X:\Documents and Settings\Amy\Application Data>dir /ah
 Volume in drive X is Sun
 Volume Serial Number is 4E62-15B2

 Directory of X:\Documents and Settings\Amy\Application Data

09/08/2009  06:49 PM    <DIR>          .
09/08/2009  06:49 PM    <DIR>          ..
08/30/2005  08:52 AM                62 desktop.ini
08/27/2007  04:54 PM    <DIR>          SecuROM
               1 File(s)             62 bytes
               3 Dir(s)  173,915,779,072 bytes free

X:\Documents and Settings\Amy\Application Data>dir /ah SecuROM
 Volume in drive X is Sun
 Volume Serial Number is 4E62-15B2

 Directory of X:\Documents and Settings\Amy\Application Data\SecuROM

08/27/2007  04:54 PM    <DIR>          .
08/27/2007  04:54 PM    <DIR>          ..
08/27/2007  04:54 PM    <DIR>          UserData
               0 File(s)              0 bytes
               3 Dir(s)  173,915,779,072 bytes free

X:\Documents and Settings\Amy\Application Data>dir /ah SecuROM\UserData
 Volume in drive X is Sun
 Volume Serial Number is 4E62-15B2

 Directory of X:\Documents and Settings\Amy\Application Data\SecuROM\UserData

08/27/2007  04:54 PM    <DIR>          .
08/27/2007  04:54 PM    <DIR>          ..
08/27/2007  04:55 PM               444 securom_v7_01.bak
08/27/2007  04:55 PM               444 ???????????p?????????
08/27/2007  04:55 PM                16 ???????????p?????????
               3 File(s)            904 bytes
               2 Dir(s)  173,915,680,768 bytes free

Checking on what SecuROM might be, I found a Wikipedia webpage on it at SecuROM.

SecuROM is a CD/DVD copy protection product, most often used for commercial computer games running under Microsoft Windows, developed by Sony DADC. SecuROM aims to resist home media duplication devices, professional duplicators, and attempts at reverse engineering the game. The use of SecuROM has generated controversy due to the fact that it is not uninstalled upon removal of the game. In 2008, consumers filed a class-action lawsuit against Electronic Arts for its use of SecuROM in the video game Spore.

I found the following information in the article troubling, since I sometimes use Process Explorer on systems for troubleshooting purposes.

Disk drive emulators and some debugging software will also cause the launch of the game to fail and a security module error to be generated. In fact a reboot of the entire system was required if Process Explorer prior to version 11 was used before an attempt to run the protected software. That problem was caused by a driver that was kept in memory after Process Explorer was closed.

References:

1. SecuROM
   Wikipedia, the free encyclopedia
2. The Voice of Heard/SecuROM: Making Copyright Even Less Sense
   By: TC Tim
   Date: December 8, 2008
   WCCA TV13 | Worcester Community Cable Access
3. Securom 7 Antidumps
   FileForums

[/security] permanent link

[ More Info ]

[/os/windows/software/audio/winamp] permanent link

Initially, I thought the program stored the default world file directory location in the Windows registry, but I found that, though there was a DefaultWorldFileDirectory value in the registry, the program actually used an SQLite database, instead of the registry entry.

[ More Info ]

[/gaming/mushclient] permanent link

HKEY_CURRENT_USER\Software\DataViz\PasswordsPlus

The key will have a DaggerFolder value.

The directory listed will be the location where Passwords Plus creates its user folders where it will store individual password databases

Passwords Plus allows a user to have multiple databases specified by user. For instance, Jane Smith could create one with a username of Jane for her personal passwords and another one JSmith for her work-related passwords.

And the following value would be found within that key:

The value would specify exactly where the Passwords Plus database would be located.

