Microsoft Security Advisory (904420): Win32/Mywife.E@mm

Microsoft Security Advisory (904420)
Win32/Mywife.E@mm
Published: January 30, 2006 | Updated: February 1, 2006


Microsoft wants to make customers aware of the Mywife mass mailing malware variant named Win32/Mywife.E@mm. The mass mailing malware tries to entice users through social engineering efforts into opening an attached file in an e-mail message. If the recipient opens the file, the malware sends itself to all the contacts that are contained in the system’s address book. The malware may also spread over writeable network shares on systems that have blank administrator passwords.

CME-24

You have a few days to make sure your AV is up to date and that you have run a full scan of ALL of your PC's on your network.
I have included the full post from MS website in the extended entry below, but as always, use the MS website at the link above to get the most up to date information.

What to do with the empty Whisky/glass bottles; Whisky PC by MetkuMods - Because you love your hardware!

Whisky PC Something little that one can do with the empty glass bottles.

I got the link to this website from Slashdot and it's given me an idea.
I am considering making a business idea out of these and making a number of these up, and sellling them on Ebay or something. (Note: Actually, I would't touch Ebay for all the money in the world. They've pissed me off royally over the last few weeks).
So I reckon I need to order up a case of 24 large bottles of scotch, drink the contents and make a few of these up.
Only problem being after drinking that much whiskey, I wouldn't bet on any of them working... But it would be a good excuse to get hammered.

Seriously, its a neat idea for a one off, but it doesn't actually make much sense for an upgradeable, maintainable, reliable etc etc PC. A great novelty idea.

http://hardware.slashdot.org/hardware/06/02/05/161210.shtml

BBC SPORT | Football | Fixtures
Gerrard caught out by Chelsea mascot

I must have missed this on MOTD and it gave me a good laugh...
Click here

ENIAC: A computer is born | CNET News.com

ENIAC--monster and marvel--debuted 60 years ago By Michael Kanellos Staff writer, CNET News.com February 13, 2006, 4:00 AM PST In February 1946, J. Presper Eckert and John Mauchly were about to unveil, for the first time, an electronic computer to the world. Their ENIAC, or Electronic Numerical Integrator and Computer, could churn 5,000 addition problems in one second, far faster than any device yet invented.

It was the difference between the ENIAC and the Intel Dual Processor that made me laugh... Only 60 years between them but a world apart in specs.

Links:
http://ftp.arl.mil/~mike/comphist/eniac-story.html
The ENIAC Museum Online
ENIAC - Wikipedia, the free encyclopedia

Valentines in our house this year was a quiet event as all three kids have the damn flu bug that is sweeping the UK, and the wife was working a night shift.
I had to pop to the local chemists to top up on medicines for the kids since we used most of what I bought last Thursday while we were away over the weekend (I will get round to blogging that story soon).

I decided to cook Anne-Marie a meal before she went to work and ended up doing the following:

Roasted Sweet Potatoes and Butternut Squash
Steamed Mange Tout
Steamed Carrots (and then Honey Glazed).
Baby New Potatoes
Celeriac (Mashed with double cream added)
Baby Spinach.
Scallops pan fried in Ginger, Chile, butter. (After the scallops were cooked, roughly 4 mins, I wilted down the spinach in the melted butter, ginger and chile juices).
Fillet Steak pan fried with course black peppercorns. Quickly searing both sides of the fillet steak, I added a good measure of double cream and placed the frying pan into the over whilst I finished the scallops and spinach.

I mention the placing of the steak into the over, as this explains the title of the post. Now for the last 2 weeks I have done Sunday roast (apart from this weekend gone because we were in Minehead), I have reached across the top of the steamer to get a knife and burnt my forearm on the damn vent. And boy does that hurt. Well last night I got close to the steamer but caught myself before I managed to burn myself. It even gave me a chuckle because its become a bit of an 'in-joke' as to what I am going to burn next (me, not the food I might add). Well the steamer didn't get me last night, but I wished it had. When dishing up, I had removed the roasted sweet potatoes and butternut squash from the oven, along with the fillet steak. In my mad rush to dish up, I then promptly reached over and picked up the frying pan that had just come out of the 200deg oven. I wished I has used the oven glove. You could hear the palm of my hand sear as I 'quickly' gripped the handle. I say quickly since I didn't hold onto it for too long. Luckily I didn't remain in contact for too long.

