Smokey's Security Weblog

veritas odium parit

Microsoft botnet-hunting tool helps bust hackers

Botnet fighters have another tool in their arsenal, thanks to Microsoft Corp.

The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal Tool that ships with Windows.

Although Microsoft is reluctant to give out details on its botnet buster — the company said that even revealing its name could give cybercriminals a clue on how to thwart it — company executives discussed it at a closed-door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft’s users, said Tim Cranton, associate general counsel with Microsoft’s World Wide Internet Safety Programs. “I think of it … as botnet intelligence,” he said.

Microsoft security experts analyze samples of malicious code to capture a snapshot of what is happening on the botnet network, which can then be used by law enforcers, Cranton said. “They can actually get into the software code and say, ‘Here’s information on how it’s being controlled.'”

Botnets are networks of hacked computers that can be used, almost like a supercomputer, to send spam or attack servers on the Internet. They have been on Microsoft’s radar for about four years, ever since the company identified them as a significant emerging threat. In fact, the software vendor has held seven closed-door botnet conferences for law enforcement officials over the years, including an inaugural event in Lyon, France, hosted by Interpol, Cranton said.

Microsoft had not previously talked about its botnet tool, but it turns out that police in Canada used it to make a high-profile bust earlier this year.

Source: ComputerWorld Security


April 30, 2008 Posted by | Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , | Leave a comment

Windows XP Service Pack 3 Release to Web (RTW) Delayed

Statement Release Manager Windows Serviceability

29 Apr 2008 5:02 PM UTC In the last few days, we have uncovered a compatibility issue between Microsoft Dynamics Retail Management System (RMS) and both Windows XP SP3 and Windows Vista Service Pack 1 (SP1). In order to make sure customers have the best possible experience, we have decided to delay releasing Windows XP Service Pack 3 (SP3) to the web.

To help protect customers, we plan to put filtering in place shortly to prevent Windows Update from offering both service packs to systems running Microsoft Dynamics RMS. Once filtering is in place, we expect to release Windows XP SP3 to the web.

We are also testing a fix, and will make it available once that process is complete. Once they have installed the fix, Microsoft Dynamics RMS customers should be able to run both service packs.

Until then, we advise Microsoft Dynamics RMS customers to not install either service pack. Microsoft Dynamics RMS customers running Windows XP SP3 or Windows Vista SP1 should contact Microsoft Customer Support Services for additional information.

Chris Keroack [MSFT]
Release Manager Windows Serviceability

Source: Microsoft TechNet

April 29, 2008 Posted by | Advisories, Alerts, Downloads, Friends, News, Recommended External Security Related Links, Uncategorized | , , , , , , , , | Leave a comment

Tesco’s Head Office correspondence with a Tesco Loyalty Card customer

Allrights folks, after all terrific serious blogposts time for recreation.

Post subtitle: “Proof of what can happen if a wife or girlfriend drags her husband or boyfriend along shopping”

This letter was recently sent by Tesco’s Head Office to a customer in Oxford, GB:

Dear Mrs. Murray,

While we thank you for your valued custom and use of the Tesco Loyalty Card, the Manager of our store in Banbury is considering banning you and your family from shopping with us, unless your husband stops his antics.
Below is a list of offences over the past few months all verified by our surveillance cameras:

1. June 15: Took 24 boxes of condoms and randomly put them in people’s trolleys when they weren’t looking.

2. July 2: Set all the alarm clocks in Housewares to go off at 5-minute intervals.

3. July 7: Made a trail of tomato juice on the floor leading to feminine products aisle.

4. July 19: Walked up to an employee and told her in an official tone, ‘Code 3’ in housewares….. and watched what

5. August 14: Moved a ‘CAUTION – WET FLOOR’ sign to a carpeted area.

6. September 15: Set up a tent in the outdoor clothing department and told shoppers he’d invite them in if they would bring sausages and a Calor gas stove.

7. September 23: When the Deputy Manager asked if she could help him, he began to cry and asked, ‘Why can’t you
people just leave me alone?’

