Technology Vault - NewsBytes
Sunday 30 November, 2003
ExtractNow 3.53 by @ 4:40 pm
At last, a freeware program that exracts all. ExtractNow lets you extract multiple archives with the ease of a singular button. Supports ZIP, RAR, ACE, & JAR file formats.
ExtractNow is only 1.17mb in size and is freeware. ExtractNow was developed on Windows XP but also supports Windows ME/98/95.
Changes in this version are:
• Major changes to ACE extraction code
• Delete after extraction bugs fixed
• Masking bugs fixed
CLICK HERE for more details.
#########################
Tuesday 25 November, 2003
AVG7.0 Update by bluetracker @ 12:02 pm
Update time again
Grisoft, makers of the popular AVG Anti-virus have updated the program.
With a file size of 5217997bytes update file u7f203.bin released 24/11/03 fixes several reported problems concerning the Control Centre, Alert Manager,Update, Testing Engine and EMS as well as patches to some System Components.
After the main update, by activating the Update manager manually, another update to the Setup file is available. This is classified as Optional and is not installed as part of the main update hence the requirement for users to activate the download sequence manually.
This update session brings the program to version 7.0.203
***************
Wednesday 19 November, 2003
HighMAT Support in CD Writing Wizard by @ 6:25 pm
This new extension to the CD writing feature of Microsoft Windows XP allows you to create easy-to-use HighMAT CDs of your digital photos, music and videos optimized for easy viewing and sharing on CD and DVD players with the HighMAT logo.
Microsoft tells us that HighMAT CD writing offers better, easier navigation with folders you can access with a single click of a DVD player’s remote control. It also preserves important information about your music, photos and video like full song names, artist names, album names, and genre.
To learn more, you can visit www.highmat.com
This update can be downloaded from Windows Update.
###################################
AVG Update by @ 5:49 pm
Grisoft have an update for AVG 6 (free) and AVG 7. Grisoft says this update adds detection of I-Worm/Mimail.J
###########################
Who's Stocking are you Filling this Christmas? by bluetracker @ 11:37 am
Christmas is coming, but just who is getting fat?
A story from Silicon .com reveals that High Street and online giants Argos and B&Q leave a lot to be desired when the security of Customers account details are concerned.
The problem at the B&Q store apparently, allowed access to user accounts to anyone accessing the website, without the need for in-depth IT knowledge. In theory, anyone with nefarious intent could access and modify the data obtained (including e-mail address, full name, address, telephone number) and if the user had entered credit card details, the attacker could purchase goods online.
The problem at Argos on the other hand lies in the weak security procedure of when a user has forgotten their password, users are asked to reply to a question, which is all too often guessable, and then by answering the question correctly users go straight through to account details, rather than any subsequent level of security, such as e-mailing a new password or secure URL to the customer's registered email address the attacker can begin their shopping spree courtesy of someone else's bank balance .
Reports like these concerning digital stores are unfortunately becoming more frequent. On the whole, these flaws are less down to failure to apply patches or system configuration than to the programming by the business itself. So how to avoid someone else purchasing Christmas fayre on your account?
"Secret questions"
Many so called secure online stores (a-la Argos) employ the "secret question' approach when you lose your password you get 'shunted' to a prompt screen asking for the answer to 'your secret question' sometimes again the secret question is displayed sometimes not; it has to be said also that *sometimes* an online store allows the user to 'make up' their own secret questions and answers and obviously these would be less likely to be easily guessable, but more often than not you must choose from a drop-down menu of candidates such as Mother's maiden name, favourite colour, favorite football team, name of dog etc etc etc. The user who is unfortunate enough to 'forget' their password can opt for the secret question as a means of identifying their account. If you answer correctly the password is revealed to you or you are allowed to make purchases directly as a consequence of revealing the answer to the site's software. You don't need to be a tech guru to guess the answer especially if your surname is SMITH and your mother's maiden name also happens to be SMITH. I suppose a customer with the surname of "Oswaldthwistle" would be fairly safe from someone who didn't know them guessing the answer to the question; even so In my view "02waldwth1stle" would be a more secure way of notating the name in a password scenario.
In my experience of online shopping, which isn't extensive by any stretch of the imagination; I find some sites tend not to specify the format to your secret questions' answer and in some cases your reply is only limited to the keys on your computer keyboard. Passwords containing simple LETTERS all the same case rather than 'CasE' are easily 'cracked' by a determined bogus user. By using numbers or substituting letters or numbers with other computer generated symbols like ~# @ or $ etc can make your secret question or other password more secure and harder for someone else to guess. In all cases where you use a password you should write it down and keep it somewhere safe in case you forget it at a later date.
Securing your passwords
Letting Windows remember your passwords can be time saving, but not very secure. Many Viruses/Trojan horse infections search your computer for these files to send back to their 'masters', so whenever you use a secure site where your hard earned cash is concerned it would be best if you typed your password in on each visit...but then there are 'KEYLOGGER Viruses/trojans' to worry about...best make sure your ANTI-VIRUS utility is switched on and running and is fully updated, also that you have a functioning Firewall installed!
Another thing you can do to thwart others from easily discovering your password is so simple! For those who can't be bothered to make up a strong password of their own or perhaps feel daunted at the prospect, Help is at hand it's easy and you don't need to be a Techno Geek either!
Start off by taking a short journey into your kitchen. Open the larder door and choose any item you like. On any packet, bottle or tin there will be a bar code Pick an item, Jot down the barcode as it is, from there swap any zero's for keyboard symbols and use the result as your 'password'!
For instance a bar code of 5000157006875 (Heinz Spaghetti from Tescos for those who are curious) could become something like 5#@:157$%6875 a lot harder for someone to guess than "SMITH" or "ROVER" and also inherently easier for you to forget so write it down and keep it safe! I can see you all reaching for tins of Spaghetti as we speak...be creative! There are bound to be lots of different items in your cupboards all nicely barcoded so try and be unique. The nice thing about using barcodes is that if you *don't* change anything from the original, you always have a cupboard full of 'reminders' to hand in case you forget! Not as secure as changing the zeros to symbols but a deal safer than your 'Smith' or 'Rover' any day!
You have a cupboard full of free to use and relatively secure passwords that are limited only to your imagination, the symbols available on your computer keyboard and your dietry preferences!
Having said all of that *any* password can be broken given time and the expertise to cycle through all the combinations or by using software to do the job. These methods are used by the expert criminal who like to break down the doors of Government agencies and the like just because they can. It is less likely that this sort of person will be tempted by shopping online at Argos using someone elses account, those people that commit this sort of online theft are more than likely 'opportunists' looking for easy targets. If you are worried about someone other than yourself using your online shopping account to buy their Christmas presents, it would be wise to make it as hard as you possibly can for them to guess your account password so open that cupboard now and avoid becoming an 'easy target' statistic!
Wishing You All the Best for Christmas and the New Year and Safe Online Shopping in the few weeks that remain before the festivities commence.
Bluetracker.
*****************
Monday 17 November, 2003
Bugs in last Windows Update by @ 1:15 pm
Have you noticed some odd things going on when you use Internet Explorer? I have, and now I know why. I noticed when I went to post on forums or fill out the news, if I moved the scrolled bar up or down, I lost the position of the cursor on the page. Also, if I went to move to the bottom of a very long page and hit the blank section of the scroll bar, the page would jump about sometimes.
I had originally put this down to the latest graphics driver that I had installed (Sorry Terry, How's it feel like to get the blame for everything?) but thanks to eweek I find it's all down to Microsoft (again) with a dodgy patch. We seem to have had a few dodgy patches from Microsoft over the past year or so.
Microsoft are aware, they are keeping quiet about it, but hey, it's not going to go away, so fix it! and fix it soon Microsoft because it's driving me nuts!!
As soon as the Technology Vault hears anything in the way of a fix, we'll post it here.
ADDED: If you go to add/remove programs and look under Internet Explorer Cumulative Patch Q824145, you can in fact uninstall the patch. Only do this is you want to risk other vulnerabilities until Microsoft find a fix.
##############################
Sunday 16 November, 2003
Winter Fun Pack 2003 by @ 8:12 am
You get a few goodies like a dancing elf who dances to your music, a winter player skin and a new visualisation. Microsoft says: Dress up your Player for the holidays, organize your holiday music, or reorganize your whole music library. The Windows Media Player 9 Series Winter Fun Pack includes skins, auto playlists, a visualization, and a tool to export details about your whole catalog to put you and your computer into the holiday spirit.
The new player skin looks cool but I've seen better fun packs. If I were to give marks out of 10, I would give this pack a 4/10.
CLICK HERE to take a look for yourself.
##############################
Windows Update by @ 8:03 am
Buffer Overrun in Messenger Service Could Allow Code Execution
Microsoft says: Customers should disable the Messenger Service immediately and evaluate their need to deploy the patch.
A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. The vulnerability results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer.
An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.
Go to Windows Update now to install the patch.
###########################
Thursday 13 November, 2003
Sygate Personal firewall updated by bluetracker @ 6:42 pm
Sygate Firewall update
The popular stand alone firewall has had a makeover; Sygate add a few extra functions to both their Pro and Free verions of their firewall.
Those of you that use Sygate's firewall will already be aware of this update as the 'in-your-face' update screen will popup as soon as you connect to the internet (providing of course that you have the proggy configured to automatically search for updates)
Anyway after going through the routine to obtain the update by submitting name and e-mail addy, a download link is then sent to your inbox which has the neccessary invitation to go to the download area.
Installation is a doddle and needed no other user input than a couple of mouse clicks.
Having said that, a small glitch in the installer was found when I attempted the update and no prompt to reboot was displayed (in the setup documentation it says you should see a reboot prompt)
It is neccessary to reboot to allow the upgrade to 'take' properly, no amount of amount of coercing can make the sys tray icon appear or the application to initialise without a reboot.
New features
This release of the Personal Firewall (version 5.5) has a variety of new and enhanced features. Among them are:
Log Dampener Feature—The Personal Firewall adds new logging flexibility and performance enhancement features, including the option to selectively enable or disable the security logs, system logs, traffic logs, and full packet logs.
Smart WINS—This feature allows Windows Internet Naming Service (WINS) requests only if they were requested. If the traffic was not requested, the WINS reply is blocked. The user can enable or disable this feature.
Unfortunately though for 'Free version' users, this handy addition is not available and is 'greyed out' in the options screen.
Anti-Application Hijacking Protection—The Personal Firewall now protects against even more attacks, including such exploits such as the Shatter Attack and "TooLeaky" (** see below) exploit which has the ability to allow an attacker to bypass your firewall completely by masquerading as a bona-fide application such as Internet Explorer or another so-called "trusted" browser or application to do all manner of things from and to your computer.
Enhanced performance—The Personal Firewall is now faster and takes fewer system resources.
Improved Logging Capabilities—The Personal Firewall adds new logging flexibility, including the option to disable all logs.
Support for Windows Server 2003—The Personal Firewall is now supported on Windows Server 2003 for Small to Medium Businesses. For larger business use that have over 500 terminals and that need centralised management, Sygate Secure Enterprise is required.
Improved Microsoft System Installer Support—The Personal Firewall is now packaged by default as a Microsoft System Installer (MSI) package to simplify deployment with Microsoft SMS and other software distribution tools.
If you haven't already done so then you should update your copy now, don't forget to ENABLE the Anti-application Hijacking Protection when you have. By default this addition is DISABLED.
TooLeaky**
Some time ago, Steve Gibson (GRC.com) released a utility called LEAKTEST which showed how certain programs could essentially bypass a firewall with impunity.
NOTE....Users of the above download link for Leaktest should be aware that several Anti-virus and Anti-trojan programs now classify this harmless utility as a TROJAN HORSE and may 'scream' when you activate it!
