Login with username and password (forgot your password?)

Seems to have died down at least a little, on Australian fiber I'm getting around 300k. We generally don't get much more than that, except from Microsoft Australia.

Ehtyar.

I'm missing TabMixPlus something cruel, but other than that I'm OK.

Ehtyar.

For the ones that provide simple operations, you can quite easily upgrade it yourself with little risk to your browser (test it in the portable version perhaps) by unzipping the xpi with an application like 7zip, opening the install.rdf in a text editor, and changing the <em:maxVersion> to 3.0.0.* then repacking it and dragging it into your browser window.

Tested and successful in Portable Firefox 3.0 with Go to Selection. Also, in order to run Portable Firefox concurrently with 2.0, copy the FirefoxPortable.ini from the Other\Source directory into the root directory, and change AllowMultipleInstances to true (also change DisableSplashScreen to true ).

Ehtyar.

About:config->extensions.checkCompatibility=false

Too dangerous for me, would be easy to accidentally forget about it and end up downloading an old extension that really messed with your browser, then as soon as you turn it off all the old addons stop working. But nice note though, I'll confess i didn't know about it

Ehtyar.

Nice tip about the version, Ehtyar!

You're most welcome. I just had a poke around on the net, and it seems this info isn't really out there. I should do some quick testing before i start posting as though it's gospel. I'll reply back shortly.

Ehtyar.

I'm thinking the best strategy is to wait a couple of weeks for the situation with Extensions to settle down. What do you think?

I can't say i disagree there. Most of the major ones will be done within a few days, as is usual for them. However, i daresay that a lot of those tiny ones you come to rely on may even never be ported.
For the ones that provide simple operations, you can quite easily upgrade it yourself with little risk to your browser (test it in the portable version perhaps) by unzipping the xpi with an application like 7zip, opening the install.rdf in a text editor, and changing the <em:maxVersion> to 3.0.0.* then repacking it and dragging it into your browser window.

Ehtyar.

I'm converting to http://cdburnerxp.se/, but you can get the old BA Free at MajorGeeks.

Yuk, coasters and .NET FTL.
Second here for InfraRecorder and ImgBurn.

Ehtyar.

[Ehtyar:]

Ehtyar: not only the cryptography community... I don't even dare think about the consequences of anybody being able to factor 1024-bit RSA in realistic time.

My point was simply to discount the kind of person who uses the https protocol without the faintest idea how things work in the background, who would most likely be entirely unperturbed by that kind of news, up until their browser stops recognising new CAs.
The conspiracy theorist in me has always taunted me with the idea that something like Digital Fortress could potentially exist, but i usually just tell it to shutup and go find something more realistic to ponder.....*touch wood*

I meant more from the point of view of being able to track down the blackmailer and using old fashioned methods of getting the key.

Apologies for my denseness today 

Ehtyar.

Maybe if the FBI or some other 'three letter agency' were to get infected...  I think this scheme would be 'broken' in short order.

The RC4 perhaps, but from a conspiracy theorist's point of view, were the government capable of breaking 1024 bit RSA in short order, it would be in their best interests, regardless of whatever information was encrypted, to keep that fact a secret. The entire cryptography community could collapse into total mayhem were this sort of information to get out.

Ehtyar.

[edit]
At the risk of starting a flame war, why don't we all just forget about breaking the crypto and simply follow Symantec's excellent "removal" instructions
[/edit]

Now, factoring RSA-1024... I wonder just how feasible that is, even with a SETI or Folding@Home size grid. Probably more realistic to track down the bastard.

It seems to me that, provided the arsehole isn't using an open proxy, or TOR etc., the assistance of his email providers, or his credit card processors etc. in this case could quite easily lead to his eventual identification.

On another note, after further googling it appears that Gpcode is generating what KL are calling a "master" key when it begins its work, then modifying the key for each file it encrypts, using some unique aspect of the file itself (its creation time, file name etc) thereby making the approach toward cracking the RC4 that much more complicated. KL are keeping extraordinarily tight-lipped about this process for an organisation claiming to want to put an end to this outbreak. Hypothetically, if KL were to release this kind of information, both the Fluhrer, Mantin & Shamir, and the Klein attack could be quite successful in breaking the encryption, provided the author had not defended against one or the other and that the key length was sufficiently small.

Ehtyar.

[edit]
Is he using the Microsoft cryptography provider for the RC4, or just the RSA i wonder. The Microsoft cryptography documentation does not supply information regarding defense against known attacks, so one can most likely safely assume it is not protected against either of the attacks listed above. Though if the author were to be using 3rd party code for the RC4, then he would be free to introduce any modification to the algorithm he wanted.
[/edit]

why is Kaspersky going after the RSA key instead of the RC4 key?

Because the RC4 key applies to only a single instance of the infection.  If the RSA key is broken (actually it appears that there are 2 RSA keys - which one is used depends on the OS version of the machine that is infected) it will allow the recovery of any infection.

And yet what are the chances of factoring the RSA key as opposed to cracking the RC4 key? Seems like they're all talk...at least for the moment. I believe the two RSA keys are a product of the lack of an "enhanced" cryptography provider in earlier versions of windows.

Ehtyar.

