M$ WindowsXP just got a newer version of Update with new Components!

I am not sure if anyone is aware of it or not, so kindly spare me if it’s not NEW in the sense I wish to convey. (Or may b, you didn’t discover it the way I did) 😛
For no particular reason, I visited the windows update page today (using IE7) and got this message:

WindowsUpdateComponent

As you can see, the *latest version* of Windows Update requires a few components to be installed on your system. There’re also some details regarding the components, which are hidden using a javascript function.

I’d encourage you to read all the benefits that are provided by the latest version. Once you are done reading them (and figuring which of them are new and which makes sense), proceed to discover the *special component*.

WindowsUpdateComponentDetails

Apache Headache: “no listening sockets available”

Update 1: I was unable to configure MySQL. Reason: It was installed in C:\(blah-blah) and , probably, do not have write rights in the directory. Installing it to D:\(bigBlah) solved the issue. Duh!

Update 2: I see a fairly good traffic coming here searching for the same problem. So, in case you are in a hurry, this is mostly a summary to inform you that in all probability, YOU HAVE SOME SERVICE RUNNING ON PORT 80. Check out using TCPView (if you are on windows). Hope that helps. 🙂

I am currently working on an official XSS (Cross Site Scripting) presentation. I needed some screenshots of alert boxes and defaced site. So I installed Apache, configured it to work with PHP. (If you need help in installing and configuring MySQL, Apache and PHP, look here).

But this was day before yesterday. Yesterday, I needed to make a quick manipulation to the script, but… Apache won’t start. The error I was getting (using eventvwr) was:

>>> (OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 .

It’s pretty apparent that some other jerk was sitting and listening at port 80. Yesterday, however, was too hectic to discover the rat. Today, I ran TCPView (thanks to Shruthi for suggesting) to discover that inetinfo.exe was the ra**al. TCPView is one of the nicest tools created by the guys at SysInternals, which was later acquired by Microsoft. Rats!

Anyways, the fun part was stopping the service. I couldn’t kill it. Neither using TCPView, nor Task Manager. It would again span back to life 🙂

So, finally I opened services.msc to stop the IIS server and change the automatic start mode to manual mode. Heck! I should have disabled… or even better, deleted the scoundrel. 😀

So, if you have the same problem, you are in all probability in office right now and hence may not be aware what services are running. Use TCPView to discover all those unnecessary network services. It’s a great tool. Further, you might also want to switch some stupid services from automatic start mode to manual (or disable :P). Use Services.msc.

TPM Boys withdraw paper from BlackHat USA

I hope you remember the young Indian security researchers Vipin Kumar (22) and Nitin Kumar (23), the TPM Boys [I guess, that’s the way they call themselves. At least their blog confirms that. 🙂 ]They presented a Paper “Vboot Kit: Compromising Windows Vista Securityat Blackhat Europe – 2007.

The talk explained the (different) booting process of Windows Vista. It also introduced the concept of manipulating an OS during its boot process using VBootkit. Finally, they gave a live demo of VBootkit in action (on Vista).

This event was Slashdotted. VBootkit was also blogged by Bruce Schneier. Here is an interview of the “boys” at SecurityFocus by Federico Biancuzzi. In their own words, “Vbootkit is much like a door or a shortcut to access vista’s kernel……. since vbootkit becomes part of the kernel, it can do anything that Vista’s kernel can do.”

This all, however, is a news of past. The current news stirred more vigour and controversy. They had yet another paper “TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)” scheduled to be presented at Blackhat USA – 2007. They withdrew there paper last week without any comments. This news was Slashdotted and resulted in a (typical) slashdotian variety of comments. Some even doubted if they really had any success in their research. Well, you cannot really blame them. That’s the fussy nature of our FOSS communities… errr… wait. Before you bash me, I’d like to remind you that it’s not (only) me who says that. It was originally cited by Mark Shuttleworth. An amazing number of people opposed Mark by creating a lot of Fuss. 😉

Coming back to the story. A user, by the handle PoliTech, commented on Slashdot and reminded the Michael Lynn’s paper at Blackhat about his research on Cisco Routers. Cisco and ISS sued Lynn and the management of Black Hat conference. It’s worth noting that Lynn was an ISS employee. 🙂

It should be also be noted that Vipin and Nitin’s previous presentation was in Amsterdam, Europe. This presentation, however, was scheduled in US… and the (stupid) US laws can screw things up. Based on Lynn’s case, it is quite apparent that Vipin and Nitin didn’t wish to get caught in any such undesirable situation.

