Bye Instagram, don’t call back now

This week Instagram changed its terms of use so that it will be able to display your “username, likeness, photos (along with any associated metadata), and/or actions you take” in connection with advertising without you being notified or reimbursed.

Some or all of the Service may be supported by advertising revenue. To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata), and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you.

Although later clarified by Instagram, The Terms of Use are still pretty ugly. This reenforces the Facebook approach that the users are the product that they then onsell.

We've heard you that the updates to our Privacy Policy & Terms of Service are raising a lot of questions. We'll have more to share very soon

—
Instagram (@instagram) December 18, 2012

Rights
…
2. Some or all of the Service may be supported by advertising revenue. To help us deliver interesting paid or sponsored content or promotions, you agree that a business or other entity may pay us to display your username, likeness, photos (along with any associated metadata), and/or actions you take, in connection with paid or sponsored content or promotions, without any compensation to you. If you are under the age of eighteen (18), or under any other applicable age of majority, you represent that at least one of your parents or legal guardians has also agreed to this provision (and the use of your name, likeness, username, and/or photos (along with any associated metadata)) on your behalf.
– Terms of Use

@instagram too little, too slow, goodbye!

The only way to opt out of the new Instagram terms is to not use the service. If you log into Instagram in any way (Web site, app’s or other services) you agree to have your content used in ads.

Links:
[1] Anger at Changes on Instagram (2012-Dec-18) [NYT : Bits]
[2] How to Download Your Instagram Photos and Kill Your Account (2012-Dec-17) [Wired]
[3] Facebook forces Instagram users to allow it to sell their uploaded photos (2012-Dec-18) [The Guardian]
[4] Instagram makes you the product (2012-Dec-18) [The Guardian]
[5] You’ve been framed: putting you in the picture with the Instagram deal (2012-Dec-19) [The Conversation]

Classroom Dataloggers

Moving from Private to Public 2012-Feb-16 for Science lab discussions

Tainlab / Wintec

URL: www.tainlab.com
SOFTWARE: Wintec for Windows Version 5.03.09 (4 May 2011)
DOCS: Tainlab User Guide – 7th Edition, 2008 [PDF]

Tainlab is a range of hardware devices and software programs developed as a set of tools for science education.
The Tainlab system consists of three main parts:
* Sensors & Modules – for detecting real-world conditions like temperature, light, motion, sound, voltage and much more.
* Interfaces – for capturing data from sensors & modules, and storing them or transferring them to a computer (TecFour – USB)
* Computer software – for interpreting the data and presenting it for easy analysis and manipulation

WIN7/VISTA: The Tainlab Software Upgrade for Windows Vista is intended for existing licensed users of Tainlab software migrating to Windows Vista from Windows XP and older operating systems. $100 (+GST)

FIG: Tainlab TecFour serial interface with Tainlab USB adaptor

DataHarvest / Easysense

URL: www.dataharvest.co.uk
SOFTWARE: EasySense Iss 7 V3.0
DOCS: Easysense Manuals

Data Harvest is a world-leading UK-based manufacturer and supplier of specialist educational science and technology equipment ranging from data logging & control systems to stand-alone science products and construction sets for primary and secondary education.

WIN7/VISTA: Note: 64 Bit Vista / Windows 7 is now supported.

Intellecta / eLogger

URL: www.intellecta.net/elogger.html
SOFTWARE: n/a
DOCS: n/a

Science education has a great reliance on measurement techniques. The use of data loggers and data recorders means that the time consuming task has been given to special electronics.
Furthermore, data loggers can record fast data or long terms data to show trends and slow changes.
Intellecta has developed a range of special science focussed devices such as : …
Elogger – simple primary science product

WIN7/VISTA: You can run the elogger in XP mode under the settings option in WIN 7. No planned Win7 release, may be doing something for Win 8.

Pasco

URL: www.pasco.com
SOFTWARE:
* ScienceWorkshop v.2.3.3 – PASCO’s legacy data collection and analysis software. Latest release. NOT compatible with WindowsXP, WindowsNT, Windows 2000, or MacOS X.
* DataStudio v.1.9.8.10 PASCO’s powerful, yet easy-to-use, data collection and analysis software that works with ALL PASCO interfaces.
DOCS: Product Manuals

For over 45 years PASCO has been guided by just one mission: to provide educators worldwide with innovative solutions for teaching science. …
Our team of almost 200 former teachers, educational researchers, engineers and many more are equally dedicated to improving student success in science education, and are ready to support you. Together we can help you create a 21st century science learning experience where ever in the world you may be.

