Tuesday 31 March 2009

Malware or legitimate?

reader_s.exe

reader_s.exe seems to be the major infection out there right now. More than 30% of all users entering freefixer.com from a search engine are looking for information about this Virut variant.

66.249.67.86

66.249.67.86 is the Google bot...

Monday 30 March 2009

GoGrid Denial of Service

Got this in my inbox this morning:

Hello Roger,

On Friday, March 27 at 11:10 AM PDT, and again today Monday, March 30 at 12:25 PM PDT, GoGrid suffered a series of large scale distributed denial of service (DDoS) attacks that affected the network connectivity of many GoGrid servers.

These network attacks were of a type that we had not seen before, and which our automated network attack prevention hardware was unfortunately unable to prevent.

We estimate that up to 25% of GoGrid customers had servers that were either unreachable or had degraded network performance and packet loss during significant parts of both of these attacks, and at times as much as half of you were affected more briefly. We know that many of you rely on GoGrid to run your critical Internet infrastructure, and apologize for the impacts to your business that these attacks may have caused.

CURRENT STATUS

The situation has now been stabilized as of 4 pm PDT, and the network performance of most GoGrid servers should be normal. If you were affected and opened a case during the attack, you should receive a more detailed RFO from our support staff or your Service Team. If you are still seeing any issues with your servers, please open a case at http://my.gogrid.com or call at the numbers below.

[snip]

Status reports available here: http://www.gogridstatus.com/

How to remove @replies from your Twitter feed

Ever wanted to filter the replies from your Twitter RSS feed? Easy with help of Yahoo Pipes and mat.su.

Below is a snapshot of my Twitter RSS feed. The first item in the feed is a @reply. I want a RSS feed without my @replies.



This is how to do it:
  1. Go to the filtering pipe.
  2. Enter your username and click "Run Pipe".
  3. Click on "Get as RSS" and you are done. Now you got a new RSS feed, where your @replies has been filtered.
Here's a snapshot of my new RSS feed. As you can see, the @replies has been removed:

Friday 27 March 2009

Installing WP Super Cache to figure out how they implemented the .htaccess rewrites.
New photo: red apple core.

Thursday 26 March 2009

Tuesday 24 March 2009

New photo: slaka church http://tinyurl.com/cf4rxs

Why your photos don't appear when searching on Flickr

I've just created a Flickr account! I'm planning to upload most of the photos that I've previously made available over at free-photo-gallery.org under the Creative Common Attribution license.

Anyway, after uploading my first photo, I wanted to make sure it appeared when searching. But no matter how detailed searches I made, the photo refused to appear in the search results. After some googling I found this in the Flickr FAQ:

If your account is new, first you need to upload at least 5 photos. After that minimum has been reached, then it shouldn't take more than a few days until your photos appear in searches, groups, etc.
5 photos uploaded now, hope to see them appear soon.

Monday 23 March 2009

How to install Windows 7 in VMWare Workstation 5.

  1. Upgrade to the latest version of VMWare Workstation 5. At the time of writing it's 5.5.9.
  2. Create a new virtual machine from the File menu. Choose "Windows Vista (experimental)" or "Windows Vista x64 Edition (experimental)". If you don't choose any of the Vista options, you will not be able to install VMWare Tools. Without VMWare Tools you will not get your network up and running.
  3. When you've created the virtual machine, configure the CD-ROM to use the Windows 7 .ISO file.
  4. Start the virtual machine and install Windows 7.
  5. Install VMWare Tools.
  6. Done.
Trying to install Windows 7 into VMWare Workstation 5.5.8.

Friday 20 March 2009

Thursday 19 March 2009

New photo: fingers-of-climber http://www.flickr.com/photos/free-photos/3368282626/

How to create a self-signed certificate and sign a .exe file

Here's an example how to create a new certificate, how to sign a file with the private key and finally, I show how to verify the signed file and why this fails.