8. October 4: Looked right into the security camera; used it as a mirror, picked his nose, and ate it.

9. November 10: While appearing to be choosing kitchen knives in the Housewares aisle asked an assistant if he knew where the antidepressants were.

10. December 3: Darted around the store suspiciously, loudly humming the ‘Mission Impossible’ theme.

11. December 6: In the kitchenware aisle, practised the ‘Madonna look’ using different size funnels.

12. December 18: Hid in a clothing rack and when people browsed, yelled ‘PICK ME!’ ‘PICK ME!’

13. December 21: When an announcement came over the loud speaker,assumed the foetal position and screamed ‘NO! NO! It’s those voices again.’

And; last, but not least:

14. December 23: Went into a fitting room, shut the door, waited a while; then yelled, very loudly, ‘There is no toilet paper in here.’

Yours sincerely,

Charles Brown
Store Manager

With thanks to Smokey’s Security Forums/The Gorilla for providing me with this Tesco correspondence.


April 29, 2008 Posted by | Friends, News, Uncategorized | , , , , , , , , , , , , , | 3 Comments

New way to hack Oracle database

Security researcher David Litchfield has released technical details of a new type of attack that could give a hacker access to an Oracle database.

Called a lateral SQL injection, the attack could be used to gain database administrator privileges on an Oracle server in order to change or delete data or even install software, Litchfield said in an interview on Thursday.

In a SQL injection, attackers create specially crafted search terms that trick the database into running SQL commands. Previously, security experts thought that SQL injections would only work if the attacker was inputting character strings into the database, but Litchfield has shown that the attack can work using new types of data, known as date and number data types.

Full article: NetworkWorld
Paper with technical details: David Litchfield

April 28, 2008 Posted by | Advisories, Alerts, Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , | Leave a comment

RMS issues when Windows Vista Service Pack 1 (SP1) is installed

4/24/2008 8:56 AM PST The Microsoft Dynamics Retail Management System (RMS) Development team has identified problems when Windows Vista Service Pack 1 (SP1) is installed.
Windows Vista (SP1) was released on 3/18/08 and may cause data loss and
corruption in Microsoft Dynamics RMS databases.


Windows Vista SP1 includes a change to the way Microsoft SQL Server handles database records that include information from more than one table.
For example, a supplier record in Microsoft Dynamics RMS includes information from both the Supplier and Item tables.

User Impact

All users who have applied Windows Vista SP1 will be affected.


The Microsoft Dynamics RMS Development team is collaborating with the Microsoft Data Programmability team to find a resolution for these problems.

Until a resolution is released, we strongly recommend that you do not install Windows Vista SP1. If you have already installed it, you can uninstall it.

For more information about how to uninstall Windows Vista SP1, click the following article number to view the article in the Microsoft Knowledge Base:

Hot Topics

The following Hot Topics contain additional information about this issue:

PartnerSource –

CustomerSource –

Todd Berger
Microsoft Online Support Engineer

Source: Microsoft

With thanks to DSLReports/Name Game for bringing this alert to my attention.


4/30/2008 1:14 AM UTC Edit: additional Vista SP1 Service Pack information here

April 27, 2008 Posted by | Advisories, Alerts, News, Recommended External Security Related Links | , , , , | Leave a comment

Highly critical vulnerability in Trillian

Juan Pablo Lopez Yacubian found a highly critical flaw in the popular Trillian chat client that supports AIM, ICQ, MSN, Yahoo Messenger, and IRC.

Secunia: the vulnerability is caused due to an error within the processing of “Display Names” in messages. This can be exploited to cause a memory corruption by e.g. setting the “Display Name” to a specially crafted, overly long string and sending an overly long message to another user using the MSN protocol.

The flaw affect Trillian Basic v3.x and Trillian Pro v3.x

At the moment of writing this vulnerability is still unpatched so take care and add only trusted users to the contact list!

Source: Neohapsis

April 27, 2008 Posted by | Advisories, Alerts, Downloads, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , | Leave a comment

Java Anonymous Proxy (JAP): once a Crook, always a Crook?

Today’s post on DSLReports with subject “JAP” draw my attention.

