Friday, December 19, 2008
Google implant in your brain
After the evident monopoly of google over the world wide web, What's next? You may find it funny, but this is the dream of Google Founder.
I was surprised when I heard Google is making a micro chip that can be transplanted into human brain. Wouldn't it be like a science fiction if that is achieved?
Whenever you need some information you close your eyes and wander into the infinite virtual world. That would be amazing, We will probably hear that soon.
In the meantime i think it will also take care of the memory problem. I keep forgetting what was i talking about. May be i could bookmark my thoughts, save it, edit it or may be just erase it- if i don't like it.
People might talk about you think fast. What do you have - Xeon 100+? I'll need to upgrade my RAM. Haha, for the time being let's just reboot!
Wednesday, December 17, 2008
Lawyer used Facebook for his case, so be careful
It could be legal history in the making but it is certainly something that will make at least a few dread the Facebook. Defaulters - many that are there thanks to one of the world’s worst credit crisis - can only pray this does not become a trend but Canberra lawyers have won the right to serve legally binding court documents by posting them on defendants' Facebook sites.
Email and even mobile phone text messages have been used before to serve court notices, but in a historic ruling, the Australian Capital Territory Supreme Court ruled last week that lawyers could use the social networking site to serve court notices.
I qoute from the article:
''The Facebook profiles showed the defendants' dates of birth, email addresses and friend lists and the co-defendants were friends with one another,'' a spokesman for lending company MKM Capital said.
This information was enough to satisfy the court that Facebook was a sufficient method of communicating with the defendants
Lawyers Meyer Vandenberg, acting for lending company, applied to Master David Harper of the Supreme Court last week to use the popular internet site to serve notice of a judgment on two borrowers who had defaulted on a loan.
Carmel Rita Corbo and Gordon Kingsley Maxwell Poyser failed to keep up the repayments on $150,000 they borrowed from MKM last year to refinance the mortgage on their Kambah townhouse.
MKM applied to the courts through Meyer Vandenberg for a judgment for the loan amount and for possession of the defendants' house after the couple failed to appear in court to defend the action.
A default judgment was granted on October 31 leaving MKM with the task of finding the defendants and serving them with the papers.
Meyer Vandenberg hired private investigators to serve the judgment on the couple and advertised it in The Canberra Times. But after 11 failed attempts to find the couple at their Wyselaskie Circuit home between November 8 and December 6, the lawyers tried a change of tack. Lawyers Mark McCormack and Jason Oliver convinced the court the Facebook profiles for the defendants were those of Ms Corbo and Mr Poyser.
Tuesday, December 16, 2008
12 Most Vulnerable Apps
Mozilla’s flagship Firefox browser has earned the dubious title of the most vulnerable software program running on the Windows platform.
According to application whitelisting vendor Bit9, Firefox topped the list of 12 widely deployed desktop applications that suffered through critical security vulnerabilities in 2008. These flaws exposed millions of Windows users to remote code execution attacks.
The other applications on the list are all well-known and range from browsers to media players, to VOIP chat and anti-virus software programs. Here’s Bit9’s dirty dozen:
- Adobe Flash and Adobe Acrobat: Bit9 listed 14 flaws patched this year that exposed desktops of arbitrary remote code execution via buffer overflow,“input validation issues” and malformed parameters.
- EMC VMware Player,Workstation and other products: A total of 10 bugs introduced risks ranging from privilege escalation via directory traversal, ActiveX buffer overflows leading to arbitrary code execution and denial of service.
- Sun Java JDK and JRE, Sun Java Runtime Environment (JRE):
Inability to prevent execution of applets on older JRE release could allow remote attackers to exploit vulnerabilities of these older releases. Buffer overflows allowing creation, deletion and execution of arbitrary files via untrusted applications. 10 patched vulnerabilities listed
- Symantec Norton products (all flavors 2006 to 2008): Stack-based buffer overflow in the AutoFix Support Tool ActiveX exposed Windows users to arbitrary code execution.
- Trend Micro OfficeScan: A total of four stack-based buffer overflows that opened doors for remote attackers to execute arbitrary code.
- Citrix Products: Privilege escalation in DNE via specially crafted interface requests affects Cisco VPN Client, Blue Coat WinProxy, SafeNet SoftRemote and HighAssurance Remote. Search path vulnerability, and buffer overflow lead to arbitrary code execution.