Whilst I have to say that the food tasted excellent, and one might say that being fed your dinner by your wife could be romantic. Having to sit through dinner with my hand in a bowl of iced water wasn't exactly the most romantic way of spending a Valentines dinner !!! Its not too bad this morning as I did keep it in the cold water for a good 3 hours and then an hour of applying calamine lotion. I still have blisters on all 4 fingers, my thumb and the palm of my hand and it has swollen somewhat.

Considering that I do 90% of the cooking, this recent spate of burning myself has only occurred in the past few months. The last accident I had in the kitchen was almost 7 years ago and involved corn on the cob, a sharp knife and the item formally known as the tip of my finger.

Guardian Unlimited | Special reports | The worst day of my life, says Cheney

Democrats assailed Mr Cheney for what they characterised as the administration's desire to restrict the flow of news. Senate minority leader Harry Reid noted that Mr Cheney had not given a press conference since 2002, while House minority leader Nancy Pelosi said: "We have to break this habit of the administration of closed government ..."

Are they serious?
The guy shot someone and he is being critised for his silence?
Its a personal matter? WTF has it got to do with Joe Public?
And why should it be his concern to wait more than 20hours before releasing the news... Erm.. hello, he accidently shot someone, erm, hello again, he shot an innocent person !!
Jesus, what are they up to over there... Give the man a break...
Now if he had shot Saddam, or found the Evil one and shot him, now that would have been news. If he had shot Bush, that would have been news. But they guy was out on his own persoanl recreation time and shot someone in an accident...
Do you not think he was a bit shocked too?
Why the hell should he make it top news..
"Hi, is this CNN? Yeah, this is Dick Cheyney, I just wanted to let you know that I accidently shot someone today whilst out hunting and nearly killed the poor guy... Yeah, I am ok, I never got shot... No, he's not dead, had a heart attack because of the lead shot in his heart, Nothing serious... Just thought I would let you know..."
Assholes...
Anyone slightly human would be in shock, and would have more important things on their mind...
Anyway, it was only a damn lawyer... Most of the time and 99% of the population want to do this anyway... Give the guy a break, nah, give him a goddamn medal... He's just done what you all would want to do anyway...

Apologies to the family of Mr Whittington for the Lawyer joke...

What the hell is the world coming too. If news is that important, its about time we got our arses out of our chairs and started doing something constructive in this world.
Let us start by giving people their privacy back. The democrats will be calling for live web cams, audio broadcasts of every US citizen before too long, once they have finished with anyone considered to be in the public eye and 'worthy' of news...

If Nancy Pelosi accidently ran over her Nanny, do you think she would go running to the press screaming, 'Hey people, I just nearly killed my Nanny... Its great primetime news, let me tell you all about it first, then I will get over my shock".

Some more funny quotes

For some reason, Freeserve/Wanadoo (or Freecrap and Lottapoo) are having major snags with their email servers at the moment.

Anyone sending an email from either of those two will think that the email has been sent, but it might not reach the recipient.
Some emails are being bounced back, but not all. And we are not talking just sending to my domains, they are screwing up nearly everybodies email !!!

What appears to be happening is that nearly ALL of their servers have been identified as sources of SPAM and appear on the DSBL network.
(The DSBL network is basically a service that lists all email servers responsible for sending SPAM.
Most email servers will check the DSBL list when it receives a mail, and if the sending server appears in the list, the chances are it is SPAM.

Most likely it is a combination of bad email configuration at their end, and quite a few of their users probably have machines which have been taken over by spyware/trojans and have been sending out SPAM by the bucket load.
But looking at the DSBL reports it is very widespread.

Since 99% of Freeserve/Wanadoo servers have been listed, most decent email servers such as the ones I use, are rejecting all email from those accounts.

