politically sensitive material, but 'goes further than similar services from Microsoft and Yahoo by targeting teen pregnancy, homosexuality, dating, beer and jokes'.

And there are loads more items. Just Google them.

What about Sergey and Larry?

They have their lawyer, Andrew McLaughlin, claiming on the Google blog that it's all about creating, "a great experience for our users" because, "Google users in China today struggle with a service that, to be blunt, isn't very good".

The problem, "could only be resolved by creating a local presence, and this week we did so, by launching Google.cn, our website for the People's Republic of China. In order to do so, we have agreed to remove certain sensitive information from our search results. We know that many people are upset about this decision, and frankly, we understand their point of view. This wasn't an easy choice, but in the end, we believe the course of action we've chosen will prove to be the right one."

Stay tuned.
http://p2pnet.net/story/7764

 

Apple iTunes U marketing plan

p2p news / p2pnet: America's famous Stanford may have been among the first of the major American universities to be sucked in by one of Apple's cleverest marketing ploys for iTunes.

But it won't be the last, not if Steve Jobs can help it because Apple has launched a, "nationwide expansion of a service that puts course lectures and other educational materials online and on-the-go via Apple's iTunes software," says the Associated Press.

Jobs' thinking may have been, "Since we've already talked a few of them into adopting our iPod music player as 'essential classroom technolgy,' who knows, maybe we can get away with it with iTunes as well?!"

Not that the underlying theory behind using teaching institutions and their staffs for corporate sales and promotions is anything new. The entertainment cartels have been doing it for years.

It seems Apple has been working with six universities on the "educational program" and is now, "inviting other universities to sign up".

The University of Missouri was already offering lecture podcasts through the school network, says the story, "But 'Tunes U' offered a software and service package - in Apple's reputedly easy-to-use interface - all for free, said Keith Politte, the development officer at the university's School of Journalism."

For free? Heh

Apple is also using Stanford as a promotional vehicle.

"For instance, Stanford University, which joined the pilot program last fall, gives the public free access to not only some lectures but also audio broadcasts of sporting events through its iTunes-affiliated site," says the story, adding:

"And it only takes a slight movement of the mouse to go from a university's section of iTunes to a link to the commercial site, where songs are sold for 99 cents apiece, and TV shows and music videos are sold for $1.99 a pop."

And therein lies the tale.
http://p2pnet.net/story/7762

 

Interview: Bot Buster Merrick Furst
botnet Botnets or bot armies are large networks of thousands of machines under the control of an attacker who could potentially use the computers for criminal activities including stealing financial information and proprietary data stored on a computer. One of the biggest bot busters is Dr. Merrick Furst, distinguished professor and associate dean at the College of Computing at Georgia Tech. Dr. Furst has been tracking botnets for the last two years, researching how they are created, how they speak to each other, and how big the problem is.
______________________________________________________________________

Q&A: Bot-Buster Merrick Furst

The associate dean at Georgia Tech’s College of Computing says botnets are today’s top security threat.
January 27, 2006

The Internet worm Zotob that crashed computer networks at major companies including The New York Times and credit card company Visa brought into focus the danger of bots. Short for robots, bots are computers that have been infected by worms, viruses, or spyware so they can be controlled externally by a hacker (see Zotob Costs $97K per Company and Top Security Trends for 2006).



Botnets or bot armies are large networks of thousands of machines under the control of an attacker who could potentially use the computers for criminal activities including stealing financial information and proprietary data stored on a computer.



Because of the potential of bots to do great harm, law enforcement has gone on high alert. Their efforts appear to be paying off. On Monday, Jeanson James Ancheta, a 20-year-old in Downey, California, pleaded guilty to hijacking thousands of computers. The hacker launched destructive attacks and sent huge quantities of spam across the Internet.



Mr. Ancheta made about $60,000 in advertising affiliate proceeds through the surreptitious installation of adware on about 400,000 compromised computers, said the assistant U.S. attorney’s office at the Department of Justice in California.