- Aurigma Image Uploader, Lycos FileUploader: Remote attackers can perform remote code execution via long extended image information.
- Skype: Improper check of dangerous extensions allows user-assisted remote attackers to bypass warning dialogs.Cross-zone scripting vulnerability allows remote attackers to inject script via Internet Explorer web control.
- Yahoo Assistant: Remote attackers can execute arbitrary code via memory corruption.
- Microsoft Windows Live (MSN) Messenger: Remote attackers are allowed to control the Messenger application, “change state,” obtain contact information and establish audio or video connections without notification.
See Bit9’s full report (.pdf) for information on how the list was put together, including criteria for inclusion.
Source: ZDnet Blog
Chinese Scammers now using Toyota
I received the below email recently and today i received it on my another email address too. So, i thought of putting it here and sharing it with you guys.
TOYOTA INTERNATIONAL LOTTO (HEADQUARTERS)
Customer Service Department Affiliate of Toyota Japan.
#28 Kanashiwa road Tokyo JP
We are pleased to inform you of the announcement made today, You are among the winners of the TOYOTA CAR INTERNATIONAL PROMOTION PROGRAM participants were selected through a computer ballot system drawn from 2,500,000 email addresses of individuals and companies from all part of the world as part of our electronic business Promotions Program.
As a result of your visiting various websites we are running the E-business promotions for. You/Your Company email address, attached to ticket number 719-226-1319, with serial number 902-66 drew the lucky numbers 5, 12, 30, 11, 17, 43 and Bonus number 12 , Your INSURANCE Number: FLS433/ 453L /GMSA, Batch No:- BN-543-ERE343CN and consequently you won in the Second Category of the TOYOTA FORTUNE LOTTO DRAW.
You have therefore been approved for the payment of the sum of US$2,000,000. 00 in cash, including a Toyota car which is the winning present /amount for the Second category winners. This is from the total prize money of US$12,650,000.00 shared among the international winners in the Second category.
Please be informed that your won fund of the sum of US$2,000,000.00 is now with the payee center. Contact our agent and give them your full names so that they will re-insure your winning fund under your full names. Together with the port where your winning car should be shipped to.
To begin your claim, please call our claim agent or send email immediately to:-
Certificate Agent, Toyota Email Lotto
(TOYOTA CLAIMING AGENT)
NOTE: In order to avoid unnecessary delays and complications, Please quote your
1. Full name
2. Address / contact number
3. Country of origin
Kindly contact our customers service center for any assistance on the processing of your claim agent for any complain.
Mrs. Ing Chunny Liu
Hon Online Coordinator
I received this email from yahoo.cn domains and one of the address was firstname.lastname@example.org.
I would suggest all my readers to be careful and use little bit of common sense with such emails. We live in the world where nobody gives nothing for free. Please ensure you don't give out any of your personal information to such scams and delete it straight away.
Friday, December 12, 2008
IE7 exploit is already in circulation
They are several reports of exploits circulating in the wild targeting a 0-day vulnerability in Microsoft Internet Explorer 7. These exploits are being used to install malware on Windows systems when unsuspecting users visit websites that have been compromised to host the exploit code.
This vulnerability was first made public in Chinese language discussion forums on or about December 7th, 2008 by a group calling itself the Knownsec team.
Microsoft Security Bulletin MS08-073 (Cumulative Security Update for Internet Explorer, KB958215) released on December 9th, 2008 as part of Microsoft's normally scheduled December security updates does not contain a fix for this vulnerability.
Initial reports by other security vendors mentioned a malformed XML tag as the possible cause of the vulnerability; however, from a deeper analysis it seems that the problem affects the XML parsing engine of IE7 and the library MSHTML.DLL. The vulnerability depends on how certain elements of HTML pages are terminated and therefore could potentially affect not only XML, but also other objects handled by the browser. This means that attackers may start using different attack vectors in the future to exploit this vulnerability, but at the moment it seems that this recent exploit, which has been publicly released on several Chinese forums, only uses the XML elements and tags.