If Jane created another user within Passwords Plus, named JSmith, the following would also be found within a HKEY_CURRENT_USER\Software\DataViz\PasswordsPlus\Users\JSmith key:

If you want to have multiple systems share the same databases, which will be accessible through a shared folder on a server, you could change the DaggerFolder and DBPath values. E.g., suppose there is a folder shared from MyServer with a share name of Shared and underneath that shared folder is a directory named Passwords with holds the various usernames created for Passwords Plus. Then you could have the following value for DaggerFolder

And you could use the following for a Passwords Plus username of Jane:

If you wanted to copy these settings from one system to another, so that you don't have to manually edit the registry values on the second system, you can run regedit and navigate to HKEY_CURRENT_USER\Software\DataViz, click on it to select it, then select File and Export the registry settings to a file, say Passwords-Plus-Users.reg. You can then take that registry file to another system and double-click on it to enter the same values into the registry on that system.

Note: these notes were written for Passwords Plus for Windows 1.006 and 1.007 and may or may not apply to other versions.

[/os/windows/software/security/password] permanent link

On a Windows XP system, you would find the PLANR32.DAT file it uses at that location. However, on a Windows 7 system, the data might actually be stored in PLANR32.DAT in another location specific to the user account from which the data is accessed, .e.g for a user with an account name of Liza, the data directory would be C:\Users\Liza\AppData\Local\VirtualStore\SIERRA\CardStudio\Data, assuming you selected the default location for installing the software rather than putting it under C:\Program Files\SIERRA\CardStudio as I would do. The PLANR32.BAK backup file it creates when you update the data would be in the same location.

Note: the VirtualStore registry entry is an example of Registry virtualization. According to Microsoft, "Registry virtualization is an application compatibility technology that enables registry write operations that have global impact to be redirected to per-user locations. This redirection is transparent to applications reading from or writing to the registry. It is supported starting with Windows Vista."

But, you can have Card Studio look elsewhere by changing the regsitry value for DataPath. E.g. you could have the program on two systems look in a directory at a network location for the data, so that the two systems would share the same data. For instance you could put \\MyServer\Shared\Sierra\CardStudio\Data in that registry entry to have it look on a system named MyServer with a directory shared as Shared. Note: you will have to run regedit from an administrator's account to be able to update the registry entry.

HKEY_LOCAL_MACHINE\SOFTWARE\Sierra OnLine\Hallmark Card Studio\Deluxe\1\Paths

References:

1. Hallmark Card Studio Software
2. Registry Virtualization
   Microsoft Developer Network (MSDN)

[/os/windows/software/graphics/sierra] permanent link

Mon 11/16/2009

0 	 McFadden Associates E-mail Blacklist
70 	 Spamhaus Block List
4687 	 Passive Spam Block List (PSBL)
2496 	 Spam and Open Relay Blocking System (SORBS)
50 	 Swinog DNSRBL
14 	 Not Just Another Bogus List (NJABL)

7317 	 Total

The McFadden blacklist hasn't been working for quite some time; I should have removed it from sendmail's /etc/mail/sendmail.mc file previously. I removed it today and added the SpamCop Blocking List (SCBL).

I decided to add that list after reading a comment at Blocking Spam That Are In A Foreign Language by Low Jeremy about its usefulness in blocking messages in a foreign language. I've been getting a lot of messages that appear to be in Russian. Since I can't read Russian, such messages are of no avail to the spammers and are exceedingly annoying to me, since they clutter my inbox every day.

I'm using sendmail on the server, so I replaced the reference to the defunct McFadden Associates E-mail Blacklist in /etc/mail/sendmail.mc with FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl.

There are instructions for incorporating an SCBL check into various email server programs at How do I configure my mailserver to reject mail based on the blocklist? Specific instructions for sendmail are at SpamCop FAQ: Sendmail.

I followed the suggestion of using enhdnsbl, an enhanced version of DNSBL, rather than dnsbl as I'm using in /etc/mail/sendmail.mc for other blacklists on the system, because I have a recent version of sendmail and because the SpamCop site had the following information:

Some problems have been found with later versions of Sendmail.

