Warning.. This is a rant and it's directly aimed at Symcraptec. Well Symantec (One of the most 'trusted' names in AntiViral software) has decided to ignore my request to white-list some of my software (ViPackager - Automated Skin Installer) - After almost a month I've received no reply from Symantec on the matter and I am willing to bet that I probably wont receive a reply ever. For those of you who are unaware - Symantec will happily block software that appears to 'act suspiciously' even if its completely legitimate software that doesn't damage or harm your computer. This is completely acceptable behaviour for a AntiVirus (if the end users have a choice to unblock that questionable software that is) and usually the author of the software can write a request to the antivirus company and have their software "Approved" which means the AntiVirus company confirms its free of viruses and doesn't harm the computer - Evidently Symantec would seem to ignore the request or not even review it therefore blocking it's customers from enjoying potentially legitimate software. Furthermore the software doesn't give its user's a choice of blocking the software - it just blocks it - not even a confirmation dialogue. Most other Anti-virus software offer a confirmation dialogue at the very least with such software so the end user has the opportunity to run the software. Since some PC users trusts their AntiVirus - They will no doubt complain to the company saying "Your software is infected!". Your reputation could be ruined thanks to Symcraptec - Word of mouth will spread that you make 'harmful' software and so on.

Finally after recoding ViPackager using different methods to achieve the same goals (Which I shouldn't need to do / Symantec could have the decency to inform me to do) I was able to make ViPackager install and work with their software.  Utterly disappointed with this company -

Update 20/08/2010
It seems I need to apologise to Symantec. Although I still feel that their software could give the user a choice before it blocks something "it thinks" is suspicious. However I am pleased that they replied at the very least. At the request of Symantec I will not be posting their decision on the matter though.

14 comments

Is it me or have they stopped making keyboards that clunk and make tapping noises? And why must mice be wireless - the batteries just keep running out. My grand mother recently bought a new PC that was completely touch-screen operated, I honestly cant imagine how this could be used in a practical environment. It felt uncomfortable to use and I am sure having a screen that close to you cant be any good for your eyes either. Eventually we both agreed that it was in-practical and she ended up using a USB-keyboard and mouse for her brand new touch screen computer. That said, I really feel touch screen is practical for mobile devices though (Where it's not practical to have a mouse). I used to think all new stuff would be cool and i'd grow into it. Is it me? Or is the next generation of computer users rejecting these newer input devices as well?

I find myself using my old PS/2 Logitech keyboard that's about 6 or 7 years old because I cant find a similar keyboard that has the same key resistance and 'clunkyness' in the newer ones. It is embarrassing to show people who come over though. My friends often say "nice setup.. whoa.. that keyboard looks ancient!". I am starting to feel like an old man - next I will be saying "They don't make em they way they used to!".

I visited one of my friends and he bought the latest in the logitech series of keyboards. (sounded like a terminator model) It had about a thousand different functions and an on-board LCD screen.. All I could say is.. Really.. is that necessary? Why would you look at the LCD screen on your keyboard? I went to use his keyboard and it felt horrible - there was hardly any resistance and it was completely silent. Maybe that's a good thing? Am I the only one who enjoys a good 'clunk'?

14 comments

At first I thought it was human malice but it turns out to be just another bot. A new kind of spam-bot that reprograms websites to redirect to a URL it wants its victims to visit. Yesterday it hit lee-soft.com and within the hour I received e-mails from users about the forums redirecting them to random websites. My initial reaction was to panic - how on earth could someone modify my website without having access to the files remotely.

After considering what has happened logically if someone had complete access to the files then why didn't they just delete the website and have it simply direct to theirs? Well the logical answer would be to assume either they didn't have complete access or their intention is to hide the code that redirects visitors so that it wouldn't cause suspicion, (by hiding I mean it still allows users to access the forum after 1 re-direct) therefore extending the life-time of the redirection code in order to get more visitors. Well we can say they didn't have full access otherwise they'd make themselves the admin of the forums and spam everyone's e-mail address in the database (Which hasn't happened). The problem is I'm talking as if it were a human being who attacked the forums. We have to assume a human wrote the bot that attacked the forums though.  Whose primary intention would probably be to get more hits on their own websites?

