Archive for January, 2007
Tales of a Mac Convert (in progress)…
by Rodney Campbell on Jan.31, 2007, under Life, Technology
I recently became the proud owner of one of the new Apple 17" MBP’s (MacBook Pro) (2.33GHz Core 2 Duo, 3GB RAM, 160GB Hard Drive) and am enjoying the experience so far (except for that rediculous wireless mighty mouse).
I’ve been a Unix user for some time (I’ve mostly used Solaris (& SunOS) on Sun SPARC machines over the past 15 years and have dabbled with various Linux flavours) however I’ve also got to use windows at work as well (those corporate app’s I need to run).
I’ve been relatively happy/tolerant with windows (probably because I spend most of my time on my Unix workstation) over the years and all my previous laptops have run windows. However late last year I had major malware infections to both my windows machines (desktop and laptop – at different times) – which required a complete rebuild of each to be safe. I was pretty p***ed to say the least and whilst I don’t necessarily believe the Mac OS X is more secure than windows by design mantra I do expect it to be significantly less of target. With the advent of Parallels (I’ve been a VMware user on Windows for some time) and the time came for a laptop refresh I decided to take the punt and see what the other side of the fence looked like.
On the Wireless Mighty Mouse front – perhaps it’s just a carry over from my other window managers I’m used to (on Solaris or Windows) but I still like to use the context sensitive right button menus (a lot). The mighty mouse doesn’t have a "real" two button mouse (it emulates it by detecting whether you’re clicking down on the left or right of the shell). The problem is that this is so flakey (if you are even barely touching the mouse anywhere it almost always treats it as a left click) – and as the Mac has so many one click actions you end up left clicking and doing something (you don’t want to) when you just wanted the right button menu.
Having two separated buttons would make this both more reliable and you’d get that tactile feedback doing it – I’ll persevere a little longer but I think I’ll be switching to a "real" bluetooth mouse soon – any recommendations of ones which have decent support under Mac OS X?
To transport my new pride and joy around I grabbed an STM bag for the 17" MBP – I got the STM Large Convertable (shoulder bag and backpack in one) specifically because it was small, thin and light so I wouldn’t be able to cram too much crap into it – just the MBP, wireless mouse, my 160GB external laptop hard drive, eyetv and perhaps a few papers and discs. This way it isn’t some huge bulky backpack which weighs a ton (like my previous laptop backpack) – in fact it ends up nice and close to the body when I’m using it as a backpack and it feels incredibly light – even with my 17" laptop in it – marvelous.
Lastly I also picked up one of the Elgato EyeTV Diversity’s (my kit also included a 3 month IceTV trial code as well). It is remarkably good and HD is glorious – however one tip I have for reception is that (the antennas have magnets on the bottom) if you put the antennas onto some metal surface (at home I have a metal frame desk so I just magnet onto that – anywhere basically – so the antennas are actually under the desk – and at work just onto a metal filing cabinet) it seems to give MUCH better results.
2007.01.31 Daily Security Reading
by Rodney Campbell on Jan.31, 2007, under Security
Vista DRM Cracked by Security Researcher?
Security researcher Alex Ionescu claims to have successfully bypassed the much discussed DRM protection in Windows Vista, called ‘Protected Media Path’ (PMP), which is designed to seriously degrade the playback quality of any video and audio running on systems with hardware components not explicitly approved by Microsoft. The bypass of the DRM protection was in turn performed by breaking the Driver Signing / PatchGuard protection in the new operating system.
The argument was so obvious it hardly needed repeating. Some thought we would all be safer — from terrorism, from crime, even from inconvenience — if we had a better ID card. A good, hard-to-forge national ID is a no-brainer (or so the argument goes), and it’s ridiculous that a modern country like the United States doesn’t have one.
Don’t buy Vista for the security
Windows Vista is a leap forward in terms of security, but few people who know the operating system say the advances are enough to justify an upgrade.
The year hacking became a business
IT was the year when cyber-criminals targeted everything from MySpace to Wikipedia, and even a website maintained by a local boy scout troop wasn’t safe. Computer security experts say 2006 was also the year hacking stopped being a hobby and became a lucrative profession practiced by an underground of computer software developers and sellers.
2007.01.29 Daily Security Reading
by Rodney Campbell on Jan.29, 2007, under Security
New zero-day Microsoft Word vulnerability
Hackers are exploiting a new, zero-day vulnerability in Microsoft Word that could allow remote code execution on the victim’s machine, says security vendor Symantec.
Anti-virus software vendor Kaspersky Lab, has published an article about Windows Vista and security, in which it provides an analysis of various aspects of IT security with specific reference to Windows Vista.
Malware vs. virtual machines (pdf)
As virtual machines and various emulators have become commonplace in analysis of malicious code, malicious code has started to fight back. This hot topic was recently covered at AVAR 2006 conference by Peter Ferrie, a researcher at Symantec anti-virus research center.
Ultimate Guide to Enterprise Wireless LAN Security (pdf)
Enterprise wireless LAN security is a persistent concern for every system administrator and CIO. This TechRepublic ultimate guide will give you the information you need to secure all of the wireless connections in your enterprise.
AACS hack blamed on bad player implementation
A month after the first signs appeared online that AACS—the content protection scheme shared by HD DVD and Blu-ray—had been circumvented, the AACS Licensing Authority has verified the hack. According to a statement from the AACS LA, AACS has not been seriously compromised. Instead, the statement said, the attack is "limited to the compromise of specific implementations" and "indicate[s] an attack on one or more players sold by AACS licensees."
Online Safety Of Your Children Starts With You As A Parent
Parental control software is far from perfect and your kids are smarter than you may think, they will always find a way around them. Companies developing this software make millions out of parents neglecting their responsibility as a parent. What is the use of restricting the access on their computer, if they can find other ways of accessing the sites they want?
Time to Reboot the Internet Again
Cisco Systems Inc… today issued patches to fix at least three very serious security holes in its products.
2007.01.25 Daily Security Reading
by Rodney Campbell on Jan.25, 2007, under Security
Minor Google Security Lapse Obscures Ongoing Online Data Risk
Finjan confirmed earlier reports that Google’s anti-phishing blacklist, containing private user names and passwords, was accessible without protection on Google’s servers.
The copy protection technology used by Blu-ray discs has been cracked by the same hacker who broke the DRM technology of rival HD DVD discs last month.
Norway Ombudsman Says iTunes DRM Is Illegal
Norway’s Consumer Ombudsman has ruled that Apple’s FairPlay digital rights management technology violates the country’s laws by locking songs downloaded from the iTunes Store to the iPod.
2007.01.24 Daily Security Reading
by Rodney Campbell on Jan.24, 2007, under Security
New Bluetooth attack disables phones
Security researchers discovered a new technique to launch Denial-of-Service attack against mobile phones.
Toward the end of 2006, several penny stocks–stocks valued at or below one cent–saw momentary blips of upward activity. The sudden surge of interest wasn’t a surge of confidence by shareholders based on some end-of-the-year corporate profit projection, rather it was criminal.
SecurityFocus interview with Bill Cheswick
He started the Internet Mapping Project in the 90s; you have probably seen the maps that resulted. The interview ranges over firewalling, logging, NIDS and IPS, how to fight DDoS, and the future of BGP and DNS.