October 22, 2007

Is Comcast Jamming Users’ BitTorent and Gnutella Traffic?

Last week, the Associated Press reported that Comcast is interfering with users' ability to run file-sharing applications over its network.

cialis costs 0in; font-family: Verdana” align=”justify”> 

We spoke to Comcast last month and understood them to deny that they are doing this, so we've been running our own tests.


On Friday, we posted about some experiments showing that Comcast is forging packets in order to interfere with its customers' use of BitTorrent. There have been reports of strange things happening with other protocols, and we've been running some tests on two other file transfers protocols in particular — HTTP (which is used by the World Wide Web) and Gnutella. Comcast has also been strenuous in telling us, "We don't target BitTorrent". Perhaps not.

Perhaps what they're doing is even worse.


Read the AP report:



Read what EFF's technologists discovered in the complete




For our previous post:


Permalink • Print • Comment

Lawsuit Filed as Congress Debates Letting Industry Off the Hook for Illegal Spying

San Francisco – The Electronic Frontier Foundation (EFF) filed suit against the Office of the Director of National Intelligence (ODNI) Wednesday, demanding any information about telecommunications companies' efforts to get off the hook for their role in the government's illegal electronic surveillance of millions of ordinary Americans.


Congress is currently considering granting amnesty to the telecoms — a blatant attempt to derail lawsuits aimed at holding the companies responsible for knowingly violating federal privacy laws with warrantless wiretapping and the illegal transfer of vast amounts of personal data to the government. EFF represents the plaintiffs in Hepting v.

AT&T, one of dozens of class-action suits accusing the telecoms of violating customers' rights by illegally assisting the National Security Agency with this domestic surveillance.


News reports have described an elaborate lobbying campaign by the telecoms to drum up support for legislation that would hold them unaccountable for their actions, and Director of National Intelligence Mike McConnell has publicly voiced his support for amnesty. But McConnell's office has not yet responded to EFF's Freedom of Information Act (FOIA) requests to disclose records about this lobbying activity.


"Congress is debating amnesty for the telecoms right now cialis chicago — amnesty that could imperil judicial review of a very controversial government program, as well as threaten class-action lawsuits that impact millions of Americans,"

said EFF Staff Attorney Marcia Hofmann. "We deserve to know what kind of lobbying has gone on behind the scenes before lawmakers make this critical decision."


EFF's suit asks for the immediate disclosure of ODNI's telecom lobbying records, including any documents concerning briefings, discussions, or other contacts officials have had with representatives of telecommunications companies or members of Congress. This lawsuit comes just two weeks after EFF filed a similar FOIA suit against the Department of Justice for withholding records on telecom lobbying.


For the full complaint:



For more on our FOIA work:



For more on EFF's class-action lawsuit against AT&T:



For this release:


Permalink • Print • Comment

IE users beware: RealPlayer zero-day flaw under attack

October 19th, 2007

Posted by Ryan Naraine @ 8:56 am

(See updates below with confirmation from RealNetworks and plans for an emergency RealPlayer patch)

RealPlayer zero-day flaw under attackHackers are actively exploiting a zero-day hole in RealNetworks’ RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide.

The in-the-wild attacks, which began late last night (October 18), targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft’s Internet Explorer browser.

The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page, according to an alert issued by Symantec DeepSight Threat Management System.

The issue affects an ActiveX object installed by RealPlayer, accessible over the web using Internet Explorer. By instantiating the object and invoking a specific method and attacker is able to corrupt process memory and execute arbitrary code with the privileges of the browser. The attack currently known to be in-the-wild has been confirmed to download malicious code to the compromised host.

How to use Internet Explorer securely[ GALLERY: How to use Internet Explorer securely ]

According to sources tracking this threat, the attacks are limited in nature and appear to be targeting specific organizations. Some government agencies, including NASA, have reportedly banned the use of Internet Explorer in response to this incident.

“The malware appears to be spreading through a large variety of common and highly-respected Internet sites, however it does not appear these sites are themselves infected. The affected sites are serving solely as a mechanism to attract potential victims.”

