Tuesday, October 25, 2011

Time to End the Wikleaks Banking Blockade


This tweet just in from Wikileaks:
Support WikiLeaks - you can now donate with an SMS | http://shop.wikileaks.org/donate#dmobile (check it works where you live using dropdown menu)
It works fine in South Africa, and I donated R20 for now. Will donate more soon. Watch the video and fight back at Visa, MasterCard, PayPal and the entire wunch of bankers trying to blockade Wikileaks.

What Does it Cost to Change the World? from WikiLeaks

See: Broke Wikileaks Halts Publication to Raise Money at Gizmodo.

Monday, October 24, 2011

No News is Bad News for AlJazeera English


AlJazeera English is my primary source of TV news. Sometimes I can even watch it online, depending on the availability of bandwidth. This morning I noticed that something was going wrong: there was no news coming out of their Doha studio. Was AJE under attack? Was the staff on strike or being censored? All kinds of scenarios went through my mind.
After all, the station is owned by the state of Qatar, and they recently changed senior management, so anything was possible. What strikes me as most odd is that they, as a news outlet, did not see fit to tell their audience what was going on. This is bad news, especially for a company that has numerous twitter accounts and Facebook pages. It's bad for credibility.
On the one hand the fact that their primary studio isn't working may not count as "news", but there wasn't even an explanation on their web site, and tweets to their twitter news account went unanswered. A tweet to their @AJStream account, supposedly their flagship social media program, wasn't addressed directly. Weird.
I eventually got a reply from Alan Fisher, one of their best journalists: "significant tech issues I believe". Why couldn't the station itself say that? Why is it afraid of admitting it is having a technical hitch? It's not like you aren't going to notice if you switch on the TV looking for a 30 minute news program and you get a documentary instead. Instead of getting my "morning news fix" at 9am (News Live Doha), I eventually got it at 3pm (Newshour from London) instead. That's when I got the clue that the Doha centre was having difficulties.
Note to AJE: Just put a note on your program schedule when you cancel programs. Viewers will appreciate your honesty and trust you more. Hiding stuff doesn't build trust or credibility.

Friday, October 14, 2011

ESET's Not-So-Smart Security Failure - Fixed


Resolved: I remain a NOD32 fan, particularly after the amazing response from Shaun Norris and his team. They have fixed the problem locally, and making sure the ESET engineers improve their download process in future releases.

Original Post 10/14/11: I have been a NOD32 fan for a long time, but recently I have been questioning my loyalty, particularly in the light of their very dodgy virus definition update policies. It seems they are perfectly happy to allow a PC to run with definition files that are 448 days old. Or 105 days. Or whatever. What kind of security is that!?
Take a look at the screen shot at the top of the page (click on the image) to see how the software is lying to me. I installed the software two weeks ago on this Windows 7 32 bit PC, and at the time the virus definitions were updated backwards from version 6364 (20110809) to 5307 (20100723) and then later to 6516 (20111004). OK, so it had a glitch. It came right. Wrong!
This morning I returned to the machine, after leaving it running by itself for 10 days. The virus definitions are back to 5307. No amount of cajoling can persuade the machine to download the correct version and not mislead me:

Other versions of the software have experienced similar problems. This PC was using version 4.2.71.2 and it had an issue with the definitions, so I removed the software and installed version 50.93,0. The same thing happened on a brand new Windows 7 machine I was setting up from scratch. Other PCs running Windows 98 and version 2.7 are reverting back to July 2011.
So my question is this: how can the software allow the definitions to roll backwards? How can the servers still have definition files that are 448 days old? Are they insane? They are supposed to be a security company. Yet they issue software with bugs in it, and have a policy that doesn't remove old virus definitions, giving careless users a false sense of security. That's worse than no security at all.
ESET CEO Richard Marko is still blissfully unaware of this problem

