Sunday, August 31, 2008

Something Can't Find by Google

You better make sure you are not found.

>>>> Something You Can't Find Using Google:


Google Profiles, the public pages that include information about Google users, continue to add new questions. Some of the recent additions: "where I grew up", "where I live now", "places I've lived", "current company", "companies I've worked for", "current school", "schools I've attended", "my superpower".

There's even a metaphorical field "something I can't find using Google". What would you write if you were to answer that question in your Google profile?

See this for yourself now how many profiles are indexed by Google.

Saturday, August 30, 2008

Full Access to Locked iPhone

Recently, there is a security flaw disclosed to allow full access to a locked iPhone (running firmware version 2.0.2). To exploit a locked (vulnerable) iPhone:
  • Enter the emergency call menu (of a locked iPhone).
  • Double tap the HOME button (to open the Favorites menu).
This will allow anyone in the favorite list to be called. From there, an attacker can access to SMS messages and potentially your email or Safari browser.

The workaround for this flaw while waiting for the next firmware update:
  • Simply enter the Settings menu on your iPhone
  • Then enter General > Home Button
  • Select “Home” or “iPod”.
Now when you double tap your home button, it will navigate to either your home screen. While this fix might be annoying for some, as of right now it seems like the only way to secure your locked iPhone.

Monday, August 25, 2008

Security in MSIE8

An upcoming security feature from Microsoft Internet Explorer 8 (IE8). This new IE8 feature intends to make reflected / “Type-1” Cross-Site Scripting (XSS) vulnerabilities much more difficult to exploit.

RedHat Linux Compromised

Red Hat Inc. announced that their main distribution servers were compromised. Patches were released to fix apparently modified OpenSSH packages.

This is an incredibly interesting vector of attack. Both releases of Red Hat Enterprise Linux v4, v5 and Fedora were modified with hackers essentially including their own key to the front door (ssh) into the operating system. If you have installed RHEL or Fedora from ftp or http sources recently you will certainly need to: "yum update".

Friday, August 22, 2008

IE and m4v file

Zero day in IE 6,7, 8 again. Saw it at http://packetstormsecurity.org/filedesc/ieatm4v.c.html. It is an exploit for m4v file parsing.

m4v is an iTune Video file extension. See http://www.fileinfo.net/extension/m4v for more detail.

Tuesday, August 19, 2008

Microsoft Office 2007 Add-in: Microsoft Save as PDF or XPS

This download allows you to export and save to the PDF and XPS formats in eight 2007 Microsoft Office programs. It also allows you to send as e-mail attachment in the PDF and XPS formats in a subset of these programs.

Saturday, August 16, 2008

iPhone Screen Capture

With the new 2.0 firmware, you can take a screen capture using an easy key combo. Just hold down the home button and press the power button briefly. If you hold it for several seconds, the phone will soft reset, but if you just press and release, you'll see the screen flash and an image will be stored in your photos folder.

This ought to come in handy if you're doing any programming, web-based or native, on the iPhone.

See it in action at Youtube.

Thursday, August 14, 2008

BSOD in Olympics Opening

A picture is worth a thousand words. The Blue Screen of Death (also known affectionately as BSOD) made it’s way to the 2008 Beijing Olympics!


Seems like the Windows XP Embedded (XPe) operating system has helped launch the 2008 Olympics in Beijing, but fails.


In case you never know what is BSOD, see some BSOD through ages. Or if you want to start customize your own BSOD, you may want to change the color and trigger it manually. Have fun!