Confirmed vulnerable: RealPlayer versions, (11 Beta), (10.5), 6.0.12, 6.0.11, and 6.0.10.


In the absence of a patch from RealPlayer, users might want to consider uninstalling the software immediately. Or, use an alternative Web browser (Mozilla Firefox or Opera) for Web surfing.

Symantec also recommends:

  • Block access to the IPs and, as these IP addresses were observed partaking in the attack and have also been observed by honeypots perpetrating other malicious activity.
  • Set the kill bit on the Class identifier (CLSID) FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 (Microsoft instructions for setting kill bit).
  • Ensure that all Microsoft Internet Explorer clients are configured to prompt before executing Active Scripting. If Active Scripting is not required it should be disabled completely.
  • Ensure that all Microsoft Outlook and Outlook Express clients are configured to either display all incoming email in plain text format, or that HTML email messages are opened in the Restricted sites security zone.
  • As most vulnerabilities of this nature rely on JavaScript to carry out exploitation, disable JavaScript whenever possible.
  • Always execute web browser software as a user with minimal system privileges.

[ UPDATE: October 19, 2007 @ 1:21 PM ] While there is no information on the actual vulnerability in play here, I’ve found this Milw0rm exploit that discusses an unpatched ActiveX hole affecting RealPlayer.

According to the RealNetworks security updates page, the company hasn’t shipped a patch since March 22, 2006.

[ UPDATE: October 19, 2007 @ 5:05 PM ] Via Symantec DeepSight, a step-by-step description of how an attack takes place.

  1. The attacker compromises an advertisement server so that an IFRAME that redirects victims to a malicious Web page is appended to advertisements.
  2. A victim browses the Web to a trusted or untrusted site that hosts ads presented by the compromised ad server. The victim gets redirected to the malicious website hosting the exploit script.
  3. The exploit script then builds a special URI and passes it to another script that determines whether or not to exploit the victim.
  4. The second script attempts to exploit the victim to execute a malicious payload.
  5. Successful exploitation results the payload downloading and executing the hxxp:// executable file.
  6. The executable (Trojan.Zonebac) then installs itself into the system and contacts a number of other sites.

[ UPDATE: October 19, 2007 @ 8:06 PM ] Via e-mail RealNetworks spokesman Ryan Luckin says an emergency fix will be available cialis cheapest later today to address this vulnerability.

Those users with RealOne Player, RealOne Player v2, and RealPlayer 10 should upgrade immediately to RealPlayer 10.5 or RealPlayer 11 and install the patch to ensure this security vulnerability is addressed.

[ UPDATE: October 20, 2007 @ 10:58 AM ] The RealPlayer patch is now available for download.

There are reports circulating that the exploit code was embedded in advertisements served by 24/7 Real Media, a high-profile digital marketing company.

Permalink • Print • Comment

Microsoft matters less every 6 months

October 21st, 2007


Posted by Christopher DawsonMaybe not for the average corporation yet, or even the average home user, but every time Canonical releases a new version of Ubuntu (and with it comes Edubuntu), Microsoft becomes a little less the default vendor of choice for educational computing.


I’m still 2 years from a major tech refresh, including server hardware and software. I have to say I wish I was a little closer, having just installed Edubuntu 7.10 on my test server at home. Not only did the install go even easier than it did when I installed version 7.04 6 months ago, but the performance once installed is significantly improved.


One of the aspects of Gutsy that feels much improved over previous versions is speed.


Everything feels faster and snappier, from loading up the OS to clicking on menus.


For Edubuntu, a derivative of Ubuntu incorporating packages of educational software, and, more importantly, a brilliant implementation of the Linux Terminal Server Project, this translates into faster boot times for thin clients as well as standalone workstations. For those of you who haven’t used Edubuntu before, at installation you have the opportunity to install either a workstation (basically Ubuntu with educational packages and a kid-friendly theme) or a server, which supports connection of thin clients. In it’s simplest form, the latter requires two network interfaces, one connected to the Internet (via a router or drop from a larger network) and one connected to a switch with thin clients attached.


