Monday, December 24, 2007
On the eve of Christmas eve, we're playing with Mozilla's new Labs project called Weave, a web service platform for users to sync various elements of Firefox into the cloud and between computers. Initially Weave only syncs bookmarks and browser history with Mozilla's servers (using encryption throughout), but the idea is to eventually allow add-on developers the freedom to include other things like RSS feeds, new Firefox Personas, and just about anything else the web can dream up. Weave is a bold move towards creating truly portable user profiles that can (eventually) go far beyond the basics, so let's see how this first step measures up.
Full Article here
Sunday, December 23, 2007
Much like Firefox, GIMP’s strength lies in its plugins, which are developed by the open-source toting community. Since the users themselves develop them, they know all the needs and conceive a plugin for everything (well, except making a coffee for you).
And what better way for me to endorse GIMP than a list of good plugins? Most of them are aimed at web-designers and photographers, the main users of GIMP. There are also some to fix common problems of GIMP.
Look at the list here.
Wednesday, December 19, 2007
There has been a lot of FUD flying around stating that Microsoft Windows Vista is more secure compared to Linux. What has been actually compared are the number of vulnerabilities fixed, for a distribution of Linux and Windows Vista. Both 3 month and 6 month studies have been published, with the intention of showing Linux security in a poor light. Now, this is in no way an apples to apples comparison, because Linux contains plenty of applications. Furthermore, vulnerabilities for server applications had also been included. For an apples to apples comparison, just the OSes have to be compared. Now, I went to Secunia, and found out the vulnerabilities affecting Ubuntu 6.06 and Vista for the entire year 2007 till date. What I found was surprising, since in 2007, in the OS (which I took to be the Kernel + X windows + Desktop environment for Ubuntu with their libraries), Ubuntu had only three highly critical vulnerabilities. Windows Vista, in fact had 10. Check it out for yourself.
Well, I am sick of not being able to use High Resolution timers, which my hardware supports on my HP dv9205us laptop, but the BIOS has bugs, and will not allow me to, because it won't boot Linux without the "noapic" in grub's boot parameters. This feature would greatly speed my computer up, and use it's full potential...It is really nice of HP to use the "the customer is always right" mentality, especially when I contacted them and asked nicely if they could fix the bios and re-release it...here's what I got back:
Thank you for contacting HP Total Care.
From your message, I understand that you would like to have a fix for BIOS compatible with the Linux Operating System.
I am very sorry to inform you that, HP supports only the preinstalled Operating System. HP is unable to guarantee how Linux Operating system will function on a PC not originally designed and/or tested for this new operating system.
Matt, HP does not recommend installing of Linux Operating System, it could not guarantee a high level of compatibility for all basic hardware and software components of the PCs. PC device drivers (including graphics, BIOS, chipset, etc) for some PC components may simply not be available. I regret for the inconvinence caused. HP does not support Linux on any models of HP Pavilion PCs at this time. Information about Linux can be located at the following Web site:
HP pre-installed the latest version of the Microsoft Windows operating System (98, Me, XP or Vista) on your Pavilion PC. The Warranty on your Pavilion system does not apply to software not provided by HP and does not apply to defects or errors in hardware resulting from software not provided by HP with that system. Please review your PC documentation to identify the supported operating system.
I once again apologize for any inconvenience that this information has caused you.
If you need further assistance, please reply to this message and we will be happy to assist you further.
Well...wasn't that nice of them, to basically tell me to screw off, and that they are a bunch of greedy corporate pigs who have been bought out by Bill Gates...Anyone good at bios hacking? How about somebody mods this bios for me and fixes it, and perhaps unlocks all of the "hidden" features within while you're at it? You'd have to find a way to test it other than using my computer, but emulators are available... parwok -at- gmail
Thanks for the info Matt. I am sure we will all be spreading the word about HP.
Read Matt's Blog
Friday, December 07, 2007
QuickTime hack allows Second Life currency theft by ZDNet's Ryan Naraine -- Security researchers Dino Dai Zovi and Charlie Miller have found a way to exploit an unpatched QuickTime vulnerability to steal Linden Dollars from users in the Second Life virtual world. Dai Zovi (the hacker behind the CanSecWest MacBook Pro hijack) and Miller (creator of the first iPhone code execution exploit) cooked up the QuickTime/Second Life [...]
Tuesday, November 27, 2007
How desktop virtualization will save your company from Generation Y by ZDNet's Ryan Naraine -- * Ryan Naraine is on vacation. Guest Editorial by Rich Mogull Recently I was watching an interesting 60 Minutes episode on the new generation of “Millennials” entering the workforce. I always thought they were called Generation Y, but I guess that term is a little too old to make good television. According to CBS, if you [...]
Latest QuickTime bug leaves XP, Vista vulnerable by ZDNet's Larry Dignan -- Security researchers say that a new QuickTime flaw has gone public and leaves XP and Vista vulnerable to attack. According to Secunia, the latest QuickTime bug “can be exploited by malicious people to compromise a user’s system.” A working exploit is public and the vulnerability has been confirmed for version 7.3. Secunia calls the bug “extremely [...]
Kensington MicroSaver lock defeated with a penny by ZDNet's Jason D. O'Grady -- As a fan of both Numismatics and Macs I found a recent article in 2600–The Hacker Quarterly most troubling. “A Penny For Your Laptop” (Autumn 2007 issue, page 19) by Atom Smasher demonstrates a very simple vulnerability in the Kensington Micro-Saver Notebook Lock. Apparently it can be unlocked very simply, quickly, and without destroying [...]
Saturday, November 24, 2007
For my birthday, I bought myself an ASUS eeePC. Now, I've been lusting after very-small-form-factor laptops for some time (ever since I saw the Zaurus C series), and this is quite the small one. It also ships with Linux, which (I thought) was a good indication that the hardware is well supported by Linux. (Not so; read on.)
I'm very pleased with the hardware with a few exceptions, which I'll detail in the latter two thirds of this post. The screen is bright and clear, the keyboard is surprisingly usable (even with my giant hands), etc. I'm really happy with it, now that I've bent it to my will. Obligatory laptop porn below.
Thursday, November 22, 2007
Defense-in-depth starts with DNS by ZDNet's Ryan Naraine -- Guest Editorial: It's become painfully clear to that DNS can no longer be a fire hose that just pierces the firewall. Here are some simple action items that can be implemented on just about every network out there...
Tuesday, November 20, 2007
Is it ethical to turn on wireless security for an open access point? by ZDNet's George Ou -- One of my readers sent me the following question and I thought it posed an interesting question on ethics. I’ll post his email and then I’ll answer his questions. I helped a friend move, and re-established her wireless network working with a new ISP. While working, I encountered 7 wireless networks (in addition to hers), 3 [...]
Firefox 3 Beta 1 has landed with better bookmark management, security by ZDNet's Larry Dignan -- Firefox 3 Beta 1 is available for download, but Mozilla recommends that only those with a strong stomach download this release. That disclaimer aside Firefox 3 Beta 1 seems pretty stable in the early going. As reported by Paula Rooney Monday, Mozilla was prepping the release of the first Firefox 3 beta. This beta is the [...]
Testers get Windows XP Service Pack 3 Release Candidate build by ZDNet's Mary Jo Foley -- Microsoft has begun rolling out to testers a near-final Release Candidate (RC) build of Windows XP Service Pack (SP) 3. Meanwhile, some testers are questioning whether Vista SP1 will remedy some of the performance problems they've been encountering with Vista.
Rogue anti-malware lures squirming though Skype by ZDNet's Ryan Naraine -- Malicious hackers are using Skype to try to trick Windows users into buying a rogue anti-malware application. The lures arrive via Skype's instant messaging feature with a warning that malware has been detected on the machine and urging users to buy and run a fake "repair utility.