The easiest fix may be to use the second method above, enhdnsblk instead of dnsbl.

SpamCop uses 'rbldns' to serve it's blacklist information. Rbldns does not yet have support for IPv6, but newer versions of sendmail (8.12.0 and greater) try IPv6 before IPv4. Sendmail asks for an AAAA record instead of an A record and SpamCop rejectes the query - resulting in spam slipping through the filters.

There are instructions for disabling AAAA (IPv6) queries from sendmail at Disable AAAA (IPv6) lookups without recompiling Sendmail, and the sendmail.org site states the following, but I decided to just use the enhdnsbl approach.

Some DNS based rejection lists cause failures if asked for AAAA records. If your sendmail version is compiled with IPv6 support (NETINET6) and you experience this problem, add

define(`DNSBL_MAP', `dns -R A')

before the first use of this feature. Alternatively you can use enhdnsbl instead (see below).

I deleted the McFadden blacklist entry and added the SCBL entry to the end of the list of blacklists I check. I now have the following in /etc/mail/sendmail.mc:

FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org', `550 Spam Block: mail from $&{client_addr} refused - See http://www.spamhaus.org/sbl/')dnl
FEATURE(`dnsbl', `psbl.surriel.com', `550 Spam Block: mail from $&{client_addr} refused - see http://psbl.surriel.com/')dnl
FEATURE(`dnsbl',`dnsbl.sorbs.net',`550 Spam Block: mail from $&{client_addr} refused - see http://dnsbl.sorbs.net/')dnl
FEATURE(`dnsbl',`dnsrbl.swinog.ch',`550 Spam Block: mail from $&{client_addr} refused - see http://antispam.imp.ch/spamikaze/remove.php')dnl
FEATURE(`dnsbl',`dnsbl.njabl.org',`550 Spam Block: mail from $&{client_addr} refused - see http://njabl.org/lookup?$&{client_addr}')dnl
FEATURE(`enhdnsbl', `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl

I regenerated sendmail.cf with m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf and then restarted sendmail with /etc/init.d/sendmail restart.

A few minutes after I restarted sendmail, I checked /var/log/maillog to see whether the SCBL had blocked any spam and found it had already blocked 21 messages.

# grep spamcop /var/log/maillog | wc -l
21

References:

1. DNSBL
   Wikipedia, the free encyclopedia
2. Blocking Spam That Are In A Foreign Language
   By: Low Jeremy
   Article Submitted On: December 04, 2006
   EzineArticles
3. How do I configure my mailserver to reject mail based on the blocklist?
   spamcop.net
4. SpamCop FAQ: Sendmail
   spamcop.net
5. Disable AAAA (IPv6) lookups without recompiling Sendmail
   Date: April 26, 2007
   comp.mail.sendmail - PHWinfo
6. Sednmail cf/README
   sendmail.org

[/network/email/sendmail] permanent link

C:\$WINDOWS.~Q\DATA\Users\admin\Desktop\desktop.ini: Worm.Autorun-2190 FOUND
C:\$WINDOWS.~Q\DATA\Windows\System32\config\systemprofile\Desktop\desktop.ini: Worm.Autorun-2190 FOUND
C:\Users\admin\Desktop\desktop.ini: Worm.Autorun-2190 FOUND
C:\Users\Liza\Desktop\desktop.ini: Worm.Autorun-2190 FOUND
C:\Windows\SoftwareDistribution\Download\d16f45aa864340ccf36504588c6fae4b\excel.cab: W32.Virut.Gen.D-163 FOUND
C:\Windows\SoftwareDistribution\Download\daa4e3a0ea4e94aba329bc28d3b354b1\xlconv.cab: W32.Virut.Gen.D-163 FOUND

But, I believe all of those were false positives.