I hope to see them present the paper at some other conference (or location) pretty soon. Best of luck guys.

OffTopic: Coincidentally, my younger brother’s name is Nitin. 🙂

Bill Gates no more The Richest

Slashdot updated today that Billy Boy is no more the Richest man in the world. The position is, however, not official. The standard is Forbes list.

Billy Boy has been surpassed by Carlos Slim, the Mexican Telecom tycoon. Bill’s current estimated wealth is $ 59.2 billion, while slims estimated wealth is $67.8 billion.

Reasons:
Two of the most obvious reasons are:

  1. A surge of 27% in the stock price of Slim’s wireless company, America Movil, in the second quarter
  2. Bill reduced his net wealth by more than $30 billion, which he put in the Bill and Melinda Gates Foundation. 🙂

What Next?
Nothing really. To a question asked to him at the Microsoft conference last year, whether he’d be upset if someday he wasn’t the richest creature ;), he responded, “”I wish I wasn’t. “There’s nothing good that comes out of that.”
Moreover, he’d be retiring in a year’s time and would be dedicating he’s time, energy, and money to the Bill & Melinda Gates Foundation. I wish him luck. 🙂

Month of Search Engine Bugs: “Mission Accomplished”

The Month of Search Engine Bugs by MustLive has come to an end.

MutLive reports:

In the project took part 33 search engines (30 web engines and 3 local engines) of 19 vendors, some vendors have several engines. The list of project’s participants (in order of appearance): Meta, Yahoo, HotBot, Gigablast, MSN, Clusty, Yandex, Yandex.Server (local engine), Search Europe, Rambler, Ask.com, Ezilon, AltaVista, AltaVista local (local engine), MetaCrawler, Mamma, Google, Google Custom Search Engine (local engine), My Way, Lycos, Aport, Netscape Search, WebCrawler, Dogpile, AOL Search, My Search, My Web Search, LookSmart, DMOZ (Open Directory Project), InfoSpace, Euroseek, Kelkoo, Excite.

Altogether there were published 104 vulnerabilities in mentioned engines. Including Cross-Site Scripting (as XSS, and as HTML Injection), Full path disclosure, Content Spoofing and Information disclosure vulnerabilities. It is without taking into account redirectors in search engines (altogether there were published 23 redirectors).

Results of the projects: fixed 44 vulnerabilities from 104 (without taking into account redirectors). It is 42,31% fixed vulnerabilities. Owners of search engines have a place for improvements of their engines’ security.

Over a period of 30 days, 104 and vulnerabilities/bugs were discovered out of which only 44 have been fixed. Out of these 19 vendors, only two (Rambler and Ezilon) have thanked him for his commendable hardwork.

Several researchers, including Jeremiah, RSnake, Christ1an etc. blogged about it. Considering the complexities involved in the fixing a bug, they agree at some point that 44 is still a good number. However, there is one Big “Cheer” Leader which isn’t fixing the bugs. No points for guessing that the Leader believes in “not doing evil things”.

Bill Gates wins me!

I realized that the title of this post has a contrast with my previous post, only after I wrote the topic. Thus, I feel that it is obligatory to mention that I am still Anti-M$. I still do not support there business model. Phew!
…and yes. The contrast in the names is just a mere coincidence. I know it’s tough to believe, but then I don’t lie.

Now coming to the topic.
I have always appreciated the way Bill Gates (and, of course, his wife) has spent time and money on Melinda Foundation. I remember posting my views a few days ago on Arpit’s blog.

A few minutes ago, I read Bill Gates speech transcript that he delivered at Harvard.
He starts the speech on a light note and calls himself a “bad influence” by reminding that he made Steve Ballmer drop out of B-School (Oh! How I wish that Gates had failed in convincing Ballmer 😉 ).
He continues his speech by talking about how ignorant he was about the socio-economic and health problems of the developing nations, when he joined Harvard (and even later.)
The thing that blew me was that for the most part of his speech, he talked about how technology can and should be used for the help of these people.

