Digital Choke Daynotes

What's a Daynote?

"Daynotes" are daily (usually) journal entries of interesting happening and discussions. They are not 'blogs', which are often just a collection of links to other information (although we do include links occasionally). Daynotes are much more interesting (we hope).

These "Digital Choke Daynotes" were inspired by the collection of daily journals of the "Daynotes Gang" (see sites at .com, .net), a collection of daily technical and personal observations from the famous and others. That group started on September 29, 1999, and has grown to an interesting collection of individuals. Readers are invited and encouraged to visit those sites for other interesting daily journals.

If you have comments, send us an email. A bit more about me is here. You might also enjoy our little story about the death of the 'net.

Reports


Last Week
Next Week
Prior Weeks
email
Bookmark
"Digital Choke" story
 Monday, August 8, 2005       mail    link   the story

There are dark corners in the Interweb. An interesting research paper from Microsoft and their "HoneyMonkey" project. The paper is here, and is described by Microsoft as:

Internet attacks that use Web servers to exploit browser vulnerabilities to install malware programs are on the rise. Several recent reports suggested that some companies may actually be building a business model around such attacks. Expensive, manual analyses for individually discovered malicious Web sites have recently emerged.

In this paper, we introduce the concept of Automated Web Patrol, which aims at significantly reducing the cost for monitoring malicious Web sites to protect Internet users. We describe the design and implementation of the Strider HoneyMonkey Exploit Detection System, which consists of a network of monkey programs running on virtual machines with different patch levels and constantly patrolling the Web to hunt for Web sites that exploit browser vulnerabilities.

Within the first month of utilizing this new system, we identified 752 unique URLs that are operated by 287 Web sites and that can successfully exploit unpatched WinXP machines. The system automatically constructs topology graphs that capture the connections between the exploit sites based on traffic redirection, which leads to the identification of several major players who are responsible for a large number of exploit pages.

For more information on the Strider Honeymonkey research project, please visit http://research.microsoft.com/honeymonkey.

Note that they tested unpatched WinXP systems. A patched system is much more protected. From an article at SecurityFocus (emphasis added):

Among the researchers other findings is that even a partially patched version of Windows XP Service Pack 2 blocks the lion's share of attacks, cutting the number of sites that could successfully compromise a system from 287 for an unpatched system to 10 for a partially patched Windows XP SP2 system. A fully patched Windows XP SP2 systems could not be compromised by any Web sites, according to the group's May-June data. (The zero-day exploit of javaprxy.dll happened after this data set.)

Tomorrow is Microsoft's "Patch Tuesday". My systems are configured to automatically download and install the patches. I suggest that your system (and your family's, and your work's, and your friend's) computers are similary protected.

 Wednesday, August 10, 2005       mail    link   the story

I've been spending a lot of my spare time setting up my new laptop, and IBM (Lenova) T42. It's a nice machine. I've installed most of the applications I need, got everything patched up to current levels (including yesterday's patches). Much of the data has been moved over, although there's a bit more to do.

That's the main reason why posts here have been a bit sporadic. So I apologize to all five of my regular readers, and those of you that may have accidently stopped by here.

This new laptop has a longer battery life, and is a bit faster than the old one. Especially in program startup. There's something that causes programs to take a long time to get started. It's related to the wireless connection, I think, but I haven't been able to find the cure yet. The T42 runs a bit cooler than the old one.

The T42 has the optional fingerprint reader, which can be used to login to Windows. That stopped working after I installed the Novell client software, and an uninstall of that hasnt fixed it yet. Minor detail, probably some obscure setting somewhere that needs to be changed.

And there's the usual 'getting used to .. ' things. Like the delete key being in a different spot than before. Along with installing printers (networked at home). That took me a while to figure out, until I did a PING of the hosting computer that didn't work. A "Homer" moment ("Doh!") ensued as I realized that I needed to change a firewall setting on the desktop to allow communication from the T42.

At work, I enhanced one of the web filter servers for another division, and have been monitoring that all day. It's working good, especially since our corporate firewall has settled down after one had a hard drive failure.

The only significant security issue for you today is just a repeat of Monday's. Install those Microsoft patches right away. One of the critical ones is especially important for Win2000 systems; but all need to be installed.

... more later ...
Last Week
Next Week
Prior Weeks
mail
bookmark
The Digital Choke story
Visitors