Liudvikas Bukys

My home Windows 2000 machine is infested with Look2Me spyware.
Who knows which of our family of five attached this IE “shell extension” nuisance.
Now the question is: how I get rid of it? None of the published instructions has worked.
The vendor’s uninstaller doesn’t. (Of course it’s overly kind to call a producer of
unwanted intrusive privacy violation software a “vendor”.)
The manual uninstall directions haven’t worked either.
I know it’s still there because ZoneAlarm shows it trying to phone home.

Look2Me interacts really badly with ZoneAlarm, because while ZoneAlarm can and will prevent the frequent attempts by winlogon and rundll32 to contact 69.20.20.161 port 80, it does cause some kind of resource exhaustion that prevents any new TCP session from being establshed 20 minutes or so after a reboot.

Anybody with fresh ideas for uninstall, let me know. I suspect that people will be asking me for help for years to come as they find this page while searching for winlogon, rundll32, ZoneAlarm, or 69.20.20.161.

This all happened on a machine up-to-date with patches.
Patches and reactive measures such as virus patterns don’t change the fact that Windows is a bad platform, for even casual use.
The barriers against mischief are just too low – defense without depth.

Yahoo publishes its DomainKeys specification.
FAQ at Yahoo! Anti-Spam Resource Center – DomainKeys.

I must say that I share Justin Mason’s distrust and disdain for software patents.
What the heck is patentable among these ideas anyway? They seem like obvious applications of digital signatures and DNS publication.
The most generous interpretation is that these might be defensive patents, and that for all intents, the IETF-required license is good enough.

Is this or SPF
likely to take the world by storm?
Either one permits senders to publish records that permit receivers to make some authentication judgments.

Well, deployment by senders is a bit more work (sign those messages) for DK than for SPF. But SPF breaks what has been considered normal forwarding behavior, in a way that the sender has no control over except by saying “put up with it” or by turning off SPF.

Deployment by receivers has no particular downside for either scheme — you’re basically implementing sender-requested filtering, and who can complain about that?

Of course, initially, rather than trying to subvert either scheme, spammers will avoid both. Is it possible that the world will shift so much that just being a non-DK domain will count against the sender? I do think it’s possible. At which point, yes, spammers adopt the technology but subvert it with throwaway domains and proxy zombies with access to signing servers.
You can’t avoid reputation systems in the end,
trusted third parties, (some even having good incentives to rate
accurately and respond quickly), blacklists, etc.

Amit Klein:
HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics

[via joatBlog: Web Attacks]

• San Diego State University, February 2004:
  

  While investigating a computer server sending spam e-mail messages, the Information Technology Security Office at San Diego State University discovered computer intruders had circumvented departmental server security and gained illegal access to a file server in the Office of Financial Aid and Scholarships.
  
  …
  
  We recognize that identity theft has become one of the fastest growing
  crimes in the nation and SDSU is making every effort to ensure that Social
  Security information is not unnecessarily exposed. In late March, the
  University will implement an alternative ID system using a new nine-digit ID
  number called
  "Red ID".

  [via [Interesting-People] Bad year for San Diego Universities so far]

• University of California, San Diego, May 2004:

  The University of California, San Diego is notifying past and present students, applicants, and some staff and faculty that unauthorized intruders have broken into four computers in the UCSD Business & Financial Services Department, computers which housed approximately 380,000 records of personal data including names, social security numbers, and drivers license numbers.

  [via [Interesting-People] UCSD Computer Security Incident Alert]

Microsoft Shelves NGSCB Project As NX Moves To Center Stage

A lot of decisions have yet to be made,” said Mario Juarez, product manager in Microsoft’s Security and Technology Business Unit. “We’re going to come out later this year with a complete story.”

followed by hedging:
Microsoft: ‘Palladium’ Is Still Alive and Kicking

Juarez said Microsoft is not providing any of its NGSCB bits as part of the new Longhorn pre-alpha release that it is distributing this week to WinHEC attendees. But he denied that this means that the company is exorcising NGSCB from the product. Instead, he said that the NGSCB team decided that the driver developers at the show wouldn’t be the right targets for this code.

Update 2004/05/19: Real details from Microsoft pointed to by Dana Epp

Nice building
for the UIUC CS Department.

[via Slashdot]

More on Gary Robinson’s improved chi-squared evidence combination at Handling Redundancy in Email Token Probabilities

“A great math joke from Joi Ito,” via Ole Eichhorn:

SF Chronicle:
Colleges leaking confidential data / Students compromised by Internet intrusions

[via Techdirt:Universities Leaking Student Data]

Network Computing:
University of Tennessee Implements 802.11i (and MAC registration to support legacy machines).
[via
Wi-Fi Networking News]