I won’t mention the details. I’d pursue you to read it. I hate to say, but Bill seems to be a bright candidate for my future plans (after he drops out of M$, of course).

Google Lost Me!

It’s strange writing something like this using a service that’s owned by Google. 🙂
But it was long overdue.

There was a time when I used address Google as “Google God” :).
Used to believe a lot that they religiously follow their “Do no Evil” motto. I forgot that as companies grow, there are bound to be employs who are evil by nature.
It reminds me of my Pre-Placement Training during college days when I was “tutored” that, Honesty is not a strength. You are supposed to be honest” This obviously isn’t true when people take the excuse of “everybody-is-doing-it-so-why-not-me”.
And lets face it.
Money matters!

Anyways, coming back to the topic; I mentioned in one my previous blogs when my Google AdSense account was disabled because of my own mistakes. I took the responsibility and had no complaints. However, when my AdSense account was disabled for the second time, I made a thorough study of their privacy policies. That’s when I came to know about their two-faces.
They allow several sites to utilize their services even when they falter with the terms and conditions. One thing common among all these sites was, “they all are High Traffic sites”.

As I mentioned, a post on the topic was long overdue. I stopped myself with one or other reason. The latest development, however, made me talk about it.
According to Privacy International’s latest report on Top 23 Internet Companies, Google held the last spot (even below M$). This topic, as Privacy International itself admits, is controversial. It’s report however, is substantially supported.
You might want to have a look at the post on the same topic on RSnake’s blog. Do not miss out on the comments.

Footnote: This post is not an outlet to my anguish. I (mistakenly) had more faith in Google than most of you. Another post on innovativeness of Google technologies is due.
And BTW, I do not mean to say that Google has turned evil. I believe as the company has grown, the motto has changed to “Do no Evil. If there is any, close your eyes“.

An insight into Sun’s *crazy* strategy.

I have been reading a lot of discussion on Sun’s current market position/revenue versus their *mad* strategy. I have simultaneously been working on Java’s history for my book. I thought it might be interesting to post my views on the topic and see what others are thinking. To justify/criticize Sun’s current modus operandi, I will talk a little about their past strategies, and their respective outcomes.

The Past

Most of the people know James Gosling as the father of Java. Only a few know that he was also the lead engineer of Gosmacs (gmacs or Gosling Emacs) and NeWS. Now, I won’t be talking about Gosmacs (which according to some people is/was the reason of some conflict between RMS and Gosling. Phew!)
However, NeWS (Network extensible Window System) is of a little concern, mostly because it was arguably superior to X Window System… and because it FAILED. The most important reason for its failure (and X Window’s success) is that Sun kept it proprietary.
Later on when Sun developed Java, some people, especially the genius Eric Schmidt (then CTO-Sun, now CEO-Google), were aware that keeping Java within enclosed fences will lead to similar devastating results. Not to mention that *7 (for which Java was developed) had already failed and Java was still in search of a viable market.

So what did he do?
He focused on making it as open as possible and tried building a *Java Community*. (Google SoC, IMHO, is also a “win-the-community-and-you-win-everything-else” approach. But then that’s a different topic altogether. 😉 )

Where were we?
Yeah! So he focused on building a Java Community.
Apart from organizing developer conferences like JavaOne, Sun also encouraged user groups (JUGs), which reached over a number of 400 in year 2000 itself. In fact they went a step further with JCP (Java Community Process) to make the development of Java *as open as possible*.
The reality behind all this community building scene was the fact that the direct control remained with Sun (well mostly).

Everything, however, was running smooth; for Sun as well as the Java developers.

“I envy you. But such a thing is not meant to last.”

Persephone, Matrix Reloaded

I guess the above statement is valid for every aspect of human existence.
In early 2004, Jonathan Schwartz, referenced Eric Steven Raymond’s “The Cathedral and the Bazaar” and compared JCP to the “Bazaar”, stating that development of Linux was more like a “Cathedral”. I would not expand on it but this was enough to infuriate ESR 🙂

ESR wrote an open letter addressed to Scott McNealy, CEO-Sun, with a subject line “Let Java Go”. He accused Sun on several fronts (for which I’d pursue you to read the letter) and appealed to Open Source Java. A few weeks later RMS wrote an essay on Java Trap and appealed the developers to contribute and use open source projects like GCJ/Gnu Classpath etc. Several other appeals/open letters were published (Apache’s Geir Magnusson Jr., IBM, etc.)