Sunday, November 18, 2007
Another Windows Server Update Services glitch hits — on the eve of Patch Tuesday by ZDNet's Mary Jo Foley -- It's never a good thing when Microsoft's Windows Server Update Services (WSUS) enterprise-patch mechanism malfunctions. It's even worse when WSUS breaks down right before the company plans to start pushing out its regularly scheduled Patch Tuesday fixes.
DNS-changing Trojan opens Mac OS X floodgates by ZDNet's Ryan Naraine -- Guest Editorial by Gadi Evron “The Mac is going main-stream” is just one of the catch-phrases that we’ve seen in the past two weeks when reading about the Trojan horse infecting Apple Mac OS X users. This attack has created a lot of controversy in the security realm. What’s so special about this [...]
Rackspace’s really bad 36 hours: The Internet is fragile by ZDNet's Larry Dignan -- Rackspace, a Web hosting firm, should adopt that song “I Don’t Like Mondays” as its corporate motto. After all, Monday turned out to be horrendous for the company. That song, a 1979 hit from The Boomtown Rats, sums up Rackspace’s last 36 hours. First, Rackspace had a “maintenance failure” at its Dallas data center on Sunday. [...]
SiCortex wins Dev Connection “Sexiest in show” award by ZDNet's Ed Burnette -- Here's one computer that looks like it belongs on the bridge of a starship: the SiCortex SC5832. It's this year's winner of the soon-to-be-coveted Dev Connection "Sexiest in show" award for SC07.
Vista mistakes Microsoft won’t repeat with Windows 7 by ZDNet's Mary Jo Foley -- Microsoft learned some hard lessons with Windows Vista that it already is applying to Windows 7. So says Mike Nash, Corporate Vice President of Windows Product Management, who is chatting this week with press and bloggers about the state of Vista, just about a year after the company released the product to manufacturing.
Malware found on new hard drives by ZDNet's Adrian Kingsley-Hughes -- The Taipei Times is reporting that around 1,800 new 300GB and 500GB external hard drives manufactured by Maxtor shipped with malware on them. What makes this story even more interesting is that Taiwanese authorities suspected that Chinese authorities were involved.
Sunday, November 11, 2007
All the machines at my house have Ubuntu Linux installed. I have one machine that dual boots Windows just in case I need to do something that absolutely cannot be done in Linux. Needless to say, I rarely have to boot into windows.
If you build it they will come. I have been saying this for a while now. If the programmers start compiling their programs for Linux as well as Windows, They will see more of a shift towards Linux. I am sure of it.
I hope you enjoy his article as much as I have. He is not trying to score points for Linux, he is just stating what I know to be true.
For any parent, myself included, setting your kids loose on the net is a daunting prospect. We have to do it because the net is a fact of life - it's in our schools, the workplace, public libraries and in many if not most homes of the developed world. Therefore, do we really have any option but to give them Linux?
When I first conceived this article I considered giving it the title "can we afford to let our kids use Windows online". However, I felt that taking a positive tack would be more constructive. The fact is that these days security is paramount with kids surfing the net, exchanging emails and chatting online while still in primary school.
Having recently migrated to Ubuntu from Windows, I fully appreciate the risks that our kids are exposed to everytime they venture online with Windows. Basically, kids online are an accident waiting to happen, regardless of what anti-virus, firewall and anti-spyware they happen to be running.
Every other day, some anti-malware vendor issues a media release about a zero day attack of a new worm or Trojan horse that has slipped under the guard of known anti-malware signatures. At least once a month - and quite often more frequently - we hear of critical vulnerabilities in Windows whatever the version that require software patching. Microsoft freely admits that exploits for these vulnerabilities could hand control of a computer to a remote attacker. Sometimes exploits are already in the market before patches arrive.
Read Full Article
Thursday, November 08, 2007
Clueless flight attendant to passenger: Turn off that iPhone movie NOW! by ZDNet's Russell Shaw -- My colleague Tom Krazit notes a Consumerist report that an ATA Airlines flight attendant tried to get a passengerto turn off his iPhone because, well, cell phones are not allowed to be used in flight and he was watching a movie on his iPhone. The passenger, who we know as Casey, tried to explain to the [...]
When it comes to releasing operating systems, Ubuntu have it figured out by ZDNet's Adrian Kingsley-Hughes -- I know that it might not seem like it at times, but I'm a big Ubuntu fan. I haven't fully figured out how and where it fits into my computing ecosystem yet, but I know that it does have a place there. One aspect of Ubuntu that particularly impresses me is the clear development time-line that is published and adhered to. You always know what's coming and when to expect it.
Wednesday, November 07, 2007
Monday, November 05, 2007
ICANN, the not-for-profit organization that governs the Internet's domain name system, has elected Thrush, a specialist in intellectual property and Internet law, in a unanimous decision to replace Cerf, co-creator of the TCP/IP protocol.
"ICANN has moved from a foundation state to a steady state," Cerf said in a statement.
Cerf indicated that Thrush's understanding of the transition made him the preferred candidate "to keep the organization strong and focused," and described the appointment as "a clear signal that ICANN has matured."
Thrush has been involved with ICANN since its inception in 1998 and, before being elected to the chairman's position, was serving on the ICANN president's strategy and executive committees.
ICANN President Paul Twomey said Thrush's legal background is an important asset for the advancement of the organization and singled out his experience with contract law, which Twomey describes as a "key mechanism" in ICANN.
The agency will now set to work on better catering to an international audience.
"ICANN is a unique model supporting a global community, which works because it stands for one global Internet that is coordinated and not controlled," Thrush said.
Italy's Roberto Gaetano was unanimously re-elected as ICANN's vice chairman.
Wednesday, October 31, 2007
The e-mail says it is from "firstname.lastname@example.org" and has the FTC's government seal.
But it was not issued by the agency and has attachments and links that will download a virus that could steal passwords and account numbers, the agency said.
"It's a treasure trove for identity theft," said David Torok of the FTC's Bureau of Consumer Protection. "We're concerned. The virus that's attached to the e-mail is particularly virulent."
The agency, which is one of several government agencies investigating cyber fraud, did not know how many people had received the e-mail.
"We've received hundreds if not thousands of calls and complaints, this one may have had a large distribution," he said.
Recipients should forward the e-mail to email@example.com, an FTC spam database used in investigations.
Nine percent of people surveyed in a poll conducted in August and September reported having had their identities stolen, Bari Abdul, a vice president at security software maker McAfee, said at a cybersecurity conference on October 1.
You can find the original letter here.
Hi, this is François, from Mandriva.
I’m sure we’re way too small for you to know me. You know, we’re one of these tiny Linux company working hard for our place on the market. We produce a Linux Distro, Mandriva Linux. The last edition, Mandriva 2008 was seen as a pretty good version and we’re proud of it. You should give it a spin, I’m sure you’d like it. We also happen to be one of the Linux companies that did not sign an agreement with your company (nobody’s perfect).
We recently closed a deal with the Nigerian Government. Maybe you heard about it, Steve. They were looking for an affordable hardware+software solution for their schools. The initial batch was 17,000 machines. We had a good answer to their need: the Classmate PC from Intel, with a customized Mandriva Linux solution. We presented the solution to the local government, they liked the machine, they liked our system, they liked what we offered them, the fact that it was open, that we could customize it for their country and so on.
Then your people entered the game and the deal got more competitive. I would not say it got dirty, but someone could have said that. They fought and fought the deal, but still the customer was happy to get CMPC and Mandriva.
So we closed the deal, we got the order, we qualified the software, we got the machine shipped. In other word, we did our job. I understand the machine are being delivered right now.
