Fast-Flux Bot Nets: The Future of Botnets

July 11th, 2007 by Gabriel

A worrying news from SecurityFocus came out today:

Network security analyst Lawrence Baldwin has helped take down his share of bot nets, but he worries that those days may largely be over.

Why worry? Well, botnets are used to send spam and launch denial-of-service attacks. If you’re still not concerned, imagine the amount of spam e-mails about penis enlargement, stock investments, and other promotions you get everyday. Add to that an unusual moment wherein you can’t access your Webmail account in Yahoo! MSN or Google, or your favorite Web sites such as MySpace and Facebook (denial-of-service). These are a few of what botnets can do.

Botnets having a bright future can indeed be alarming. To begin with, I encourage you to watch this news video about the arrest of SPAM king, Robert Alan Soloway last May 30, 2007.

Posted in Security | 12 Comments »

Power of Schmooze

July 10th, 2007 by Gabriel

What’s schmooze? You might ask. From Answers.com:

schmooze or schmoose also shmooze

v., schmoozed or schmoosed also shmoozed, schmooz·ing or schmoos·ing shmooz·ing, schmooz·es or schmoos·es shmooz·es.

v.intr.
To converse casually, especially in order to gain an advantage or make a social connection.

v.tr.
To engage in schmoozing with: “how to be a professional artist—how to be a businessperson, how to schmooze the collectors” (Paige Powell).

n.
The act or an instance of schmoozing.

Adria of In Cinq, an international community art project that encourages visitors to contribute a cinq pic (9-word cinquain + self portrait) and Karen of Secret of Unlimited Prosperity, a blog that deals with the Law of Attraction, have bestowed me with a community involvement award.

Power of Schmooze

Thanks, Adria and Karen!

Posted in Journal | 12 Comments »

8 Random Facts About Me: A Tagging Game

July 8th, 2007 by Gabriel

8 Random Facts About Me: A Tagging Game Last month, I did my 1st Weekend Blog Drive-By wherein I dropped by my fellow bloggers’ blogs and read one of their articles. It was a fun and profound experience. I have to admit that it changed the way I look at blogs now. Since then, I’ve been reading some posts about entertainment, celebrities, dating tips, poetry, renewable energy, travel, journals, cultures and even aerospace- topics that I have little interest in. I learned to appreciate these posts because they allowed a different approach to taking a glimpse into a world aside from computers and technology. Somehow, it solidified the idea of my favorite philosopher, Socrates: That what I don’t know, I don’t think I know.

Steve of cymru66 and Cat of UltraJam have been kind enough to tag my blog and I’ll gladly comply. This is a great opportunity for me to explore other blogs once again.

Rules

Post 8 random facts about yourself.
Tag 8 other blogs in return.

Posted in Journal | 10 Comments »

The eBay of Security - WabiSabiLabi Vulnerability Auction Site Launched

July 7th, 2007 by Gabriel

WabiSabiLabi - Vulnerability Auction I read an interesting report today from SecurityFocus about an online auction site for security bugs. WabiSabiLabi or simply, WSLabi was just launched. According to SecurityFocus, its online portal will allow researchers to sell vulnerabilities they have discovered to software companies and other interested parties through an open market.

From the WSLabi Web site:

WabiSabiLabi is aiming to a single moving target: to bring the world closer to zero risk.

If the world must become a safer place, the first part of the recipe is simple: to provide a better rewarding for the security researchers, organising an efficient and transparent marketplace, here to maximise the results of their efforts.

This is good news for security researchers. Price offerings are attractive too, ranging from $1,000 to $15,000 if based from the offers of security companies like TippingPoint and iDefense.

Will this help lessen the risks online? We’ll have to wait and see.

Posted in Security, Web News | 2 Comments »

iPhone Web Developer Guidelines

July 6th, 2007 by Gabriel

iPhone Web Development Guidelines Apple iPhone will have passed its 1 millionth subscriber by now. If you’re a Web developer or someone just curious about how your blog or Web pages will function in iPhone, then you must read Apple’s Development Guidelines for iPhone. Web developers using the Windows platform were delighted with the public beta release of Safari for Windows. At last, they won’t be relying on browser screen shot services anymore to test their layouts.

