unhandledexception.net

I just checked the web page for this course I am taking, called Numerical Methods. Now most engineers will jump up and say “it’s easy, what’s the fuss all about?” Well, turns out I decided to take the Computer Science version of the course, which is much more theoretical, much more in-depth and much harder. I took it against all advice from past students. But it fit in my schedule, and what the heck, I thought… I was up for a challenge. As a result of this I was locked in studying all of last week for that, and it paid off, I just got the results from the test and I did pretty well! Now all I need to do is walk in class next thursday night, and accept my grade for the course, which would probably be an A or a B. In spite of all, I am happy I took the course. It gave me an opportunity to flex my math muscles!

Today was a bummer. I went to school to work on the Requirements assignment. The first question was someking of a joke on Propositional Logic. OK, got that nailed down pretty well, especially given the fact that the practically gave the answer out during the tutorial two weeks ago.

The next question was on Isabitch, err… Isabelle, pardon me. Isabelle is a theorem prover. No, don’t rejoyce kids, it won’t be easier to use it to prove your COMP 238 theorems. I finally got a hang of its syntax by looking at some examples scattered over the web, and our prof’s slides. HOL, what they like to call Higher Order Logic must be a parody of some sort, because it’s anything BUT that. Basically, it’s got some sort of “record” type, similar to what a struct is in C. But that’s where the similarities end. For one, you’d expect to address that kind of thing for a date as date.year, date.month and date.day. Or perhaps something like date -> day. Turns out it’s day date. To increase the day, one would go day date + 1, and don’t dare do day date -1, it treats -1 as some other token so you have to do day day - 1 (put a space between each token). Speaking of errors, it seems that it’s designed to throw out the most obscure error messages it can… So, I got the syntax down, run it, wow, what a beautiful waste of CPU cycles, and human time. Well, if it had some of that “Higher Order Logic” it claims, well, I’d expect it to know that yesterday’s tomorrow is today. Good job wasting your time and government grants, whoever it is that made this crap ever see the light of day.

OK, so onto the next problem, Rational Rose RealTime. Rock on! Problem is… what exactly do I have to do? Complete which state diagrams? Make what run? Am I clueless?

Looks like another day of plowing through assignments at school tomorrow! We still have to do our last design assignment. We also have our information systems security assignment, ugh, did I forget I had to read up on iptables? Frankie, you better run your so-called exploit quickie quickie before I play around with these iptables :p BTW, u guys figured out what pwn3d means yet? Oh I gotta show you the video of the gamer getting pwn3d… let’s see if I can find it and link it here :p

Edit… here it is : http://pwned.nl/

I know, I am not posting as much lately, given the fact that there’s a whole bunch of things happening left and right.

Last weekend I was at school, working with our team to finish up on the many group assignments that were imminently due. That’s when I discovered the benefits of Paired Programming, a pillar of Extreme Programming.

This weekend I am cramming for my Numerical Methods term test 2 comming up this thursday night. It’s hardcore math, and the test is worth 60%. The positive side to this is if I do well, I shall not need to write the final exam, which means I’ll be finishing school on the 15th rather than the 22nd of December.

Next weekend? At school again, working with utterly crappy software such as Proof General, Isabelle (yeah, she’s a bitch) and Rational Rose Realtime. The first two will involve hacking their obscure, badly documented syntax, and the third will involve restarting it 50 times, because it crashes so much. I guess they are trying to show us how it feels to use bad software so we do better. No need for that buddy, I’ve been using Windows since 1993.

Anyway, till the 15th, I will probably be cramming for finals and finishing up projects. Wish me luck.

Just when you thought it would be over and done with, there’s yet another twist to this story! With the rootkit they published, they have included the popular LAME (Lame Ain’t an MP3 Encoder) perhaps in order to avoid paying liscencing fees to Fraunhauffer, to who MP3 decoding technology is patented to. The problem is, that LAME is distributed under the LGPL liscence, a form of copyleft that, among other things, allows anybody to redistribute or alter the software provided that they also redistribute the source code of their product. Where is the source code to Sony’s rootkit? Nowhere to be found of course!