And then, today, we hear from the customer a totally different story: “we shall pay for the Mandriva Software as agreed, but we shall replace it by Windows afterward.”
Wow! I’m impressed, Steve! What have you done for these guys to change their mind like this? It’s pretty clear to me, and it will be clear to everyone. How do you call what you just did Steve, in the place where you live? In my place, they give it various names, I’m sure you know them.
Hey Steve, how do you feel looking at yourself in the mirror in the morning?
Of course, I will keep fighting this one and the next one, and the next one. You have the money, the power, and maybe we have a different sense of ethics you and I, but I believe that hard work, good technology and ethics can win too.
PS: a message to our friends in Nigeria: it’s still time to do the right thing and make the right choice, you will get lots of support for it and excellent services!
Tuesday, October 30, 2007
Monday, October 29, 2007
AT&T DSL 1.5 mbps service = 0.3 mbps throughput by ZDNet's George Ou -- This hasn’t been a kind week to me when it comes to DSL service from AT&T as I’ve already gone through AT&T DSL setup hell earlier this week. On Saturday when I set up a few extra things for my mother’s home, I ran some DSL speed tests (during non busy hours at a nearby [...]
Friday, October 26, 2007
From Interop, video of Plat’ Home’s Linux Server that fits in the palm of your hand by ZDNet's David Berlind -- Within minutes of arriving on the Interop show floor this morning and beginning my search for something cool to videotape for publication here on ZDNet, we found Plat’ Home’s booth in the back of the exhibitor’s area with two very cool products — both of them tiny Linux servers, one of which fits in the [...]
Wednesday, October 24, 2007
Dashwire mirrors your mobile phone content to the web by ZDNet's Matthew Miller -- I recently had the chance to meet with Ford Davidson from Dashwire to discuss their new free service that is starting to roll out today. Dashwire is a service that mirrors the content on your mobile phone to a personal web account. I personally was quite excited about the service because I see it as a great way to manage my photos taken with my devices, stay in touch with people via SMS when I am at work and on my desktop PC, quickly update and manage my internet bookmarks/favorites, and enter contacts with a full keyboard right from my PC. At this time, Dashwire mirrors your photos, videos, text messages, bookmarks (Internet Explorer Mobile only), contacts, and phone calls.
Build the $340 NAS for half the price but double the speed by ZDNet's George Ou -- The thing that has always bothered me with the NAS (Network Attached Storage) market for consumers is that it’s very high margin yet the products deliver very poorly on performance. While that might be great for the product manufacturers bottom line, it isn’t so great when you’re the consumer. Typical NAS devices that allow you [...]
Microsoft matters less every 6 months by ZDNet's Christopher Dawson -- Maybe not for the average corporation yet, or even the average home user, but every time Canonical releases a new version of Ubuntu (and with it comes Edubuntu), Microsoft becomes a little less the default vendor of choice for educational computing. I’m still 2 years from a major tech refresh, including server hardware and software. [...]
Wednesday, October 17, 2007
The folks at Canonical have started to prepare their servers for downloads of the latest Ubuntu release - 7.10 or "Gutsy Gibbon."
Past Ubuntu releases have been marred by downed servers, as the Umbongo faithful rush to get their fresh code injection. So, this time around, Mark Shuttleworth and crew are doing their outreach early. They've started talking up the OS before it's available on Thursday, hoping to spread out demand a bit.
Read Full Article here.
Tuesday, October 16, 2007
That's when Gutsy Gibbon's sequel, "Hardy Heron," is scheduled to arrive. Gutsy Gibbon will have the usual Ubuntu support life span--18 months--but Hardy Heron will be the company's second version to feature long-term support, which lasts three years for the desktop product and five years for the server.
Some of the Gutsy Gibbon work involved introducing new features Canonical hopes to stabilize for Hardy Heron, said Canonical's chief executive and founder, Mark Shuttleworth. Take, for example, the "tickless" kernel, which is designed to reduce power consumption and improve server virtualization performance by letting the processor enter a somnolent state more often.
"I'm quite glad we're not trying to make the decision between tickless and long-term support. This is a fairly radical piece of surgery on the kernel," Shuttleworth said.
Among other Gutsy Gibbon developments are snazzy 3D graphics for the desktop version, desktop search called Tracker and the first incarnation of a Ubuntu Mobile version for portable gadgets.
Read the rest of the article here.
Canonical, Ubuntu Linux distribution’s commercial sponsor, has announced that the release version of Ubuntu 7.10 Desktop Edition will launch Oct. 18.
Ubuntu, the incredibly popular desktop Linux distribution that seeks to deliver the best of open-source software every six months, will be out in a few days. Gutsy Gibbon Ubuntu 7.10 Desktop Edition includes improvements in advanced plug-and-play printing, enhanced browsing and the option of a smooth new user interface built on top of the latest GNOME 2.20 desktop.
The latest version of Ubuntu includes numerous new features. In particular, its hardware support has been improved. Besides better plug-and-play configuration for printers, the new Ubuntu includes automatic firmware installation for Broadcom Wi-Fi cards.
Laptop users will also be pleased to see improved support for display systems. With Gutsy Gibbon, full external VGA (projector) support is available out of the box, with easy reconfiguration when hardware is switched. For power users, this release includes the ability to manage multiple monitors.
Read full article here.
Friday, October 12, 2007
The Knights Templar, the medieval Christian military order accused of heresy and sexual misconduct, will soon be partly rehabilitated when the Vatican publishes trial documents it had closely guarded for 700 years.
A reproduction of the minutes of trials against the Templars, "'Processus Contra Templarios -- Papal Inquiry into the Trial of the Templars'" is a massive work and much more than a book -- with a 5,900 euros ($8,333) price tag.
"This is a milestone because it is the first time that these documents are being released by the Vatican, which gives a stamp of authority to the entire project," said Professor Barbara Frale, a medievalist at the Vatican's Secret Archives.
Read the rest of the article here
Thursday, October 11, 2007
If you have wanted to encrypt your Ubuntu installation on your hard drive quickly and easily, with Ubuntu 7.10 "Gutsy Gibbon" it's become even easier now that the alternate installer supports encrypting partitions. However, the Ubuntu 7.10 "Gutsy Gibbon" Ubiquity installer currently lacks LVM and dm-crypt support.
The Ubuntu Wiki states: "Both the graphical and the alternate installer now support encrypting the hard disk." However, using yesterday's LiveCD with Ubiquity (v1.6.5) still hadn't contained the encryption functionality when doing a manual partition. If the Ubiquity installer doesn't support encrypting the hard drive in time for the Gutsy Gibbon release, we imagine it should ready in time for Ubuntu 8.04 Hardy Heron, which happens to be an LTS (Long Term Support) release.
Read Full Article
I was somewhat amused to read Michael Gartenberg's comments that Linux is still not ready for the desktop. Please don't tell that to any of the people who last year logged in 40,000 times to the 28 Linux computers at our small town library and community center in Takoma Park, Maryland. These people are using a Linux solution called Userful, which puts up with robust use day in and day out.
What's most fascinating to me is that members of the public have no clue that they're not using Windows. They're able to load up their Microsoft Word files using OpenOffice, and save them back to disk automatically in MS Word format. They surf the web, check email, do instant messaging, view YouTube videos, visit their Facebook page, learn touch typing skills and lots more.
Read Full Article
It's been a while, but we are still around and have decided that it's time to funnel our steady stream of daily changes into a release again.
One main source of improvements has, as always, been FFmpeg, which added support for several new video and audio codecs along with speedups and massive code cleanups.