WIN7/VISTA: Support for Windows 7 and Vista 32-bit and 64-bit Windows: Please see TechNote 583 for compatibility notes and installation instructions.

Nero BurnRights

This one has been sitting around as a DRAFT for too long. I’ll publish it now and clean it up afterwards
Nero BurnRights is of great use in our Multimedia lab for managing our Bravo CD/DVD burn and print robot.

Nero BurnRights [1]
* Why do I need Nero BurnRights? Since Windows 2000 and Windows XP do not grant access to low level drivers for users without administrative rights it’s not possible for them to burn CDs with Nero.
* What is the purpose of Nero BurnRights? Nero BurnRights allows users without administrative rights to burn CDs with Nero. The administrator is able to setup user accounts with exclusive “burn rights” for Nero.
* How do I use Nero BurnRights? Please download the installer file and doubleclick the file to start the installation. Please make sure that you are logged onto the system as administrator. You will find a new entry in Start/Settings/Control Panel/Nero BurnRights. Doubleclick it to start the application.Note: If you select “Members of User Group Nero” you will be asked to agree the generation of a new user group “Nero”. Every change of the Rights Level Settings requires a reboot (including the reset). Now you can add users to the group “Nero”.

The Nero Burn Rights installer can be downloaded individually from the Nero web site or you can find it in the Nero Toolkit folder from Version 7 of Nero. (Nero-7.10.1.0_eng_update.exe contains BurnRights v2.0.0.6

The download version isv1.0.0.12
Current version is listed as Nero BurnRights v2.1.0.10 (Nero-7.10.1.0_Online.exe has BurnRights.exe v2.1.0.10 with control panel v2.0.0.6)
The three options are:

• Administrators – Only administrators can use Nero and write CDs.
• Everyone – Everyone on my computer can use Nero and write CDs.
• Nero group – Nero BurnRights creates a new group named Nero and only user(s) in this group can use Nero and write CDs.

The program is installed as c:\windows\system32\NeroBurnRights.cpl

[1] Nero 6 [Nero BurnRights] [Nero]
[2] Nero 7 [Nero BurnRights] [Nero]
[3] Nero 7 [User Guide / Help File for Nero BurnRights] [Nero]

Old versions left on systems

When updating many software packages, older versions are not always removed as part of the process leaving vulnerable versions at known locations (paths) that can be used by a person wishing to compromise a machine.

I have been playing with Secunia’s Software Inspector, and have been surprised with some of the results on our systems.

JAVA
This is one that we have been very proactive in cleaning up. The Java update never removes the older version so you get a collection of Java versions with a pointer that marks the current Java version. The problem is that you can call any of the old binary files knowing the file path so you can go hunting for vulnerable versions. Sure this gives good backwards compatibility, but at considerable risk. (JInitiator uses this same “leave the old one” process when it updates)

C:\Program Files\Java\

FLASH
Macromedia/Adobe Flash produced some surprises for me. It would appear that Flash v.4.x is installed initially with Windows XP and is never updated from the initial install;

C:\WINDOWS\SYSTEM32\Macromed\Flash\SWFLASH.OCX (v4.x)
C:\I386\SWFLASH.OCX (v4.x)
C:\I386\FLASH.OCX (v6.x)

Another issue was having previously removed packages with plugin folders left in-situ by an incomplete clean up in the removal process; for example a machine where Thunderbird had been uninstalled.

C:\Program Files\Mozilla Thunderbird\plugins\NPSWF32.dll

These instance are ignored by our current patching software and as such need to be removed using a clean up script.

IrfanView v4.10

Vulnerability in IrfanView
Here’s one I seem to have totally missed last year

Description:
Secunia Research has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error when importing palette (*.pal) files. This can be exploited to cause a stack-based buffer overflow by tricking a user into importing a specially crafted palette (*.pal) file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 4.00. Other versions may also be affected. [1]

And how is it exploited?

