« June 2005 | Main | August 2005 »
The hacker hacked
If any software can contain security vulnerabilities, then hacking tools that are designed to exploit those holes too are at risk of being hacked.
At the Defcon hackers conference in Las Vegas, the Shmoo Group issued a warning to hackers that planned to compete in a wardriving event where hackers attempt to get onto a wireless network.
Kismet, a popular tool for detecting and entering wireless networks, contains several security holes, the group warned.
"Patch management is not just for users anymore," a member of Shmoo said according to a Cnet blog posting.
Now if only the hackers would focus on hacking their peers, that would solve a big problem for the rest of the world.
Tags: defcon, black hat, hacking, hack, hacker, Security.
July 30, 2005 at 10:32 PM | Permalink | Comments (0) | TrackBack
And so Cisco's IOS nightmare continues
Cisco and ISS just can't resist to further ruin their damaged relationship with the security community and have expanded their legal campaign against an IOS vulnerability hack to any website that offers the slides from a presentation that they had failed to stop.
But as the spat's latest victim notices, this will only turn more attention towards the flaw and the real problem of Cisco's vulnerability.
First Cisco and ISS sued security expert Michael Lynn over giving details about a vulnerability in the IOS software that runs Cisco's routers on Wednesday at the Black Hat security conference in Las Vegas. As usually happens, the party that brought in the most lawyers won. Lynn didn't have much of a defence given that he had used information that he wasn't supposed to have after he quit his job at ISS, and had obtained it illegally to begin with by reverse engineering IOS.
But as the injunction against Lynn already suggested (see previous post), Cisco and ISS didn't stop at Lynn. They are now sending cease and desist notices to operators of websites that offer detailed information about Lynn's presentation, demanding that they remove the information.
Enter Richard Forno's website at Infowarrior.org. At 4 PM on Friday users could download a PDF document with Lynn's presentation from the website. I too could have done so, but I prefer to spend my days writing about Cisco's legal spats, not being part of them .
Forno received a fax from an ISS attorney at 5:22 PM. Shortly thereafter he took the document offline and replaced it with the fax.
Forno is anything but a coward for taking the document offline. As he points out in an email to vnunet.com, this only focuses more attention to the whole IOS issue. And hopefully it will fuel a serious discussion about the role of the software in the (in)security of the internet.
There must be a few PR managers and senior executives at Cisco scratching their heads this weekend, trying to figure out how the router maker that seemed to could do no wrong suddenly turned into the boogieman of the high tech industry.
The answer is very simple: they went bad the moment they got the lawyers involved.
You don't improve internet security by sending cease and desist letters. You do that by engaging in the conversation.
A safer Ios - the Greek island that is.
Tags: cisco, ios, black hat, michael lynn, iss
July 30, 2005 at 06:25 AM | Permalink | Comments (0) | TrackBack
IOS controversy: could blogs and news websites be next?
The story of Michael Lynn standing up to the big and mighty Cisco remains to be intriguing.
Having just read the legal document that Cisco and ISS filed, it becomes clear just how serious Cisco is taking this.
- Click here to download a word document with the injunction that was provided to me by Cisco.
To read the background information on what exactly happened, read this posting, or this news story.
In summary: Lynn showed how he could take a Cisco router offline at the Black Hat security conference. But his employer ISS and Cisco didn't want him to give that presentation. Lynn quit his job, ISS and Cisco filed a lawsuit hoping to make him shut up. Lynn (rightfully) wet his pants and agreeded to the injunction.
Cisco was holding a legal trump card: by reverse engineering the IOS software that runs Cisco's routers, Lynn violated the vendor's copyrights.
The injunction demands that Lynn presents a list of people who have 1) received written or electronic information about the presentation (this excludes people who heard him give the presentation); 2) received information about Cisco's code during Lynn's research; 3) a list of websites where Lynn directedly or indirectly posted information about the presentation or Cisco code, or websites where he is aware such information is disclosed.
In other words: any blogger that took notes and posted too much detail about how Lynn's attack worked can expect a phone call from the Cisco and ISS lawyers, demanding that they remove the information.
Because Cisco effectively says that all information from the presentation is the result of a copyright violation, the company would have a decent shot at succeeding.
But does that solve the security issue?
Photo credit: Syam Hassan
Tags: cisco, ios, black hat, michael lynn, iss
July 29, 2005 at 01:21 AM | Permalink | Comments (0) | TrackBack
San Andreas vice
Florence Cohen, an 85 year old grandmother from New York has filed a lawsuit against Rockstar Games over the hidden sexual content in the game Grand Theft Auto: San Andreas.
Although the game is rated "M" for mature, for audiences aged 17 and older, she decided that the game's extreme violence was no problem for her 14 year old grandson. But now that it turns out that there is sexual content in there, Cohen is running to the courts to claim unspecified damages.
