Slashdot Mirror

Isn't it likely that Maxtor's very own drive testing tool would bypass or disable that particular feature (auto sector relocation) during drive testing? Wouldn't it be a really stupid test if it couldn't?

The original poster has already posted in reply to your post confirming my theory.

Oh, and, messianically speaking, Steve Gibson ain't all he's cracked up to be.
Don't get me wrong--his programs are cool, and he's a smart guy--I'm just sayin' his I've-gotta-save-the-world-by-telling-them-they're- doomed! attitude is a little over the top.

[hard drive diag floppy] I just returned two Maxtor drives that passed multiple "extended" tests with their diag utils. BOTH have entire tracks that aren't readable -- sector mark not found... they aren't there anymore.

It's because of automatic sector relocation. All modern drives do it. When a bad sector is identified, it is marked as such, and the next write to that sector is mapped into a certain number of reserved sectors.

Ideally this process happens when the sector is weak, not bad, and the correct data can be copied over into the new sector without waiting for a write. But when the drive is going south quickly, the weak sectors may not be identified until they're actually bad.

The diagnostic program often has a feature to wipe the desk, or something like that. This triggers the automatic sector relocation, and subsequent scans will show the disk as clean.

As far as i can tell, grc.com's SpinRite takes advantage of this feature with the "Disk Exercizer" option, which reads and rewrites each of the sectors. Too bad it only works with dos or windows-formatted partitions.

Agreed: Try known good parts.

To prove to yourself that it really is fixed, use a memory tester, the hard disk manufacturer's disk diagnostics, and either a program that reboots an OS 20 seconds after it is loaded (on Windows XP, Wizmo from GRC.com and Sleep.exe from the resource kit) or, even better, some Linux or BSD build process that takes several hours.

The biggest cause of failure in an old PC: Bad contacts. Just move every card and connector 2 millimeters out and in again. The rubbing of metal to metal creates fresh contact surfaces. Renewing the contacts should be the first step in fixing any PC.

The biggest cause of real failure in a new PC: Infant failure. Components are more than 100 times more likely to fail in the first week than they are in the 100 weeks after that.

I'm not 100% sure, but I think that back in the day, the guy from Grc.com (I think that's the right site, it won't load right now) had a utility that would re-do letters so that they were smooth on LCD panels. I think he called it something along the lines of 'font smoothing', but it has been a while.

I don't remember (or maybe I never knew) when the feature was added to Windows (but I don't think it was there in Win2k), but, OS X has had this for a couple of years (predates winXP) and this utility from grc was definitly from Win98 era (pre win2K).

-CPM

John Walker, founder of Autodesk, creates and gives away a lot of great stuff, including astronomy, math, and science programs. His web site is great: fourmilab.net

Steve Gibson, author of the SpinRite utilities that date back to MS-DOS days at least, is also a prolific creator of lean, mean, free stuff. His web site, grc.com, has a catalog of cool little Windows utilities for changing settings, detecting spyware, closing security holes, etc., for Windows. In true hacker style, he prefers to do his coding in assembly language, and his stuff is consistently high-quality and useful. For example, try out wizmo, a little program that can be used to trigger the screen saver and to change other settings, plus has a built-in graphical gravitational simulator, and all in about 37K of code!

I personally had nothing to do with it. I personally have never written anything that has infected a win 9x box in the wild.

And yes, if I was an anarchist, I would be happy. People upgrade to XP. XP Home edition supports (or at least did) full raw sockets. DDos'ing will be much more painful if and when these are fully utilized, since there is no longer any need to write your trojan to hack the OS itself to spoof the originating IP.

Not sure I agree w/ your premise. How may times have we heard complaints about no one in Redmond being able to write a decent browser?

Steve Gibson espouses the use of assembly language even today.

I'm a former ALC programmer, but not a CS guy.

Bill wants you to renew your MSDN subscription and use C# and .NET so your apps can run on heterogeneous systems.

Do Bill's bidding. Do it now.

Trolling aside, go to Gibson Research and download some of their apps. They're most if not all written in assembly language, and they're fast. They'll portscan your system for you, too.

DT

...his site is at http://www.grc.com, he's got loads of security related info on his page and a shedload of Win32 progs coded entirely in assembler, every last line of em. He also created the very neat ShieldsUp tool to scare people into getting a personal firewall installed (like listing their netbios share names, doing a remote port scan and telling them the gory details of what people could do to their computer etc.).

