Monday, November 24, 2003

Digital Entertainment Hubs/Products:
  • Digital Entertainment Hubs - Great article about Digital Entertainment Hubs. A new consumer device category to confess us more.
  • Telly MC1000 Home Entertainment Server - Possible new Tivo rival.
  • Zenith HDR230 - World's first combination HDTV receiver and HDTV digital video recorder set top box. You can record standard-definition 480i to high-definition 1080i wide-screen content (requires HD-capable TV, and rabbit ears). TiVo and other PVR manufactures are expect to release their products like this later in 2003. It will retail for about $999 dollar (US).

Microsoft vs. Virus Writers

Anytime you install software on your computer form any company or organization you run the risk of opening it up to new vulnerabilities. I am not stating anything new when I mention that Microsoft software is known for having its own share of bugs and vulnerabilities. Although, many people seem argue that Microsoft software is more buggy or more insecure then any other company's software out there, but this might not totally be true.

Consider this, Microsoft creates millions and millions of lines of new code every year. It is impossible to create all that code without having problems or making mistakes. Also, no company has the market-share that Microsoft has, and because it is the market-leader it will also become a popular target for cybercriminals.

If Apple had the market-share that Microsoft has I can almost guarantee that there would be a great deal more viruses and exploits for that Mac OS. Although, Apple has one thing over Microsoft and that is it is built a top of BSD Unix, which is a solid and secure OS.

Virus writers, hackers and crackers will always be drawn to the biggest target, it is like a moth to the largest flames. Why spend hundreds of hours to write a virus or develop an exploit, if it only going to effect a few people. If someone is going to spend the time to write a virus, they want it to effect as many people as possible.

Take for example the Sobig virus and Blaster worm, I am pretty sure that whoever wrote this malware that they're pretty happy with themselves. Think about it from their prospective, they created software to preform a task, and it work so well it is known around the world.

There's No Honor Among Thieves
To combat this ongoing threat Microsoft has put $250,000 bounties for the arrest and conviction of the cybercriminals that created the Blaster worm and Sobig virus. They have also setup a funded with $5 million dollars to finance (dubbed the Anti-Virus Reward Program) future bounties, and are trying working closely with the legal authorities.

Microsoft hopes that the bounties will encourage the friends or associates of the virus writers will turn them in for the money. Thus, forcing virus writers to become more paranoid, and prevent them from sharing their code with others for fear of being turned in.

Now, here is the real question will this new tactic work? Well, you now what they say, 'money talks'.

I think Microsoft's strategy of might lead to a few early arrests, but in the long run it might only slow virus writers down a little bit. Virus writers will also, start only sharing their exploits with close associates that they trust not to turn them in.

The Right Thing To Do
Microsoft's only real defense against these attacks is too improve their code, lock down the default configuration of their server and desktop OSs, and train the system administrators and general public how to protect themselves.

In Microsoft's defense they have already started initiatives to do all three of changes needed. But I have to be a little skeptical about how much it will help or how well they will implement it. Only time will tell.

The general public and system administrators also have to do their part protect their computers from attack and viral infection. There are four simple security rules that can help anyone protect themselves.

1. Install a virus scanner, and keep the signatures updated.
2. Install a firewall, and activate it.
3. Update your OS and applications
4. Don't open up file attachments

No One is Immune
The open-source community is not immune to the dangers of cyberintruders. An unknown person recently attempted to insert a Trojan horse program into the next version of the Linux kernel, which is stored in a publicly accessible database. Security features of the database detected the illegal change, and the database was shut down. The changes, which could have become a security flaw to the kernel, never became a part of the code.

- Protect Your PC (for Home Users)
- 3 Ways to Help Ensure Your System Is Protected (for IT Professionals)
- Trustworthy Computing Initiative

Links of Interests
- Check out the Apple switch ads from Red vs. Blue.

Vehicles of the Week:
- Bombardier's Embrio, it like a Segway but different.
- For alternative boats, check out the OutRider.

Free Antivirus and Firewall Software
Computer Associates for a limited time is offering their Windows antivirus and firewall software for free, with a for one year. For more information, see: Note: The free software offer expires 6/30/04.

Friday, November 14, 2003

Links of Interests

PRISMIQ Networked Entertainment Gateway
The PRISMIQ is a networked entertainment gateway that allows you to play a broad array of digital media through your TV, and stereo anywhere in your home. The device will even let you surf the Internet from your couch.

The Meatrix
The Meatrix is a spoof of the Matrix, it points out the dangers, problems, issues with 'factory farming.' I am not a big fan of these liberal sites, but I like idea and the flash animation.

Building a Your Own Segway
Self-balancing scooters can be easy to build using off-the-shelf parts. Also, make sure to check out the Megway site and video.

Monday, November 10, 2003

A Weakness Reported in the WPA Security Protocol

Robert Moskowitz, a senior technical director at ICSA Labs has published paper reporting that some implementations of Wi-Fi Protected Access (WPA), can be compromised through a dictionary or brute force attack.

For those of you who don't know what WPA, its a new standard for data encryption on Wi-Fi networks. The WPA specification uses passwords to act as the keys that encrypt the network's communications. The specification allows for two types of key management: pre-shared keys, where everyone uses the same pass phrase; and managed keys, which use a server to assign a different keys to each user.

The new attack only effects the pre-shared key management, and only if the person who implement the key uses an easy to guess password. The cryptography doesn't have known issues like WEP encryption, but like any system that uses passwords it is suitable to dictionary attacks. The way you can prevent this problem is just by choosing a long (20 characters or more) password that is not easy to guess, and doesn't contain words that are in the dictionary. For example: 'H3ll0W0rlD;Th1s1sAT3sT:Buy4Now'

What Moskowitz found is not ground breaking, but it does make a point that we have to be careful about the passwords we choose for anything, because they can be guessed with enough computing power and time.

Links of Interests

Smart Networked Dust
"Smart dust" devices are tiny wireless MEMS (MicroElectroMechanical Sensors) that can detect everything from temperatures, humidity, light, vibrations, etc.

Howard Rheingold (Smart Mobs)
Howard Rheingold is online pioneer, who authored the best-selling books Virtual Reality, The Virtual Community, and Smart Mobs.

X Prize
A worldwide US$10,000,000 competition to build a reusable space craft.

Salary Survey 2003 Registration
Know how your salary compares with others across the country.