Rootkits

Chris did a great job of mentioning a new CD-protection scheme in his journal the other day and I’d like to take it a step further and elaborate on it a bit. Let me give you the basic behind this first. Sony, the most evil of the music companies, has made use of a new copy-protection scheme for their CDs. This protection involves not only DRM technology but something called a RootKit to HIDE that technology. Basically, they use a DRM scheme to limit how many times you can use that CD in a computer, if you can/can not copy it, make MP3s out of it, etc. That DRM software isn’t noticable by the end user because it’s hidden from Windows by the Rootkit. A Rootkit is basically cloaking technology that hides files, registry entries, running processes, etc. The thinking is if the end user can’t find it, they can’t shut it off. I won’t get into how much I think this is complete and total bullshit, but you can probably already guess my displeasure.

The main problem here is that this RootKit doesn’t exist ON the CD, no no, that would make sense, no, this baby is INSTALLED AND HIDDEN on your computer. Meaning, if you buy a Sony copy-protected CD, this Rootkit is being installed, activated and hidden without your knowledge. You can read more about the specific hiding/revealing, software aspects of this over at Mark’s SysInternals Blog (thanks to Chris for the original link).

Ok, so copy-protected music is evil, right, everyone with me? Good, cause here comes the next leap. The software makes very slight changes to the things it wants to hide. Basically, after you’ve listened to Madona for a few minutes and this thing is up and running on your system, all you (or anyone) would have to do to USE IT, would be to add “$sys$” to the front of a file. Windows will NEVER see it. So, viruses, trojans, hacks, etc, can be completely and totally hidden from EVERYTHING by adding a few characters to the front of the filename. Now, this would only work for those of use who have put a Sony CD in our computers, but still, the implications are frightening. Anti-Virus programs couldn’t find’em, system scans, etc. No running processes to be detected. Totally stealthy.

So, now we have a) a program that hides things completely from windows and everything else for that matter and b) a way to hide things OURSELVES.

Yup, that’s right kids. WE could hide things. Think about it this way… if you’re a hardcore cheater in online games, what’s the one thing you fear? Your cheat being detected right? How is that cheat detected? The most common checks are for file size/date/origin/manipulation and for running processes. Now, cheaters have gotten smart over the past few years. Now they’re way beyond simply editing a DLL or hacking the registry. Now the newest trend is creating “code caves”, essentially making a bubble in the code while it’s running, injecting their cheat, using it, they collapsing the bubble so it’s undetectable. The process works because the code is inserted into memory randomly and so quickly that most active scanners won’t detect it. What if you could have that process running 24/7/365 and it would NEVER be detected? That’s what Sony just gave to cheaters everywhere. A simply way to hide a running process from even Windows itself. If it’s hidden it can’t be seen as running and if it isn’t running it can’t be detected and if it can’t be detected, cheating just got easy.

Now, I play BF2. I enjoy it. But it’s anti-cheat system is Punk Buster, a mediocre at best system for scanning active processes/drivers and information sent to and from game servers. All I would have to do to cheat is to go buy the latest Santana CD, add “$sys$” to my hack and fire up the game. How fucking sick is that?

Way to go Sony. I hope you realize exactly what you’ve done. You’re not only evil for using a method like this to rob honest paying customers of their right to use the music they bought, but you’ve also given millions of people a relatively easy way to rob the rest of us out of good clean video gaming fun.

Is this all theoretical, is Matt worried over nothing, could this really happen? Yeah, it could, and has: World of Warcraft hackers using Sony BMG rootkit.

Way to go guys. Fucktards.

FYI

I’ve transfered my domain back to NetSol because it was expiring next month and because NS had a sweet special this month ($19 for 2 years on a transfer). So, the page might disappear while it’s being transfered. Just a heads up.

Pass the tequila please

So it’s been a little while. I’ve been about as busy as one person can be. Most of it good, some of it annoying. Work is steady and likeable for the most part so long as you ignore the pageant people and focus on the work itself. It’s actually pageant season if there could be such a thing. It’s this time of year that all the local pageant pick who will be going to state. Everyone is required to have photos and everyones deadlines are sometime within the next month. I’m doing a lot of retouching and output lately, with some basic headshots thrown in for good measure. I also have a wedding this coming Saturday that I’m excited about. It’ll be at the natural science mueseum here in town, so it’ll be qwirky and different.

Been trying to relax a bit more lately. I was feeling overworked and under appreciated before, but at the pase things are going there really wasn’t much time for that, so I let it go.