Most of the progs are under 30k in size, including a very cool sub-pixel font-rendering demo, and ones to disable messenger, dcom and upnp. A really nice touch is that some of them have sound fx, produced by a simple virtual synth, also coded in assembler...just cause he could (a true geek!)

Nanotech's been done years ago.

Steve Gibson invented nanotech as a teenager.

Now he's working on quarks. Something he calls 'desktop publishing', whatever that means.

A real genius.

Nanotech's been done years ago.

Steve Gibson invented nanotech as a teenager.

Now he's working on quarks. Something he calls 'desktop publishing', whatever that means.

A real genius.

Damn, found better links just after having posted: This is about XP and this is a referring page which shows how previous attacks could be blocked. M$ were warned and - demonstrating unbelieveable arrogance - ignored all warnings. Even now, a service pack changing this behaviour would probably reduce the effects of this sort of worm.

Damn, found better links just after having posted: This is about XP and this is a referring page which shows how previous attacks could be blocked. M$ were warned and - demonstrating unbelieveable arrogance - ignored all warnings. Even now, a service pack changing this behaviour would probably reduce the effects of this sort of worm.

Did someone write a variant that went for www.reuters.com? Although they claim Sco.com was the only discernible victim on Sunday. There were no other reports of outages or slowdowns elsewhere online due to the worm..

Does anyone remember the article about Distributed Reflection Denial of Service from around 2 years ago? Quotating that one: I imagine that anyone reading this page is already well aware of my feelings regarding the deliberate and unnecessary inclusion of the raw socket API in a mass market consumer desktop PC. I am referring, of course, to the absolute insanity of Microsoft's inclusion -- and subsequent defense of -- the raw socket API in Windows XP.

While pedantic network experts, and Microsoft themselves, correctly argue that there are other ways to produce malicious Internet traffic, there is no easier way than through the use of raw sockets. The best way to earn users' trust is to deserve it. But deliberately incorporating this unnecessary facility into every Windows XP machine -- and essentially enabling it, by design, to become a malicious reflection attack generator -- makes a mockery of Microsoft's recent "Trustworthy Computing" rhetoric. We can always hope, as I fervently do, that Microsoft will recognize that it is not too late, and will remove raw sockets from XP during one of the product's continuous flow of patches and Windows Updates.

Microsoft really have brought this upon themselves. Sorry, but they were warned and deserve all they get. What this is about is: before XP, it was possible to recognise (and block) this sort of traffic at the routers.

The biggest only thing that is leading some to consider these jerks "heros" is thier disability. Reading the article, I find little to respect about thier "skilz" as it seems that most of thier tech-dependant exploits were performed using software not written by themselves. Knowing what script to run does not necessarily imply an understanding of how it works.

The sad thing is that it seems that those with little or no skill garner acolades if they also demonstrate an accompanying lack of restraint or outright dishonesty. While contientious tech explorers and practitioners go unnoticed by the media, loud mouthed script kiddies and clueless "experts" get to tout thier wares and mythical skills to the most respected security companies.

As to whether thier sentancing was apropriate, it seems a little light to me. In keeping with Mitnik's extended probation from computing equipment, these jerks should be sentanced to mittens and earplugs for the next five years.

Though I am loath to point traffic to this idiot, Steve Gibson's Site gives an interesting, though sensational story of being a DDoS victim (this guy is by and large full of shit, but he does tell a pretty decent story)

I hope this helped clarify things a bit, though if you'd like first-hand experience with zombie networks and the kiddies who run them, I would suggest visiting EFnet

Sorry, grc.COM, not .net. Maybe I should go home and get some sleep.

Almost... isn't it DRDoS they own?

Lets say, for arguments sake, they really were attacked. Here is an account of a small company being attacked, and how even being a small fish to their ISP, was able to detect, solve, and prevent further attacks. Admitedly, the attack is a UDP flood, but applying a filter to an upstream router cannot be much less time consuming than applying a patch. With the army that SCO employs, this should have been no more than a day of downtime and quitely filed away.

