Growing old is mandatory but growing up is optional… and I opted out.
Archive for June, 2006
One of my servers has a new uptime record – 502 days, 11 hours, 29 minutes. I’m still unsure if it lost power and rebooted, or if I accidentally hit the “restart” button with my foot. Who knows. Anyway, according to the calculations the uptime is/was 502 days, 11 hours, 29 minutes.
Specs of the machine:
Mandrake Linux 9.1
Model: AMD-K6(tm) 3D processor
Chip MHz: 451.04
RAM: 384 MB
Cache Size: 64 KB
Network: D-Link System Inc RTL8139 Ethernet
Video: ATI Technologies Inc 3D Rage Pro 215GP
hda: Maxtor 90680D4 (Capacity: 6.33 GB)
hdb: WDC AC28400R (Capacity: 7.87 GB)
hdc: CD-RW CRX100E
It’s fairly easy to handle ID theft once you understand that the situation cannot be corrected immediately, that you shouldn’t go ballistic, and that time and patience (and a few simple procedures) is all that’s required to correct the situation:
1. Write to the major credit bureaus and ask for a credit report from each. Explain that you’re a victim of ID theft and they’ll give you a free credit report.
2. Ask the credit bureau to place a 7-year freeze on your credit report (not the 3-month freeze). That ensures that anyone who extends credit must contact you directly (usually by phone) prior to extending credit. Make sure the credit bureau has your phone number correct!
3. If the ID theft resulted from something locally enforceable (stolen wallet, burglary), file an offense report with the local police and get a printed copy of the report.
4. Find any fraudulent/old accounts on your credit report. For old accounts, write to the address on the credit report informing the creditor and ask that the account be closed. For fraudulent accounts, notify the creditor of same and include a copy of the police report (above). For any fraudulent account applications, also notify the creditor that the application was fraudulent.
5. In all cases, ask the creditor to notify the major credit bureaus of all updates/closure of accounts.
6. Keep paper copies of all letters – use a separate paper file folder for each account or account application. Seems tedious, but you’ll be glad you did.
Above all, be patient, take your time (there’s no rush, all changes are made at snail mail speed at best) and don’t worry. Just go through the steps and everything can be corrected.
After that, make sure you check your credit record with the major credit bureaus at least once a year. They’ll send this for free. Follow the above steps whenever you see a fraudulent account or application.
Every time you manage to close the door on reality, it comes in through the window.
Data loss is becoming just way to rampant nowadays and businesses and government just don’t seem to care (example).
Is it just my perception or is this becoming routine now?
I used to be only concerned in a detached way. Then *today* I received a letter from the student loan people saying, in essence: “We lost a dataset including your information. Sorry! Better contact the credit bureaus, and watch your financial statements. Have a nice day!”
The only way we are going to have data security is if the parties that fail to secure data are held responsible for the consequences to others. Ideally, that would mean that if someone commits fraud using my stolen data, the organization that lost it has to pay me the actual cost of correcting credit reports, changing all my accounts, compensation for time spent, any lawyers needed, etc..
Instead the banks are allowed to exploit the situation by selling insurance against it. We can’t even get disclosure laws everywhere.
Excuse me for ranting, but the only way the technical and user-education type of solutions will become relevant is if the costs are placed appropriately.
Well, I finally made the plunge and registered two fully qualified domain names today – itstudent.org and adultstudent.org. The smart thing that I should’ve done was to start sprucing up the place a bit before I registered, but I had the day off so I just did it. I’ve been meaning to do it for what…3 years now? 😉
Anyway, more announcements to come regarding the web site very soon. I have quite a few big plans and might start working on implementing them, but there’s always the “time factor”.
Fun stuff. 🙂
Not in any sense of the word. You’ve been warned.
Disclaimer: This video is “work safe” to view at work, however, you may be subject to ridicule if caught viewing it.
First off, in order to disable it:
Start in safe mode and find the file /WINDOWS/System32/WgaLogon.dll. Edit the file properties and remove the execute and write permissions for all users including System. The daily checkin and the WGA System Tray tool are both started from this DLL so making it non-executable kills the whole WGA Notification system. Making it read-only stops windows update from ‘repairing it’ and installing future versions.
There is also a file called wga.dll, or similar, but I didn’t do anything with that. I did the above on a machine that was wrongly reporting as ‘pirated’, and it worked fine.
They should just call Windows Genuine Advantage for what it really is – “we don’t want you pirating our garbage”. The problem is, it’s screwing with the legit users and inconveniencing them instead of the real pirates. Not only that, I can see a huge potential for abuse here:
-Sniff the packets WGA creates and find out where it “reaches out” to.
-Poison the DNS cache and redirect all traffic WGA is attempting to contact to your own server.
-Insert malicious activity here.
Of course, this could have been done for years with http://update.microsoft.com/ but still…
This doesn’t even take into account potential abuse on Microsoft’s end since this piece of malware “phone’s home” almost daily. I mean why would it need to phone home daily to let Microsoft know (again) that your version of Windows isn’t pirated? What’s really going on here?
The real question is when are the anti-malware community going to step up to the plate and provide protection from this software? The fact that it’s made by Microsoft should be irellevant – just analyse the behaviour of the application and judge it on that. It communicates unique information at any time to an advertising company (msn anybody?) with you, the user, having no idea of what data and what the implications are of giving this company that data.
Can your business really risk an application like this on your systems? Are you prepared for the consequences of letting this program run unchallenged inside your companies infrastructure?
Since Windows is sending information home, and the user has no control over that messaging with regard to timing or content, it seems to me HIPAA-compliant systems (and other systems requiring security) cannot be built on Windows.
Sounds like an opportunity for the open source world.
Open up a terminal and type:
# find / -size +10000k –print
This finds all files that are larger than 10 megs (takes a little while though…)
(Yeah, it’s a slow day…)
I have had good success with 98 and up to 1 GB RAM by hacking the C:\Windows\System.ini file as follows:
Open c:\windows\system.ini with notepad
Locate the heading: “vcache” and type in (case sensitive!):
Save and close text editor and reboot
After you reboot, it should look like so:
Now Win98 will use the full 1 GB of RAM without slowing the PC down as it would before (if it would run).