All about computer, communications and consumer electronics (3C)

Archive for the ‘ICT Press’ Category

Microsoft: to create a perfect worm for patch distribution

Posted by Suntrekker on February 25, 2008

Microsoft researchers are working on the “perfect worm”– a critter that can distribute patches without the need for centralized servers while minimizing bandwidth.

Microsoft researchers are hoping to use “information epidemics” to distribute software patches more efficiently.

Milan Vojnović and colleagues from Microsoft Research in Cambridge, UK, want to make useful pieces of information such as software updates behave more like computer worms: spreading between computers instead of being downloaded from central servers.

The research may also help defend against malicious types of worm, the researchers say.

Software worms spread by self-replicating. After infecting one computer they probe others to find new hosts. Most existing worms randomly probe computers when looking for new hosts to infect, but that is inefficient, says Vojnović, because they waste time exploring groups or “subnets” of computers that contain few uninfected hosts. source

I wonder how would it be practically implemented. How to define ” trusted source” and if you only trust a very small number of systems, where is advantage of descentralized patching?

After all its Microsoft,  What have we got to worry about?

Advertisements

Posted in ICT Press | Tagged: , | Leave a Comment »

Nmap : Most popular network security tool in the world.

Posted by Suntrekker on February 9, 2008

December’s release of Nmap 4.50 marked the popular port-scanning tool’s tenth anniversary. A cross-platform GUI front end for Nmap which includes a command creation wizard, a scripting engine, and a host of other improvements called Zenmap.

Nmap offers much more in its GUI and at the command line than we’ve covered here. If you haven’t used Nmap before, reading its documentation will improve both the speed and scope of your learning curve.

Professionals and casual users alike can benefit and learn from this tool. If I had a “must have” list of all the apps I use, Nmap would rank near the top. If you’re not familiar with it, grab it and give it a go.

More here…

Posted in ICT Press | Tagged: | Leave a Comment »

Smackdown on older Microsoft Word documents

Posted by Suntrekker on January 5, 2008

I can say that releasing a service pack that kills a user’s ability to access old, archived word documents can constiture the distribution of malware. hmmm

Microsoft  recently  released service pack for (NSDQ: MSFT)’s Office 2003 software suite renders inaccessible files saved in some older formats, including some previous versions of Microsoft Word, according to a support bulletin issued by the software maker.

The bulletin states that Microsoft Office 2003, Service Pack 3, blocks a number of file formats — including Microsoft Word 97 for Windows and Microsoft Word 98 for Macintosh.

Also blocked are file formats found in some older versions of Microsoft Excel and PowerPoint, Lotus Notes, and Corel’s Quattro spreadsheet and Draw programs.

While some of the updates that Microsoft issues may seem minor, unanticipated system changes can wreak havoc with complex business computing environments. A modification to one program can cascade through numerous other software components.

Microsoft, however, does provide a detailed workaround for those who want to defeat Service Pack 3 for Word 2003’s auto-blocking. But the workaround calls for users to modify their computers’ registry settings — a risky procedure that can render a PC unusable if not done correctly.

Source: Office 2003 Update Quietly Zaps Older File Formats, Paul McDougall, InformationWeek, 2 January 2007

Posted in ICT Press | 2 Comments »

How to send free sms from Gmail

Posted by Suntrekker on December 7, 2007

This was taken from Star newspaper.

I want to share this to you.

Here’s a neat trick for Gmail users and fans of free text. While signed-in to Gmail, they can send SMS to mobile phones.

Add mobile buddies by clicking Add Contact on the embedded chat client.
Type in a buddy’s mobile number followed by @chickkatalk.com (for example:
63917 xxxxxxx@-chickkatalk.com). The mobile buddy will then be included in the Gtalk buddy list. Double-click the buddy’s name and fire away with text messages!

This feature is powered by Chikka, creator of the popular gateway to texting mobiles from a PC via a mobile instant messenger (IM).

Chikka actually announced its Chikka Messenger’s interoperability with Google Talk (Gtalk) last year. Thus one may now also “Chikka” from Gtalk and vice versa. Messenger’s interoperability with Google Talk (Gtalk) last year. Thus one may now also “Chikka” from Gtalk and vice versa.

