Monthly Archives: April 2007

19
Apr

McAfee VirusScan On-Access Scanner Vulnerability

Posted by | Categories Byte

iDefense has released a report about a vulnerability in McAfee VirusScan. This vulnerability manifests itself when the On-Access Scanner component scans a file with a long file name that contains multibyte characters, and only on computers with East Asia language files installed, and the Unicode default codepage is set to multibyte language character set.

When the vulnerability is succesfully exploited, the On-Access Scanner component of the app is disabled or remote code execution happens.

This vulnerability is hard to exploit, as there are lots of conditions that must be fulfilled:

1. The file must have a long file name
2. The file name contains multibyte characters
3. East Asia language files must be installed on the target computer and Unicode codepage is set to multibyte character language
4. The attacker must be able to place the file in the target computer (as an attachment to an email message, probably, but the user has to save the attachment first)
5. The file must be opened or the user hovers the mouse over the file

There is no workaround for this vulnerability, so McAfee VirusScan users are advised to install Patch15. View the McAfee Security Bulletin.

18
Apr

Cheating Will Be Local

Posted by | Categories Ink

A lot of things are bothering me about this May elections.

The general consensus is that the cheating for this coming elections will be minimal. Yet, there are several facts that trouble me. One, the Comelec had ordered extra 1 million ballots printed. Second, the Comelec has purged the voters list; around a million names were removed. So what’s the use of the extra ballots?

Third, the administration is not bothered by the strong showing of the opposition in the senatorial race. Heck, it was even nonchalant when reacting to surveys. However, when a survey result showing that the voters will vote opposition in the local polls was released, the administration almost went ballistic.

Fourth, the administration hacks keep on harping about machinery delivering Team Unity to victory; one drunk hack even predicted a 12-0 sweep by the administration, survey results to the contrary notwithstanding. What machinery they are talking about? Is the Maguindanao governor’s enticement part of that machinery?

Fifth, the Comelec refuses to disclose the nominees of the party lists participating in this year’s elections. The Comelec did so in 2001 and in 2004, why can’t they do that this year? Is it because of the accusations that some party list groups are just administration fronts?

Taking all of these into consideration, and the fact that the people is now aware of the cheating mechanisms available, the question now is this: will there be cheating? And if yes, in what form?

I think it will help if we know what is the goal of the administration for this year’s elections. It is actually very simple, and very obvious. It has been their goal since 2004 – the survival of Gloria Arroyo’s hold in the Fortress by the Pasig.

So the goal this year is to prevent the opposition from gaining enough seats in the House of Representatives. The goal is to make another impeachment impossible.

Knowing the goal, we can now answer some questions. Will there be cheating this year? Probably. In what form? In a way that is localized in nature.

Let me explain. It seems that the administration has already conceded the senatorial race; all those things that administration hacks were saying are all bravado. Cheating on this level will be too obvious. (It is still possible, in order to insert a candidate or two, but that’s the most they can do.)

The administration has placed its bets on the local races. There are races where administration candidates are running unopposed, so scratch those. What to watch out for are the races that are perceived to be close or where the opposition is strong.

If there will be cheating, it will in the local polls. This is where the administration cannot afford to lose.

17
Apr

Clam AV CAB File Unstore Vulnerability

Posted by | Categories Byte

Free (licensed under GPL) antivirus Clam AV is an alternative to other antivirus apps out there. Like any other application, it is also vulnerable.

iDefense has recently reported a vulnerability in Clam AV when scanning (either malformed or maliciously malformed) CAB files. Successfully exploiting this vulnerability results to remote code execution. When the exploit fails, the application crashes. Versions 0.9x are affected.

Since there is no workaround for this vulnerability, Clam AV users are advised to upgrade to 0.90.2. Get it at Clam AV Downloads page.

NOTE: Remote code execution is dangerous because user intervention is unnecessary in this case. Crashing an app is considered as a denial of service.

16
Apr

iBlog 3: Personal Observations

Posted by | Categories Journal

For me, events like iBlog (held at the auditorium of the UP School of Economics) are not only for learning purposes. It is more of a chance to meet and exchange ideas with bloggers offline. As such, I am presenting my observations about the people I met at iBlog.

The first people that I saw were Pierre and Ajay, before the program for the first day had started. (Actually, the first person I saw at the registration was Atty. Noel Punzalan, aka Atty. Punzi). I really wanted to introduce myself, but my inherent shyness prevented me from doing so. A mistake. Anyway, when Mam Janette delivered the invocation, I was hoping that it would not cause controversy. Directly in the row infront of me were Dean Jorge Bocobo and Atty. Punzi. I also saw Shari with her brother.

Off-topic, but we Pinoys really have problems with our concept of time.

At lunch, I met Josh of chickenmafia.com and Dhon of islandboyinthecity (that’s a long one). And courtesy of Juned, I finally got to chat with DJB. The fact that he’s entertaining the idea of voting for Richard Gomez surprised me, and hearing his reasons why surprises me still.