On the other hand, with the release of iPhone there will be new opportunities for those who want to boost their blog readership and Web site traffic. Safari is also the Web browser used by the device. Apple said that those Web pages that rendered correctly in the desktop version of Safari will most likely display correctly in Safari on iPhone. However, there are changes that need to be considered and it won’t be that easy. According to the iPhone Development Guidelines, one will need to have an understanding of Web standards and established Web design best practices to provide the visitors of his/her blog or Web site with a great user experience.

The iPhone Development Guidelines listed some tips. Please visit the page to gain more information:

Understand User-iPhone Interaction
Use Standards and Tried-and-True Design Practices
Integrate with Phone, Mail, and Maps
Optimize for Page Readability
Ensure a Great Audio and Video Experience
Know What Safari Supports on iPhone
Connect With Web Developers

Posted in Web Design | 18 Comments »

Still Remains - The Serpent (2007) Review

July 5th, 2007 by Gabriel

Original Release Date: July 16, 2007
Label: Roadrunner Records

The latest album of Michigan based Christian metalcore band, Still Remains is quite disappointing. Having listened to their previous album, Of Love And Lunacy, the latest album seems to lack aggression, which they have already established in the previous one. I haven’t heard of their first album yet, but it has been said that The Serpent’s musical direction was taken from the band’s earlier releases. Unlike in the previous album, the keyboards in which Still Remains is known for, were more apparent this time. The less aggressive melodies made way for the keyboard to sink in beautifully with the softer tracks. It was clearly demonstrated in the first track, which has the same title as the album. Nevertheless, I expected more from the band. A smoother transition could’ve at least prepared me for the direction that they were going. Take the case of Trivium’s Ascendancy album to The Crusade. The turning point was really good that it gave me a lot more tracks to choose from. After 2 years of waiting, it just wasn’t worth it. It wasn’t the Still Remains I had previously known.

Tracks I disliked:

Maria
Dancing With The Enemy
The River Song

Tracks I liked:

The Wax Walls Of An Empty Room
Anemia In Your Sheets
Dropped From The Cherry Tree
Sleepless Nights Alone
An Undesired Reunion
Avalanche

Posted in Music | 3 Comments »

Possible iPhone Vulnerabilities Identified

July 4th, 2007 by Gabriel

iPhone vulnerabilities enumerated Despite its premium price, Apple’s iPhone has been selling like hot cakes last weekend, and and sales are still growing strong. No wonder security researchers are very interested in the smart gadget. Errata Security, a consulting and product testing company that offers expertise in cybersecurity has already spotted a flaw in the iPhone’s Safari browser less than 72 hours after its announcement. More are on the way as of this writing. I’ve compiled a list of possible and/or existing iPhone vulnerabilities based on the reports of different security blogs and news Web sites.

“By effecting a buffer overflow in the application (Safari), an attacker can take control of the browser and run code on the device”. -Robert Graham, CEO of Errata Security.
“The scenario that seems most attractive is to have the phone dial 900 numbers, an age-old attack that allows criminals with ties to fee-based phone services to profit each time an infected computer dial the number”. -Robert Graham
“Our Bluetooth fuzzer¹ locks up the device, so that’s an interesting sign”. -Robert Graham
Currently making progress on unlocking the phone so it can be used on networks other than AT&T’s. -Antivirus Tools
Working on getting the iPhone to run Linux. -Antivirus Tools
Working on the possibility of allowing third party applications to the iPhone. -Antivirus Tools article
iPhone root password is alpine and mobile user account password is dottie, although they’re useless at the moment since the iPhone has no terminal yet for remote access. -Hackint0sh forum
“One underground site has collected information from the iPhone’s Macintosh OS X Disk Copy Disk image file.” -CNET News
Crack open the service activation codes. -CNET News
Support use of the iPhone as a modem. -CNET News
Breaking iPhone’s digital rights management (DRM) functionality. -Antivirus Tools

¹Fuzzer - A Security fuzzer is a tool used by security professionals (and professional hackers) to test a parameter of an application. Typical fuzzers test an application for buffer overflows, format string vulnerabilities, and error handling. More advanced fuzzers incorporate functionality to test for directory traversal attacks, command execution vulnerabilities, SQL Injection and Cross Site Scripting vulnerabilities. Web Vulnerability scanners typically perform all of this functionality, and can be considered an advanced fuzzer. -CGI Security

Posted in Security | 13 Comments »