Friday, November 11, 2005

Guide to Beating Your Kids

(via DoubleViking)

Are your kids getting away with murder? Are you sick of giving timeouts and verbal scoldings when your heart yearns for so much more?

The truth is, there’s only one way to discipline a child, and that’s with physical violence. Human beings can’t be reasoned with. Like the other animals of the jungle, we’re trapped in our ways. Only through physical pain can a human being break bad behavior.

Rocky says: Sticks and stones will break their bones. Period.

[ More ]

Technical Description of Sony DRM software

(via F-Secure)

Extended Copy Protection (XCP) is a CD/DVD copy protection technology created by First 4 Internet Ltd. XCP has been used to protect some audio CDs released by Sony BMG Music Entertainment. The XCP protected disks contain digital rights management (DRM) software that allow the user to make a limited number of copies of the disk and also rip the music into a digital format to be used on a computer or portable music player.

Once installed, the DRM software will hide:

Files
Processes
Registry keys and values

No means of uninstalling the DRM software is given. The software supports Windows 98SE, Windows ME, Windows 2000 SP4 and Windows XP.

This analysis was conducted on Windows XP in October 2005. The music CD that contained the DRM software was Van Zant: Get Right with the Man (Sony BMG Music Entertainment).

Installation

The DRM software requires administrative privileges to be installed successfully. When a user inserts an XCP protected CD into a computer that has the Windows Autoplay feature enabled, an EULA is automatically presented and if the user accepts it, the DRM software is installed.

The software installs two services that will start automatically during system startup:

HKLM\SYSTEM\CurrentControlSet\Services\CD_Proxy
HKLM\SYSTEM\CurrentControlSet\Services\$sys$DRMServer

The first on is named 'XCP CD Proxy' and the latter one is named 'Plug and Play Device Manager'. Both services are listed and can be seen by the service control manager.

In addition, it installs five drivers:

HKLM\SYSTEM\CurrentControlSet\Services\$sys$aries
HKLM\SYSTEM\CurrentControlSet\Services\$sys$cor
HKLM\SYSTEM\CurrentControlSet\Services\$sys$crater
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$OCT
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_$SYS$LIM

The first driver hides the presence of the DRM software and the latter drivers act as filter drivers and apparently monitor the CD drives in order to enforce any digital rights.

The files for the software will be installed into the directory 'C:\Windows\System32\$sys$filesystem' that will be hidden but still accessible (a directory listing does not show it, but you can access it if you know the name). Contained in that directory will be the files:

$sys$DRMServer.exe
$sys$parking
aries.sys
crater.sys
DbgHelp.dll
lim.sys
oct.sys
Unicows.dll

Additional installed files are:

C:\windows\CDProxyServ.exe
C:\windows\DbgHelp.dll
C:\windows\system32\$sys$caj.dll
C:\windows\system32\$sys$upgtool.exe
C:\windows\system32\AXPSupport.dll
C:\windows\system32\ECDPlayerControl.ocx
C:\windows\system32\InstallContinue.exe
C:\windows\system32\driver\$sys$cor.sys
C:\windows\system32\TMPX\APIX.vxd
C:\windows\system32\TMPX\ASPIENUM.vxd
C:\windows\system32\TMPX\WNASPI.dll
C:\windows\system32\TMPX\WNASPI32.dll
C:\windows\system32\Unicows.dll

Microsoft C/C++ runtime and XML libraries are also updated, if they have not already been installed by some other application.

It should be noted that if the DRM software is active, the registry keys that start with the string '$sys$' will not be shown by most of the available registry editing tools. Also all files and directories that start with the string '$sys$' will not be visible. In Safe Mode these hiding techniques are not active and all the entries are visible.

Hiding Technique

The DRM software hides it information by modifying the execution path of several Native API functions. Specifically, the aries.sys driver hooks the System Service Table (SST). The following API functions are hooked:

Ntoskrnl.exe:

NtCreateFile
NtEnumerateKey
NtOpenKey
NtQueryDirectoryFile
NtQuerySystemInformation

These hooks are generally used to hide files, folders, registry keys, registry values and processes.

Removing

Uninstallation of the DRM software can currently only be done by sending an uninstallation request to Sony through their customer support. The form can be found here:

http://cp.sonybmg.com/xcp/english/form14.html

Sony has also released an update the disables the hiding features. The updates can be found here:

http://cp.sonybmg.com/xcp/english/updates.html

Conclusion

The DRM software does not self-replicate and doesn't contain malicious features and should thus be considered a false positive, triggered by the advanced hiding techniques used by the software.

