WhistlinDixie

Net Neutrality

A bill (H.R. 5252: the Communications Opportunity, Promotion, and Enhancement (COPE) Act. Analysis of COPE.) that all but creates a multi-tiered internet has passed the House of Representatives and is on its way to the Senate. Why should you care? Well, because a multi-tiered internet can stifle innovation and hurt your experience on the internet.

The bill originally had an amendment that insured net neutrality, which would make sure that all internet content providers are created equal. This amendment was backed by many providers of internet content, such as Microsoft, Google, and Yahoo. This amendment was voted down a few days ago, basically setting the stage for a multi-tiered internet.

Top level service providers (the guys who control the infrastructure that the internet runs on) and telcos have been the driving force ($$$) behind the removal of the net neutrality amendment from COPE. They say that in order for the infrastructure to be improved, they need to get more money. They want to charge the content providers instead of the consumers. The thing is, the content providers are already paying out the butt for all of the bandwidth (a resource consumed by pushing and pulling data over a network, such as the internet) that they consume on a daily basis serving content to consumers. Without the net neutrality amendment, the telcos and top level service providers are able to charge the content providers twice for services that they are already paying for.

Another consequence of COPE is that it allows telcos to prioritize traffic. This also can create a multi-tiered internet. Under the system that this bill creates, the content providers with the most money will get higher priorities on the internet when it comes to delivering content. Basically, it artificially speeds up the connection between a client and a server if you have the money, or artificially degrades the performance of said link if you don’t. If two servers, each run by a different company, have the same bandwidth available to them, the server who’s owner pays the telcos more money will have the traffic to his server get a higher priority over the traffic to the other server. The telcos say that traffic prioritization is important to providing future services, such as Voice Over IP (VOIP) and Internet Television (IPTV), which function better if they are given a higher priority. (What doesn’t perform better when given an unfair advantage? Barry Bonds sure is better when he’s on steroids and everyone else isn’t, but that’s another rant.)

All of this inevitably leads to an internet where only the rich corporations can provide a satisfactory experience to end-users. The days of innovation by individuals and small start-ups on the internet could be quickly coming to an end. If COPE had been passed into law just a few years ago, think about what the internet might be like now. Google could have shriveled up and gone away because Microsoft and Yahoo could have afforded higher prioritization, leading to Google perform badly and, subsequently, loosing its user base and going out of business. We would still all be using MapQuest to get maps because no one would have gotten the idea to apply AJAX to maps to create Google Maps (which drove Microsoft and Yahoo to create Live Local and Yahoo Maps, respectively). Innovative web apps and social networking would have never taken off (say goodbye to Facebook and MySpace. (Really, MySpace should just go away. Talk about the cesspool of the internet. It makes my eyes bleed just thinking about it.))

All in all, I think that COPE is a horrible idea. I’m sorry to say that my Representative, Bob Ney (R), voted Yea for this bill. (Voting results for H.R. 5252.) If your representative voted Yea for this bill, please help by giving him an earful about the mistake that he made. I’ve done my part. Now it’s time for you to help preserve the free, unified internet as we know it.

Edit: I found this article on CNN about net neutrality, written by the creator of Craig’s List.

Don’t Touch That Remote

It looks like electronics manufacturer Philips may have just found the perfect way to mess up cable TV, more so than the broadcast flag. They have patented a system that will force you to watch commercials.

Uhh… you can stop rubbing your eyes now. It’s not healthy to rub your eyes so hard in disbelief.

What Philips has proposed is a flag that networks can mark television shows with that will prevent you from changing the channel on your television during commercials. Want to check out the football game on FOX while the game on CBS is having a commercial break? Well, too bad with Phillips’ new system. You’ll just have to sit there and watch them. Even worse, those of you with DVRs (digital video recorders), such as TiVos, could loose the option to fast-forward through commercials on content that you have recorded.

