Wednesday, July 27, 2005

Cisco Security hole = Internet Pearl Harbor?

Michael Lynn, a former research analyst with Internet Security Solutions is speaking out about the second Cisco IOS code theft and how much worse a WORM aimed at routers can be. -- "But when there is a Windows XP bug, it's not really a big deal, How do you ship (data) when the routers are dead?"

read more | digg story

Firefox Extension to Automatically Update Adblock

A new extension for automatic updating of Adblock is now available in beta. It automatically updates rules using the Filterset.G filter and unlike an earlier extension, is sanctioned by the Filterset.G author.


What a GREAT idea. I wanted to see this done for some time. This will be going on my thumb-drive and used on all client computers from here on out. I am worried a bit about the effect it's going to have on this blokes server. Thousands of people are going to start using the extension and as I understand it, each time someone using it starts an instance of Firefox, this thing is going to check for a Filterset.G update. I hope they've included some more inteligent update method or Filterset.G may be a thing of the past just in bandwidth costs.

read more | digg story

Sunday, July 24, 2005

Google Earth may shed light on Google browser efforts

If you haven't yet tried Google Earth, you really ought to. Not long after Google acquired the satellite imaging company Keyhole, they launched the highly acclaimed Google Maps and shortly there-after Google Earth, which is a stand-alone application using the same imagery but also offering more features than initially available through the Google Maps web interface.

Google Earth is a much more user friendly version of Keyhole that pulls information from the Internet and incorporates that data into satellite images which you can zoom, tilt and rotate. That description just barely scratches the surface, but I think you get the idea. This is getting to be a less and less stunning achievement as user contributed add-ons are getting very creative since the release of the Google Maps API and new competition from other "tech majors" such as Microsoft and Yahoo.

One feature that caught my eye was the embedded web browser that has been built into Google Earth. I happened across it by exploring the "User-Supplied Collections" overlay layer. Which is a list of placemarks on the map that get streamed as you navigate the map window. One of the collections plots the location of webcams and gives a brief description . Included in some of the descriptions is a URL, that will show you the webcam feed. This opens a new frame(panel) in the Google Earth application, which is resizeable, and has very basic controls.

This was very cool indeed and it got me thinking of all the rumors surrounding Google's recent hire of a Mozilla developer. Many people expect that Google will be releasing a browser of their own. I wanted to know a little bit more about the browser and what its functionality is. I can't help but wonder if there is any vulnerability created by it or how long it will be before the web-cam links are poisoned by the internet assholes out there.

My first stop with the Google Earth browser was to http://www.ipmonkey.com/
Browser: Mozilla/4.0 (compatible; MSIE 6.0; Windows
NT 5.1; SV1; .NET CLR 1.1.4322)
Remote Port: 1474

Next off to http://www.grc.com/ to use the Shields Up! web-app to view the browser header information.
Accept: image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint,
application/msword, */*

Accept-Language: en-us
Connection: Keep-Alive
Host: www.grc.com
Referer: http://www.grc.com/x/ne.dll?--------
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Content-Length: 32
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Secure: https://www.grc.com
Nonsecure: http://www.grc.com

Plenty more testing to do.
Looks like MSIE to me. I next tried out http://www.windowsupdate.com/ which worked just fine.

Do you think this shoots the Google Browser rumor in the foot? I sure would like to see what Google would do with the flexibility producing your own browser offers. Imagine all of the cool things google does rolled into your browser. The things people use firefox extension for could just as well be part of the browser to provide un-matched integration between the google services and you all much easier and seamless for the end user. That's the sort of thing that will really kick Microsoft in the teeth. Exciting to thing about anyway, rumor or not.

Wednesday, July 13, 2005

TimeWarner IPTV pilot project in San Diego

For television via the Internet, the future is now. Time Warner is testing a new service that allows about 9000 cable and internet customers to access television over the internet.

I'm not one of them but hey, if the technology takes off and consumers respond well, my provider will offer it too! The article notes that the high number of computer savvy people living in San Diego as the reason it was chosen. O_o They must not be doing any tech support for the area.

read more | digg story

Sunday, July 10, 2005

Lawmaker: Let studios hack P2P networks

A California congressman is preparing a bill that would let copyright owners, such as record labels or movie studios, launch high-tech attacks against file-swapping networks where their wares are traded.