Update Mon 17th Oct: I have been assigned a bug report number #TICKET 57298
Update Tues 18th Oct: ESET requested the configuration file and SysInspector log that I sent on Friday 14th. I am starting to get annoyed as well as alarmed. In the meantime the definition files are now over 450 days old! And they want me to run WireShark to capture all the packets. WTF?!
Update Wed 19 Oct: Posted an update to the Wilders Security Forum.
Update Thu 20 Oct: Definitions are now 454 days old, i.e. 64 weeks. After making enquiries this morning I discover the ESET engineers are waiting for a log that I have already sent them. I sent the following reply:
Yes, I am on M-Web but the problem also occurs when using ISDSL which is what most of the [customer] connections use.
Yes, I sent you the event log. TWICE. Here it is: [I have removed duplicates]

14/10/2011 03:24:54 PM ESET Kernel The program modules have been updated.
14/10/2011 03:24:52 PM Update module Updater: retval = 0x0000, failures: 0 NT AUTHORITY\SYSTEM
14/10/2011 02:59:19 PM Update module Updater: Switch DEVEL modules retval = 0x00005007 [NOT NEED] NT AUTHORITY\SYSTEM
14/10/2011 01:43:30 PM ESET Kernel The program modules have been updated.
14/10/2011 01:43:28 PM Update module Updater: retval = 0x0000, failures: 0 NT AUTHORITY\SYSTEM
14/10/2011 01:43:23 PM Update module Updater: Switch DEVEL modules retval = 0x00005007 [NOT NEED] NT AUTHORITY\SYSTEM
14/10/2011 01:42:56 PM ESET Kernel The program modules have been updated.
14/10/2011 10:56:12 AM ESET Kernel The program modules have been updated.
11/10/2011 06:53:02 PM Update module An error occurred while downloading update files. NT AUTHORITY\SYSTEM
11/10/2011 04:53:00 PM Update module An error occurred while downloading update files. NT AUTHORITY\SYSTEM
05/10/2011 08:51:06 PM Update module An error occurred while downloading update files. NT AUTHORITY\SYSTEM
05/10/2011 03:46:12 PM ESET Kernel Virus signature database successfully updated to version 6519 (20111005).
05/10/2011 11:46:10 AM ESET Kernel Virus signature database successfully updated to version 6518 (20111005).
04/10/2011 09:46:01 PM ESET Kernel Virus signature database successfully updated to version 6517 (20111004).
04/10/2011 06:06:00 PM ESET Kernel Virus signature database successfully updated to version 6516 (20111004).
04/10/2011 06:05:57 PM Update module Updater: retval = 0x0000, failures: 1 NT AUTHORITY\SYSTEM
04/10/2011 04:46:44 PM ESET Kernel The program modules have been updated.
04/10/2011 12:49:52 PM ESET Kernel The program modules have been updated.

This is clearly an ESET issue because it is ESET software doing the download, and ESET software that is lying to me about the result, and ESET software that is allowing is virus definition files to go backwards.

I understand that transparent proxies may be involved, but then please explain why two adjacent computers on the same connection can have different results? One works fine and the other doesn’t update.

I really think that ESET is not taking this matter seriously. If your engineers have any further requests or questions, please ask them to contact me directly.
Update 2: Thu 20 Oct 2011: I got a call from Shaun Norris at ESET South Africa, who assured me that they are not ignoring the problem, and have requested further info from me. This is most reassuring. In the meantime I think I have figured out how things are going wrong: their update mechanism is broken. It is vulnerable to faulty proxy servers (such as those used by M-Web) and doesn't use https. It also has no check to see if the version it is updating is older than the existing version. WTF!?
Update: Fri 21 Oct 2011: Shaun Norris set up an alternate proxy for me to try, and also contacted M-Web to get them not to cache the ESET virus definitions. Last night I tried a new installation, which worked flawlessly. I'm waiting to be able to connect to the "afflicted" PC (the office opens on Monday) to see whether these changes will help.
Update: Monday 24 Oct 2011: The virus definitions have updated to the correct version, and appear to be stable. I have sent the logs through to Shaun Norris. All is well for now, and hopefully the ESET Engineers will fix this bug before it endangers other customers.
Update: Tuesday 5 June 2012: Version 5.2.9.1 was just released. It addresses some of these issues, according to the release notes.