CES keynote – Ballmer’s on tap

We’re about an hour away from the Consumer Electronic Show keynote, and Steve Ballmer’s no doubt in the green room, prepping for a talk that will be heard around the world. If you’re curious and don’t have anything better to do, you can watch it live on the MS Press Room site.

Me, I’m going to clean the fish tank.

Ballmer may well pull a rabbit out of his hat. One of the best things he could do for Microsoft and for us customers is to cut through the Windows 7 licensing BS: a re-design of the Win7 product lineup to mimic the Office 2010 lineup would be most welcome. But I’m not holding my breath.

UPDATE: Not much interesting from Ballmer at CES. I’m glad I cleaned the fish tank.

Simple spearphishing email gets through big-name phish blockers

Don’t click that link.

Joshua Perrymon constructed a very simple phishing message that managed to get through the blocking features of Microsoft Outlook 2007, Microsoft Exchange, Outlook Express, and Cisco IronPort – and the message wasn’t snagged by any of the major ISP filters, GoDaddy’s hosted email, Voltage, RackSpace/MailTrust hosted email, Webroot SaaS Email Security, Verizon Email Cloud Filtering with MessageLabs, a Linux and SpamAssassin configuration, SonicWall’s Email Security appliance, LinuxMail with greylisting, Opera Mail, and Mozilla Thunderbird.

Kelly Higgins at DarkReport.com says Joshua’s about to release full details.

The method’s simple:

Perrymon sent his spoofed LinkedIn email — which looked a lot like a real LinkedIn invite, except it spelled the social network “LinkedIN” in the “from” field of the message — to a variety of users in different organizations who had agreed to participate in a test. The message read: “Bill Gates has indicated you are a fellow group member of Microsoft Security. I’d like to add you to my professional network on LinkedIn. – B. Gates.”

He was able to get his spoofed message through to the recipients 100 percent of the time…

Amazing stuff. I’ll post a link to the final report when it’s available.

More about GodMode

I remember the first time I ever saw a GUID used for a Windows desktop icon. Brad Silverberg was giving a demo of Windows 95. He typed in a weird name for a new desktop icon; as I recall, double-clicking on the icon brought up the Control Panel. Everybody in the audience ooh’d and aaah’d.

That’s why I wasn’t very impressed by the recent  “God Mode” revelations. It’s the same old stuff.

Ina Fried has an “exclusive” email interview with Steve Sinofsky, in which Steve gave a dozen or so additional GUID “God Mode” lookalikes. But the fact is that this stuff has been documented for a long, long time.

For example, by using the appropriate “God Mode” like name for a desktop icon, you can double-click your way directly into any of the Windows 7 Control Panel applets. Microsoft has a list of the GUIDs – the things in { brackets } – that work.

There are lots and lots of tricks with GUID icon names. I haven’t found any of them to be particularly useful, but your mileage may vary.