At the moment, Many attacks are traced back to Chinese domains and websites, which are used by the exploit to install and download additional malicious code components. The downloaded malicious code is a variety of Downloader, Infostealer, and W32.SillyDC variants. We also recommend blocking the following hosts at network boundaries:
My advice for Windows users is as follows:
• Update your AV and IPS software with the latest signatures
• Run Internet Explorer with limited privileges
• Enable DEP protection for browsers
• Avoid following links to un-trusted sites
Tuesday, December 9, 2008
Top 10 Things To Look Forward To In Windows 7
Web site Windows 7 Centre reports that Microsoft's forthcoming update to Vista, Windows 7, will release its first official beta on January 13, 2009. In meanwhile I did some research to find out Windows 7's awesome new features.
Note: The Windows 7 Preview is a pre-beta release, which means it's not even close to feature-complete. Chances are good that later releases will add or take away features listed below (though most likely later releases will grow these seeds and add a few more goodies).
Second note: Surely Windows 7 includes stability and performance improvements under the hood with highly technical explanations that would make operating system coders very happy. However, this list is purely from my experience as a regular user, living and working with Windows 7 for about five days. Here are just a few of the things to look forward to in Windows 7.
10. Ding-dong, the Sidebar is dead.
One of the first things I hunted down and killed in Windows Vista was the Sidebar, which loaded by default and docked Vista's Gadgets to the right side of your desktop. In Windows 7, the sidebar is no more, and gadgets, should you want them, can roam free across the desktop. This time around, the gadgets feel less distracting to me—the CPU meter and calendar gadgets are my favourites, though this screenshot shows many more.
9. Calculator, WordPad, and Paint got overhauled.
It sucks that Windows 7 is stripping the built-in Photo Gallery and movie-making software that you'll find in Vista (even the Windows Calendar is nowhere to be found in the 7 Preview), but a few of their built-in stalwarts did get some attention. WordPad and Paint both got the Office 2007 ribbon installed, and Calculator now incorporates real world uses into it. At this point only masochists still use Paint and WordPad, but the extension of the ribbon to those inconsequential programs may be a harbinger for more upgrades and ribbon appearances in the future.
8. Windows 7 will run longer on your notebook's battery power.
While I'm running the Windows 7 Preview on a plugged-in desktop computer, notebook owners will be thrilled to know that Windows 7 promises to run more efficiently and thus longer on battery. It can also identify what's causing battery issues, though this is currently a well-buried option.
7. You can switch between Wi-Fi networks in one click from the system tray.
File this under "a small change can make a huge difference": Click on the Wi-Fi adaptor in your system tray to pop up a menu of available wireless networks. From there you can refresh the list, and choose the one you want to connect to in one click. Another boon for roaming notebook users.
6. You can decide what you do and don't want to see in the system tray.
No more registry-editing to blanket-disable balloon notifications in your system tray! Windows 7 lets you set what icons and notifications you see in your tray with a detailed dialog box. Just right-click the system tray and choose "Customize..." in the menu.
5. You get more control of User Account Control.
The single biggest complaint about Windows Vista was its User Account Control's incessant, nagging, pop-up dialogs that would ask you if you were ABSOLUTELY SURE you wanted to do the thing you just told the computer to do. In the name of security, Vista would even check if this STRANGE and SCARY program called Notepad was ok to run:
While legions of Vista users would sacrifice the well-intentioned security that User Account Control offered by turning it off completely just to get their sanity back, in Windows 7 you can fine-tune the level of nags, warnings, and confirmation prompts you get.
4. Libraries group similar content; Homegroups to make sharing libraries easier.
Windows networking is a pain in the ass, but Windows 7 is out to fix that with two things: content Libraries and Homegroups. Libraries are a way to group similar types of files even if they live in different folders. For instance, your Video library could include your TV folder, Movies folder, DVD Rips folder, and your Home Movies folder. Then, you can create a Homegroup (basically a reworking of Windows' existing Workgroups), that makes sharing those libraries between PCs easier.
Since I don't have two Windows 7 boxes available, I wasn't able to test how much easier sharing files was between the machines; however, the whole file-sharing layout and UI looks significantly more intuitive for regular Jolenes who just want to view the photos stored on the office computer in the living room.