Although the software isn't itself malicious, the hiding techniques used are exactly the same that malicious software known as rootkits use to hide themselves. The DRM software will cause many similar false alarms with all AV software that detect rootkits.

The hiding techniques used by the DRM software can be abused by less technical malware authors to hide their backdoors and other tools. If a malware names its files beginning with the prefix '$sys$', the files will also be hidden by the DRM software. Thus it is very inappropriate for commercial software to use these techniques.

Links

First 4 Internet Ltd:

http://www.first4internet.co.uk/

XCP technology:

http://www.xcp-aurora.com/

Sony BMG XCP site:

http://cp.sonybmg.com/xcp/

Technical details: Samuli Larvala, Nov 1st, 2005;
F-Secure Corporation

[ More ]

Wednesday, November 09, 2005

Double Meaning Domain Name Mistakes

Some domain names to which the original purchase decision may have benifited from a second review:

Who Represents?, a database for agencies to the rich and famous:http://www.whorepresents.com/

Experts Exchange, a knowledge base where programmers can exchange advice and views:http://www.expertsexchange.com/

Looking for a pen? Look no further than Pen Island:http://www.penisland.net/

Need a therapist?http://www.therapistfinder.com/

Mole Station Native Nursery, based in New South Wales: http://www.molestationnursery.com/

New to Milan and you need electric light? Why not sign up on-line with Power-Gen:http://www.powergenitalia.com/

[ TheSunOnline ][ via TheRawFeed ]

Neuroanatomy for the iPod (medical school is super cool)


(From Medgadget) "We've blogged about iPods in the hospital before. Now, with a new atlas of the CNS from Sylvius, educational iPods are heading into medical schools as well:
SylviusVG, iPod Edition is a visual glossary of the human brain and spinal cord containing information on more than 400 neuroanatomical structures and terms. For each term, Sylvius features:

· a description of the structure's location and function

· a detailed image and text description of the image

· an audio pronunciation

· links to related terms and structures

The package costs as much as an online music album, and works through the Notes menu system. The only audio supplied is for pronunciation; the rest is text and pictures for hundreds of neuroanatomy terms."


[ Medgadget.com ][ TheRawFeed.com ][ Sylvius.com (product web site) ]

Tuesday, November 08, 2005

Images of Venus' Surface Released By Nasa

(via iHateMyCubicle.com )

A view of Venus' surface released by NASA. If all goes well, at 0333 GMT on Wednesday, a Russian rocket will blast off from the Baikonur Cosmodrome in Kazakhstan, taking aloft the first dedicated mission to Earth's closest neighbour in more than a decade.(AFP/File).

[ Yahoo! News Story ]

Monday, November 07, 2005

Rambo IV Movie Poster

(via DoubleViking.com)

Count me in. OooRaah.

Reid: T.O. will not play for Eagles this season


(ESPN.com): The tempestuous star receiver won't return to the Philadelphia Eagles this season -- or probably ever -- "a result of a large number of situations that accumulated over a long period of time," coach Andy Reid said Monday.

Owens was suspended for Sunday night's 17-10 loss at Washington, and will remain suspended for three more games without pay. After that, the Eagles plan to deactivate him for the rest of the season.

[ More ]

Panthers cheerleaders arrested in bar sex incident



Renee Thomas (left)
Angela Keathley (right)

TAMPA, Fla. (AP) -- Two Carolina Panthers cheerleaders were arrested after a bar dispute that broke out early Sunday after patrons complained the women were having sex in a bathroom stall, a police arrest report said.

Police reports named the women, but The Tampa Tribune reported officials were checking into whether one of them gave a false identification. One woman was charged with battery, and the other with disorderly conduct and resisting arrest.

Both women were released on bond later Sunday

The women were locked in a stall at about 2:10 a.m. Sunday when other patrons got angry they were taking so long in the bathroom, the police report said. The women left the stall, and one began arguing with another patron of Banana Joe's, eventually hitting that patron in the face with a closed fist, police said.


[ Sports Illustrated ][ TampaBays.com ][ DoubleViking.com ]


carolina cheerleader pictures and mug shots courtesy of TampaBays.com via DoubleViking.com