A few media sources seem to be picking up a press release from the University of Michigan.

http://www.ns.umich.edu/htdocs/releases/story.php?id=6666

This reports on “CloudAV,” a project and series of papers about having antivirus  etection run “in the cloud” rather than on the PC.

http://www.eecs.umich.edu/fjgroup/cloudav/

As usual, there seems to be some misunderstanding about what is going on here.   CloudAV is not really a new approach, it is simply the use of multiple scanners, which the  AV research community has advocated for years.  It’s like having a bunch of scanners installed on your desktop, or a system like Virustotal, with the exception that the scanners run on different computers so you get a bit of performance advantage (absent the bandwidth lag/drain for submitting files to multiple systems).

I’m a dinosaur.  I freely admit it.  I use computers for far too long.  I use programs for even longer.

My word processor of choice is WordPerfect.  Version 4.2.  It does what I need, since most of what I do in terms of writing has to do with actual writing.  In other words, words.  Text.  I don’t care much about graphics, desktop publishing (does anyone even know what that means anymore), or mindmaps.  I’ve been using WordPerfect since 1985, although I admit I’ve moved up from 4.1 to 4.2 in the early days.  My wife uses a much more advanced version: she uses 5.1, since she does more with actually printing stuff out.
Over the years I’ve had to learn a few tricks to get WordPerfect to run, and print, with various versions of MS Windows.  (I’ve actually got a copy of WordPerfect Office 8 for Windows around, but it really was kind of a step backwards, so we’ve never really used it.)  Recently the (very old) HP LaserJet 4L that we’ve been using (for quite some time) started printing messy pages.  It was the advice of people in the printer biz that it would be cheaper to buy a new printer than to have the old one cleaned.  Since a new HP LaserJet P1005 was slightly less than $60 (getting a USB cable for it cost almost half again as much, and getting a new cartridge for the thing is even more) this seemed to be the case.

So, my Scottish soul bemoaning the fact that I was sending an almost-perfectly-good printer to the recycling centre, I got a new printer, and installed it.  The print quality is fine (slightly better than the old machine) and it even prints faster.  Under Windows, it’s just fine.

As I said, I’ve had to learn a few tricks over the years to keep the old proggie printing, so I knew about “net use lpt1:.”  DOS programs want to use the old parallel and serial ports, and desktop printers don’t come with those ports anymore: they all use USB.  So you have to install the printer, and then fake DOS out by redirecting the LPT1: output to the installed printer.  Set it up, fired up WordPerfect for a test, and tried a page.  Nothing.

Opened up the print queue and watched.  Job went to the print queue all right, stayed for about a minute, disappeared without an error–and nothing came out of the printer.  “Net use” is obviously working, but the printer isn’t.
Asked for help from HP.  Got back a message saying to turn on Microsoft Loopback Adapter.  Even had detailed instructions on how to do it.

Trouble is, MLA is only useful if you haven’t got any kind of a network.  The “net use” stuff won’t work if you haven’t got a network, so using MLA kinda pretends you’ve got a network, so the redirection stuff works perfectly happily.  (Is it just me, or is there something wrong with a technology that requires you to hack your own system to use basic and normal functions?)  Since everybody who has a high speed connection to the Internet these days (and that is a pretty large majority) has a “local” network, MLA is pretty much unnecessary.  So I replied back to HP thanking them and explaining
why their workaround didn’t help much.  Got back a snarky reply saying that they were just trying to help, and telling me to do it again.  No help from HP, then.

Turned to friends.  (Probably where I should have started in the first place, right?)  Got some suggestions to use PRN2FILE (old and free), DOS2PRN (newer and shareware), and Printfil (newer and very commercial).  All of these basically do the same thing as the “net use” command, so they didn’t help very much.

Another friend looked to the online documentation at HP.  (You don’t get any documentation with printers anymore.  Not even for the installation.  If I hadn’t installed an HP combo scanner a few years back I wouldn’t even have known that you have to install the software and start the setup running before you connect the printer.  HP doesn’t even include a sheet telling you that anymore.)  As far as he was concerned it should work, since the printer I had did support the HP PCL.  Unfortunately, the documentation isn’t very good on versioning.  You see, there is not only an HP LaserJet P1005, there is also an HP LaserJet 1005, as well as an HP LaserJet 1500 series.  The HP LaserJet P1005 doesn’t have PCL.  I’d bought a (*&^@#+”~ Winprinter.

OK, that’s it. right?  Game over.  You can’t make a Winprinter, which basically expects a bitmap from MS Windows, to print anything else.

Not quite.

