Archive for the ‘Internet Explorer’ Category

Final Post

October 2, 2009

No – I’m not dead yet!!

This is a final post at Tigerstail.wordpress.com because I am tired of seeking knowledge and bitching about that which is. It is time to use my skills to develope the solutions to all of the problems I have discovered.

Join Me at jimmicap.wordpress.com

IE8 Privacy is an Oxymoron

September 20, 2008

I could have said that the IE8 privacy function is a lie or a joke but I happen to like the word oxymoron. In my preliminary tests I was acting as if my life and future depended on my online privacy and didn’t bother doing a comparison. I found my surfing history in cache memory, that Ccleaner didn’t wipe the cache memory information and that there was a hidden system file called PrivacIE (pronounce that “Priv A C”) which contained a hashed index.dat file which was untouchable. Not a bad find for a quick survey. I did a preliminary test against Firefox 3 automatically wiping all privacy data on closing and found a few lingering cookies which Ccleaner seemed to wipe out but no cache memory of the sites I visited.

I sort of find a hashed index.dat file (in a folder called PrivacIE) and a record of my surfing history in cache memory an insulting and direct compromise of the promise of real internet privacy.

If anyone cares about the method, I’ll do a post on it.

Screwing up XP!

January 6, 2008

I’ve sort of been suggesting that part of the reason that Vista has not been universally accepted is because Windows XP is a mature, sable and secure operating system which has no need for a replacement except perhaps in the gaming community. There are many independent companies that understand the system and are writing independent security software to defend you against Virus, malware and to secure your privacy against unwanted preservation of sensitive data or images.

The truth is you can do a pretty good job of defending your machine by using Firefox as your browser with settings that insure your privacy and erase all surfing history. Naturally, you can back this up with Ccleaner and an independent antiviurus and your in pretty good shape. You may want to use your traditional XP search function to check for cookies that may have been missed and to check the images in all hidden and back-up files. After everything unwanted has been eliminated, defragment your system and overwrite your unused space with a seven pass disk wipe.

From what I know of forensics, that is probably enough to prevent the repairman at your computer repair shop from reporting you to Homeland Security and may be enough to prevent recovery of images and files after you reformat your hard drive. (However, if it were my freedom at stake, I would give the drive the Lot’s wife treatment and buy a new drive.) Overall, I am fairly well convinced that XP is a defendable operating systems for mere mortals that follow a set routine and pay attention to security.

Since this belief is probably true, it leaves, Microsoft and the government out in the cold when you choose to observe their nefarious connections. No, you cannot stop unwanted predators from connecting to your machine and probing you but you can keep your machine clean enough that there is little there to find. Now with Vista, this is clearly not the case. There are back-ups of everything as the default and many are complaining that that use of Vista will be a one way ticket to jail or unemployment as your total computer use is an open book.

So what is the answer for Microsoft and the Government to threats from a protectable XP operating system? Simple, introduce an unavoidable SP3 service pack. I mean I avoided the upgrade for IE7 forever or at least until there were so many vulnerabilities that were left unplugged until I down loaded it even though I use Firefox. I suspect avoiding SP3 will eventually leave me so exposed that I will have to do it and ultimately upgrade myself to a system as unknown and undefendable as Vista. Once this happens I may as well switch to Vista.

Oh well, shit happens.

Resistance is Futile, Knowledge is Soporific!

Vista Security-Oxymoron

December 11, 2007

Let’s start with basics, Vista Security is an oxymoron – It simply doesn’t exist.

I finally hacked an installation on a brand new machine and worked at putting an anti-virus on the machine. At the time, everything I tried was incompatable or my downloads were blocked. I tried Zone Alarm, PCcillin and Kaspersky. So I ended up with One Care which the whole world is condemning for being a weak system. I also attempted to install my Malware protection but every time I ran Spybot Search and Destroy, my computer locked up and AdAware wouldn’t update without locking up my machine.