First we start out by creating the certificate. This is done with the makecert.exe command-line tool. The following command creates a certificate named "RogTestCert" and adds it to certificate store called "RogCertStore". The -r option tells makecert to create a self-signed certificate. -pe marks the generated private key as exportable, which allows the private key to be included in the certificate.

>makecert.exe -r -pe -ss RogCertStore -n "CN=RogTestCert" RogTestCert.cer
Succeeded

You can now view the new certificate using the Certificate Manager.

To sign a file we use signtool.exe. We specify that we want to use the certificate named "RogTestCert" in the "RogCertStore" certificate store:

>signtool.exe sign /s RogCertStore /n RogTestCert myfile.exe
Successfully signed: myfile.exe

The file is now signed. If you right-click the file and choose Properties, you will notice that a new tab called "Digital signatures" has appeared.

Finally, we try to verify the myfile.exe's signature, which should result in an error, since RogTestCert is not a trusted root certificate:

>signtool.exe" verify myfile.exe
SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
SignTool Error: File not valid: myfile.exe

Number of errors: 1
Just got back to Stockholm from a skiing trip in Riksgränsen

Friday 13 March 2009

Snowy tree contour nearby Sofia Kyrka in Vitabergsparken

Snowy tree contour nearby Sofia Kyrka in Vitabergsparken, S.. http://tinyurl.com/cyjfmd

Google introduces interest-based advertising

Got an email from Google this morning, letting me know about the upcoming interest-based advertising. You may need to update your privacy policy:

Hi,

We're writing to let you know about the upcoming launch of interest-based advertising, which will require you to review and make any necessary changes to your site's privacy policies. You'll also see some new options on your Account Settings page.

Interest-based advertising will allow advertisers to show ads based on a user's previous interactions with them, such as visits to advertiser website and also to reach users based on their interests (e.g. "sports enthusiast"). To develop interest categories, we will recognize the types of web pages users visit throughout the Google content network. As an example, if they visit a number of sports pages, we will add them to the "sports enthusiast" interest category.

[snip]

For more information about interest-based advertising, you can also visit the Inside AdSense Blog at http://adsense.blogspot.com/2009/03/driving-monetization-with-ads-that.html.
Jaiku up and running again. Now on the Google App Engine.

Thursday 12 March 2009

dandelion seed

A dandelion seed has landed.

Verifying digitally signed PE-files

Verifying digitally signed PE-files and the certificate chain back to the trusted root. Easy thanks to WinVerifyTrust and CryptQueryObject.

Wednesday 11 March 2009

Windows SDK for Windows Server 2008 and .NET Framework 3.5

Upgrading to the latest Windows platform SDK. Hopefully mscat.h is available in this new SDK and I'll be able to use the catalog functions which are missing in the header files currently installed on my system.

Update: mscat.h is bundled with this version of the Windows SDK. Back to programming..

Tuesday 10 March 2009

reader_s.exe - Lots of activities about this file now

Searches going wild for reader_s.exe right now at FreeFixer.com. Currently looking for more information about the file.

How to view all trusted root certificates on a Windows machine

It's easy, just launch the Certificate Manager. Click Start -> Run -> certmgr.msc. The Certificate Manager should be available on Windows 2000, 2003, 2008, XP and Vista. In the Certificate Manager you can browse all trusted and revoked certificates, import and export certificates, examine certificate paths, etc.
FreeFixer v0.34 released. http://www.freefixer.com/

Monday 9 March 2009

My NetGear wireless router died - resurrected by resetting the router to the factory defaults.

ComHem SMTP server

Setting up your email at ComHem? Then you can use mailout.comhem.se or mail1.comhem.se as your SMTP server.
Creating a new plugin for FreeFixer that will scan the BootExecute registry setting.

Sunday 8 March 2009

Trying out AdSense for Search for my site. Is it any good?