Home life is great as always. Lauren and I went out last night with a couple of her friends and I got pleasently mellow off a few margarittas. It probably didn’t help that they were the top-shelf variety and that typically means quantity and not quality when you’re at a bar. For once I’d like a top-notch drink to have something like El Tesoro Paradiso in it instead of Cuervo 1800 or some crap. Note to all drinkers: If you ask for a drink and don’t specify whats in it, you’re drinking crap. Why do you think everyone drinks Smirnoff? It’s not because of the quality, thats for damn sure. No, people drink that swill because that’s what they’ve been served over and over again.

My friends, let me educate you in the finer things in life. Vodka, Wiskey and Burbon and mens drinks. Tequila, Rum and most liquiors are for when you want little umbrellas in your drinks. I’m not knocking them, I was even in the mood for an umbrella drink last night, it’s just that they’re not as refined.

For vodka, there’s 3 brands to drink and 3 to run screaming from. For the best vodka on the planet you’re going to need to find some Gray Goose (the triple distilled black label, not the blue one), Monopolowa and a certain Russian brand that comes in a metal flask-like bottle and is completely unpronouncable. You won’t find it in the states, but it’s define. On the flip side, you’re going to want to throw a drink back at a bartender if they serve you Smirnoff, Absolut and anything that you can buy at a corner store for under $10, most of those have Smirnoff looking red and black labels and the bottles will probably have handels. Of course you can find perfectly drinkable things in between without breaking the bank. Level Vodka, Sky, Ikon and a little Texas label called Tito’s are all perfectly acceptable.

Stay tuned for next weeks exciting adventure, “how to buy a good cigar”.

Matt out.

Anyone else following this?

Anyone else keeping up with the “rel=nofollow” tag news? Seems like an interesting idea. I kinda wonder when/if it’s going to get implemented.

For those of you outside the loop, Google, MSN, Yahoo!, Manilla, Six Apart, WordPress, Flickr, Blogger, Livejournal, Buzznet, Blojsom, Blosxom announced their support for a new html tag. By adding the tag to link tags, search engines would ignore it when they index a page.

The idea behind comment spam is that the links spammers post are indexed and count towards their page rank. This would negate that effect.

In my opinion it would help with fighting the page rank but do absolutely nothing for the amount of comment spam. The spam would be pointless, but that’s not going to stop anyone from posting it. Why change the way they post spam when they can just post more and hope it works. Fuckers.

If anything, this will increase the amount of spam that doesn’t work. That, and break html standards… unless it gets adopted there too.

The Story

I know, I know

Ok, so its been a little while since I last wrote. Well, actually, it’s been more than a little. But that’s ok. Better to be too busy to write than not I suppose. Actually, there’s been quite a lot going on. I’ve shot 2 weddings, gone to a hockey game, ordered new computer parts and been involved with my team taking the number one and number two ranks on SquadGames and TeamWarefare respectively.

The weddings were fine for the most part. One was with a really good group of people who just didn’t have anything go their way that night (cake was wrong, band sucked, etc) but it was good for us since we did a little problem solving here and there, they really appreciated our extra effort and they had a positive outlook about the whole thing. The other wedding was pretty run of the mill. Nothing to complicated or involved. I’ve also got another wedding coming up in mid-February that’ll be pretty cool. It’ll be at the Houston Museum of Science in the “Gem” wing. I’ve got to remember to go over and take a look at the location so I can get an idea about how to shoot it. I’ve been told it’s a bit of a “cave” in terms of light and that photos won’t be easy. You know me, nothing comes easy.

The hockey game was fun. The tickets were a belated birthday present from Laurens mom. She let me pick out the game and she bought the tickets and I wanted to wait one of the New England teams to be in town. We caught the Houston Aeros vs. the Worcester IceCats last weekend. Good game. Worcester spanked the crap out of them, not like that’s a huge surprise or anything.

In gaming news, after a long screaming battle over some cheating allegations and false positives from PunkBuster, we were dropped to 15 on the TWL ladder. We had a clan member (newly admitted the week prior) get kicked from a warm-up round before a match. He didn’t even play in the match in question. After we won the other team accused us all of cheating and brought up the matter to the game ladder admins. They responded without even talking to us by banning our new player and dropping our rank. We got the following a few days later directly from Even Balance (makers of PunkBuster):

“We have confirmed that several gamehack violations (#81001-81014) triggered since the prior PB Server update on 12.11.2004 in BF1942 could have been caused by files or memory that were corrupted by non-cheat programs such as virii, adware, no-cd programs, etc. We encourage PB Admins to give players the benefit of the doubt for these violations.”