I have now reached the end of my one month trial period for One Care so decided to check my machine and see how outside suppliers rate it. One Care says I’m at risk because I won’t let that cancerous back up program operate and I haven’t paid them. I tried running PCcillin House Call and was told that they couldn’t really check some operating systems. I tried Kaspersky on Line service and it told me I looked OK but there were 150 blocked files that they were incapable of inspecting.

I would have felt better if I was told that they inspected everything and I was clean.

I tried reinstalling Spybot Search and Destroy but it locked up when I tried to update it and I couldn’t get it to run. I tried to run it a few more times. It identified a couple of problems and shut down saying I aborted the process. AdAware refuses to update and stalls. When you force it a few more tries a screen pops up saying the update is complete without telling you what was updated. When I ran it, it took 18 minutes to get half way and finished in one more minute. I removed the cookies I found but don’t really trust the results.

If the Vista machine were used for anything more than surfing and writing an occasional post, I wouldn’t know what to do. I have no idea what kind of bug is on the machine nor do I trust any tools that are supposed to help me find and eliminate it.

Vista Security, Truly an Oxymoron.

Updating Windows XP

December 8, 2007

How often should I update Windows?

Every hour until you get it right!

One of the reason I like PcCillin is because of its independent search for windows vulnerabilities. Where this tool comes in handy is when my machine starts slowing down for no reason. I mean I did an online virus check and found no virus at all. The caveat of course was that it failed to check about 20 blocked files. I tied running AdAware but found that updates were blocked. So I know I wont trust that result no matter what.

When I did the PcCillin test, I found one vulnerability ms05-04. Since I really didn’t have a clue on trapping my pet bug, I decided to close the vulnerability knowing in the long run it was a fools game.

Keep in mind that this is a fully protected and updated computer just one month ago but yeah I do write some stuff that probably cause me to be spied on by Military Strength Malware.

The first step is to run a Windows update and it told me I needed the latest update module for it to be effective. Naturally, I clicked update and everything was successfully installed so I must be done since this is a very old bug.

Wrong!

Another PcCillin check is run and of course, ms05-04 is still there. So I run update again and get prompted for IE 7 and one other update. I download the one and reject the installation of IE7 so I should be done with this very old bug.

Wrong!

So the next time, I download and accept everything since my default browser is Firefox and I don’t really care which Explorer is not being run. Now I think I ‘m done so I check with PcCillin.

Wrong!

The original bug is gone but a new one ms07-?? has appeared so I download a fix, but now I’m really paranoid so I run PcCillin again to make sure I’m safe.

Wrong!

The new check of PcCillin shows that I now have six vulnerabilities and I run update again. Finally, I run PcCillin and it shows perfect protection

Right??????????

Now this reminds me that at trial, the prosecution says the machine was updated so its protected. Obviously, everybody accepts that updating closes all vulnerabilities but nothing could be further from the truth. The other problem I have is what happened to the bug that opened this vulnerability in the first place. Is it dormant, is it dead will it reappear the next time I visit a government honeypot.

Remember, pictures, documents, logs, records and files are never really destroyed but can still be recovered by forensic tools so not only is everything I’ve done in the past being stored but everything I’m doing in the futer is also being stored waiting for the bugs return.

XP vrs. Vista, Netstat Tools!

November 28, 2007

There is absolutely no comparison between using netstat on XP and netstat on Vista. This example is limited to Googletalk because I have it on both machines and it seems to be the first program to make contact over the Internet when I bring my machines out of hibernation. I have used netstat to track uninvited connections some of which I blocked by turning off the process and some of which were blocked by changing the name of an executable. The reason I made a name change instead of a file deletion was in case I made a mistake, I could open in safe mode and reverse the process.

Lets slowly and carefully take a look at netstat outputs from XP and Vista.