Saturday 7 March 2009

Spotify hacked

Spotify hacked! They have sent out an email recommending all users to change their password:
Dear Spotify user,

Last week we were alerted to a group that managed to compromise
our protocols. After investigating we concluded that this group had gained access to information that could allow testing of a very large number of passwords, possibly finding the right one. The information was exposed due to a bug that we discovered and fixed on December 19th, 2008. Until last week we were unaware
that anyone had had access to our protocols to exploit it.

Along with passwords, registration information such as your email
address,birth date, gender, postal code and billing receipt
details were potentially exposed. Credit card numbers are not
stored by us and were not at risk. All payment data is handled
by a secure 3rd party provider.

If you have an account that was created on or before December 19th 2008,
we strongly suggest that you change your password and strongly
encourage you to change your passwords for any other services
where you use the same password.

When choosing your password we provide you with an indicator of
the password strength to help you choose a good one. To change
your password please visit your profile page on our website.

https://www.spotify.com/en/account/profile/

For the technically minded amongst you, the information that may
have been exposed when our protocols were compromised is the
password hashes. As stated, we never store passwords, and they
have never been sent over the Internet unencrypted, but the
combination of the bug and the group's reverse-engineering of
our encrypted streaming protocol may have given outsiders access to individual hashes.

The hashes are salted, making attacks using rainbow tables unfeasible.
Short or otherwise bad passwords could still be vulnerable to
offline targeted brute-force or dictionary attacks on individual
users, but you could not run attacks in parallel. Also, there
has been no known breach of our internal systems. A complete user
database has not been leaked, but until December 19th, 2008 it was
possible to access the password hashes of individual users had
you reverse-engineered the Spotify protocol and knew the
username.

We are really sorry about this and hope you accept our apologies.
We're doubling our efforts to keep the systems secure in order
to prevent anything like this from happening again.

Regards,
The Spotify Team

Friday 6 March 2009

About to refactor the FreeFixer GUI. Almost done defining the regression tests.

Wednesday 4 March 2009

Why I should stop using TweetDeck

I like TweetDeck, but its memory usage is bringing my machine to its knees:

Using 300MB to read a few 140 character long Twitter messages, that is just silly. To put those 300MB in perspective to what the processes normally use on a WinXP machine:

Is this a memory leak in TweetDeck, or is there a general problem with the Adobe AIR platform? What would you suggest to use instead of TweetDeck? Twhirl?

(Chart generated by chartapi.org)


caresweet.com spam

caresweet.com is spamming and it is bypassing my spam-filter :( The whois data seems to be faked:

Domain Name : caresweet.com
PunnyCode : caresweet.com

Registrant:
Organization : JIANG YANG
Name : JIANGYANG
Address : QUANZHOULUBEILU23
City : ZY
Province/State : SC
Country : cn
Postal Code : 413060

Administrative Contact:
Name : JIANGYANG
Organization : JIANGYANG
Address : QUANZHOULUBEILU23
City : ZY
Province/State : SC
Country : cn
Postal Code : 413060
Phone Number : 86-737-4780259
Fax : 86-737-4780259
Email : din****_156@126.com
Anyone else getting these spam emails?

Tuesday 3 March 2009

Trying to fix a nasty bug that only appears 5% of the test suite runs. Must be a buffer overrun or a threading issue :(

Monday 2 March 2009

PathCanonicalize

PathCanonicalize is the way to go if yo want to remove ".." and "." from a path on a Windows machine. Converting a path to its canonical representation is necessary before doing any equivalence checks. Notice that PathCanonicalize does not remove any back-slashes.

WebCopier v4.3

The user agent "WebCopier v4.3" has #14000 requests during February. Seems like someone is copying the entire FreeFixer web site.

Sunday 1 March 2009

74.6.22.188

Going through the web site stats. On top #4 is 74.6.22.188, which is Yahoo! Slurp, the Yahoo!'s Web Crawler.