From Java Anonymous Proxy (JAP) Homepage:

JAP makes it possible to surf the internet anonymously and unobservably.Without Anonymization, every computer in the internet communicates using a traceable Address. That means:

– the website visited,
– the internet service provider (ISP),
– and any eavesdropper on the internet connection

can determine which websites the user of a specific computer visits. Even the information which the user calls up can be intercepted and seen if encryption is not used. JAP uses a single static address which is shared by many JAP users. That way neither the visited website, nor an eavesdropper can determine which user visited which website.

Sound great. Especially because the software and services are free. But after reading the DSLR post my mind about JAP changed.

SUMware mentioned in the DSLR post an 2003 SecurityFocus article about the fact that JAPs anonymity service was (and still is?) back-doored. Sound not good anymore, sound really bad.

Excerpt SF article:

The popular Java Anonymous Proxy (JAP), used to anonymise one’s comings and goings across the Internet, has been back-doored by court order. The service is currently logging access attempts to a particular, and unnamed, Web site and reporting the IP addys of those who attempt to contact it to the German police.

We know this because the JAP operators immediately warned users that their IP traffic might be going straight to Big Brother, right? Wrong. After taking the service down for a few days with the explanation that the interruption was “due to a hardware failure”, the operators then required users to install an “upgraded version” (ie. a back-doored version) of the app to continue using the service.

“As soon as our service works again, an obligatory update (version 00.02.001) [will be] needed by all users,” the public was told. Not a word about Feds or back doors.

Fortunately, a nosey troublemaker had a look at the ‘upgrade’ and noticed some unusual business in it, such as:

“CAMsg::printMsg(LOG_INFO,”Loading Crime Detection Data….\n”);”
“CAMsg::printMsg(LOG_CRIT,”Crime detected – ID: %u – Content:

and posted it to alt.2600.

Soon the JAP team replied to the thread, admitting that there is now a “crime detection function” in the system mandated by the courts. But they defended their decision:

“What was the alternative? Shutting down the service? The security apparatchiks would have appreciated that – anonymity in the Internet and especially AN.ON are a thorn in their side anyway.”

Sorry, the Feds undoubtedly appreciated the JAP team’s willingness to back-door the app while saying nothing about it a lot more than they would have appreciated seeing the service shut down with a warning that JAP can no longer fulfill its stated obligation to protect anonymity due to police interference.

A press release from ICPP assures users that JAP is safe to use because access to only one Web site is currently being disclosed, and only under court-ordered monitoring.

But that’s not the point. Disclosure is the point. The JAP Web site still claims that anonymity is sacrosanct: “No one, not anyone from outside, not any of the other users, not even the provider of the intermediary service can determine which connection belongs to which user.”

This is obviously no longer true, if it ever was. And that’s a serious problem, that element of doubt. Anonymity services can flourish only if users trust providers to be straight with them at all times. This in turn means that providers must be absolutely punctilious and obsessive about disclosing every exception to their assurances of anonymity. One doesn’t build confidence by letting the Feds plug in to the network, legally or otherwise, and saying nothing about it.

Telling us that they only did it to help catch criminals isn’t good enough either. Sure, no normal person is against catching criminals – the more the merrier, I say. But what’s criminal is highly relative, always subject to popular perception and state doctrine. If we accept Germany’s definition of criminal activity that trumps the natural right to anonymity and privacy, then we must accept North Korea’s, China’s and Saudi Arabia’s. They have laws too, after all. The entire purpose of anonymity services is to sidestep state regulation of what’s said and what’s read on the basis of natural law.

The JAP Web site has a motto: “Anonymity is not a crime.” It’s a fine one, even a profound one. But it’s also a palpably political one. The JAP project inserted itself, uncalled, into the turbulent confluence between natural law and state regulation, and signaled its allegiance to the former. It’s tragic to see it bowing to the latter.

I don’t know JAPs anonymity service is anno 2008 still back-doored.

Main queustion after the JAP back-doored issue is, can we ever trust JAP again?  My answer is a clear NO. JAP will always have an element of doubt.

SecurityFocus hitted the nail with following remark in the article:

Anonymity services can flourish only if users trust providers to be straight with them at all times. This in turn means that providers must be absolutely punctilious and obsessive about disclosing every exception to their assurances of anonymity. One doesn’t build confidence by letting the Feds plug in to the network, legally or otherwise, and saying nothing about it.

