Schonhose

While working on the Googlemaps addon I thought it would be useful to re-install Google Earth. Last time I removed it from my computer due to the amount of space it took on my C: drive, which is rather small. I was rather hopeful Google would provide an easy way to change the location of the cache to another drive.

Well, turns out I was wrong. But there is a way to do it, but it requires two hacks in the Windows Registry. The keys you need to change, as well as the location are displayed below:

[HKEY_CURRENT_USER\Software\Google\Google Earth Plus]
“CachePath”=”F:\\Google Earth Cache”
“KMLPath”=”F:\\Google Earth Cache”

As you can see I moved the Google Earth Cache from the C: to my F: drive which has lots of space left. I wonder when Google will implement an easy way in the options panel of Google Earth. In the meantime this hack will work. Remember to make a copy of your registry to be on the safe side.

After my problems with my ADSL connection a few years back I decided to switch to cable internet. This service was only provided by Casema in my neighborhood so I went with them. I got my cable internet and it was stable and rock solid.

This year Casema teamed up with some other companies and a new company was born: Ziggo. Since Ziggo provided my internet I had a lot of DNS trouble. Sites were loading slow or not at all, rebooting the modem didn’t provide an answer and I was learning to be patient again.

Then someone pointed out OpenDNS, a free alternative to the DNS servers of Ziggo and other companies. Since I used this as my primary DNS server my internet has been fast again.

However, for safety precautions I use the Ziggo DNS as secondary server. So if you used Google and found this page it might just be worth a try. I’m not saying it will solve the problems you’re having, but it surely worked for me.

Today I found a rather strange email from Microsoft detailing information about an important security update for a wide range of their operating systems. The email explained the reason for sending out this email and urged to install the attached security update to protect my computer from any malicious software attacks.

At that time some sirens and red flashing lights were going of in my head. Let’s see if my suspicion is really justified. First of, how would Microsoft know I’m using Windows as an operating system? Secondly, how would they get my address in the first place? The mail mentions the following “As your computer is set to receive notifications when new updates are available, you have received this notice.“.

Right, that disturbs me a bit, because basically what it says is this: “You thought we only send you notifications about updates but in the mean time we also uploaded private information on our servers like your email address“. Well, there you have it: mistake #1. If Microsoft indeed would have tried to do this it would have been publicly known on the internet. Remember the fuss about WGA a couple of years back? And by the way, the word “notifications” in itself suggest a one-way connection.

Let’s go on and dissect the message and the attachment some more. The so-called security update is about 33kb in size. Yes, I know what you’re thinking and you’re right. It is small, especially if it contains the fix for 5 different OS versions dating back to 1998. That is just another clue this is just a scam.

Furthermore Microsoft will never (and I do mean never) send out security updates through email attachments. All official updates are from either the genuine Microsoft website or from the automatic update processes (which coincidentally connects to the same genuine Microsoft website).

And finally the last reason why this is a scam. The attachment is named KBxxxxxx.exe where “xxxxxx” is a number. This number corresponds with an article in the knowledge base. The attachment I received is named “KB575544.exe” and guess what? Here is a link to the nonexistent KB article.

So if you have recieved this mail and installed the software you are infected by a trojan as mentioned by Graham Cluley’s blog (at Sophos).

Below is the full mail I received today (without attachments obviously).

Dear Microsoft Customer,

Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.

Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.

Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.

As your computer is set to receive notifications when new updates are available, you have received this notice.

In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.

If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.

We apologize for any inconvenience this back order may be causing you.

Thank you,

Steve Lipner
Director of Security Assurance
Microsoft Corp.

I received some mail and comments today that my downloads were giving a dreadful 404 Not Found error. This has led to a wild goose hunt for several hours trying to determine the source of the problem. Finally I was able to track things down. For some mysterious reason a .htaccess file has been removed, leading to some unexpected results. After restoring the very basic version of the file the downloads started working again.

Sorry for the inconvenience everyone!

Thanks to Dave we found the mentioning of an exploit for the Pixelpost Copy Folder addon. This exploit consists of spoofing some fake administrator credentials so the hacker can try to get the login info from the file “pixelpost.php”. It was uploaded about a month ago (June 9th) by someone called Charles F.

Obviously we patched the svn version as soon as possible but I wanted to comment on the actual chance of getting hacked. To get hacked your server has to have the following options:

• register_globals = On
• Sufficient rights to write a file in the addon folder

Well, let’s comment on the first option, the register_globals setting. In my opinion any host that has set this setting on should be shutdown as soon as possible. Default setting of this option has been off since PHP 4.2.0 and for good reason!

Most hosting companies have setup different users for both PHP and FTP users. The PHP user is the user under which the PHP compiler runs, the FTP user is you uploading the files through FTP. With PHP Safe mode set to on, the PHP user cannot create files in a folder owned by the FTP user (assuming you’re on Linux and Apache). You can test this easily: did you need to set your images and thumbnails folder to CHMOD 777 upon install of Pixelpost? If the answer is yes, there is no way this hack could work on your server.

If the answer is no, you might be vulnerable (especially when register_globals is also enabled). In that case remove the Copy folder addon (“copy_folder.php”) from your addons folder. Chances you do get hacked are small, but better safe than sorry.