technology – Page 18

More Geeky Fun – Hack Security Cameras

This was one of my most-popular articles in 2005. If you enjoyed it, you might also enjoy:

The Ten Weirdest Sex Toys I’ve ever seen (2009)!
A dirty-looking calendar I found at work (2011).
My beliefs about why it’s wrong to lie to children about Santa (2009), complete with pictures of naughty elves.
An argument I had (2011) with the Office of National Statistics about nonmonogamy and the census.
Open Source Shaving (2009).

Here’s a giggle – somebody’s found a cleverly crafted Google search string that will reveal the (unprotected) web interfaces of a particular kind of Panasonic web-capable security camera. Just point a web browser at http://www.google.com/search?sourceid=mozclient&ie=utf-8&oe=utf-8&q=inurl%3A%22ViewerFrame%3FMode%3D%22, then select one of the cameras (you might have to try a few before you get a working one). If you get a motorised one, you can even remotely control it! Here’s some I found earlier:

Update 17th August 2011: fixed broken link to Panasonic website!

Three More “Extremely Critical” Internet Explorer 6 Vulnerabilities

Three more “extremely critical” Internet Explorer vulnerabilities are being reported today. Secunia‘s advice – Use another product.

First Look At Microsoft Ani-Spyware

Microsoft have released a beta-test version of their new Anti-Spyware program (based on technology they gained during their recent acquisition of Giant Company Software). As a happy little curious bunny, I decided to download it and give it a go on one of the computers laying about at work.

Installation of Anti-Spyware is the typical InstallShield-driven wizard interface.

Interesting to see that this product comes “with SpyNet technology”. Sounds like a buzzword if ever I heard one.

Having finished the installation, the “Setup Assistant” launches.

The setup will be divided into four stages – although, in actual fact, the first three stages consist each of answering one question and the fourth can take a long, long time (scanning the computer for spyware).

Questions first:

With inspiring titles like “Keep Your Computer In The Know”, “Meet Your Computer’s New Bodyguards”, and “SpyNet: The Anti-Spyware Community”, one can’t fail to feel safer almost immediately, hmm? I leave everything as the defaults – turned on. Reading it’s description, I’m left wondering what ‘SpyNet’ actually does. Sounds a little like spyware to me. I can only hope it’s not as innefectual as the “submit a bug report” feature already common in Windows.

The setup wizard (which, it turns out, has no presence in the taskbar and can not be alt-tabbed to, which means that I have to minimize my other windows to dig my way back to it) suggests that I run a “SpyWare Scan” now. I don’t have all day, so I select to run “an intelligent quick scan”. It estimates that this will take “less than 2 minutes”. Okay, that sounds fair.

After a quick check of the running processes on the PC, the scan begins looking at the files on the computer. There’s no progress bar, so the only indicator of how far it’s gone is based on which file it’s currently scanning, and my knowledge of the layout and content of this hard disk. 2 minutes later, it’s broken it’s promised, as it doesn’t seem to have made great progress – but it does claim to have detected two pieces of spyware: TightVNC, a piece of computer remote control software I installed a few days back – not spyware – and WinPCap, a set of drivers for capturing network traffic, used by most Windows-based packet sniffers (a network protocol analysis tool) – also not spyware. Hmm.

Confusingly, the scanner at this point claims to have detected 2 infected registry keys, despite also claiming to have not yet scanned any registry keys.

After about 8 minutes, the second part of the scan begins – scanning the system registry. The flickery little animation is changed from little yellow folders to little green building bricks, and the list of infections increases. See below for the complete list of “spyware” that it found.

