<![CDATA[[SecurityRatty] tag: features]]>

<![CDATA[[SecurityRatty] tag: features]]> http://securityratty.com/tag/features Thu, 07 Aug 2008 17:12:09 +0000 iRatty Engine http://blogs.law.harvard.edu/tech/rss <![CDATA[Understanding Exchange Server 2007 backup and disaster recovery]]> http://securityratty.com/article/0780ce29b09fe9cacc5246f32439f83d http://securityratty.com/article/0780ce29b09fe9cacc5246f32439f83d ]]> Wed, 20 Aug 2008 06:12:57 +0000 exchange server exchange disaster recovery backup restore data features tools reliably Understanding Exchange Server 2007 backup and disaster recovery <![CDATA[KidsGoGoGo 12.6]]> http://securityratty.com/article/2b4df93e1eb2352874574ff2810d792f http://securityratty.com/article/2b4df93e1eb2352874574ff2810d792f Mon, 18 Aug 2008 20:00:00 +0000 kidsgogogo set time restrictions odd feature execution block web access parental control parental controls complement mac web browsers uneasy KidsGoGoGo 12.6 <![CDATA[Follow Windows 7 Engineering]]> http://securityratty.com/article/00030fea89f556b799e34f490dcb2463 http://securityratty.com/article/00030fea89f556b799e34f490dcb2463 Engineering Windows 7 blog, hosted by two senior Microsoft stars, Jon DeVaan and Steven Sinofsky. A two-way discussion probably doesn't mean they are taking orders for features, but they will listen to concerns of the technical community and respond to them publicly. They specifically ask for topic suggestions (I've already sent one in). Not too many years ago this sort of thing was unthinkable at Microsoft, but it's been moving steadily in this direction.]]> Thu, 14 Aug 2008 16:54:49 +0000 microsoft senior microsoft stars windows two-way discussion discussion two-way topic suggestions jon devaan deliver software Follow Windows 7 Engineering <![CDATA[When turning updates off really doesnt]]> http://securityratty.com/article/ad6bfd3501bc1cd24c641aab64e8f592 http://securityratty.com/article/ad6bfd3501bc1cd24c641aab64e8f592 In any business dealings, if you cant trust the company to do what they say they will do,
You go elsewhere right?
Its your decision. Not in this instance folks.

clipped from windowssecrets.com

You’ll get a new Windows Update, like it or not

This time, Microsoft is being more up-front about its forthcoming
refresh of Windows Update. For example, product manager Michelle Haven described in a
blog post on July 3 some new features that the upgrade will add.

The new version will reportedly reduce the time WU takes to scan for and send out new updates. In addition, if you use the online version of WU, and you click an update for more information, the new version will offer you more links with additional details.

But the Redmond company hasn’t changed the wording of the Control Panel settings that appear to prevent Windows Update from performing silent downloads — but don’t.

In light of these potentially misleading controls, a few tricks on managing Windows Update are just what the doctor ordered.

]]> Thu, 14 Aug 2008 09:31:32 +0000 windows prevent windows online version version redmond company company product manager michelle control panel settings additional details When turning updates off really doesnt <![CDATA[Should you upgrade to SQL Server 2005 or SQL Server 2008?]]> http://securityratty.com/article/e8d91351b302bdfefcce3a25859786bf http://securityratty.com/article/e8d91351b302bdfefcce3a25859786bf ]]> Thu, 14 Aug 2008 06:50:07 +0000 sql server upgrade skip sql server sequential upgrade path considerations include lack thereof follow benefits options Should you upgrade to SQL Server 2005 or SQL Server 2008? <![CDATA[How to find new features in Snort 2.8.2]]> http://securityratty.com/article/fe33e25317f908d2169f6fd17dec86fa http://securityratty.com/article/fe33e25317f908d2169f6fd17dec86fa ]]> Mon, 11 Aug 2008 06:34:39 +0000 snort interpret snort snort brings features snort features conf configuration file release release notes customer sites How to find new features in Snort 2.8.2 <![CDATA[VoIP service selection: MPLS, VPLS or Metro Ethernet?]]> http://securityratty.com/article/9ea983088e5ca058fa656eaf3f126644 http://securityratty.com/article/9ea983088e5ca058fa656eaf3f126644 ]]> Sun, 10 Aug 2008 19:30:03 +0000 metro ethernet reliable voip connections voip network requires metropolitan ethernet vpls mpls deliver connectivity specific infrastructure lan service VoIP service selection: MPLS, VPLS or Metro Ethernet? <![CDATA[Java Droppings On My PC]]> http://securityratty.com/article/5f26c7873099213ae4ab937b0047f49f http://securityratty.com/article/5f26c7873099213ae4ab937b0047f49f one of the most wasteful programming practices we PC users suffer from: Sun's Java update program. If you've been using and updating Java for a while and you check Add/Remove Programs (Programs and Features on Vista) you'll see more than one copy of Java installed. Susan's PC shows quite a few, a situation I've seen myself in the past. When you install an update, Sun leaves all of the previous versions on the system. If I remember correctly, the rationale for this is that there may be applications on the system that require that version of Java, but this seems like a thin basis on which to leave 136MB of useless stuff on the computer. And is Java really that vulnerable to version dependencies? So if I install a new system with a new copy of Java the app won't work because it required last week's version? Susan is right, this is something that Sun needs to fix. We complain about a lot of other companies, we need to put some heat on Sun.]]> Thu, 07 Aug 2008 18:35:28 +0000 java sun sun leaves version dependencies check addremove programs programs version susan system Java Droppings On My PC <![CDATA[Java Droppings on My PC]]> http://securityratty.com/article/73f8644cded5a45f56ca3c1938cadb54 http://securityratty.com/article/73f8644cded5a45f56ca3c1938cadb54 one of the most wasteful programming practices from which we PC users suffer: Sun's Java update program. If you've been using and updating Java for a while and you check Add/Remove Programs (Programs and Features on Vista), you'll see more than one copy of Java installed. Susan's PC shows quite a few, a situation I've seen myself in the past. When you install an update, Sun leaves all of the previous versions on the system. If I remember correctly, the rationale for this is that there may be applications on the system that require that version of Java, but this seems like a thin basis on which to leave 136MB of useless stuff on the computer. And is Java really that vulnerable to version dependencies? So if I install a new system with a new copy of Java, the app won't work because it required last week's version? Susan is right, this is something that Sun needs to fix. We complain about a lot of other companies; we need to put some heat on Sun.]]> Thu, 07 Aug 2008 18:35:28 +0000 java sun sun leaves version dependencies check addremove programs programs version susan system Java Droppings on My PC <![CDATA[Automated Spim on Microblogging Site Via MSN Messenger]]> http://securityratty.com/article/e5a1fb1ee8285e5dda0e9ae590ea20f2 http://securityratty.com/article/e5a1fb1ee8285e5dda0e9ae590ea20f2 Twitter coverage recently, but it's worth noting that other countries have their own versions of Twittering and some of them have seem to be a little easier to use in conjunction with Instant Messaging, whereas Twitter still seems to have a need for third party services, add-ins and other tools to get the job done if the service used is something other than Google Talk, Livejournal Chat or Jabber (if it's now more straightforward for other clients too, please let me know!)

