Archive for January, 2006

1st computer bug

Tuesday, January 31st, 2006

For those that don’t know, the term computer bug originated like this:

“Moth found trapped between points at Relay # 70, Panel F, of the Mark II Aiken Relay Calculator while it was being tested at Harvard University, 9 September 1945. The operators affixed the moth to the computer log, with the entry: “First actual case of bug being found”. They put out the word that they had “debugged” the machine, thus introducing the term “debugging a computer program”.

In 1988, the log, with the moth still taped by the entry, was in the Naval Surface Warfare Center Computer Museum at Dahlgren, Virginia.”

A photo of the moth and the paper it was taped to can be found here.

Quote of the week: January 30th

Monday, January 30th, 2006

“Most people, I think, don’t even know what a rootkit is, so why should they care about it?” – Thomas Hesse, Sony

Biotechnology regulatory agencies

Sunday, January 29th, 2006

Posted in my Biotechnology class:

Posted by Chad Thu Jan 19 13:07:30 2006.

I found a pretty good web site explaining a bit of what Charles and Chris have discussed – http://usbiotechreg.nbii.gov. From there, you can find out the role of each agency here.

I’m thinking that the Biotechnology regulatory infrastructure needs to be updated or at least reviewed though because it appears that the “framework” set up for Biotechnology (found here) is now 20 years old. So many advances have been made in the last 20 years and new technologies have been introduced that may or may not be covered by this framework. Also, it appears that 20 years ago, they considered OSHA (Occupational Safety and Health Administration) to be a Biotech regulatory agency as well though I’m not seeing any more recent information to back that up. I could somewhat understand why OSHA might be included because it is part of their responsibility to enforce employers that employees are made aware of the chemicals and other dangers around them.

Google password hack

Saturday, January 28th, 2006

Try it yourself…kinda scary if you think about it. Some sites may not be up, but if you look at the Google description, what you see is pretty wild – logs containing server admin account information like username and password.

Worlds largest database?

Friday, January 27th, 2006

Posted in my Biotechnology class:

Posted by Chad Wed Jan 18 12:09:11 2006.

Here is an article about the worlds largest Genetic Records database. It is also believed to be one of the worlds largest databases, period!

From the article:

“To grasp how much data is in the Archive, if it were printed out as a single line of text, it would stretch around the world more than 250 times. Printing it out on pages of A4 would produce a stack of paper two-and-a-half times as high as Mount Everest.”

All the data is freely available here as well.

Bioflorescent jellyfish protiens

Thursday, January 26th, 2006

Posted in my BIO-274 class on 1/23:

I find it absolutely amazing how something as off the wall as a jellyfish can revolutionize modern day biology. Who would’ve thought?

Here are a few pictures of fish that are bioluminescent (unlike the jellyfish in the video). Most of them live in the very deepest parts of the ocean:

Anglerfish (think “Finding Nemo“) – bioluminescent
Vampire squid – bioluminescent
Flashlight fish – bioluminescent
Gulper eel – bioluminescent
Viper fish – bioluminescent
Firefly squid – bioluminescent

Unfortunately, an internet search didn’t turn up any bioflorescent aquatic animals other than a jellyfish. Hopefully, Doctor Peribole (sp?) is able to find what he is looking for in the Great Barrier Reef in Australia. Though I’m sure it will be hard work, it sounds like a wonderful job for a Marine Biologist.

Biotechnology – “Cracking the Code”

Wednesday, January 25th, 2006

Posted in my Biotechnology class:

Article here.

I learned about the human genome which I knew very little about before reading this site. Putting things into the perspective of my chosen profession, I can understand why Biotechnology requires cluster computing. The site stated that “the human genome is no more than a string of four letters repeated more than three billion times?. Three billion A, C, T, and G’s would be a lot for any normal computer to process and decipher, so high-end computer clusters would be the most productive way to translate the code into, perhaps, a more human readable format.

Another interesting point I found was that a lot of our DNA is actually borrowed from other organisms. I’m still unsure of how this works, but I’m sure more on this will come later in the class. Also, as stated here, humans share 99.9% of their genetic code. Again, I have very limited knowledge about this subject, but I find this fascinating since most humans are so different from each other. I was under the impression that because of differences in genomes, a person’s hair color might be different, or they might be diabetic, or male or female, or have bad eyesight. Logically, I would think that humans wouldn’t share as much genetic code as they do because of these differences. My knowledge may be way off base, but it is my guess that this course will help me understand this better.