You've got a very good point. A DDOS attack has no timetable for recovery. While it isn't very simial in its method, the attack described here helps to illustrate that, going into recovery, there is no way of predicting a timetable.

...they'll probably just use the restore CD they reformat, which would just put the spyware back on.

I just made a CD for a friend that hasn't got her new laptop online yet. Besides OpenOffice it has Steve Gibson's DCOMbobulator on it. We'll run that before the first dial-up ISP call.

The worst Windows exploit of the year: a hole in the RPC services (which you can't turn off) that allowed a worm to gain control of millions of Windows boxes, disrupting the entire internet.

You can turn off RPC (aka DCOM) with this utility: http://grc.com/dcom/

i said the messenger serivce not MSN Messenger

similar names, functions from opposite ends of the spectrum.

Whatever.

If you don't code your windows apps in Assembly, then you're a pansy-ass bed-wetter.

For anyone who wants to remove Windows Meesenger from their computer but doesnt know how, click here [grc.com] for the download page of a program written by William Gibson

A Quick Visit to Gibson Research to get "Shoot The Messenger" will fix that, but in my experience, the average AOL user doesn't have the knowledge/competence to get there.

By now, I have seen the 'slashdot effect' wipe out scores of machines. I run Steve Gibson's ID Serve on my Windows box when trying to connect to sites ( usually business sites ) and have problems connecting or get unreadable pages back. The results of my impromptu studies of poorly performing websites out there has convinced me that if I were running a business for the purpose of communication to sell a product, a setup like yours is definitely the way to go. Something lean and mean, with no frilly stuff to get in the way and cause problems.

I was quite pleased that when I connected to the site during the storm, when I got my stuff back, you sent the text first, the later the pictures came in.. slow, but they did come in. But, I did have something to read while they crossed over.

I hope a lot of you guys are working with Slashdot to synchronize story release so you can make use of the slashdot effect - as it would make for a good test situation if you knew when it was coming and had all your bottleneck-analysis tools in place to monitor the inevitable flood. This kinda stuff is what we need to hone our tools and make our computational infrastructures even more robust.

I don't patch my windows until a unified update is available. Then I download it somewhere else and install it.

I think I'm still volunaberable to the blaster worm, but I don't care

Here's a nice link for those who have no clue what you're talking about:

What IS the "Click of Death"?

Short answer: Use the --ip x.x.x.x option Long answer: My internal network uses the private ip space of 192.168.1.0/24. The firewall/router NATs the private IPs to a single IP address (for DSL users this may be dynamically assigned each time). We have a very tight firewall so I had to allow new connections out on 6969 and all connections on 6881-6889. New connections to the public IP address had to be forwarded to the private computer running bittorrent. Finally, when running btdownloadcurses.py I had to specify --ip x.x.x.x where x.x.x.x is the public IP address everyone else sees. Else, BT used my private IP which doesn't do anyone any good. btdownloadcurses.py --ip pub.lic.ip.add --minport 6881 --maxport 6889 --max_upload_rate 100 my.torrent The transparent proxy could cause you troubles if the IP is not the same as your router IP. Often I check for transparent IP servers by going to http://www.grc.com. Steve Gibson has the useful ShieldsUp! tool that among other things probes your common ports. It will tell you exactly what IP address it sees you surfing with. If it is different than your router or your PC than there may be a proxy between you an grc.com. How do you bypass a transparent proxy you don't control?

I was programming in assembly about the same time that I was programming in qbasic back in middle school. I started moving away from assembly my freshman year of high school when I took a Pascal class, followed by C the next year, and C++ and Java my senior year. Now I mostly just use assembly when I want to get to special instructions, and I expect to use it in a compilers class I'm taking this term. Aside from that the benefits aren't worth the extra typing.

VB isn't too bad, if you're writing something cheap that you expect to throw away next year, and seriously hate gui programming in other languages.

Real programmers use whatever's best for the task at hand. Just ask Steve Gibson of Gibson Research.

The antecedents of ClearType.

cheers- raga

Here's Steve Gibson's account of dealing with DDoS attacks. Check out the rest of his page too. It's full of useful information.

Something would need to be done further upstream, at say the ISP. A web frontend to iptables would not be too hard to create, however it would be difficult/repetitive for dialup users who get disconnected after a handful of hours.