I guess when you are big and powerful, you expect people to respect your copyrights, but you can’t be bothered to respect other people’s terms of publication. No explanation is needed, we all know how dirty this business is.

Here’s the story on BoingBoing.net (Cool site!)

And for the real cream of the crop of Sony haters out there, there’s the Sony Boycott Blog.

Last news is that the infection has spread like wildfire, infecting many PCs across North America and Europe. Sony has recalled their CDs, and Microsoft is promising to publish updates that removes this ugly stuff from PCs. To add even more fuel to the fire, the removal software that Sony publishes contains loads of serious security flaws, one where users merely need to click on a link (on Internet Explorer of course) to have any web site install any software it wishes on your PC, and I am sure spyware publishers are going to be quick at looking that one up. I guess maybe now’s the time to switch to Firefox?

Remember my little rant about Sony and their Rootkit? Well guessie guessie what? Trojans exploiting the vulnerability have appeared and are now circulating over the wonderful world we call the Internet. Also, being the USA, lawsuits are beginning to fly left and right… and more are expected to come. Good going, Sony!

On the good side, things are settling now. Sony pulled the plug on this thing, but not after denying several times that there was actually a problem, and re-iterated their right to protect their stuff from piracy (yeah, of course). Antivirus makers have also posted updates that detect and wipe this pest clean.

One simple thing you can actually do is disable autorun. Autorun is a feature that allows a program on a cd to be automatically executed when the cd is put in the computer. Thus if the cd contains a malicious program, at least it won’t be executed. This might be annoying for things like games, in this case you open the cd drive under My Computer and look for the program yourself. Linux does not support autorun, so this is not a problem.

Ever wonder why radio is so crappy around here in Montreal? Simple. The curent format has been used, overused and abused. It’s getting old, an d it’s definately time for a change. The recipe for a radio station is simple. Take a set of about 800 pre-selected songs, mix in commercials and stupid jokes and there you go! People are supposed to listen to it and enjoy it.

So let’s say they play 12 songs an hour, this gives them 12 minutes of commercials, talk, and other filler each hour. Of course they will add much more commercials during rush hour and barely run any overnight, but let’s consider this a gross estimate. At roughly 300 songs per day you will start hearing the songs on the third day. But then again, out of these 800 tunes, not all will fit the station’s format, so the selection is actually less.

One should feel pitty for people that have to listen to it every day. The trainers at my gym do. They have to listen to Mix 96 all day, and with that station, the more you listen to it, the more it’s horrible. Lately, it has degenerated into playing R&B for the great part of the day. YUCK.

Yesterday, The Gazette ran an article on CKDG.

As much as I hate the title of that article, mainly because of my heavy dislike for the product, I couldn’t agree more.

You have probably heard of phishing, but since it seems to be very fashionnable these days, I’ll take a shot at it on my blog, just like everybody else. So phishing is another one of these threats lurking on the internet. It is the act of posing as a legitimate organization (a bank, government, etc.), and asking for personal information, passwords or credit card numbers, but it’s not only limited to that, as they can convince you to do all sorts of things, like download a piece of software that will compromise your computer security or do other really nasty things. Just like fishing, the victims bite on the bait by fulfilling the demand. The reason these are more of a problem these days, is that attackers will pay more attention to detail, thus the messages look more and more authentic.

NEVER, EVER, UNDER ANY CIRCUMSTANCES, RESPOND TO THESE MESSAGES, NO MATTER HOW BAD THEY THREATEN YOU IN THE CASE OF NON-COMPLIANCE. USE THE “REPORT SCAM”, OR “MARK AS SPAM” FEATURES OF YOUR WEB-BASED MAIL READER, OR, SIMPLY DELETE THE MESSAGE WITHOUT FURTHER ADO. DO NOT, IN ANY CASE, RESPOND TO THE MESSAGE, AND NEVER DO WHAT IT SAYS. IF YOU ARE UNSURE, CONTACT, THE INSTITUTION, PREFERRABLY BY PHONE.