As with 7.04, this setup really is incredibly simple. Edubuntu detects both interfaces and allows manual or automatic networking setup. The automatic setup is remarkably intelligent; one caveat:


if the automatic DHCP/DNS the installer performs fails, then switch the two network connections coming into the server. Most likely, the so-called gateway interface was simply connected to the thin clients instead of the outside network. The text-based installer (sorry, no live CD/graphical install for Edubuntu, although you don’t really miss it) guides you through the rest and various setup options for Edubuntu are well-documented here. Note that while the instructions linked here are cialis cheapest price for version 6.06, the actual installation hasn’t changed much. The look, feel, and performance of the installed system are significantly improved.


I installed Ubuntu on two other older PCs for comparison (Dell workstations with 256MB RAM and Pentium 3 Xeons) without any trouble and had my kids using all of their Flash and Java-based applications in less than an hour and a half (from the time I started the install). My youngest was logged into the Edubuntu server (also an aging old donation with 2GB RAM and a single Pentium 3 Xeon running at 700MHz) via his old desktop (set to boot from the network) while I opened and closed applications, switched users, and monitored his connection via a cool control panel on the server itself. While this is obviously a low-utilization, seat of the pants test, this is also a really old server by modern standards and slower than the server on which I tested Edubuntu 7.04 (a Pentium 4 with Hyperthreading, running at 3GHz with 2GB of RAM). Performance was definitely improved, even with the slower server hardware, particularly in terms of network boot times and responsiveness on the thin clients.


Which leads me back to my headline. Edubuntu (and the various incarnations of Ubuntu) are very good right now. Microsoft may bring us “Patch Tuesday,” but Canonical brings us a significantly upgraded operating system every 6 months. Many other major Linux developers follow a similar schedule. If the improvements between versions are immediately noticeable, imagine what a couple more generations will bring us. What will Edubuntu 8.10 look like and how much better will it be? For that matter, how will SUSE Linux and their Kiwi implementation of LTSP look (along with the promise of fully-functional library and student information system software out of the box in the coming months)? RedHat/Fedora aren’t exactly far behind either, to say nothing of the countless options represented by other distributions.


I’m itching for a tech refresh already, just so that I can logically roll out one of these distributions somewhere other than my own lab. Of course, it will probably take me the next two years to convince my users that we can do without Windows anyway. For now, I’ll content myself with building a group of champion users who can see first hand the value of software like Edubuntu, and who can be as impressed as I am at its incredibly speedy progress.


Pasted from <http://education.zdnet.com/?p=1280>


Permalink • Print • Comment

Ubuntu 7.10 – Installation walk-through

October 19th, 2007

Posted by Adrian Kingsley-Hughes @ 6:26 am

This post will hold no surprises for those of you who have experience handling Ubuntu, and really it’s not aimed at you (unless you want to chime in with hits, tips or suggestions).  the purpose of this post is simply to show folks who’ve not dabbled with Ubuntu just how easy it is to install this operating system.

Ubuntu 7.10 - Installation walk-throughCheck out the Ubuntu 7.10 installation walk-though here.

The great thing about the Live CD format is that you can dabble with an OS without having to install the OS and lose your existing OS.  That’s a great “try before you commit” feature and allows you to pick the distro that’s right for you.  But once you’ve decided to make the leap, you then want to make sure that the installation cialis cheap online process is as smooth and hitch-free as the Live CD experience is.

Ubuntu 7.10 - Installation walk-throughSo far, my Ubuntu 7.10 install experiences (and I’ve carried out about five installs so far on different platforms) have been pleasant and totally hassle-free – exactly what an OS installation should be like. 

What I especially like about the Ubuntu installation is that all the questions are answered at the beginning of the install process and then the installation process doesn’t need any user input until the end.  This is in stark contrast to Windows XP where the install process is all over the place (Windows Vista is more like Ubuntu and asks all the questions at the start of the process).

Permalink • Print • Comment
Next Page »
Made with WordPress and Semiologic • Sky Gold skin by Denis de Bernardy