I had hoped that that Hillary Clinton's crusade to protect the children would be the lowest point in the game's saga. She persuaded the FCC to investigate the game maker over false advertising claims: they didn't say that there were porn scenes hidden in the game. Never mind that those were hidden from the general public and that they have to install a patch that game modders have developed.
Honestly, there is nothing to this case. The sexual content is hidden in the game. You have to willingly install the patch to access it. And I bet that by doing so you violate the maker's copyrights.
Is Cohen also going to sue her internet provider once she finds out that her grandson can visit porn websites? Of course internet porn doesn't come on a CD, but it can reach her computer through spyware, without her knowledge or consent. And internet porn is easier to obtain than finding, downloading and installing a game patch.
tags: grand theft auto, Video Games, Xbox, Gaming, Games, PS2, playstation.
July 28, 2005 at 11:06 PM | Permalink | Comments (0) | TrackBack
A Cisco security controversy
If 31 pages are ripped from a conference guide at the last moment, surely that must mean something big is going on.
As it turns out, there is. At this week's Black Hat conference, security expert Michael Lynn was scheduled to give a presentation about an attack method against Cisco routers running the Internet Operating System, the software that controls Cisco routers much like Windows XP controls PCs.
In his presentation, Lynn would have shown how to effectively disable the router using a known exploit in IOS. And with disabling I mean that the attack would make it impossible to reboot or use the equipment.
Cisco and ISS had decided to cancel the presentation because further research was required, according to Cisco.
"When [ISS] would present, they would have presented materials that were much more beneficial to the security industry," Cisco security spokesman John Noh told vnunet.com.
Lynn claimed that Cisco had pressured the security company to do so. As his employer crumbled under the pressure, Lynn decided to do what he believed was the right. He quit his job and proceeded to give the presentation.
As it goes with whistle blowers, his presentation made Lynn an instant celebrity while the lawyers are circling around him.
Cisco and ISS have filed a motion in a California court requesting a restraining order against Lynn. He might have found a genuine way to shut down Cisco routers, the legal complaint argues that he illegally reversed engineered IOS to get there (even if it took him 6 months to do so).
So what? A hacker could take the same approach and shut down the internet. A restraining order won't do much good against a terrorist hacker attack.
Of course we have to behave around copyrights, but copyrights should take a back seat when security is at stake.
31 pages lost...
Tags: cisco, ios, black hat, michael lynn, iss
July 28, 2005 at 08:14 PM | Permalink | Comments (0) | TrackBack
RSS is for just a happy few
Only one in every fifty Americans households uses the technology, according to research by Forrester's Charlene Li. Don't look any further to find proof that RSS is failing to excite the average consumer.
Unfortunately her research doesn't go on to explain what causes this lack of interest in the technology, or what we can do to increase the appeal. Technology after all doesn’t buy reports. Marketers hoping to clog RSS with their messages however do (hence the report: Using
RSS As A Marketing Tool)
Personally I couldn't live without RSS, and I have been repeatedly frustrated by companies including Google and Sun Microsystems who have failed to keep their (corporate PR) RSS feeds up and running.
But last week a friend visited as I was going through my feeds list, and I failed to sell him on the idea why RSS would be good for him. He doesn't need to read dozens of websites, and is fine with just entering the URL of the few sites that he does look at regularly.
It's not just that the name RSS is wrong. For the average consumer it doesn't solve any problems. That's exactly why Microsoft's plans for the technology can be so exciting. For the same friend does struggle to stay up to day about when he needs to play a game with his sports team. Other people would love to have feeds that keep them up to date about transactions in their retirement plans, bank accounts and credit cards.
Stop thinking about RSS as a news and blog publication tool. RSS could do so much more, and for it to become a success it has to.
Tags: RSS
July 28, 2005 at 02:22 AM | Permalink | Comments (0) | TrackBack
Go old school on your mobile phone
Sure, your mobile might be the smallest device ever made, but if you want to be really hip, you better get a matching Phobile "head set".
"Phones were far more entertaining in the good old days," the website argues, while pointing the prospective buyer to the device's easy grip, old fashioned curly wurly cable and choice of phone adapters for different makes and models of mobile phones.
You won't exactly take this thing with you on a business trip, but it makes for a great birthday gift for gizmo savvy friends and relatives.
It's yours for just ₤ 34.95.
tags: mobile phone, cellphone
July 28, 2005 at 01:20 AM | Permalink | Comments (0) | TrackBack
Microsoft plays timing games
Last week on Friday Microsoft promised that beta 1 for Windows Vista would be available by 3 August. On Wednesday the company started shipping the code a week too early.
Technically the software vendor didn't lie: the code will actually be available on 3 August. But why did Redmond decide to publish it this week?
The first reason that comes to mind is be PR. After missing numerous development deadlines for Windows Vista, it must have felt good to beat a deadline for once. If anything it could give a morale boost to the Microsoft developers who weren’t told about the pending PR stunt.