One of the biggest bot-busters is Dr. Merrick Furst, distinguished professor and associate dean at the College of Computing at Georgia Tech. Dr. Furst has been tracking botnets for the last two years, researching how they are created, how they speak to each other, and how big the problem is.



During October, the College of Computing spun off a startup called Damballa, named after the most-important god of the voodoo religion.



Dr. Furst, who is also the president of Damballa, worked with the FBI on the Zotob case and helped federal investigators track botnets. In an interview with Red Herring, he said botnets are being generated at an astounding rate and traditional methods to fight them are proving ineffective. Below are edited excerpts of the conversation:



Q: How big do you think is the problem of botnets?

A: More than a quarter-million new machines are conscripted every day by bots. We are currently tracking 10 million machines that we think are infected. And these machines are spread all over the world though we find a large number to be in Asia. There are lots of machines in Asia running pirated software, so they’re not getting the latest security patches and these computers can become bots.



In the U.S., 25 percent of bots that we see are AOL machines and 10 percent are MSN machines. Bots spread through worms and viruses that carry them. During a typical seven-day period we found we were tracking over six bot armies that were forming and each of these armies had thousands of computers.



We found 700,000 computers infected during the last few months. In a typical month, there are about 6,000 command-and-control points up and running. It is how a botnet master talks to the bot armies. It like an HQ [headquarters] for the botmaster.



Q: What are these botnets being used for?

A: Bot armies have become platforms for carrying out criminal fraud. One bot that is acting alone will pick up all the keystrokes that you type and it will send a snapshot of the screen to the botmaster so he can see a slideshow of what you are doing on your computer terminal. More than 80 percent of spam is being sent by bot armies since they are hard to pick up by spam filters.



Bots are being used for denial of service attacks. A botmaster will have 100,000 machines at command, and can use them to launch these attacks. They even use bot armies to commit click fraud. Phishing email comes from bot armies. There’s been a big transformation over the last year and a half. People are learning how to make money using the botnets and it makes it very dangerous.



Q: How effective are the traditional approaches to combating the problem?

A: They are obviously not that effective since we think there may be 75 million machines affected worldwide. Normally, people try to protect individual machines. They have standard, traditional methods for protection, which is signature-based protection or behavior-based methods.



The problem is that botmasters defeat those. They keep building new software so signature-based protection doesn’t work and they have more machines available. So they can divide their resources up and keep their messages under the threshold that will be flagged by behavior-based networks.



Q: How does your startup, Damballa, tackle the botnets issue?

A: We have taken a nonconventional approach. We studied how these bot armies communicate with each other and the patterns they have. We have been monitoring networks so we can pick up the formation of these armies. Imagine if you could listen in on all the interactions that computers are having and recognize that some of those are about forming a bot army.



Our customer right now is the government, which is worried because these bots can be direct threats against infrastructure. They can be used to take out cellular networks through distributed SMS attacks and used to direct anonymous threats.
http://www.redherring.com/Article.a...tor=Industries&\1subsector=SecurityAndDefense

 

NTFS Performance Hacks
tips One way of improving the performance of your Windows XP machine is to tweak the NTFS file system. In certain scenarios, simple changes can make a big difference; that's because hard disks are often a primary bottleneck in today's machines, which have fast processors and lots of memory. Let's look quickly at ten ways you can boost performance using NTFS (or not using NTFS) on Windows XP.
______________________________________________________________________


NTFS Performance Hacks
by Mitch Tulloch
02/08/2005

"Are we there yet?"

"No."

"Are we there yet?"

"No!"

"Are we there yet?"

"NO!!"

"Are we--"

(Lock-Nah stabs a knife between Alex's fingers.)

"Wow, that's amazing! Perfect aim!"

"What are you talking about? I missed!"

That dialogue, between Alex O'Connell and Lock-Nah in The Mummy Returns, is a simple joke but still one of my favorites. It also reminds me of how impatient most of us are nowadays when it comes to how technology performs. And when it comes to computers, the questions often become Has it booted yet? Has it loaded yet? Has it finished searching yet?

