If you play a Sony music CD on your Windows computer, it installs a rootkit on your system, which introduces several security holes into the system that could be exploited by others, such as hiding any executable file that starts with '$sys$'. I guess this whole DRM thing is getting way out of control.
I have upgraded Drupal's spam module from version 2.0.3 to version 2.0.10. The sum of the upgrades allows me now to expire spam comments automatically, which finally ends the almost daily task of emptying the spam queue.
The work of Jeremy Andrews on this piece of software is impressive : new versions are delivired almost weekly, and sane feature requests get implemented at a very high rate.
It seems that my previous spam measurements were quite good, but also that the spammers have stepped up to the next level : comment spam. I already had to delete 7 spam comments last week, so I've decided to install Drupal's spam module. It contains a trainable Bayesian filter, manually entered custom filters, counting the number of URLs, and detection of content posted from open email relays.
The Bayesian filter does statistical analysis on spam content, learning from spam and non-spam that it sees to determine the liklihood that new content is or is not spam. Seems a bit like the spam filters included in Thunderbird.
Since a few months, my logfiles get filled with referrer spam : when you click a hyperlink on one web site, your browser passes to the next site the address of the page where you clicked the link. This is logged by the server hosting the next web site.
The referer information can be faked very easily. Some unscrupulous web site owners will arrange to have several computers access a particular web site with a referer that lists their own web site address. There are a number of ways to accomplish this (see below), but the result is that the web server logs of the targeted site will contain hundreds or possibly thousands of entries with the fake referer information. This is known as "referer spamming". Most referer spam infects blog comments, but in my case, only my logfiles are filled.
There are several solutions to this problem, mostly involving the RewriteCond directive of the Apache webserver, but I choose the solution from Kuroshin, where a BadReferrer is being created based on the spam URL.
Underscorebleach.net however, states that the .htaccess based solutions are part of an unwinnable race, as it takes hundreds of rules to keep up with the randomly selected spam URLs. We'll see if my .htaccess file can keep up...
The radio news yesterday reported that over 50% of all Belgian personal computer are infected with some form of spyware. I wonder if they mean 50% of all PCs running Windows, or 50% of the total amount of PC's, in which case the amount of infected Windows machines is even higher. Anyway, the figures are frightening.
Steve Gibson posted this link to a superb test of about two dozen top Anti-Spyware programs : Eric L. Howes conducted the test over a two-week period in October. The results surprised me: only 3 ASW programs had a 'batting average' of better than .500 when it came to eradicating the broad range of spyware in the test. Freeware star Spybot Search & Destroy came in a distant 7th with an average of only .376. The top three? Giant Anti-Spyware, Spy Sweeper, and Ad-Aware.
A guy from Microsoft has made a cool drawing: Since 1997, he kept all spam/virus received and was able to draw some kind of history. Some interesting things show up on the charts : spam went ballistic starting in 2002. You could see it growing in 2001, but 2002 was when it really took off.
A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft''s software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file.
At the same time, Microsoft has decided that future IE updates, including those related to security, will only be available to customers using Windows XP. This news.com article has the complete scoop. A choice quote: 'Microsoft may be turning the lemons of its browser's security reputation into the lemonade of a powerful upgrade selling point.'.
As allways, it's mandatory for Windows users to update regularly.
I was designing a website for a NPO, when I discovered that its layout sucked big time when seen in Internet Explorer. Turned out to be a bug in the CSS rendering of IE, but I surely lost quite some hours squashing the bug. Next time better take a look on this site about all IE bugs concerning CSS rendering.
Mail traffic is at an all time maximum here with the Swen/Gibe.F Microsoft mail worm. As the messages are 150 KB in size, a spamfilter solution as the SpamAssassin - Procmail combination isn't optimal as all mail is still being downloaded to my workstation. So I decided to fight the spam the place where it should be, and installed MailFilter, a nifty mail filtering program which even works for POP3 mailboxes.
There's a nasty security hole in Solaris'' sadmind daemon; an exploit has been released which targets a weakness in the default security settings of the sadmind RPC application, and which allows to call arbitrary methods in any class available to sadmind. It has been a busy week for Unix sysadmins : first an exploit in SSH, then a security hole in Sendmail, and now this sadmind hole.
But Windows has its share of the problem too : a new mail worm, called Swen/Gibe.F, is preying a flaw that Microsoft first disclosed in a March 2001. In fact, it's the first Microsoft worm which causes annoyances to me as a Linux user; the number of mails with subject Returned Response are really numerous here.