C:\WINDOWS>netstat -ano (THIS IS XP)
Active Connections

Proto Local Address Foreign Address State PID
TCP 192.168.0.101:1053 216.239.51.125:5222 ESTABLISHED 1644
TCP 192.168.0.101:1054 64.233.163.189:80 TIME_WAIT 0

L:\Windows\system32>netstat -ano (THIS IS VISTA)

Active Connections

Proto Local Address Foreign Address State PID
TCP 12.197.52.45:49487 216.239.51.125:5222 ESTABLISHED 1028
TCP 12.197.54.76:49161 72.14.203.100:80 CLOSE_WAIT 1028

There is not much difference in the information which can be obtained. The two different machines are using difference ports and Process Identification Numbers (PID) but the information given is exactly the same. In both cases, the only way to prove that this is Google Talk connected to the Internet is to look up the IP using a DNS service.

Now let’s take a look at netstat -bv. I have discussed this deficiency of Vista before although not in complete detail.

C:\WINDOWS>netstat -bv (This is XP)
Active Connections

Proto Local Address Foreign Address State PID
TCP Whatever:1053 kc-in-f125.google.com:5222 ESTABLISHED 1644

C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\WS2_32.dll
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\USER32.dll
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\kernel32.dll
— unknown component(s) —
[googletalk.exe]

TCP Whatever:1054 nz-in-f189.google.com:http TIME_WAIT 0

Take note that in XP, netstat -bv clearly identifies the URL of the connection to the Internet saving you the time to look it up. Also, the link between the port and the PID are connected to the URL or in some cases the IP but the connection is always clear. Also note that all of the subprocesses of Google Talk are identified and you can look them up one by one to identify whether they are legitimate or not. If any are suspect, a replacement can be downloaded to replace the suspect file or they can be renamed to find out what happens to your machine when they are deleted.

The following is the output from netstat -bv in Vista.

L:\Windows\system32>netstat -bv (This is Vista.)

Active Connections

Proto Local Address Foreign Address State
TCP 12.197.52.45:49534 ro-in-f100:http CLOSE_WAIT
[googletalk.exe]
TCP 12.197.52.45:50325 kc-in-f125:5222 ESTABLISHED
[googletalk.exe]

The above is the output from Vista and the information is worthless. There is no link bewtween the URL, the PID or the port and the ports which are identified are not the same ones identified by netstat -ano. Also, no subprocesses are identified so the search for problem exicuitibles is hindered.

There is no defensible reason why a powerful diagnostic tool like netstat should have been debased in Vista. It would have been easier for Microsoft to spin bullshit if it had been entirely eliminated.

Vista OOBE Sucks!

November 26, 2007

As an old marketing practitioner, OOBE is an acronym for Out Of Box Experience

Forget that Microsoft has hijacked the term to mean their start up programming that bores you to tears while describing all the new bells and whistles and telling you how great they are and how much you will love them. To me OOBE includes all those factory preset conditions that make your computer act the way it does. I Know that there has been much written about how to turn off or correct many of the nasty conditions I’ll describe but that’s not the point. The average user does not know how to change the registry or turn off processes and shouldn’t have to learn.

All my complaints deal with the fact that this operating system is a total mismatch for current equipment. The worst manifestation is that it is slow, slow, so very slow. When I wake up and go to my hibernating machine I don’t know what to expect when I tap the enter key. It might spring to life in a minute it might take five minutes, only the Vista Gods may have a clue. I have programmed my human self to tap a key to wake it up before I start my morning tea and go to the bathroom, then my trusty Vista machine will probably wake up before I’m finished my morning ritual.

Now when my XP machine takes more than 2-7 seconds to come to life the first thing I do is run “netstat -ano” to see who’s connected to my machine and what they are doing. Running “netstat -bv” identifies the processes and the executables involved in each process by the connection name (This doesn’t work as well in Vista).

When I try to quickly run the netstat command on Vista DOS, Vista plays a silly game of Simon Says where it asks me if I am truly the person who clicked to open DOS and it will not open it until I click yes. I mean I am operating as administrator with administrative privileges, what’s above that? When you get to your answer for your request, you have no way of knowing how many connections were made and broken while you were playing Simon Says or waiting for your machine to come out of hibernation.