One way of improving the performance of your Windows XP machine is to tweak the NTFS file system. In certain scenarios, simple changes can make a big difference; that's because hard disks are often a primary bottleneck in today's machines, which have fast processors and lots of memory. Let's look quickly at ten ways you can boost performance using NTFS (or not using NTFS) on Windows XP.
1. Disable Short Filenames

By default, NTFS creates an 8.3 filename every time it creates a long filename, which adds a bit of time to the file creation process. To speed things up, you can disable short filenames using the fsutil command:

fsutil behavior set disable8dot3 1

Restart your machine for this to take effect. A couple of caveats:

* You'll typically notice a performance difference only on drives that have a very large number of files (300,000 or more) but relatively few folders, and where a lot of your files have names that start similarly (for instance, NTFS Performance Hacks version 1.doc, NTFS Performance Hacks version 2.doc, and so on). That's because if you have a lot of files that start with the same characters in their filenames and occupy the same folder, NTFS has to work harder (and take more time) to generate unique 8.3 names for these files.
* If you have an older version of Microsoft Office or some older third-party apps, they may not work properly if 8.3 names are disabled. So test first before you mass-implement this hack.

2. Name Your Files Appropriately

Let's say you can't disable 8.3 filenames because of older software on your machine. You can still improve NTFS performance by choosing a naming scheme for your files so that files located in the same folder differ at the start of their names instead of at the end. So for example, instead of

NTFS Performance Hacks version 1.doc
NTFS Performance Hacks version 2.doc

and so on, you might name your files

1 NTFS Performance Hacks.doc
2 NTFS Performance Hacks.doc

and so on.

That way NTFS won't have to work so hard to generate a unique 8.3 name for each file in the folder.

Related Reading
Windows Server Hacks

Windows Server Hacks
100 Industrial-Strength Tips & Tools
By Mitch Tulloch
Table of Contents
Index

Read Online--Safari Search this book on Safari:


Code Fragments only
3. Use More Folders

If you frequently need to open, close, create, or delete certain types of files, keep the number of such files in each folder small. In other words, if you have a lot of these files, create additional folders to spread them out between folders. If this isn't practical for some reason, then the first two hacks above can help compensate for having too many files in one folder.
4. Use More Partitions

In Windows 2000, when you partition a large disk (50GB or more, say) into several smaller NTFS volumes (10GB each), you can speed disk performance by up to 10 percent. NTFS on Windows XP has been improved to perform better overall, but you can still squeeze a percent or two of better performance out of a large disk by partitioning it into several smaller volumes.
5. Plan Your Cluster Size

The default cluster size on NTFS volumes is 4K, which is fine if your files are typically small and generally remain the same size. But if your files are generally much larger or tend to grow over time as applications modify them, try increasing the cluster size on your drives to 16K or even 32K to compensate. That will reduce the amount of space you are wasting on your drives and will allow files to open slightly faster.

Two caveats, though:

* If you want to compress older files to save disk space using NTFS compression, you have to leave the cluster size at 4K.
* The smaller your files (compared with the cluster size), the more fragmented your volume will tend to become over time.

The second caveat means that you should also ...
6. Defragment Regularly

Fragmented drives increase the time it takes for applications to open, close, create, or delete files. A good practice is to use Windows XP's Disk Defragmenter tool to defrag your drive at least once a week, especially if you run applications that frequently modify files and you have a lot of files on your drives. If you like, you can use the Scheduled Task Wizard to automate this process. See How to Automate Disk Defragmenter Using Task Scheduler Tool in Windows XP in the Microsoft Knowledge Base for instructions.
7. Reserve Space for the MFT

NTFS on Windows XP improves performance of the Master File Table (MFT) over Windows 2000 by not placing some of the MFT metadata files at the start of the disk. This enhancement alone can boost NTFS performance on Windows XP by up to 10 percent over Windows 2000. But you can squeeze out even better performance by ensuring that your drive has enough room for the MTF to grow if it has to. This will prevent the MTF from becoming fragmented, which is important because the Disk Defragmenter tool can't defragment the MFT.

