Orphaned Tasty Bits of the Day®

These items, which appeared as Tasty Bits of the Day during April, weren't picked up in the next regular issue of TBTF. They are recorded here for completeness of the archive.

1999-04-16: ..Off to see the Lizard This Utah-based supplier of packaged Linux software released a new version with a speedier kernel, improved GUI, and simplified in- stallation [1]. The install process features a Linux wizard, which the company calls the Lizard, that intelligently probes for all hardware built into the motherboard or add-in devices such as video cards, SCSI drives, and mice. [1] http://www.infoworld.com/cgi-bin/displayStory.pl?990415.picaldera.htm

1999-04-07: ..EFF Pioneer Awards Last evening the Electronic Freedom Foundation held their annual awards ceremony [1] in conjunction with the Computers, Freedom & Privacy 99 Conference [2], which is going on this week in Washing- ton DC. The 1999 Pioneer Award winners are Jon Postel (posthumous), Drazen Pantic, and Simon Davies. Mr. Pantic started the first ISP in Yugoslavia and recently used the Web to expand the reach of the Serbian radio station B92 [3]. Mr. Davies is a privacy advocate, and the founder and director of Privacy International [4]. [1] http://www.eff.org/promo/99pioneer.html [2] http://www.cfp99.org/ [3] http://www.b92.net/ [4] http://www.privacyinternational.org/

1999-04-01: ..The last of BONG Admirers of the newspaper culture everywhere, unite! or at least subscribe. BONG BULL, the email bulletin of the Burned-Out News- papercreatures Guild, is in the last weeks of its long run as the New York Times News Service ends its sponsorship. The ultimate issue will issue on April 30. Walk don't run to an email client near you and send a missive to listserv@netcom.com, with any sub- ject; in the body say subscribe bong-l . To whet the appetite, here in full is the latest edition's comix section: The Further Adventures of Herman "Speed" Graphic, Ace Photographer for the Chagrin Falls Commercial Scimitar, and his Faithful Companion, Typo the Wonder Pig. Panel One: Speed and Typo discuss impending doom as Speed re- flects, "So what if Features Editor Hyperba Lee did nominate me for a Pulitzer Prize, Typo?" Typo responds, "You know, it's these moments of innocent naivete that make you so special, Boss! Let's see, you become nationally famous, if not worldwide...." Panel Two: Typo enumerates, "...You hear from every distant relative and former colleague you've ever known in your life and some you never heard of; you're the guest of honor of the granddaddy of all office parties, full of people outwardly cheerful but inwardly seething with cold-blooded envy..." Panel Three: Typo continues, "...Your name is in all the papers, magazines, TV and even encyclopedias and almanacs, where they add your age; you get invited to make speeches, and not every- body wants to pay, especially your own employer; the amount of the cash prize is widely publicized, and read with interest by every bartender and bookie..." Panel Four: Typo adds, "...College professors who had you in any course down to art appreciation lecture students about your brilliance, regardless of the grade you got; you never again can sneak out for a quick lunch, nor drink it in anonymous peace; you're expected to make a speech at every staff meeting..." Panel Five: Before Typo can proceed, Speed huddles in his trenchcoat, a deathbed gift from an ancient mystic wire ser- vice executive editor on a fog-shrouded eastern island, and gasps, "Enough! No more, Typo! Oh, Hyperba's really done it to me this time, that cruelest of vixens!" Typo scolds, "Really, Boss! Would it have hurt you to accept Hyperba's invitation to dance just once? The lambada can be a very beautiful dance when done right!" And the masthead: Waving a frilly sleeve, BONG Chief Copyboy Charley Stough, Dayton Daily News, 45 S. Ludlow St., Dayton, Ohio 45401 salutes NYTNS strutters worldwide. E-mail copyboy@dma.org. Phone (937) 225-2445 after 5 p.m. eastern. Fax 225-2489.

