Wednesday, October 25, 2006

Firefox Tweak Guide updated for v2.0

Everything you wanted to know about customizing Firefox 2.0

The guide is designed specifically for those running Firefox on Windows XP, however most of the tweaks in this guide also apply to Firefox on other platforms.

Opportunity

We must not only strike the iron while it is hot,
we must strike it until it is hot.


- Tom Sharp

Tuesday, October 24, 2006

Firefox 2.0 released!

Edit: it's out now on the official site. Guess they felt ready . . .

For Windows, Mac OS X and Linux i686 platforms.

Get your new and improved Firefox now.

From the source:

Firefox 2.0 will be released Tuesday at 5PM PST.

Upgrade issues/questions
-Can't connect to sites after the upgrade? Check your firewall!
-When will the auto-update happen? (Don't know yet)
-Will it keep my bookmarks and settings? Yes. You can back up your settings to be sure.

What's new?
-Phishing protection - reports if websites are possible scams
-Session saving - if Firefox crashes, when you open it again, you get the option to restore your tabs and windows
-Web feeds - improved interface for web feeds, including the option to subscribe with an external program or service
-Spell checking - squiggly red lines under words you spell wrong
-Search suggestions - common search terms are suggested as you type in the search box

What's fixed?
-Memory leaks
-Searching a page now searches within text fields

Questions
-Does Firefox 2.0 still support Windows 98? Yes. Firefox 3.0 is the release that is planned to drop support for Windows 98.
-Does Firefox 2.0 pass Acid2? Firefox 2.0 is based on the same rendering engine as Firefox 1.5, and so it doesn't pass Acid2. Firefox 3.0 will include a new version of the rendering engine which is expected to pass Acid 2.
-How to I get rid of the close buttons on tabs (go back to how Firefox 1.x was)? Type about:config in the address bar, press enter, and set browser.tabs.closeButtons to 3.

IE 7 and Quickbooks

Got this today:

Dear Valued Client,

As your QuickBooks ProAdvisor®, I wanted you to know that Microsoft will soon be sending out an automatic update to Internet Explorer, replacing Internet Explorer 6 with Internet Explorer 7. This affects users of QuickBooks®: Simple Start, QuickBooks: Basic, QuickBooks: Pro, QuickBooks: Premier, and QuickBooks Enterprise Solutions.

I am recommending that you decline the Internet Explorer 7 upgrade if you are currently using any version of QuickBooks earlier than QuickBooks 2006 Release 8 or QuickBooks Enterprise Solutions 6, Release 8.

Intuit has posted more information for you at this link:

http://www.quickbooks.com/helpcenter/IE7ResourceCenter.aspx

This approach will make sure that you are able to continue to use QuickBooks without any interruptions of the user experience.


The quick skinny:

Microsoft will be adding IE7 to the Windows Update service on the second Tuesday of November. If you are enrolled in automatic updates, you will be upgraded at that time. My understanding is that you will have the option of refusing it, but don't count on it. If you use QuickBooks you should turn off Automatic Updates until this is settled out, use Manual Updates instead and uncheck the selection for IE 7.

It appears that pre-2006 versions of Quickbooks are not compatible with IE 7. Intuit has announced an upcoming fix for V2005, and they are staying "mum" about earlier versions. Possible that anything older than 2005 will not be patched.

If you have Quickbooks 2006, you need to update it to Release 8 - preferably before you install IE 7.

Monday, October 23, 2006

What's wrong with this install?

Before you click the link, how many serious problems can you identify with this installation?



(Yes, the linked site is promoting themselves, but the points they make are valid - if your alarm system looks like that, you should be concerned . . . )

One sick clippy

Would you like some help?

Learning Curves for popular editors

Learning Curves

RFID enabled credit cards storing your info in clear text?

CC company to customer: Those were lab draft editions of our new cards.

Private research to CC company: We ordered cards for ourselves as if we were normal customers for this test.

See the article:
http://news.com.com/Researchers+see+privacy+pitfalls+in+no-swipe+credit+cards/2100-1029_3-6128407.html

Excerpt:

" . . . in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder's name and other data was being transmitted without encryption and in plain text. They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150.

They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50.

And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. "Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?" Heydt-Benjamin, a graduate student, asked."

