Emergency Microsoft Patches

Bad news from Microsoft. Below is an excerpt from the Washington Post article titled Microsoft’s Emergency Patch Mess.

Microsoft today released a pair of emergency software updates (Redmond calls them “out-of-band” updates). Yes, that’s right folks: If you use Windows — and especially if you browse the Web with Internet Exploder Explorer – it’s once again time to update.

The backstory to these patches is a bit complex, so here’s the short version: A while back, Microsoft introduced several security flaws into a set of widely-used third-party software development tools, and today it’s correcting that error by issuing an updated set of tools. Another update tries to block attackers from exploiting those weaknesses while third-party software makers figure out how to fix their code with the updated tools.

On a scale of 1 to 10, with 10 being the most dire and far-reaching, Eric Schultze, chief technology officer at Shavlik Technologies, said he’d put the seriousness of today’s out-of-band patch releases at an 8.

“When I was at Microsoft, there were a couple of issues that we referred to as ‘Voldemort,’ meaning they were so nasty you didn’t even want to speak their names, and this one is kind of like ‘Son of Voldemort,'” Schultze said. “You really start to lose confidence in Microsoft’s security mechanisms when something like this happens.”

Upgrade Hard Drive with Free Tools from EASEUS

We recently helped someone in Adams Morgan upgrade their laptop to a larger hard drive. It was for an old Dell laptop running Windows XP (32-bit) that had an ATA (IDE) drive instead of one of the newer SATA drives.EASEUS

Here are the steps to upgrade a hard drive. The EASEUS software is free for personal use.

1. Buy a new drive. Currently the largest ATA drvies are 320GB and SATA drives are 500GB. 750GB SATA drives are anticipated in 2009 and 1TB drives are expected in 2010. We typically buy hard drives from Newegg.com.

2. Buy a USB laptop hard drive adapter or USB drive enclosure for the new drive. Again, try Newegg.com.

3. We recommend first running the Windows Disk Defragmenter so that your new drive will start out with the files well organized. It is located at Start – All Programs – Accessories – System Tools – Disk Defragmenter. In order to run Disk Defragmenter, you need at least 15% free space. This might mean that you need to run Disk Cleanup or back up and temporarily remove some of your larger files such as photos.

EASEUS Disk Copy4. Download the free EASEUS Disk Copy. This will provide you with a .iso file that you can burn to CD as a disk image.

5. While the computer is off, connect the new drive to the computer via USB adapter or USB enclosure. Start the computer with the EASEUS Disk Copy CD created above. You might have to go into the BIOS to prioritize the CD drive to be bootable. This will boot into EASEUS Disk Copy and allow you to copy the entire old drive (also known as cloning) to the new drive connected via USB. In our tests, EASEUS Disk Copy was able to move 55GB of data in about 35 minutes. We found EASEUS Disk Copy to be one of the fastest bit-for-bit copying systems. For comparison, we tested Norton Ghost which copied 55GB in over 3 hours.

6. Remove the old drive and replace with the new drive. Boot up the computer.

7. Download and run the free EASEUS Partion Master 3.5 Home Edition. This is needed because EASEUS Disk Copy only copies (makes a clone of) the drive as it is sized. Use the Partition Manager to expand the partition to use the entire drive.

NASA Astronauts Can’t Watch DVDs

NASA Astronauts

From today’s Associated Press:

HOUSTON — Atlantis astronauts fixed the Hubble Space Telescope so it could beam cosmic pictures to Earth, but playing DVDs on their laptops is proving too difficult.

With an unwanted off day Friday because thunderstorms prevented their scheduled landing, the astronauts intended to pass the time by watching movies they brought on the mission. But when they tried to play them, they found out their laptops didn’t have the proper software.

Engineers on the ground tried to troubleshoot the problem — just as they did when a hand rail almost prevented spacewalkers from fixing one instrument in Hubble. After more than an hour with no solution, the astronauts gave up.

Astronaut John Grunsfeld radioed to Earth that they’d have to wait to watch something at a terrestrial movie theater.

So fixing a giant telescope in space worked fine, but getting their laptops to play a DVD didn’t work. I certainly sympathize as Windows typically needs additional codecs loaded to play DVDs. They should have had a copy of the free VLC media player.

Conficker Continues

The BBC has an article on Conficker, the virus that everyone seemed to think passed us by on April 1st.

The Conficker worm has started to update infected machines with a mystery package of data.

Computer security firms watching the malicious program noticed that it sprang into life late on 8 April.

The activity on its update system delivered encrypted software to compromised machines. It is not yet clear what the payload contains.

The Conficker virus variants are thought to be present on millions of PCs around the world.

Spam connection

The updating activity has begun about a week later than expected. Analysis of the “C” variant of Conficker (aka Downadup) revealed that its updating mechanism was due to go live on 1 April.

The belated updates were spotted by researchers for Trend Micro following the arrival of a new file in one of the directories in so-called “honeypot” machines deliberately seeded with Conficker C.

Analysis showed that the file had arrived via the peer-to-peer file transfer system that infected machines use to communicate.

In a bid to avoid alerting people to its activity, the update is slowly being trickled across the population of machines harbouring the C variant. Exact figures for the number of Conficker-infected machines are hard to determine, but the minimum is widely believed to be three million.

“The Conficker/Downad P2P communications is now running in full swing,” wrote Ivan Macalintal from Trend Research on the company’s security blog.

Once it arrives on a machine, the package of data randomly checks one of five different websites – MySpace, MSN, eBay, CNN and AOL – to ensure its host still has net access and to confirm the current time and date.

Following this check the data package removes all traces of its installation.

The strong encryption on the payload has, so far, prevented detailed analysis of what it actually does. However, security experts speculate that it is a “rootkit” that will bury itself deep in Windows in order to steal saleable data such as bank website login details.

Security researchers are continuing to analyse the payload to get a better idea of what it is intended to do.

Symantec said it too had noticed the increased activity of Conficker and its analysis suggested a link with another well-known virus called Waledac. This malicious program steals sensitive data, turns PCs into spam relays and opens up a backdoor so the machine can be controlled remotely.

The security firm noticed that the update also included an instruction to the worm to remove itself on 3 May, 2009. However, the Waledac imposed backdoor on the machine will remain open, so its creators can still control compromised PCs.

Conficker Arrives

ArmageddonIs it time to buy those boxes of ammo and head for the hills? We’ll see.

This Wednesday, April 1st the Conficker worm will do something. No one knows what. But it has security experts up late. It is believed that at one point Conficker was on 6% of the world’s PCs. This has been reduced dramatically by the work of Microsoft in issuing special patches for the worm. But hundreds of thousands of PCs are still estimated to be infected.

Early this month, Symantec’s security researchers began noticing that the worm was changing in order to avoid steps to interrupt the worm’s links with its hacker controllers. The first versions of the worm generated a list of 250 possible domains each day that could be used to route instructions from hackers. The new edition uses a list of 50,000 URLs in order to overwhelm security researchers.

Typically hackers use large botnets of computers to commit distributed denial of service (DDOS) attacks against websites. The hackers will demand that large websites pay them in order to be spared.

If you are worried about your computers or those of people you love, you can read Microsoft’s alert and my earlier post on how to prevent and remove the virus.