Messages sent from Gmail or Gtalk will be received by a Chikka chat buddy on his mobile as SMS when he is logged off from his PC.

Happy texting ^_^

Posted in ICT Press | Tagged: , , | 7 Comments »

Coming soon: Windows Server 2008

Posted by Suntrekker on December 4, 2007

Hmmm… I know this is confilict of my interest since I would prefer more to use linux but since I have this info and I would like to share this to all of you.

Microsoft is releasing on Feb. 27 next year Windows Server 2008 .

Remarkable features of the new system based on customer feedback: the Read-Only Domain Controller (RODC) and Restartable Active Directory for Directory Services.

The RODC is a new type of domain controller that hosts a read-only replica of the Active Directory database. “If you combine RODCs with the BitLocker Drive Encryption feature first introduced in Windows Vista, you no longer have to worry about thieves (or silly employees) walking off with one of your domain controllers and all your goodies,” says the book authored by Mitch Tulloch with the Microsoft Windows Server team.

The Restartable Active Directory Domain Services let the administrator stop AD services on domain controllers so that updates can be applied or offline de-fragmentation of the database can be performed, and this can be done without rebooting the machine.

More than 30 customers were involved in the production of Windows Server 2008 and hundreds of scenarios were considered in coming up with its features.

“Customer input was crucial to the design and features of Windows Server 2008. We meet with customers regularly and get their feedback,” Microsoft spokesperson says.
Aside from the NAP, Server Core Installation Option and Read-Only Domain Controller, new technologies are introduced with the Windows Server 2008 – Microsoft Windows Powershell, Internet Information Services 7.0, Server Manager, and Windows Server Virtualization. Enhanced technologies include Terminal Services, Windows Firewall, Failover Clustering, Dynamic Partitioning, and Auto-Tuning Networking.

What ever OS infrastructure it is, it SHOULD be “extensible, stable, flexible and also predictable.”

Posted in ICT Press | Tagged: | 1 Comment »

Forefather of Hacking

Posted by Suntrekker on November 30, 2007

Q&A with the Forefather of Hacking

mitnick.jpg

Kevin Mitnick, arguably the world’s most famous hacker, sets the record straight on what he’s doing now, what he didn’t do back then, and why kids should not follow in his footsteps.
By John Brandon

Off probation and in charge of his own security consulting firm, hacking legend Kevin Mitnick talks with John Brandon about the exaggerations and the truth about his hacking past, his regrets, and why most “high-tech” hacking movies are filled with hooey.

Q: What are you doing now?
A: Mitnick Security Consulting is a professional service company where we review assessments and training. What I do personally is go around the world lecturing on information security, so I do a lot of traveling. In some cases our clients are not interested in a security assessment, but they would like to configure their computer systems or networks and their devices to reduce attacks—reduce the opportunities available to a hacker if he were to breach the network perimeter, for example. We are focused on security assessments, which is also called ethical hacking and penetration testing. I have written two books on computer security, and I am working on a third, which is my autobiography.


Q: There is a limitation on when you can profit from your story, correct?

A: Right. That limitation expired in late January. Right now, I am working with my coauthor, Bill Simon, who also coauthored my other two books. We are working on a proposal. The book will be my life story. I am anxious to get it out there because there are a lot of interesting things that the public doesn’t know.

Q: There have been some inaccuracies regarding your history. Anything you’d like to clarify?
A: Oh, yeah. One of the biggest myths is that I hacked into NORAD (North American Aerospace Defense Command) in the early ’80s, and that action foreshadowed the 1983 hit film WarGames. It’s a myth. If you know a little bit about the case, there’s a myth that I destroyed a federal judge’s credit, which never really happened. [They also said] that I was wiretapping FBI agents, which is not true. Something I was doing when the government was hunting for me was monitoring their locations by compromising the cellular carrier for the agents with cellular phone service. So if they were getting close to me, I would know. That’s when I was in Los Angeles. That was true, but they kind of morphed it into that I was wiretapping. That might have been said because the public understands wiretapping but it doesn’t understand location tracking. There was a false rumor early on that I had been turned down from a job from Security Pacific National Bank because I had planted a false news story about them losing $400 million on some sort of wire service. My book is not designed to say “These are the wrong things that were said about me and here I am to clear the record.” It will be more of a catch-me-if-you-can: The things I had done, the way I evaded the government, trying to make it more of a thrilling read.

