WhistlinDixie

And You Thought That You Were Safe

Just recently, Morgan Quitno posted his 12th annual America’s Safest (And Most Dangerous) Cities report. Even if it is not the most up to date (it was based off of crime statistics from last year), it is still considered to be the most accurate and all encompassing such compilation out there. You might assume that cities such as Chicago would be right up there, but you would be wrong. In the top five are Detroit (2) and Flint, MI (4), where my college is located. Surprisingly, three Ohio cities made the top 25: Cleveland (12), Dayton (17), and Cincinnati (20). On the list of the top 10 most dangerous cities with populations greater than 500,000, Columbus was ranked 7. (Detroit was number 1.) On the list of the top 10 most dangerous cities with populations between 100,000 and 499,999, Flint, MI was #2, Cleveland #9, and Dayton #10. In the list of top 10 most dangerous cities with populations between 75,000 and 99,999, Canton, OH came in at 6 and Youngstown, OH at 7. The one high point for Ohio was the number 19 ranking for Parma in the top 25 safest cities in the US.

A little bit of crude "statistical" analysis on my part revealed a disturbing bit of information: Ohio might be the most dangerous state to live in in the US! How did I arrive at this conclusion, you ask? Well, I simply counted each occurrence of all of the states in the US on each list. A state got a plus one for having a city on the safe list, minus one for having a city on the dangerous list. Some cities were counted twice since they occurred on both the overall chart and one of the population specific ones. Using this method, Ohio got a minus 7. The safest state from my analysis was California, with a rating of plus 10, followed closely by New York, with plus eight (no negatives, either). I realize that this is a very crude method to use, but considering the fact that I don’t have access to the actual crime stats and that I don’t feel like trying to assign weights to different rankings and categories, it is the best you’ll get out of me.

You Call This Security

A few days ago I was browsing the Data Security site on the UPS intranet. I was doing this not because I was bored, but because I had to fix some dead links on our department’s internal website. When I went to log into one of their password reset forms to see if it was what I was looking for, the page broke on me. Basically, stuff got displayed that was not supposed to be. Anyway, I decided to look at the source code for the page to see if I could figure out why it was so screwed up. What I saw was surprising: my full name, address, phone number, birth date, first date of employment with UPS, SSN, and other bits of sensitive personal information. I can understand why you would need to access some of this data on the server to authenticate my login, but there is no reason whatsoever to send this to the client. This is the kind of information that any security person would tell you that you should not enter on a website, especially one where you don’t have a secure SSL connection (signified by a little padlock icon in the browser). Anyone who happened to capture the packets from my transmission could easily reconstruct the web page and see all of that personal information. Not only that, but anyone, including you, could have caught those packets. I think that they should reconsider their department name.

If you read my last post or have been paying attention to tech news this past week or two, you should have heard about the rootkit included on some Sony-BMG audio CDs marketed as copy protection software. This rootkit hides all files and registry entries that start with $sys$. I mentioned in my last entry how a crack has already been released for Blizzard’s MMORPG World of Warcraft. Now, CNN reports that a virus, named Stinx-E, has been created that takes advantage of the cloaking provided by the copy protection on the Sony-BMG CDs. The real kicker is that currently, no virus scanners or spyware scanners will detect the virus since they cannot see it. I must say, it looks like Sony is going to get hit hard for their little trick.

The Magical Dying Links

I pity the fool who bookmarked anything on my site other than http://www.kettering.edu/~lieb3331/. Why, you ask? It is because I just renamed all of my pages to have the extension of html instead of the htm that I had been using. I did this because I was migrating the site to the Apache server that is running on my laptop and I didn’t feel like reconfiguring it so that it would default to loading htm pages. While I was doing this, I realized that in a recent site-wide change I had destroyed my photo galleries. They are now fixed, so you actually see pictures now and can navigate around in it.

Speaking of photo galleries, I recently ran across a really neat photo gallery application. I am going to try implementing it on my website to replace my rather boring format that I am using right now. If it ends up being to my liking, you’ll get a chance to see it. If you want to see the gallery in action, check out its maker’s photo gallery.

BEWARE! Malware Being Distributed As Copy Protection Software

Watch out! Sony-BMG has been releasing CDs for about the past year that have a rootkit built into them. Not only that, but they don’t tell you that they are installing it, it is known to cause computers to blue screen, and is nearly impossible to remove without completely reinstalling Windows.

OK, backtrack a little bit. I’m sure that you don’t have a clue as to what a rootkit is. I’ll try to explain, but they are pretty complicated.

Every operating system has a kernel, which is the that the user interface uses to communicate with the hardware. It is a little hard for Windows users to understand since Microsoft markets Windows as just an operating system, even though it is so much more. On the other hand, Linux and Unix users will know what it is since Linux is really just the kernel and other programs, like the command line shell bash and the desktop environment KDE, run on top of it. Anyway, every piece of software on the computer communicates with the hardware (hard drive, memory, etc) by making calls to the kernel, which then performs the correct instructions to make the computer do the task. The only reason that the Windows kernel should ever be modified is if a major patch is released. Other than that, the kernel should never be modified since it could cause instability.

A rootkit, however, breaks this rule: it modifies the kernel. One of the things that rootkits most commonly do is modify the code that reads the directory structure on your computer and the registry. This might sound harmless at first, but think again. By doing this, the maker of the rootkit can hide whatever they want to on your hard drive or in your registry, and you’ll never know it because you won’t be able to see the file or registry entry. For a more detailed description of what a rootkit is, you can either listen to or read Episode 9: Rootkits from the Security Now! podcast, hosted by Leo Laporte of This Week In Tech and G4’s Call For Help and Steve Gibson of Gibson Research Corporation.