Another, more mundane reason, would be that the "software is ready when it's ready". It may sound weird, but this is a very common approach in open source projects where you never know what speed bumps you'll hit. Microsoft might have more control over the number of developers that work on the Vista code, it too faces unexpected difficulties. In this scenario the date of 3 August was merely a worst case scenario to have a buffer for any last minute snafus.
Screenshot of Windows Vista with the new Internet Explorer 7.
tags: windows vista, microsoft
July 27, 2005 at 11:07 PM | Permalink | Comments (0) | TrackBack
How to prepare for Defcon
If you plan on going to the annual DefCon and Black Hat hackers conferences in Las Vegas this week, you should know better than to use your wireless connection.
In an effort to underline the sector's image that hackers are immature, childish computer graffiti artists, the game to play is to hack any computer that can get access to.
"Try to recall all of the attacks you have seen in the last year and dismissed because the attacker needed to be local to your network. Then realize that you are about to connect to that network," the SANS Internet Storm Centre summarizes the threat.
For the brave souls who think they can withstand the threats and plan on using WiFi nonetheless, the Centre has put up a list of to do items before and at the conference.
- apply all available patches, regardless of your OS
- hard code the MAC address of the default router.
- set up a SSH on a proxy server inside your office and hard code your proxy box IP address into your host s file on your laptop to prevent DNS hijacking
- make sure while at the conference that your web browser is using the proxy address of you SSH tunnel
- don't connect to corporate email
- "Do you believe strongly in your VPN client? That's great." Just don't show everybody the IP address of your VPN gateway.
- Turn off Client for Microsoft Networks.
- Turn off File and Printer Sharing.
- Turn off NetBIOS over TCP/IP.
- Consider changing the domain name and machine name of your computer.
If you, like me, wouldn't know how to apply at least half of these settings, you probably shouldn't be at this event anyway. Or at least you should stick to wired internet access.
tags: defcon, black hat, hacking, hack, hacker, Security.
July 27, 2005 at 06:32 PM | Permalink | Comments (0) | TrackBack
Fun things to do with infrared
Scott Pinzon from security website Watchguard has an amusing yet frightening tale about the security issues associated with the use of infrared in garage door openers, remote automobile locks and hotel room television remote controls.
I don't want to spoil the joy of reading his posting, but in one instance a security expert/hacker figured out the reset command for a certain car brand, drove over to a dealer lot at night and tested his theory.
What happened?
"At nighttime, it's actually a scary sound to hear 50 cars unlock at once."
Another fun experiment is to use the television in a hotel room to hack the hotel's network. Not only would it allow a hacker to alter his bill, he could also mess with the hotel's on demand TV system. Free porn for everybody, whether you want it or not.
Photo credit: Layton Findlater
Tags: hack, hacking, hacker, infra red
July 27, 2005 at 04:26 AM | Permalink | Comments (0) | TrackBack
Don’t steal, use free instead
If you hate Microsoft, don't steal their software. Hit them where it really hurts and start using open source.
Microsoft today launched Windows Genuine Advantage 1.0, a tool that verifies the authenticity of your software licence before you are allowed to download patches and updates.
In what must be applauded as a wise move, security updates are exempt from the WGA rules. This will prevent hackers from recruiting users of pirated copies for large scale zombie armies.
I know some people who will say that they like tool X or application Y, but prefer not to pay for it. I'd also like to get a new car, but prefer not to pay for it. The rules for supply and demand apply to software as much as they do for the physical world: if you really need an application, you will be prepared to pay the market price. Otherwise you probably don't need it that much.
Somehow with software (as with anything digital for that matter) we've created a situation where we feel it's OK to ignore intellectual property laws. Microsoft itself has helped create that situation with its past anti-competitive behaviour, much like the record companies fuelled file swapping with their initial refusal to offer music digitally.
If it works, the nice thing about Windows Genuine Advantage is that is will restore the balance between demand and supply. Users who feel that Windows is too expensive will go and look for less expensive alternatives, probably Linux. The same goes for Microsoft Office versus Open Office, IE and Firefox, Photoshop and Google's Picasa.
If anything, WGA can give a push to open source adoption and create some much needed momentum for Linux on the desktop. The open source community should thank Microsoft.
Tags: microsoft, windows genuine advantage, linux, open source, office, open office
July 26, 2005 at 06:42 PM | Permalink | Comments (0) | TrackBack
Of the death of a spammer
Is it that deep inside we want it to be that Vardan Kushnir was killed because he sent spam?
It's amazing how the world is jumping on top of the story of the 35 year old Kushnir's murder in Moscow. If it weren't for the millions of spam email messages that he sent, nobody would have paid attention.
Kushnir wasn't just a spammer, he ran a language institute that offered English lessons. The spam messages he sent were aimed to advertise his school.
Too bad for all the conspiracy artists out there, but it's unlikely that there is a link between his spam record and the murder.
"[Kushnir] had other business disputes and might have owed someone money. He had a lot of enemies," an employee of the language institute told the Moscow Times.
The paper cites another reason why the culprit is unlikely to have been an angry spam recipient: the murder took place inside his apartment, not at his office or on the street.