So if you are trying to send me an email, and it appears that I am not replying, or you are getting a bounce message try sending to one of my alternative addresses (Gmail, Hotmail, or Yahoo).
Obviously I won't post the addresses here cos it will get harvested and I'll be spammed to death !!!... But if you email me to chris.a.wright at my yaps domain usually, change the yaps part for gmail.com and I'll get it.

The best thing to do is to switch over to Pipex (http://www.pipex.net) and bin the money grabbing so and so's.

After a recent round of tests a various visits to specialists, they have determined that my stomach isn't working probably as a result of the 360deg spinal fusion that I had done in the US (when they removed all of my lower stomach to reach my spine), the 11 steroidal epidural injections, the repeat fusion operation in the UK etc etc etc..

Basically, my stomach stops digesting food for a period of time, and then starts to work again, then stops again etc etc.
This is causing no end of other problems such as fatigue (and I'm not talking combat clothing here), nausea, diarrhoea, reactive arthritis and the list goes on.

For the last 2 years I have been battling against some form of illness and had two cases of food poisoning along the way. Now, it transpires that this was all down to having an unhealthy gut floor. (See this reference to UFO's of the Intestine)

So for the next few weeks I am having to pay really close attention to my diet, which to be honest, wasn't that bad, as I was 90% of the way there to reaching a healthy diet. Sometime ago I switched to a Low G. I. based diet, and all I have to do now is further reduce my sugar and yeast intake (like to zero, or as close as possible to zero).
Apart from the lack of bread and sugar, it shouldn't be too hard. (Although I am going to miss my Bovril drinks and Marmite on toast, since there is an awful lot of yeast in both).
Since I also react badly to artificial sweeteners of all types, trying to find a way to sweeten my food/drinks should be fun, since I can't use any thing containing sugar, glucose, honey etc.
I have been drinking Green Tea of late, which I don't take sugar with anyway, and I started drinking my coffee with no sugar whilst in the US. (Which is ok if you can find a decent coffee. Only bad coffee needs sugar in it to hide the bitterness IMHO).

I had basically stopped drinking whilst in the US for one reason or another. When I say I've stopped drinking, I still had the odd pint, glass of wine and an occasional whiskey, but compared to what I drank when I was in the Navy and what I drank when I was in the US initially, I don't really drink now. (Sitting in one's swimming pool at 3am in the morning when its still over 80-90deg air temperature with a large glass of Jack Daniels and Ice was pretty good. But the weight I was putting on due to the Beer and JD was not so good). Part of cutting out sugar and yeast severely restricts Alcohol use and now I am really only allowed Gin or Vodka... Bummer eh? Two of my old favourite tipples and I have to have them neat. (Vodka neat used to be my drink when I was in my 'yoof' and in the Navy. In Gibraltar, Vodka in the social club was 15p each for a double and coke. I used to decline the coke and not worry about the 5p. No wonder I have gut problems now, I probably pickled any healthy bacteria long ago).

I am afraid this blog is going to turn into a medical journal about the recovery of my gut. I have avoided posting too much in the past about my medical problems, because its something I didn't feel comfortable with all the time they didn't know what was wrong. But, it is surprising how many people out there suffer from the same or very similar conditions that I have been diagnosed with and yet know nothing about it. I intend to post information here, to its own category and if someone else finds it useful so be it.\

Welcome to the Beginner Nutrition Plan

Limiting sugar is critical.
Eating refined sugar weakens your immune system and promotes yeast overgrowth. All non-diet pops have 8 teaspoons in each can. Most packaged cereals have sugar as their major ingredient. Avoid most natural sweeteners (including corn syrup, fructose, honey, sucrose, maltodextrin, dextrose, molasses, rice milk, almond milk, white grape juice, fruit juice sweetened, brown rice syrup, maple syrup, date sugar, cane sugar, corn sugar, beet sugar, succanat and lactose).
When in doubt about the sugar content of a food you can always look at the list of ingredients and see how many grams of carbohydrates are listed. Unless the carbohydrates are from aboveground vegetables you should be concerned that they represent sugars that could alter your insulin levels.

