Saturday, October 17, 2009

Microsoft Minefield

I got this dialog today telling me that the Microsoft .NET Framework extension and the Windows Presentation Foundation plugin "are known to cause stability or security problems" and that "these add-ons have a high risk of causing stability or security problems and have been blocked, but a restart is required to disable them completely".

Well, I thought as this is a nightly trunk build and some new code is being tested and Mozilla are teasing the Borg again. Not so! The more information link leads to http://www.mozilla.com/en-US/blocklist/ which itself leads to Bug 522777 where the add-on has been blocked because of a remote code execution vulnerability - i.e. go to the wrong website and Bad Things will happen. So a lot of people are going to see this soon (as the framework assistant was installed by .Net 3.5 SP1). In fact, from reading the bug and around, I can't really see why the framework assistant was blocked, except as a bit of punishment. Mind you, I was never really sure why they bothered in the first place as ClickOnce apps (KeyMapper has a ClickOnce install option) work OK in FireFox as long as you are prepared to ClickTwice, once to get the manifest and then run that to get the app: the way they initially installed it in such a way as it could only be removed by editing the registry and not by the usual channels was a huge faux-pas as well, for obvious reasons. Still, we all make mistakes.



Edit: I don't remember Flash ever getting blocked, and it has had some nasty bugs as well..

Tuesday, October 13, 2009

Phone Scam

So, the other week, my mother-in-law arrived (to drop off los niƱjos) in a state of high dudgeon about her laptop. It had been infected, or compromised, or been turned traitor: she had been informed so by telephone technical support.

Telephone technical support had phoned her up, unsolicited, to advise her of this fact mind you. They made her type in some commands which proved her laptop was now malevolent, and offered to fix it for £49.99. They sent her off to some website which provided some supporting evidence.

So, of course, I said "BRING IT FORTH AND PLACE IT BEFORE ME" in that kind of welcoming customer-friendly way us geeks have.

I remember the laptop well - when she got it I had put Firefox 0.7 on it, and deleted the Internet Explorer icon. When I got it back later in the week I remembered I had also added another shortcut to Firefox with the Internet Explorer icon, just in case anyone told her to "click the blue 'e'", as no doubt these phone scammers said: as far as I know, though, this laptop has never suffered from virus problems, despite my mother-in-law's understandable cluelessness about the intricacies of things computering. If it has then I haven't been asked to fix them: admittedly, I see that random-looking software (DVD rip etc) has been installed so she has probably been lucky if none of that has had a malicious payload, but at least the phone scammers couldn't get her to IE her way to a nasty infection - it wouldn't have to be a 0day, as laptop was stuck in 2007 as far as updates are concerned.

I looked in the Run box's list of previous commands and found what the scammers had used to persuade her that the laptop had turned against her:

temp spyware
prefetch unwanted

Both of these consist of two parts - the first is a valid directory in Windows, and the second is a value-loaded term indicating the presence of such banality - sorry, 'evil' - that only £49.99 can restore it's electric virginity.

So, typing 'temp spyware' opens the Windows\Temp directory, and the meaningless second word is ignored: and likewise Prefetch Unwanted just shows the content of the Windows\Prefetch directory. Quite effective, though, as all the files in these directories are likely to have gnomic names and be log files or have the clunky 'unknown' icon, and they're going to open in Icon view as that's the default and defaults don't change with 90% of users. (Note - I made that figure up)

So, I have the laptop, and it's dead meat with in 48 hours: it died while being updated, I think XP Service Pack 3 was the last straw. It started blue-screening constantly: at first I thought that finally after 8 years System Restore was actually going to do something useful for me, but then it started beeping really loudly when it was powered on (bit like an ingress alert, except it doesn't have one: it has a battery beep, but I don't think that was it) and then a silent boom and now it won't power on at all. Either it was on it's way out already and the activity of being updated freaked it out so much it died, or the scammers who phoned up my mother-in-law have remote psychic computer destroying powers. Edit: it didn't die in the end - I put Hannah Montana linux on it and it's in a cupboard somewhere. Although it may be dead by now.

Saturday, October 10, 2009

On The Occasion Of An England Football Match Played In Dnepropetrovsk Only Being Available To Watch On The Internet

And when his work is done -
Ha ha! - begins the fun.
From Dnepropetrovsk
To Petropavlovsk,
By way of Iliysk,
And Novorossiysk,
To Alexandrovsk to Akmolinsk
To Tomsk to Omsk
To Pinsk to Minsk
To me the match will run,
Yes, to me the match will run!

And then I watch
By morning, night,
And afternoon,
And pretty soon
My name in Dnepropetrovsk is cursed,
When they find out I watched it first!
Apologies to Tom Lehrer

Thursday, October 08, 2009

Blast From The Past

Can you name the year?

Election looming - check

Unpopular, unelected Prime Minister taking the country into recession - check

Opposition ahead in the polls for 3 years leading up to the election - check

Just had a war with Iraq - check

Impending tax rate of 50% for the highest earners - check. (*)

That's right, 1992. Government returned to power against the odds, five more years, ker-ching. A lot of disappointed people.

A couple of 2009 Tory policies caught my eye - no stamp duty for first time buyers up to a purchase value of £250,000 and no inheritance tax up to a property value of £1,000,000. One thing about the Tories, they always look after their own people - which is why they love high interest rates, because this is good for people with lots of cash in the bank. After all, how many first time buyers spending a quarter of a million pounds, or their parents in a million pound house, or their grandparents with thousands of pounds squirrelled away are going to vote anything other than Tory? Fortunately for them, most of the rest of us seem to have forgotten how much the Tories fucked the economy between 1979 and 1997. For any of you youngsters who don't remember - on 16 September 1992 the newly-returned Tory government raised interest rates from the current 12% to 15% to try and stop currency traders raping the pound. They failed, and in the meantime, my take-home salary no longer covered my mortgage payment. I'm going to look into transferring to a fixed rate mortgage myself, if such things still exist.

(Nitpicker's corner: In 1992, the Labour opposition proposed a 50% tax rate on people earning over £40,000: in 2009, the Conservative opposition announced they would not repeal Labour's proposed increase of tax to 50% on incomes over £150,000)

(References: 1992 election, Gulf War, Labour Conference 1991, Labour Party Manifesto 1992, Black Wednesday)