After the first day ended, some of the participants (me included) went to the University Hotel for some drinks. I was seated together with Juned, Mam Noemi Dado, Jeff, and Eugene. Mam Noemi was one of the speakers of the day, and her blogging success is inspiring; her goal is inspiring too. From now on, I will read her blog; who knows, someone might need comfort, and at least I would know what to do.

I was looking forward for the second day, which included top-heavy topics. As I arrived, I saw Mam Ellen Tordesillas, who introduced me to Ms. Yvonne Chua (formerly of PCIJ) and Wilson Chua (president of Bitstop). Then I saw MLQ3, and to this day I chide myself for not introducing myself to him. Ditto with Ricky Carandang (it’s nice to know he got his domain name back, I hope he blogs again soon).

During the afternoon break, I also failed to introduce myself and congratulate Alecks Pabico, one of the bloggers behind the PCIJ blog, the winner of the Philippine Blog Awards for News and Media Category.

The second day session was an abbreviated one, due to lack of time (I don’t like to blame anyone, but read the off-topic comment above for the reason why).

For me, the best presentations were by Marcelle Fabie and Dean Francis Alfar (not in any order). Both of them had their audience at the edge of their seats. I really think there are born communicators, born teachers, and born teachers-communicators.

Hopefully, the presentations slides will be available soon.

Thanks to Atty. JJ Disini, Mam Janette Toral, and the volunteers for such a great program, and hopefully I’ll see all of them (and meet new ones) at iBlog4.

And please remind me to chain my shyness outside the venue when iBlog4 is on. Thanks.

Missed at iBlog 3:
Jove Francisco
Victor Villanueva (Bikoy; I really wanted to ask him a question)
Julius Rocas (Four-Eyed Journal; thought I saw him, but apparently he was not there)
Sasha (apparently she was there)

15
Apr

On Context

Posted by | Categories Ink

Words have multiple meanings, and the intended meaning is gleaned from its context – the way the word is used in a statement. Thus, when you string words with others, your meaning, your intent, your thought, may change depending on the context.

This is important when analyzing arguments and statements, most specially statements with multiple clauses. Multiple clauses are tricky, and here is where most arguments and debates begin. For you might mean one thing on the first clause, but may change because of context of the second clause.

This idea has been in my mind since last night, as I leave the University Hotel, right after iBlog. I guess this qualify for the Artist’s way, right, Mr. Vader?

12
Apr

I Will Vote for CIBAC this May

Posted by | Categories Ink

I am supposed to post about the party list system, but got sidelined by the enormity of the task. I wish to explain the system, how it works, and what groups are qualified. With the arbitrariness of the Comelec in accrediting party list organizations (dropping Ang Ladlad, and not Alliance Transport Sector and 1-United Transport Koalisyon and Kapatiran ng mga Na Kulong na Walang Sala), an easy-to-understand explanation is needed to show why Benjamin Abalos is appointed as chair of Comelec (this news is just a piece of the pie).

Anyway, read the text of Republic Act 7941 (the Party List Law) and a Comelec primer on the party list system.

While I do not have a list of senatorial candidates to vote (yet), I have already chosen CIBAC as my party list vote. My apologies to you and you and you for not selecting Kabataan for the party list. Let me explain why.

My aunt is a Born Again, and she does missionary work for her church. One morning at the breakfast table, she asked me to vote for Alagad in the party list elections. I asked her why, and she said the party is helpful (nakakatulong was the word that she used). Knowing that this party had given us Rodante Marcoleta (who is in my Wall of Shame) and his hairdo, I politely said no.

Now, here is why I am voting for Cibac. One, it has been consistent on its stand regarding accountability of government officials. Second, it is pro-impeachment. And third, the primary voters of this party list are Born Again Christians. If my aunt is any indication, the Born Again vote is now divided, and the support for Cibac will be eroded.

Cibac deserves to retain its seat in the House of Representatives, and it deserves to gain two more. That is why I am voting for Cibac. I will not try to convince you to vote for Cibac. Just go to their Web site, read, and see if it deserves your own vote.

Join the discussion on GO vs. TU Web site smackdown! Go here and leave your ratings and comments. Go tell others.

12
Apr

GO vs. TU Web Site Smackdown!

Posted by | Categories Byte

Now that Team Unity has launched its Web site, it is now time to compare it with the Web site (or blog) of the Genuine Opposition.

ABS-CBN News is first to bat with this comparison of the two site (although MLQ3 was probably the first to make a very short comparison, although he is wrong on TU Web site as static one – it has a content management system based on the URLs).

The Jester-in-Exile also carried this, plus he collated the Web sites of senatorial candidates.

Now that the battle is being waged in the Internet, it’s time to have a GO vs. TU Web site smackdown. Let’s use the criteria set for the just-concluded Philippine Blog Awards with some modification:

Content – 40%
Is the content informative, relevant and well thought through?