Q: Cellular tracking is common now—especially after a 911 call. How did you do it back then?
A: You could look at the cell towers and find out where the handset is registered within one or two miles. It would give you an idea of where the handset is. Same type of technology they used to track O.J. Simpson when they found him on the freeway. The police probably went to the phone company with a warrant or court order or request for help. What I did is tap into the network and did it myself. With certain agents that were tracking me, I couldn’t get their location down to 5 feet, but I did know their location within a mile, so I would know to move out of the area if they were close by.

Q: After your release from prison, you were not allowed near a computer. Do you have access now?
A: Yeah, after my big case, there were conditions of release. They did not allow me near not just a computer but anything electronic: phone, computers—anything that had a transistor. I had to get permission from the probation department to use it. I kind of scared them. The government—or some people in the government – did not know my capabilities and there was a lot of hyperbole in my case, so there were people who viewed me as a MacGyver with duct tape and two 9-volt batteries who could blow up the world. So I had stringent conditions, but actually—after two years I was allowed to use a computer to write my first book as long as I kept it secret from the media. The government didn’t want the media to know I was given access to a computer. So it was a good quid pro quo: I get to use a computer and all I had to do was keep my mouth shut. All of the conditions except for profiting off my story expired after three years, and the last one expired in January.

Q: Some of the movies on hacking have portrayed you indirectly. How accurate are they?
A: It’s ridiculous; it’s fiction. Recently I saw the Die Hard movie; it was all fictionalized to entertain. I don’t think I have seen any movie to date that is realistic. Maybe in The Matrix there was five seconds where Trinity was using an NMAP to attack a target computer. But they wouldn’t have been using NMAP because in that time frame it would have been much more advanced. NMAP would be like using something now that was used in the 1700s. It is obviously not realistic, but it entertains. It’s not a documentary to show how everything works under the hood. Two of my favorites in the genre are WarGames and Sneakers—WarGames because it was the first, and Sneakers because it was pretty close to how hackers work. I do recall something in Three Days of the Condor. When I was a kid, I took the handle “The Condor” because of that movie, when Redford was calling a CIA agent in a secret department of the phone company, even though it was not published. I don’t know if that still exists, but it did in the ’90s.

There was the fun stuff—clipping on a telephone pair is accurate. Of course, having a crypto box that could decrypt everything in the world is not realistic.

Q: Would you consider yourself the most famous hacker?
A: I am pretty well known. Probably the most famous hacker is Steve Wozniak. Maybe I come in at number two!

Q: What’s the current state of hacking, and what are some of the most nefarious activities today?
A: The TJ Maxx hack is one—where attackers exploited wireless insecurities to steal 45 million credit card numbers; that’s a big case being investigated now. As far as attack vectors, there are application vulnerabilities, people using unsecure wireless protocols such as WEP, using weak keys for WPA, or not even using any keys at all. If you are working for, let’s say, an aircraft manufacturer, and you VPN into the network from home and you have an unsecure wireless, it paves the way for a hacker to tap into Boeing, for example. It’s an example of social engineering. It worked 20 years ago and it will work 10 years from now.

There is no technology that protects against it. You can sweep everyone under some sort of security policy, but it is really each individual [that exposes threats]. So anybody who interacts with computer-related equipment or even has access to a particular building can be targeted and exploited, so all the money that is spent on security is wasted. That’s pretty scary. Of course there is the possibility of somebody being bribed—and insider threats. It is a challenge protecting infrastructure from the outside, but how do you protect it from the inside? Let’s say you are working on a project that involves trade secrets. There are so many ways to steal the information and bring it outside the company—with iPods, camera phones, USB drives, CDs, and DVDs. There are so many bad apples, so many ways to steal information, that the challenge is really to come up with a security program that balances security and productivity, that reduces the risk to an acceptable level.