Enter yet another friend with a pointer to http://www.columbia.edu/~em36/wpdos/winprint.html#usbprint.  Good old Columbia U.  (Good people at Columbia.  They brought us Kermit.  You’ve never heard of Kermit?  Kids these days …)  Starting there, I eventually found http://www.columbia.edu/~em36/wpdos/v5macroanyprinter.html.  I mean, how particular do you need to get?  Not only is it specifically for WordPerfect version 5.1, it even has a Ghostscript printer driver, and the macros to make it all happen with one keystroke.  Beauty job, guys.

I should also mention the Ghostscript and Ghostgum people.  I’ve actually been aware of those programs for some time.   I used to use them for reading PDFs, since it was generally quicker and more useful to use them than the Adobe reader products.  (I haven’t been able to turn WordPerfect docs into PDFs just yet: something odd with the GSviewer macro, but at least I know it’s possible.)

There’s always more than one way to skin a computerized cat …

I recently added a contact to my BlackBerry PIN network. The contact was informed of this via an email, and then went on to reply (accept) to this email based invitation.

The response sent from his blackberry was not visible in his “sent” folder, nor was it visible in my “inbox” as apparently BlackBerry has the ability to secretly delete emails as soon as they are processed - thus making it do things a bit “under the radar”.

It’s not yet clear to me how difficult it is to do this manually - adding of a contact to your BlackBerry PIN list - but here are some clues on the email mechanism. Apparently, you need to include in the subject and in the beginning of the message body (subject works in most cases - html appears to behave differently) the following string:

< $RemoveOnDelivery,SuppressSaveInSentItems>

You can combine the above in the subject line with confirm, which will cause BlackBerry to send back a delivery confirmation, combined with the deletion and suppression of saving the item:

< $confirm, RemoveOnDelivery,SuppressSaveInSentItems>

2007 was the brazilian Christmas for laptops, definitely. Finally the prices are reasonable in retail stores, now one can buy a basic laptop for about R$1.600,00 (about US$950). That’s expensive for a 256MB / 512MB Celeron PC, but hey, that’s much better than feeding the parallel market of “contrabando”.

As a side effect, more Muni Wi-Fi and similar initiatives are emerging in the last few months. The last one came to my attention yesterday: Wi-Fi in Copacabana beach.

Sounds cool, huh? Caipirinhas, lots of hot girls in fio dental, and Wi-Fi (you geek!). Don’t do it, man.

Burglars in Brazil are smart, so be a ninja with your laptop in Brazil. Let your Targus bag at home, it looks like “hey I have a laptop, please steal it from me Mr. Bag Guy”. Be a ninja with other gadgets like iPods, digital cameras and cell phones too. Nothing in your belt too, Mr. Batman.

Wi-Fi in malls is relatively safe, just take care when you’re leaving the place, looking back is always good. Airports are safer, but take care in your way to the hotel, when you’re waiting for a taxi. Recently a gang was arrested, they were specialized in laptops. You know, it’s easy to know you have a laptop because people help burglars a lot: suits and backpacks (specially Targus and other mainstream brands) don’t mix.
Another tip: the vast majority of hotspots in Brazil are associated to Vex, so purchasing some credits before you leave your country in a safe network would be interesting. Another tip, actually a homework before you leave your country: backup your data, protect your HD with a password if available, encrypt the file system, have your VPN set.

Via: Praia de Copacabana deve ter rede Wi-Fi até junho (FolhaOnline 01/02/2007)

This report of F-Secure’s Mika Ståhlberg states that MicroVault USM-F fingerprint reader software shipped with that Sony USB stick installs a driver that is hiding a directory under C:\Windows.

And - reportedly the guys of FS research laboratory

also tested the latest software version available from Sony at www.sony.net/Products/Media/Microvault/ and this version also contains the same hiding functionality. [added a hyperlink]

Hmmm - time to wear my white T-shirt with text familiar to many readers - “Most people don’t even know what a rootkit is, so why should they care about it?”

I’d expect this from new software companies, maybe. But the big ones seem to keep doing this.

Default passwords, especially in widely distributed devices, are bad. No, really. Enough with these already.

iPhone Root Password Cracked
We managed to obtain and crack the hashs of the user passwords for the iPhone OS. More information could be found at our development Wiki here (link removed).

Edit: cause you digg people broke the poor wiki:

The password for root is “alpine”
The “mobile” user accounts password is “dottie”

Is it sick to have root pasword to all iPhones worldwide? Well not really, there is no terminal yet to login

http://www.hackint0sh.org/forum/showthread.php?t=1323

Gadi Evron,
ge@linuxbox.org.

Saar Drimer and Steven Murdoch, members of Security Research Team of University of Cambridge Computer Laboratory have introduced their detailed analysis entitled “Chip & PIN (EMV) relay attacks”.