This story was originally published on the SysInternals blog, which is written by Mark Russinovich, on Monday. It ends up that Sony-BMG licensed copy protection software from First 4 Internet called XCP, that uses a rootkit. It is installed when you agree to the EULA that displays when you insert the CD into your computer. The rootkit that it installs cloaks any files or registry entries on your computer that start with the string $sys$. You can’t even get around the rootkit by starting in safe mode because it marks itself as a safe mode driver. It is possible to find the files that are cloaked by using a program from SysInternals called Rootkit Revealer. However, this rootkit has evil intentions. If you try to delete these files (easily done if you know that they exist), your CD-ROM drive will disappear from Windows. It can be restored, but it is not an easy process. A longer discussion on this rootkit can be heard or read in Episode 12: Rootkit DRM of Security Now!

Mark of SysInternals revisited the topic today. In Sony’s EULA, they say that their copy protection software can easily be removed. Ha! That’s a good one. To remove it, you must first go to Sony-BMG’s website and request the uninstaller. They email a link to you that leads to a web page where you can download a service pack to XCP. However, this service pack is the only way to uninstall it. When you start the installer, you must decline to EULA, which will trigger the uninstaller. However, the uninstaller is itself flawed. It is impossible to reliably remove a rootkit while Windows is running, due to the way that it interacts with the kernel. When you attempt to unload the rootkit, you could very easily blue screen your system. Too bad that First 4 Internet was too incompetent to know this. Then again, what should you expect from a company that relies on a poorly written root kit to implement copy protection. What’s even worse is that Sony-BMG refuses to admit that they are using DRM technology that utilizes a rootkit.

Remember when I mentioned that the rootkit masks all files and registry entries that started with $sys$? This allows anyone to plant files on your computer that start with the same string and have them hide from you. Already, a crack has surfaced that allows players to circumvent the anti-cheat facilities in Blizzard’s MMORPG World of Warcraft. Also, every time that you insert the CD, a program on it "phones home" to Sony-BMG, which is a security risk in and of itself.

I don’t know about you, but after learning all of this, I can say that I am going to stay away from Sony-BMG for a while, and any other copy-protected CDs. It just isn’t right to buy a CD only to learn that you basically have no rights to use it. They dictate that you can make X number of copies, you can only listen to it on a computer using our built-in player, you can’t rip the songs yourself in any format you want, but we do offer (crappy) 128 kbs MP3 versions of these on our website that you can only download if you have the original CD in your CD-ROM drive, etc. What ever happened to fair-use? Doesn’t sound like you own the music, now does it?

What’s even worse is that what Mark Russinovich did was illegal under the Digital Millennium Copyright Act. What was illegal about Mark getting a rootkit off of his system, you wonder? It is because it is considered circumventing copy protection. For doing that, he could be taken to court. What is wrong with this picture? Pretty soon, every music manufacturer could start putting "copy protection" on their CDs that phones home or puts ads on your computer, and you could not legally do a thing about it due to the DMCA! The music industry is doing all of the wrong things to try to get people to actually buy music instead of illegally downloading it from P2P services such as KaZaA, Shareaza, and BitTorrent.

In The Presence Of A Big Wig

Yesterday, I got to take part in a UPS/Kettering University open house-type event. Kettering decided that they wanted to try to attract more Chicago-area high schoolers to go to Kettering by showing them that they could go to Kettering and still co-op in the Chicago area. In addition to having co-ops from CACH (Chicago Area Consolidated Hub), the facility that I work at, there were also co-ops from Bosch and Argonne National Laboratory in attendance. In addition to that, we also had Dr. Stan Liberty, the president of Kettering University, and probably half of the VPs from Kettering, plus the Corporate VP of Engineering from UPS! Talk about star-studded.

I got a chance to talk to him a little at the end. I was surprised to find out that when he started at UPS, he was a truck driver. In twenty years, he has managed to climb all of the way to a VP. I was amazed. Over that time, he held some very important positions, including being the head of Industrial Engineering for half of the US.

I also got to meet Mike Ciavilla (probably spelled his last name wrong), who is head of Operational Excellence at CACH. His job, from what I understand, is to refine the processes that we go through. So, he is responsible for everything and nothing, all at the same time. He tried to explain a project that he hoped that the Technical Support Group (TSG) Systems Group would tackle in the future. Currently, sort supervisors have to show up to work about two hours before their shifts starts so that they can pull reports from different systems and prepare the information for pre-sort meetings. He wants us to come up with a web app that will automate the whole process for them so all they have to do is log on to the web page and it will have already pulled all of the reports for them before they arrived so that they can work shorter days. All I can say is that I’m glad that he specified that I would not be asked to work on the project. Sounds like something that will end up being assigned to Ray, our most experienced and only full time developer. (The rest of us are all co-ops, interns, and temps.)

Lies, They’re All Lies!

If you haven’t done so already, check out Google Moon. At first, its features may seem a little sparse compared to Google Maps/Google Earth. After all, using either of the latter two services, you can view road maps, do local searches, and plot driving directions. Google Moon, on the other hand, only has satellite images. But, hey, it’s the moon. Who doesn’t want to see the moon in all of its desolate glory? It even has multiple zoom levels of detail. Not only that, but I learned something from Google Moon that totally contradicts everything that I learned in school: The moon is made of cheese! Don’t believe me? Go to Google Moon and click the highest zoom level and see for yourself.