Many a debate on the efficacy of this has taken place over the years and numerous references to The Ten Immutable Laws of Security as published by Microsoft abound,therefore I shall not labour the point here.
Suffice it to say, users of firewalls often grant permission for an application such as Internet Explorer to access the Internet, it would be strange if they didn't, as how would they view everything the web has to offer without doing so?
The way I understand it is that (please feel free to correct me in the forum if I am wrong)Viruses/Trojans and websites containing the TooLeaky exploit code are used to gain info and or carry out all sorts of nefarious activities. Typically, this exploit launches a hidden browser window which attempts to connect to whatever website or IP address it is configured to via port 80 on your computer. From there if allowed access it can create a backdoor into your computer or transmit collected information gleaned from the infected computer or both and since it is 'flying the flag' of a trusted application a firewall often believed the connection request is genuine and allowed the access.
Sygate in this edition of their firewall seem to have plugged this hole and the firewall is now be able to differentiate from a bona fide connection and one that launches 'posing as Internet Explorer' or indeed any trusted application of choice on your machine. So if you see the Sygate alert window telling you that IE or whatever is trying to access something/somewhere other than what you expected it to do, then you can deny it access where previously you wouldn't even know of the attempt!
If you DO see such an alert and you don't recognise the site/IP address that is being contacted and you deny the access, then it would be advisable to run a complete ANTI-VIRUS/TROJAN sweep to make sure your computer isn't infected by a virus or trojan.
*************
Tuesday 11 November, 2003
VIS Visual imagination software demos by @ 10:32 pm
As you know, I've been an ardent follower of the demoscene for some years and one group I have always admired is Smash-Designs. With demos like Adrenalin, Darkstar and their most recent demo weltenkonstrukt Smash-Designs have blown away the demoscene world with ground breaking graphics, effects and music.
I have just had an email from andre bürger who created the graphics for the demo weltenkonstrukt to tell us about his new company that produces visualisations and simulations for architectural and industrial companies. The weltenkonstrukt demo showed the city of "frechen" near cologne and has now been used as a technology demo for the company. Along side two other demos which are based on the same Starforce 3D engine, Industiral shows an automated car plant with robots, convayors and all. Another smaller demo called Interior decoration shows a kitchen layout. All 3 demonstate the power of the Starforce 3D engine and andre's skill as a graphics designer.
Here are a few screen shots from the weltenkonstrukt demo. Click on the links underneath the images to see the full size version. Unfortunatly, andre only sent images from the weltenkonstrukt demo, you'll have to visit his website to see examples of his other work.
Weltenkonstrukt Demo image 1
Weltenkonstrukt Demo image 2
Weltenkonstrukt Demo image 3
You can visit the VIS website HERE. The website is in German so you might need something like BabbelFish to translate it if you can't speak German. You will find links to all 3 technology demos on the download page. The demo's installers are also in German but a good guess lets you click the correct buttons. They all install to the same folder in programs.
You will need a pretty good graphics card to run these demo's and at least directX8.1. Enjoy!
Many thanks to andre for sending us this information and letting us share it with our readers. Thank you.
#############################
Monday 10 November, 2003
Yet another AVG Update by @ 7:26 pm
Grisoft are sure on a runner with another update today for AVG6 (free) and AVG7. This update adds detection of Worm/Darker and new variants of Worm/Spybot, Worm/Agobot and trojan IRC/BackDoor.SdBot, Desex, Dialer, Startpage.
The file size (for AVG7) is 112kb.
Update now to keep your computer free from nasties!
############################
Thursday 6 November, 2003
Yet Another Grisoft AVG Update by @ 4:50 pm
Grisoft seem to be going for the record as they have released yet another update today for AVG 6 (free) and AVG 7.
The file size is 102.5kb and Grosoft says this update adds detection of Worm/Micint and new variants of I-Worm/Coronex, I-Worm/Sexer, I-Worm/Torvil, Worm/Agobot, Worm/Lovsan, Worm/Raleka, Worm/Shower, Worm/Spybot, IRC/BackDoor.SdBot and trojan Startpage.
Other Grisoft news, For the first time ever, Grisoft will be exhibiting at Comdex Las Vegas! Grisoft will be a co-exhibitor with Kerio at the Comdex trade show. Peter Lipa and Ales Nevesely will be at the stand to talk about sales and technical matters. Whether you are visiting Comdex alone or with customers, make a point of visiting us at stand 8160.
#########################
Wednesday 5 November, 2003
CATALYST 3.9 is now available by @ 7:32 pm
Terry Makedon has sent me the following details.
Seems like just yesterday we released CATALYST 3.8. That CATALYST version has broken all previous download records for a driver here at ATI. Today we make available CATALYST 3.9 and in particular driver version 7.95. The focus of this posting is compatibility and stability improvements.
CLICK HERE to download Catalyst 3.9 now.
Compatibility/stability fixes include:
· Setting the display resolution to 1024x768 32bpp followed by playing Blade of Darkness with the game set to 1027x768 16bpp, and texture resolution set to max, no longer results in a flickering horizontal line of display corruption
· Playing Morrowind under Windows XP with an ATI RADEON(tm) All-In-Wonder 9200 installed no longer results in parts of the boat image flashing and portions of the person's body being missing
· The game Jedi Knight-Jedi Academy no longer fails to respond when enabling Anti-Aliasing to 4x or 6x
· Choppy game play is no longer noticed with attempting to play the game Home World 2
· The demo game Panzers no longer fails to respond when Anti-Aliasing is enabled under Windows XP with an ATI RADEON(tm) 8500 series card installed
· Setting the ATI 3D tab slider to Performance under Windows XP with a RADEON(tm) 9800 series card installed no longer results in display corruption when playing the game Grand Prix 4
· Setting the game Flight Simulator 2004 to display at 1024x768 or 1280x1024 followed by starting a new flight no longer results in the menu being flipped just before the new flight is about to begin
· Setting the display resolution to 1024x768 32bpp followed by setting the Indy Car demo display option to 1600x1200 32bpp and setting the detail to high no longer results in the fence and car's shadows flashing
· Setting the display resolution to 1024x768 32bpp and enabling Anti-Aliasing to 4x followed by configuring the game Race Driver to 1600x1200 32bpp no longer results in some of the race cars not being drawn properly
· Attempting to start a new game of Links 2003 no longer results in the system rebooting
· Serious Sam 2 is now able to detect OpenGL TRUFORM when set to Application Preference
· ChameleonMark no longer displays corruption on DX8-class products
· Connecting a TV as the secondary display and enabling extended desktop no longer results in display corruption on the primary display when attempting to change the colour mode and resolution when playing Serious Sam
· Having two monitor connected with only one monitor being active no longer results in two monitors being seen as active in the Monitor tab of the Advanced Display Properties
· Connecting both a CRT and a TV to an ATI RADEON(tm) 7200 series running in a Windows 9x environment no longer results in corrupted colours being displayed on the CRT
· Setting the secondary CRT display to 1024x768 32bpp with extended desktop enabled no longer results in not being able to swap between the primary and secondary displays
· DVD Region 2 playback no longer stutters during the beginning of the DVD under Windows 2000
· Connecting both a CRT and a TV to an ATI RADEON(tm) 7200 series running in a Windows 9x environment no longer results in corrupted colours being displayed on the CRT
Terry also tells me to look out for CATALYST 3.10 in about 4 weeks.(probably the last CATALYST of the 3.xx series before we hit the year 2004 and move to the 4.xx series).
Monday 3 November, 2003
Another AVG Update by @ 6:51 pm
Grisoft says that the definitions update adds detection of new variants of I-Worm/Mimail, I-Worm/Torvil, BackDoor.Ircbot.
Users of AVG 7 get a massive program update. They have fixed problems in the Scheduler, Engine, EMS, Kernel, Control Center and Resident Shield.
############################
|
