Worms world party

Was origially posted at bitfever.blogspot.com on Wed Jan 07, 08:53

Today I recived the following e-mail (german), wich is of course a mail sent out by sobig.c:

From: anotherone@jofeofefxsw.it
Subject: Du hast einen Trojaner drauf!
To: forthespambots@qwertzgdfs.it

Juten Tach,
habe mal einen internet port scan gemacht. dabei konnte
ich deinen rechner sehen und einsteigen.
deine mail adresse hab ich auch auf deinem pc gefunden.

bei dir ist der trojaner lsass.exe am wüten. deshalb kann
jeder auf deinen rechner zugreifen!
du kannst ja mal den taskmanager öffnen, und versuchen ihn zu beenden.
du wirst aber feststellen, das er sich nicht beenden lässt.
solltest du windows98/me haben, siehst du ihn erst gar nicht im task!

dieses hartnäckige miststück hatte ich auch mal drauf, 3 tage
hat es gedauert, bis ich endlich ein programm zum entfernen
gefunden habe. ich hab's dir mal mit beigetan. wenn fragen,
meld dich einfach."

This is a very common thing (and always something entertaining for Mac user) nowadays, but the that fact really concerns me, is that i scanned the attached file witn Norton AntiVirus 2003 (for Windows of course) using todays signatures; given the fact that Sobig.C is not a very new thing, i thougt it will catch it without problem - but in fact it reported that it found nothing.
Of course I do not execute files that i don't know the sorce of or that even came in an email, but almost every average computer user would have thogt this: "So Norton found no Virus? Good, so lets double click it.". He maybe would have checked upon the lsass.exe (wich of course exists, because it is a vital part of Windows 2000/XP) before, but he would have used it - and got another sobig infected user!
I always wonderd how fast these viruses spreaded, even if they said in the evening news: "Don't click .exes!". This will not be the main reason (cause most people don't bother running a virusscanner) - but it concernes me a lot. Poor Norton, shame on you.
The main reason a virus/worm workes obviously because the human nature itself. It is often argured that all those Windows/Outlook bugs are the main reason for the fast spreading of worms. Those bugs of course encourage it and make it easier for the crackers and worm authors, but there would be worms without those bugs.

Besides, this concernes me, but it doesn't suprise me that Norton AntiVirus fails.
Have you ever looked at the so called "Norton Utilities"? One of the poorest software packages i know of - it costs a lot, claims to be "Designed for Windows XP" but some features, e.g. the Rescue Boot Disk on the CD, just don't work properly. The Rescue CD boots a DOS, but cannot use NTFS drives at all, wich makes it inusable for a lot of Windows XP installations! And the progam doesn't work at all if you are not logged in as an Admin user. This is everything, but not "Designed for Windows XP".

By mrtoto at 17:56h| 0 Kommentare | Comment this

 

Dancing with the Volume Lion again

Was origially posted at bitfever.blogspot.com on Tue Jan 06, 11:33

OK, full turn backwards! The Volume tip below isn't really working.
After fiddeling around with Partion Magic 8 I found out, that as soon as you create a HFS+ volume you cannot use the disk in Windows anymore.
So I now have to use only one big FAT volume - no bootable backup system for me.
It seems, that OS X stores the voume information for HFS+ volumes on some place that confuses Windows (havn't tried Linux yet, but I expect better results - there is a Linux kernel module for HFS+).

By mrtoto at 17:54h| 0 Kommentare | Comment this

 

One for the night - CCC and Networks

Was origially posted at bitfever.blogspot.com on Wed Jan 07, 08:5

So I tried to clone my boot volume.
Well, if you should ever try to clone anything using the CarbonCopyCloner make shure that you disconect from any network before you do that. Otherwise it will copy all data that it can accsess via smb-sharing volumes, because those seem to be mounted in

/private/var/automount/Network

I think this is strange ;-)
Good night.

By mrtoto at 17:52h| 0 Kommentare | Comment this

 

Come to the Volume Circus

Was origially posted at bitfever.blogspot.com on Mon Jan 05, 09:32

Oh hell!
I bought a new external Firewire Harddisk today, because the Disk in my Windows PC is always close to it's limit (as of right now I got 800Megs free space on a 97GB data partion, thats not even 1%!).
So I bought a 160GB Drive form LaClie. I plugged it into my Panther runnig PowerBook, it mounted the 160GB Volume - fine - but I wanted more.
I need to exchange files with my Windows PC and because OS X 10.3 can only read NTFS Volumes, I needed a FAT Volume for main storage. In addition to that I needed 40GB of space to store a CarbonCopyCloner image of my PowerBook (You do have a backup? Don't you?).
The problem is that the Panther DiskUtility can create HFS+ volumes (besides HFS and UFS), but it cannot create FAT volumes - Apple doesn't go that far in supporting the Windows platform (in fact FAT16/32 is the only filesystem that can be fully used by almost every OS), shame on them (yes, you can create FAT using the shell, but more on that later). So I turned to the very people who created the FAT filesystem a long time ago - Microsoft. But, after experiencing the working Plug&Play of Windows XP, I fond out, that, using MS tools you can only create FAT partions to a limit of 32GB. Yet another of those painfull artificial restrictions impsed on us by the folks in Redmond, to push a newer technology (NTFS in this case).
So I turned back to Mac OS X - with a little help from this hint I found out that you can actualy format Volumes in FAT32 via the command line.

Here is a little HowTo (because the one in the hint above is not exactly working - the author himself notes this in the comments).

1. First check the name of you local drives (do not plug in the FireWire drive) by typing

   ls /dev/rdisk?