By default, Windows XP reserves 12.5 percent of each NTFS volume (an area called the MFT zone) for exclusive use of the MFT. So if you plan to store tons of small files (under 8K, say) on your volume, your MFT may run out of space before your volume's free space does, and the result will be MFT fragmentation. To prevent this from happening, you can reserve additional space for the MFT using the fsutil command:

fsutil behavior set mftzone 2

This doubles the size of the reserved MFT zone to 25 percent of the volume. Of course, this means you lose 12.5 percent of the free space used to store files themselves, so there's a trade-off to consider when implementing this change. You can even make more aggressive changes using set mftzone 3, which reserves 37.5 percent of the volume for the MFT, or set mftzone 4, which reserves a whopping 50 percent. These extreme settings are only useful, however, if you have zillions of files, each smaller than about 1K.

To reset the MFT zone size according to your needs, do the following:

1. Run the fsutil command as described previously.
2. Reboot your system.
3. Create the volumes you need.

To return to the default behavior of reserving 12.5 percent of each volume for MFT, use the fsutil behavior set mftzone 1.
8. Disable Last Access Time

By default, each file and folder on an NTFS volume has an attribute called Last Access Time, which records the last time the file or folder was opened, read, or changed. This means even when you read a file on an NTFS volume, a write action occurs on that volume too. Normally this isn't a problem, but if you have an application that tends to frequently access files for short periods of time, this feature of NTFS can really slow performance. Fortunately, you can use fsutil to disable writing to the Last Access Time attribute:

fsutil behavior set disablelastaccess 1

Once this is done, the Last Access Time attribute for newly created files will simply be their File Creation Time.

One caveat: disabling Last Access Time may affect the operation of backup programs that use the Remote Storage service.
9. Turn Off (or On) the Indexing Service

Whether you enable or disable the Indexing Service on Windows XP depends on your needs. If you search for files on your hard drive only rarely, it's probably best to leave Indexing turned off, since it adds a slight overhead to NTFS operation and also uses up disk space to store the catalog. But if you search for files on your hard drive frequently (and need to search the contents of files as well) then turn Indexing on, as it will speed the search process considerably.
10. Use FAT32 for the Paging File

Finally, if you have a second physical disk in your machine, you can boost performance by moving your paging file (pagefile.sys) onto your second drive. To make this work best, do the following:

1. Create a volume on your second drive, making sure the volume is big enough to hold your paging file. (Three times your RAM amount will be more than enough.)
2. Format the new volume using FAT32 instead of NTFS, since FAT32 gives slightly better read performance on smaller volumes.
3. Don't create any additional volumes on your second drive--that is, leave this drive for exclusive use by the paging file.

So in other words, our final NTFS tweak is to not use NTFS for your paging volume.

Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.

http://www.windowsdevcenter.com/pub/a/windows/2005/02/08/NTFS_Hacks.html

 

Exploit targets Winamp flaw


By Dawn Kawamoto
Staff Writer, CNET News.com
Published: January 30, 2006, 9:28 AM PST
Tell us what you think about this storyTalkBack E-mail this story to a friendE-mail View this story formatted for printingPrint

An exploit that takes advantage of an "extremely critical" flaw in Winamp could lead to malicious attackers taking remote control over a user's system, according to a security advisory released Monday by Secunia.

The vulnerability is found in the latest version of Winamp 5.12. Earlier versions of the media player may also be affected, the security firm said.

"Winamp used to be the world's most popular MP3 player and is still quite popular, but as Windows Media Player has gotten better, some users have migrated over," said Thomas Kristensen, Secunia's chief technology officer.

Secunia is advising people to uninstall the player until America Online division Nullsoft, the maker of Winamp, develops an update for the flaw, especially as exploit code is circulating on the Internet.

"We aren't aware of any systems that have been compromised yet, but it's likely to happen since there's exploit code out," Kristensen said.

The vulnerability could be exploited when a Winamp user visits a malicious Web site and a tainted media file is launched onto the person's system. A buffer overflow is triggered, which allows the attacker to take control of the computer without being constrained by security measures, Kristensen noted.