Thursday, August 07, 2008

Windows Vista(R) Performance and Tuning

Overview

Windows Vista and SP1 focus on delivering greater performance and overall system responsiveness. By striking a balance between speed and responsiveness, Windows Vista and SP1 deliver a level of performance that has the greatest positive impact on the system's usability.This guide looks at the following areas of performance improvement:
  • Making configuration changes that help a computer feel more responsive when you use it.
  • Using hardware to boost the actual physical speed of a computer.
  • Making configuration changes that help a computer to start faster.
  • Making the computer more reliable may help increase performance.
  • Monitoring performance occasionally so that you can stop problems before they get too big.
>>> http://www.microsoft.com/downloads/details.aspx?familyid=ab377598-a637-432c-a3c8-1607ab629201&displaylang=en

File Extension in VMware

Some well-known file extensions used in VMware.

.VMDK -- These files are the actual hard disk of the virtual machine itself, and tend to be the largest file within the folder. You can consider the size of this file to be roughly equivalent to the size of either the disk itself (if you've chosen to use preallocated disks) or the size of the data currently stored on that disk (if you use growable disks).

.NVRAM -- Consider this file the BIOS of the virtual machine.

.VMX -- With typically one VMX file per folder, this file holds the configuration information for the virtual machine in a text format. Unlike almost all the other files you'll see, these files can be edited using any text editing program, a process that is actually required for some functionality that is not exposed in the GUI.

.VMXF -- This file, in XML format, includes additional information about the virtual machine if it has been added to a team. If a machine has been added to a team and then later removed, this file remains resident. This file can also be opened and read in a text editor.

.VMTM -- For virtual machines actively participating in a team, this file stores information about that team membership.

.VMEM -- These files, which contain a backup of the VMs paging file, are typically very small or non-existent when the virtual machine is powered off, but grow immediately to the size of configured RAM when the machine is powered on.

.VMSN and .VMSD -- When snapshots are created for a virtual machine, these files are created to host the state of the virtual machine. The VMSN file stores the running state of the machine, what you could consider the "delta" between the VMDK at the point of the snapshot and what has been processed up until the present time. The VMSD stores information and metadata about the snapshot itself.

.VMSS -- If you've suspected the state of your machine, this file contains the suspended state of that machine. These files typically only appear when virtual machines have been suspended.

>>> http://mcpmag.com/columns/article.asp?editorialsid=2708

Keep IPv6 Out of Windows Vista and Windows Server 2008

Not many people are familiar with IPv6 address scheme today. Sometimes, network troubleshooting in Windows Vista and Windows Server 2008 can be cumbersome. These OSs at times tend to give an IPv6 response to a network request instead of the IPv4 answer we're used to seeing. Two things you can do to keep IPv6 out of the picture for now.

Firstly, forces ping to use IPv4 for the request:

ping -4 hostname.domain.net

Secondly, disable IPv6 functionality entirely (via registry). Set the data for this value to 0xffffffff to disable all IPv6 components (except for the IPv6 loopback interface). This setting also configures the computer to prefer IPv4 over IPv6. Restart the computer for the setting to take effect.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

DisabledComponents (DWORD): 0xffffffff

Wednesday, August 06, 2008

LiteNews Administrator Cookie Authentication Bypass Vulnerability

Bugtraq ID: 30555
Class: Design Error
Remote: Yes
Published: Aug 05 2008 12:00AM
Credit: Scary-Boys
Vulnerable: Wogan May LiteNews 1.2
Description:
LiteNews is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication.

Attackers can exploit this vulnerability to gain administrative access to the affected application.
Exploit:
Attackers can exploit this issue via a browser. The following example JavaScript code is available:

javascript:document.cookie = "admin=1; path=/";

Monday, August 04, 2008

Backup or Restore Saved Network User Credentials in Windows Vista

>>> http://www.howtogeek.com/howto/windows-vista/backup-or-restore-saved-network-user-credentials-in-windows-vista/

Whenever you enter user credentials into Internet Explorer, map a drive to a remote server, or connect to a Windows domain, you are given the opportunity to save your password. What you may not realize is that you can backup or restore the list of those credentials using a mostly hidden control panel utility.