Full Article here
Wednesday, October 10, 2007
The scam on Google's video-sharing site is targeting Xbox owners, urging recipients to collect a prize version of the popular game Halo 3. Anstis said clicking on the link to "winhalo3" leads to a file containing a Storm trojan.
To date, Marshal has tracked around 150,000 of the spam e-mail messages thought to have originated from YouTube accounts.
The e-mail messages are exploiting a vulnerability in the sign-up process, according to Marshal, which reported in August a Trojan designed to generate large numbers of Hotmail and Gmail accounts. A similar vulnerability is being exploited in the case of YouTube, said Anstis, adding that spammers have used intelligent character recognition (ICR) software to circumvent the verification system commonly known as Captcha. The Captcha system, in which a person must read and re-enter a selection of blurred or unevenly spaced letters and numbers into a box before being issued a new account--is used to make it harder for software programs, rather than genuine users, to sign up for services.
"There are ways of subverting those sort of systems," Anstis said. "Service providers need to look at how to prevent that from happening."
The YouTube help center also advises people to exclude the firstname.lastname@example.org e-mail address from spam filtering lists--a fact, Anstis, said spammers are likely aware of.
Security vendor Sophos has also reported the YouTube spam problem. Senior technology consultant for the company, Graham Cluley, said this incident differs from the technique commonly associated with the Storm worm, which typically targets PCs for the job of sending spam.
According to Cluley, the YouTube spamming marks a departure for the junk mailers--instead of using botnets to distribute spam, they can use a familiar Web site to pass on messages.
Anstis said this scam could herald the rise of outsourced bot-herding whereby the botnet controller pays a third party to acquire further bots.
"Now, you can rent time on a botnet network and have a tech support department. If I'm spammer, I would just rent time on a botnet which includes tech support from the botnet owner and a massive resource pool with huge amounts of bandwidth. This may be a third business--selling services to the Trojan operators to help expand their networks. For example, if I own a Trojan network, I pay you 20 cents per bot you get me," Anstis noted.
Microsoft will now allow users of Windows XP to download Internet Explorer 7 without having to gain Windows Genuine Advantage authentication.
Windows Genuine Advantage (WGA) is part of Microsoft's Genuine Software Initiative. It is intended to help prevent the distribution and use of unauthorized versions of Windows. Previously, to download Internet Explorer 7, users had to authenticate to WGA.
"With today's 'Installation and Availability Update,' Internet Explorer 7 installation will no longer require Windows Genuine Advantage validation and will be available to all Windows XP users," wrote IE7 program manager Steve Reynolds in a blog post on Thursday.
Microsoft said that it had dropped the requirement for WGA for security reasons.
"Microsoft takes its commitment to help protect the entire Windows ecosystem seriously, and we're taking a step to help make consumers safer online," said a representative. "We feel the security enhancements to Internet Explorer 7 are significant enough that it should be available as broadly as possible, and this means removing WGA validation."
The representative said that removing the validation did "not interfere with Microsoft's commitment to fighting software piracy."
However, Tristan Nitot, president of Mozilla Europe, suggested that Microsoft may be concerned over the uptake of IE7. Mozilla develops rival Web browser Firefox.
"I think IE7 adoption is too low according to Microsoft's tastes, partly because many people are concerned with issues with regards to WGA," Nitot told CNET sister site ZDNet UK. "I guess Microsoft's not so happy with the numbers."
There are conflicting statistics available on the popularity of the major Web browsers. For example, according to Web analysis site W3Schools, Firefox has more market share than IE7, with 34.5 percent and 20.1 percent respectively. However, according to Net Applications, Firefox 2.0 has 13.6 percent of market share, while IE7 has 34.6 percent. Both sites indicate that Firefox and IE7 are gaining market share, while Internet Explorer 6 is losing market share.
According to a reader poll on sister site ZDNet, 55 percent of respondents voted that Microsoft had dropped WGA "to try to grow IE7's market share (at the expense primarily of Firefox) by going after the more technical browser audience, many of whom see WGA as little more than another objectionable DRM scheme."
Thursday, October 04, 2007
Tuesday, October 02, 2007
Randy Hergett, HP's director of engineering for open-source and Linux organization, said at the Gelato Itanium Conference & Expo in Singapore on Monday that Linux is ready to be used in some mission-critical applications, despite a perception that there are gaps in areas such as manageability.
Linux is "ready for most applications," he said, noting that there are telecommunications companies running mission-critical databases on Linux, and overall adoption levels are ramping up.
Citing an HP-commissioned global study conducted by market-research company GCR earlier this year, Hergett said that three out of five decision makers were ready to deploy Linux for mission-critical applications within the next two years, while one in five saw that happening in five years' time.
According to the study, which surveyed more than 600 decision makers who were using some flavor of Unix, security and reliability were the top two concerns in a mission-critical environment.
On whether Linux can satisfy these two requirements of security and reliability, Hergett said: "It does...From a security standpoint, we think Linux is actually very secure."
"With reliability, I think it's not as robust yet (as HP's own iteration) or some of the other proprietary Unix systems, but it's making great progress," Hergett added.
On whether the availability of different flavors of Linux will affect its adoption for mission-critical applications, Hergett said he did not think so.
"In some ways it actually gives those decision makers more flexibility and more choices to choose from," Hergett explained, adding that Unix has several iterations too, and decision makers are "used to having that choice."
The poor man’s all-in-one PC for $380 by ZDNet's George Ou -- Apple has their iMac and Gateway has their One, but both of them are in the $1300 to $2300 range depending on the various options. What about the person on a budget? Can you get something for less than $400? You can but you’re going to have to build it yourself and I really do mean BUILD. It’s [...]
Friday, September 28, 2007
Thursday, September 27, 2007
The Associated Press has obtained a video made for the Department of Homeland Security that shows a simulated hacker attack on a power station that doesn't end well for a turbine. In the video the latter goes spinning out of control and spits out pieces of the turbine as well as smoke before it, presumably, dies a noisy, dramatic death (see photo at right).
The test attack, conducted in March by the Idaho National Laboratory for DHS, exploited a programming vulnerability in SCADA systems (Supervisory Control and Data Acquisition systems), the computer systems that control electric, water and chemical plants throughout the U.S. The test was intended to show how a remote digital attack by hackers could cause real-world damage beyond the computer used to conduct the attack.
The programming flaw has since been fixed, but that doesn't mean other flaws don't exist. SCADA systems were never designed with security in mind and have long been considered vulnerable to attack. Government officials claimed in 2002 that they had uncovered evidence that members of al Qaeda had explored vulnerabilities in SCADA systems in order to conduct such attacks on utilities.
But experts have always disagreed about the degree of damage a remote attacker could do to the power grid or water system via computer or the likelihood that someone would even choose such an attack as opposed to a physical attack with a bomb or other sabotage method that would be far more effective.
Unfortunately, cybarmageddonists are likely to seize this story and spin it wildly out of control to monger fear, ignoring a few comments in the AP story that suggest the demonstration may have exaggerated the risk.
Microsoft Stealth Update and Windows XP repair don’t mix by ZDNet's Adrian Kingsley-Hughes -- Remember that Stealth Update I talked about a couple of weeks ago? The one that Microsoft sent down the pipes to XP and Vista users and installed it irrespective of whether the user had given consent for updates to be installed? Remember too how the apologists claimed that there was nothing wrong with how Microsoft had behaved because there was no harm done? Well, it turns out that this update isn't as benign as we first thought and can indeed cause problems for Windows XP users if they try to repair their installation.
The Ubuntu developers are hurrying to bring you the absolute latest and greatest software that the open source and free software communities have to offer. This is the Ubuntu 7.10 beta release, which brings a host of excellent new features.
Note: This is still a beta release. Do not install it on production machines. The final stable version will be released in October 2007.