What is funny is what Philips is using for their defense. They are claiming that the content providers that broadcast content with this flag will be the ones that should receive most of the blame. They are only the enablers. Funny, providers of peer-to-peer software, such as Kazaa and Morpheus, have been arguing the same thing. Their problem was that they had no clout with the government, unlike Phillips.

All I can say is that I hope that this dies a quick and painful death. If it doesn’t, then I wish bankruptcy and total destruction upon Royal Philips Electronics and all of the networks that choose to make use of this ability.

[sigh] We Can Breathe Again, At Least For Now

As of 5:00 pm Eastern time today, Microsoft has a patch available through Windows/Microsoft Update to fix the Windows Metafile vulnerabiliy that I mentioned on Monday. Once you have installed the patch from Microsoft, you can go ahead and uninstall the patch from Ilfak Guilfanov by going to Add/Remove Programs and uninstalling the entry "Windows WMF Metafile Vulnerability HotFix"

I am slightly surprised that we are seeing this patch so quickly. Initially, Microsoft stated that it would not release the patch until "Patch Tuesday", the second Tuesday of each month, so that the patch could get plenty of QA testing. Microsoft has subsequently stated that after discovering this vulnerability, they are going to delve into their proprietary standards to check if similar "features" were included in other Microsoft file formats.

Also, over the past few days, a few problems have been discovered that were caused by the patch from Ilfak. The biggest problem is that it has created printing problems for some people, mostly if they are using networked printers. The only reason that this should be happening is because the printing is relying on the fallback "feature" built in to the Windows Metafile format that Ilfak’s patch disabled.

Microsoft: Does Intelligent Life Exist In Redmond?

Security Alert!!! A new zero-day vulnerability is being exploited in the Windows Metafile format on the Microsoft Windows platform.

Right before New Year’s Eve, a series of viri were discovered circulating on the Internet that can infect your computer without requiring you to do anything. That’s right, you can get these viri by just having your computer connected to the Internet. These viri take advantage of a very stupid "feature" that is in the Windows Metafile (WMF) image format. All versions of Windows produced from 1991 to the present (apx Windows 3.0 to Windows XP and Windows Server 2003) are effected by this vulnerability. Microsoft currently endorses a workaround that involves the user unregistering a DLL, but this workaround is basically worthless since it only shuts down one avenue that the viri can use to exploit this vulnerability and also breaks the thumbnail display feature in Windows. A much better solution is a small program written by Ilfak Guilfanov and improved with the help of Steve Gibson. You must install the program and reboot your computer for the fix to work. It should shut down every avenue that the viri can use to exploit this vulnerability. The only downside to this patch is that it only works for Windows 2000 and up (sorry Win95 and Win98 users). When Microsoft comes out with an official fix for this vulnerability, you can then uninstall this program. I highly recommend installing this small program due to the extreme ease of contracting one of these viri. Just to give you an idea of how easy it is to get one of these viri, many security experts have infected themselves with these viri without even realizing it.

A little more detail: Most popular graphics formats in use on the Windows platform are raster-based formats. This means that the image is stored as a bunch of individual pixels. Formats such as BMP, GIF, PNG, and JPEG are raster formats. Another type of graphics, vector graphics, are stored as a series of instructions for the program to execute and draw. For example, the file might specify that a black line should be drawn from one point to another, then a red rectangle should be drawn with a set of points for vertices. These images are scalable and generally can be stored in less space, but do not handle real life images. Examples of vector graphics formats are SVG and WMF.

When Microsoft designed the WMF format back in the early nineties, they decided to allow the graphics file to contain program code that would be executed if an error occurred when the drawing instructions in the file were being executed. It might have seemed like a harmless and somewhat useful feature back in the trusting days of computing before the Internet. However, it is now being used as a very easy way to execute arbitrary code on your computer. All you have to do to activate the code is to view the infected image. What makes it even worse is that the image could be masquerading as something other than a *.wmf file. Many of the viri are hidden in GIFs. The virus could be executed by simply viewing a web page that has one of these bad graphics on them. A MSN Messenger version of the virus is also circulating that would infect you the second that you get an IM containing the tainted image. Also, it has been proven that just having the image on your computer without viewing it could lead to you getting infected due to certain content indexers that you might have running on your computer, such as Google Desktop Search.