[ More Info ]

[/security/antivirus/clamav] permanent link

[ More Info ]

[/os/windows/win7/Backup] permanent link

[ More Info ]

[/os/windows/debugging/Themida] permanent link

Seen a font in use and want to know what it is?
Submit an image to WhatTheFont to find the closest matches in our database. Or, let cloak-draped font enthusiasts lend a hand in the WhatTheFont Forum

You can upload an image file to the site for analysis or specify a URL.

You can also search for and buy fonts from the site at MyFonts.

[/fonts] permanent link

Once I had created the Utilities folder by right-clicking and selecting "New" and "Folder" within the C:\ProgramData\Microsoft\Windows\Start Menu\Programs, I then expected to just be able to right-click again within the Utilities folder and select "New" and "Shortcut". But the only option under "New" was "Folder". So I next opened another Windows Explorer window, thinking I could create a shortcut by just going to the folder where the program was located that I wanted to add to the Utilities folder and then clicking on the program, in this case procmon.exe, and then dragging it over to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities while holding down the Alt key (if you just drag the program from one location on the same drive to another, the progam is moved, but, if you hold down the Alt key at the same time, you will get a shortcut, aka "link"). But that didn't work either. I received the message "Windows can't create a shorcut here. Do you want the shortcut to be placed on the desktop instead?" I chose "yes". I was then able to move the shortcut from the desktop to the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities, though I was told "You'll need to provide administrator permission to move to this folder." I clicked on "Continue" and the shortcut was moved. I was logged on under an account, admin, in the administrator group throughout the process.

This seems like a far more cumbersome means of performing a fairly simple task under Windows 7 than it was under Windows XP.

Apparently, you can have at most 70 folders under "All Programs" in Windows 7. Tim Long posted the following at Windows 7 Blank ‘All Programs’ Menu:

I’ve run into a problem in Windows 7 RC where the ‘All Programs’ menu goes completely blank, making it a pain to access installed programs. The search feature still works and programs can be accessed that way.

This happens when there are more than about 70 folders in the ‘All Programs’ menu. The workaround I have come up with is:

1. Uninstall programs until there is <70 folders in the All Programs menu.
2. Use Explorer to browse the All Programs folder (typically C:\ProgramData\Microsoft\Windows\Start Menu\Programs) and reorganise some of the folders into a subfolder. For example, create a Utilities folder and drag some of the other folders inside it. There must be <70 folders in the top level.

So you can use either method 1 or method 2 above to resolve the problem.

References:

1. Start Menu All Programs - Add or Delete Shortcuts
   By: Brink
   Date: November 3, 2008
   Windows 7 Forums
2. Windows 7 blank All Programs menu
   Date: August 19, 2009
   Super User
3. Windows 7 Blank ‘All Programs’ Menu
   By: Tim Long
   Date: August 19, 2009
   Blogs - TiGra Networks

[/os/windows/win7] permanent link

According to Wikipedia, the Semantic Web is "is an evolving development of the World Wide Web in which the meaning (semantics) of information and services on the web is defined, making it possible for the web to understand and satisfy the requests of people and machines to use the web content.It derives from World Wide Web Consortium director Sir Tim Berners-Lee's vision of the Web as a universal medium for data, information, and knowledge exchange."

The Rennsselaer Polytechnic Institute researchers' goal, according to Li Ding, was to "make the whole thing shareable and replicable for others to reuse." Ding said that rendering data into RDF, which is used to create the Linked Data necessary to the Semantic Web, can make it easier to interpose it with other sets of data to create entirely new datasets and visualizations, Ding said. He showed a Google Map graphic that interposed RDF versions of two different data sources from the Environmental Protection Agency, originally rendered in CSV files.

The White House recently deployed the Drupal Content Management System (CMS) for the whitehouse.gov webiste. According to David Lantner, editor of the "Clear Type Press" blog, Drupal could give the White House a good start in annotating its data in a machine-readable way, since it "enables authors to add semantic metadata.to their markup using attributes that are both machine-readable and human-friendly."