Q: Do you think to understand hacking and the security industry it helps to have been a hacker?
A: Yeah, either illegally or legitimately. I believe hacking is a mind-set. Figuring your way around security obstacles is a skill and a mind-set. Some people in the industry might have programming and debugging skills, but attacking a system is a mind-set.

Q: What was your original motivation to become a hacker?
A: Fun and entertainment. It sounds strange but it was exciting, an adventure. Cyberspace was kind of new, computer networks were an interesting area to explore, matching wits with system administrators, getting access to information you’re not supposed to see—source code, for example. Now you can get it free. There was not much open-source back in my day, everything was closed and proprietary. It was a challenge. Today the trend has changed so hackers are more profit-oriented. Even the people who are discovering bugs and vulnerabilities want to make money, so they put up sites where people can bid on security vulnerabilities. Recently it was revealed that the FBI targeted a kid that was making bomb threats on MySpace. They were able to compromise those machines to get his IP address. I am sure that the Feds used an exploit to get the code onto his box, and they probably purchased it from one of these vulnerability researchers who act as a contractor.

Q: What would you say is your most famous hack?
A: Motorola Corp. [A hack] targeting researcher Neal Clift when I was 17. Other people consider it big, but I didn’t at the time. I compromised all of the telephone switches in California, New York, Chicago, and Maryland. I was able to eavesdrop on the telephone lines at the NSA [National Security Agency] by accessing a telephone switch out there. The phones would be routed through the PSTN that weren’t secure, so I worked out a way to listen to their conversations. I did it one time and verified I could do it, but I never did it again because I was afraid that I was messing with somebody I did not want to mess with. Thinking post-9/11, that was pretty serious. If I could have done it when I was a kid at 17, what could a well-funded adversarial group do today? Or even a phone-company insider? That’s what I think about. That’s why I wouldn’t discuss any classified information over the PSTN because its network is at the mercy of the phone-company personnel. So I had the same capability as a phone-company technician, but really from the outside by hacking into their network.

Q: What are some things you did that were not widely reported?
A: Well, it had been reported that I was able to do a social-engineering attack on Motorola to get an employee to send me source code. But it wasn’t reported that I actually penetrated its network.

Q: Do you have any remorse over your early hacking?
A: Definitely. I caused a lot of trouble for a lot of companies for my own entertainment. It was the wrong thing to do, and it was immature. If I had to do it all over again, I certainly wouldn’t do it. On the other side, I did have fun doing what I had done, but did my entertainment justify stepping on other people’s copyrights? Hopefully, my contributions today will help other would-be victims, to protect them from the threats today. I made some serious mistakes.

Q: What would you say to a teenager thinking of hacking?
A: I would really vigorously encourage them not to follow in my footsteps, and to be careful, because in today’s world, hacking has become a very serious offense. Back in my time—starting in the ’80s—hacking was considered cool, even though it was still illegal. But there was a coolness factor. Now it has all changed. Don’t forget you are interrupting a business. Why do that just to get your kicks? It is not a smart thing to do. Look for entertainment elsewhere. You are having a lot of traditional criminals using computers for theft. Organized crime and traditional criminals have adopted or acquired hacking skills to pull off their capers.

Q: Do you sometimes wonder if you are still being watched, if the FBI is still listening?
A: They probably are, so say hello! They definitely are, with the Patriot Act and with me being a high-priority target. I assume I am still being monitored!

Posted in ICT Press | Leave a Comment »

The Secret Life of E-mail

Posted by Suntrekker on November 22, 2007

By Dean Chafee

secretmail.jpgHere is a comprehensive list of what your email message goes through in order to get delivered:

  • Virus Checks – The majority of virus (and worms) these days, travel around the internet by way of email messages. In order to protect valuable network systems from being attacked by a virus, most corporate networks and Internet Service Providers employ virus scanners that look for viruses and worms in much the same way that anti virus scans on your desktop computer. Most email
    server are set up to delete or quarantine any message that tests positive for a virus.
  • SPAM filters and the huge growth of SPAM – Everyone hates SPAM! So much so, that people will change their ISP providers or email host to get better protection from SPAM. As a result, companies like AOL and MSN spend tons of money coming up with new ways to provide “better” spam protection to their subscribers to reduce their attrition rates.
  • SPAM filtering methods:
    • Phrase filters – watch what you say! Many email servers use a list of unacceptable or offensive word and phrase lists and will reject or place the message in a junk folder upon a match, so watch what you say, or your message could be rejected.
    • Connection Checks – poorly configured email servers can cause loss of messages. This is most likely out of your control (unless you are a server admin), but just be aware that when email servers talk to each other, some are very picky about allowing a connection and may reject it if the source server does not “check out” properly.
    • Statistical Analysis – this is used to catch some of the techniques used by spammers like many repeated words or a bunch of unrelated words stuffed in the message (usually to try to throw off the spam filters). Your message can become a victim of this if you do something like copy and paste a data file into the body of your message or if you were to insert a data file (like a mail list or spread sheet) into your message, as opposed to attaching the file.
    • Domain Black Lists – Your ISP does not like your friend’s ISP! – server administrators will use a list of trusted (and sometimes not-so-trusted) domain and/or IP address lists to filter incoming messages. If you happen to be using one of the “bad” service providers, your messages could be dropped. Watch the company you keep!
    • HTML code checking and filtering – Don’t get too fancy with your Html email messages. Many servers are set up to reject messages that contain certain html code. Especially scripts, deceptive URLs or encoded text.
    • Discretionary Blocking by email address, domain, or IP block. – Most email server gives the admin the power to place a block in their server to deny access to any server or domain of their choosing.
    • Server Rule Sets – in addition to all of the above obstacles, most email servers can be custom configured with rules that will redirect or delete messages on just about any content that you can think of! A incorrectly coded rule could create a virtual sink hole for messages.

Now, assuming your message gets through all of the above checks, the next pitfall is in the email client program, like Outlook.

  • Email Client Rules and Filters – Just like servers can have rule sets that redirect or delete messages, most email client software also has the ability to create custom rules to delete or move messages into a folder. Again, an improperly coded rule could create a black hole for your message.
  • Unsolicited Message Filters, or Junk Filters – Most email client software also provides some sort of Junk mail filter, like Outlooks Junk E-Mail filter and add-on filters like SpamAssassin. These filters have become quite reliable, but there is still a small percentage of False Positives that will occur. Your message could fall victim to one of those false positives.

Other pitfalls:

  • Standards not adhered to – Although there are sets of standards (RFCs) that software providers and administrators of server are supposed to abide to, the standards are many times loosely adhered to. In fact most email server software gives the admin the option to turn on or off specific RFC features at their will or desire.
  • False Positives – virus and spam filters. – Every content filtering technology has a certain percentage of False Positives that are considered acceptable.
  • Proprietary Systems – There are many home grown systems out there that are simply poorly written and do not conform to standards.
  • The Wild Wild West… everyone configures their systems based on their view, morals and opinions.
  • Quotas – Sorry, that mailbox is full – Many service providers will limit the size of your inbox. The reasons for this are obvious… storage costs money.
  • Daily Delivery… no so much! – Just because your message got through today, does not mean it will make it tomorrow. Content and virus filters are often updated daily. Also, the little geek behind the server administrators console may decide to add an additonal filter or click on a new feature just to try it out (I know, I’ve done it)… again, it’s the Wild Wild West.

So, how can I Fix this? What can I do?

  • Mostly, be aware of this.
  • Request a “Delivery Receipt”. Most email clients support this, however, most email clients also provide the option to ignore them when received. Still, it does not hurt to ask!
  • Request a confirmation. Ask the recipient of the message to reply back to you with confirmation that they received it. This is probably the most reliable method of making sure the message was received.
  • Assume Nothing – never simply assume that the message was received. You know what assuming does… It makes an ass out of you and me!
  • Follow up. If the message is critical, follow up with a phone call, or with an additional email requesting a confirmation.

The Result and my recommendation:

Email is a great and very convenient for daily communications, but just be aware of the pitfalls and do not over rely on email for critical communications. And please… Don’t send your critical business files via email. FTP or burn on CD and send overnight.