3. You can instantly snap your windows to size, and clear the desktop in one motion.
As widescreen monitors become more common, easier side-by-side window management is key—and Windows 7 builds that in. While not as configurable as a third-party program like GridMove, Windows 7 offers the ability to snap a window to half your screen size simply by dragging it to the left or right of the screen. Here's what it looks like when you do so—let go of your mouse button and that Lifehacker browser window would snap that half-screen-sized glass overlay you see behind it. Along similar lines, the new "Aero Shake" feature lets you clear the desktop of all background windows by grabbing the top bar of the active window and moving it back and forth quickly.
2. Windows 7 starts up faster.
Scheduling your morning coffee run for the time between the moment you hit the power button on your PC and actually start working sucks. Windows Vista is sloooooow when it comes to starting up and getting you to your desktop; but even the Preview tester release of Windows 7 shows 20% faster boot times than Vista.
1. You can do MUCH more from the Windows 7 taskbar.
Most people live with the Windows taskbar visible on their desktop at all times, so the more use you can get out of the real estate it hogs, the better. Windows 7's taskbar is greatly improved in two ways. First, you can pin programs to it indefinitely for easy quick launch, similar to RocketDock or the Mac OS X dock. Second, on a crowded desktop covered with windows, using the new "Aero Peek" feature, you can preview individual windows from grouped taskbar apps, and even close documents from the thumbnails themselves.
This doesn't sound like a big deal in theory, but in practice when you've got two monitors and a dozen windows open from four apps, Peek comes in way handy. Here's a screencast of Peek in action. There's also a permanent "Show Desktop" button on the far right of the taskbar which both clears the Desktop of all windows (instant Boss button!) and restores them right to where they were in another click. As you can see, Windows 7 is a big pile of small improvements over Vista that amount to a lot in aggregate.
Any other Preview release testers out there unearth features I didn't mention here? Shout 'em out in the comments.
(Note: The Windows 7 Preview's version of Peek is yet incomplete; this is just the beginning of what you'll be able to do with it.)
Monday, December 8, 2008
Online Banking Security
If you're ever online, the chances are good that you access Internet banking services (83% of Internet users in Australia do, according to Sensis). And because it's your money that's involved, you know that security is important. However, there are plenty of myths and misconceptions surrounding Internet banking security. Read on to learn where the risks are.
Myth: Phishing is the biggest banking security risk
Your junk mail folder is doubtless filled with spurious messages asking you to confirm the details of accounts you've never held. Given the prevalence of these phishing attempts, it's easy to assume that fake email is the online bank thief's favourite weapon. However, while these messages certainly should be treated with suspicion and promptly deleted, they're no longer the main attack method for criminals. "Criminals are going to do away with phishing," said Chia Wing Fei, security response manager for security software developer F-Secure's APAC security labs, during a media briefing on security trends. "People are not going to fall for them anymore." The favoured approach is now "drive-by downloads": injecting malicious code into popular web sites in order to infect users. The randomness of phishing attacks is also being replaced with much more sophisticated techniques. "In their attacks, they have metrics built in," Fei said. "They have excellent analysis capabilities in terms of which trojan is effective against which bank.
Myth: Australian banks are too small to be worth attacking
The endless phishing messages for European and American banks might leave you believing that Australia isn't yet on the criminal radar, but that's far from the truth. An analysis of 2300 banking-specific trojans by F-Secure found Australia was the sixth-most common target country for attack. The Commonwealth and ANZ were the most common target, followed by NAB, St George and Westpac. Westpac's relatively low position on the list is partially because it uses an on-screen keyboard for entering passwords. While not totally secure, that approach means hackers have tended to ignore it. "Criminals have a real history of picking the lowest-hanging fruit," said Graham Ingram, general manager for national tech security agency AusCERT. "If it's difficult, why bother?"
Myth: Two-factor authentication will keep you totally safe
Two-factor authentication -- needing not only a password, but also a one-time code either generated electronically or sent via SMS -- is an increasingly common element of bank security. It's a useful additional step, but you shouldn't assume it provides total security. "Users can do everything right and still lose their bank account," Fei said. "Two-factor authentication is not a foolproof thing; you won't prevent your bank account from being stolen. It only changes the tactics the bad guys use." There's also a cyclical problem with adding new layers of security. "One of the dilemmas is every time we introduce a counter-measure, we're raising the level of attack," Ingram said. "There is a chasm developing between the people who get it and the people who don't, and the people who don't are really exposed."