That's cool. As long as the reverse is acceptable. Vigilantism is a sign that people have lost faith in the ability of the law enforcement community to protect their interests. So in the name of justice you take to set-right what is wrong, to personally pick up the sword and seek out your version of equity.

I guess the people behind this sort of effort have failed to see the implications. Is there any law that once passes hasn't been used or abused by others some time down the road to expand, beyond the initial scope intended by the author, the power or privileges extended?

read more

Saturday, May 28, 2005

Lavasoft Announces the Launch of Ad-Aware SE 1.06

With the 1.06 update you can be certain to receive the best protection available against disturbing privacy threats with faster scanning and more efficient Code Sequence Identification (CSI) capabilities in both Ad-Aware and Ad-Watch.

For a complete list of updates and changes, click here.

read more | digg story

Friday, May 20, 2005

California Prohibiting RFID Identification Cards

The California State Senate on Monday approved a bill with broad bipartisan support (29-7) that would prohibit state and local governments from issuing identification documents, driver's licenses, and ID cards containing a RFID tag

WTH? They're looking after us? It's a kodak moment. You might want to gather the family close and take some pictures or something.

Known as the Identity Information Protection Act of 2005, SB 682 was authored by State Senator Joe Simitian (D-Palo Alto). The bill would also make it unlawful for a person to read or attempt to read an identification document without the owner's knowledge.

Another sign of clear thought. Since we already know RFID has been hacked in the past, I can just see the criminals walking around in crowds trying to crack your RFID tags and steal your identity.

read more | digg story

Tuesday, May 17, 2005

Test Your Pop-Up Blocker

AuditMyPC.com has added pop-up testing to its arsenal of auditing tools. The new feature allows users to run tests against their installed pop-up blocking software, step by step. The tool comes in a few flavors from network noob to web-geek and even something they call Misc.

read more | digg story

Yahoo 'Web Beacons' Track Users

Yahoo tracks all of its users everywhere on the web and the way to opt-out is detailed below. If you have a Yahoo e-mail account or belong to one of Yahoo's many Yahoo groups, this probably applies to you.

Beacon clauses in the yahoo privacy information give the opt-out we're looking for. Clicking here will bring you to a paragraph entitled "Outside the Yahoo Network."

In this section you'll see a little "click here to opt out" link that will let you "opt-out" of their web-beacon information gathering technology. Which is what you want.

Once you have clicked that link, you are exempted. Notice the "Success" message on the top of the next page. Be careful because on that page there is a "Cancel Opt-out" button that, if clicked, will undo the opt-out.


WASTE Network for encrypted, private filesharing

WASTE is software for setting up small, secure, private filesharing networks. WASTE provides chat, instant messaging, and file transfers between connected users, all of which is encrypted. The software is entirely peer to peer so no server is required. It works best for transferring files between small groups of people, like a group of friends.

I've not tried this yet but the idea is a great one. I wonder if a combination of this and some of the P2P methods we've seen before are mergeable. Judgeing by the recent patent applications, our good buddies in the MPAA and RIAA are actively infiltrateing P2P networks (as if they were secure to begin with right?) and avoiding noble attempts such as blocklists. BayTSP may have had a brief smack in the mouth by projects such as PeerGuardian, but their usefulness will slowly be confined to keeping less motivated people from connecting to your computer.

Right now PeerGuardian and the other IP blocking tools will keep advertisers out and prevent major spyware outlets from being visited by unwitting family members "surfing" the net. Consider how easy it would be to setup a cheapy hosting plan at any one of the throngs of service providers, and run your snooping operation from there. If you're not sure which ISP to pick, download the freely available list of blocked IP ranges and make sure your new box is not on the list. By the way, be looking for a month to month contract provider, because as soon as you file your lawsuits that entire ISP will most likely be blacklisted. I'm sure the ISP and all of their other customers understand that you must defend your program from people that want to see it.