Finally, after about 13 minutes, the scan is complete (a little longer than the estimated 2 minutes for a ‘quick scan’), and I’m presented with the results:

The report detects the following:

TightVNC and RealVNC – two remote control programs that “allows full control of the machine it is installed on”. The spyware report kind-of makes it clear that these two “moderate threats” are legitimate remote control software, but that they could be exploited to take control of the computer remotely, by an unseen attacker! Interestingly, it doesn’t detect that I have Remote Desktop, Microsoft’s remote control software, activated. Nor does it detect pcAnywhere, another remote control program I’d put on for the purpose of this scan.
WinPCap – this, as mentioned above, is a network capture driver. The spyware scanner lists it as a “low threat”, and points out that while not dangerous in itself, it could be used by a spyware program to capture my network traffic, which is correct. I’m not aware of any spyware that takes advantage of WinPCap, but it’s at least a theoretical possibility, and it’s fair to warn me about it.
eDonkey 2000 and Grokster – the program incorrectly detects an installation of eDonkey and Grokster – two file-sharing programs. These are listed as “low” and “medium” threats, respectively, not because they are spyware… but because they are often bundled with spyware (in the latter case, nasty stuff like Cydoor). In actual fact, this computer has Shareaza installed – a free, open-source, spyware-free file-sharing program that is capable of connecting to the eDonkey and Grokster networks.
EasySearchBar, a known piece of spyware that sits in Internet Explorer and feeds information about browsing habits back to the makers, and allows pop-up ads to appear. I’m not even sure how that got onto this computer (people shouldn’t be using Internet Explorer here at SmartData at all), but it can be removed using the tool, so I let it go ahead and do so.

Conclusion
Microsoft Anti-Spyware is currently in a very early release and buggy stage. It successfully detected all the spyware that Ad-Aware did (although it doesn’t also pick up on tracking cookies and data miners harboured by IE, as Ad-Aware does). However, it also detected several completely safe pieces of software, which – had I been an amateur user – could have alarmed me into accidentally deleting them. The time estimates given by the program are way-out.

I haven’t tried (to any great level) any of the other tools provided by the program – such as the cache cleaners and the live protectors – however, the live protector that was supposed to “prevent unauthorised programs from editing the hosts file” (a common way for adware programs to take over your internet connection) didn’t work. When I wrote a program to (in a very suspicious manner) add entries to the hosts file, it didn’t even notice, prevent it, or even log that it had occurred.

I am concerned that, if Microsoft do start charging for this product or for updates to it, this could be an opportunity for Microsoft to make money out of a problem that they helped to create. And if they give it away for free, I’m concerned that it will be ineffectual and lull users into a false sense of security (like Microsoft Anti-Virus before it). However, on the up-side, at least Microsoft are beginning to take spyware and adware seriously.

Links

Microsoft AntiSpyware First Impression, by Nathan Weinberg
Microsoft Anti-Spyware?, by The Register

The Stigma Of The Amiga

LiveJournal Sells

Following up yesterday’s rumours, it can now be seen that, officially, LiveJournal has been sold to SixApart. The details look pretty good – the service will remain much as-it-is, nobody will be ‘migrated’ to TypePad or MoveableType, and – better yet – LiveJournal might actually (finally) get some much-needed new features, such as trackback (which can be seen in effect right here, on my post yesterday – this post will be linked as a ‘trackback’ comment, because this post follows it up – with trackback, this kind of thing can be posted cross-journal, too).

Ah; Computers

Heh! Celoxis, a web-based project management tool we‘ve been experimenting with, e-mailed me twice today – just past midnight, and half an hour later – to remind me that it will be my birthday on Saturday (in case I didn’t know). Better yet, our mail server picked up on these e-mails and flagged them as ‘spam’. Wonderful.

LiveJournal May Be Sold

I hear that LiveJournal – one of the world’s biggest blogging communities (and home to most of the blogs syndicated by Abnib) – is to be sold to SixApart, a TypePad/MoveableType-based blog-host.

What effect this will have on holders of existing LiveJournal accounts – particularly paid accounts – is as yet unknown. Nonetheless, I think this could be a very interesting year for LJ bloggers.

Completed Half-Life 2

(don’t worry – no spoilers) Well – I’ve finished Half-Life 2. I must say, it just got more and more stunning. The weapon you’re left using for the last two chapters is simply wonderful (think: gravity gun v2.0). The finish is… simply stunning, and suddenly the G-Man seems even more mysterious than ever… it’s just… wow.