Using Windows 98 on a 4 hour dialup modem connection, the number of times I ran netstat and discovered foreign machines connected to port 135 was astounding - even when there were no file shares available. Whenever I had SQL Server 2000 SP3 running, within 30 minutes my modem lights would blink like crazy, until I temporarily stopped the DB service.

Now I run Linux with iptables blocking all ports except 80 (Apache) and 81 (IIS-4). No attacks can get to my Win98 VMWare Workstation.

You can test what ports are open/closed/stealth at this URL: https://grc.com/x/ne.dll?bh0bkyd2

But this wouldn't solve Pinkboard Panther's problem - some blocks would need to be implmented further up-stream.

Mike

You can kill DCOM with no ill effects. See here: The DCOMBobulator

And of course, for the Windows users, there's our free friend Zone Alarm to help put another layer between your machine and the bad ol' Internet.

DT

Gibson's "Black Ice",

Yes, i'm a nit-picking bastard, but Steve Gibson did not make BlackIce.

From all appearances, I wouldn't trust the man to secure a piece of swiss cheese, let alone government systems. Read his site or visit this other site to get an idea why.

Just find grc today? :P

Just find grc today? :P

Microsoft will be shutting down this security and spam risk as well, right? Seeing as how they are security concious all of a sudden. Or maybe they'd care to fix this problem, labelled a major security issue by the FBI. Or perhapse this URL exploit in SP1?

Come on, MS. You can do better this blatant attempt to isolate your market under the guise of a security issue, especially when there are so many more important ones that have been left lying around for so long now...

Microsoft will be shutting down this security and spam risk as well, right? Seeing as how they are security concious all of a sudden. Or maybe they'd care to fix this problem, labelled a major security issue by the FBI. Or perhapse this URL exploit in SP1?

Come on, MS. You can do better this blatant attempt to isolate your market under the guise of a security issue, especially when there are so many more important ones that have been left lying around for so long now...

Microsoft will be shutting down this security and spam risk as well, right? Seeing as how they are security concious all of a sudden. Or maybe they'd care to fix this problem, labelled a major security issue by the FBI. Or perhapse this URL exploit in SP1?

Come on, MS. You can do better this blatant attempt to isolate your market under the guise of a security issue, especially when there are so many more important ones that have been left lying around for so long now...

Enjoy!

Here's a way to disable uPnP. If that doesn't work it might just be Windows Messenger which sends uPnP traffic on port 1900 as described here.

This utitilty should buy you enough time to download those patches you need.

I suggest you use GRC.com's excellent port scan feature if you got a Windows machine. It's called 'Shield's UP!' and is available here (scroll down a bit), and will scan your system's first 1052 ports.

And if you're especially masochistic...

Authoring Windows Applications In Assembly Language

Shoot the Messenger .

Right now I am using a laptop to type this in. That cleartype SEEMED like a good idea. Instead it made everything super blury. I found myself squinting at it all the time, and giving myself headaches. Turned it off and headaches went away. At a higher res like 1600x1200 it may be better. But my laptop only does 1024x768 :(

And on a CRT cleartype doesnt even work. The OS will just turn it off. On the Mac does it leave it on? Or do all macs come with lcd these days? Havent touched a mac for about 10 years. Windows does have the 'standard' font smoothing. But thats just aliasing which to me also looks blury and makes me squint.

For a decent way of how it works see this grc. Hes a bit opinionated about it but gives a decent explination of it.

However the real issue is that fonts have not scaled correctly with windows. Point sizes are based on a 72dpi. However just at the res I run at its more like 120 dpi. So a 8pt font will end up being about half as big as it should be. Meaning to get the size I am currently using I should be using a 4pt font. Instead fonts have been scaling along with the monitor size. At 640x480 it was about 1 to 1. But at 1600x1200 its now about 4 to 1. That is the real issue. Its a misuse of what point size was meant to be. But this has been sort of a short cut for them. You can now get twice as many windows on the screen with the same font size. So that way the guy who just bought the fancy new monitor can actually use the extra screen he just bought. If they were being rendered the way point sizes were meant to be used my 1024x768 would look like a 640x480 screen at the font size I am using.

Printers have been scalling like crazy. Some claim to have like 1200dpi. Which means if you printed fonts the same way as windows, the fonts would be unreadble smudges due to smearing.