Some people are ignorant when it comes to divorce and children

Tuesday, January 24th, 2006

Italicized text posted by dada2121 on Slashdot:

Here’s a guide to life:

1. Don’t have kids until you can support them yourself (including paying for school, food, clothing and shelter).

2. Join a church or community group focused on family. Help your neighbors with kids and they’ll help you.

3. Understand that raising a child means having one parent at home. If you have a child, stop spending money on toys and vacations and new cars and new clothes. Focus your money on your child’s present and future.

4. Understand that raising a child means constant care. Don’t let your child go anywhere without knowing where and with whom. If one parent is home, this is much easier.

If you can’t understand these simple procedures (learned over millenia), don’t have kids. I don’t want to pay for them, I don’t want to raise them, and I don’t want to provide free daycare for them. It isn’t my kid.

While I do agree with most of your statements, one is absurd:

3. Understand that raising a child means having one parent at home. If you have a child, stop spending money on toys and vacations and new cars and new clothes. Focus your money on your child’s present and future.

I did just that, but now it’s no longer possible to have someone home with my two girls because I am now divorced. I had kids when I was ready and I was able to work and have my now ex-wife stay home with them when we were married. I am now a single dad with two girls to take care of.

To address rule #3, I have only taken one real vacation in my life (just last May). I have to send my youngest to day care because I can’t stay home with her. I have to have a job so I don’t trample on “your hard-earned tax dollars”. I buy most of my clothes and their clothes at Wal-Mart because I can’t afford the nicer clothes because of divorce expenses (see: laywer) and losing half of everything I earned in my retirement while being married because she stayed home.

4. Understand that raising a child means constant care. Don’t let your child go anywhere without knowing where and with whom. If one parent is home, this is much easier.

While my kids aren’t really old enough (in my opinion) to be say, left at the mall, I can look at this statement realisticly and say that not every kid will tell you the truth of where they’re going to be. Sure, they’re staying at a friend’s house, but all you can do is trust them not to sneak out and meet some boys somewhere in the middle of the night. If I (or even someone else) stayed home all the time with them, does that change the fact that kids are curious or will not tell white lies?

Let’s put aside the fact that I’m divorced, let’s say that my ex died in a car crash instead. Does that make things any different? Should I stay home with them instead of work? Get real. With a divorce rate that is greater than 50%, your “idea” is no longer realistic and it is quite apparent by your ignorance that you’re indeed not a parent yourself.

My school’s network security

Tuesday, January 24th, 2006

Email sent by me to one of the administrators at my school after discovering something that concerned me and others within their discussion board system. Their discussion board system (a.k.a. “Educator” or “eLearning”) is how their online courses are administered:

Good morning,

When attempting to show a fellow student how to create hyperlinks in Educator, I used a plaintext tag which showed the rest of the page in plaintext, which didn’t allow me to edit the post due to forcing plaintext rather than HTML. While it’s nice to be able to use HTML tags within a post, it is my opinion that this leaves much room for potential abuse (think: embed src and meta refresh).

Perhaps the designers of Educator have implemented what a lot of other message boards have done in the past and created an administrative function of what HTML tags can and cannot be used by people posting. If not, it may be a good idea to whip something up to take care of it.

Also, one suggestion I had posted within Educator in the eLearning Orientation section:

“Can Delta please implement secure login sessions (https) for eLearning? I noticed that it wasn’t implemented on Blackboard either. Since passwords are shared between all Delta applications (Webmail, MyDelta, eLearning, etc), your password will only be as strong as the most insecure link. MyDelta and Webmail have secure logins, can’t it also be implemented with eLearning?”

Anyone with a sniffer on the same node as someone either telnetting into xserver, or logging into Educator, can view passwords in plain text. In my opinion, this creates a potential security risk worth preventing. For xserver you could install a ssh server (something along the lines of “urpmi openssh-server”), you already have students downloading a telnet program (NetTerm), so having them download a windows app for SSH sessions (ftp://ftp.ssh.com/pub/ssh/) wouldn’t be much more effort and would be no more difficult than a telnet session with NetTerm.

Just trying to help.