Wednesday, September 26, 2007
Jesper Johansson--a former senior program manager for security policy at Microsoft who moved to Amazon in September last year--wrote in his blog on Monday that he may drop Windows Media Center for LinuxMCE, a free open-source add-on to the Kubuntu desktop operating system, because problems caused by Microsoft's digital-rights management (DRM) software have proven so difficult to fix.
After Johansson's 5-year-old child complained that cable network Comcast's On Demand video system was not working with Windows Media Center, Johansson wrote, he attempted to resolve the problem.
"Upon inspecting the problem I found that the video would turn on, the screen would flicker for a second each of black and the video a few times, and then the Blue Screen of DRM came up. It also wouldn't play any premium channels," he wrote.
Johansson said the recommended work-around involved several convoluted steps, including installing Windows Media Player 10, which crashed, and then being advised to troubleshoot the problem with Windows SharePoint Services. A subsequent Microsoft DRM update then caused the Internet Explorer browser to crash.
Johansson said that DRM software is not only ineffective, but a waste of money that is damaging businesses attempting to use it to control the way consumers use copyright material.
"How many billions has the industry spent on DRM schemes that the bad guys break in weeks? How many perfectly legitimate users has the industry annoyed and driven away? How many lost DVD sales has it caused? How many lost sales of Microsoft's Media Center software and Windows Vista has it caused because the DRM subsystem randomly decides that you must be a criminal?" Johansson wrote.
DRM protections have done very little to stop bootleggers from hawking counterfeit software, he wrote, after witnessing a bustling trade in pirated material on a recent trip to Asia. Johansson wrote that he is now contemplating using LinuxMCE to avoid further difficulties.
OpenOffice version 2.0.4 and earlier versions are vulnerable to maliciously crafted TIFF files, which can be delivered in an e-mail attachment, published on a Web site or shared using peer-to-peer software. The next version of OpenOffice (version 2.3) arrived on September 17 and is not affected by the flaw.
The vulnerability was discovered by researchers at iDefense, who claim that the OpenOffice TIFF parsing code is flawed.
"When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow," the iDefense team reported last Friday.
TrustDefender co-founder Andreas Baumhof said: "This vulnerability allows someone to execute malicious code on your computer. It's an OpenOffice bug so it doesn't matter what type of operating system you run; it allows you to run malicious software with the same rights as the user who runs OpenOffice."
"At this stage, it's only confirmed on Linux," Baumhof said. "But typically it would affect all operating systems. The only difference with Linux and Windows is that home users typically run Windows as the administrator."
In June, OpenOffice users were warned about a worm called "Badbunny" that was spreading in the wild through multiple operating systems, including Mac OS, Windows and Linux.
At the time, Symantec posted an advisory that said: "A new worm is being distributed within malicious OpenOffice documents. The worm can infect Windows, Linux and Mac OS X systems. Be cautious when handling OpenOffice files from unknown sources".
Tuesday, September 25, 2007
First look at Windows Vista SP1 (build 6001.16659) by ZDNet's Adrian Kingsley-Hughes -- Earlier today I downloaded the standalone installer for Windows Vista SP1 and installed it on a few systems to see what it was like - and I thought you might like to take a look at it.
Apple to nuke unlocked iPhones with next update by ZDNet's Larry Dignan -- Apple is playing hardball with the unlocked iPhone movement. In a terse statement, Apple said “many of the unauthorized iPhone unlocking programs available on the Internet cause irreparable damage to the iPhone’s software, which will likely result in the modified iPhone becoming permanently inoperable when a future Apple-supplied iPhone software update is installed.” Apple also said [...]
Friday, September 21, 2007
Windows Home Server patch is out by ZDNet's Mary Jo Foley -- Hewlett Packard now has its hands on the Windows Home Server (WHS) update for which it decided to delay its MediaSmart Home Server, according to HardwareGeeks.com. Watch for more information from Microsoft next week on the post-RTM WHS update.
Tuesday, September 18, 2007
Sana Klaric and husband Adnan, who used the names "Sweetie" and "Prince of Joy" in an online chatroom, spent hours telling each other about their marriage troubles, Metro.co.uk reported.
The truth emerged when the two turned up for a date. Now the pair, from Zenica in central Bosnia, are divorcing after accusing each other of being unfaithful.
"I was suddenly in love. It was amazing. We seemed to be stuck in the same kind of miserable marriage. How right that turned out to be," Sana, 27, said.
Adnan, 32, said: "I still find it hard to believe that Sweetie, who wrote such wonderful things, is actually the same woman I married and who has not said a nice word to me for years".
Friday, September 14, 2007
JustLinux member saikee has posted details of his system that boots 145 operating systems. That includes 3 versions of DOS, 5 versions of Windows, and 137 flavors of Linux. He created 152 partitions on 4 hard drives to get his system up and running. And he probably has the longest GRUB menu you've ever seen. We're guessing the slowest part of the boot process on this system is the amount of time it takes to find the operating system you want to use.
There are obviously very few practical reasons anyone would want to load 145 operating systems onto a PC, but we have to say, we're pretty impressed anyway. It's kind of like climbing Mount Everest because it's there. If you had licenses for 8 MS operating systems, the ability to download as many Linux distributions as you'd like and way too much free time on your hands, wouldn't you do the same thing? No? Oh, well, nevermind then.
Long-term storm clouds brewing over AT&T, Verizon Wireless by ZDNet's Larry Dignan -- A series of events is happening, or about to happen, that threaten the business models of big wireless carriers such as Verizon Wireless and AT&T. Keep in mind that these storm clouds are just now building and the story will take years to play out. And don’t expect financial upheaval to appear just yet. But [...]
Thursday, September 13, 2007
Confirmation of stealth Windows Update by ZDNet's Adrian Kingsley-Hughes -- I can now confirm that the stealth Windows Update that I blogged about yesterday actually exists - because I've detected its presence on a machine at the PC Doc HQ.
Wednesday, September 12, 2007
Sensitive government e-mails leak through Tor exit nodes by ZDNet's Ryan Naraine -- The hacker behind the recent public disclosure of 100 sensitive government/embassy e-mail accounts says he aimed packet sniffers at five Tor exit nodes to capture the confidential information.
Critical Microsoft Agent flaw hits Windows 2000 by ZDNet's Ryan Naraine -- The most serious vulnerability covered in Microsoft's September patch batch is a remote code execution issue in the way Microsoft Agent handles certain specially crafted URLs.
Skype for Windows worm reported: here’s what to do by ZDNet's Russell Shaw -- Just in via a Skype blog posting from Skype’s Villu Arak: Skype has learned that a computer virus called “w32/Ramex.A” is affecting users of Skype for Windows. Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect the [...]
Tuesday, August 28, 2007
Prison, home confinement, and now Windows???? The torture just keeps going and going. Just like that little battery bunny.
Not that I condone what this guy did, but wouldn't you think that the "Smart" government would have come up with a *nix app for monitoring criminals by now? Anyway, read on and you'll see why I had to throw in my two pence worth today.
A Linux user who was jailed for uploading a film onto a peer-to-peer service has been told he will have to switch to Windows if he wants to use a computer again.
Scott McCausland, who used to be an administrator of the EliteTorrents BitTorrent server before it was shut down by the FBI, pleaded guilty in 2006 to two copyright-related charges over the uploading of Star Wars: Episode III to the Internet. As a result, he was sentenced to five months in jail and five months' home confinement.
McCausland--who also goes by the name "sk0t"--has since been released from jail, but on Tuesday he reported on his blog that the terms of his sentence meant he would have to install Windows if he wanted to use a computer during his probation. "I had a meeting with my probation officer today, and he told me that he has to install monitoring software onto my PC," wrote McCausland. "No big deal to me...that is part of my sentence."