I share SFs opinion. Therefore, stay away from JAP.

April 26, 2008 Posted by | Advisories, Alerts, Downloads, Malware, News, Recommended External Security Related Links | , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Hundreds of Thousands of Microsoft Web Servers Hacked

April 25, 2008; 8:00 AM ET Hundreds of thousands of Web sites – including several at the United Nations and in the U.K. government — have been hacked recently and seeded with code that tries to exploit security flaws in Microsoft Windows to install malicious software on visitors’ machines.

The attackers appear to be breaking into the sites with the help of a security vulnerability in Microsoft’s Internet Information Services (ISS) Web servers. In an alert issued last week, Microsoft said it was investigating reports of an unpatched flaw in IIS servers, but at the time it noted that it wasn’t aware of anyone trying to exploit that particular weakness.

“Microsoft is currently aware of and is receiving reports regarding public claims of attacks on IIS Web servers,” said Bill Sisk, a security response manager at Microsoft, in a statement e-mailed to Security Fix. “While we have not be [sic] contacted directly regarding these reports, we will continue to monitor all reports either publically [sic] shared or responsibly disclosed and investigate once sufficient details are provided. We have not yet determined whether or not these reports are related to Microsoft Security Advisory (951306) released last week.”

Dancho Danchev, an independent security analyst, has a decent write-up on signs that Web site owners can look for to tell whether their site has been hit by this attack. Danchev said all of the hacked sites appear to have Javascript coding adding to their page source that silently pulls down malware from a few domains in China, namely, and

Needless to say, if you run a Google search for these sites you will find tens of thousands that contain the script that redirects any visitors to these malicious sites. I would strongly urge people to steer clear of those sites: I mention them here so that Web site owners can more easily search the HTML code in their pages for these domains.

If you run your site with IIS, please take a moment to consider applying the workarounds in the Microsoft advisory for your version of IIS. Also, that post I mentioned earlier has some great tips to help administrators lock down their systems.


SQL Injection Attacks on IIS Web Servers

April 25, 2008 9:33 PM You may have seen recent reports that have surfaced stating that web sites running on Microsoft’s Internet Information Services (IIS) 6.0 have been compromised. These reports allude to a possible vulnerability in IIS or issues related to Security Advisory 951306 which was released last week.

Microsoft has investigated these reports and determined that the attacks are not related to the recent Microsoft Security Advisory (951306) or any known security issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies.

Instead, attackers have crafted an automated attack that can take advantage of SQL injection vulnerabilities in web pages that do not follow security best practices for web application development. While these particular attacks are targeting sites hosted on IIS web servers, SQL injection vulnerabilities may exist on sites hosted on any platform. More information on SQL injection attacks can be found here and here.

Guidance from Microsoft for web application development best practices can also be found on this MSDN page. Best practices guidelines that developers may follow to mitigate SQL injection, can be located here. As we continue to make progress in our investigation on this attack, we will provide updated guidance and information on the site. For the latest information on this issue, please subscribe or visit the IIS security forum.

For end-users, the investigation also shows no indication of an un-patched vulnerability in IIS, SQL Server, Internet Explorer or any other Microsoft client software, so we recommend customers apply the latest updates to be protected from these attacks.

To further protect themselves from reported attacks, we encourage all customers to apply our most recent security updates to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit:

Anyone believed to have been affected can visit: and should contact the national law enforcement agency in their country. Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY. Additionally, customers in the United States should contact their local FBI office or report their situation at:

Source and links provided by: BillS IIS Blog

April 25, 2008 Posted by | Advisories, Alerts, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , | Leave a comment

Free HJT/OTL (formerly OTListIt2) Log Analyzing and Malware Cleaning Services again available on Smokey’s

After a period of a closed HJT/OTL (formerly OTListIt2) Log Analyzing/Malware Cleaning Forum I am pleased to announce that from now on Smokey’s Security Forums offer again HijackThis & OTL Log Analyzing & Malware Cleaning related Support, Help and Advice.

