27.5.07

HP/Compaq V2010us upgrades

I have been doing a little searching on the net to see what upgrades are available for my aging V2010us and found a few, but what I didn't find was people who actually tried them. So I decided to post the ones I have done so other know that they do work.

First upgrade I did was go from 2x256MB DDR ram 2x 512 PC2700's
-This is the stated limit and I thought it good enough for me, simple I know.

Second I replaced my Celeron M 1.4 with a Pentium M 1.7GHZ
-As long as you stay with the same processor core you are fine. There is a fair amount of work that has to go into this around 1 - 1.5 hours and some patience.

Third I swapped my old Fujitsu 4200 rpm drive with my Maxtor OneTouch III mini's.
-Which by the way is a Seagate 5400.3 this made a 15-25 minute difference in battery times for the better! The real problem with this upgrade was the foam tape on the OneTouch's Seagate drive!!

So there is the small list, and with about $150 you can extend your precious V2000 series for another 1-2 years!

If you have any questions please fell free to post them.

17.5.07

Russia vs Estonia - Cyber War...

Cyber warfare is on the rise between quarreling countries.

NATO Nervous As Russia Accused Of Unleashing Cyber War To Disable Estonia

A three-week wave of massive cyber-attacks on the small Baltic country of Estonia, the first known incidence of such an assault on a state, is causing alarm across the western alliance, with NATO urgently examining the offensive and its implications.

While Russia and Estonia are embroiled in their worst dispute since the collapse of the Soviet Union, a row that erupted at the end of last month over the Estonians' removal of the Bronze Soldier Soviet war memorial in central Tallinn, the country has been subjected to a barrage of cyber warfare, disabling the websites of government ministries, political parties, newspapers, banks, and companies.

NATO has dispatched some of its top cyber-terrorism experts to Tallinn to investigate and to help the Estonians beef up their electronic defenses.

"This is an operational security issue, something we're taking very seriously," said an official at NATO headquarters in Brussels. "It goes to the heart of the alliance's modus operandi."

Read more here



11.5.07

BITS gone bad

This is via Computerworld there was a discussion almost exactly one year ago to the day about this little situation with BITS.

Enjoy

Hackers hijack Windows Update's downloader:

Stealing Windows' BITS gets bad code past any firewall
--------------------------------------------------------

May 10, 2007 (Computerworld) -- Hackers are using the file transfer component used by Windows Update to sneak malware past firewalls, Symantec researchers said today.

The Background Intelligent Transfer Service (BITS) is used by Microsoft Corp.'s operating systems to deliver patches via Windows Update. BITS, which debuted in Windows XP and is baked into Windows Server 2003 and Windows Vista, is an asynchronous file transfer service with automatic throttling -- so downloads don't impact other network chores. It automatically resumes if the connection is broken.

"It's a very nice component, and if you consider that it supports HTTP and can be programmed via COM API, it's the perfect tool to make Windows download anything you want," said Elia Florio, a researcher with Symantec's security response team, on the group's blog. "Unfortunately, this can also include malicious files."

Florio outlined why some Trojan makers have started to call on BITS to download add-on code to an already compromised computer. "For one simple reason: BITS is part of the operating system, so it's trusted and bypasses the local firewall while downloading files."

Malware, particularly Trojans, which typically first open a back door to the system for follow-on code, needs to sidestep firewalls to bring additional malicious software -- a keylogger, for instance -- to the PC. "[But] the most common methods are intrusive [and] require process injection or may raise suspicious alarms," said Florio.

"It is novel," said Oliver Friedrichs, director of Symantec's security response group. "Attackers are leveraging a component of the operating system itself to update their content. But the idea of bypassing firewalls isn't new."

Symantec first caught chatter about BITS on Russian hacker message boards late last year, Friedrichs added, and has been on the lookout for it since. A Trojan spammed in March was one of the first to put the technique into practice.

"The big benefit BITS gives them is that it lets them evade firewalls," said Friedrichs. "And it's also a more reliable download mechanism. It's free and reliable, and they don't have to write their own download code."

Although BITS powers the downloads delivered by Microsoft's Windows Update service, Friedrichs reassured users that there was no risk to the service itself. "There's no evidence to suspect that Windows Update can be compromised. If it has a weakness, someone would have found it by now.

"But this does show how attackers are leveraging components and becoming more and more modular in how they create software. They're simply following the trend of traditional software development," said Friedrichs.

Florio noted that there's no way to block hackers from using BITS. "It's not easy to check what BITS should download and not download," he said, and then offered some advice for Microsoft. "Probably the BITS interface should be designed to be accessible only with a higher level of privilege, or the download jobs created with BITS should be restricted to only trusted URLs."

Microsoft was unable to immediately respond to questions about unauthorized BITS use.


Original Article