Design – 20%
This refers to the site’s design in relation to its content. Design takes into consideration the look and feel of the site, from the placement of links, use of images, feeds, headers and ads (if any). Is the design suitable to the subject/content?

Appeal and Context – 15%
This refers to the site’s engagement factor with readers.

Accessibility – 15%
Is the Web site usable on different computers and by people with disabilities? Can visually impaired users increase the font size? Is there alternative text (ALT text) if the images are turned off? Are sections of the site clearly separated so anyone will understand them? (Taken from Web Design Challenge)

Alpha Factor – 10%
Why do you think the Web site is better than the other one?

Leave your breakdown and explanation at the comments.

11
Apr

Migs Zubiri: A True-Blue Politician

Posted by | Categories Ink

Monday being a holiday, I was able to see another episode of Forum 2007. The topic was about Mindanao, and the candidates featured were Aquilino Pimentel III, Adrian Sison, and Juan Miguel Zubiri.

Mindanao is a complicated topic, and someone not from Mindanao cannot comment on the topic with confidence. Pimentel and Zubiri are both from Mindanao, and thus their confidence showed. Sison was very confident also, though I’m not sure if he’s from Mindanao.

My impression on Zubiri is that he is a politician at heart. His answers (like the other two) were motherhood statements coupled with references to his accomplishments in his congressional district. He mouthed the roads and other infrastructure that his pork barrel has funded (implying that people of Bukidnon should be thankful); he even had a so-called score card, a folder containing pictures of infra projects in Bukidnon. This is what a true-blue politician will do.

Pimentel’s and Zubiri’s proposed solutions to the Mindanao problem do not differ that much; Sison emphasized on education, which to me is rather short-sighted, as if education alone will solve the problems in Mindanao. However, Zubiri’s a bit incoherent on his proposals, to the point that I myself can’t remember anything specific except for infrastructure and the like.

Sadly, he had not shared to the viewers and panelists his specific legislative agenda for Mindanao. And that’s where the problem is.

He is running for senator, which is a legislative position. His proposed solutions are all under the purview of the executive, thus I am scratching my head in asking, “Why should I vote for this guy, when he has not presented his legislative agenda for Mindanao?”

And, by the way, was he not part of the fools at the House of Representatives that wanted to abolish the Senate? And now he is running for a seat at the chamber that he wanted abolished? This is what we call an about face, a classic in the politician’s playbook. Why should I vote for him?

SIDE NOTES:

Pimentel said it best: “The problem in Mindanao is not just a problem of Mindanaoaons, it is the problem of all Filipinos.”

Amina Rasul’s questions were very leading. She had stated her questions in such a way that she would get the answers that she wanted. Unfortunately, two of the candidates answered that diverged from her questions. Guess who they were?

When asked about the Anti Terror Law, Pimentel had said that it is unconstitutional. He suggested that ARMM create a Commission on Human Rights wqith prosecutorial powers. Why the national CHR does not have this power is a question with no answers.

10
Apr

Two Kaspersky Vulnerabilities

Posted by | Categories Byte

Two vulnerabilities regarding Kaspersky security products have been disclosed by iDefense.

There is a heap overflow vulnerability in Kaspersky Internet Security Suite. This vulnerability allows for a remote code execution.

Kaspersky’s response is here.

An information disclosure vulnerability is discovered involving Kaspersky Antivirus (version 6). This vulnerability could allow malicious Web sites to obtain files from a user’s computer. The danger here is that in this vulnerability, no dialog nor warning window is shown when a malicious script starts a file transfer.

Kaspersky’s response for this vulnerability is here.

Kaspersky users are advised to install Maintenance Pack 2 to patch these vulnerabilities.

NOTE: Remote code execution occurs when an outsider is able to execute a program on a remote computer through holes in the computer, either via vulnerabilities or backdoors. An information disclosure occurs when a vulnerable application allows an outsider to gain/steal any information.

9
Apr

Araw ng Kagitingan

Posted by | Categories Ink

Today we commemorate the valor of the Filipino soldiers in fighting the Japanese during World War II.

This date is actually the date when Bataan fell to the Japanese, and majority of the American and Filipino soldiers were forced to do the so called Death March.

This day we should remember the sacrifices that our war veterans did to liberate the country.

May the government get its act together to take the plight of our war veterans and retired soldiers seriously.

May the US government see the light and justly compensate the efforts given by Filipino war veterans.

May the Filipino people realize that there are aspirations greater than getting rich or living the life that they wanted.

My paternal grandfather was a war veteran, but he was not able to set foot on the US. He died when I was still young, so I never got to ask him war stories. His brother fared better; he now lives in the Bay Area of California, and drops by the Philippines from time to time. The last time I saw him was when my paternal grandmother (his sister-in-law) died. Never got to ask him war stories then. Hopefully it is not too late.

Do you know someone who is a war veteran? Do you have war stories to share? Post them in the comments or post about it.