There seems to be as much of a spam link as when Kushnir had died in a car accident. It might not make for a good anti-spam story, but the facts don't always bend in the way some people want them to.
I've been waiting for a chance to use this picture ;-)
Foto credit: Nico Dijkshoorn
Tags: spam, moscow, russia, spammer
July 26, 2005 at 05:57 PM | Permalink | Comments (0) | TrackBack
Wifi users forced underground
The UK beat the US to convicting the first consumer from using an open Wifi connection.
Gregory Straszkiewicz was given a 12-month conditional discharge and fined ₤500 ($873) after police caught him outside a building holding a wireless-enabled laptop.
I don't know all the details about this case, but it should have been hard to gather the evidence.
First the prosecution has to know that Straszkiewicz is using Wifi, though which access point and whether or not he has permission to use it.
Even if he was leeching of my or your network, all you have to show for it is a mac address in your log files. How do you link that to Straszkiewicz's laptop? It could easily come from your neighbor. And there is no way to proof that a hacker wasn't spoofing his mac address.
Straszkiewicz probably was so foolish as to confirm that he was leeching of an open network.
But for all of you who find yourselves in dire need of Wifi while on the road, make sure you don't look too obvious: don't park your car in front of the home where you are leeching, or sit on its doorstep. You can still perfectly leech off an open network if you sit inside a Starbucks or some other place that provides paid internet access.
And if anybody walks up to you and asks what access point you are using, just claim that you are using a GPRS card that's build into your laptop. Without your mac address, they'll have a hard time proving that it's you.
Open access points are inviting people in. If the leecher has to break your WEP encryption code or bypass you authorised device access list, that's a clear case of hacking into a network, but that wasn't the case here.
The prosecution of users accessing open Wifi networks might have the law on its side, the whole thing is so ridiculous that we have to fight it guerilla style.
Fight the force
July 25, 2005 at 08:42 PM | Permalink | Comments (1) | TrackBack
Free advice to Windows Vista poachers: make the world a better place, fire your lawyer
Do you have to buy a lottery ticket to strike it rich? That's what John Wall from Vista is asking himself now that Microsoft has decided to name its next operating system Vista.
"We are going to consider our options and talk to Microsoft," Wall told The Seattle Times.
Wall isn't the only one who could be worried about the name. In addition to his Vista, there also is Vista Software, not to be confused with Vista-software, VistaPrint, Vista as in Volunteers in service to America and the City of Vista in California.
Get in line.
Wall however should have bought "the guide to frivolous lawsuits" before he spoke with the Seattle Times. If you intend on starting legal action that doesn't have a chance, your only option is to wait until a few days before the actual product launch next year before going public. There is a better chance that Microsoft will settle.
And even then he will likely fail, as the case of TigerDirect vs. Apple proved earlier this year.
So Mr. Wall, spare yourself the humiliation and don't make a fool of yourself. Consider your options very well.
Justice may be blind, money tends to have to same blinding effect.
Photo credit: Joana Franca
Tags: Microsoft, windows vista, justice, longhorn
July 25, 2005 at 06:05 PM | Permalink | Comments (4) | TrackBack
That's one way to get on the Longhorn beta list...
The first Longhorn/Vista beta will be distributed to only a select few... so how do you make sure that the Microsoft test manager notices you?
Sending two pound brick of chocolate apparently helps.
Tags: longhorn, windows vista, microsoft
July 23, 2005 at 01:31 AM | Permalink | Comments (0) | TrackBack
The Google madness continues
Prudential analyst Mark Rowen today released a $400 price target for Google stock.
Google stock closed at $302.40 today. A $400 price target would value the company are nearly $112 billion. Based on today's stock price, Yahoo has a market capitalisation of $46.8 billion.
I have proven in the past that I'm horrible at playing the stock markets, so I won't say if Rowen is right or wrong.
I will say however that investors who are willing to value the company at $400 need their heads examined. There is nothing that justifies Google being worth three times as much as Yahoo.
Google's search algorithms aren't superior to those from Yahoo, MSN Search or Ask Jeeves. And contrary to its competitors, the company has advertising as its sole revenue source.
Can you say 'monoculture' and 'internet bubble' in one breath?
Bubble now also come in Google's candycane colours.
Photo credit: Nik Frey
Tags: Google, MSN, microsoft, yahoo
July 23, 2005 at 01:23 AM | Permalink | Comments (0) | TrackBack
Hack your Vonage
Just the fact that this is a violation of the licence agreement shouldn't stop you from hacking your Linksys Vonage VoIP adapter.
Over on the Vonage Forum a user has posted instructions on how to gain administrator access rights to the device. It's a must have feature for users who have cancelled their Vonage subscription but want to keep using the adapter as a router.
And user agreement or not… the device is legally yours. If you could whack away at it with a hammer, I'd argue that this hack is nothing but the digital equivalent.