Link to the very interesting blog posting is here. Picture of the credit card, ‘fake terminal’ and their device included.

These researchers are the guys behind the Chip & PIN terminal playing Tetris too, YouTube video (49secs) here.

In the public hacking world, so far we have mostly seen USB technology from security vendors… not the attackers side.

A few years ago we had discussions on pen-test, and later bugtraq and FD on these risks, following an article in 2600 and a post from me on the Risks Digest. On pen-test, Harlan Carvey and others also followed up.
Since then there have been multiple threads everywhere. This was not new back then, either, imo.

Back then I mainly addressed the risk of driver attacks (now more acknowledged since blackhat 2005 and blackhat 2006 presentations on the subject appeared), and didn’t get much attention. Hackers did not know USB technology that well and most did not see what the heck drivers had to do with it.

What did come up were the risks of autorun technology (which is a simple solution to making USB devices execute code). These were not as easy as they first appeared, and did not work if WIndows XP’s screen saver was active. Still, things were interesting and my fav quote of: the janitor is the richest person in the organization, got some interest.

Today, with several USB buffer overflow discovered (mostly in the Linux kernel) and driver attacks getting more attention, I came across the following blog entry by Xavier Ashe.

In his blog he discusses a USB autorun technology which is actually an hacking tool, (more…)

The cute device Knows Your Name Elmo, has been recently hacked to say bad things as ELMO EAT WHALE AND SEAL.

I am sure this isn’t a sesame street approved sentence

For now the the hacking of the device is pretty crude, and many details on its inner workings are still missing, but with time the customization options on this device are bound to become available.

I am waiting for a coffe making device that will do my bidding, but a Elmo coffe making device will be also great

More details at this link.

SonyxTeam has released a downgrader for the PSP. The downgrade works by exploiting a buffer overflow in libtiff which resides in PSP’s toc2rta 2.0. The downgrade utilizes the overflow as there is no other way to run non-Sony approved software on the PSP 2.0. The downgrade opens up the PSP device to independent software development for Sony’s device which hasn’t been Sony-approved.

In my opinion this is the first time a buffer overflow has been used for “good“, i.e. execute a good piece of software, rather than for “evil“, execute a bad piece of software. It would be interesting to see how would Sony react to this, and whether this will speed Sony’s responsiveness to software vulnerabilities found in their product.

Although the article isn’t new, it is still good reading material to those that are looking into implementing some sort of RFID for security or identification.

“The Texas Instruments DST tag is a cryptographically enabled RFID transponder used in several wide-scale systems including vehicle immobilizers and the ExxonMobil SpeedPass system. This page serves as an overview of our successful attacks on DST enabled systems. A preliminary version of the full academic paper describing our attacks in detail is also available below.”

To summarize the article you can do almost anything with their DST simulator and reader:

• Sniff a DST tag in a victim’s pocket
• Crack the key in a DST tag
• Start a car
• Buy gas

Now that I have your attention well Commwarrior is a worm that is spreading to Bluetooth based Cellular phones. Actually it spreads to Symbian Series 60 devices using MMS and Bluetooth communication.

MMS, for those that don’t know, stands for “Multimedia Messaging System”, a younger brother of SMS, that allows 3G cellular phones to send short sounds, movie clips and other multimedia as a message that looks like SMS, using the Internet Message Format (RFC 2822) . MMS starting to be highly popular like many other gimmicks of the 3rd generation and the world of cellular phones.

Anyway, as far as I could find, there are two versions of Commwarrior, both of them spread by “Virtual Sex”. It does so by looking for Bluetooth phones near by, and sending them infected SIS file. The SIS files that Comwarrior sends are named with random file names, so you can’t just ignore a certain file name and be safe.

Regardless of Bluetooth, the worm also tries to send MMS with itself to all of the phones listed on the contact/address books.

Here some details from F-Secrue about the worm:

The Comwarrior contains the following texts:

CommWarrior v1.0 (c) 2005 by e10d0r
ATMOS03KAMA HEAT!

The text “OTMOP03KAM HET!” is Russian and means roughly “No to braindeads”.

Replication over bluetooth

Comwarrior replicates over bluetooth in SIS files that have random name, the SIS file contains the worm main executable commwarrior.exe and boot component commrec.mdl.

The SIS file contains autostart settings that will automatically execute commwarrior.exe after the SIS file is being installed.

When Comwarrior worm is activated it will start looking for other bluetooth devices, and send a copy of itself to each of these phones one after another. If target phone goes out of range or rejects file transfer, the commwarrior will search for another phone.

The replication mechanism of Comwarrior is different than in Cabir. The Cabir worm locks into one phone as long as it is in range, and depending on the variant will either look another variant after losing contact or stay locked.

