Welcome to GuruNews
Brought to you each week by the PC Gurus, a loose collection of volunteers from around the Kentuckiana region.
You can
interact with the PC Guru team via our Web site, located at http://www.thepcgurus.com. On our
site you can post your computer questions, comments and rants on the forums,
e-mail the PC Guru
team members and chat one on one in our nightly IRC chat
beginning around 8:00 PM EST. You can also subscribe to our RSS feeds so
you can get the latest news and forum updates from the PC Guru Web site directly
on your computer.
If you’re new to the Newsletter you can read back issues at Team member JP Durbin’s website at http://www.jpdurbin.net. There are links to all the old 84 Online issues as well as the new GuruNews missives.
The WHAS Crusade for Children provides year round support for needy children throughout the Kentuckiana region. Visit http://www.whascrusade.org to make donations online.
To subscribe to this newsletter just drop by www.thepcgurus.com and sign up!
Vol. 6,
No. 9
2-23-06
1 General housekeeping
2 Fishing vs. Tech
3
Premature Vista info, Netherlands broadband, Forbes predictions, Macbook innards
4 IM/VoIP
5 OS X security
6 .sit files
Lots of general catch-up stuff and follow-ups to the port forwarding articles this week, starting with the fact that this should be issue number 8 of the year and not 9.
I goofed up somehow and skipped a number for issue 6, which has thrown the numbers off. At this point I can’t really fix the count without breaking up the continuity of the articles so likely I’ll just leave a hole in the list this year. This is really only important to those of you who save the newsletters or visit JP’s website (www.jpdurbin.net) to read the back issues, but I wanted to make you aware of my mistake.
Concerning the last few issues reader Ralph Beverly sent along a link he found with actual screenshots of each configuration screen you’ll see to set up port forwarding. The amazing thing is that this site has the shots from scads of routers, not just one or two.
Whoever set up and maintains http://www.portforward.com/ has done an astonishing job, with help from email submissions of new screenshots from readers. That was a great find, Ralph. Thanks for sharing!
We’ll be presenting some new features from the Gurus in the coming weeks, starting this week with a teaser offer of a free giveaway. A reader (who wishes to remain anonymous) has offered to provide a drawing or contest every week, which next week will start with a separate section.
This week’s featured contest is brought to you by http://digitalmakeover.netgear.com/win.aspx and includes a wireless router, wireless adapter, network storage device with two hard drives, a wireless gaming adapter and a wireless MP3 player, all of which will be professionally installed.
Simply fill out the form at the site and include a brief description of why you feel you need a “digital makeover” and submit.
A new feature we’ll be playing with based from the Guru website will be a podcast, which is an audio recording similar to a delayed broadcast of the radio show. Currently it won’t be “live” but will consist of discussions of technology related news and some answers to email questions (which will also be answered via email, of course).
At this point we’re still gathering hardware and experimenting with software and infrastructure but we hope to make it a weekly feature and possibly take it to the level of a live broadcast with real time questions and answers from listeners.
Stay tuned for future developments, as I’ll keep you apprised of our progress.
Kevin Mefford, Editor
Terry Wise
Tech News of the Week
Microsoft
prematurely posted information about its much-anticipated
Windows Vista
operating system on one of its Web sites, the company
said on
Tuesday:
http://today.reuters.com/news/newsarticle.aspx?type=technologyNews&storyid=2006-02-21T202021Z_01_N2195718_RTRUKOC_0_US-MICROSOFT-VISTA.xml&rpc=22
Residents
of the Netherlands, armed with a tax break for computer
purchases and some of
Europe's lowest broadband fees, lead the world
in the use of personal
computers and the Internet according to a
study by the Pew Charitable Trusts
released Tuesday:
http://www.iht.com/articles/2006/02/21/business/pew.php
And
now, a slideshow from Forbes---10 things that will change the way
we
live. Lights, please:
http://www.forbes.com/2006/02/16/cx_cd_0217featslide.html
The
new Intel Mac notebooks (known as the Macbook Pro) have arrived. Ever
wondered what's inside that bad boy? We're glad you asked:
http://eshop.macsales.com/Reviews/hardwareandnews/mbp1520/mbp1520.html
Copy
us on the good stuff ;-)
Matthew Dattilo
thepcgurus@gmail.com
www.mattdattilo.com
Download of the Week
Besides a download this week, I thought I'd share a little information with you folks about a radio show that several of the PCGurus listen to on Sunday afternoon.