Posted in ICT Press | Tagged: , | Leave a Comment »

Vista driving IT pros to alternatives, says survey

Posted by Suntrekker on November 21, 2007

by Cyril Kowaliski — 9:13 AM on November 20, 2007Windows Vista has been out for nearly 10 months now, but most IT professionals still have concerns about problems that may arise from an upgrade to the new operating system, according to a survey quoted by Computerworld UK. The survey was conducted by research firm King Research, and it found that 90% of 961 IT professionals were worried that moving to Vista would make their networks more complex and less stable. Half of those quizzed also said they have no plans to deploy Vista at all.

Among concerns cited regarding the new operating system, Diane Hagglund from King Research says, stability is the top one. IT professionals are also worried about compatibility with existing business software and, unsurprisingly, cost. Perhaps because of the latter, 44% of the 961 professionals surveyed said they have at least considered migrating to non-Microsoft operating systems including Linux and even moving over to the Mac platform. 9% are already switching over to other OSes, and 25% plan to switch within the year.

28% of those switching or planning to switch favor Mac OS X, while 18% prefer Ubuntu Linux, another 18% favor SuSE Linux, and a quarter are more partial to Red Hat Linux. The advent of virtualization, they say, has made the deployment of non-Microsoft operating systems a more realistic prospect.

Posted in ICT Press | Tagged: , , , | 2 Comments »

What matters most for IT executives

Posted by Suntrekker on November 21, 2007

Below are exclusive Computer World survey of 127 IT executives dated Feb 2007.

For those who want a career in IT industry… be equipped.

 

What matters most: Which skill do you find most valuable in your current IT staff?

  1. Ability to work well with customers and end users.
  2. Ability to communicate well.
  3. Ability to manage a project well.
  4. Strategic thinking skills

Room for Improvement: Which skill do potential IT leader s most frequently lack?

  1. Strategic planning
  2. Communication
  3. Knowledge of business
  4. Overall business acumen
  5. Budgeting/Finance

Articulate Leaders: What are the top skills or qualities you look for in an up-and-coming IT leader?

  1. Communication skills
  2. Knowledge of business
  3. Technical Knowledge
  4. A record of innovation
  5. A career history in my industry.

Posted in ICT Press | Tagged: , | 2 Comments »

The voice of ICT Management

Posted by Suntrekker on November 21, 2007

Computerworld
June 2007 issue

Alignment is not good enough anymore. IT leader are becoming full-pledged business strategists. Compelled to achieve closer alignment with company needs and business demands, IT has once again entered a time of transformation. Where once IT solely help support the business, now it must help define the business.

Reinvention is happening in force at some of the most of the most influential IT departments in the country.

 

Reinforcing IT.
“It is very much part of the growth agenda; I don’t think companies can grow as they are doing so these days without the help of IT really enabling this and removing all the barriers.” Sadiq Rowther: Regional IT director for ASEAN Market at Johnson & Johnson.

 

Re-structuring IT
“What I did was to build a culture of team work, and leading by example. This is by making our IT department an honest and with high degree of integrity. Because when you deal with your users, they need to believe in you so that the relationship between users and IT is stronger.” Ester Asinas: Director of the Information systems Division at Universal Robina Corporation.

 

Re-modeling Education
“It is essential for schools to generate new knowledge as far as IT is concerned. We should be able to conduct research and development, so that we’re able to come up with ideas that no other country has ever had before in the field of computer science.” Reynaldo Vea: President of both MIT in Manila and MITC (mapua Institute of Technology Center)

 

Re-imaging the IT Department
“If you want to drive a significant amount of behavioral change in an organization, it takes some big swings. ”

” Just by supporting the business? Not anymore. IT leaders are helping to reinvent it.”John Hinkle: CIO at Trans World Entertainment

 

Re- thinking IT budgets.
“IT Finance is moving from a take-what-you-can-get to a proactive debate about spending priorities.

We need to become more sophisticated with our budgeting models, yet keep the process as simple as possible.”David Oles: IT director of research and development at rent-a-car center

Posted in ICT Press | Tagged: , | Leave a Comment »