Patently-O: Patent Law Blog: PTO Requests Model of Warp Drive Invention

PTO Requests Model of Warp Drive Invention

The Worsley-Twist warp drive does not depend upon traditional emissions of matter to create thrust. Rather, the drive creates a change in the curvature of the space-time continuum — thus allowing travel by warping space-time. Worsley & Twist patent application recently suffered another setback. The Examiner has now requested a working model:
Applicant is required to furnish a model of the instant invention. 35 U.S.C. 114. See Also 37 C.F.R. 1.91. Among other rejections, the Examiner has asserted a rejection under 35 U.S.C. 101 for lack of utility — finding that the invention is inoperable.

Links:
U.S. Pub. No. 2003–0114313

It's worth having a visit to the above site just to see some of the comments !

I thought I had some weird and wonderful ideas, but some of Keith Nagells really take it too the extreme.

Mind you, it appears that he has just sat down and watched every SCI-FI show on earth (I think just on earth), and tried to submit a patent for every 'prop' used.

When someone invents the transporter, just think of the energy we could save (but it will probably require a power source the size of the US). Who said you don't get something for nothing!

BBC NEWS | Entertainment | Fans threaten to boycott 007 film
James Bond fans angered by the decision to cast actor Daniel Craig as 007 have launched a website threatening to boycott the new film Casino Royale.

What a bunch of total jerks! When you first visit www.craignotbond.com you are presented with a clean looking site with a few graphics and a lot of wind (I mean text).
Other than that, there isn't anything substantial there.
At present, there isn't a list of people who support the site or there isn't a method for contacting the site. They have no forum for discussion, they have no poll that shows results.

Basically, it just appears to be some poor misguided Bond fanatic used to living in a false world who has registered a domain name with Yahoo on the cheap, created a few basic web pages on Yahoo domain space and decided to express their opinions.

Don't get me wrong, I am all for expressing ones opinion, and I respect the authors for doing so. And likewise this is only my opinion.

But the guy hasn't even made the film yet and you are slamming him. Do you know anything of his acting abilities? From what I have seen of him, he is a first rate actor and more than capable of filling the job description.
As to whether or not he makes a good James Bond, well I have to admit I am not qualified to make that decision UNTIL I"VE SEEN THE FILM. If he is bad, I'll say so. But to slam a person because of his looks? Because of his past characters he has played? Check out his acting career and you'l find that what www.craignotbond.com have posted amounts to nothing short of a personal attack/insult.

They have no research of their own and point to 'online polls'. From the media that faciliated the circus around his introduction. For christsake, within minutes of him sailing down the Thames wearing a life jacket he was slaughtered in the press.
Somebody pointed out that the "Real James Bond" would not have worn a life jacket. You complete wassocks, the "Real James Bond" for one would have had a standin during the film, and the standin (stuntman) would have warn a life jacket but had the thing CGI'd out. Now get this all those stuck in the movies and who haven't made it back into real life. The introduction was "Real", there was no CGI. Could you imagine the headlines that would have been if "New James Bond Drowned in River Thames After Boating Accident".

So because of this attempt at humour by one journalist, it quickly became the "He's not man enough to play bond" brigade ripping up the media into a frenzy... Ok, perhaps 100,00 people isn't quite a frenzy. I should perhaps mention that to the folks at www.craignotbond.com. I don't think Broccoli and Wilson will lose much revenue if only 100,00 people don't turn up. The numbers from those people will be made up by the number of fans that Craig has anyway.

As for the Press section of the site at www.craignotbond.com, they list the The New York Times, London Daily Mirror, Calgary Sun,Cleveland Plain Dealer,CinemaBlend.com,AxcessNews.com,FilmRadar.Com,MTV.com and Defamer.com. Not exactly reputable sources of information are they? Most of them do anything to sell papers or gain an audience and were probably hoping to jump on the bandwagon that was created on the first day. And even then the articles quoted mostly state they recognise him as a good actor, but blame the problem on the way it was handled.

I agree with the site ( www.craignotbond.com ) in expressing their concerns and displeasure at having Craig selected as a the new Bond, but not to the extent that they need to make it personal. You don't know what he will be like as the new Bond, so why not wait and see it. You lost your beloved Brosnan, so damed what. Stop crying, get back down the Blue Oyster Bar and wait for the movie. When you've seen it, if it is crap, then start a website to say "He's got to go, he's just not good enough". Don't push you personal attacks on the world, by all means your views, but don't make it personal.