Tags: vonage, linksys, hack, hacking, voip
July 23, 2005 at 12:41 AM | Permalink | Comments (0) | TrackBack
Microsoft proclaims Notes dead
Microsoft in its sales pitches for Exchagne is telling IT managers that IBM has cancelled further development of the Lotus Notes email and collaboration suite.
Minor detail, as IBM's Ed Brill, Business Unit Executive for Worldwide Lotus Messaging Sales, would point out: the Microsoft claims are entirely made up.
I like it how Brill uses his blog to collect evidence about Microsoft's FUD (fear, uncertainty, doubt) campaign. Lies should be battled with facts.
"This is certainly the theme of a BP conference in the US they ran two weeks ago," a Bill Buchan responded to Brill's request. Another respondent promised Brill to forward him a powerpoint presentation in which Microsoft made false claims about Lotus.
Also, the whole Microsoft approach reminds you of the old Microsoft where everything was allowed to beat the competition and facts were there to be bended. Microsoft claims that it has changed, but I guess that old habits are hard to kill.
Picture: Ed Brill
Tags: lotus, exchange, microsoft, monopoly, anti-trust
July 22, 2005 at 08:29 PM | Permalink | Comments (2) | TrackBack
Windows Vista it shall be
Microsoft this morning officially confirmed that the next Windows will be called Windows Vista. The software was previously known under its Longhorn codename.
The company broke the news yesterday at the annual Microsoft Global Briefing, a sales meeting in Atlanta, but didn't send out a press release until Friday.
A video about the unveiling is available here. If you're wondering why the crowd is all ecstatic about something as mundane as a new name (only Mac fans are supposed to give standing ovations for incremental improvements such as an updated calculator), you should realise that these are all Microsoft employees.
Windows Vista won't hit the stores until late 2006, but for those who can't wait, the company will release a first public beta on 3 August - in line with earlier promises to release the beta this summer.
After numerous delays, in part due to the need to create the Service Pack 2 security update for Windows XP, it appears that development of Longhorn - eh Vista - is back on track.
Tags: windows, windows vista, microsoft, longhorn
July 22, 2005 at 06:43 PM | Permalink | Comments (0) | TrackBack
Technology alphabet soup
Technologists aren't very good at creating names for their little darlings. But for the average consumer, the appeal of 'RSS' or 'podcasting' is similar to that of a jellyfish, according to a new report from the Pew Internet & American Life Project.
I hope that the Micrsoft Internet Explorer Team is paying attention. Because when the software behemoth showed off the (very cool) RSS capabilities that will be build into Longhorn, they were still talking about RSS.
But what else could we expect from the company that tried to turn NGSCB into an acronym that is pronounced "Engscub" (NGSCB stands for next generation secure computing base and is the security platform for Longhorn).
Podcasting scores 100 points on the geek factor scale. Phishing? Learn to spell, please, the average Joe will respond.
The proper name can make or break a technology. President Bush knows that when gives his laws and programmes deceptive names like the 'no child left behind act' or 'patriot act'.
And in Europe consumers couldn't care less about genetically altered foods until someone came up with the term "Frankenfood" (after Frankenstein Food).
You are wrong if you think that great technology will market itself. It starts with having the proper name.
How to make RSS easy? Change the name
Tags: microsoft, rss, ngscb, pew, podcasting
July 22, 2005 at 05:15 PM | Permalink | Comments (0) | TrackBack
Windows gets a vista
If the rumours are true, Longhorn on Friday will be Christened "Windows Vista". Not that it matters, but the thing has to have a name, right?
I'll miss Longhorn. We've gotten used to the name over the past yearr. Hell, it seems even like it has been decades that we were allowed to watch Microsoft pull one feature after another from the application.
If only Longhorn's vista will be as pretty as this one...
Photo credit: Paulo Henrique Veiga de Souza
Tags: Microsoft, longhorn, windows, windows vista
July 22, 2005 at 03:05 AM | Permalink | Comments (3) | TrackBack
Firefox feels the pain of being popular
Firefox developers have been forced to delay the release of the latest version of the open source browser. Instead of making the July release deadline for version 1.1, the software will instantly move to version 1.5 with a planed release date no sooner than August, according to the software's roadmap.
Firefox in the past months has faced some embarrassing security holes and could probably use the extra time to bolster testing procedures.
It just shows that hackers, spammers and other online dwelling scum don't play favourites between open source and proprietary software. If they spot a security hole, they'll happily use it.
So many options...
Photo credit: Philippe Ramakers
July 21, 2005 at 10:13 PM | Permalink | Comments (0)
A warm place to put your iPod
If you're birthday shopping for the Mac-fan who already owns everything, consider getting him/her an inCLUDE from Himanainu of Japan.
This tiny orange iPod parka can be yours for 2000 Yen ($17.8)- although it appears to have sold out (not sure, my Japanese isn't very good but online translations help)
Via: WiredAtom
Tags: ipod
July 20, 2005 at 08:18 PM | Permalink | Comments (0)
Does HP really have 14,500 FTEs of fat?