That show is called "Into Tomorrow" and it airs 2pm-5pm EST Sundays. It's hosted by Dave Graveline. Dave began syndicating his show from the Miami, Florida area in 1996 after hosting a local show called "Toys for Boys". The show has an active chat room and offers many prizes to both the on air listeners and the chatters. While there is no local affiliate for the show, there is a link to an Internet stream broadcast at the website, www.graveline.com. Coming soon, for you gamers is "Into Gaming" hosted by Mark Lautenschlager, a co-host on "Into Tomorrow". "Into Gaming" will air at 6pm EST Sundays. Mark says his website, www.intogaming.net, will be up by the end of this week.
Now for the download: Skype is a VoIP (Voice over IP) telephony/IM program. While many instant messaging programs offer voice chat features, Skype is far superior to any of the others that I have tried. Skype was developed by the folks at Kazaa and uses a form of their peer-to-peer network to offer this clear, reliable telephone software. Skype calls are encrypted to insure privacy over the Internet. The free version of Skype allows for calls from PC to PC anywhere in the world and the subscription service allows for calls to any phone in the world for discounted long distance rates. Voicemail is also offered for a fee. All prices at the Skype website are in Euros, but I'm guessing Voicemail converts to around $18/year. In addition to voice calls, Skype users can make video calls, conference calls and send instant messages. Skype has Linux, Mac OSX, Pocket PC, Windows 2000 and Windows XP versions. A broadband connection is required, as well. This is truly an impressive program and you can get it here: www.skype.com.
As of this week, the PCGurus are beginning testing a podcast using Skype for a conference call to record it. Once we're comfortable with the process, we expect to invite you to join us during the conference call to ask questions, similar to our old live broadcast.
Art Maley
Mac Tip of the Week
New OSX
Vulnerabilities
Last week brought us news of two new OSX vulnerabilities. The media frenzy following this would have made Chicken Little shake his head. But I am not going to waste NL space discussing the Tech media’s Microsoft bias. I would like to devote the following paragraphs to detailing the actual vulnerabilities and what they mean for you.
Leap-A worm / virus
Leap-A or the more humorous “Oompa Loompa” is actually hard to classify as a worm or a virus. The closest one can classify it is a Trojan - a program that is pretending to be something else. This is a malicious program (a piece of script code) that disguises itself as a jpeg (image) file - most commonly masquerading as a compressed file “latestpics.tgz” offering images of the latest OSX 10.5. This worm reportedly spread via iChat and its action was to corrupt installed applications. Most people were classifying this malware as a worm as it could spread via iChat and a virus as it infected installed applications.
It turns out that Leap-A will only spread under a very specific set of circumstances. First, you must be using “Bonjour iChat”, NOT internet-based iChat as most of us do. So the only way your infected iChat “buddy” can automatically send you this file is if you are on a Local Area Network (LAN) and are using iChat.
Secondly, once the file is sent you still have to accept it. Big RED FLAG if you get a file via iChat you were not asking for. Once you manually accept the file, you have to double click it to activate it. So obviously, this so called worm is not going to spread like wildfire. It takes a lot of user interaction to even get it on your machine. In fact the only people I have read about on the web that have gotten infected with this malware is the curiosity seeking geeks who have deliberately infected themselves to see what this file will do. I wouldn’t advise that unless you know what you are doing.
Once active, this file will infect Cocoa based applications but ONLY those owned by the user, NOT the system. What that means is that in the unlikely event you were infected, it would not impact applications such as Safari, Mail etc. It would however infect user-installed applications such as Firefox. Once infected, the application just wouldn’t work. This is more than likely a bug in the malware code since the program breaks the very applications it is trying to infect. Most people don’t keep trying to open a broken application. All you have to do is to download / install a clean version of the application and it will overwrite the infected version.
This was probably a “proof of concept” and used social engineering tricks used by many virus / worm writers. Due to bugs in the code and/or deliberate intent, this code was not as malicious as it could have been. The lesson here is the age-old lesson to NOT download files or run them unless you trust the source. It is also a wake up call for many Mac users who get “click happy” and are complacent when it comes to security.