The flaw was initially discovered by AtmacA.

The vulnerability is not the first to be found in the Winamp software. In late 2004, a highly critical flaw was found in the playlist files for the Winamp player.

http://news.com.com/Exploit+targets+Winamp+flaw/2100-1002_3-6032787.html?tag=nefd.top

 

HP debuts water-cooling system


By Stephen Shankland
Staff Writer, CNET News.com
Published: January 29, 2006, 9:00 PM PST
Tell us what you think about this storyTalkBack E-mail this story to a friendE-mail View this story formatted for printingPrint

Hewlett-Packard plans to begin selling a water-cooling system next week to address the power and heat problems that new technology inflicts on computer administrators.

The Modular Cooling System attaches to the side of an HP rack of computing gear, providing a sealed chamber of cooled air separated from the rest of a data center, said Paul Perez, vice president of storage, networking and infrastructure for HP's Industry Standard Server group.

"We used to talk to IT" when approaching customers, Perez said. But because of the power issue, "now we're talking to IT and facilities together. The customers ask, 'What should our power budget be over next three years?' After the sticker shock for energy costs, they say, 'How is HP going to help get the cost down?'"
liquid cooling

The system lets a rack consume as much as 30 kilowatts of power--about three times what would be possible otherwise--without posing problems to a data center's cooling systems, Perez said. However, the cooling system also requires a connection to an external chilled-water system to cool its water.

Liquid cooling, used in vintage computers from companies such as Control Data Corp. and Cray, is experiencing a comeback because of new technology challenges. Processors are consuming more electricity and being packed more densely, and electricity costs to pay for that power and for air conditioning have been increasing.

Chipmakers and server makers are working on improving computers' performance per watt, but in the meantime, liquid cooling can help. Blade server maker Egenera, IBM and Silicon Graphics offer cooling systems that chill air pumped out of the back of a computer rack. HP's system, by contrast, recirculates the same air within that rack, Perez said.

A successor to the modular computing system will chill the air of an entire row of racks, Perez said. That product is due out by the end of the first quarter of 2007.

Liquid cooling means administrators require new expertise, and the cooling system won't appeal to everyone, Perez said. But he's bullish about its prospects: "I don't think you'll see tens of thousands of these things in the immediate future, but can say we've revised our forecasts upward 3 or 4 times in last few months," he said.

The cooling system, expected to be launched on Feb. 6, requires HP's 10000 G2 Universal Rack, a new $1,200 model that replaces seven nonstandard rack models the company used for its products until now. For example, a customer using ProLiant x86 servers and Integrity Itanium servers would have had to purchase separate racks for each type of equipment, Perez said.

Later this year, HP plans to release a cooling system retrofit kit so it can be attached to the older 10000 G1 racks, used to house ProLiant servers, Perez added.

HP's remote monitoring software can be used to control the cooling system and capture alerts for events such as overheating.
http://news.com.com/HP+debuts+water-cooling+system/2100-1010_3-6032443.html?tag=nefd.top

 

Gates' answer to the $100 laptop

p2p news / p2pnet: There's a 21st century system purpose-designed help put millions of poor people, with the emphasis on children, in touch with each other and the rest of the world.

It's the Massachusetts Institute of Technology Media Lab's $100, Linux-powered wireless laptop, and you'd think the various tech companies, already far richer than the most of the countries they'll eventually be fighting to supply, would be falling over themselves to get involved.

But that's not the way it is, as the New York Times' John Markoff stresses.

In fact, since Media Lab head Nicholas Negroponte unveiled his One Laptop Per Child prototype, he's, "found himself wrestling with Microsoft and the politics of software," says Markoff's story.

'Yar boo sucks' was a school-boy expression popular in some older UK comics. Translated, it becomes, roughly, 'Fck You!' - which is more or less what Bill and the Boyz seem to be saying to Negroponte.

