Posts

Showing posts from March, 2006

Could the Google and Sun rumor be about Java ?

If you have been following writings from Daniel M Harrison you would notice how strong his convictions are on this topic. Daniel strongly believes that Google is buying Sun. And any reader who doesn't understand how Google and Sun operate can easily be swayed to believe this. But not me. The fact that Google or Sun haven't publicly denied these new rumors, means that something might be cooking. But Google buying Sun doesn't sound very interesting. Sun has a large pool of talent who know how to create fault tolerant, high performance parallel processing computing infrastructure. Google has a large pool of talent who have perfected the art of distributed computing using cheap hardware clusters using free tools and operating systems Sun is a hardware, software and services company Google makes its revenue from advertisements If Google buys Sun, it would be forced to use Sun technology. Microsoft had a hard time switching Hotmail.com from FreeBSD to Microsoft based soluti

Skype PBX is here : Good or bad ?

Recently I wrote about skype invading the cellphone market . While this might be a few years away, something more interesting might happen much earlier. A few companies at CEBit are showing off Skype to PBX gateways. [ Vosky , Spintronics , Zipcom ] Imagine how easy it would be communicate between two branches using VOIP protocols but without the expense of costly VOIP hardware. I think this is a bag of good and bad news. The good news is that skype will break down the artificial communication barrier between people and companies which live in different parts of the world. Up until recently we assumed that its ok to charge more if you want to talk with someone very far away. Its almost like we assume that travel fares are directly proposional to the distance. With the "national plan" going into effect most voice carriers provided a means for us to communicate with anyone in the country for the same fare. Unfortunately such a plan doesn't exist internationally because

Microsoft Ultra-Mobile PC (umpc/Origami)

Update : Let the hype come to an end. Here is the the real thing in flesh and blood Microsoft Ultra-Mobile PC In preparation of the release sometime tommorow , there is a file on the microsoft servers with the name Origamai_Otto_Berkes_2006. Not sure if its available from outside, but here are the important details of Origami project which we have all been waiting for. List Price $USD 599.99 Resolution 800x480 (native). Can go upto 800x600 Battery life: Doesn't seem anything dramatically different from other tablets Low powered. Cannot play Halo 2 USB Keyboard optional. 40GB Drive Bluetooth 802.11 (wifi) source: c9 CeBit M

Dont mess with my packets

We had some emergency network maintenance done over the weekend which went well except that I started noticing that I couldn't "cat" a file on a server for some reason. Every time I login to the box everything would go fine, until I tried to cat a large log file which would freeze my terminal. I tried fsck (like chkdsk), reboots and everything else I could think off without any success. Regardless of what I did, my console would freeze as soon as I tried to cat this log file. My first impression was that the network died, then when I was able to get back in I thought may be the file was corrupted, or even worse, that we got hacked and "cat" itself was corrupted. To make sure I was not hacked, I tried to "cat /etc/paswd". And that worked fine. Then I tried to cat a different file in the logs directory and found that to freeze too. I figured that something is wrong with the box and gave up on it for the night, and decided to worry about it on Monday mor

Two-way Two-factor SecureID

Image
A lot of companies are moving towards two factor authentication which is a great because it tries to reduce the risk of weak authentication credentials. What it doesn't do, unfortunately, is reduce phishing risk, which will become the next big problem after spamming. I wrote a few words on detecting phishing attacks a few days ago. This is the continuation of the same discussion. " Passmark " and similar authentication mechanisms are one of the best current solutions in use today. Unfortunately, Passmark is one of those mechanisms which are built to be broken. The strength of this authentication mechanism, in this care, depends on the number of images in the Passmark database which according to the website is currently at 50000. 50000 variations might be alright for now, but we would be short-sighted if we stop at this. One of the serious drawbacks of this mechanism is that if the user guesses the users logon name, or captures that information in some other way, Passmar

Detecting Phishing sites

wikipedia [ " phishing is a form of criminal activity utilizing social engineering fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message . The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords. " ] According to Anti-Phishing.org there were 5490 more phishing sites reported in the month of December 2005 as compared to a year ago. And if you run a business which involves any kind of monetary (or identity) transactions, its just a matter of time before you become a victim. A lot of companies today are working together to solve this problem, which is at least as hard, if not more, than shutting email-spam. The underlying reason why phishing is still a good business model is because the users aren't t

Security Podcasts for iTunes

Hackaday has a great blog entry of all the nice security podcasts out there. Here are direct itunes links to all the podcasts with a few more I googled. Security Catalyst Security Now PaulDotCom CyberSpeak LiveAmmo Security BlueBox Crypto-Gram RSA Security MightySeek eDave Geek News Central KevinDevin.com Sabagsecurity.com