Thank you,
Chad

———————————————

Update: I got a response a few days later (1/21)…

Hi Chad,

Sorry for the delay – catching up on my email messages.
Thanks for the suggestions . . . I will propose these questions to our OIT network team and our Educator Support team.

Appreciate the input,
Tom

eLearning Manager

———————————————

Hopefully they act on it. If they did, I’m sure a lot of the CST students and myself would appreciate their proactive stance on security.

Nyxem worm now over 510,000 infections

Monday, January 23rd, 2006

Once again, a friendly note to people using Windows – do NOT run as administrator on your machine. Doing so allows malware/worms/virii/etc to run without question. Use a firewall, use the most up to date virus definitions, use Firefox instead of Internet Explorer, and use Thunderbird instead of Outlook or Outlook Express. Also please use common sense – do NOT open attachments from people (unless you are expecting them) or any email from someone whom you are not familiar with.

As you can see below, even the newest virus definitions will not catch a newly created virus/worm. A lot of new virii and worms also force your firewall and virus protection to disable as well. The reason this can be done is because you are running using an administrator account on your machine. Create a secondary account and use that without administrative privelages. If you don’t know how to do it, google it, as this post is mainly for information on the Nyxem worm.

This worm affects Windows Operating Systems (found on XP). This worm does not affect Mac OSX, FreeBSD, Linux, Unix.

From F-Secure:

The ‘Nyxem.e’ is a mass-mailing worm that also tries to spread using remote shares. It also tries to disable security-related and file sharing software as well as destroys files of certain types. It is similar to the ‘Email-Worm.Win32.VB.bi’ that was found a few days ago.

When executed the worm, it first copies itself to several locations:

%Windows%\rundll16.exe
%System%\scanregw.exe
%System%\Update.exe
%System%\Winzip.exe

The worm installs the following registry key for ensuring it will be started on system startup:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
“ScanRegistry” = “%System%\scanregw.exe /scan”

The worm collects e-mail addresses from files with following extensions:

.HTM
.DBX
.EML
.MSG
.OFT
.NWS
.VCF
.MBX
.IMH
.TXT
.MSF

The worm sends itself as attachment in the infected e-mail. The e-mail subject can be one the following:

The Best Videoclip Ever
School girl fantasies gone bad
A Great Video
Fuckin Kama Sutra pics
Arab sex DSC-00465.jpg
give me a kiss
*Hot Movie*
Fw: Funny 🙂
Fwd: Photo
Fwd: image.jpg
Fw: Sexy
Re:
Fw:
Fw: Picturs
Fw: DSC-00465.jpg
Word file
eBook.pdf
the file
Part 1 of 6 Video clipe
You Must View This Videoclip!
Miss Lebanon 2006
Re: Sex Video
My photos

The message body may be one of the following:

Note: forwarded message attached.
Hot XXX Yahoo Groups
F*ckin Kama Sutra pics
ready to be F*CKED 😉
forwarded message attached.
VIDEOS! FREE! (US$ 0,00)
Please see the file.
>> forwarded message
—– forwarded message —–
i just any one see my photos. It’s Free 🙂

how are you?
i send the details.
OK ?

The worm usually attached itself to e-mail messages as an executable file. It uses one the following names in attachment:

007.pif
School.pif
04.pif
photo.pif
DSC-00465.Pif
image04.pif
677.pif
New_Document_file.pif
eBook.PIF
document.pif
DSC-00465.pIf

Sometimes, the worm MIME-encodes the file. In these cases, the attachment name can be one of the following:

Video_part.mim
Attachments00.HQX
Attachments001.BHX
Attachments[001].B64
3.92315089702606E02.UUE
SeX.mim
Sex.mim
Original Message.B64
WinZip.BHX
eBook.Uu
Word_Document.hqx
Word_Document.uu

The filename inside MIME-encoding is one of the following:

New Video,zip .sCr
Attachments,zip .SCR
Atta[001],zip .SCR
Clipe,zip .sCr
WinZip,zip .scR
Adults_9,zip .sCR
Photos,zip .sCR
Attachments[001],B64 .sCr
392315089702606E-02,UUE .scR
SeX,zip .scR
WinZip.zip .sCR
ATT01.zip .sCR
Word.zip .sCR

The worm searches for remote shared folders and tries to copy itself using one of the following filenames:

\Admin$\WINZIP_TMP.exe
\c$\WINZIP_TMP.exe
\c$\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.exe