We of course, did NOT get the “benefit of the doubt” and we’re actually quite mad about it. The TWL admins have their heads quite far up places dark and moist. Regardless, and with huge amount of anger, we marched on. We fought back from #15 all the way to #2 after a victory last night over the team that raised the stink in the first place. Man, that felt good. I’ll say this once and only once. The Texas Combat Crew does not, has never and will never cheat. We do not need to. We’re nationally ranked #1 and #2 and there’s a reason for that. We’re fucking good. If you can’t deal with that and get beat down by us, don’t accuse us of cheating, it’s un-sportsman like.

We defend our number two position this week and challenge up for number one next week. Should be good matches.

Lastly, the new computer is on it’s way! That’s right, Matt finally got enough cash to upgrade the old rig. I waited until HL2 came out to see if it was playable and it was, though only barely. I’ve been told that Battlefield 2, being released late Feb/early March, will be quite the system hog. I just had to up the power. Come the end of this week (because New-Egg ships faster then imaginable), we’ll be rocking with a new Athlon 64 3400+. I paired that with a Ultra XConnect 500W PSU, a MSI K8T Neo-FIS2R mobo, 1G of Cosair, a shiny new Zalman cooler and topped it all off with a MSI Geforce 6600GT. I chose the 6600GT mainly because I didn’t have the extra $300 and because its the highest rated 6600 AGP card and it’s from the same manufacturer as my motherboard, making for maximum compatibility. That and they were one of 2 companies to go above and beyond with the 6600 line and put a non-stock fan/heatsink on it. The other was Gainward and they’re having supply problems and the cards have been sold out for months. I’ll plan on upgrading the card to a 6800GT or Ultra after this summer. I figure I’ll have some serious overtime hours after pageant season.

I’ll be using the rest of my old parts for now but a DVD burner and a 250G hard drive are defiantly on my sale watch list. Oh, and speaking of, Chris, that camera you wanted, it’s on a one-day sale at New-Egg today. Just a heads up.

Lastly, and I know I’ve said this before, I do have a new page design almost ready. I’ve scrapped the one I didn’t put up from last year FYI. If anyone wants it, it’s theirs. I just haven’t had the time lately and things like that get pushed to my already crowded back burner.

Anyway, hope everyone if doing great in the new year. I’m looking forward to turning comments back on. I think Jason set up mysql for me and I’m just waiting on a user name/pswd from him. After that I’ll give wordpress a shot. Chris seems to like it and that’s good enough for me. That’ll be when the new design will go up. Should make life a little easier for everyone and it won’t be…. well… brown.

Matt out.

Program stuffage

First off, comments are turned off. Unless you’re a TypeKey account holder. In which case you can comment till you’re blue in the face, provided you can find the login box… which doesn’t exist. I didn’t do this because I’m in favor of their system. I’m not. I think it’s retarded. I think I should be able to make my own database of people who are allowed to comment and not rely on theirs. No, this was more of a last ditch effort to say myself from the insanity that has exploded on my comments over the past two days. Maybe, in some bizarre world, turning off comments for a few days will help. I’ve gotten, over 2 days, over 2000 comment spams. Luckily, I turned on comment moderation when I rebuilt the journal last week, so you, the reader, never actually got to see any of them. That I’m thankful for.

I won’t go into a long diatribe about how I need to change my journal system and how I’d like to do this or that, change this, have a feature that does something, etc. It’s pointless. No authoring system is 100% perfect, customizable and secure at the same time.

Instead, lets focus on other thing.

In gaming news, WE’RE NUMBER 1!!!!!!!!

That’s right. The Texas Combat Crew is back on top baby. After a long hard night of fighting, TCC beat =VoD= and reclaimed our number one spot on the CTF ladder. We’re also currently #2 in Conquest and #2 in CTF in a whole other tournament system. We’re challenging for number one in both this week.

Also, just a quick thought. Since I’m not a programmer, I can’t make useful things. Heaven knows I’d like to. Maybe you guys can help. You’re good at this sort of thing. I have four ideas for programs, three of which are easy. The forth is probably not possible but it would be nice. I won’t bore you with three of the four because they’re Battlefield related and no one gives a crap about that except me. I will mention this one though:

Idea: A small program that emails you every time a specified file is updated. It could be used for logs of some sort. The program would check the file for updates/changes. If it’s a text file, it’s contents could be emailed to you, if it’s not a text file, then a notification that its been changed could be emailed instead.

Anyone want to take on the challenge?

Oh, almost forgot, Chris and I are going to try and work on a Win amp skin. Cool huh? I’ll let you know more later as it gets closer.

Matt out.