My next task is to identify the processes which the IP’s are connected to and when I run Task Manager, it plays that silly game of Simon Says again invoking my administrative privilege to proceed and then the first answer is not complete. You have to click on a box that asks if you want to see the processes for all users. I mean, I’m supposed to be the administrator with full administrative privileges and there are no other users on the machine yet more processes are identified as being operated by “system”.

By the time you get full administrative privileges there is no way to get full knowledge. All this crap slows you down so much it is impossible to know what wasn’t captured.

There are ways to work around this unnecessary crap but then why should I have to?

Vistasucks Is Worth The Link!

October 9, 2007

A couple of months ago I linked to Vista Sucks and visit it from time to time. This person does incredible research on every aspect of Vista and links to articles from everywhere. My principle concern is not whether Vista sucks or not but whether its secure.

One recent link is to an article about information harvesting that Microsoft does for themselves for business and security reasons and that you have already given your permission for them to give your information to law enforcement agencies to protect the general public. Apparently this is old news that everybody else knew except for you and I.

Both links are worth a visit if you care about either personal privacy or Vista.

Just Plane Stupid!

October 6, 2007

As reported, the trial of Jammie Thomas for file sharing music was just plain stupid. The ability of Organizations to probe your machine is incredible and your computer is a treasure island of hidden information. The script kiddies in forums have been discussing firewalls, evidence eliminators and a lot of other information but what they pretty much ignore is that Jammie’s privacy was invaded and the music companies found the evidence they wanted by invading her privacy. They then sent her a letter notifying her of what she had done. She destroyed her hard drive but it was too late the evidence they had gathered without her knowledge or permission was enough to convict her.

Now I’m very paranoid about my own computer privacy and over the course of this blog, I have been using the DOS command netstat to find out who is connected and what processes they our running on my computer. I call these external information gathering connections Vulcan Mind Probes and I don’t particularly care whether its Google or Quantcast gathering cookie information to find out my tastes and the other sites I visit. As a matter of fact, I’m addicted to quantcast.com and love the information they gather on your machine so I guess I have to live with them invading my privacy with a Vulcan mind probe.

Now the FBI’s activity was the first I discovered and it’s sort of like having a constant companion. When they disappeared for a few days, I got even more paranoid because I was worried about them having a super stealth probe that I could not monitor. (They Do.) However, today is not the day I catch that. While typing this I set up the following at the DOS command prompt:

C:\WINDOWS>netstat -ano 7

The response showed one connection
TCP 192.168.0.101:2203 72.247.8.199:80 ESTABLISHED 548
The process id was for my antivirus program which was monitoring the connection.

As soon as I used the “Save and Continue Editing” function in WordPress, I got the following response

TCP 192.168.0.101:2203 72.247.8.199:80 ESTABLISHED 548
TCP 192.168.0.101:2205 66.185.33.184:80 TIME_WAIT 0
TCP 192.168.0.101:2207 66.185.33.184:80 TIME_WAIT 0
TCP 192.168.0.101:2210 72.247.8.199:80 ESTABLISHED 548

The new connection was not WordPress but a direct connection to my local ISP where the FBI’s Carnivore exist. I’m so used to this connection that I barely notice and assume that it’s a stealth key stroke logger reporting in with my reient activity.

This morning, I’m continuing my test with a trial version of “X-NetStat 5.1”. First I opened up two DOS Windows. In the first, I ran the above command and let it go continuously after restarting the machine from a cold start. In the second, I ran “netstat -bv 10” which is an extremely slow process so you always miss connections. Then I started “X-NetStat 5.1”.

Early reports showed no active external connections.