At least make it balanced, there is no "For" and "Against", only "Attack".

I reckon if they had a forum, or an email address or a comment board, there would be a minority of the Bond Fans/Film goers that would complain. Because people who complain do just that. The more sensible appreciative of society tend not to feel the need to voice their opionions to the public.

I've a good mind to start up "www.givecraigachance.com" and allow people to actually express their views both negative and postive. He could end up to be the best Bond there ever has been? But you won't know that until you've seen it. He could be the worst Bond we've ever seen, but we won't know that either. See the common theme in that argument? You have to wait to see the film. (Not that the pressure he is being put under by the media and a small minorty of so called Bond Fans.

The website authors should go view the comments on the BBC website (http://news.bbc.co.uk/1/hi/talking_point/4341106.stm) and get a real feel for at least the British publics views on it.

For great support with help on Blogger Blogs, or blogs in general, have a look at the Yahoo Blogger Support Group.
You can sign up by using the details below.

A couple of questions have been posted to the Yahoo forum recently about the Word Verification feature on their blogs. Basically, there are a couple of processes that can cause your blog to get flagged. (One is when visitors tick the flag at the top of the blog, another is the Blogger "robot' scanning your site and determining that your content is Spam. The 'robot' is not the most inteligent thing in the world).

Anyway, the blogger help page here, describes the method required to get word Verification turned off.

To avoid further inconveniences when publishing, click the "?" (question mark) icon next to the word verification on your posting form:

BBC NEWS | UK | eBay urged to tackle fraud better

Internet auction site eBay should do more to tackle fraudsters targeting the site, a consumer magazine has said.
Computing Which? called on the site to be more active in identifying its fraudulent users.

Have you Been a Victim of eBay Fraud?

A few weeks ago I was caught out in an eBay/Paypal Scam and lost just under £150. Not much you say, but it was part of a scam collecting just over £7500.

And it was not so much the money that wound me up, it was the attitude of eBay and Paypal. (Both are really the same company, even though they deny it, and legally I suppose they are not, but one owns the other, and they each do an awful lot of business between themselves. But there is more on that below).

The BBC article above talks about how Which! (the consumer group/online magazine) are suggesting to eBay that they need to do a lot more to protect its users, or at least make them aware of the possibilities of fraud.
If you knew the values of fraud going on right now, it would probably deter most people from going near the site, but then eBay and Paypal won't disclose it.

My Story

I had obtained a spare Pentium processor and placed it online for sale at a price of just under £150 if you used the 'Purchase Now' button and also allowed bidding on the items.
There were several enquiries on the item, but no bids in the first few days and I was helping one guy work out if it would work in a server that he had when I someone actually bought it at the higher price using the buy now feature. My first reaction was why would anyone want to pay what I had asked for, since there were already cheaper ones on sale at the same time. I expected a low bid to win the sale, but wasn't going to turn down someone paying full price. But that was the first time I became skeptic about the purchaser so I made sure that I authenticated the buyer.

I won't name the buyer because at the moment I am discussing legal action. The buyer contacted me via eBay and Paypal, there was a few exchanges of emails via this and then I sent an email to her Yahoo account which is totally separate from her eBay and Paypal account.

As it turns out, the buyer had allowed their PC to be hacked, and the thieves had retrieved full control and access to the buyers PC, stealing ALL of her passwords to ALL of the accounts that she had access to. Or that is what she told Paypal investigation.

There had been 4 or 5 purchases made by the 'buyer' of the same types as she had previously made, so nothing stood out there. I waited a day before shipping the item and sent it off. Later that evening I received an email from eBay telling me that the 'buyers' account was suspended and was being investigated for potential fraudulent activity. They also advised me NOT to ship the item, (great timing).
I replied to their email with the tracking details of the item, the destination address, and other details. I've never heard anything back on that part. The only confirmation I received from them amounted to a "Sorry, you've been done and lost out" email and confirmation that the 'buyers' account had been hacked. (It wasn't just their account, the user had given away every password she owned).