"He failed to reach an agreement with Microsoft on including its Windows software in the laptop, leading Microsoft executives to start discussing what they say is a less expensive alternative," says the NYT, "turning a specially configured cellular phone into a computer by connecting it to a TV and a keyboard".

Microsoft vp and cto Craig J. Mundie said although Microsoft was still developing the idea, "both he and Mr. Gates believed that cellphones were a better way than laptops to bring computing to the masses in developing nations". And that's because in places where TV's are already common, "turning a phone into a computer could simply require adding a cheap adaptor and keyboard".

Negroponte's $100 hand-cranked laptop has the United Nations behind it, and Quanta Computer, the company that's actually making it, says it'll start shipment in the fourth quarter of 2006, "and turn out five to 15 million US$100 laptop computers each year".

And it'll run on an AMD (Advanced Micro Devices) chip.

The NYT says Negroponte's Media Lab research group had, "experimented with the idea of a cellphone that would project a computer display onto a wall and also project the image of a keyboard, sensing the motion of fingers over it. But the researchers decided the idea was less practical than a laptop."

Gates, meanwhile, hasn't even decided much his as-yet undeveloped phone would cost.

Negroponte said he'd, "raised $20 million to pay for engineering and was close to a final commitment of $700 million from seven nations - Thailand, Egypt, Nigeria, India, China, Brazil and Argentina - to purchase seven million of the laptops," says the story, adding:

"According to several people familiar with the discussions, Microsoft had encouraged Mr. Negroponte to consider using the Windows CE version of its software, and Microsoft had been prepared to make an open-source version of the program available.

"Steven P. Jobs, Apple's chief executive, had also offered a free version of his company's OS X operating system, but Mr. Negroponte rejected that idea because the software was largely not open-source, meaning users could not get free access to software and its source code, which they could then modify."

"I chose open-source because it's better," Markoff has Negroponte saying. "I have 100 million programmers I can rely on."
http://p2pnet.net/story/7766

 

Microsoft"reseller"gets two years in jail for a US$20 sale

1/30/2006 10:55:12 AM, by Nate Anderson

Back in 2004, there was some alarm in the Windows community over an Internet leak of the source code to Windows 2000 and NT. The hype died down once it was realized that the code was incomplete and did not include anything from XP. The identity of the leaker was never ascertained. The code was widely distributed over the Internet, and many curious geeks took a look just to say that they had done so. No one was charged with a crime in the case—except for one man, William P. Genovese, Jr.

Genovese, who went by online nickname "illwill," ran a popular hacking site called illmob.org. He soon got his hands on the code, but unlike most people wasn't content simply to look. He posted the code to a private, password-protected FTP site and then ran the following message on his web site: "win2000 source code jacked . . . and illmob.org got a copy of it . . . im sure if you look hard you can find it or if you wanna buy it ill give you a password to my ftp." Besides disqualifying Genovese from future employment as a proofreader, the note caught the eye of an investigator hired by Microsoft to investigate the leak. He then proceeded to purchase the code from Genovese for—seriously—US$20. He then contacted the government, who had an FBI agent do the same thing.

So Genovese (who was then 28) was arrested for selling trade secrets. He got his day in court, where he argued that the restriction on publishing trade secrets was a violation of his First Amendment right to free speech. He also claimed that since he had found the code on the Internet, he could not possibly have known that it was still a trade secret. The judge was having none of it, pointing in fact to Genovese's web posting to prove that he knew such material was not freely available to the public.

Last Friday, the judge sentenced Genovese to two years of jail time, followed by three years of court supervision, during which Genovese's computer use will also be monitored. Is the sentence fair? Two years of your life is certainly a high price to pay for making forty bucks off of some code that you did not even steal, but Genovese's long string of petty crimes (spray-painting a bridge, multiple thefts, etc.) certainly didn't help his case.

Microsoft no doubt hopes that a tough sentence will deter future thefts of its source code. They did not get everything they wanted from the judge, though—a request for US$70,000 from Genovese (presumably for legal and investigative costs) was denied.
http://arstechnica.com/news.ars/post/20060130-6075.html