   . Everything you see there are HDDs - those you do not want to modify. Remember those, because you'll be messing with the partion table - some mistake and you could lose data!
2. Now plug in the drive (click ignore, when the Finder promps you about the new drive) and do

   ls /dev/rdisk?

   again. The line that is new is the name of your FireWire disk. Remember this one - again one wrong number and you could erase date!
3. Now run the Disk Utility. Choose your FireWire Disk and partion it the way you would like (using the MacOS Extended filesystem) - but make shure that the volumes that you want to be FAT32 are first (on top in the Panther Disk Utility) - otherwise Widnows won't reckognize them later.
4. Let's assume your the id of your drive you found out in 2. is

   /dev/rdisk9

   Now you need to find out the names of the volumes:

   ls /dev/rdisk9*

   this will show a numbered list of the volumes in the format

   /dev/rdisk9s1
   
   /dev/rdisk9s2

   etc.
5. Now the fun part ;-) If you are totally shure that /dev/rdisk9 is the disk you want to edit you can begin formating the volumes:

   newfs_msdos -v ANY_NAME -F 32 /dev/rdisk9s1

   to format the first partion of /dev/rdisk9 in FAT32. Do not format the HFS+ volumes yet.
6. Now plug the disk into you Windows box and start the System Management Tool (right click "My Computer", "Manage") then select Disk Management. Now you'll be promted to activate the Disk for Windows, do so, but do not format anything. If everything worked you'll be able to assign Dirve letters to the FAT32 partions (note that Windows can use partions >32GB, but cannot create them!)
7. Eject and unplug the Disk and plug it back into the Mac. Now just format the remaining Volume with the Disk Utility - et voila - you got what you wanted.

I hope this helps annyone, cause I needed more than two hours to figure this out. I'm writing this while CCC is creating the backup image.

Of course I will not tkae responsibelity for anything you break or erase on your machine! Think before you do annything - you are messing with Volumes here and those pretty little things hold all your data! (How often did I warn you? ;-)

By mrtoto at 17:49h| 0 Kommentare | Comment this

 

Listen 'n learn

Was origially posted at bitfever.blogspot.com on Mon Jan 05, 03:44

»I wish that applications that manage contact information (from Outlook to Palm organizers and cell phones to Apple's Address Book) would stop making Roach Motels, and make it easy and consistent to share data. There's usually export and import, but it has all kinds of selective lacunae designed to keep the user locked in. I'm thinking that as we move into the next decade, we're going to find more and more of our data locked up in application data stores that others control, that companies are going to find that keeping their users' data is a good way to keep their users locked in, and that as a result, we're going to end up with a "free data" or "open data" movement analogous to today's open source movement.«

One of Tim O'Reilly's wishes for a better new year. Great thing, it's what i've been saying all along.
Could someone please listen to this man!

By mrtoto at 17:45h| 0 Kommentare | Comment this

 

Fixing the Virtual Bugs

Was origially posted at bitfever.blogspot.com on Sat Jan 03, 11:38

As of right now I'm installing Windows XP on Virtual PC. I cannot await to download all those lousy patches from Windows Update - for a PC that only exists because some people don't bother that there are people that have chosen anything but Windows&IE6 (just try to book a flight on www.lufthansa.com with Safrai).

By mrtoto at 17:43h| 0 Kommentare | Comment this

 

Beauty at my fingertips

Was origially posted at bitfever.blogspot.com on Sat Jan 03, 11:38

An artist named Vlad is publishing very impressing artwork - definitvly worth a look if you look for a new desktop wallpaper.

By mrtoto at 17:39h| 0 Kommentare | Comment this

 

Video on my LAN

Was origially posted at bitfever.blogspot.com on Sat Jan 03, 10:51

Today version 0.7.0 of the famous VLC (VideoLAN Client) for Mac OS X was released. The UI is much better now (ok, playback controls for every window would be nice).
I can't say much about the new Codecs supported, but while playing around my eyes stumbled across somthing called HTTP interface. After digging a bit I found that ther is a simple way you can remote control anything VLC plays via a webbrowser.
Here is how you do it:

/Applications/VLC.app/Contents/MacOS/VLC -I http --http-src ./share/http/

You can now reach the interface by pointing the browser of your choice towards http://localhost:8080
This is for Mac OS X with VLC stored in /Applications; note that the Template for the HTML interface is located inside the .app package.
Something like this will probably also work on other Unix-like OSes, if you ajust the pathnames; it may even work with Windows, but I'm not about to try that.


A nice thing for the "connected home" - if only my personal home server would be a silent machine (why is ther alway heat where there is power?).
Nevertheless, this defintivly will make it on my multimedia-information-and-everything-server software list - I then only will have to change the HTML-Template as described at the VLC Documatation Page.

By mrtoto at 17:29h| 0 Kommentare | Comment this

 

Shall the fever begin

Was origially posted at bitfever.blogspot.com on Sat Jan 03, 10:17

Bitfever shall be about my (almost daily) struggle when I (try) to manage all the ever growing digital data (contacts, e-mail, DVDs, music, etc.).
I'll try to note all the solutions I find, all problems that occur, comment on the approaches of others and publish some of my solutions.

So far for the soul of the idea.
Shall the fever begin...

By mrtoto at 17:25h| 0 Kommentare | Comment this

 

This weblog has moved

I moved from BitFever.blogger.com to BitFever.blogger.de because (besides offering more options) offers an RSS feed.
I hope that I will be able to move every content from the old to the new Weblog over the weekend.

By mrtoto at 14:55h| 0 Kommentare | Comment this