Paypal immediately took the money that was paid to me by 'the user', (albeit by the fraudsters) and put it in a holding account. Two weeks later they confirmed that the users account had been hacked and told me that they were returning the money back to the 'purchaser'.

So hold up, the owner of the computer gives away the passwords to all of her accounts, someone makes fraudulent use of the machine and her accounts, and it is the seller that gets penalised.
When I asked eBay and Paypal about the insurance for items under £500, they replied it wasn't covered as it was not the 'type of sale' they covered.

When I have tried to contact both fraud departments of eBay and Paypal, they gave me a list of FBI/Interpol and told me to contact the Internet Fraud Group to take any further action.

eBay & Paypal Helping the Fraudsters

For a long time now I have been receiving 'Phishing' emails reportedly sent from eBay and Paypal, asking me to log into my account and sort something out.
Well, I am not not that of a numpty that I would fall for such a scam (via this method, when it comes to shipping goods to someone who isn't who they are, now that's a different matter, 10 out of 10 on the numpty scale).
You might have seen a few of the emails, they look very convincing. They even have all the eBay and Paypal graphics. You see that is because those images are hosted on eBay and Paypal Servers, and all the "phishers' do, is Hotlink those images in their mass emails. Well that for one could be sorted out in the time it takes to make a config change to their servers. You can stop other servers from using images and then the emails would not look the same. Usually, the only difference in the 'Phishing' email is that the login part of the email is based on a scammers server and all it does it record your details and then forwards you to some other part of eBay's site. Well they could stop that too, but they don't (well they shut down the site, but they could also detect referrals from non-eBay/Paypal sites and display a message to say you have just been scammed, you need to do this or that. But they don't.

Why don't they do this? Because it will cost money and time. That eats in to profits and in the end, that is all they are concerned about.

How do they Protect Sellers/Buyers ?

Basically nothing. You have about as much protection as the Iraqi National Guard did in the Gulf War (1 or 2, take your pick).

Take this scenario: I place an advert in a newsgroup that my eBay and Paypal Username is for sale. Someone contacts me, pays me a few thousand pounds and then they go use my account and buy lots of goods and have them shipped to various places. Chances are, most of the goods will get through.
I then log in a few days later and "Oh, shock and horror", and off I run to eBay and Paypal. They have no way of proving that I 'sold' my passwords, you see I also installed a 'Keylogger' trojan application on my PC just to make it look convincing. It even connected to a real server someone in Pakistan that can't be traced now because its down. The group who bought my password told me about that when I set up the selling of my passwords.
So all the people selling stuff have now shipped their goods and had the money they were paid taken back.
Paypal have now refunded all the money to my account, and I have the couple of thousand from the 'thieves' in my other account.

The main threat to buyers is people shipping goods and not receiving payment. They always advise using Paypal, as you are 'covered' by insurance. Complete trash. You are lucky if you are covered. The best protection is to use VISA or MASTERCARD which has some level of coverage automatically for online fraud.

NEVER pay through a 3rd party Escrow fund as they are fraught with danger in themselves.

Have you been caught out?

I want to hear from you if you have been caught out by an eBay scam. My email is on this page somewhere, if not leave me a comment and I will get back to you.

Legal Action

At the moment myself and a number of the other people caught out in this scam are taking legal action against the owner of the account for failing to keep her PC safe and secure from hackers whilst using it for online purchasing/selling. It's an angle that has not been tried before, and is quite complicated and taking some time to sort out, since we are based in 4 different countries. The good thing is that the owner of the PC is in the states and they will sue the arse off anything that moves out there and they are keen to proceed (more money grabbing probably).
The basic premise of the argument is that she failed to maintain her computer and is therefore liable for the fraudulent activity. We already have the records we need to prove the incompetence, and because of the laws in the state where she lives, obtaining the records from the ISP will be easy enough to sort out.

Links
http://news.bbc.co.uk/1/hi/uk/4749806.stm
http://www.eBay.co.uk/
http://www.which.net/computingwhich/