This (free) help will only be provided by full qualified HJT/OTL Analyzers/Malware Hunters, this for reason of maintaining the high standards of my forums: Help and Support only by qualified people.

Update 2010-14-03: Guests allowed to post on Smokey’s for Log Analysis and Malware Removal help

April 25, 2008 Posted by | Advisories, Bundleware, Downloads, Friends, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , , , , , , , , | Leave a comment

Death of Windows XP greatly exaggerated?

Microsoft CEO Steve Ballmer said the company could re-evaluate its plans to phase out Windows XP by June 30, if customers demand that it stick around. So far, they have not.

“XP will hit an end-of-life. We have announced one. If customer feedback varies, we can always wake up smarter, but right now, we have a plan for end-of-life for new XP shipments,” Ballmer said during a Thursday news conference, according to Reuters.

Big-name computer makers are still scheduled to have to stop selling models with Windows XP installed by the end of June. Mainstream technical support will continue to be available for Windows XP through April 2009, and more limited support will continue through April 2014.

Microsoft does plan to continue selling Windows XP for a limited class of PCs it calls “ultralow-cost PCs.” It’s a category that covers machines with slower processors, smaller screens and, in many cases, flash memory, rather than a traditional hard drive, for storage.

Ballmer said most consumers are choosing to buy the current version of Windows, Vista. Many acquire Vista by default, however, since most new PCs ship with the operating system. Businesses have been slower to catch on, as many have clung to Windows XP and older versions of Windows

Source: CNet NewsBlog

April 24, 2008 Posted by | Friends, News, Recommended External Security Related Links | , , , , , , | Leave a comment

Download Windows XP Service Pack 3 (SP3) Final

Download provided by MajorGeeks

Verified: Signed
Signing date: 9:30 PM 4/13/2008
Publisher: Microsoft Corporation
Description: Self-Extracting Cabinet
Product: Microsoft« Windows« Operating System
Version: 6.2.0029.0
File version: 6.2.0029.0 (SRV03_QFE.031113-0918 )
MD5: bb25707c919dd835a9d9706b5725af58
SHA1: c81472f7eeea2eca421e116cd4c03e2300ebfde4

Size: 316,5 MB (331.805.736 bytes)

License: Freeware

(24 Apr 2008 2:28 PM UTC) Edit: removed the MajorGeeks download link after some considerations, I suggest you wait until XP SP3 is available at the Microsoft Update site.

(29 Apr 2008 5:02 PM UTC) Edit: Windows XP Service Pack 3 Release to Web (RTW) Delayed

April 23, 2008 Posted by | Advisories, Alerts, Downloads, Friends, News, Recommended External Security Related Links | , , , , , | Leave a comment

Major Microsoft Security Bulletin Revisions – April 22, 2008

Issued: April 22, 2008

* MS08-024 – Critical:

Revision: Added Internet Explorer 7 for Windows XP Service Pack 3 and Internet Explorer 7 for Windows XP x64 Edition Service Pack 3 to affected software.

* MS07-040 – Critical:

Revision: Added .NET Framework 1.0 (KB928367), .NET Framework 1.1 (KB928366), and .NET Framework Version 2.0 (KB928365) as affected components for Windows XP Service Pack 3 and Windows XP Professional x64 Edition Service Pack 3. This is a detection update only. There were no changes to the binaries.

April 23, 2008 Posted by | Advisories, Alerts, Friends, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , | Leave a comment

Windows XP Service Pack 3 FAQ

In addition to my previous blog post about the release of Windows XP SP3, Windows XP Service Pack 3 Released to Manufacturing (RTM), here a comprehensive Windows XP Service Pack 3 FAQ.

Windows XP Service Pack 3 FAQ

Q: What is Service Pack 3?

A: Windows XP Service Pack 3 (SP3) is the final Windows XP service pack, a collection of previously-released fixes and product enhancements, as well as a few new features that are unique to this release.

Q: Does SP3 include everything from SP1 and SP2 or do I need to install those first?

A: Though XP SP3 aggregates all of the previously-released XP fixes, Microsoft now says that you will need to install at least SP1 on XP before installing SP3. The company recommends installing SP2 first as well, though that is not required.