Myth: Account details change hands for large sums of money
While there's a large criminal market exchanging bank and credit card details, it isn't purely about cash. According to Fei, the approach used is often one of barter: details of a bank account with $6000 in it might be traded for 30 active PayPal logins, for instance.
Myth: Your credit card is useless without the CVV
Most online stores demand the three-digit code off the back of your credit card as an additional means of verifying you're the owner. However, there's a healthy black market for software which can reverse-engineer the relevant CVV from a given number, Fei said.
All this doesn't mean that criminals are inevitably going to win. Banks are far more alert to electronic security issues than most other organisations. "In many respects, the banks have this well under control," Ingram said. "It's everyone else who doesn't understand the implications. Think of all the government services online. These are more exposed in my personal view than the banks will ever be."
Being aware of your behaviour, and keeping a close eye on your bank balance and credit cards, remains the best defence. Constant alertness is essential, as Fei explains: "Criminals are getting away with this. They don't have anything to lose. Whatever they're doing, the money's really good."
IE8 Beta 2 users still have to use Compatibility View a lot
Microsoft Plans Compatibility View Fix For Internet Explorer 8
One of the major changes in Internet Explorer 8 is that it adheres much more strictly to web standards than past IE releases. That's a welcome and sensible move, but it has resulted in many sites not rendering well, since they have been built to work with the slightly skewed design principles of earlier IE releases. The second beta of IE8 handled this with a 'Compatibility View' button, but Microsoft's internal research suggested that this wasn't quite enough, as a post on its IEBlog explains:
"We saw from the telemetry data that IE8 Beta 2 users still have to use Compatibility View a lot. Looking at our instrumentation, there were high-volume sites like facebook.com, myspace.com, bbc.co.uk, and cnn.com with pages that weren't working for end-users with IE's new standards compliant default. We could also see from our instrumentation that not all IE8 visitors to those sites were clicking the Compatibility View button. So, large groups of people were having a less than great experience because they weren't aware of the manual steps required to make certain sites work."Microsoft's latest solution is to allow users to opt-in to an automatically updated list of popular sites that need compatibility view and have those sites rendered using the older IE7 approach without requiring manual intervention. That feature will be added to the next beta of IE8, due early in 2009 (there's a similar feature already in Opera). This seems like a pretty good interim solution to me; share your take in the comments.
Refer here for more details on Compatibility View Improvements to come in IE8.
Sunday, December 7, 2008
Koobface virus affecting computer through Facebook's user profiles
FACEBOOOK'S120 million users are being targeted by a virus dubbed "Koobface" that uses the social network's messaging system to infect PCs, then tries to gather sensitive information such as credit card numbers.
It is the latest attack by hackers increasingly looking to prey on users of social networking sites.
Koobface spreads by sending notes to friends of someone whose PC has been infected.
The messages, with subject headers like, "You look just awesome in this new movie," direct recipients to a website where they are asked to download what it claims is an update of Adobe's Flash player.
If they download the software, users end up with an infected computer, which then takes users to contaminated sites when they try to use search engines from Google, Yahoo, MSN and Live.com, according McAfee.
McAfee warned in a blog entry that its researchers had discovered that Koobface was making the rounds on Facebook.
Facebook requires senders of messages within the network to be members and hides user data from people who do not have accounts, said Chris Boyd, a researcher with FaceTime Security Labs.
Because of that, users tend to be far less suspicious of messages they receive in the network.
"People tend to let their guard down. They think you've got to log in with an account, so there is no way that worms and other viruses could infect them," Mr Boyd said.
Privately held Facebook has told members to delete contaminated e-mails and has posted directions at www.facebook.com/security on how to clean infected computers.
McAfee has not yet identified the perpetrators behind Koobface, who are improving the malicious software behind the virus in a bid to outsmart security at Facebook and MySpace.
"The people behind it are updating it, refining it, adding new functionalities," said Mr Schmugar said.
My advise to all of my readers, please be careful out there and make sure you don't click on any videos on Facebook. If you do then don't install any activex or update anything get prompt.