This is a zero-day vulnerability, meaning that it was exploited before it was discovered by either Microsoft or an external security firm. Microsoft is currently working on a patch for this vulnerability, but they are fighting an uphill battle since almost 100 viri have been discovered to date that exploit this vulnerability. For this vulnerability, you should NOT rely on your anti-virus software to protect you since new variants are being released almost constantly. You can learn more about this vulnerability by listening to the first part of episode 20 (audio – transcript), the episode 20 extension (audio), and by reading the episode 20 show notes of the Security Now! podcast hosted by Leo Laporte and Steve Gibson.

You Call This Security

A few days ago I was browsing the Data Security site on the UPS intranet. I was doing this not because I was bored, but because I had to fix some dead links on our department’s internal website. When I went to log into one of their password reset forms to see if it was what I was looking for, the page broke on me. Basically, stuff got displayed that was not supposed to be. Anyway, I decided to look at the source code for the page to see if I could figure out why it was so screwed up. What I saw was surprising: my full name, address, phone number, birth date, first date of employment with UPS, SSN, and other bits of sensitive personal information. I can understand why you would need to access some of this data on the server to authenticate my login, but there is no reason whatsoever to send this to the client. This is the kind of information that any security person would tell you that you should not enter on a website, especially one where you don’t have a secure SSL connection (signified by a little padlock icon in the browser). Anyone who happened to capture the packets from my transmission could easily reconstruct the web page and see all of that personal information. Not only that, but anyone, including you, could have caught those packets. I think that they should reconsider their department name.

If you read my last post or have been paying attention to tech news this past week or two, you should have heard about the rootkit included on some Sony-BMG audio CDs marketed as copy protection software. This rootkit hides all files and registry entries that start with $sys$. I mentioned in my last entry how a crack has already been released for Blizzard’s MMORPG World of Warcraft. Now, CNN reports that a virus, named Stinx-E, has been created that takes advantage of the cloaking provided by the copy protection on the Sony-BMG CDs. The real kicker is that currently, no virus scanners or spyware scanners will detect the virus since they cannot see it. I must say, it looks like Sony is going to get hit hard for their little trick.

The Magical Dying Links

I pity the fool who bookmarked anything on my site other than http://www.kettering.edu/~lieb3331/. Why, you ask? It is because I just renamed all of my pages to have the extension of html instead of the htm that I had been using. I did this because I was migrating the site to the Apache server that is running on my laptop and I didn’t feel like reconfiguring it so that it would default to loading htm pages. While I was doing this, I realized that in a recent site-wide change I had destroyed my photo galleries. They are now fixed, so you actually see pictures now and can navigate around in it.

Speaking of photo galleries, I recently ran across a really neat photo gallery application. I am going to try implementing it on my website to replace my rather boring format that I am using right now. If it ends up being to my liking, you’ll get a chance to see it. If you want to see the gallery in action, check out its maker’s photo gallery.

BEWARE! Malware Being Distributed As Copy Protection Software

Watch out! Sony-BMG has been releasing CDs for about the past year that have a rootkit built into them. Not only that, but they don’t tell you that they are installing it, it is known to cause computers to blue screen, and is nearly impossible to remove without completely reinstalling Windows.

OK, backtrack a little bit. I’m sure that you don’t have a clue as to what a rootkit is. I’ll try to explain, but they are pretty complicated.