The vulnerability is easily exploitable, as it requires that a user is tricked into opening a specially crafted palette (.PAL) file. If you receive an email or view a website where you are asked to view a malicious .PAL file, please take caution and make sure that you trust the source. Otherwise, you may be allowing a malicious attacker to install and run arbitrary programs on your system, including malware, spyware, information stealers, keyloggers, and so on. [2]

Solution:
Update to IrfanView version 4.10

LINKS:
[1] IrfanView Palette File Importing Buffer Overflow Vulnerability (SA26619) (2007-Oct-16) [Secunia]
[2] 25% of computers have vulnerable IrfanView installed (2007-Oct-18) [Secunia]
[3] History of changes – Version 4.10 ( – CURRENT VERSION – ) (2007-Oct-15) [IrfanView]

Getting a closer look

So that we can do a quick risk assessment before making software available for deployment, we need a few simple tools to look at the changes made to a machine by adding new software, to give a quick pathway and testing procedure to add software to our “approved software list”. Digging back through our Windows XP tool kit we have a few options;

1.) XP Change Analysis Diagnostic Tool

Earlier today I came across a new tool that might be useful to InfoSec professionals. Though it is not a “security” tool, it can be used by support people to help better understand the modifications that may have occurred to a particular system. Once installed the tool will scan the computer looking for specific types of changes to the computer … [1]

After you have installed the diagnostic tool, click Start, click Run, type statechangediag.exe, and then click OK.

Modes of operation
You can run the diagnostic tool in wizard mode or in command line mode.

Wizard mode
By default, the Change Analysis Diagnostic tool runs in wizard mode. In wizard mode, the tool installs itself and starts when the user connects to the download location. The wizard asks the user some basic questions and then gathers the requested data. When the wizard finishes, the tools displays information about what has changed on the computer. Then, the user can send the .xml file to the support professional for more analysis. The user can find the file by using the path that is provided when the wizard finishes. Typically, this location is the Drive:\Documents and Settings\User folder.

Command line mode
In command line mode, the Change Analysis Diagnostic tool provides the same functionality. However, this mode lets support professionals run the tool by using scripts and by using batch processing.

The command line mode supports the following options:
• The -nogui option changes to a console application instead of a GUI-based application.
• The -verbose option changes the output log to verbose.
• The -history option lets you specify a different number of days to start the scan. By default, this is 7 days.

Limitations
The Change Analysis Diagnostic tool is intended only to help determine recent changes that may affect the user experience. The tool is a read-only program that can display information about changes to a computer that is running Windows XP. Therefore, consider the following points:
• The Change Analysis Diagnostic tool is not a security tool. For example, it cannot help remove malicious software.
• You cannot use the Change Analysis Diagnostic tool to automatically reverse system settings, to uninstall applications, or to remove any other software.
• The Change Analysis Diagnostic tool does not determine all changes to computers. The tool also does not correct all changes to computers.
• The Change Analysis Diagnostic tool does not recover any system components. The tool also does not modify any system components.
• The Change Analysis Diagnostic tool will not function in Safe Mode.
The Change Analysis Diagnostic tool requires Microsoft Windows XP Service Pack 2 (SP2). The tool also requires that restore points are created on the computer. The diagnostic tool cannot detect changes if system restore points are not present.

… [2]

2.) Software Explorer

Software Explorer in Windows Defender allows you to view detailed information about software that is currently running on your computer that can affect your privacy or the security of your computer. You can see, for example, which programs run automatically when you start Windows and information about how these programs interact with important Windows programs and services. … [3]

3.) SysInternals tool kit
From Microsoft SysInternals [4];
• Process Explorer for Windows v10.21
• Process Monitor v1.12
• AutoRuns for Windows v8.61
• PsTools v2.43
• ShareEnum v1.6

4.) Ghost AI Snapshot
Start AI Snapshot; Set to watch setup.exe for the Application in question.
Ghost builds an AIC file listing the differences between before the installation and after the installation as part of the snapshot. This AIC file documents a heap of information that is useful (and not so useful).

Issues:
Browser Helper Objects (BHO’s), servers, services, new ports opened, certificate changes, interactions with XP security centre, install problems. P2P, traffic generation, java version rollback

Procedure:
The next trick is to create a workflow where the testing procedure can be performed quickly, the documentation created and filed correctly, and only items that raise a ‘risk flag’ are passed on for further evaluation. This will be the more difficult step.

