Time for another post and also for another Full Disclosure debate. I’ve always been a big fan of full disclosure – getting ALL the information out there so that users/admins can decide for themselves instead of relying on a company that has no interest whatsoever in exposing the true level of their incompetence to their customers.
Also
Google Code – Summer Code, maybe I’ll actually do something this summer.
I previously mentioned ModSecurity but I was still suprised to learn how powerful it is.
Going through the usage statistics for neacm I found what looked like referer spam. I told Relax about it and we tried using this .htaccess but since we had problems with it (it was blocking everyone) Relax ended up using this one. Let’s see how it works.
Additional Resources:
.htaccess files
Blocking Referer Spam
The KYE papers always make for an interesting read and this one is no exception even though phishing isn’t a topic I’m particularly interested in.
I have to agree with this, specially the with the following paragraph:
Bad engineering in critical applications should result in corporate pain. If companies want their products to be used in the construction of the online world, they must accept the responsibility of making them fit for the job — and the consequences of cutting corners.
The following 3 links Via Bruce Schneier:
The Paris Hilton Hack.
Social Engineering Via Voicemail – sigh.
Encryption as Evidence of Criminal Intent
And there was more:
Russians Use Affiliate Model To Spread Spyware, Adware
Witty worm flaws reveal source, initial targets
HERT interviews Kismet’s author, Mike Kershaw
Intel quietly adds DRM to new chips – I won’t buy chips with DRM for as long as I have a choice. Well, not until it becomes trivial to bypass – weeks after their introduction? Maybe months, who knows?
I finally got around to reading something about the Cell Processor:
Introducing the IBM/Sony/Toshiba Cell Processor — Part I and Part II. There are two more detailed articles entitled The CELL Microprocessor and CELL Microprocessor Revisited but I haven’t gotten around to reading them and I doubt I will anytime soon.
More Links:
IBM will unlock door to Cell
IBM Discloses Cell Based Blade Server Board Prototype
The Cell chip – what it is, and why you should care
I’ve joined Asterisco a portuguese technology blog planet aggregator. Some (if not most) of the portuguese blogs I read had already joined (Rui Carmo, Pedro Melo, …).
I came across ModSecurity:
ModSecurity is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.
I read Introducing mod_security and I think I’ll try ModSecurity one of these days. The author also wrote a book – Apache Security. If I was currently runing apache somewhere I’d consider reading it. He also has a blog.
Yesterday I had a problem with my Firefox and I ended up deleting my profile. That meant I had to install all my exxtensions again as well as configure everything again. Here’s the list of extensions I installed:
adblock
bookmarks synchronizer
greasemonkey
ieview
Magpie
PDF Download
ScrapBook
Slogger
Foxylicious
Resize Search Box
Tabbrowser Preferences
BetterSearch
SessionSaver
Single Window
Is Iomega going to finish the Blue-Ray vs HDDVD war by killing both formats with its 800GB DVD?
Now I want the Debian Linux/Gnome based Nokia 770. More info at mobileburn,InfoSyncworld and for developers there is Maemo: “Maemo is a development platform to create applications for Nokia 770 Internet Tablet and other maemo compliant handheld devices in the future“. Shortly after Nokia announces patent support to the Linux Kernel.
Xbox 360 OS is apparently a deravative of the original Xbox OS (makes sense) which in turn is a derivative of Windows 2000. Also on /. there was a link to Inside the Xbox 360, part I: procedural synthesis and dynamic worlds – “The present article covers these features in detail, from the processor’s triple-core design, to its caches, deep pipeline, lack of an instruction window, and expected performance“.
So far I’ve done nothing that could be considered productive this week. I played couple of fun Starcraft BW matches (Terran v Zerg) against a friend and a few less interesting ones against other friends. Watched some more X-Files episodes including Anasazi and it’s part II (The Blessing Way) and III (Paper Clip).
This weekend was probably my worst in a very long time. I managed to do next to nothing. Some family issues wasted a lot some of my time and a lot o my patience.
I watched some X-Files Season 2 episodes including End Game. Also watched the Starcraft Ghost trailers, being a huge SC fan I’ll be sure to play Ghost. The gameplay looks great but the graphics are disappointing. After Far Cry and Doom 3 I expect awesome realistic graphics from video games not something that looks like it was colored with crayons. In my opinion Ghost is a game that would benefit imensly from realistic graphics that would immerse the player in the SC universe.
I read The Darknet and the Future of Content Distribution – moslty boring but also mostly accurate. Then there was Keeping FreeBSD Up-To-Date: A Security Odyssey.
I finally got around to backing up my del.icio.us bookmarks by saving http://del.icio.us/api/posts/all in “My Documents/App Data” and installed Foxylicious. I found Furl, it is basically del.icio.us but saves the webpage instead of just the URL. This functionality is already sort of implemented by the combining del.icio.us with Slogger which has the added advantage of being searchable by Google Desktop Search but i’ll try it out neverthless.
OpenBSD 3.7 (changelog) has been released.
Resolving OpenBSD Bloat: Unpuffing Puffy.
Fearmongering About Bot Networks
OpenID is an open distributed identity system. I’ll take a better look at it tomorrow or during the weekend.
The latest development in the EU’s Software Patents Drama.
Today after lunch me and a few friends went to watch Star Wars: Episode III – Revenge of the Sith. It was awesome. In my opinion it is the best Star Wars movie ever though my friends thought The Empire Strikes Back still holds that title.
–Spoilers
The background for the start is a breathtaking space battle with the beautiful Star Destroyers first seen in Clone Wars. Then there’s the battle with Count Dooku followed by more scenes of the Space Battle. My next favorite part is the fight between Windu and Palpatine followed by the attack against the Jedi Temple and the execution of “order 66″ (killing the jedi on the battlefield). Every scene where Yoda fights is also a work of art – digital art at it’s best! Personally I thought the Yoda Vs Palpatine fight was better than the one between Anakin and Obi-Wan but perhaps it was less dramatic even though the fate of the republic was decided by it.
Spoilers–
I can’t wait for the DVD to be released and I certaintly wouldn’t mind if I ended up seing it in the big screen again.
VoIP Leaders Form Alliance for VoIP Security Research and Testing
VoIP Security Alliance Elects Board of Directors, Announces Projects and Issues Call for Participation.
Some well know names in there. More info at Intelligence Online via Security Blog.
From the FAQ:
Why was VOIPSA formed?
Until now, no single organization or group has strongly emerged to help organizations understand and mitigate VoIP security risks through discussion lists, white papers, sponsorship of VoIP security research projects, and the development of free tools and methodologies for public use. We aim to rally vendors, telecom providers, and researchers to join and participate in these goals.
Guess VoIP security might be done right after all.
Some VoIP links I’ve collected over the past few days.