Q: What versions of Windows XP will work with SP3?

A: You can apply Service Pack 3 to Windows XP Home Edition, Professional Edition, Tablet PC Edition (any version), or Media Center Edition (any version).

Q: What about Windows XP Professional x64 Edition?

A: SP3 does not apply to the x64 version of Windows XP. Instead, that operating system is updated via service packs aimed at Windows Server 2003. The latest Windows 2003 service pack is SP2.

Q: Windows XP SP2 was released over three years ago. Why the delay on SP3?

A: While Microsoft is an enormous company with over 77,000 employees worldwide and over $50 billion in annual revenues, its organizational structure actually constrains which products are actively developed in some cases. For example, while a large team of developers, product managers, and program managers are involved during the ramp-up to any major OS release, Microsoft then pushes the product into its support organization for follow-up development in the form of hot-fixes, service packs, and so on. Other teams work on out-of-band updates that are typically shipped via the Web and, eventually, a new or existing team is constituted to work on the next major release and the entire process begins anew.

With Windows XP, however, Microsoft was forced to temporarily halt development on XP’s successor, Windows Vista, in order to complete XP SP2. That’s because this release, though provided to customers for free as a typical service pack, was in fact a major OS upgrade and was developed outside of the company’s support structure, a first for any service pack release. After XP SP2 was completed, the people involved with that project moved onto other things, typically Vista or Windows Server 2008.

In the case of Windows XP SP3, Microsoft simply dedicated every available employee it could to completing Windows Vista, which by that time was years behind schedule. So it’s only been since the beginning of this year that anyone turned their attention back to XP’s next and neglected service pack.

Q: What are these new features I keep hearing about?

A: Windows XP Service Pack 3 will not include any major new features, but it will include four minor new features that improve the system’s reliability and security. Contrary to reports, Microsoft has been very up-front about these functional additions for quite some time now.

These new features include:

Network Access Protection compatibility. Announced years ago, this feature allows Windows XP machines to interact with the NAP feature in Windows Server 2008. This functionality is built into the RTM version of Windows Vista as well.

Product Key-less install option. As with Windows Vista, new XP with SP3 installs can proceed without entering a product key during Setup.

Kernel Mode Cryptographics Module. A new kernel module that “encapsulates several different cryptographic algorithms,” according to Microsoft.

“Black hole” router detection algorithm. XP gains the ability to ignore network routers that incorrectly drop certain kinds of network packets. This, too, is a feature of Windows Vista.

And that’s about it. Nothing dramatic, as promised.

Q: That’s it? Is there anything else?

A: Nothing major. Some features have actually been removed, like the taskbar-based Address Bar option.

Q: Why is Microsoft even bothering to release this update? Isn’t everyone moving to Windows Vista?

A: Given the relative security, stability, and reliability of XP with SP2, and the subsequent release of Vista, XP SP3 may seem like a pointless update, but nothing could be further from the truth. Many businesses will roll out new XP-based PCs in the coming years, and as anyone who’s had to update an XP SP2 system can tell you, the 100+ updates that Microsoft has shipped since SP2 can be a nightmare to deploy. If you’re already running XP and have been regularly updating your systems all along, the release of XP SP3 will be a minor event. But if you have planned XP deployments in the future, look very carefully at this release and consider it the baseline for your next generation of PCs. Or, you could always consider Vista, which will of course be updated with genuine new features far longer than will XP.

Source: WindowsITPro/Paul Thurrott

Note: With thanks to Gladiator Security Forum/Chachazz for pointing out this XP SP3 FAQ by Paul Thurrott.