Either way, the below illustrates why adding Instant Messaging features to services such as Twitter can cause problems in the long run and needs to be considered carefully.

We were alerted to the fact that a large amount of Spam seemed to be coming out of China in the last day or two (indeed, one contact mentioned to me that this particular message had been sent to their Honeypot around 29,000+ times, which is a lot of spamming for one URL however you look at it). The spam in question seemed to have been sent via a Spambot, and the only mentions of this URL so far in search engines seems to be related to China - shall we take a look?

The URL in question (with part of it redacted) is

http: //5834******/ ;)

You'll notice the spam is short, snappy and also includes a little smiley-face thing at the end. In fact, it looks a little bit like the kind of link people send to their contacts on Twitter, doesn't it?

Well, let's see - a quick search and we find this:

Click to Enlarge

A page from Fanfou.com, which I believe is a Chinese site "inspired" by Twitter with much of the same features and functionality. In fact, it has one feature working straight off the bat that Twitter users previously had to rely on plugins for - the ability to send messages to their page via MSN Messenger updates.

http: //5834****** doesn't actually resolve anywhere - however, a quick Ping to that address and we have an IP:

Click to Enlarge

Type the IP address into the browser, and via some geolocational technology, you'll see a region specific version of the following dating website:

Click to Enlarge

Go back to the page on Fanfou.com, scroll down and select any of the clickable links and surprise - the same page appears. This particular account on Fanfou has something like 30+ pages devoted to endless Spim links via MSN. They link to placeholder pages, sites that look as though they've been suspended and / or deleted with no way to determine what content was there previously - all interspersed with "Twitter" style messages throughout such as this:

Again, note everything is coming via MSN. By this point, you're probably wondering exactly how they allow you to send messages to their Twitter-style pages. Well, the solution is quite clever - check out the IM page. You enter your MSN address, and when you login to your MSN account, you'll suddenly find you have a new IM buddy who wants to be a contact:

Add it, and whenever you want to put a message on your page, send it an instant message and, lo and behold, your Tweet-style message has appeared on your page:

Click to Enlarge

In conclusion, the steps here appear to be

1) Create a Spambot that infects users via MSN Messenger
2) Tailor the messages it sends to be short and sweet, just like a Twitter-style message
3) Set up an account on a service such as Fanfou.com that makes it easy to send messages to your page via MSN Messenger (or other IM services affected by your bot)
4) Infect the PC running your MSN Messenger account then watch as it spams the userpage with whatever messages you want it to send.

Of course, the links can be anything from dating sites and ringtone adverts to infection files and exploits - all made so much more easier (and far less time consuming than manually typing in URLs to your userpage) by the functionality built into the site you happen to be using. It's also worth noting that the accounts sending the Spim don't have to be set up by the spammer - they could be compromised accounts that had been hijacked when clicking a rogue IM link, which is a great way of filling out the spamming ranks very quickly.

This is definitely something Twitter - and any other site out there involved in microblogging - need to keep an eye out for, and consider carefully when thinking of adding integration with popular Instant Messaging clients.

We detect the file sending the weblinks via MSN as Foubot.

Research and Writeup: Christopher Boyd, Director of Malware Research
Additional Research: Chris Mannon, Senior Threat Researcher

]]> Thu, 07 Aug 2008 17:12:09 +0000 msn messenger msn message msn messenger account twitter-style message account msn account twitter-style pages pages Automated Spim on Microblogging Site Via MSN Messenger