Every operating system has a kernel, which is the that the user interface uses to communicate with the hardware. It is a little hard for Windows users to understand since Microsoft markets Windows as just an operating system, even though it is so much more. On the other hand, Linux and Unix users will know what it is since Linux is really just the kernel and other programs, like the command line shell bash and the desktop environment KDE, run on top of it. Anyway, every piece of software on the computer communicates with the hardware (hard drive, memory, etc) by making calls to the kernel, which then performs the correct instructions to make the computer do the task. The only reason that the Windows kernel should ever be modified is if a major patch is released. Other than that, the kernel should never be modified since it could cause instability.

A rootkit, however, breaks this rule: it modifies the kernel. One of the things that rootkits most commonly do is modify the code that reads the directory structure on your computer and the registry. This might sound harmless at first, but think again. By doing this, the maker of the rootkit can hide whatever they want to on your hard drive or in your registry, and you’ll never know it because you won’t be able to see the file or registry entry. For a more detailed description of what a rootkit is, you can either listen to or read Episode 9: Rootkits from the Security Now! podcast, hosted by Leo Laporte of This Week In Tech and G4‘s Call For Help and Steve Gibson of Gibson Research Corporation.

This story was originally published on the SysInternals blog, which is written by Mark Russinovich, on Monday. It ends up that Sony-BMG licensed copy protection software from First 4 Internet called XCP, that uses a rootkit. It is installed when you agree to the EULA that displays when you insert the CD into your computer. The rootkit that it installs cloaks any files or registry entries on your computer that start with the string $sys$. You can’t even get around the rootkit by starting in safe mode because it marks itself as a safe mode driver. It is possible to find the files that are cloaked by using a program from SysInternals called Rootkit Revealer. However, this rootkit has evil intentions. If you try to delete these files (easily done if you know that they exist), your CD-ROM drive will disappear from Windows. It can be restored, but it is not an easy process. A longer discussion on this rootkit can be heard or read in Episode 12: Rootkit DRM of Security Now!

Mark of SysInternals revisited the topic today. In Sony’s EULA, they say that their copy protection software can easily be removed. Ha! That’s a good one. To remove it, you must first go to Sony-BMG’s website and request the uninstaller. They email a link to you that leads to a web page where you can download a service pack to XCP. However, this service pack is the only way to uninstall it. When you start the installer, you must decline to EULA, which will trigger the uninstaller. However, the uninstaller is itself flawed. It is impossible to reliably remove a rootkit while Windows is running, due to the way that it interacts with the kernel. When you attempt to unload the rootkit, you could very easily blue screen your system. Too bad that First 4 Internet was too incompetent to know this. Then again, what should you expect from a company that relies on a poorly written root kit to implement copy protection. What’s even worse is that Sony-BMG refuses to admit that they are using DRM technology that utilizes a rootkit.

Remember when I mentioned that the rootkit masks all files and registry entries that started with $sys$? This allows anyone to plant files on your computer that start with the same string and have them hide from you. Already, a crack has surfaced that allows players to circumvent the anti-cheat facilities in Blizzard‘s MMORPG World of Warcraft. Also, every time that you insert the CD, a program on it "phones home" to Sony-BMG, which is a security risk in and of itself.

I don’t know about you, but after learning all of this, I can say that I am going to stay away from Sony-BMG for a while, and any other copy-protected CDs. It just isn’t right to buy a CD only to learn that you basically have no rights to use it. They dictate that you can make X number of copies, you can only listen to it on a computer using our built-in player, you can’t rip the songs yourself in any format you want, but we do offer (crappy) 128 kbs MP3 versions of these on our website that you can only download if you have the original CD in your CD-ROM drive, etc. What ever happened to fair-use? Doesn’t sound like you own the music, now does it?

What’s even worse is that what Mark Russinovich did was illegal under the Digital Millennium Copyright Act. What was illegal about Mark getting a rootkit off of his system, you wonder? It is because it is considered circumventing copy protection. For doing that, he could be taken to court. What is wrong with this picture? Pretty soon, every music manufacturer could start putting "copy protection" on their CDs that phones home or puts ads on your computer, and you could not legally do a thing about it due to the DMCA! The music industry is doing all of the wrong things to try to get people to actually buy music instead of illegally downloading it from P2P services such as KaZaA, Shareaza, and BitTorrent.

In The Presence Of A Big Wig

Yesterday, I got to take part in a UPS/Kettering University open house-type event. Kettering decided that they wanted to try to attract more Chicago-area high schoolers to go to Kettering by showing them that they could go to Kettering and still co-op in the Chicago area. In addition to having co-ops from CACH (Chicago Area Consolidated Hub), the facility that I work at, there were also co-ops from Bosch and Argonne National Laboratory in attendance. In addition to that, we also had Dr. Stan Liberty, the president of Kettering University, and probably half of the VPs from Kettering, plus the Corporate VP of Engineering from UPS! Talk about star-studded.

I got a chance to talk to him a little at the end. I was surprised to find out that when he started at UPS, he was a truck driver. In twenty years, he has managed to climb all of the way to a VP. I was amazed. Over that time, he held some very important positions, including being the head of Industrial Engineering for half of the US.

I also got to meet Mike Ciavilla (probably spelled his last name wrong), who is head of Operational Excellence at CACH. His job, from what I understand, is to refine the processes that we go through. So, he is responsible for everything and nothing, all at the same time. He tried to explain a project that he hoped that the Technical Support Group (TSG) Systems Group would tackle in the future. Currently, sort supervisors have to show up to work about two hours before their shifts starts so that they can pull reports from different systems and prepare the information for pre-sort meetings. He wants us to come up with a web app that will automate the whole process for them so all they have to do is log on to the web page and it will have already pulled all of the reports for them before they arrived so that they can work shorter days. All I can say is that I’m glad that he specified that I would not be asked to work on the project. Sounds like something that will end up being assigned to Ray, our most experienced and only full time developer. (The rest of us are all co-ops, interns, and temps.)

Lies, They’re All Lies!

If you haven’t done so already, check out Google Moon. At first, its features may seem a little sparse compared to Google Maps/Google Earth. After all, using either of the latter two services, you can view road maps, do local searches, and plot driving directions. Google Moon, on the other hand, only has satellite images. But, hey, it’s the moon. Who doesn’t want to see the moon in all of its desolate glory? It even has multiple zoom levels of detail. Not only that, but I learned something from Google Moon that totally contradicts everything that I learned in school: The moon is made of cheese! Don’t believe me? Go to Google Moon and click the highest zoom level and see for yourself.

Make Yourself Known

First of all, you may have noticed that I have not been online at all this past week. That would be because I was banned from the network at the place where I was staying for using too mush bandwidth. Basically, they were in the process of banning me, but were unable to because they could not stop the connection that I was using. So, to disconnect me, they had to shut down the hotel’s internet connection and initialize it again. Because of this, and the fact that it was my second offense, I had to get the hotel manager to call them and tell them to lift the ban on me. Only problem is that the manager works hours that overlap with mine, so it was a little hard to go and talk to her. I finally called her on Friday, but got her voicemail. I left a message, but figured that I would probably have to call again on Monday. However, I tried connecting this afternoon, and it worked. I’m not sure if she actually requested my ban be lifted or that by keeping my wireless off for a week allowed me to connect as a different computer, but I’m back.

Anyway, back to what I was going to write about. I ran across a site called Frappr that allows you to make a Google Map that pinpoints the location of anyone in your group. All you have to do is type in a name (real or made up), a zip code, a "shoutout", and, optionally, a picture. Frappr will put a marker on the map according to your zip code and post your shoutout, with picture, at the bottom of the page. You can click on the markers on the map to read the shoutouts that have come from there. It looked pretty neat, so I got my own Frappr page. So, feel free to go and make it known just who exactly reads this and where you are. No registration is required, so go ahead and Frappr. (Check it out. I think that I just invented a new verb.)

This Frappr map is deprecated. Don’t waste your time with it.