Automatic Execution of Shell
Scripts
This is a true vulnerability in OSX, and worries me a lot more than the Leap-A worm. Normally OSX applications warn you if a file you are downloading contains a program. OSX then asks you for an administrator password prior to running the program. Without getting too geeky here, the way OSX knows an application is contained inside a compressed file is a line called a “shebang” line at the beginning of the code, which tells the Operating System as to which application should handle the program. So for example, if you have the “Open Safe Files after Downloading” option checked in Safari, and you are downloading a jpeg image, the OS knows to use the Preview application to open the image file. The problem / vulnerability arises when this so called “shebang line” is missing from the file AND you have the “Open Safe Files” option turned on. Mac OSX will then load the program in Terminal to be executed by the Shell. Most Mac users aren’t even aware of the Terminal, but it is a powerful application that can process shell scripts. If the user has assigned the Finder to open scripts using the Terminal, this will happen automatically. Thus a virus / worm writer could potentially use social engineering (as the previous example) to get you to download a shell script disguised as something else (say an image file). Safari would download the file and if the “Open Safe Files” option is turned on, run the program. If this program were malicious, it could cause some serious damage. It appears that the “Mail” program in OSX handles downloaded files the same way.
Please note that at this time, this is just theoretical. There are no malware files out in the wild that actually exploit this vulnerability. In addition, the default mode of Safari has this option turned OFF, but the potential still exists. The simple fix is to turn OFF the “Open Safe Files after Downloading” option in Safari if you have turned it ON. You will find this checkbox under the General Tab of Safari Preferences. This option does not exist in other browsers such as Firefox or Camino so it doesn’t impact them.
So despite the media tempest in a teacup, the sky is not falling just yet. Following some simple practices such as not downloading unknown files or running programs from untrustworthy sources should keep you safe.
Harish Venkatachalam
Email Question of the Week
Q: I recently purchased a Mac mini in order
to listen to internet radio
One of the stations told me to download the
OSX version of windows
media player from Microsoft. I did
but Mac would not "open It". I
called Apple Care they said
I need an Unzip program lke "stuffit"
Will that really
help.????
A: Many websites still pander to the
Windows monopoly and would rather use
the proprietary Windows Media
media than a standard format. It's the
same mentality as those
that design websites only for Internet
Explorer. Anyway, the
reason you needed Stuffit was because most files
that you download,
such as the media player from the Microsoft site are
compressed
files. It's like the "zip" files you may be used to in
the
Windows world. It helps with faster downloads as the file
size is
smaller. You can get Stuffit expander for free
here:
http://www.stuffit.com/mac/expander/
As
far as Windows media player is concerned, Microsoft has stopped
support
for the Mac version. You can get a "plugin" from their site
which
will let you play Windows Media files on your Quicktime player.
The
plugin is called Flip4Mac and can be downloaded here:
http://www.microsoft.com/windows/windowsmedia/player/flip4mac.mspx
Personally,
I prefer to use iTunes for all my radio needs. I can listen
to
music, radio, podcasts etc. all in one place. If you haven't
yet,
just open iTunes and click on "Radio" on the menu on the
left.
Hope that helps.
Hash
hash@ucanweb.com
Contact info and legal
stuff
If you have tech support
questions or ideas and/or submissions for our newsletter please submit them by
visiting www.thepcgurus.com and click
on the “Email the Team” icon.
Copyright 2001-2006 The PC
Gurus, all rights reserved.
Publication, rebroadcast or storage is prohibited without prior consent,
however you may freely forward this publication to friends as long as A) it is
forwarded in its entirety and B) no fee is charged.
Information provided in this
publication is provided "as is" without warranty of any kind, either expressed
or implied. Although the
information provided is known to work on most systems, it may not work on ALL
systems. Make use of any
information supplied at your own risk.
The PC Gurus are a group of
volunteers who provide support for the PC, Mac and Linux users in the
Kentuckiana region.
To unsubscribe from this newsletter send an email to microdome@seidata.com with the words “unsubscribe newsletter” (without the quotes) at the top of the body of the message.