Friday, October 20, 2006

Adware, the future of gaming?

Really interesting article about another FPS game called SWAT4, with the latest patch from Vivendi, that includes targeted ads within the environment.

http://nationalcheeseemporium.org/

Note the workaround to prevent the game from talking to the ad servers.

Back to BF 2142, there is a good analysis coming very soon on what it does in the background regarding ad rotation while you play. I will post that as soon as it's done.

Thursday, October 19, 2006

IE 7 Vulnerability

That didn't take very long . . .

http://secunia.com/advisories/22477/

"Description:
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site."

Solution:
Disable active scripting support.

Note, this same bug has been unplugged since April 2006 in your old IE6.x as well . . .
http://secunia.com/advisories/19738/

At least it's not another remote code vuln.

Wi-Fi update for Windows XP SP2

Remember that Wi-Fi hack demo at the Blackhat conference a couple of months ago?

Quietly tonight, Microsoft released a really major update to help prevent that hack method. What's unusual about this release is that it includes new features, something normally reserved for add-on modules or service packs.

It's really part of a feature update to bring Windows XP into parity with domain policy features for the upcoming Windows Server 2003 Service Pack 2 . . . but it's much more than that, and in my opinion, an important update to install. I rather hope that Microsoft places this on their update site, but for now, you have to go the the KB article on the topic to get the patch.

IE 7 goes gold

Just a heads up. Internet Explorer 7 is official now.

http://www.microsoft.com/windows/ie/default.mspx

Wednesday, October 18, 2006

More on the game spyware fiaso

Update to my previous post about Battlefield 2142 . . .

Some serious problems being discussed over on HardOCP about the issue.

1) The advert company in question has responded, and just as I and others guessed, Geolocation by IP address is indeed how they have implemented their targeted ads for display within the game.

2) The warning about the "adware" is INSIDE the box, not outside. Buyers have to break the seal before they get full disclosure from EA, which makes it impossible to return the game to most retailers for a refund.

3) Worse, the Microsoft Critical Update MS06-051: ''Vulnerability in the Windows kernel could result in remote code execution'' breaks the game, and Electronic Arts is recommending UNInstalling that Microsoft patch.

I cannot stress this enough. DO. NOT. UNINSTALL. THAT. PATCH! The patch in question was released just this last August and blocks a very serious security vulnerability in Windows that is being actively exploited to introduce unpatched computers to several very nasty Trojans, key loggers and rootkits.

Please tell your friends. Tell your co-workers. Spread the word about this mess to other forums and gamers that you know. The hope I have is that if everyone makes enough noise, EA will release a patch that "fixes" this and removes the spyware.

Windows Vista EULA and DIY systembuilders, at odds?

Ran across this last week, and the more I think about it, the more concerned I get. I am one of those power users that is always tweaking the system, replacing key components with newer, better options on the same system. I also have been required to reactivate my XP system several times after making a major upgrade (network card replacements seem to trigger it every time), or after re-installing the system (same disk, same PID, same system but with newer mainboard).

An excerpt: "From past experience with Windows XP, a motherboard swap triggers a re-activation. I've successfully reactivated the same copy of Windows XP a number of times after a motherboard swap with no problem. But the above terms seem to indicate that the third activation will fail, meaning you, dear reader, get to feed the Microsoft machine more money.

Or not.

If anything could be calculated to drive the DIY community away from Windows, this would be it. As it stands now, reactivating after installing a new motherboard is a minor pain, but not a big deal. And what about when you need to swap out a motherboard simply because the hardware failed? Does that count as well?"


If I read the EULA correctly, this will not be a problem if I simply want to re-install Vista to the exact same hardware (good cure for massive rootkit or virus infections) nor should it be a problem if I restore a clean image to that same system. But if I upgrade key components in the future . . . what will happen?

Read the article, tell me what you think.

Spyware, now coming to a game near you!

Electronic Arts has shipped their newest game: Battlefield 2142.

I was pretty interested in this until I discovered how they will be implementing their controversial in game advertising.

A small slip of paper in the disk case reads:

"The software may incorporate technology developed by IGA Worldwide, the advertising technology. The purpose of the advertising technology is to deliver in-game ads when you use the software while connected to the Internet. When you use the software while connected to the Internet, the advertising technology may record your IP address and other anonymous information. That advertising data is temporarily used by IGA to enable the presentation and measurement of in-game ads and other in-game object which are uploaded temporarily to the your PC or game console, and change during online gameplay. The advertising technology does not collect personal or identifiable information about you."

