James D. Stallardblog

Just upgraded this to the latest version of the excellent BlogX, and in doing so realised that there are precious few of us still hosting and running our own blogs. I still prefer to do it the old way, and while there is a case for outsourcing here, I just can't bring myself to deal with the security holes in the likes of WordPress. This blog runs on a Windows 2008 VM in my house, and there it'll stay for a while yet methinks.

In copying in the entries to the new database, the autonumber values have of course changed and will have killed the old perma-links. Use the search function to find what you were after, or drop me a line if you can't find it. Comments are back on and the usual Googlebomber attacks are expected (and will be stopped), so go for it.

It is often said that the people get the government they deserve. What is not often said is that the government takes it's revenge on the people in ever more Machiavellian ways. New Labour are particularly adept at this sort of thing, having created many thousands of new laws in the 11 years since they came to power.

Gary Glitter is the worst sort of human being, and it is right in every sense that he should have to pay dearly for his crimes. However (and as unpopular as the view may be), he has paid for those crimes and should be allowed to continue his life - albeit on the sex-offenders register. He should not be hounded and should not be prevented from travelling (it is a basic human right to do so) - although I can’t see many countries being interested in his brand of tourism. The problem, as usual with this government is knee-jerk over-reaction...

If we continue to hound Gary Glitter, the government will change the specific law designed to curb the behaviour of travelling football hooligans and impose a travel ban lasting years, not the six months currently on the statute books. Sure, it's a populist move and will look good to the screaming tabloids who will have something to feel satisfied about while they look for the next crusade. However, no one is thinking of the ramifications, and they are unpleasant indeed

For instance, following the Bichard Inquiry into the Soham murders in August 2002, the law was changed to allow Enhanced Criminal Records Bureau checks to include information that could never be challenged in court, essentially rumour and hearsay. Further, the list of occupations potentially requiring CRB checks has this year been widened to include around 20% of the UK workforce. As a result, a child or vulnerable person making an unsubstantiated accusation, that later is retracted, unproven or proven to be false will still see that accusation attached to the permanent CRB record of the accused. That accusation will taint the accused's life until they die. The recent case of John Pinnington shows that a previously unblemished character can be trashed by the system, without recourse or defence. The case of Jim McCullough, who slapped his 13yr daughter once for terrorising their neighbours is another excellent example. Mr McCullough is now effectively barred from working with children or the vulnerable and the community has lost their long-term volunteer and football coach because he (justifiably, and with the best intentions) disciplined his daughter for grossly unacceptable behaviour.

All these new laws and yet no fewer children hurt buy their abusers.

The worst example of inappropriately used legislation has to be the Regulation of Investigatory Powers Act 2000, which was brought in ostensibly to combat terrorism. The act allows for the interception and storage of all forms of communication, and has allowed the government to apportion the first of billions of pounds to be spent building a huge data silo where all your communications will be stored, and used against you. Hang on, I'm not a terrorist, why is my communication being stored?

The premise is that because the terrorists don’t play fair, we aren't going to either and we'll now be able to get them. Fine, except that for the most part, it isn’t the police or the secret services using these powers to keep us safe, it's the other 792 (as of 2008) agencies (including all 474 councils) using them to pad out their own databases of dog foulers and fly tippers and sell these details on to wheel clampers and junk mailers for a fast profit. Even worse, these personal details are being lost at the rate of 29,000,000 records a year, again without redress. The Data Protection Act has not been updated to keep pace with this massive proliferation and abuse of personal data, and no one is held to account for it's accuracy, misuse or loss

What we should be concerned with is how the populist reaction over Gary Glitter is going to affect us. Will the mooted five year travel ban be misused in years to come to stop those who haven’t built up enough carbon credits from flying to Majorca? Will the CRB occupations check list grow to include anyone who has access to an internet chatroom at work. Will parents have to be vetted before they are allowed to conceive?

The propensity for government to be driven by the loudest voices has resulted in a society where we are watched and controlled far more than anywhere else in the world, yet the crimes for which these laws were enacted have not reduced, and our fear of crime has only increased.

While investigating centralised automation of power management settings for Windows XP, I discovered that it is possible to use POWERCFG.EXE to create a new power management profile scheme with a name of greater than 32 characters. The resultant name cannot be enumerated by POWERCFG.EXE itself or the control panel applet POWERCFG.CPL, suggesting an unchecked buffer, with the possibility of a buffer overflow.

Issue concerns the following:
Windows XP SP3
POWERCFG.CPL v6.00.2900.5512
POWERCFG.EXE v5.1.2600.5512

The problem does not occur in Windows 2003 with the following file versions:
POWERCFG.CPL v6.00.3790.3959
POWERCFG.EXE v5.2.3790.3959

Recreate as follows (use a test machine):
. Command: POWERCFG.EXE /CREATE "012345678901234567890123456789012"
. Command: POWERCFG.EXE /LIST
. Note above command fails to enumerate the new scheme.
. Command: POWERCFG.CPL
. Note GUI fails to enumerate the new scheme.
. Go to HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies to remove the new scheme, it will be listed under the ID of the highest number.
. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies and remove the key of the same ID as above.

I was developing a tool to perform central management of Windows XP Power Management Settings, to allow a client to reduce their carbon footprint (apparently there are awards to be had for this sort of thing). I had originally planned to create a new power management scheme with the required settings, but in light of the above have opted instead to change the profile of the builtin scheme "Home/Office Desk" as that is always referenced with the numeric ID 0 and already exists on all Windows XP machines. The project was a success and for those interested, further information is available here: http://www.leafgrove.com/news.asp?id=9&articleid=20.

It’s also interesting to note that each time a new scheme is created with the POWERCFG.EXE /CREATE command, it is assigned a unique decimal ID number incremented from the previous one, even if deleted. I'm therefore of the opinion that it might also be possible to overflow another buffer by creating enough new schemes to push the ID beyond the number that can be enumerated by the EXE or the CPL and potentially permanently break the functionality. It remains to be seen if this one will run as far as the malformed malicious ANI issue discovered in March 07 (BuqTraq ID: 23194).