Friday, December 5, 2008
Enjoy Free Solaris 10 OS Training from SUN
In this economic climate, it is as important as ever to keep your skills up-to-date. Now you can enhance your Solaris 10 OS skills with free training at the new Sun Open Learning Center.
The Sun Open Learning Center allows you to:
* Get free access to our most popular Solaris 10 OS training
* Engage in live conversations with Solaris instructors and experts in Second Life virtual world
* Obtain highly desired system administration skills for the Solaris 10 OS
Excellent initiative from SUN. I don't use Solaris much in my daily work life but all the administrators out there should take advantage of this cool offer.
Thursday, December 4, 2008
Facebook Users - Don't click on any link unless you are sure!
FACEBOOK users are under attack again from a virus sweeping through the online social network.
The virus is technically a trojan worm that disguises itself as an email from facebookmail.com.
People are enticed to click on a misspelled video or picture link that directs to a malicious web site.
The title of the dodgy links vary from "Maan,yyou’re great!" to "your ass looks not bad in this video", "Some0ne thinks your special and has a *Hot_Crush* on you. Find out who it could be*" or a youtube link that says '"i can see yooooooooo".
The worm spreads its tentacles by emailing everyone on the victim’s friend list.
According to anti-virus software company Symantec, the trojan works by executing a worm called W32.Koobface.A that searches for cookies on the user’s machine.
If the worm finds the appropriate Facebook cookie, it modifies the users account settings and profile - adding links to malicious sites to trick others into installing the invader.
Facebook discussion boards talk about the trojan directing users to a page which looks like YouTube.
The phoney page asks the user to install a video player upgrade.
Installing the fake upgrade allows the worm to work its magic and access files on the victim’s machine while destroying their Facebook account.
The trojan comes just months after Facebook said it was working to protect its user from phishing scams.
Facebook has begun combating the virus by deactivating link when it can.
Facebook has not released an official comment regarding the attack.
My suggestion would be to all Facebook users to be careful and make sure you don't click any links or watch videos unless you are totally sure about it.
Finally New laws to target ID fraud nationwide in Australia
Draft laws aimed at combatting the fraud, which has been exacerbated by social websites such as Facebook, have been introduced to parliament.
Presently, it is only an offence to steal someone's identity in Queensland and South Australia.
Identity theft across the country will be punishable by up to five years jail.
The crime includes a range of offences including using another person's credit card details to stealing their personal information to open bank accounts and take out loans.
Monday, December 1, 2008
Ebay Scam - Old but still valid and works!
Recently, my good friend Chris Ho, got hit by old eBay scam. He advertised a laptop and was wishing to sell it before Christmas so he can upgrade to a new one.
Unfortunately, the item was won by a international buyer from USA. He received the following email:
From: Raymond Feliciano
Date: Mon, Dec 1, 2008 at 6:27 AM
Subject: I WANT TO PAY NOW FOR #220XXXXXXXX, Sony Vaio Laptop PCG-R505AFT Great Working Order
To: Chris Ho
I will like to purchase these Item Sony Vaio Laptop PCG-R505AFT (220XXXXXXX) for a friend oversea as a Christmas gift.He works with British America Tobacco there in West Africa Due to my workload, i might not be able to be checking my mails often.So i will be offering AU $219.00 I want the item posted via Express Post International For Delivery to Him.hope the package will get to him in good condition.. What is the present condition of this item and does it comes in it's original box?.I will be paying you for the item via Bank Deposite, so get back to me with your full name and your bank details where payment will be deliverd to.
Well, I guess this is quite similar to the scam i researched couple of weeks ago on Drive.com - Scammers now targetting Classified websites.
In such scams, buyers send fraudulent checks or send payment by stolen payment accounts. Payment is cleared and sellers usually post the items to different address such as Africa, Kenya, Nigeria etc.
After couple of days or weeks, sellers finds out that payment was made in a fraudulent manner and he has to return the money back to the bank or payment. In this way, sellers looses his item as well as the money.
We can do couple of things to avoid such things:
1) Don't sell anything to international buyers at first place.
2) If you do, make sure safe payment method is accepted such as Western Union, Bank Draft, Bank check from the same country buyer belongs to.
3) Get payment verified by bank before shipping the goods.
4) Use little bit of common sense.
I know these are not the best solutions but at least it will help you out little bit.