Let's step back and analyze that with some knowledge of modern internet tracking technology. First, dynamic IP addresses more and more are geographically assigned by your ISP. If I enter my IP address into this search page, and click the "Find City" button (and it's just one site among many) it knows where I am within about a mile radius. It knows my ISP, my country, state, town, zip code and even the rough neighborhood in which I live. It's trivial for advertisers to use that info to target local ads to my game.

If I have a static IP registered to my name or business, it's almost as easy to know my exact address, and from that I can back-search to get my name, email, phone number, age, spousal status, land ownership records, driving habits, legal records, etc.

You getting worried yet? You should! This is classic spyware/adware at it's very worst. Even if they don't store the IP address permanently, (and who believes that?) they already know more than they should about you just from playing a game!

My advice, skip this one.

Updated news on this issue.

Sunday, October 8, 2006

OT: Warning - A Short Political Rant

Hasn't anyone else figured out that the entire Foley episode is another distraction? Given that certain leaders KNEW about the mans personal tastes and actions for YEARS in advance . . . and sat on the info, it should be obvious that they were saving the news for a rainy day. Just like a good poker player.



We need to be keeping a very watchful eye on the administration right now. Master-Gate is a distraction. It would be easy to state it's to distract us from the suspension of habeas corpus and other cancellations of the Bill of Rights in WA-DC, but I fear worse is coming, quietly, in the dark of night while the bright lights of the media focus on Foley, the likes of A N Smith, etc.




by Horsey on the Seattle PI

Thursday, October 5, 2006

Upcoming MS fixes on October 10

Found in my inbox today, one of the critical fixes coming October 10th will be for that nasty WebViewFolderIcon ActiveX to Windows Shell vulnerability that I mentioned last week.

********************************************************************
Title: Microsoft Security Bulletin Advanced Notification
Issued: October 05, 2006
********************************************************************

Summary
=======

On 10 October 2006 Microsoft is planning to release:

Security Updates

. Six Microsoft Security Bulletins affecting Microsoft Windows.
The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. Some of these updates will require a restart.

. Four Microsoft Security Bulletins affecting Microsoft Office.
The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.


. One Microsoft Security Bulletin affecting Microsoft .NET
Framework. The highest Maximum Severity rating for this is Moderate.
These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates may require a restart.


Microsoft Windows Malicious Software Removal Tool

. Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.

AV standards: out with the old, in with the new?

AV companies tend to rise and fall in effectiveness as often as the stock market. For some time now I have really come to rely on eTrust, a product by Computer Associates. I still like their corporate AV offering (and still loath their so-called "home" version.)



But there is a new leader in town called AntiVir, by Avira, and I have to say I was impressed during my testing, both in terms of AV protection / spyware prevention and in system resource usage (very low.) It's also been garnering praise in some security professional circles.



(Note that the score table on that site shows a combined result for traditional virus protection plus malware protection, although not all the products they list do both . . . the version of AntiVir they tested does both, the versions of eTrust they tested are AV only.)



It's "for sale" version includes both malware/spyware and AV protection. They also have a free for personal use edition that only includes AV protection - and it's not a limited time offer, but really free.



The free edition of AntiVir: http://www.free-av.com/



Antivir Personal (home) Premium edition: http://www.avira.com/en/products/antivir_personaledition_premium.html



Recommended.

AV FUD and Vista

"Windows Security Center is leveling the playing field and helping customers find more options for "protection."



More technical details on kernel protection.



What I find frustrating is that products like (cough - certain really big AV firms)disable alerts from Windows Security Center (and if you uninstall their product, they generally fail to re-enable it.) thus preventing the end user from ever seeing the several other, excellent - and free - choices for AV protection presented by the WSC. None of which, by the way, are a Microsoft product . . .

Tuesday, October 3, 2006

Like watching a train crash . . .

This is a slightly sped up video of a computer being massively infected. The infections are real, some of the special effects are dramatized (but based on real events). You can thank SiteAdvisor (recently acquired by McAfee) for the video.