"However, their software doesn't support GNU/Linux (which is what I use)," continued McCausland. "So, he told me that if I want to use a computer, I would have to use an OS that the software can be installed on. Which basically means: Microsoft and monitoring software or no computer. I use Ubuntu 7.04 now, and they are trying to force me to switch. First they give me two felonies, then they throw me in prison, and now this."
According to the Web site TorrentFreak, McCausland and his attorney will fight the situation. "It isn't the fact that I have to be monitored that bothers me, it is the fact that I have (to) restructure my life (different OS, different software on that OS) and that they would require (force) me to purchase software while I am currently unemployed and relatively unemployable with the two felonies that they gave me," McCausland said. "It is just a ridiculous situation."
Friday, August 24, 2007
Sonicwall, Watchguard, or Untangle? by ZDNet's Christopher Dawson -- I was in the process of spiffing up our Sonicwall firewall and came across an open source alternative, called Untangle. According to the company’s website, Untangle is The Open Source Network Gateway The best open source projects, integrated and made easier for spam blocking, web filtering, remote access and more. * Commercial-grade open [...]
Thursday, August 23, 2007
Wednesday, August 22, 2007
Have you spoken with a high-tech recruiter or professor of computer science lately? According to observers across the country, the technology skills shortage that pundits were talking about a year ago is real.
"Everything I see in Silicon Valley is completely contrary to the assumption that programmers are a dying breed and being offshored," says Kevin Scott, senior engineering manager at Google and a founding member of the professions and education boards at the Association for Computing Machinery. "From big companies to start-ups, companies are hiring as aggressively as possible."
Many recruiters say there are more open positions than they can fill, and according to Kate Kaiser, associate professor of IT at Marquette University in Milwaukee, students are getting snapped up before they graduate. In January, Kaiser asked the 34 students in the systems analysis and design class she was teaching how many had already accepted offers to begin work after graduating in May. Twenty-four students raised their hands. "I feel sure the other 10 who didn't have offers at that time have all been given an offer by now," she says.
Suffice it to say, the market for IT talent is hot, but only if you have the right skills. If you want to be part of the wave, take a look at what eight experts -- including recruiters, curriculum developers, computer science professors and other industry observers -- say are the hottest skills of the near future.
1) Machine learning
As companies work to build software such as collaborative filtering, spam filtering and fraud-detection applications that seek patterns in jumbo-size data sets, some observers are seeing a rapid increase in the need for people with machine-learning knowledge, or the ability to design and develop algorithms and techniques to improve computers' performance, Scott says.
"It's not just the case for Google," he says. "There are lots of applications that have big, big, big data sizes, which creates a fundamental problem of how you organize the data and present it to users."
Demand for these applications is expanding the need for data mining, statistical modeling and data structure skills, among others, Scott says. "You can't just wave your hand at some of these problems -- there are subtle differences in how the data structures or algorithms you choose impacts whether you get a reasonable solution or not," he explains.
You can acquire machine-learning knowledge either through job experience or advanced undergraduate or graduate coursework, Scott says. But no matter how you do it, "companies are snapping up these skills as fast as they can grab them," he says.
2) Mobilizing applications
The race to deliver content over mobile devices is akin to the wild days of the Internet during the '90s, says Sean Ebner, vice president of professional services at Spherion Pacific Enterprises, a recruiter in Fort Lauderdale, Fla. And with devices like BlackBerries and Treos becoming more important as business tools, he says, companies will need people who are adept at extending applications such as ERP, procurement and expense approval to these devices. "They need people who can push applications onto mobile devices," he says.
3) Wireless networking
With the proliferation of de facto wireless standards such as Wi-Fi, WiMax and Bluetooth, securing wireless transmissions is top-of-mind for employers seeking technology talent, says Neill Hopkins, vice president of skills development for the Computing Technology Industry Association (CompTIA). "There's lots of wireless technologies taking hold, and companies are concerned about how do these all fit together, and what are the security risks, which are much bigger than on wired networks," he says.
"If I were to hire a wireless specialist, I'd also want them to understand the security implications of that and build in controls from the front end," agrees Howard Schmidt, president of the Information Systems Security Association and former chief information security officer and chief security strategist at eBay Inc.
But don't venture into the marketplace with only a wireless certification, Hopkins warns. "No one gets hired as a wireless technician -- you have to be a network administrator with a specialization in wireless so you know how wireless plays with the network," he says.
4) Human-computer interface
Another area that will see growing demand is human-computer interaction or user interface design, Scott says, which is the design of user interfaces for the Web or desktop applications. "There's been more recognition over time that it's not OK for an engineer to throw together a crappy interface," he says. Thanks to companies like Apple Inc., he continues, "consumers are increasingly seeing well-designed products, so why shouldn't they demand that in every piece of software they use?"
5) Project management
Project managers have always been in high demand, but with growing intolerance for over-budget or failed projects, the ones who can prove that they know what they're doing are very much in demand, says Grant Gordon, managing director at Kansas City-based staffing firm Intronic Solutions Group. "Job reqs are coming in for 'true project managers,' not just people who have that denotation on their title," Gordon says. "Employers want people who can ride herd, make sense of the project life cycle and truly project-manage."
That's a big change from a year ago, he says, when it was easy to fill project management slots. But now, with employers demanding in-the-trenches experience, "the interview process has become much tougher," Gordon says. "The right candidates are fewer and farther between, and those that are there can be more picky on salaries and perks."
The way Gordon screens candidates is by having on-staff subject-matter experts conduct interviews that glean how the candidate has handled various situations in the past, such as conflicting team responsibilities or problem resolution. "It's easy to regurgitate what you heard from PMBOK [the Project Management Institute's Project Management Body of Knowledge], but when it comes to things like conflict management, you start seeing whether they know what they're doing."
In one case, Gordon asked a candidate to describe how he'd go about designing a golf ball that goes farther by changing the dimples on the ball. "No one has the answer to questions like that, but it shows how they think on their feet and how they can break down a problem that's pretty ambiguous into smaller segments," he says.
6) General networking skills
No matter where you work in IT, you can no longer escape the network, and that has made it crucial for non-networking professionals, such as software engineers, to have some basic understanding of networking concepts, Scott says. At the very least, they should brush up on networking basics, such as TCP/IP, Ethernet and fiber optics, he says, and have a working knowledge of distributed and networked computing.
"There's an acute need for people writing applications deployed in data centers to be aware of how their applications are using the network," Scott says. "They need to understand how to take advantage of the network in their application design." For instance, to split three-tier applications among multiple machines, developers need to know how to build and coordinate that network. "People who understand basic distributed systems principles are very valuable," Scott says.
7) Network convergence technicians
With more companies implementing voice over IP, there's a growing demand for network administrators who understand all sorts of networks -- LANs, WANs, voice, the Internet -- and how they all converge together, according to Hopkins.
"When something needs to be fixed, companies don't want the network administrator to say, 'Oh, that's a phone problem,' and the phone guy to say, 'Call the networking guy,' " Hopkins says. "Our research has validated that there's a huge demand for people who've been in the phone world and understand what the IT network is, or someone managing the IT network who understands the voice network and how it converges."
8) Open-source programming
There's been an uptick in employers interested in hiring open- source talent, Ebner says. "Some people thought the sun was setting on open source, but it's coming back in a big way, both at the operating system level and in application development," he says. People with experience in Linux, Apache, MySQL and PHP, collectively referred to as LAMP, will find themselves in high demand, he says.
Scott Saunders, dean of career services at DeVry University in Southern California, is seeing the same trend. "Customer dissatisfaction and security concerns are driving this phenomenon, especially in the operating system and database markets," he says.