I then opened a blank browser and rechecked the results which still showed no external connections. I then connected to fatsavage.wordpress.com and “netstat -bv” was too slow to catch all the processes and users. Netstat -ano did a much better job of monitoring connections and processes but the hands down winner for monitoring connections was definitely “X-NetStat 5.1” which identified and reported the following connections:

72.14.253.91=po-in-f91.google.com
66.185.33.184=auto-66.185.33.184.wirelessworld.vi
72.247.8.199=a72-247-8-199.deploy.akamaitechnologies.com
72.14.207.104=eh-in-f104.google.com
38.98.19.109=38.98.19.109
66.77.65.78=66.77.65.78
198.65.147.194=198.65.147.194

The first connection is the Google stats connection doing its data mining and the second is my old friends at the FBI. Next is Akamai which is hosting WordPress and distributing it worldwide. Then we have a second Google probe and after that it’s not obvious but if you put the IP starting with 38 in your browser, thats a snap.com connection which I consider a cool tool and is welcome.

After that it gets a little more interesting as 66.77.65.78 belongs to Panther Express which is a direct competitor to Akaimi and is capable of high speed global information transfers and the final one, I found by putting the IP in the URL Locater. You can click the link below or just trust me:

198.65.147.194

Check it out or click the link! – No lie, its for IslamOnLine.net I simply can’t believe that anyone has put a Fatwa on me. I mean I’m not Salman Rushdie and I was not born a Muslim. Besides I thought my writing on Islamic porn was fairly balanced.

It turns out that this probably is not a Vulcan mind probe by Islamic forces but just another bunch of cops rattling there badges. The story will be posted at fatsavage.wordpress.com

So what is Just plain stupid?

Not only does IslamOnLine.net link directly to a porn portal, but it’s a well documented cop-site. With all the IP’s and hosting companies on line, you really want to know why anybody would want to use their own name and a cop-site porn server to attack someone. As we find out don’t blame the Muslims for this one.

In the end this totally irresponsible stupid probe takes out a cop porn site not previously identified and an Islamic site that is an American front.

Good Christ, these fucking idiots should go back to the WWII slogan – “loose lips, sink ships” and stop giving away the farm.

Who is Cameron Laird and Why is He Trying to Rape Me?

September 7, 2007

If you go to lairds.com, you are automatically redirected to lairds.org which is one of those very simple family sites where people collect mail, post pictures and let the whole thing get terribly out of date with no one in the family actually using it, except for a few. Seems that Kitty and Kyler Laird still use it occasionally to post family and vacation pictures and Cameron apparently uses it occasionally to do some work on a non-employer server.

Cameron is a very skilled and award winning programmer who works for phaseit.net as a Vice President and all of this appears to be totally useless information and you probably wonder why I bothered to find it out.

When I turned on my laptop this morning the first thing I did was run “netstat -an” and check all the unsolicited activity. Now as a working definition, I was always led to believe that penetration without permission is rape.

With no surprise, I found my anti-virus and MSN updating their offerings (They are programmed to do so). I also found my local ISP connected which I assume is the FBI’s Carnivore and I can’t do much about that.

What was a surprise was I found a connection (208.53.158.75 owned by FDCSERVERS.NET) to my machine at port 2518 sharing my anti virus update PID. To get more information, I ran “netstat -bv 10” which identifies URL’s and the processes involved. Unfortunately it describes many processes as “unknown processes”. The IP was identified as mx.phaseit.net

Of course I ran a DNS Repport to track the mail server and found the following information:
mx.phaseit.net’s postmaster response:

>>> RCPT TO:

<<< 550 Your mail server is misconfigured. 74.53.59.133 claims to be test.DNSreport.com.

mx.phaseit.net’s abuse response:

>>> RCPT TO:<abuse@lairds.com>

<<< 550 Your mail server is misconfigured. 74.53.59.133 claims to be test.DNSreport.com.

Both lairds.com and mx.phaseit.net track to FDCSERVERS.NET

When you go to lairds.com it redirects to lairds.org site and confirmed that the penetration was not accidental or unplanned as Cameron Laird was a key player on both lairds.org and phaseit.net.

Since my laptop defenses have been penetrated without permission, There is no doubt that I should be screaming rape. So:

Who is Cameron Laird and why is he trying to rape me?