The Comwarrior worm will look for new targets after sending itself to the first target, thus it is able to contact all phones in range. And possible spreading faster than Cabir.

Commwarrior replicates over Bluetooth only from 08:00 to 23:59, based on the phone’s own clock.

Replication over MMS

Comwarrior replicates over MMS by sending MMS messages that contain infected SIS file to other users. The MMS messages contain variable text message and Comwarrior SIS file with filename commw.sis.

Unlike in bluetooth spreading the SIS file name is constant, otherwise the SIS file is identical to the one sent in bluetooth spreading.

The numbers where Commwarrior sends the MMS messages are read from the phone address book.

The comwarrior uses following texts in MMS spreading:

MatrixRemover
Matrix has you. Remove matrix!

3DGame
3DGame from me. It is FREE !

MS-DOS
MS-DOS emulator for SymbvianOS. Nokia series 60 only. Try it!

PocketPCemu
PocketPC *REAL* emulator for Symbvian OS! Nokia only.

Nokia ringtoner
Nokia RingtoneManager for all models.

Security update #12
Significant security update. See www.symbian.com

Display driver
Real True Color mobile display driver!

Audio driver
Live3D driver with polyphonic virtual speakers!

Symbian security update
See security news at www.symbian.com

SymbianOS update
OS service pack #1 from Symbian inc.

Happy Birthday!
Happy Birthday! It is present for you!

Free SEX!
Free *SEX* software for you!

Virtual SEX
Virtual SEX mobile engine from Russian hackers!

Porno images
Porno images collection with nice viewer!

Internet Accelerator
Internet accelerator, SSL security update #7.

WWW Cracker
Helps to *CRACK* WWW sites like hotmail.com

Internet Cracker
It is *EASY* to *CRACK* provider accounts!

PowerSave Inspector
Save you battery and *MONEY*!

3DNow!
3DNow!(tm) mobile emulator for *GAMES*.

Desktop manager
Official Symbian desctop manager.

CheckDisk
*FREE* CheckDisk for SymbianOS released!MobiComm
Norton AntiVirus
Released now for mobile, install it!

Dr.Web
New Dr.Web antivirus for Symbian OS. Try it!

Infection

When the Comwarrior SIS file is installed the installer will copy the worm executables into following locations:

\system\apps\CommWarrior\commwarrior.exe
\system\apps\CommWarrior\commrec.mdl

When the comwarrior.exe is executed it copies the following files:

\system\updates\commrec.mdl
\system\updates\commwarrior.exe

And rebuilds it’s SIS file to:

\system\updates\commw.sis

After recreating the SIS file the worm starts spreading over MMS.

Commwarrior replicates over MMS only from 00:00 to 06:59, based on the phone’s own clock.

For reference please look at:
F-Secure Commwarrior.A
F-Secure Commwarrior.B
MMS
rfc2822
Some Bluetooth stuff
Bluetooth specs

Good news from Lexar - one of the world’s bigger CompactFlash manufactures - as they start shipping their security oriented Lexar LockTight CompactFlash. Lexar’s LockTight CompactFlash support encryption and the ability to establish security settings on the memory card and digital camera to prevent unauthorized use - read and write - of the CompactFlash.

The encryption algorithm is said to utilize 160 bit encryption technology, using the SHA-1 (Secure Hash Algorithm), a standard approved by the NIST (National Institute of Standards and Technology).

The idea behind Tempest is not new, however, the website I found is - at least to me.

The website proposes the idea of playing an MP3 music file on your screen and listening it through your radio. Were the only “connection” between the two are the emissions transmitted by your CRT screen and the radio picking them up.

A nice solution built by MERL to prevent shoulder surfing is to display a flickering picture and provide glasses that would be able to filter out these flickers resulting in a dual image:

This means that the display that can only be viewed with magic glasses.

Although the solution is simple, you can use this to “encrypt/hide” data quite well - i.e. show someone one picture while the person with the special glasses sees another one.

The only draw back is that the glasses need to be wired to the screen, making the solution not very portable.

This would also give a whole new meaning to “I can’t work today as forgot my glasses at home”

News flash!
“There’s fully functional device known as Super PASS designed to play NDS Roms downloaded from the Internet with your Nintendo DS”.

Why is this important?

Well simple, if the previously suggested secure environment of the Nintendo DS environment has been cracked, I see no reason why the Microsoft’s Xbox 360 claims of uncrackable would hold any ground as Microsoft expects.

You can learn more about this Super PASS device at the following location: China Has Successfully Cracked Nintendo DS, 10 Latest Games Tried Out and here NDS games can now be played on your NDS device.