[1] Microsoft XP Change Analysis Diagnostic Tool (2007-Mar-28) [SANS]
[2] The Change Analysis Diagnostic tool for Windows XP is available (2007-May-29) [MS]
[3] How to use the Windows Defender Software Explorer (13-Feb-2006) [MS]
[4] Microsoft Sysinternals [MS Technet]

Disabling the P2P client in Opera

Other than as the need arises in the course of research, teaching, learning or other University business, the use of University facilities with any of the so-called peer-to-peer filesharing systems imposes an unreasonable burden, and in many cases would also be in breach of copyright. — Regulation 8.1.R7 Guidelines [3]

In our environment Opera is currently listed as a “level-C” supported software for both Mac and Windows – ed-IT may be able to help with some queries. These products are not supported as such, but are recognized by ed-IT

With the introduction of the BitTorrent P2P client with Opera 9, we need to remove the P2P client in any of our installs. This is not too difficult;

How can I disable the BitTorrent client in Opera?

Starting with version 9, Opera has a built-in client for BitTorrent, to simplify downloading and sharing of Torrent files.

Some may prefer to use a different third-party BitTorrent client with Opera, while others are on networks where all P2P activity is banned. Fear not, you can still use Opera!

The BitTorrent client in Opera can easily be disabled, and system administrators can apply this policy to all users.

…

System-wide

For a system-wide policy, simply add the following two lines to the system fixed file:

[BitTorrent]
Enable=0

Write-protect the system fixed file. Opera’s BitTorrent client is now disabled, and can not be re-enabled by other means than editing the system fixed file.

A quick trip to the System Administrator’s Handbook gives us the details for the System fixed file.

System fixed file

The system fixed file allows the system administrator to define settings that cannot be overridden by the individual user, such as proxy settings. On Linux the path to this file is /etc/opera6rc.fixed. On Windows, it is called “opera6.ini” and is located in the system directory. The system directory varies between system versions, but normally the placement would be \WINDOWS\SYSTEM32 on Windows XP, and \WINDOWS\SYSTEM on Windows 9x.

Note that the system fixed file overrides anything that is specified in the “opera6.ini” user file.

This means, for example, that if you set:

[User Prefs]
Home URL=http://www.opera.com/

in the system fixed file, then it is not possible to set another global home page in Opera. While these options remain visible to the user, they cannot be changed if specified in the system fixed file.

Not too hard at all, and it allows us to keep Opera in the environment without the risk of the P2P traffic and legal exposure.

[1] How can I disable the BitTorrent client in Opera? [Opera Support]
[2] System Administrator’s Handbook [Opera Support]
[3] 1.1 Peer-to-peer in Regulation 8.1.R7 Guidelines [Unimelb]

SSH to Merlin from OS-X

This is a grand old chestnut that keeps appearing;

Support: you cannot use JellyFissh for accessing Merlin …
LITE: ?!
Support: … you need to use MacSSH
LITE: ?!!

If you go looking for information, I feel your pain! The Merlin Support documentation, what there is left of it, has been migrated to a staff intranet site [1] (no search capability, and not listed in the Uni search engine). I have some copies of the old, and I mean old, telnet documentation [2] that gives a bit of an overview.

I am not sure that the support guys know that MacSSH was a Mac Classic application and we no longer use it!

WHAT DO YOU NEED TO KNOW?

1.) As OS X has a built in SSH client there is not a lot of extra development for SSH clients. Why re invent the wheel? Merlin has been configured to allow for the built in SSH client — use keyboard mapping (S)

2.) Jellyfissh is not actually an SSH client per se, it is a GUI wrapper around the native OS X SSH client (Therefore the keyboard mapping is the same as the native client).

3.) Note that Apple’s implementation of the Terminal program (post Jaguar 10.2) only supports the F1 to F12 function keys and no other special keys.

You CAN use Jellyfissh from OS X

[1] Merlin Support [ACS Staff Intranet] {Staff Login required}
[2] TELNET (KeyMap) [ed-IT]

Malicious Software Removal Tool

Malicious Software Removal Tool
This tool works only on Microsoft Windows XP, Windows 2000, and Windows Server 2003.

Microsoft releases an updated version of this tool on the second Tuesday of each month, and as needed to respond to security incidents. You can run the tool from this Web page anytime or download it to your computer. [1]

Alcan.B is circa June, 2005. MS’s anti-malware technology team has blogged that “In February’s release of the tool (MS’s Windows Malicious Software Removal Tool), we added the ability to detect and remove a worm called Win32/Alcan.”. So seven months and a few days after information about Alcan.B was first published, MS’s Anti-Malware Engineering Team is “genuinely surprised” that 250,000 of the 250 million computers systems that ran the February Windows Malicious Software Removal Tool were infected with Alcan.B. [2]

 [1.] Malicious Software Removal Tool [MS]

[2.] MS genuinely surprised 250,000 unique systems infected with Alcan.B [SANS]