New trojan email attempt?

I don’t really have time today to look into this but an email made it through spam filters purporting to be an animated “card” from some model on Adult Friend Finder. The file attached as a zip file. I’m sure there is something fun inside and I’m sure it will be infectious. Hope someone else can dissect this and let the world know.

Generative Internet

Applying this framework, the Article explores ways — some of them bound to be unpopular among advocates of an open Internet represented by uncompromising end-to-end neutrality — in which the Internet can be made to satisfy genuine and pressing security concerns while retaining the most important generative aspects of today’s networked technology.

Zittrain, Jonathan, “The Generative Internet” . Harvard Law Review, Vol. 119, 2006 Available at SSRN:

Professor of Internet Governance and Regulation
Oxford University
Oxford Internet Institute
1 St Giles
Oxford OX1 3JS,
United Kingdom
+4401865287210 (Phone)
+16175880201 (Fax)

Filed in Non Sequiter, Rights Online, spyware | Comments (0) | Permalink

Sending your IM logs to Tech Support

I ran into an awkward situation the other day while debugging an issue with my PDA synch software. I’m in a unique situation where I have an older Windows Mobile based PDA but I’m using a Powerbook for my main computing needs. The two don’t play so nicely together however certain software vendors like MarkSpace pick up the slack with middleware. “The Missing Sync” allows me to bridge this gap and synch the MS hardware with OS X software. I ran into an issue when I inadvertently upgraded to a non-free version (They moved on to 3.0 but I’m content with 2.5 I paid for last year) and while it was giving me errors I decided to try to open an automated tech support ticket. The dialog box that came up notified me that system information was being sent and there was a button to review what would be transmitted. Training with the Stopbadware group made me curious and I pressed the button.

What I saw was unsettling and I’m still trying to determine who is “at fault”. Amid the lines of system diagnostic info was my IM conversations for the last few days. Nothing incredibley personal but nothing that I really wanted the Tech Support Rep at Markspace to read. Definitely nothing that would help them solve any of my PDA synch issues. I realized that the tech support application simply pulled the entire console.log file from my computer which Growl (an increasingly popular notfication app) had been logging my IM conversations to. By default Growl will log every IM, sign on, etc that is shown to console.log.

growl preferences panel
Note that in this picture I have changed the default away from console.log.

I’m really not sure who should change here. Should Growl stop logging to console.log by default? Should MarkSpace stop pulling the entire console.log file? Who else is doing this as part of their tech support procedures? At the very least users of Growl should change this setting until the dust settles. I’m still in communication with MarkSpace and can say that they are responsive and now very aware of this issue.

MediaDefender caught in entrapment scheme

MediaDefender is a long time “enforcement” agency of the MPAA. Recently they were caught setting up a fake online video site (think YouTube for pirated movies) and now claim the site was only an internal project and that they were the victims of libel. The site was taken down amid controversial blogging and coverage from geek portal Shortly afterwards the DNS registrations were also wiped clean. Ars Technica reports that the site also offered a software package that was purported to “increase download times” but instead “performed searches of the user’s computer for other illegal software and reported its findings back to MediaDefender.” That kind of behavior definitely falls under spyware no matter how noble the intentions are supposed to be. Companies like MediaDefender have already toed the line of what is permissible under law by stalking children and students through networks like bittorrent and now seem to be developing technology to search their hard drives without consent. If anyone has a copy of the software I would be extremely interested in taking a look at what it does and reporting on it.

screenshot of miivi offering commercial movies for download screenshot of MediaDefender offering commercial movie downloads

miivi dns registration screenshot of DNS registration before MediaDefender altered it

Fake Torrents List 5/2007

For realtime updates check Fenopy Fake Finder:

These torrents and trackers are reported as fake and setup by the MPAA and RIAA or their affiliates. Any network data recorded by them bearing your IP address could lead to legal action. It may be advisable to block all traffic with fake trackers at your network borders.

” title=”” target=”_blank”>

Great Reading List on Web Exploits

I was reading up on inet-lux and found a great blog post in spanish which provides a must read references list. I ended up here reading about a java based botnet tool I found while researching appeals today. I hope to have more on that later but have not had time to decompile it. Anyone want to donate an IDA Pro license?

Microsoft Security Bulletin MS06-014
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

Microsoft Security Bulletin MS03-011
Flaw in Microsoft VM Could Enable Compromise System (816093)

Microsoft Internet Explorer Javascript Window () Vulnerability:
Microsoft Security Bulletin MS05-054
Cumulative Security for Update Internet Explorer (905915)

Microsoft Security Bulletin MS06-006
Vulnerability in Windows Average Player Plug-in with Non-Microsoft Internet
Browsers Could Allow Remote Code Execution (911564)

Mozilla Foundation Security Advisory 2005-50
Exploitable crash in pareTo (Firefox, Mozilla Suite)

Microsoft Security Advisory (917077)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution

Microsoft Security Bulletin MS06-006
Vulnerability in Windows Average Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)

IE ms-its: and mk: @MSITStore: vulnerability:
Microsoft Security Bulletin MS04-013
Cumulative Security for Update Outlook Express (837009)

– [2]:


Badware- Jessica Simpson Screensaver

The good folks at have released some interesting new reports about the current crop of spyware. Team Taylor Made’s Jessica Simpson Screensaver does a little more then entertain you while your computer is idle. It disables your AV, redirects your URLs, and even has a stealth dialer to rack up charges to your phone bill!

There is some interesting research going on here and it will become more interesting when they begin looking at some of the crackz/warez web sites which install lots of fun things via IE holes.