January 29, 2009

Nike Air Structure Triax+ 12




Blurry cam strike again!

Apparently this is just called the Nike Air Structure 12 now. They should stop changing names and confusing me. No flywire on this one.

Update: apparently, it's officially called the Zoom Structure Triax+ 12. Oh my.

January 19, 2009

Non-crowd at iPhone 3G launch

The iPhone 3G launched here in Thailand over the weekend. Since the market is already flooded with imported handsets that are pre-modified for local use and pre-loaded with every game available, the launch is a true anti-climax. Compare photos below:

A week before the USA iPhone 3G launch, line already forming outside the San Francisco store. (Photo: www.wired.com)


Empty seats at the Thai iPhone 3G launch "event". (Photo: www.itcoolgang.com)

January 14, 2009

Worm killing


Turns out that after a week of fighting the Conflicker worm, the Microsoft Malicious Software Removal Tool was the one that actually cleaned out the worm. Microsoft has more information about the worm and an KB article specifically about this worm. Looks like I wasn't the only one having problems. F-Secure's weblog also has an article about the strange AUTORUN.INF I found on my boss's computer not long after we started having problems on the LAN. I suspect that during the New Year holidays, one of the managers took a company notebook home and got infected, and brought destruction back to the company. Fun!

Update: I don't feel so bad now since I'm only 1 in 3.5 million infected.

January 13, 2009

Nike Air Span+ 6




The Nike Air Span+ 6 showed up in the shops locally eventhough it's supposed to have a February release date. My regular running shoes are the Air Span 4+, and the 6's flywire feels uncomfortable to my hands, but I didn't actually try them on.

Sorry for the blurrycam pics, but I only had my phone with me.

Starbucks diary




I've been having excessive amounts of Starbucks coffee lately, not just because I want to get stamps to redeem for their 2009 diary, but also because I have perfected my personal drink: a quad macchiato, half-decaf, two packets of Equal in the cup, put all that in a tall cup, and fill it up with milk foam.

I've only been able to order espresso macchiato at the local Starbucks since last year. Before that, I've always had to order an "espresso with milk foam" or a "cappuchino without milk" (?!) to get my macchiato, and I always had to explain that, no, I did not want a caramel macchiato!

Of course, right after I managed to get enough stamps to redeem for the 2009 diary, they decided that not enough people are buying drinks and they have way too many leftovers diaries, they doubled the stamps you get per drink. And when I managed to get my second diary just because I have too many stamps, they started a new promotion where the second drink of the day gets 50% off. Argh!

January 7, 2009

Worm fighting

As I had suspected, the worm that I had been hit with was a variant of Conflicker. As of this writing Virustotal shows 7 out of 38 detections of a suspicious file I found inside an infected PC. Virustotal is a great site for testing whether a file is actually a virus.

I still couldn't figure out how my machines got infected since I already patched against MS08-067 and MS08-068. However, I don't normally have Windows Update enabled, so it could have been some other Windows vulnerability. Avira AntiVir that I normally use was completely unable to detect the worm too. I sent the sample to Avira for analysis, and after a few hours they updated the virus definition files then AntiVir started to detect the worm as Worm/Kido.DW.

Now instead of complaining of computers crashing, my users were calling in to tell me that AntiVir was popping up all the time and telling them that they have Worm/Kido.DW. So while I was busy scanning our computers, I suddenly found that my notebook was infected with an autorun virus. It appears to also have created the iamfamous.dll Firefox component that steals passwords and also hijacked my DNS. I had no idea where it came from or if it's related to the Conflicker worm but I was able to successfully clean it by using Malwarebytes Anti-Malware. (Avira AntiVir once again failed me, but I also sent a sample to them and they included detection in the next update.)

January 5, 2009

Shai-Hulud 2009

Today is the very first working day of the year. I got to the office, booted up my notebook, and two minutes later, Windows crashed.

Reboot, crash.

Reboot, crash.

Hmm, I rebooted again and quickly looked at my firewall, and saw a number of machines trying to connect to port 139. Crash.

I rebooted again, and quickly enabled the Windows Firewall. No crashes this time. I looked at my firewall again, and noticed almost every other computer on the LAN are doing funny things on port 139. And my phone started ringing from users calling in about their computers crashing.

A few more seconds later, my servers started doing funny things on port 53.

Oh my, 2009 is turning out to be pretty bad so far.

January 1, 2009

New year tragedy


A popular local pub, Santika Club, caught fire just after midnight during the New Year countdown celebrations. Around sixty people are killed by the fire and over a hundred were hurt. Looks like their web server also crashed and burned.

The club is located just outside of my office building. So now instead of seeing club goers with their expensive cars when I'm working late, guess I'll be staring at the crater.

Update: the news has hit international circuits. CNN's report here.

Happy Y2.009K


Happy new year! Instead of vacationing, I spent the last few days helping a client switch over to a new ISP and the ISP hosted mail server. Unfortunately, they still refuse to switch over to Google Apps, so they have to deal with the ISP's poor mail service. Plus they're still using my Buffalo wireless router running Tomato, now with a slightly amazing 75 day of uptime. The last reboot happened when I updated the firmware. I even switched to the new ISP without having to reboot the router. After the new year, I'm gonna take it back so I can finally get to play with it myself.

I bought the Buffalo back in June and it's been at the client site since July. The Buffalo router is no longer available locally for some unknown reason, and the shop that I bought it from denies that they've ever carried it. (In fact, they've only ever had one piece, and I bought it.) So I really really want to try it out.