After cleaning my site manually I did find that SMF do offer a cleanup utility which can detect and clean the infected files for you. That is available here http://www.simplemachines.org/community/index.php?topic=313201.0

Instead of simply cleaning the files I wanted to decode the "code" that had been injected into the forums. First the bot injected its code in an encoded state as shown below:

If we run this through a base64 decoder we will get something that looks like this:

In English this is something like.. If you are a Google bot or a Yahoo bot return this script. (This is how Google and Firefox marked my site as containing malware. No doubt that JavaScript contains lots of nastiness) since most people on my forum are neither a google bot nor a yahoo bot we don't care what happens there so much. The next part of the code was encoded in zip format (The guy who wrote this obviously didn't want people to see the source of his 'fine' work of art). I am not posting that part of the code here has its too long. I will tell you what it did though

If visitor has not been redirected yet then redirect them and then write it in their cookies so next time they do not get re-directed again. (Making it appear to a random glitch)

This is not enough to prevent re-infection and we should be more concerned with how this could be allowed to happen in first place. This I am still not certain of yet. However I have taken steps to prevent the site rewriting its own scripts (which is how the exploit would have to operate unless the bot knew my FTP account details which i doubt they do). I suggest SMF admins take the following steps to prevent infection.

• If you are currently infected then delete and re-upload the entire site (don't just clean them unless your willing to read every php file because there could be an unknown php script which could re-infect the site). The infection appeared to only affect PHP scripts on the forum and outside of it. This doesn't mean the exploit cant infect html files or any other file for that matter. Check the "last modified" dates on each file in your entire site)
• You might want to consider preventing PHP files from overwriting themselves from another PHP file (with file permissions) this is optional and could potentially break the PHP script in question. Some PHP files need to rewrite other PHP files when updating etc. However usually they can still operate without requiring this functionality. This isn't a permanent solution and i would only recommend it to people who know how to do it. That's why I am not explaining how to do it.
• Delete add-ons and mods that are made by newbie programmers or questionable programmers. (Add-ons have the potential of opening holes in your forum. This may not be intentional and this could simply be the fact the programmer has overlooked something)

Things that probably wont help (in this case) is preventing the uploading of certain file types or changing passwords. However that's generally good practice anyway.

I take no responsibility if you break your site following my instructions! I am writing it for the benefit of others.

I have verified the scripts over and over every few hours. When I find out how the site got infected I will post something about it.

UPDATE 02/05/2010: It appears the SMF cleanup utility wont find all the modifications done to SMF forums. I was hijacked again this morning but i quickly countered it thanks to the community for quickly advising me of the situation again. (Thanks again rainoffire) I have also found out where the security whole was - SEO4SMF. This mod is responsible for the first infection and the reinfection of lee-soft.com. I suggest immediate removal of this mod or updating it to a newer version. The newest version looks like it has been patched (for now). There could be other holes which we don't know about yet though. Using any add-on or mod presents a security risk to your forums - Proceed with caution.

16 comments

[float=right][/float] Well, i made this section a few weeks ago but i just didn't ever put anything on it. Until now. First i would like to thank the community for their valuable feedback on the ViStart 7 release. I have already started working on the next build to try to address the bugs mentioned on the ViStart bugs board. I will be releasing that around Christmas hopefully. Anyway yesterday my brother came to me, he was quite depressed because his Playstation3 decided to YLOD (Yellow Light of Death). I did some research and it was what i had suspected. The YLOD is pretty much the equivalent of the Xbox360's RROD. "General Hardware Fault". 80% of the time for PS3's, this is apparently caused by cold solder joints between CPU/GPU and motherboard. The Japanese Launch Units had a slightly different design than the more recent units. Sony quickly changed their design in a desperate attempt to fix YLOD or potential YLOD units.

What's more amusing is how Sony are dealing with this problem.

BBC Watchdog apparently launched their own investigation on the matter. Which invoked this amusing response from Sony
Is my brother one of the 0.5% people affected (remember, these figures are calculated by Sony and obviously cannot be trusted. Just like Microsoft's fake figures of the RROD failures). Well maybe he is that unlucky. Anyway a few years ago a Japanese guy told me about what he called the "sony timer" theory. Apparently it's well known. Although it could just be small minority of people who have been very unlucky with Sony products. Although i am sure it would be more than 0.5%  ;) (since it's a well known theory). He proposed that Sony intentionally engineer defects in their products which causes the product to fail just short of the warranty period. The only problem with that theory is that we know Sony sell PS3's at a loss. So i looked at how much a PS3 would be to get repaired officially, apparently it's around the £130 mark for YLOD. Although the BBC Watchdog crew made it look like it should be a £5 job. From i could tell in the video. They simply disassembled the units and reflowed.  (The same effects could be achieved with a heat gun) So i did what they did only i used a heat gun instead. It worked great. If anyone decides to copy me (Which i take no responsibility for) then i recommend using a temperature controlled heat gun set on the lowest blow-speed and around 350 C. You should probably follow a guide. gilksy1 does a good guide. You can watch his youtube video here; http://www.youtube.com/watch?v=U70SgRDVcBo

Happy un-LYOD-ing  

7 comments