There’s this empty space I need to fill with Half-Life 3.

The downside: it was too short – I was hoping for about another three hours of ‘gametime’ from it. Plus, there are things I’d have liked to have seen but didn’t (monsters I saw but never got to fight, mysteries left unanswered [including most of the ones from the prequel], etc.), and I found the final fights a little too easy (although I have the option to just replay any chapter at any difficulty level, so I can crank it up to Hard and try again). That, and, I feel a major lack of closure – despite a very deliberate ‘build-up’, that game ended in a way that felt quite abrupt and ‘unfinished’ (perhaps the last challenge was a little obvious to me, or something).

In any case – it’s well worth playing, and pretty much anyone I know is welcome to play through it on Duality, if they so wish. Now I’m going to go browse the forums for easter eggs and tips about what’s coming in Half-Life 3.

Half-Life 2

Half-Life 2. The most immersive first-person shooter I’ve ever played. From it’s “throw you in at the deep end” beginning – chased around the streets of the overpowering City 17 by Combine agents, rushing through apartments as raids go on all around you – to it’s immensely clever, multi-faceted puzzles – how do I get past that guard? I could creep by him: I wonder if he’s paying attention… or throw that can to make a noise… maybe I could knock him in the back of the head before the security camera sees me… can he swim? – it’s a thrilling game. In the Half-Life tradition, very little is given away, and the player is left to make many of their own assumptions about the way the world around them works; I find this a little frustrating (I’d like to hear more back-story), but this is soon taken away when I’m drawn into another firefight. The game is gorgeously detailed – the characters around you frown, smile, wink, raise an eyebrow… and genuinely look relieved, scared, upset, etc. Meanwhile, explosions outside are rendered beautifully, water reacts like it should, and the ‘Havok’ physics engine means that if you can imagine it, you really can build it out of the myriad small items around you.

Despite Paul and my complaints about the Steam distribution system, it’s all seemed very good – owing to it’s modular design, I was able to start playing the game when it was just 69% downloaded (and when I ‘caught up’ with it, I only had to wait a few seconds for more content to be downloaded). Paul may be relieved to hear that once the game is downloaded (or activated, if it’s store-bought) it can be played in “offline mode”, and never accesses the internet without permission, it won’t auto-update unless you let it, and there is an option to back up the version you currently have installed – to CDs, for example – so that you could, if you wished, reformat and reinstall Windows and re-install the game without having to download it again. In addition, the modular design meant that my download was ready sooner than it might otherwise be, as it took advantage of the files I’d already downloaded as part of the demo version. I’m still not sure of any way to install to a different drive, which I’d particularly like to be able to do, but nonetheless I’m more impressed with Steam than I expected to be.

I managed to play Half-Life 2 for four hours… before I began to feel motion sick (I’d recently had a plasma cannon installed on my hovercraft, and driving it [with my left hand] while aiming and firing the weapon [with my right] left my poor eyes sufficiently confused that I’m now taking a quick break). I’ll probably go in again and blast some more Combine scum before I go to Sian and Andy‘s New Year’s Party. Yeah!

Update: Fixed link to Paul’s new blog after he moved it, breaking a universe of links. Old content was at http://www.livejournal.com/users/thepacifist/202607.html

Internet Explorer Exploit Of The Day

There’s yet another killer Internet Explorer bug out there, which is manifesting itself in the form of a new trojan, Phel.A. This one only affects Windows PCs updated with SP2 (the supposedly ‘safe’ people) and works by confusing the ‘trusted’ and ‘untrusted’ zones.

I always find reports like this interesting, so I’ve written an exploit of my own. If you’re still using Microsoft Internet Explorer, and you’d like to see why you shouldn’t be:

Click here to look at a web page I’ve set up [update: link long-dead]. It looks kinda boring, I know, but – if you’re using Internet Explorer, it will slyly put a tiny application in your Startup group.
Next time you log into Windows, the tiny application will download and install a bigger application.
Next time after this that you log into Windows, the bigger application will run, and tell you why you shouldn’t be using Internet Explorer.