9) Business intelligence systems
Momentum is also building around business intelligence, Ebner says, creating demand for people who are skilled in BI technologies such as Cognos, Business Objects and Hyperion, and who can apply those to the business.
"Clients are making significant investments in business intelligence," Ebner says. "But they don't need pure technicians creating scripts and queries. To be a skilled data miner, you need hard-core functional knowledge of the business you're trying to dissect." People who can do both "are some of the hottest talent in the country right now," he says.
10) Embedded security
Security professionals have been in high demand in recent years, but today, according to Schmidt, there's a surge in employers looking for security skills and certifications in all their job applicants, not just the ones for security positions.
"In virtually every job description I've seen in the last six months, there's been some use of the word security in there," he says. "Employers are asking for the ability to create a secure environment, whether the person is running the e-mail server or doing software development. It's becoming part of the job description."
This, Schmidt says, mirrors the trend toward integrating security into companies' day-to-day operations rather than considering it an add-on role performed by a specialist. Companies will still need security specialists and subject-matter experts, Schmidt says, but more and more, every IT person a company hires will have to have an understanding of the security ramifications of his area.
Hopkins echoes that sentiment. "Every single certification we do now has an element of security built in," he says. "We keep getting feedback from the market researchers that security touches everything and everyone. Even an entry-level technician better understand security."
Saunders says DeVry University has responded to this demand by adding a security curriculum to some of its campuses throughout the U.S. "Companies are increasingly interested in protecting their assets against cyberterrorism and internal threats," he says.
11) Digital home technology integration
Homes are increasingly becoming high-tech havens, and there has been enormous growth in the home video and audio markets, and in home security and automated lighting systems. But who installs these systems, and who fixes them when something goes wrong?
To answer that question, CompTIA developed a certification in cooperation with the Consumer Electronics Association, called Digital Home Technology Integrator. "It's the hottest and most vibrant market we've seen in a long time," Hopkins says.
12) .Net, C #, C ++, Java -- with an edge
Recruiters and curriculum developers are seeing job orders come in for a range of application frameworks and languages, including ASP.Net, VB.net, XML, PHP, Java, C#, and C++, but according to Gordon, employers want more than just a coder. "Rarely do they want people buried behind the computer who aren't part of a team," he says. "They want someone with Java who can also be a team lead or a project coordinator."
Thursday, August 16, 2007
Broadband over powerlines gets a boost by ZDNet's Larry Dignan -- Broadband over powerlines (BPL) may get a much-needed boost from a deal between Current Group and DirecTV. On Wednesday, Current and DirecTV announced a distribution agreement (see Techmeme roundup) that will allow the satellite TV giant to distribute Current’s broadband and VOIP services by the end of 2007 and 2008. The gallery at right details [...]
Ubuntu servers hacked to attack others by ZDNet's Ryan Naraine -- According to a notice in the Ubuntu weekly newsletter, 5 of the 8 servers that are loco hosted had to be shut down after an investigation showed a variety of security problems.
Dissecting Firefox’s retention woes by ZDNet's Larry Dignan -- Mozilla says 50 percent of the people that download Firefox actually try it. And half of that group actually uses it actively. That’s a major issue–and a surprising admission since the confession renders millions of downloads moot. As a loyal Firefox user that retention rate is just shocking. Let’s examine some of the reasons why: Bundles [...]
Anti-virals get beat up at Untangle Fight Club by ZDNet's Dana Blankenhorn -- Some well known virus signatures were run against the programs to test their engines. Some, like open source ClamAV (above), found them all. Others, like Watchguard, missed nearly all of them.
Monday, August 06, 2007
I feel if the press cannot abide by the rules (No matter what the "sub culture" is about) then they don't need to be there. The press doesn't need to be allowed to cover the event. It could all happen behind closed doors for all you drones to wonder what's going on in there.
Anyway, read the article Ryan Naraine wrote. You'll see his failed attempt in trying to use logic. He just lost a little credibility from my point of view.
Something uncomfortable about DEFCON’s treatment of Dateline NBC reporter by ZDNet's Ryan Naraine -- I don't know about you but after watching the video and reading the reports about DefCon's outing of Dateline NBC producer Michelle Madigan, I came away with an uncomfortable feeling that it was rather childish, over-the-top and unnecessary.
According to the report, a caller posed as a technical support person and contacted 102 employees. On the pretext of solving a computer problem, he attempted to persuade them to temporarily change his or her password to one based on his suggestion.
Excerpt from SignOnDiego.com:
Sixty-one of the 102 people who got the test calls, including managers and a contractor, complied with a request… Only eight of the 102 employees contacted either the inspector general’s office or IRS security offices to validate the legitimacy of the caller.
The IRS agreed with recommendations from the inspector general that it should take steps to make employees more aware of hacker tactics such as posing as an internal employee and to remind people to report such incidents to security officials.
The especially disturbing part here is the revelation that IRS actually took many measures to improve their security awareness after two similar test telephone calls in 2001 and 2004.
The report sums the efforts: “… the corrective actions have not been effective.”
It is needless to say that the employees were putting the IRS at risk of providing unauthorized people access to taxpayer data. Still, is this case simply a sign of the impossibility of educating end-users, especially in a large corporation or organization spanning multiple locations, or is it due to the lack of a proper system?
Saturday, August 04, 2007
Friday, August 03, 2007
Hamster plus Hotspot equals Web 2.0 meltdown! by ZDNet's George Ou -- Robert Graham (CEO Errata Security) gave his Web 2.0 hijacking presentation to a packed audience at Black Hat 2007 today. The audience erupted with applause and laughter when Graham used his tools to hijack someone’s Gmail account during an unscripted demo. The victim in this case was using a typical unprotected Wi-Fi Hotspot [...]
Wednesday, August 01, 2007
The conference kicked off over the weekend, starting with four days of topic-specific training, before concluding Wednesday and Thursday with two days of public sessions.
If past conferences are any guide, expect the overall total attendance to be more than last year. With that in mind, Black Hat is expanding its footprint within the Caesar's Palace resort here.
But count out at least one prospective attendee. On Sunday, Thomas Dullien, CEO of the German company Sabre Security, reported in his personal blog that he had been denied entry to the U.S. for reasons having to do with H-1B visa regulations. He says that U.S. Customs officials detained him over material he was carrying to Black Hat in order to teach what was billed as an "intense course encompassing binary analysis, reverse engineering and bug finding."
A larger conference means not one but two keynote addresses. One is from Richard Clarke, President Bush's former special adviser on cyberspace security. Clarke, whose 2002 Black Hat keynote speech stated that software vendors and Internet providers must share the blame for malicious software, is now with Good Harbor Security. This year, he will talk about those "who seek truth through science, even when the powerful try to suppress it." The other keynote speaker will be Tony Sager, vulnerability chief of the National Security Agency, who will talk about creating government security standards while working with commercial vendors.
Unlike last year, when Microsoft hosted an entire series of sessions focusing on the yet-to-be released Windows Vista platform, there will be no similar tracks offered this year. Returning tracks include sessions on voice services security, forensics, hardware, zero-day attacks and zero-day defenses. New tracks include operating system kernels, application security, reverse engineering, fuzzing and the testing of application security.
But it's the individual sessions that could get heated.
Several presenters are familiar to Black Hat attendees and not without controversy. Neal Krawetz is returning to tackle image forensics, showing how to peel back the layers to find less-than-obvious manipulation; Dan Kaminsky is presenting his annual Black Ops survey; and Phil Zimmerman is returning to talk once again about his vision of a secure telephone for the Internet, called the Z Phone.
