Welcome to The Funny/Alerts Newsletter. Over the last two weeks Anne and I have had vinyl siding put on the house. It looks great and we'll never have to worry about painting again! The neighbors have been remarking on it's beauty and with all of the snow we've had this last week I'm certainly thankful for the extra insulation! It was well worth it and we highly recommend it. Just make sure that you do your homework by checking with the local BBB and Contractor's Board before you give anyone your hard-earned money.

Since I've been off-line for the last two weeks due to technical difficulties, I decided that I owed you some extra funnies. Here you go... enjoy!


White House spokesman Ari Fleischer today said a miscommunication with the President's medical staff inadvertently caused a report to circulate stating President Bush fainted after choking "on" a pretzel. The President, Fleischer said, actually fainted after choking "the" pretzel. "It's a simple mistake, and no, I'm not going to explain what it means," Fleischer said. 

Doctors explained that episodes of fainting during such an activity are not unusual, but added the euphemism "choking the pretzel" appears to be new. However, according to presidential historian Michael Garvey-Hart, President Bush is most likely borrowing from one of his heroes, President Theodore Roosevelt, who often used the term 'spanking the pretzel' to describe incidents in which he was tickling his teddy.

Alert: Virus Scanner Inadequacies with NTFS
(NTFS is the file system used by NT, 2000 and XP to store data on your hard drive - DP)

Released By: Dartmouth's Institute for Security Technology Studies(ISTS)
Contact Info: Chris Brenton cbrenton@ists.dartmouth.edu
Systems Affected: Windows NT and 2000 running NTFS
Products Tested: Virus scanners from the top three major vendors

Executive Summary
While the existence of data streams within the NT file system (NTFS) has been known for many years (Microsoft has released quite a bit of info on alternate streams), virus vendors have not taken steps to adequately check this area of the file system. This deficiency can be leveraged in order to hide malicious code or even cause the virus scanner itself to destroy critical system files.

Advisory Details
We tested the latest version of virus scanners from the three major virus scanning vendors. In all cases we found that the scanners were incapable of identifying viruses stored within an alternate data stream. For example if you create the file MyResume.doc:ILOVEYOU.vbs and store the contents of the I Love You virus within the alternate data stream file, none of the tested virus scanner where capable of finding the virus during a complete disk scan, even when 'check all files' was selected. This means that an evil programmer can use the alternate data streams portion of the file system in order to hide malicious code from all major virus scanning products.

There are a couple of caveats here. First, if the memory resident virus scanner is set to check all files, the virus code must be new and have an unknown signature. When the contents of the named stream is read into memory, the alternate data stream is read into memory as well. At this point in the copy process the memory resident virus scanner is capable of detecting viruses with a known signature. So in order to sneak virus code past a memory resident scanner set to check all files, the virus signature must be unknown to the scanner.

It should be noted however that many memory resident virus scanners are not set to check all files. In order to increase system performance, the memory resident virus scanner will only check files where the named stream has a specific extension (such as .com, .exe, .vbs, etc.). When a scanner is configured in this manner, a malicious programmer can sneak their virus code onto the system by associating the alternate data stream with a named stream that is not normally checked. For example, most scanners do not include .ini files in their list of named data stream files that should be checked. A programmer could associate legacy virus code with one of these unchecked file types and have it be successfully written to disk. As mentioned earlier in this document, the virus would also be missed during any subsequent disk scans as the alternate data stream portion of the file system does not get checked.

So the vulnerability lies with being infected by new viruses or viruses that are stored in an alternate data stream of a file that is not normally checked by the memory resident scanner.

Current fixes
No known fixes at this time. This advisory was released to the vendors of the three tested products over three months ago. To date, no corrective action has been performed.

Current Workarounds
What Can End Users Do Today?

1.Start performing regular checks of your NTFS file system for alternate data streams. Run the check as an AT process so that the file system is verified on a regular basis. NTOBJECTives has an excellent tool called Sfind.exe which is capable of finding alternate data streams. The tool is included as part of their free Forensic ToolKit. Reference URL is: http://www.ntobjectives.com/

2.Follow step #1 to baseline your existing NTFS partitions. If during later checks you find a new alternate data stream, be suspicious. During our testing we found that stock installations of Windows NT and Windows 2000 did not create any data stream files. It is possible however that some third part vendors may use them. Streams are used to save fork file information when a Macintosh volume is created so you may see alternate data streams if your NT system stores Macintosh files in their native format.

3.If you find a suspicious data stream and want to clean it from the system, first perform a backup of the named stream file as well as all associated data streams. Verify that your backup software did in fact save the alternate stream file as well (some backup software is incapable of processing data streams but that's a topic for another advisory). If the alternate data stream was not backed up, you can map a drive to a remote NTFS partition and copy the file to the remote system. Stream files are maintained when you copy from one NTFS partition to another. To clean the alternate data stream from the named file, simply map a drive to a non-NTFS partition (for example NT using FAT, Windows 98 or Linux running SAMBA). You can then move the file to the remote system and then move it back. When the file gets written to disk on the remote system the alternate data stream files will not be saved. Note that this also removes any specific file permissions you may have set so make sure you document the settings using FileStat (also part of the Forensic ToolKit) or a similar utility prior to moving the file.

4.Call your virus scanner vendor and request that they add proper support for data streams.

ISP backup!

While we were down (awaiting the replacement Cable Modem) I lamented the fact that we had not kept our old ISP account as insurance against just this sort of thing. The problem is that we would have been paying $20/month for a service that we weren't going to use except on the rare occasion, such as this. Since we've had broadband for almost two years now, that would have added up to $440! Not a viable alternative.