HP is preparing to lay off 14,500 employees, but this won't affect any products or product lines, instead the vendor plans to fire staff in back office departments like finances and HR and plans to abondon a sales group that made solutions sales across divisions (bundle a printer with a server).
So chief executive Mark Hurd is telling us that HP has 14,500 people working jobs that can be scrapped without affecting a single customer? I find that very hard to believe.
Firing back office staff won't turn around HP. The company didn't lose market share because of its plush pension plans or health benefits.
In Mark Hurd the HP board hired a cost conscious executive. But cost cutting alone won't help HP win the war. When will he show something that resembles a vision that
moves HP to the future?
HP CEO Mark Hurd (photo taken earlier this year)
This photo on your website or blog?
This photo is available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com
Tags: HP
July 20, 2005 at 07:09 PM | Permalink | Comments (0) | TrackBack
Oracle replaces 'unbreakable' with 'unpatchable'
Fed up with waiting for two years for Oracle to fix a series of bugs, German security researcher Alexander Kornbrust has gone public about a series of flaws in Oracle products.
Oracle boasts that its applications are 'unbreakable': impossible to penetrate from the outside. But one of the bugs would allow hackers to take over control over the software, Kornbrust said.
The software developer won't say why it chooses not to patch the flaws. Instead it fires back at Kornbrust: "We are disappointed when researchers act contrary to this industry best practice [of waiting to go public until a patch has been made available]," an Oracle spokesperson told Cnet.
Hopefully the irony of this comment doesn't escape Oracle chief Larry Ellison. Or it must be that it is Oracle's "best practice" to leave errors in its products unfixed for two years.
Another security expert notes that Oracle probably is just being lazy, fixing the flaws only in a new version of its software instead of issuing a patch that requires elaborate testing by both the software developer and users.
This photo on your website or blog?
This photo is available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com
July 20, 2005 at 06:48 PM | Permalink | Comments (0) | TrackBack
A small step for Apple, a big step for security
"If you want to have a little fun, you should create a WiFi network called 'JobsKeynote'," the person sitting next to me suggested at last January's Steve Jobs Keynote at MacWorld in San Francsico.
It would no doubt result in a slew of attendees trying to log on to the alleged access point in an effort to obtain the presentation slides and other goodies.
The point is: people will log on to anything that even remotely looks like an access point just to get online or obtain data. But do you know what is behind that "Linksys" SSID?
If a hacker puts up an access point and logs all the data traffic, he could easily obtain some user names and passwords that aren't encrypted (including your email's in most cases).
The only solution is not to use access points that you don't know or trust, but until last week Apple made it a bit hard on its users to do that: the 802.11b WiFi cards (not the Airport Express 802.11b/g models) of the computer maker used to log on to any network that they could find, trusted or not.
Apple last week issued a security update that prevents users from automatically logging on to any wireless network. I applaud the update, but can't help but notice that the original move was a bit naïve, as the computer maker finally acknowledged.
No safe zone
Photo credit: Georgios M.W.
July 20, 2005 at 05:48 PM | Permalink | Comments (0) | TrackBack
Will code for money
A ten year old girl from Pakistan is the youngest Microsoft certified professional.
To honour the young girl's achievement,
Microsoft buys her a ticket and flies her to Redmond to meet Bill Gates. And what does she
ask him?
"Why don't you hire more people of my age?" the Seattle Post said.
That's just what Microsoft needs. As the
dust is starting to settle around Microsoft's monopoly abuse, the firm is asked to
incorporate child labour.
It also makes you think about the skills required to become a Micorsoft certified engineer.
Surely there are cultural factors inplay here too, but the image of software sweatshops where kids spend 12 hours a day
coding the next windows… is that really what Microsoft would want?
Coding Longhorn
July 15, 2005 at 10:56 PM | Permalink | Comments (0) | TrackBack
Gizmondo seeks to increase labour costs
Gizmondo, the daring making of a Palm OS powered portable gaming device that is destined to fail due to a lack of interesting games, has fired its UK staff in their studio in Cheadle. So the Connected internet blog points out.
Instead the firm plans to move operations to... California.
The company even has the audacity to justify this as a move that is better for
shareholders. Apparently they never looked
at the average labour cost in the Golden State, and ignored that fact that Intel
has a no-hiring policy there because its cheaper to employ staff in Oregon or Texas.
The only reason that move is even remotely
feasible is that the firm thinks that the US market will be gentler to its
overpriced device.
But I doubt if that will offset the moving
cost for the cash strapped start-up.
tags: gizmondo
New: now made in the USA
July 15, 2005 at 09:20 PM | Permalink | Comments (0)
Googleville takes shape
It took a bit longer than expected, but the high end housing market in Silicon Valley is starting to feel the effect of last year's Google IPO.
"There's been an
obvious Google effect," Tom Dallas, a local broker who specializes in
homes in Atherton and neighboring towns, told the WSJ. "I estimate 25% to
35% of recent upper-end home sales, meaning sales over $7 million, are from
Google people."