Installing Windows XP Service Pack 3 (SP3)

General Requirements

-Before You Install Service Pack 3
-Installing Service Pack 3
-Removing Service Pack 3
-Resources for Advanced Users and System Administrators

Microsoft TechNet

Windows XP Service Pack 3 On-going Questions Answered

Microsoft TechNet

See also DSLR Microsoft Help Forum:

Windows XP Service Pack 3 RTM Screenshots and Build

Updated: 22 Apr 2008 03:36 PM UTC

WindowsITPro/Paul Thurrott

Note: Information in the “Installing Windows XP Service Pack 3 (SP3)”, “Windows XP Service Pack 3 On-going Questions Answered” and “Windows XP Service Pack 3 RTM Screenshot and Build” Chapters provided by DSLR/Name Game


April 22, 2008 Posted by | Advisories, Alerts, Downloads, Friends, News, Recommended External Security Related Links | , , , , , , | 1 Comment

Windows XP Service Pack 3 Released to Manufacturing (RTM)

Microsoft announcement Windows XP Service Pack 3

(21 Apr 2008 5:04 PM UTC) Today we are happy to announce that Windows XP Service Pack 3 (SP3) has released to manufacturing (RTM). Windows XP SP3 bits are now working their way through our manufacturing channels to be available to OEM and Enterprise customers.

We are also in the final stages of preparing for release to the web (i.e. you!) on April 29th, via Windows Update and the Microsoft Download Center. Online documentation for Windows XP SP3, such as Microsoft Knowledge Base articles and the Microsoft TechNet Windows XP TechCenter, will be updated then. For customers who use Windows XP at home, Windows XP SP3 Automatic Update distribution for users at home will begin in early summer.

Chris Keroack
Release Manager, Windows XP Service Pack 3
Windows Serviceability

Source: Microsoft TechNet

Thanks to Smokey’s Security Forums/Chubb for informing me.

4/30/2008 1:19 AM UTC Edit: Windows XP Service Pack 3 Release to Web (RTW) Delayed

April 21, 2008 Posted by | Alerts, Downloads, Friends, News, Recommended External Security Related Links | , , , , | Leave a comment

Matousec’s Firewall Challenge wrinkle: conflict of interests?

From Matousec’s home page:

Firewall Challenge recommendations (2008/04/20 15:16)  Firewall Challenge revealed several notable security products. We have decided to recommend the best products to you via affiliate programs of their vendors. Every product that scores at least 80% in the challenge and thus receives our mark of Very good or Excellent Protection level may become a recommended product. We contact the vendors of such products in order to join their affiliate programs. The vendors that agree and provide us the necessary technical instruments will be linked from the result page of Firewall Challenge.

Apparently Matousec has throwed away the previous appearance of independency and credibility, and took a clear choice for profits, regrettably money is like in many other cases all that count to him.

To me this mean that his firewall tests aren’t reliable anymore, and now another issue raise too: how to rate his previous firewall tests? Are they performed independent? Or is it possible that during these tests a conflict of interests was valid and therefore his tests are biased?

My thanks to Wilders/wat0114 for pointing out Matousec’s new policy.

When and where was Matousec born?

As far i know, on May 19, 2006 Matousec announced his birth and intentions for the first time on CastleCops, and to be sure to get the necessary attention he accomplished that aim via a spam post to reach optimal effect:

His declared aim in that post was very noble:

I want to introduce a new security group to you. Our site is called Matousec – Transparent security and we are Internet and security related group of young people with desire in security research.Our first project is the Windows Personal Firewall Analysis and we have already published first results – a review of ZoneAlarm Pro. So, if you have ZoneAlarm installed on your computer you might be very interested in our review. We will continue with Sunbelt Kerio and others, read more.

It is surprising how fast his desire changed into what it is today…

Of course his spam wasn’t appreciated by the CastleCops folks, and very fast a reaction of them followed:

As a matter of ettiquete, matousec, it is considered very impolite to come to someone else’s site and pimp your own site in your very first post. In case you haven’t noticed, we have a fairly extensive review section on this site which includes a number of reviews of most popular firewalls, both pro and con. The discussion topics contain a lot of additional information as well.

Indeed Matousec’s post was very impolite, but he reached his aim: getting attention.

Starting from that day his star was rising, but like all stars, there is a day a star will tumble-down.
That fatal tumble-down event started today.

Update/Continuation 2009-05-03: Matousec’s New Moves to Recapture the label “Trustworthy”

April 20, 2008 Posted by | Alerts, Downloads, Friends, News, Recommended External Security Related Links, Uncategorized | , , , , , , , , , , | 10 Comments