Once I was back online, guess what my first objective was to be. That's right... find an alternative connection to use as backup that didn't require a monthly payment and would bill (inexpensively) only as needed. This is what's call "Metered Service" and, surprisingly, it took me a while to find one that fit the bill (no pun intended). The problem with most of the ISPs is that, even though they only charged for your usage, they still made you cough up a monthly service fee.

Imagine how glad I was to find BAMnet, the pearl among the swine. These people know exactly what I need and offered it in several "packages" including one labeled "I have DSL or Cable and need backup for when my internet goes down." Oh, joy! Clicking on this link took me directly to the sign-up page where I was assured that I didn't need any special software and that they had NO ad banners!

Here's the scoop:

·6-1/2* cents per minute from most areas.
·All calls lasting less than 30-seconds are not billed
·Straight 6-second billing increments
·No minimum usage required
·No per call surcharges or hidden charges
·Charges appear under the title HBS, Inc. for BAMnet Corporation.
·Charges appear with calling code 2154408382 (Philadelphia).

Phone Bill option: There is a one-time initial setup fee of $1.50 which is billed to your home or business local phone bill. Each call is individually itemized on your local phone bill. We use a calling card style billing system so your local phone company might list the calls as, "Calling card calls, BAMnet Corporation." 6-1/2* cents per minute toll charge will appear on your local phone bill.

Credit Card option: There is no pre-set expiration date on your account, accounts expire when the pre-paid quantity of minutes are used up.

If you need to access the internet from a hotel/motel or pay phone, check out their 10-10-2000 system.

Or call for questions: 1-877-3-BAMNET (877-322-6638)


Dear kind-hearted friends...

Now that the holiday season has passed, please look into your heart to help those in need. Enron executives in our very own country are living at or just below the seven-figure salary level... right here in the land of plenty.

And, as if that weren't bad enough, they will be deprived of it as a result of the bankruptcy and current SEC investigation.

But now, you can help! For only $20,835 a month, about $694.50 a day (that's less than the cost of a large screen projection TV) you can help an Enron executive remain economically viable during his time of need. This contribution by no means solves the problem, as it barely covers their per diem, but it's a start!

Almost $700 may not seem like a lot of money to you, but to an Enron exec it could mean the difference between a vacation spent sucking ass in DC, golfing in Florida or a Mediterranean cruise. For you, seven hundred dollars is nothing more than rent, a car note or mortgage payments. But to an Enron exec $700 will almost replace his per diem.

Your commitment of less than $700 a day will enable an Enron exec to buy that home entertainment center, trade in the year-old Lexus for a new Ferrari, or enjoy a weekend in Rio.


Each month, you will receive a complete financial report on the exec you sponsor. Detailed information about his stocks, bonds, 401(k), real estate, and other investment holdings will be mailed to your home. You'll also get information on how he plans to invest his golden parachute. Imagine the joy as you watch your executive's portfolio double or triple! Plus upon signing up for this program, you will receive a photo of the exec (unsigned - for a signed photo, please include an additional $50.00). Put the photo on your refrigerator to remind you of other peoples' suffering.


Your Enron exec will be told that he has a SPECIAL FRIEND who just wants to help in a time of need. Although the exec won't know your name, he will be able to make collect calls to your home via a special operator just in case additional funds are needed for unexpected expenses.


I would like to sponsor an Enron executive. My preference is checked below:

[ ] Mid-level Manager 
[ ] Director 
[ ] Vice President (Bronze Club)
[ ] President (Silver Club)
[ ] CEO (Gold Club)
[ ] Entire Company 
[ ] I'll sponsor an Exec most in need. Please select one for me.

Already an Enron supporter? Don't worry, in this troubled economy, there are many executives who need your help. Ford today is laying off 35,000. The NASDAQ is deflated. Now you can show your patriotism and do something about it. The Invisible Hand will allow supporters to substitute executives from any downtrodden company listed on screwedupcompany.com. You will never own a Bentley, wear hand-tailored silk shirts, or have a gentleman's gentleman; why deprive a worthy executive from ascending, and more importantly, from maintaining the lifestyle he so richly deserves? (pun not intended)
Imagine the feeling of satisfaction, the pure joy of knowing that your sponsor ex-executive at the former spiltmilk.com will be able to have his caviar and eat it too.

It's just that easy - do it now!

Please charge the account listed below $___________ per day and send me a picture of the Enron executive I have sponsored, along with my very own Enron "Keep America Strong - Sponsor an Enron Exec: Ask Me How!" t-shirt to wear proudly.

Your Name: _______________________ 
Telephone Number:_______________________ 
Account Number: _______________________ 
Exp. Date:_______
[ ]MasterCard [ ]Visa [ ]American Express [ ]Discover 
Signature: _______________________ 

Mail completed form to "The Invisible Hand" or call 1-900-2MUCH now to enroll by phone. Note: Sponsors are not permitted to contact the executive they have sponsored, either in person or by other means including, but not limited to, telephone calls, letters, e-mail, or third parties. Keep in mind that the executive you have sponsored will be much too busy enjoying his free time, thanks to your generous donations.

Contributions are not tax-deductible.


1-Precious Lord, Take My Hand, And Help Me Up
2-It Is Well with My Soul, But My Knees Hurt
3-Nobody Knows the Trouble I Have Seeing
4-Just a Slower Walk with Thee
5-Count Your Many Birthdays, Name Them One by One
6-Go Tell It on the Mountain, But Speak Up
7-Give Me the Old Timers' Religion
8-Blessed Insurance
9-Guide Me O Thou Great Jehovah, I've Forgotten Where I Parked

[thanks to Margaret and Dan Merz for this one]



An appreciative heart attracts more of what it appreciates.