Sunday, November 13, 2005

Tech Tidbits: November's Fifteen-yard Penalties


Check out the comments on this item!The Register reports that the first Sony Trojan has been spotted. Sony's insidious DRM technology, uncovered and reported by Sysinternals guru Mark Russinovich, employs classic rootkit techniques to disguise itself and -- as a free bonus -- ruin your PC if you try to remove it.

Sony-BMG's rootkit DRM technology masks files whose filenames start with "$sys$". A newly-discovered variant of of the Breplibot Trojan takes advantage of this to drop the file "$sys$drv.exe" in the Windows system directory.


The line at the courthouse for filing class-action lawsuits probably looks like the queue for Epcot's new "Escape from Paris" ride.

Whoever said "any publicity is good publicity" is busy formulating a new phrase after Sony's debacle.

I received an email, which purports to be from Equifax, offering some credit-reporting services. Actually, I think it's legit, but since it violates all of my personal rules for email marketing, I marked it as spam in my filter. Here are a few of the yellow flags I threw:

  • Impersonating a valid domain name: okay, you're a financial institution. What's the first thing you do when you send email? How about use your real domain name as the from email address? Instead, these geniuses are using equifax-mail.com as the reply domain. Since rule #1 of the anti-phishing guide is to avoid domain names that don't exactly match that of the institution, I'm throwing a yellow flag.

  • Impersonating a valid domain name #2: Run your mouse over the link that these neurosurgeons want you to click on. It's http://equifaxmktg.com/equifax/10000/.... Once again, it doesn't match up with the institution's real domain name.

  • No security on the link: the URL above is plaintext, not SSL. Another yellow flag.

  • Sorry, Equifax. Figure out how to spam me with emails that actually look legit and I might take a gander.

    Throw another flag at Sony, this time for their DRM uninstaller. On his blog, Mark Russinovich notes that Sony's uninstall process is eerily hostile:

    # There is no way for customers to find the patch from Sony BMG’s main web page
    # The patch decloaks in an unsafe manner that can crash Windows, despite my warning to the First 4 Internet developers
    # Access to the uninstaller is gated by two forms and an ActiveX control
    # The uninstaller is locked to a single computer, preventing deployment in a corporation


    I've got a bunch of 'ous' words I want to use. Outrageous. Egregious. Ridiculous. Ludicrous. The sky is turning dark purple for Sony, as a hailstorm of lawsuits and civil actions is ready to cut loose.

    Throw a five-yard illegal formation flag at eBay. They've emblazoned their site with really cool Java Technology icons (subtitled, "Powered by Sun"). But techno-geeks note (courtesy of Netcraft) that Microsoft's IIS is running on a bunch of their boxes. Better yet, lots of their URLs indicate that they're still running ISAPI extensions to power critical functions:

    http://cgi4.ebay.com/ws/eBayISAPI.dll?ForgotYourPasswordShow...

    http://contact.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=ReturnUserEmail...

    Plus, according to Netcraft, the main eBay sites are still running Windows and IIS. C'mon, eBay, I want to see the logos of the technologies that really run the site! Anyone have a spare copy of Photoshop? I have a really neat 'Powered by ISAPI' logo in mind...

    No comments: