Saturday, July 14, 2007

Royal Blog

In a country where the royal family rarely communicates directly with the public, Thai Crown Princess Maha Chakri Sirindhorn could be considered a trailblazer.

The 51-year-old princess launched on Saturday the country's first royal blog, which she says is aimed at persuading her fellow citizens to embrace English.

"We have witnessed in this past century that English has become a global language without much understanding of the process," she wrote. "Nor can we say that we really know the extent of its influence and status as the global language. But we can be sure of one thing: English can be used as a key to better understanding."

The blog appears on the British Council's Web site.

The only other royal in Asia known to have a Web log is Cambodia's former King Norodom Sihanouk. His blog contains thousands of commentaries on anything from Hollywood stars to the rough-and-tumble of Cambodian politics, along with historical documents and exchanges with diplomats or Cambodian politicians.

The princess is admired in Thailand for her charity work and her common touch.

Royal watchers said the Thai princess's blog was not that surprising, given that she is known to be tech-savvy and routinely e-mails intellectuals in the region.

Her blog is a continuation of the British Council's efforts to improve the teaching of English in Thailand. Earlier this week she presided over a two-day conference titled "Policy for Global Transition" jointly hosted by the British Council and the Thai Ministry of Education.

It wasn't clear if the princess would be updating her blog, and the British Council could not be reached for additional comment.

Prof. Thitinan Pongsudhirak, political scientist at Chulalongkorn University, said that by adding her voice to the campaign, the princess had greatly bolstered the council's efforts.

"Her patronage has given the project a lot more prestige. Her avid pursuit of the arts is a great inspiration to young people in Thailand," he said.

Die Geschwindigkeit Datierung sichern
Usher Song Lyrics

Friday, July 13, 2007

Hackers Renew Windows 'MS06-040' Attacks

An upswing in activity related to a potential Windows Server vulnerability dubbed with a most-dangerous label in early August has been detected by security companies and organizations.

That earlier vulnerability came to light August 8, amid Microsoft's release of a dozen security bulletins. These included MS06-040, which patched a critical vulnerability in Windows' Server service. At the time, security analysts warned that the bug might be exploited by a network-attacking worm, ala MSBlast. Although several exploits appeared, their impact was minor.

On Thursday, both Symantec and the SANS Institute's Internet Storm Center alerted users that they had detected a significant increase worldwide in activity on port 139, one of the two ports which an exploit against the MS06-040 vulnerability would use to attack systems.

The Internet Storm Center (ISC) spotted a major spike in port 139 activity starting Sunday, Aug. 27, while Symantec's sensor network recorded large increases on both Tuesday, Aug. 29 and Wednesday, Aug. 30. According to Symantec, the systems attacking port 139 were also involved in attacks on port 445, the other likely route attackers exploiting the Server service would use.

"There could be several possibilities for this," said Lorna Hutcheson, an analyst with the ISC, in an online note. But she discounted earlier bots that had circulated soon after MS06-040 was released. "Both were recognized on August 14, so they have been around for a whileand this upswing just started over the past couple of days," Hutcheson wrote. Generally, a jump in activity against one or more of Windows' ports means that attackers are scanning the Internet for vulnerable systems.

Symantec's analysis was more specific in pegging possible causes for the uptick in port 139 activity.

"A new variant of Spybot named W32.Spybot.AKNO has been discovered propagating in the wild," Symantec said in a warning issued early Thursday to users of its DeepSight threat management service. The bot -- designed to infiltrate a system, then download additional malicious code to hijack the computer so it can be used as a spam zombie or for other criminal activities -- also contains a rootkit component, Symantec added. A rootkit is code that cloaks a worm or bot to make it harder for anti-virus software to both detect and delete the malware.

"That Spybot picked this up an MS06-040 exploit isn't surprising," said David Cole, the director of Symantec's security response team. "Spybot is one of the most prevalent bots out there. What is interesting is that it also threw in rootkit capabilities."

Symantec also said that it had received reports of a worm in the wild that was using the MS06-040 vulnerability to attack PCs running Windows NT 4.0. An initial report posted to the Full Disclosure security mailing list was "extremely vague," said Symantec, which has been unable to reach the researcher who reported the worm, and so has no sample code to examine. Other researchers writing to the Full-Disclosure noted that the malicious code also successfully attacks Windows 2000 systems.

The new Spybot and the attack against Windows NT machines seem to be separate, Symantec said. It has deployed honey pot systems in the hopes of collecting a sample of the new NT worm.

Windows NT users are particularly vulnerable to attack, Cole added, since the aged operating system has been dropped from Microsoft's support list; the Redmond, Wash. developer stopped issuing security fixes for NT on the last day of 2004.

"There's been a lot of activity exploiting the MS06-040 vulnerability," said Cole. "Randex, Stration, a number of threats. Once an exploit is released, everyone scrambles to include it."

By Symantec's tally, six known bots are leveraging the MS06-040 exploit. That was enough for the Cupertino, Calif. security company to push its ThreatCon security status ranking from "1" to "2" on Thursday.