The talk "Breaking Forensics" is already controversial. iSec researchers Chris Palmer, Tim Newsham and Alex Stamos have stated they've found up to six vulnerabilities within Guidance Software EnCase, a digital forensics program used primarily by government and law enforcement, prompting swift denials from the company.
Also controversial is Joanna Rutkowska, whose presentation last year drew a standing ovation from the crowd. This time, Rutkowska is appearing alongside Alexander Tereshkin to talk about methods for compromising the Vista x64 kernel. Luis Miras will reprise a talk he gave this past spring at CanSecWest on hacking peripheral devices such as mice and pointers.
In the evening, there will a mock hacker trial presided over by a real judge, and a talk by security researcher Johnny Long titled "No-tech Hacking"--and that's all just within the first day.
On Thursday, there will be only one keynote speaker, Bruce Schneier, who will talk about the psychology of security. Then David Maynor, who last year presented an Apple wireless flaw, will return with "tips your security vendor doesn't want you to know." Mozilla's Window Snyder and Mike Shaver will introduce new tools to fuzz browsers as well as talk about the security features expected in Firefox 3 due later this fall.
Also, Hoffman will give a second talk along with John Terrill on the possibility of a Web-based Ajax-enabled worm and how antivirus companies might cope with it; Gregg Hoagland will give a talk about reverse engineering; Adam Laurie will talk about RFID vulnerabilities; Gadi Evron will discuss the supposed cyberwar in Estonia; and retired Special Agent Jim Christy will host a regular feature called "Meet the Feds."
At the end of the second day, F-Secure's Mikko Hypponen will talk about mobile phone vulnerabilities. Meanwhile, Brian Chess and Jacob West will have some fun with something they're calling "Iron Chef Black Hat," a session where two different methods of vulnerability testing will be used to try to discover the "secret ingredient" nestled within in an open-source application.
All Black Hat events are being held here at Caesar's Palace. A sister conference, DefCon 15, will run Friday through Sunday at the Riviera Hotel, also in Las Vegas.
Tuesday, July 31, 2007
Leveraging Linux to sell yourself by ZDNet's Paul Murphy -- It's pretty clear that the handwriting is on the wall for the present way of doing things in IT and when something significant changes the people with the broadest range of skills will adapt first, and thus end up doing best
Friday, July 27, 2007
Will Mozilla set Thunderbird free? by ZDNet's Larry Dignan -- It appears that Mozilla may be setting the Thunderbird project free so it can develop more rapidly on its own. Mozilla has been supporting Thunderbird since its inception. That effort has delivered some promising results, but Mozilla is mostly focused on Firefox. In a blog post, Mozilla chairman Mitchell Baker said: The Thunderbird effort is dwarfed by [...]
Monday, July 23, 2007
Verizon's history of blocking mobile phone features is nothing new. From their first branded phones, to their latest gadget offering, Verizon locks-down their own mobile device operating systems. Would you like to both utilize and customize your Verizon phone the way Motorola originally designed the RAZR? With a few pieces of software, you can access and customize your own RAZR. It's your phone, and you paid for it; you should be able to utilize all of its functions.
Link to the full How-To
Tuesday, July 17, 2007
Facebook and employment: an equal opportunity information trap by ZDNet's Denise Howell -- Those worried that their Facebook or other social networking data can come back to haunt them in the employment context can take heart: employers can get in trouble as well if their use of such data is unauthorized and runs afoul of employment discrimination or privacy laws.
Saturday, July 14, 2007
The Multi-Pointer X Server (MPX) is a modification of the X Server. A standard X Server only provides one mouse cursor (pointer) and one keyboard focus, regardless of the number of input devices connected. MPX provides the user with multiple mouse cursors and multiple keyboard foci. Multicursor applications have been developed in the past but MPX is the first implementation of a multicursor windowing system (or a multicursor X server).
MPX devices are independent. Each cursor is a true system cursor and different pointers can operate in multiple applications simultaneously. This allows for two-handed interaction and/or collaboration on a single display. MPX is compatible to legacy applications such as the GIMP, the Firefox web browser and numerous other applications. Keyboards provide multiple keyboard foci. So you can actually type into several applications at once. Both mice and keyboards can be hot-plugged.
MPX is significantly different to solutions like cpnmouse, SDGToolkit, MIDDesktop and other toolkits or applications. It is fairly easy under most operating systems to write an application or toolkit to support multiple input devices. It is trickier to support the same for legacy applications. Supporting new and legacy applications at the same time is hard.
MPX changes the windowing system, the environment for all graphical applications. This way, legacy applications are supported and provided with extra features. New applications can use the multi-pointer facilities and thus create novel interaction methods at the same time. That is why we think that the windowing system is the correct place to support multiple input devices.
Read full article here.
Monday, July 09, 2007
Vista SP1 beta 1 to launch in mid-July by ZDNet's Mary Jo Foley -- It's official: We are now in the under-promise and over-deliver era at Microsoft. Beta 1 of Vista Service Pack 1 is coming -- with shut-down, CPU performance and other fixes -- earlier than expected. And the final Vista SP1 is looking like November 2007.
Friday, July 06, 2007
The dark side of search engines by ZDNet's Ryan Naraine -- As a malware researcher, I spend the majority of my days days studying the dark side of the web and one of the most interesting things I get to see are the weird, and sometimes wonderful, search engine queries that result in dangerous Web sites.
Open source security arrives with Untangle by ZDNet's Dana Blankenhorn -- Even with paid updates on signatures and code we're talking here about a security solution small businesses can finally afford, from which small VARs can finally profit.
Tuesday, July 03, 2007
Monday, July 02, 2007
Linus contradicts OpenBSD founder on Intel TLB issue by ZDNet's George Ou -- OpenBSD founder Theo de Raadt has been making a lot of noise over a change in Intel’s current generation Core 2 microprocessor goes as far to claim that this will lead to serious security flaws. Linus Torvalds by contrast has given a completely opposite view of the situation while other CPU analysts like David Kanter [...]
Wednesday, May 30, 2007
Thursday, May 24, 2007
"You sass that hoopy Douglas Adams? Now there's a frood who knew where his towel was. You are invited
to join your fellow hitch hikers in mourning the loss of the late great one. Join in on towel day to show
your appreciation for the humor and insight that Douglas Adams brought to all our lives."
To quote from The Hitchhiker's Guide to the Galaxy.
A towel, it says, is about the most massively useful thing an interstellar hitch hiker can have. Partly it has great practical
value - you can wrap it around you for warmth as you bound across the cold moons of Jaglan Beta; you can lie on it on the brilliant marble-sanded beaches of Santraginus V, inhaling the heady sea vapours; you can sleep under it beneath the stars which shine so redly on the desert world of Kakrafoon; use it to sail a mini raft down the slow heavy river Moth; wet it for use in hand-to-hand-combat; wrap it round your head to ward off noxious fumes or to avoid the gaze of the Ravenous Bugblatter Beast of Traal (a mindboggingly stupid animal, it assumes that if you can't see it, it can't see you - daft as a bush, but very ravenous); you can wave your towel in emergencies as a distress signal, and of course dry yourself off with it if it still seems to be clean enough.
More importantly, a towel has immense psychological value. For some reason, if a strag (strag: non-hitch hiker) discovers that a hitch hiker has his towel with him, he will automatically assume that he is also in possession of a toothbrush, face flannel, soap, tin of biscuits, flask, compass, map, ball of string, gnat spray, wet weather gear, space suit etc., etc. Furthermore, the strag will then happily lend the hitch hiker any of these or a dozen other items that the hitch hiker might accidentally have "lost". What the strag will think is that any man who can hitch the length and breadth of the galaxy, rough it, slum it, struggle against terrible odds, win through, and still knows where his towel is is clearly a man to be reckoned with.