To open up this utility, type control userpasswords2 into the Start menu search box and hit enter.

image

On the resulting User Accounts screen, click on the Advanced tab and then click the Manage Passwords button.

image

You'll see the list of your stored network credentials here. For instance I've got saved credentials for all the remote desktop sessions that I use. (I don't have any web credentials in here because I use Firefox) You can click on the Add/Edit buttons if you feel like editing the items in the list.

image

To backup the list of user logon credentials, just click the Back up button, and a wizard will pop up.

image

Click the Browse button and choose a name for the file. Make sure it's something memorable. After you click the Next button you'll be taken to a somewhat strange screen.

image

That's right, you have to hit Ctrl+Alt+Delete to actually backup the credentials, and you'll be asked for a password to secure the file. Make sure it's something memorable or else you won't be able to restore the credentials later.

If you want to Restore the credentials from your backup, just click the Restore button, choose the backup file and then you'll be prompted to Ctrl+Alt+Delete again.

image

You'll be asked for the same password you created earlier, and the credentials will be restored.

Sunday, August 03, 2008

The Only True Drop-in MS-Exchange Alternative

Just come across this solution from the web, which claims to provide plugin-free interoperability with Microsoft Exchange server. This PostPath Server is a Linux-based enterprise-class email and collaboration server. It is the only drop-in, natively interoperable alternative to Microsoft Exchange.

From the documentation, it seems impressive. It has 4 lines of product:
  1. PostPath Server
  2. PostPath Webmail
  3. PostPath Vmware Edition
  4. PostPath Archive Edition
The PostPath Server™ incorporates code from several open source projects. They do make modifications to that open source code and is available for download. If you are interested in downloading these modifications, give it a try at PPSD Open Source Modifications, ftp://ftp.postpath.com/pub/OpenSource/.

Novell owns Unix's Intellectual Property

Recently, I read an article, Is OpenSolaris in hot water?, and I got shocked when I come across the first paragraph as below:
Here's how it works: Novell owns Unix's IP (intellectual property). SCO sold Unix's IP to Sun. Sun then included some Unix IP into Solaris. Finally, Sun open sourced Solaris as OpenSolaris. Sounds like trouble, doesn't it?
Do you know since when Novell owns Unix's IP? What will happen if Novell start charging to Unix users one day?

Friday, August 01, 2008

Tricks to Make Linux Boot Faster

ZDNet publishes an article about 10 tricks to make Linux boot faster.

Linux rarely needs to be rebooted but, when it does, it often takes longer than you'd like. Below are the summary:
  1. Disable unnecessary services.
  2. Disable unnecessary kernel modules.
  3. Use a lightweight window manager, such as Enlightenment or Xfce, instead of Gnome or KDE.
  4. Use a text-based login instead of a graphical login.
  5. Use a lighter-weight distribution.
  6. Use an OpenBIOS - It allows Linux to actually initialize the hardware as it boots, instead of relying on the BIOS.
  7. Avoid DHCP.
  8. Get rid of hotplug - Note that udev has, for the most part, replaced hotplug. However, if you're running an older distribution, the above does apply.
  9. Try init-ng system (to replace SysVinit) - Decrease boot times in Unix-like operating systems.
  10. Use a hack with Debian - If you're using Debian, there is a simple hack you can use to switch your start up scripts to run in parallel. If you look at the /etc/init.d/rc script, you will see: 'Concurrency=none' around line 24. Change this line to 'Concurrency=shell' and you should see a reduction in boot times.

>>> http://resources.zdnet.co.uk/articles/features/0,1000002000,39454355,00.htm?r=16

How Not to Be Clueless CIO

An interesting article about the 9 reasons why developers think the CIO is clueless.

As CIO, you hold one of the most important executive positions in your company. And, to lead successfully, you must earn the respect of both the business and your information technology organization. But earning the respect of application development professionals is no easy task: The CIO position has been a revolving door as of late and many application development professionals have become cynical.

>>> http://blackwhiteforest.blogspot.com/2008/08/nine-reasons-why-application-developers.html

Other readings: