Everything, Everything - June 2007

2021: J F M A M J J A
2020: J F M A M J J A S O N D
2019: J F M A M J J A S O N D
2018: J F M A M J J A S O N D
2017: J F M A M J J A S O N D
2016: J F M A M J J A S O N D
2015: J F M A M J J A S O N D
2014: J F M A M J J A S O N D
2013: J F M A M J J A S O N D
2012: J F M A M J J A S O N D
2011: J F M A M J J A S O N D
2010: J F M A M J J A S O N D
2009: J F M A M J J A S O N D
2008: J F M A M J J A S O N D
2007: J F M A M J J A S O N D
2006: J F M A M J J A S O N D
2005: J F M A M J J A S O N D
2004: J F M A M J J A S O N D
Attachment Execution Service (AES)
Wednesday 27th June, 2007 10:47
Inspired by the lovely Susan Bradley's discovery of the Unblock button (which has been around on Windows 2003 for two years, not sure how she's missed it for so long), it got me thinking about Alternate Data Streams (ADS). The AES adds a Zone.Identifier ADS to a file. If the ZoneId=4 then it came from the internet and the file will be blocked (hence the Unblock button, or a big warning saying it might not be safe to run). But if it's an ADS and the information is consistent and in plain text, surely it's easy to manipulate the record? Could an innocuous looking script or program attached to an email, when launched by the user, download a malicious file, change the Zone.Identifier, and then launch the other program without the big warning? The zone is only checked by explorer.exe, I don't believe it's checked by cmd.exe, so the user could probably launch any downloaded executable via cmd.exe anyway, but it's still a neat idea if they implement the checks into cmd.exe. I suppose what they should be doing is storing the Zone.Identifier in a vaguely inconsistent manner, perhaps with some sort of hash based on something secret that's unique to a system?
UK Radio Player 1.3.4
Tuesday 26th June, 2007 17:01
The new version is finally up, you can now add our own custom radio stations (3 of them, if you want more, let me know the URLs and I'll add them to the main list :P), you can even set them as presets, and you can set the volume for each preset. I've also added a load more stations to listen to. It was a bit of a logical nightmare (I'd like to keep the custom stations and presets sections separate so I don't have to worry about synchronising everything), but it should be fairly user friendly. The new code should also cope with future upgrades (anyone going from 1.3.3 to 1.3.4 will probably notice the presets and selected station can be incorrect thanks to the addition of the new stations).

I've noticed someone's added a review saying that they're still having trouble with the versions after 1.3.1 and the thing is I don't know why. They suggested that maybe it's a 64 bit issue for them, but I can't see that being the problem. A part of me wonders if it's anything related to this issue. I've played around on two systems, and I try to make sure it's stable and do a quick code review before I submit it to the live gallery. I've gone from the previous version to the latest, I've closed and uninstalled the gadget, I've even removed all the content from Settings.ini to see what a clean install is like. It always works. Always. Right now there are only really three things I can mention:

1) Close the gadget from the Sidebar. Uninstall the gadget from the Gadget Gallery. Open up C:\\Users\\[username]\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini and look for any sections with the string "ukrp", then remove those sections. Install the latest version of the gadget. This should effectively give you a clean install.

2) I've had a suggestion from someone else that had a similar problem, and he managed to fix it after reading this page. Essentially, you rename (or delete) the folder at "C:\\Users\\[username]\\AppData\\Local\\Microsoft\\Windows Media\\11.0" and then it'll apparently create a new one with 3 files (that aren't corrupt), and everything should work again.

3) Create a new (standard user) test account, add the Gadget to the Sidebar. If it works, you've proved it's a problem with your specific account, and not a problem with the gadget itself. Okay, so I haven't worked out why it doesn't work on your account (yet), but I have tried. It doesn't help that some users only say things like "I can only play BBC Radio 1" or "it doesn't work", rather than something helpful that I can use to diagnose what's wrong (the majority of people that contact me are pleasant and helpful and willing to try out versions with potential fixes). I have come across an issue where my gadget didn't work at all, but that was because JavaScript appeared to be completely broken on that account (including in IE), and no matter what I tried, I could not get it to work again. Thankfully it was a test account that I'd heavily abused on an evaluation system, so I could abandon it and create a new one.

EDIT: Some quick and dirty stats, but I think my server's getting around 300,000 hits a month from UKRP users, which I think works out as (roughly) once every 10 seconds on average. So if a station does break, I'd like to think someone will let me know.
Image Spam Going Down?
Tuesday 26th June, 2007 15:27
But PDF spam going up? I just got a(nother) PDF from "German Stock Insider" suggesting "gains of 300% in next 5 trading sessions" for someone on the German Stock Exchange. The funny thing is this particular PDF is "dated" Thursday 20-JUN-2007. It's the 26th today, if only they'd sent it to me sooner, so I could have invested my entire lifesavings into it! If it looks too good to be true, it usually is. It's probably not worth keeping any random emails that contain 82KB files that end with "report.pdf".
Things That Make Me Happy
Tuesday 26th June, 2007 15:10
Music. Specifically...

Fast and twiddly piano playing
Brass instruments
Strings (preferably real strings, not some keyboard)
Eclectic sounds
Fast and cool drums
Good use of stereo

Some examples off the top of my head:

Beck - Tropicalia
REM - Everybody Hurts
Mark Ronson - Inversion
Fatboy Slim - Right Here, Right Now
Things That Irritate Me
Monday 25th June, 2007 16:30
English people that don't know the difference between...

brought and bought
loose and lose
your and you're
there, they're and their
its and it's

I know they look and sound fairly similar, but it's not that difficult!
Monday 25th June, 2007 12:43
Yamahito sent me a link to the this webcomic, and I ended up flicking through the entire series. I was also amazed to see that the author encourages hotlinking, even though the images don't contain any references to his own site - very generous. I'm uploading them to my own server anyway, so enjoy these two for now:

Random Number

Cat Proximity

Here are some of the others...

Fixed Width

Walking Funny
My Secret Weapon
Monday 25th June, 2007 01:24
I'm watching How To Lose A Guy In 10 Days and Andie has met Ben's family and it's about the point she realises that he's a nice guy (although she's obviously unaware that he's doing everything possible to win a bet). And I'd like to think that my family would be my secret weapon too. My mum and dad are great, my brother is pretty good, and (if she's serious about meeting the family) Boxing Day would be the perfect chance to meet everyone. Despite the odd tiny flaws, my extended family are all pretty good people. But, a bit like Ben, I haven't introduced any girlfriends to my family (my brother almost met Shelly once, but that's a whole other story). When I do, if she isn't already in love with me, my secret weapon will surely do the trick.
My Body
Friday 22nd June, 2007 10:22
My tongue hurts. Sometimes it's around the edge, as if I've been biting my tongue when I'm asleep, but today it's painful underneath. I think it's because of my yawn. In the past I presumably opened my mouth and yawned normally like everyone else in the world, but recently I've noticed my tongue stretches upwards. Maybe I've always yawned like this, but it's only becoming a problem now. Now I'm making a conscious effort to keep my tongue low (pushing against my bottom teeth).

The good news is my big toe doesn't hurt anymore. It felt like I had an infection as it was painful and looked a bit red. I couldn't see anything wrong at first, but after a few days I noticed a small black line just under the skin. I'll skip the gory details, but it turns out it was a 1cm long bit of hair.
Porn Star Name
Thursday 21st June, 2007 11:43
What's your porn star name? The general consensus is that it's your first pet's name followed by your mother's maiden name. So what's your porn star name?

Actually, don't tell me! Your mother's maiden name is often the "security question" you're asked by your bank or websites when you've forgotten your password. It seems I'm not the first person to realise this, but a lot of people aren't aware of the dangers of revealing personal information.

But how easy would it be to build a "fun" site, ask some personal questions, and then present or email a nice pretty picture. For example, you could ask:

Male or female?
Skin colour?
Your first pet's name?
Your mother's maiden name?
Your favourite colour?
Your email address?

And email the user a custom image that shows them standing by a pole, wearing a skimpy outfit in their favourite colour, with their porn name written at the top. And then you could visit some popular sites and try to log into their accounts using the "forgotten password" links and answering their security question. Unlike a password, you can't (usually) change your mother's maiden name after you've signed up.

PS If I'm ever forced to supply a "security question" that I know will never be asked by a real person, I tend to use a second (usually longer) password.
Credit Card Fraud
Tuesday 19th June, 2007 13:11
Ian was telling me this morning about his other half's experience with a well known name's credit card. She'd noticed some fraudulent activity and reported it to them. More specifically, she'd tried reporting it at the weekend and was told they don't work at weekends and she would get a call back from them on Monday. She waited, then called again on Monday and they said they'd call back. They finally called back yesterday, several days after she wanted to report the fraudulent activity. They said they'd write off the transactions. When they didn't say anything about her details having been compromised and sending her a new card, she asked for a new one. They said she'd have to contact their stolen cards department to arrange getting a new card. Basically, they didn't care that the details were compromised, and would be happier to write off future fraudulent activity than issue a new card.

I decided to check my own bank account today, partly because I hadn't looked in a couple of weeks. I noticed my credit card balance wasn't at zero. I haven't used my credit card in over a month. One item was fine, it was a subscription cost that I'd forgotten was due this month (I had a feeling it was next month). The other was for T MOBILE UK, at a value of £40. I'm on a contract with Vodafone. This looked to me like someone had topped up their mobile (for a nice round amount like that, I'd normally pay with cash anyway). My online bank gave me the correct number to call, it was answered by a real person (yes, no automated system playing terrible music and telling me how important I was to them and how my call would be answered by an operator very soon). This person was also English. He took my details first time without any problems. I told them about the transaction in question, he asked if another transaction near that date was correct (the subscription) and I told him that was fine, as was the one a few minutes ago from when I filled up with petrol (which he confirmed was already on their system). He then told me, completely unprompted, that the fraudulent activity meant that my card had been compromised and that I would have to cut up my card and they would send me a new one. I told him this was fine, and confirmed that the cardholder address they would post it to was correct. He said goodbye, I thanked him for his help, said goodbye and hung up. My phone said that 1 minute and 45 seconds had passed. Quick, efficient, and professionally handled. I love my bank.

I'm still a little concerned how they got my details, as I'm normally pretty good with this kind of thing, and I know the Payment Card Industry Data Security Standard quite well. The transaction occured on the very same day that I was writing a report on a customer's website that had been compromised (using SQL injection) to reveal full credit card details. According to my online banking, the transaction apparently appeared on my account the following day, which suggests that it wasn't processed immediately, and I suspect was some form of offline transaction that didn't require the 3 digit security number or the PIN to be entered.
Quote Of The Day
Friday 15th June, 2007 13:41
Mark was browsing IMDb earlier and I noticed the following quote on the homepage:

IMDB Quote

Click the image to find out the name of the show (sorry about the PNG transparency, I'll sort it out later, maybe). Although I didn't recognise it, the style sounded familiar, so I asked Mark and John to click the link. Turns out I was right - yay!
Rip Off Prices
Friday 15th June, 2007 13:14
I've seen this in the past, where Dell have a good price for a system, and then hope users are prepared to pay silly amounts for the upgrades. In the past I've seen an upgrade from a DVD-ROM in a server to a DVD-RW that cost 3x the price of an OEM DVD-RW drive from somewhere like Aria. Today, I was looking at the laptops and came across this (prices are ex VAT):

Dell Upgrades

Now I'll point out how much Overclockers UK are selling the Seagate Momentus 7200.2 160GB ST9160823AS 2.5" 7200RPM SATA drive for: £85.99 ex VAT. The rest of the prices don't look too crazy, but that 160GB drive is.
Thursday 14th June, 2007 22:18
I often post about Apple and I often post about The Register. Today I read an article about Apple on The Register. Specifically, about Safari. Apple have released their browser for Windows users. They claimed it was designed "to be secure from day one", but researchers quickly proved otherwise. Apple were quick to release an update, which The Register states plugged "three serious holes that could allow miscreants to commandeer a user's machine", and then added "Mac users are unaffected by the vulnerabilities and need not take action".

Without knowing specifically which ones were patched, I'm left with two conclusions. Either The Register is lying or Apple haven't patched the gaping vulnerability that affects both Windows and OSX (more likely). According to David Maylor: "we found a total of 6 bugs in an afternoon, 4 DoS and 2 remote code execution bugs. We have weaponized one of those to be reliable and its different that what Thor has found. I can't speak for anybody else but the bugs found in the beta copy of Safari on Windows work on the production copy on OSX as well (same code base for a lot of stuff). The exploit is robust mostly thanks to the lack of any kind of advanced security features in OSX". The current production copy is Safari 2.0.4.
Adobe Updater
Thursday 14th June, 2007 13:21
Why do I get this message on my systems?

Adobe Update - Restart???

I can understand why the updater program needed Admin privileges in order to install the update, as it's updating files within the Program Files folder. But why on earth do I need to restart my computer? My best guess is that I had Internet Explorer open at the time, and the update affects the ActiveX control. Why didn't it tell me that IE was open and that closing it down would save me a reboot (and I'm only guessing here, maybe I'm wrong and it always needs a reboot?). I'd happily find the (right) time to close down IE and install the update if I knew it'd save me an annoying reboot. And if that's not the reason why, what is?
Double Standards
Monday 11th June, 2007 19:56
Emily was kicked out of Big Brother for using a word that some people find offensive. Swift action occured (7 hours later), pulling her out of bed at half 3 in the morning, without any underwear on. Nicky and Charley frequently used the term afterwards, drawing attention to it, and making Charley into a martyr and she's probably going to love the publicity it's generated for her, but we'll ignore that for now. I'm talking about the other double standards. And one in particular:

Seany was apparently referred to as a "leprechaun" by Carole. It was also apparently said in an offensive tone. Many viewers have expressed offence over the remark, but nothing has been done. I suspect nothing will be done.

Also, when Gerry was first introduced in his video, he used the word "poofs" and described himself as one, a term which many homosexuals find similarly offensive (but I guess that's okay, seeing as Charley can get away with calling herself the same word Emily used - does that mean I could call myself any offensive word that I like as long as I'm talking about myself? Maybe I'll frequently call myself a c**t if I go in the house?).

It seems that you can be offensive about pretty much anything, just as long as you avoid a couple of hot potatos. Otherwise you're out. Stupid double standards.
Doctor Who
Monday 11th June, 2007 11:04
Two of the best episodes of Doctor Who have been ones where you don't see much of The Doctor. Last season I really enjoyed Love And Monsters, with the guy from Sinchronicity. This season it was Blink, written by Steven Moffat (the guy behind Coupling). I wasn't in the mood to watch Doctor Who at the weekend but after seeing that he'd written the episode I decided to persevere and I'm glad I did. I was planning on avoiding Jekyll, which stars James Nesbitt and Gina Bellman (Jane from Coupling), but it's also written by Moffat, so maybe I'll give it a chance.
Bye Bye Big Brother?
Friday 8th June, 2007 19:21
It was vaguely interesting for a week, but now I'm sick of the bitching, I'm fed up of Charley, I'm liking Chanelle less and less, the twins don't do anything interesting, I find Shabnam annoying, and don't get me started with Ziggy. Emily appears to be fairly perceptive, unlike most of the other women on there, but she needed to learn when to keep her mouth shut (obviously far too late now). Adding a couple of guys tonight might help with the balance in the house, but right now I'm seriously losing interest. Channel 4, you're almost about to lose a viewer. I'm probably not the only one.
Paris Hilton
Thursday 7th June, 2007 15:22
Paris Hilton has been released from prison after serving just three days of her 23 day sentence, it is reported. Three days in a solitary cell in a special unit (reserved for police officers, public officials, celebrities and other high-profile inmates) at the Century Regional Detention Facility. I still think she should have done the full 45 days. With all the publicity it might be hard to overlook why she ended up there:

Hilton was arrested and charged with driving under the influence with a blood alcohol content of 0.08%, the minimum at which it is illegal to drive in California, in September 2006. Hilton's drivers license was subsequently suspended in November 2006, and in January 2007 she pled no contest to the alcohol-related reckless driving charge. Her punishment was a 36 month probation sentence and fines of about $1,500.

Less than two months later... on February 27, 2007 Hilton was caught driving 70 MPH in a 35 MPH zone with a suspended license. She also did not have her headlights on while it was after dark. Prosecutors in the office of the Los Angeles City Attorney charged that those actions, along with the failure to enroll in a court-ordered alcohol education program constituted a violation of the terms of her probation.
Thin Fidgeters
Wednesday 6th June, 2007 10:19
Are you the type of person who is constantly fidgeting - playing with pencils and pieces of paper, your legs jumping around under the office desk as you type? If you are there is a chance fidgeting may be in your genes - and the good news is that you are less likely to be fat, according to new research from scientists working in Germany and the US.

I'm usually typing, munching on bourbon biscuits (or dunking them in my coffee), with my legs bouncing around under the desk (I remember sitting on school lockers over a decade ago and finding it very difficult not to move my legs back and forth, so it's not a recent thing caused from drinking too much coffee) and I find it difficult to put things like blu-tac ad paperclips down, which is why I normally keep them well away from me.
Oasis - F**kin' In The Bushes
Tuesday 5th June, 2007 20:05
Playing it loud in my lounge, playing air guitar along to it, and missing my electric guitar that's back at home. I haven't listened to Oasis in ages. I have such a random looking playlist in Winamp right now.
Rihanna - Umbrella
Tuesday 5th June, 2007 13:28
I won't deny that it's a little catchy, but where the hell did she find that extra E? Umberella?

Seriously, it's UMBRELLA. Pronounced um-brel-la. Sing it properly, or shut the f**k up. No wonder kids have trouble spelling things.
Tuesday 5th June, 2007 12:34
Over the last year or so I've been slowly working my way through every episode of Frasier. I finally made it to the end late last night. Frasier was one of those shows that I used to religiously watch ever Friday evening as a child, it appeals on several levels. Many episodes had witty dialogue, some had fairly intelligent plots (others borrowed from the classics), some had slapstick humour, and then there was the unrequited love between Daphne and Niles that most people can associate with.

The show almost "jumped the shark" when Niles and Daphne got together, and nearly lost the plot entirely with the introduction of Kirby in the eighth season, but it came back together for the last few and we got to know some of the other characters a lot better. The final season seemed a little rushed at times (the birth really deserved an episode of its own, rather than saved for the finale), but we at least managed to gain some closure in the finale, and it was fun to watch the episode jump back in time (even if the wigs looked very fake at times). I'm not sure we should have seen so many characters, and Richard E Grant (as much as I love him) didn't fit in at all. But the finishing touch, and what sums up how great a show Frasier was, was the clever misdirection trick, which was so subtle that many peeople may have missed it: the entire episode lines Frasier up for a huge opportunity in San Francisco, but the captain's words when they land are "Welcome to Chicago", the city where his potential soul mate Charlotte (played by Laura Linney) had recently moved.

And yes, I shed a few tears at the end of the last episode, it was quite emotional. A part of me wishes it had never come to an end, but perhaps it's best that it went out on a high (unlike some other shows). It's no surprise that Frasier was voted by sitcom writers, producers and actors as the greatest sitcom of all time in the Channel 4 show The Ultimate Sitcom, back in January 2006. Frasier won a record 31 Emmys, including five consecutive trophies as best comedy series and a trio of acting awards each for Grammer and Pierce.

Perhaps, in several years time, I can go back and work my way through it all over again.
London Olympics
Monday 4th June, 2007 13:50
They have a logo. I don't like it. I can see what they're trying to do, but it's still rubbish.

London Olympics Logo

The shapes form the numbers 2012, but the shapes also look like two figures (perhaps long jumpers?). But they could have gone with a nicer colour scheme. It reminds me of graffiti, but with an element of intelligence behind the design.

Did I mention I don't like it?

EDIT: Oh, of course, I think the "person" on the left is perhaps meant to be running through the tape (with London on it) at the finishing line. Except they don't do that nowadays.
Big Brother 8
Saturday 2nd June, 2007 21:21
I saw the list of housemates and couldn't see any that I liked, but I thought it'd be unfair to judge them based on just their looks and descriptions. So I'm catching up on the first few episodes. So far... I still don't want any of them to win.
Shut Up I Hack You
Friday 1st June, 2007 13:59
A friend posted a link to this funny (translated) transcript between a "dangerous hacker" and the "victim" in a chatroom. Okay, maybe it's only funny if you're a geek.
Friday 1st June, 2007 09:56
I only just came across this (non-)vulnerability. Microsoft don't seem to think it's a problem, and have said it's "by design" and if anyone wants to stop this from happening they recommend that users upgrade to version 6 (AKA please buy a newer version of our OS). In the case of XP users (who really shouldn't be hosting production websites) they can't really upgrade to verson 6 (although Windows 2003 is an excellent, albeit expensive, workstation OS once you enable and disable a few things), so I guess that means Vista and IIS7 (except XP x64 users, as they get IIS6).

Here are the details:
Hit-highlighting does not rely on IIS authentication
[ISecAuditors Security Advisories] Microsoft IIS5 NTLM and Basic authentication bypass
Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability

Why am I annoyed about this? Because Microsoft claim they will provide security fixes for Windows 2000 and XP until 2010 (and later for XP), and this looks like a security issue (any form of authentication bypass must be a security issue?). This might be "by design" for whatever reason, but doesn't that mean that the original design is wrong?

My advice, that isn't mentioned in the Microsoft KB article, is that you can stop this from happening by disabling the mappings, which can be done manually or using the IIS Lockdown tool (in addition, URLscan integration also lets you disable the TRACE method):

Index Server Web interface (.idq, htw, .ida) - .idq and .ida map to idq.dll and .htw maps to webhits.dll. The two programs provide a method by which you can query index server on Windows NT 4.0 or index services or Windows 2000 and return results to a web page. ASP includes much of this same functionality so these extensions are virtually obsolete.

NOTE: You should inspect the Application Mappings periodically to make sure they have not been modified by an installation or uninstallation procedure. Web applications that use specialized files will certainly add their required extensions to the Application Mappings. In the event of the Indexing Service, simply removing the Indexing Service from the IIS server through Add/Remove Windows Components adds the original mappings for .idq, .idq, and .htw back to the Application Mappings and also leaves their associated .dll files (idq.dll and webhits.dll) in Winnt\\System32. Consequently, if you do not intend to use Indexing Services, remove it before you run the IIS Lockdown tool.
© Robert Nicholls 2002-2021
The views and opinions expressed on this site do not represent the views of my employer.