matt-helps

A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users.

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008.

Although Microsoft released a patch, it has gone on to infect 3.5m machines.

via BBC NEWS | Technology | Three million hit by Windows worm.

Yet again we see windows requires updates to patch up their software with a million holes in it.  These are the ones we know about too.  According to the article this seems to be a clever bit of code.  First it hijacks services.exe then creates & allows a randomly named .dll to become a service and then sets up a webserver & downloads files to execute from any one of hundreds of sites whose name changes continually according to a preset algorithm.

Quite clever actually.  I guess I find the whole thing quite bemusing.  You buy a nice fast machine and then have to buy a slow operating system with holes in it to run it which you then have to go out and buy antivirus software to do something that the operating system should be doing anyway which makes your computer run like a 3-legged dog.  The only reason to have a windows partition is games & specialist software – most software has linux equivalents and even some games run under wine.

Still, if you’re going to pay a huge multi-national corporation lots of money to still produce trash after all these years and you still pay and install it then I guess you get what you deserve.

One of the most powerful/dangerous commands in linux is the “rm” command.  It removes the file from the filesystem and whilst with some media formats it is possible to recover an rm’d file in ext3 it is almost impossible to get that file back (without a hexdumper and lots of time on your hands to manually re-link the file).

After doing a bit of work the other day but before my nightly backup had run I went into the directory I had been coding in and decided to get rid of the backup files that had been created.  The backup files were like the normal files except they had a tilda attached, ie, filename.txt~, so to delete all the backup files in one go I quickly typed in:

rm *~

Except that’s not what I typed.  I missed the tilde off the end and wiped all the files from that directory.  Oops.  Nightly backup not yet run.  Major Oops.  After chuckling that I do make backups a priority and I tell people to make backups a priority I hadn’t done it myself.  Too late.

I did get the files back because, thankfully,  my data store is an SDHC card formatted to vfat (windows) so only the FAT entry had been deleted – more on that in my next post.

But that left me wondering.  I rarely need all the power of rm – whenever I’m using it from the commandline I could think of virtually no circumstances where I would prefer to unlink the file altogether rather than just move it to the trash.  As I looked around the net I noticed lots of suggestions from people to replace rm altogether or to create an alias for rm that does something else, but the problem with that is that lots of programs rely on rm being the way it is and taking specific arguments, etc.  To change it just for me would probably break the system or applications that I have installed or could install at any time.

The solution I settled on was to stop using rm from the commandline altogether and learn to use an alias I created called “trash” whenever I wanted to delete a file from the commandline.  All you need to do to use it is to open your ~/.bashrc file and put the following line in it somewhere (at the end works just fine):

alias trash="mv -t ~/.local/share/Trash/files --backup=t --verbose"

Obviously if your trash is in a different location you need to change the location above – what I’ve written above is correct for Ubuntu.  Now when you “trash” a file it will go into your trash bin and is therefore retreivable rather than being deleted forever.

Such a simple script doesn’t work perfectly of course and if you delete a huge file on a removable local device you’ll notice that it will move the file to the trash bin on another device and that will take some time.  What I could do with now is to know the name of the trash folder on the device on which the file is located and send it there.

The only way to stop fraudsters stealing information from old computer hard drives is by destroying them completely, a study has found.

Computing magazine Which? recovered 22,000 “deleted” files from eight computers purchased on eBay.

Criminals source old computers from internet auction sites or in rubbish tips, to find users’ valuable details.

via BBC NEWS | Technology | Hard drive destruction ‘crucial’.

Actually you don’t quite need to go to that extreme, and I’m sure a  very determined tech thief could piece together the digital media from the smashed hard-drive.  No, more secure (and easier!) is to just run one of the many shredding utilities you can download out there – preferably one where you can specify to overwrite the original data with a given number of garbage writes (I remember 23 being the number of times you should go over the original data – though that was some time ago), and then you can go ahead and sell your computer/hard-drive on ebay.

Perhaps the best solution though is just to have your home folder encrypted (or profile directory in windows) .   Or even setup an entire volume to be encrypted.  You never know when you’re going to leave your laptop on the train or when someone is going to steal it from under your nose at Starbucks.  You also never know when someone is going to break into your house and walk away with your desktop tower.  Sure your home insurance will cover the equipment, but it won’t cover the cost of re-securing your identity.

These new fangled netbooks that run ubuntu such as the Dell Mini 9 are great. One problem, as mentioned in an earlier post on this blog (see Related Posts) is that when you download an application like skype or adobe flash player that isn’t in the repositories you get a .deb file for linux and when you try to install it the debian package manager will complain that there is an architecture mismatch because are attempting to install an i386 package on an lpia processor. You can use a commandline switch to force the install but you won’t be able to automatically uninstall it later.

As I mentioned in that previous post, you can just repackage the *_i386.deb file into a *_lpia.deb file manually, but now it is even easier than that as there is now a helper script to do it automatically thanks to the helpful guys on the ubuntu forums. Just unzip this i386 deb to lpia helper script file into the directory where you want to run it (or into your scripts directory), set it to executable and then run it from the directory with the *_i386.deb file. You don’t need to specify any parameters, but the deb package must end _i386.deb (rename it if you have to):

cd /path/to/my/i386/deb/file
wget http://www.matt-helps.com/pub/deb2lpia.sh.tar.gz
tar -xvzf deb2lpia.sh.tar.gz
rm deb2lpia.sh.tar.gz
chmod +x deb2lpia.sh
deb2lpia.sh

Hope that helps.

(updated for v1.1 of the script)

Film-style age ratings could be applied to websites to protect children from harmful and offensive material, Culture Secretary Andy Burnham has said.

via BBC NEWS | UK | Website age ratings ‘an option’.

An interesting idea came out of the UK government this week, the idea of applying film-style age ratings to websites (here in the UK that is U=Universal, PG=Parental Guidence, 12=12 years old and older, 15=15 years old and higher and 18=18 years old and higher) as a means of protecting kids.  As a father of 2 small kids I can understand the desire to create a safer internet but I think they may be entirely misunderstanding how the net works as such a system for the whole net would be completely unworkable.

The internet is almost un-policable without cross-border cooperation between governments.  It is not known whether the internet was designed to be unpolicable or whether it just evolved as it has but data is stored and services are run on servers all over the world including in many countries that would not offer cooperation with the UK government.  Not only that but websites appear and disappear with almost disturbing speed – how do you regulate that?  What about websites that are full of safe stuff in one area, but have inappropriate content elsewhere on the same site.  What about user-posted content?  Not just pictures, but graphic text also?

No, the only way to get even close to what the government would like to do is to create a whitelist of websites that are safe for kids that have no user-posted content and are regularly policed.  A whitelist operates like a walled garden – you can roam around inside the garden but you can’t get out – you can visit any site on the whitelist, but no others.  Perhaps sites would apply to be part of this whitelist and volunteer themselves on there, but I can’t imagine that the take up would be at all high considering the punishment the government would dole out if something nasty slipped through their own censoring.

No, the only way for young kids to use the internet is to do so closely supervised.  And if my kids think they can have a computer in their own room before they’re 32 they’ve got another thing coming…