At the same time the worm deletes the following file:

\c$\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Before spreading the worm checks whether a remote computer has any of the following folders and if it does, the worm tries to delete all files from that folder:

\C$\Program Files\Norton AntiVirus
\C$\Program Files\Common Files\symantec shared
\C$\Program Files\Symantec\LiveUpdate
\C$\Program Files\McAfee.com\VSO
\C$\Program Files\McAfee.com\Agent
\C$\Program Files\McAfee.com\shared
\C$\Program Files\Trend Micro\PC-cillin 2002
\C$\Program Files\Trend Micro\PC-cillin 2003
\C$\Program Files\Trend Micro\Internet Security
\C$\Program Files\NavNT
\C$\Program Files\Panda Software\Panda Antivirus Platinum
\C$\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal
\C$\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro
\C$\Program Files\Panda Software\Panda Antivirus 6.0
\C$\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus

The worm also creates a scheduled task to run the worm’s files on remote computer with system priviledges at the 59th minute of the current hour.

The worm has a dangerous payload. If the date is equal to 3 (3rd of February, 3rd of March, etc) and the worm’s UPDATE.EXE file is run, it destroys files with those extensions on all available drives:

*.doc
*.xls
*.mdb
*.mde
*.ppt
*.pps
*.zip
*.rar
*.pdf
*.psd
*.dmp

The files’ contens get replaced with a text string “DATA Error [47 0F 94 93 F4 K5]”. The payload is activated 30 minutes after the worm’s file UPDATE.EXE is loaded into memory (basically 30 minutes after logon).

The worm attempts to disable several security-related and file sharing programs. It deletes startup key values from the Registry if they contain any of the following:

NPROTECT
ccApp
ScriptBlocking
MCUpdateExe
VirusScan Online
MCAgentExe
VSOCheckTask
McRegWiz
CleanUp
MPFExe
MSKAGENTEXE
MSKDetectorExe
McVsRte
PCClient.exe
PCCIOMON.exe
pccguide.exe
Pop3trap.exe
PccPfw
PCCIOMON.exe
tmproxy
McAfeeVirusScanService
NAV Agent
PCCClient.exe
SSDPSRV
rtvscn95
defwatch
vptray
ScanInicio
APVXDWIN
KAVPersonal50
kaspersky
TM Outbreak Agent
AVG7_Run
AVG_CC
Avgserv9.exe
AVGW
AVG7_CC
AVG7_EMC
Vet Alert
VetTray
OfficeScanNT Monitor
avast!
DownloadAccelerator
BearShare

The following startup Registry keys are affected:

[Software\Microsoft\Windows\CurrentVersion\Run]
[Software\Microsoft\Windows\CurrentVersion\Run]
[Software\Microsoft\Windows\CurrentVersion\RunServices]

In addition the worm deletes files from the following subfolders in the Program Files folder:

\DAP\*.dll
\BearShare\*.dll
\Symantec\LiveUpdate\*.*
\Symantec\Common Files\Symantec Shared\*.*
\Norton AntiVirus\*.exe
\Alwil Software\Avast4\*.exe
\McAfee.com\VSO\*.exe
\McAfee.com\Agent\*.*
\McAfee.com\shared\*.*
\Trend Micro\PC-cillin 2002\*.exe
\Trend Micro\PC-cillin 2003\*.exe
\Trend Micro\Internet Security\*.exe
\NavNT\*.exe
\Kaspersky Lab\Kaspersky Anti-Virus Personal\*.ppl
\Kaspersky Lab\Kaspersky Anti-Virus Personal\*.exe
\Grisoft\AVG7\*.dll
\TREND MICRO\OfficeScan\*.dll
\Trend Micro\OfficeScan Client\*.exe
\LimeWire\LimeWire 4.2.6\LimeWire.jar
\Morpheus\*.dll

In addition the worm reads location of certain programs from Windows Registry and deletes certain files in these locations. The affected software is:

VirusProtect6
Norton AntiVirus
Kaspersky Anti-Virus Personal
Iface.exe
Panda Antivirus 6.0 Platinum

Also the worm closes application windows that have the following strings in their captions:

SYMANTEC
SCAN
KASPERSKY
VIRUS
MCAFEE
TREND MICRO
NORTON
REMOVAL
FIX