A series of events followed before Sun announced that it will be open sourcing Java. There main concern was Microsoft forking Java and hence, destroying its cross platform compatibility (which shows that they really were clueless on how Open source model works/ can work).
They had no other option than to Open Source the *giant*, and they did it.

The Present

The past unarguably affects, if not defines, the present. Sun’s experience since the NFS days to (forced) Open Sourcing Java days taught/reminded them of their most important lesson.
The Community is fruitful!
Build a community and everything else will follow, sooner or later.

So here they are.
Open sourcing EVERYTHING.
Building Community, and making it mutually encashable. It’s obviously not so profitable for them today, but the future holds immense potential.

The way they have been endorsing and promoting stuff is simply adorable. Even NetBeans has its own *arena*.
Not to mention the, so called, developer conferences organized all over the world in a distributed fashion to reach the most number of developers. I, however, have several concerns regarding them. You may read some of them at Amit’s blog. I hope Sun listens to the plea of developers and improves the quality of these summits.

Another amazing strategy, IMHO, is the blogs that Sun employees post regularly. I have subscribed some of them and it’s really amazing to see that how important role these blogs are playing in binding people. They often link each other’s (Sun Employees, of course) blogs. You can have a look at the Sun-Blogging homepage to get a feel of the number of hits the folks out there are getting. Now even if I read only one of these, I’d get to know about latest developments. I am not sure whether it’s a part of their strategy, but it’s definitely working as a powerful advertising medium.
Yup! I know that employees of other firms write blogs too and probably get bigger number of hits, but I haven’t seen anyone of them making so much of a difference on an organizational level. (Please correct me if I am wrong)

The Future

I am no Nostradamus and I cannot predict future.
All I can say is the future is (mostly) Free & Open. IBM (previously referred Satan) secured its place (with a Halo on head) by contributing to the Apache httpd project and winning the FOSS community. Now it’s Sun’s turn and they are playing pretty well.
Yes, their revenue might be a concern today; but I don’t really see a reason why there future shouldn’t be bright. 🙂

Amazing Interrupt Handling!

Q. Where do you think will you find an amazingly crafted code that would give priority to a Screensaver over a Keyboard/Mouse interrupt? No Kidding. Think.

Ans. If you guessed it to be an Operating System designed by the Redmond Giant, you are stupid. It’s not something to be guessed.
I just posted to let you know that I experienced this amazing feature when a (stupid) piece of Java code (along with Winrtgen, Cain’s Rainbow table generator) resulted in 100% of System process usage.
Lucky me 🙁

Vista!!! (3 Exclamations.) is here? (Why :-/)

I don’t intend to post any review of the vista.
There are some neatly written essays on the topics by experts, like this one.
I was going through the article and stumbled on this page, which has the picture given below.

Vista Malware

What happened was due merely due to fast glance and my mouse cursor covering a part of the word; the hardware appeared to me as malware, making it Is it time to upgrade your malware?

Now that’s wrong on my part to ridicule someone because of my own mistake… but honestly. Is there any difference?

UPDATE:
Very very honestly. I had read only the first two pages the security focus review before writing the above lines. However, the third page contains the following para:

So, one craplet pops up demanding to be enabled; you exit that, and a different one pops up telling you that you really ought not to have done that. Now, my definition of malware is pretty straightforward: malware is any code that causes my computer to behave in a way I don’t intend, or any code that prevents my computer from behaving in a way that I do intend. Thus the Vista Security Centre is, quite simply, malware.

Wohoooo!
I am a genius.

Wiley’s Best Selling Comp Book ;)

winxpfordummies.jpg
I captured this “masterpiece” from Wiley’s site from this link a few moments ago. 🙂
Look at the contrasting words:

“Windows XP”
“Dummies” &
“Best Selling”
>:)

…….And I thought that the number of geeks is on an increase.
Well, Microsoft proved me wrong.

I should have already guessed this from the amount of crap forwards I receive in my inbox….. right from the “forward and donate….” to “forward else die…” mails.

I again request the forward-ers to read this article on Colukabki before forwarding any mails.

Linux for Coding,
Windows for Gaming. 🙂

Have Fun.