1999-03-30: ..Melissa variants cropping up Variants of the macro virus have already appeared that bypass some of the protections sysadmins have put in place since Friday [1]. One variant has a blank subject line; another carries the malicious macro in an Excel document instead of a Word document, and its sub- ject line is "Urgent info inside. Disregard macro warnings." Another variant, named Papa [2], also uses Excel as a vector and reportedly sports the subject line "Re: fwd: work from alt.net and Fred Cohen". (Mr. Cohen is a favorite target of crackers because of his "zero- tolerance" policy towards online intrusion attempts.) A CERT spokes- man quoted an antivirus tool vendor's prediction that 20 to 30 Me- lissa copycats will appear by the end of the week. [1] http://www.zdnet.com/pcweek/stories/pri...152,00.html [2] http://www.zdnet.com/pcweek/stories/pri...117,00.html ..Who wrote Melissa? Today's NY Times carries an ironic story [3] of online detective work. Richard Smith, president of Phar Lap software in Cambridge, MA, set out last Friday to track down the author(s) of Melissa. Smith had been the discoverer of Microsoft's use of machine-specific globally unique identifiers in documents created by all Microsoft Office components. He searched the Net for the GUID found in the original Word document that carried the Melissa macro virus. Smith, along with Frederik Bjorck, a Swedish graduate student who was in- dependently pursuing the same trail, found evidence that Melissa can be traced to a virus writer who goes by the handle VicodinES. This person's Web site [4] has now been retired. S/he has signed earlier, similar viruses, according to Smith and Bjork; here is one example [5]. A Google search for "VicodinES" returns 55 hits, in- cluding this list [6] of virus construction kits; and lo, VicodinES's "Advanced Class Object infection tool for Word 97" leads the list. Searching DejaNews turns up 33 articles, and they make interesting reading. The betting now is that Melissa spread, without the intent to par- alyze the Internet, from a posting on an alt.sex newsgroup. Malice or no, distributing a computer virus is now a federal crime carrying a fine of $250,000 and 10 years in prison. The FBI is seriously in- terested in finding the perpetrator of Melissa; Richard Smith has turned over his findings to them. I don't wonder that VicodinES dis- appeared his/her Web site. [3] http://www.nytimes.com/library/tech/.../30virus.html [4] http://sourceofkaos.com/homes/vic/start.html [5] http://europe.datafellows.com/v-descs/cartman.htm [6] http://sourceofkaos.com/homes/virus/virii4.htm

1999-03-29: ..Beware Melissa This virus warning is no hoax. W97M_Melissa has what it takes to tie the Internet in knots in a way no malware has accomplished since Morris's Internet worm of 1988 [7]. Last Friday Melissa brought down the email systems of major corporations. At least one division of Intel was affected. Microsoft's PR agency, Waggoner Edstrom, was also hit. Microsoft isolated itself from email for several hours on Friday while dealing with the virus. Other organizations reportedly hit hard were Charles Schwab, Lucent, and the Department of Energy. The FBI's National Infrastructure Protection Center has issued its first-ever alert [8] on the subject of Melissa. Here is the CERT advisory [9] describing the virus. It links several anti-virus companies which have already developed fixes. Melissa is a Word 97 and Word 2000 macro virus that, when activated, sends 50 copies of itself to people on your own Outlook address list. The document itself is a list of porn sites, reports say (I have not seen it). The email message appears to come from you -- its subject is "Important Message From [your name]" -- and its content is "Here is that document you asked for ... don't show anyone else ;-)". The wording makes it likely that recipients will open the document, sending 50 more copies of the virus. Upon execution, the virus first lowers Word's macro security set- tings to allow all macros to run without confirmation. The virus lodges in the Normal.dot Word template, so any new documents you create will be born infected. See Microsoft's security site for a fix [10] for the excessive trust Word bestows on template files. Finally, when the minute of the hour matches the day of the month (such as 3:29 on March 29), the macro inserts into the current document the message "Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here." This speech comes from the second episode [11] of the TV program The Simpsons (thanks to Jamie McCarthy for the cite). This mailing [12] from the SANS Institute, an organization of sys- admins and security professionals, features a first-person narra- tion of the effort of cleaning up after Melissa last weekend. It concluded with a listing of the Melissa code, sanitized so that it won't run. Note that it is "signed" at the end Kwyjibo. This is the "word" with which Bart Simpson scores in the Scrabble(tm) sequence cited above. [7] http://www.eos.ncsu.edu/eos/info/.../abuse/wvt/worm/ [8] http://www.nipc.gov/nipc/w97melissa.htm [9] http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html [10] http://www.microsoft.com/security/bulletins/ms99-002.asp [11] http://www.snpp.com/episodes/7G02 [12] http://www.interesting-people.org/199903/0086.html