[edit]
It would also be interesting to determine the length of the generated RC4 key, might even be practically brute-forceable, certainly more-so then the RSA key.
[/edit]

The RSA key is not randomly generated - the RC4 key is.  Then that key is encrypted using the RSA public key.  At this point only a person who holds the corresponding RSA private key can recover the RC4 key.

Oh I see, so the "ID" they email the author is the encrypted RC4 key...duh *headsmack*. Which again begs the question, why is Kaspersky going after the RSA key instead of the RC4 key? Seems very misguided.

Ehtyar.

In all fairness, I daresay cryptanalysis of RC4 as opposed to trying to factor 1024 bit RSA would yield far better results. RC4 is incredibly weak by comparison. Also, apologies for making the virus sound as though it were new, it was not my intention. As f0dder indicated, i did mention the seven previous variants at least.

Ehtyar.

[edit]

And why is it so difficult to catch the key with a debugger, as f0dder suggested?

I believe this indicates why this won't work, though it's far from an effective explanation. How the author can decrypt files protected by a randomly generated RSA private key I am unsure. Perhaps it is not his/her intention to ever provide the decrypter?

P.S. I do not use Kaspersky AV.
[/edit]

It appears malware authors are getting more and more innovative in their approach to profiting from their activities. Kaspersky Labs have recently come across a new variant of the "Gpcode" virus. This little bastard first encrypts various file formats it finds on your computer, then drops a vbs file which deletes the primary executable, and subsequently recommends you email the author with a unique ID that will allow him to decrypt your files, a service for which you will be charged a sum at his/her whim.
For the previous 7 variants, the author has used RC4 to encrypt the files, and then encrypted the RC4 key with variable bit length RSA. The latest variant has moved up to using 1024 bit RSA, and now uses various emails to facilitate extortion of payment.
This virus seems to be proliferating at such an alarming rate that Kaspersky have taken the unprecedented step of asking the public for help in determining how best to combat this virus, and are even asking for suggestions on how to approach factorization of the keys. Providing that a fundamental weakness is not present in any aspect of implementation, the keys are, practically speaking, unbreakable.
I suppose it just goes to show that that mind of a good programmer is always seeking more efficient ways of achieving its goal.
More info here, here, and here.

Ehtyar.

[edit]
Added some extra info
[/edit]

Done

Ehtyar.

FastStone Image Resizer is fine but has one strange weakness: it will not show hidden folders even when they are 'unhidden' and every other program that I have can see them.

You could always report a bug...

Ehtyar.

The free FastStone Image Resizer is a batch image manipulation program. In the advanced options, you'll find a surprisingly comprehensive watermarking feature.

Hope this helps, Ehtyar.

This new member server is significantly beyond our current needs.  The hope is that (assuming we can afford it), it will let us be much more generous about providing server space and functionality to donationcoder members and projects.  Once it's all set up I'd encourage people to try to come up with proposals for projects.

Sounds awesome mouse man  Until then, I'm a second for DreamHost. They have a bit of a reputation for being a bit unprofessional, but they certainly know what they're doing, and they do it very well.

Ehtyar.

[Ehtyar:]

Ehtyar: thanks for that word of warning, if it's not been fixed, that basically means FlashBlock is useless.
...
Is the exploit that's now in the wild based on the NULL pointer exploit? Pretty nasty stuff.

And thank you for the technical info f0dder. Very interesting, not to mention fear-instilling.

Ehtyar.

My experience with FlashBlock (up until about 6 months ago) was that flash movies would occasionally be loaded prior to FlashBlock disabling them. I believe it is not as deeply integrated into the browser as NoScript is, which is why i switched (plus j/s and xss protection etc), and have not had the same problem since. I would recommend NoScript over FlashBlock both for the additional functionality, and the seemingly tighter protection.

Ehtyar.

thanks Ehtyar - will check that out

You're most welcome
I'd also like to say I've been using Thunderbird for at least two-three years now, have never compacted my database (I was an ignorant boob) until Googling this database corruption business, and despite my inbox containing almost 10,000 emails have never had a database corruption issue.

Ehtyar.

I was searching the forum for topics about signing/verification of email and I came across this post, unanswered. I have recently set up my primary email addresses with GPG, so here's my advice. By a mile, using Thunderbird with its Enigmail extension is the simplest and least painstaking way of implementing email signing. I cannot offer advice outside these two applications, though i should be able to answer any basic questions you have. Perhaps the quickest way to get started with Thunderbird and Enigmail would be to follow their Quick Start Guide. I didn't use it, but it seems to be very clear-cut and complete.

Hope this helps, Ehtyar.

You can try to identify the host for online play and tracert it, but this will only identify the lagging hop (if indeed it is a hop) and will do nothing to mitigate the problem. It has been known to improve your latency during online gameplay by setting your TcpAckFrquency to 1 but the benefit is minimal and will likely have little effect on such high latency as you are experiencing.

Ehtyar.

Any Aussies here? You all have some very slick bills there! Something the rest of the world may do well to follow!

Indeed, our bills are extremely über, though having a two dollar coin smaller than the one dollar coin almost cancels it out 

Ehtyar.

[and]

Hm, I don't know if there has been exploits for Foxit Reader (or Sumatra, which is both freeware and open-source) - but Acrobat Reader has had security hole(s) that were exploitable by maliciously crafted .pdf files.

Presumably you're referring to the JavaScript exploit found last year, in which case no, Sumatra and Foxit were not found to be vulnerable.

Ehtyar.