Jeremy's almost but not quite entirely moribund blog

Saturday, July 22, 2006

No ketchup? What's become of me?


Chicken curry on brown rice
Originally uploaded by jpstanley.
I must be getting old.

A few weeks ago, I went to a Thai restaurant (Bangkok Grill at about 8th South and State in Orem) with some co-workers and I couldn't believe how good the pineapple curry was.

The next day, the wife and I dragged the kids to Carls Jr. for dinner. I used to live on that stuff when I was single... but now I find it just nasty. It's like eating cardboard dripping with ketchup and mayonnaise. McDonalds is similar... I just can't eat that stuff anymore.

I still visit Taco Bell altogether too often, however, so I'm not quite a geezer yet.

Anyhow, I'm writing all this because I'm still surprised that I'd cook, eat, and enjoy something that looks like this. It's exactly the sort of thing I'd politely eat two bites of as a teenager and then sneak off to Burger King. Oddly enough, the revelation that I really, really like red bell peppers came while I was eating lunch at Tucano's, one of those Brazilian grill places where they come around with skewers of bleeding cow flesh. I didn't find the various cuts of beef memorable, but the grilled peppers were great!

Monday, July 10, 2006

Microsoft's "My Private Folder" uses rootkit techniques

So my boss told me about Microsoft's new "My Private Folder" applet that it's offering to "genuine" Windows XP customers, and I decided to take a look at it. It's kind of like TrueCrypt, only worse.

TrueCrypt (along with commercial tools like BestCrypt) do a loopback mount of an encrypted volume. Microsoft's "My Private Folder", on the other hand, creates a hidden folder and uses rootkit techniques to hide its contents from the Windows API (I verified this with Rootkit Revealer). It does encrypt file contents (not through EFS, interestingly enough), but it leaves names, sizes, timestamps, etc. unencrypted, so an attacker capable of circumventing the rootkit (such as by booting to Knoppix) can discover the names of all your hidden files.

I have at least three questions about this:
1. Microsoft already has EFS. Why reinvent the wheel?
2. Why use a rootkit in the first place, when using a loopback image is simpler and more secure?
3. How long before this rootkit gets exploited by malware? [EDIT: I did some more digging and this won't be as trivial to exploit as the Sony/XPC rootkit. The rootkit not only hides existing files in "My Private Folder", but it prevents you from creating them as well.]