At the ISWC gathering, Stephanie Corlosquet, a former researcher at the National University of Ireland's Digital Enterprise Research Institute, demonstrated a set of four interrelated new modules he helped develop for Drupal to ease the use of RDF. The modules were written to "expose the site structure in an RDF format automatically, so site administrators or users don't have to care about RDF or do anything with RDF," he said.

Mr. Corlosquet stated "Drupal has a very modular design, so we can plug [the modules] into the system very easily." He said these modules will be incorporated into the next core version of the system, Drupal 7.

References:

1. How the Semantic Web would work
   By: Joab Jackson
   Date: November 9, 2009
   Government Computer News (GCN)
2. White House shift to open-source Web system draws mostly praise
   By: Joab Jackson
   Date: October 29, 2009
   Government Computer News (GCN)
3. Resource description tool can add smarts to your Web pages
   By: Joab Jackson
   Date: October 23, 2009
   Government Computer News (GCN)
4. Symanec Web
   Wikipedia

[/network/web/cms/drupal] permanent link

[ More Info ]

[/hardware/network/switch/cisco] permanent link

The default setting results in a reduction of prompts -- the prompts continue, yet security is eviscerated. Though protecting administrative credentials is clearly a secure measure, Microsoft is trying to have it both ways – arguing that UAC is not a security boundary. The purpose of UAC is to protect against malware. Even if it's not a “security boundary” the message is about defending your PC against “hackers and malicious software.” If it doesn't do that, what's the point of the remaining prompts?

In my opinion the decision to configure users this way by default violates Microsoft's “Secure by Default” principle, which says that, “software should run with the least necessary privilege.” Clearly, the operating system should support a standard user or administrator with UAC fully enabled. The proof-of-concept code to exploit this shortcoming has already been published.

Windows 7 is great stuff, just don't forget to go to the control panel and turn security on.

References:

1. Windows 7 is everything Vista should have been, with one noteworthy exception
   By: Eric Voskuil, CTO, BeyondTrust
   Date: November 4, 2009
   SC Magazine For IT Security Professionals

[/security/patches/windows] permanent link

Another of the patches issued by Microsoft on Tuesday, MS09-067 addresses eight flaws in Microsoft Office that can lead to remote code execution should a user open an Excel file that has been crafted to exploit one of the flaws.

References:

1. Microsoft fixes 15 flaws with six patches
   By: Dan Kaplan
   Date: November 10, 2009
   SC Magazine for IT Security Professionals

[/security/patches/windows] permanent link

So when I installed Turbo Lister 2 (version 8.2.101.7 was shown when I clicked on Help and About Turbo Lister after installing the software) on her laptop running Windows 7, I checked to see what registry value it was using, after I ran the program once, to point to the location it uses for its data directory. There was no option for specifying the location for the program's data when I checked under Tools and Options in the program, so I had to find the location in the registry. On the Windows 7 laptop, I saw the following registry value under HKEY_CURRENT_USER\Software\eBay\Turbo Lister2:

I checked the contents of that directory from a command prompt and saw there were 3 .tdb files within that directory, an App.tdb, a user000.tdb and one associated with a name matching her eBay store.

Note: you may not see the directory from the Windows Explorer, since C:\ProgramData is a hidden directory, if you don't have it configured to show hidden folders. But, if you get a command prompt and issue the command, dir "C:\ProgramData\eBay\Turbo Lister2", you should see its contents.

On her Windows XP desktop system, I found the following registry value for the location of Turbo Lister's databases:

I copied the contents of the directory C:\Documents and Settings\All Users\eBay\Turbo Lister2 from the desktop system to a shared network folder. Then on both systems I changed the registry value for DataDir to point to that location. E.g., you could use the following, if the system that was sharing the folder was named MyServer and the shared folder was shared as Auctions with a Turbo Lister2 directory created within it.

Note: don't make the registry changes while Turbo Lister is open.

[/os/windows/software/auction] permanent link

[ More Info ]

[/software/database/collectorz/MC-Customization] permanent link