The information on how to use this exploit is easily available on the web. Before long, we’ll be seeing another wave of web sites that can install software on ant Internet Explorer users’ computer.

If you’re still using Internet Explorer, take a look at BrowseHappy.

Old Posts Recovered

This is probably going to go on for months, yet, but I’ve just recovered some more of the posts that were lost last summer, including:

The second half of Suz, And Naivety – which is both sweet and funny.
Photos From Malawi; the first of my Malawi trip photos.
The majority of How To Make Invisibility Paint, which is also funny.
Letters After My Name, an account of my graduation.

If you didn’t read any of those at the time, before they ‘disappeared’, you can do so now, as they’re ‘recovered’. There’s a few more ‘recovered’ posts here and there, too, but they’re mostly for my benefit and not so noteworthy.

I’ve also found a cache of old “Avatar Diary” posts (my original blog – 1998/1999 – some posts available here) and some other microblogs I ran along the way over the last six years, so hopefully I’ll be able to “fill in” some the the gaps over the next month or so. Which’ll be cool, because then I’ll have what’ll be the longest-running weblog I’ve ever seen.

Symantec Warranty

If only we could get away with clauses like this in our warranties:

Symantec does not warrant that the Appliance will meet your requirements or that the operation of the Appliance will be uninterrupted or that the Appliance will be error-free.

In other words: we don’t promise that this will do what you want it to, and even if it does, we can’t guarantee that it won’t fall over or even work at all.

And we pay money for this kind of hardware? It’s amazing what you can hide in the small print. I also notice that this Symantec device is Linux-powered. Perhaps I should write to Symantec and request a copy of the OS source code, in accordance with the GNU General Public Licence.

The Story Of Apple’s Graphing Calculator

There’s a fascinating story behind Apple’s “Graphing Calculator” application. Here’s an extract:

In August 1993, the project was canceled. A year of my work evaporated, my contract ended, and I was unemployed… …I was frustrated by all the wasted effort, so I decided to uncancel my small part of the project. I had been paid to do a job, and I wanted to finish it. My electronic badge still opened Apple’s doors, so I just kept showing up… …they asked, “Who do you report to? What group are you in? Why haven’t we seen this earlier?” I explained that I had been sneaking into the building and that the project didn’t exist. They laughed, until they realized I was serious.

Go read it. It’s a great story.

Conversation Of The Day With A Client

Fictional, of course. None of our clients are actually this stupid, and I wouldn’t be silly enough to publish a real event like this on my blog, ever.

A client phones up and asks to speak to me.

Client: “I’m using the ‘Data Export’ tool in… [part of application I wrote, new version recently deployed to him] …it was my understanding that it always used to export Excel files.”
Me: “Umm. Yes. Well, actually, it exports CSV files – that’s Comma Seperated Values. Excel will open them, and if you have it installed, it becomes the default application for opening such files.”
Client: “Mm-hmm. It seems to think they’re text files.”
Me: “Text files? You mean they’re opening in Notepad?”
Client: “Yup.”
Me: “Ah; okay – well, we just have to tell it to open them in Excel, then. Right-click on the file, and select ‘Open With…’: ‘Excel’.”
Client: “It’s not there.”
Me: “Oh. That’s odd. Okay then, just open Excel from the Start Menu.”
Client: “I can’t find it.”
Me: <thinks> “Which computer are you using?”
Client: “The server.”
Me: “Do you have Excel installed on the server?”
Client: “No.”

Thanks to Task Tracker, SmartData‘s funky in-house timesheeting tool, and it’s drill-down reports, I’m able to look back over the last year and work out exactly how much more work I’d have gotten done if our clients were even slightly computer-literate and didn’t need to keep calling up for help with trivial things every ten minutes. Ah well.

GMail Invites

I’ve got nine GMail invites. Does anybody want one? Check the comments to this post to see how many have gone, and leave a comment to this post if you want one.