If you can't afford one
of the homes, you can still share in Google's wealth through Google Maps satellite
images.
Atherton, CA, soon to be renamed Googleville?
Tags: google
July 15, 2005 at 09:07 PM | Permalink | Comments (0) | TrackBack
Microsoft rethinks expension into spyware
The website cites concerns after a public relations outcry that erupted after plans for the deals were leaked to the Wall Street Journal and New York Times.
Mind you that the whole rumour was mostly based on speculation to begin with. Claria used to provide its adware technology to peer-2-peer provider Kazaa, but had ended that deal. That was interpreted as Claria freeing itself up for signing an agreement with Microsoft.
But the public didn't think much of
Microsoft dealing with a maker of nasty adware, regardless of the question if
they develop software that does something right: in 2003 the company posted a
$35m profit on $90m revenues.
photo credit: Kenn Kiser
Microsoft will have to resort on some other kind of spyware
Tags: Microsoft, adware, malware
July 14, 2005 at 08:24 PM | Permalink | Comments (0) | TrackBack
Gulf war general joins VC firm
Kleiner Perkins Caufield & Byers is on
a hiring spree. After the leading Silicon Valley
KPCB is a household name in the Valley, having provided funding to big names including Amazon, Sun Microsystems and Google.
Powell is better known as the chairman of
the joint chiefs of staff that lead the first Gulf War in 1991 and was secretary
of state during George Bush Jr.'s first presidency.
Tags: colin powell, venture capital, VC
July 14, 2005 at 07:13 PM | Permalink | Comments (0) | TrackBack
iPod takes a beating
Sony dealt on punch to Apple, the day after the computer maker released financial results that marked the best financial quarter in its history.
There is still nothing to worry about in
the hard drive based segment, but it is significant that consumers in the
gadget capital of the world prefer Sony over the power of white earbuds (that
come without a display on the device).
It seems that Sony beat Apple at its own
game. The Sony players don't look like a 50 cent pack of gum but feature a
stylish design, as well as 50 hour battery life.
Reuters reports that Apple's market share for the iPod in Japan has droped below 20 per cent, while Sony reached 27 per cent
in the past two months. Europe and the US however aren't doing nearly as
well as Japan for Sony.
So far the Japan sales figures are just a reminder for
Apple that it might have won a few battles, but the war is far from over.
It doesn't have to be white to sell well
July 14, 2005 at 06:14 PM | Permalink | Comments (2) | TrackBack
I want my spam
Are you sick of spam? You should consider yourself a minority. According to a survey from the Radicati group, 11 per cent of the internet population likes spam so much that they have at some point bought goods that were advertised in those emails.
Suits them well, I would say. After all, it's because of those people that the rest of the world (including me) gets buried in spam email messages.
But instead of complaining I'd better join
the gold rush. There's some magic beans that need selling. They'll solve any
ailment known to men, and in the process might buy me that new car.
Photo credit: Alexander Sperl
Kinda looks like my mailbox
July 14, 2005 at 02:46 AM | Permalink | Comments (0) | TrackBack
Is Apple an Icon?
Religion and technology shouldn't mix, because when users become religious about their technology they stop asking the hard questions and challenging vendors.
If you look at the latest financial results
from Apple however, there are early signs that sales of Apple computers are
breaking through an age-old barrier, reaching consumers who never before have
used a Mac.
Sales of Apple computers in the quarter that ended 30 June were up 35 per cent over last year, and even rose relative to the previous quarter. That's pretty good for a second quarter that is considered the worse one for retail sales.
What is causing this? Not OS X's great user interface, the smooth design of Apple computers or the sofware's lack of computer worms. The status of the iPod is driving consumers to Apple's computers, argues Joe Wilcox with Jupiter Research.
The portable music players have reached "iconic status", he argues, as is proven by a consistent sales increase quarter over quarter.
The bad thing: it only a small step from
iconic to religious.
Compare the icons
This photo is available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com
Tags: Apple, iPod, steve-jobs, iTunes, Mac
July 14, 2005 at 12:06 AM | Permalink | Comments (6) | TrackBack
Ebbers to rot for 25 years
Justice was served today when a judge convicted former Worldcom CEO Bernie Ebbers to spend 25 years in jail for the $11 1 billion fraud that he oversaw and orchestrated at the telecommunications giant.
Ebbers deserves his time in jail,
especially since he keeps denying his role in the widespread crime that defrauded
investors.
Worldcom today does business under the name
of MCI. Shortly after the company's bankruptcy they launched a campaign to gain
my long distance telephone business by constantly harassing me by telephone. I
have fond memories of the sales agent who got mad at me after I explained her that
I don't do business with crooks and frauds.
The truth hurts.
July 13, 2005 at 09:58 PM | Permalink | Comments (0)
No CDMA calls on Airbus planes
What about CDMA, the network that most of the US uses, in addition to Iraq, Japan and Korea?