So I get this e-mail, impersonating Desjardins, the major co-op financial group in Quebec or “caisse populaire”. The message is in French, obliges the victim to re-activate his/her account before november 7th otherwise it will be closed.

Well first of all, I don’t even have an account there! Second, there’s a spelling mistake in the first sentence, concerning past participles. Isn’t French hard enough? The rest of the message looks like it was written by a high-school dropout whereas a communication from a financial institution would undergo some proofreading, but then again, don’t count on that! As I said before, they are paying more attention to detail now. The hyperlink looks like it’s pointing somewhere legitimate, but it’s obviously not, the text has been modified to make it look good, as any text can serve as a link to anywhere. This image, in this case is broken because Gmail filters external images in e-mail messages. But had it not been filtered, I am sure the logo of the institution would show up.

Why filter these images? You might think that images are inoffensive, and they are for the most part. However, it’s not the image we are concerned about, it’s where it comes from. If e-mails can be read as a document containing pictures, it’s because it is formatted in HTML, just like a web page. A web page can be made to display remote images by specifying it’s internet address. Your e-mail reader will then fetch the image and display it. This is exactly where the problem is! When fetching the image, your e-mail client will transmit your IP address (a number that uniquely identifies you computer on the internet), and some other less important information, as part of the internet protocol. This tells the attacker that you have received and read his e-mail, your e-mail address is valid, and knowing your IP address, he can attempt to compromise your computer.

Fortunately most e-mail clients today block external images by default. If your’s doesn’t, you can either switch to one that does, or disable HTML e-mail (instructions here).

Gmail also provides for identifying phishing. Of course mine is configured in Greek, but you get the idea.

Gmail will then file the message as spam and append a big red warning:

For those who don’t yet know what rootkits are, in one line, it’s pretty dangerous and scary stuff. A rootkit is a very malicious piece of software that is used to hide information and programs from you, on your computer. Antivirus, anti-spyware programs, firewalls, and other security software you might trust will not have a clue that any of this hidden information even exists. A malicious user can then exploit this to hide viruses, spyware on your computer, unauthorized file access, modification and deletion.

In detail, rootkits alter the Windows (or the host operating system’s) API, software built-in to the operating system that provides an interface for applications to access the different services on the computer, such as files on your hard disk, other programs, devices and networks such as the Internet. The operating system then will not report the existence of certain files and running programs selected by a malicious user, so windows utilities and antivirus programs won’t even know that something bad exists..

Some programs do limited rootkit detection. One of them is Kaspersky, an excellent antivirus program. Though, rootkit protection is at its beginnings now, as software companies are beginning to realize that this problem really does exist, and that it must be addressed.

Where does Sony come into this story? According to this article on Mark’s Sysinternals Blog, Sony has begun deploying this wonderful technology to the masses. The reason for this is to control their copyrights, the software will then make sure the user can only make three copy-protected backup copies of the disc. So the rootkit is in there hiding a process that does that. To add insult to injury, the software is poorly written, exposing the target computer to a nice variety of potential security breaches. Obviously, these programmers were merely doing their job, implementing disastreous technology without even considering the consequences of publishing such software.

The lesson to be learned from this are clear. In this world, no matter how well a company is established, they are still very prone to use dishonest and illegal (rather, criminal) techniques to acheive their ends. We have seen this with Microsoft, successfully persuading McAffee and Norton to falsely identify (and automatically delete) a Windows activation code generator as a virus. Now Sony is venturing in this dirty business. You might think they are merely enforcing their intellectual property rights, but in both cases they severely undermine their credibility, and in Sony’s case, they make the client’s computer more vulnerable to attack.

I have seen kids thrown in jail for launching distributed denial of service attacks in my own town, Montreal. When am I going to see the Sony CEO and his crooked bunch thrown in jail for hijacking millions of machines? Why is it OK for corporations to commit computer crimes to serve their interests with impunity, but it’s not OK for a kid to shut down eBay.com just for kicks? Double standards.