"It's a cumulative thing," said Cole, acknowledging that no single exploit caused the company to up its alert level. "The increase in infection angles and the activity on port 139 and 445 shows it's a problem across the board."

Both Symantec and the ISC urged users to patch their systems with the fix issued with MS06-040. If patching isn't possible -- or one is simply not available, as is the case for Windows NT users -- users should filter or block TCP ports 139 and 445, the pair advised.

Wednesday, July 11, 2007

The Good, The Bad And The Ugly On Firefox 2.0

Arguably the world's most popular open source project ever, Mozilla Firefox just got even better today with its 2.0 production release. Previously I've written articles that compared Firefox and IE, and listed a few tips for tweaking Firefox, so I was tempted to pass on a new Firefox article. That is, until I read an article today from Paul Thurrott who calls Firefox 2 "a dud" and "unimpressive". He writes:

Firefox 2.0 is free, but it's a woefully minor improvement over Firefox 1.5 that suffers from various incompatibility problems, especially with themes and other add-ons. I wouldn't recommend this new version, to be honest. I'll be sticking with Firefox 1.5 at least for now. I recommend you do the same, or switch to the surprisingly solid IE 7.0.

To his credit, Paul has been a long-time advocate for Firefox, so I was a bit surprised by his take on the new version. The fact is, Firefox 2 is a huge improvement over the previous version. Here are just a few of the highlights:

Spell checking. A built-in spell checker lets users check the spelling of text entered into web forms (like the one I'm using to write this). This feature alone is a lifesaver.

Phishing protection. Paul says IE's is better, and I haven't put them to the test so I can't say. But the presence of this protection at all is surely a boon to Firefox users, and it will only get better with time.

Stability. Just today I had IE7 wedge up my entire Windows system. At least when Firefox crashes (and it still does sometimes) it has the courtesy to not take everything else down with it. Plus it remembers any tabs you had open and offers to reopen them for you.

Security. We could debate whether FF or IE is "inherently" more secure, as in which browser has fewer security holes that are waiting to be exploited. But there can be no argument about which browser has had the most exploits logged against it. Just recently there was another bad one involving ActiveX. I had to hide IE on my son's computer because he'll click on anything. Now all he can use is Firefox.

Updates. Firefox is undergoing rapid development. How often will we see IE improvements?

Extensibility. Firefox add-ons are immensely powerful, small, and easy to develop. If you know HTML and a little JavaScript you're more than half the way there. IE has extensions, but you have to write them in C/C++ which is (take my word as a 20-year C developer) much harder.

Portability and standards. Maybe you don't use a Mac or Linux desktop yourself, but an increasing percentage of your users do, especially in emerging markets. By developing your pages and applications using vendor-neutral standards (which Firefox has embraced) you can hedge your bets.

Open source. Firefox is available as open source so anyone motivated enough and skilled enough can go in there and make changes. If IE had been open source, how long do you think it would have had all those annoying CSS problems that bugged web developers for years?

The Internet Explorer team is (finally) making improvements to the Microsoft browser, and indeed IE7 has some nice benefits of its own. But in this round of the Browser Wars, Firefox 2 and the open source community come out on top. I can't wait to see what they have in store for the next version!

Ed Burnette

Tuesday, July 10, 2007

Professor working on 'roofies' detector

Associated Press

An assistant professor of chemistry is developing a tiny testing kit that women can carry in their purses and use to quickly detect date-rape drugs.

Andrea Holmes, who teaches at Doane College in Crete, said "this seemed to be a really, really relevant topic."

"So many women on college campuses are being affected by this," said Holmes.

Date-rape drugs — or "roofies" — such as Rohypnol are secreted into a person's drink. The drug incapacitates the person and causes memory loss. Men and women who have been raped while under its influence can regain their senses with no memory of the assault.

Rohypnol and other date-rape drugs may no longer detectable by the time a victim is treated and tested.

"Many women do get raped and cannot prove it afterwards," Holmes said. "What we want to do is determine the presence of the drug before it ever enters the body."

She's hoping to develop a small strip or stick that would turn a certain color if dipped into a drink that had been spiked with roofies.

In May, she and three student researchers reached a milestone: They concocted a chemical mixture that turns from blue to colorless when Rohypnol is added.

"This took us weeks and weeks," Holmes said. "Research is usually 99 percent failure. This was a breakthrough."

Other researchers have made progress on similar ideas.

The Drink Detective was introduced in Britain in 2004. A few drops of a detection liquid are placed on a pad that has been dipped into a drink. The pad changes colors if roofies were put into the drink.

Holmes wants something even smaller and simpler: a paper sensor that can fit into a pocket or small handbag.

"It is a big, big area of research," she said. "Everybody is trying to create their own sensor."

Holmes is applying for a $20,000 National Science Foundation grant to continue her research, hoping to include GHB, methamphetamine and other "party drugs" that have been used by date rapists.

On the Net:

National Women's Health Information Center site on date-rape drugs:

http://www.4woman.gov/faq/rohypnol.pdf