About 70 per cent of the world currently
uses GSM. But that also means that OnAir is happy to exclude 30 per cent of its
potential customer base.
Soon in an airplane near you (just slightly smaller)
Photo credit: Jan Roger Johannesen
July 13, 2005 at 08:03 PM | Permalink | Comments (0) | TrackBack
Google, would you host my app?
The outcome is surprising because Google currently doesn’t host any application for enterprises, and to my knowledge doesn't have any plans to do so either.
The outcome is even more surprising because
85 per cent of the enterprise IT managers named Google, followed by Yahoo and
Amazon. But before Salesforce.com, broadband provider Comcast and Microsoft.
The outcome was so surprising that IDC analyst David Tapper decided to write a separate analysis about it that's due out next week.
What this shows is that enterprises are looking for
someone who has a great track record with providing application up time and
who knows how to build a scalable system.
Both Amazon, Yahoo and Google have
proven this. Salesforce.com might have a good track record in CRM but has yet
to prove itself outside that space. Besides, its CEO Marc Benioff can be a bit
creepy sometimes (wouldn't it be nice if he had an off button...?).
Tags: Google, Amazon, Salesforce.com, Yahoo, ASP
Not yet
July 13, 2005 at 02:04 AM | Permalink | Comments (0) | TrackBack
Storage at your fingertips
It's like having a tiny CD Rom with you at
all times. Researchers at the University of Tokushima in Japan have developed a technology that uses common finger nails to store data.
The technology so far is ROM only. It uses a laser to burn tiny dots into your nail, using multiple layers stacked on top of each other to increase nail capacity.
Based on early tests, the scientists estimate that they can achieve a storage capacity of 2 Gbit per cubic centimetre of nail. Or to put it in human proportions: a nail measuring 5 by 5 by 0.1 millimetre should be good for 5 Mbits.
Of course you'd better think twice before
you reach for the nail clipper.
Tags: storage
July 12, 2005 at 08:01 PM | Permalink | Comments (0) | TrackBack
HP's de-Fiorination continues
So what do you do to get back at the bigger,
better and stronger competitor from Texas? Why you hire hire their CIO Randall Mott, of course.
Mott's appointment signals another corporate
reshuffling in HP's top management.
Former CIO Gilles Bouchard combined the CIO
role with the job of executive vice president of Global Operations. He will
stay on in the latter fuction.
Last month the computer and printer manufacturer also appointed separate managers for the Personal Systems Group and the Imaging and Printing Group – the two jobs had been merged in January.
The question remains however if this will
help him to quickly turn around the ailing high tech company. So far he actions look like a post-revolutionary movement that is trying to remove all signs
reminding of the former ruler. For the sake of removing them.
They won't be saving that picture either. (Former HP CEO Carly Fiorina and Gwen Stefani, last January at CES in Las Vegas)
This photo on your website or blog?
This photo is available under a Commons Attribution - ShareAlike 2.5 License. Attribution required: www.SiliconValleySleuth.com
July 11, 2005 at 11:53 PM | Permalink | Comments (0) | TrackBack
JBoss's open source confusion
Why is it that every time I hear an executive for an open source company talking, he makes the case the his company is the only one in the hole wide world that actually can do open source and still make money?
In an interview with Businessweek, JBoss CEO
Marc Fleury, once again makes the case. His application server is the only
viable commercial open source project, he argues. Forget about open source CRM
(SugarCRM for instance), forget about selling even Linux.
Talk to Novell and you'll hear chief executive Jack Messman claim that open source is good for legacy, end of life applications – but he plans to make money by selling proprietary software.
Matt Szulik from Red Hat? His company is the only true Open Source advocate. All the others are just providing lip service to the movement's ideals.
Fleury claims that the whole development model just doesn't work. Open source CRM? Which developer is going to sacrifice his time building that instead of playing Doom III, coding Linux or having a social life?
"I'm a developer. I work during the day and at night. If I'm going to pass on seeing my girlfriend or my kids, it better be some sexy software that I'm working on. Writing a financial graphics user interface on an application? That's what I do for living. The idea that I'm going to sit up at night doing it is ridiculous."
Fleury should have done his homework before he came leashing out against the open source industry (yes, industry, not community).
The top Linux developers today are employed
by commercial organisations. It's their job to work on the open source operating
system.
If I have an internally developed, legacy
CRM system, I might be very happy to move some of my development resources to an
open source project that over time can replace my expensive code with a better and cheaper alternative.
Enterprise class open source applications today aren't being developed in dusty attics by pale looking geeks. Since Fleury failed to notice that, he might have gotten out of touch with the open source world at bit too much.
Fleury also conveniently left out that
JBoss's application server is developed internally with few if any open source contributions. Acknowledging the value of significant outside contributions would amount to
him admitting that JBoss took the wrong approach. I guess his failed argument says enough.
Tags: JBoss, Linux, Open source, Open-source
July 11, 2005 at 08:07 PM |