Posted: June 29th, 2005
Another Archspace set began this weekend. That meant I slept only a couple of hours during the weekend and a few hours monday. Fortunately I slept rather well this night. 21CN, my team, sort of split to try and make the game a bit more of a challenge but it didn’t work and we took the top without any resistance. I hope this set doesn’t last long. Anyway there are new features, some bugs were fixed and the game feels a lot more stabble. Also, there’s a new manual, a wiki, and a blog.
Posted: June 23rd, 2005
Yes the interview was on slashdot, yes another ignorant slashdot story.
Points made:
– Standards Committees suck; (well know fact)
– The same ideas keep cropping up over and over again in different forms; (Sort of true)
– We’re making zero progress in computer security; (Not really, we’re just moving very slowly and everytime a problem is fixed a new one appears. Solutions to common problems are taking too long to be developed and too long to be adopted. For example, the buffer overflow problem – even without the actual secure programming that should prevent it, solutions exist that make exploiting buffer overflows much harder if not impossible. Yet they took too long to be developed into something that’s pratical to implement and they are taking too long to be implemented)
– Deny:ALL by default better than Allow:ALL by default but requires more work. (well known fact)
– Hosts managed by security people aren’t much better than common hosts because security practitioners have very little power; (well known fact)
– There’s enough blame for everyone. (Sort of true but I don’t believe in blaming the users. If my car breaks down, I can’t fix it and if I break a bone, I can’t fix it. How can I expect John the mechanic or Jane the doctor to fix their computers? Also I don’t blame the hackers. They don’t create the problems they just point them out. For that, I’m thankfull not angry.)
Posted: June 21st, 2005
Nmapbot is capable of responding to a few general comments {hello, goodbye, information, thanks} like most chatterbots. However, what makes my bot special is that I wrote event triggers that allow him to spawn processes to run security tools (e.g. nmap).
Posted: June 21st, 2005
- If you install Microsoft Windows yourself, make sure you are behind some sort of firewall (a simple router like the linksys BEFSR41 will do). If connected to the internet directly a vulnerable Windows PC will become infected within minutes (I’ve seen it happen within seconds). Even after your computer is installed and patched it should remain behind a firewall (preferably both a hardware firewall – any modern broadband router will do – and a software firewall. I’v used the Kerio Personal Firewall but I’ve heard people saying good things about the Tiny Firewall, both have free versions).
- Update Windows using “Windows Update”. Set automatic updates: Start -> My Computer -> Control Panel -> System -> Automatic Updates.
- Install AntiVirus Software. Norton Antivirus, Trend Micro, AntiVir, Bitdefender (version 8 is free), or any other you like. It is very important to have antivirus software. Make sure the antivirus auto-protect function is activated. Run it once at least once a month.
- Keep your antivirus software updated.
- Download and install Mozilla Firefox. Use it instead of Internet Explorer. Do not use Internet Explorer!
- Keep firefox updated. Firefox will notify you when updates are available with an arrow in the upper right corner, click it to download and install the updates.
- Download and install Spybot S&D. Run it. Go to Update, search for updates and download any available updates. Then click Search and Destroy -> check for problems. After it is finished go to “Immunize” and click “Immunize”. Repeat this process at least once a month and whenever you suspect you have spyware or adware installed. If Spybot seems unable to remove a adware/spyware program, reboot and enter windows in safe mode and run Spybot S&D. If this doesn’t work:
- Install additional anti-spyware software. Unfortunatelly, not all anti-spyware products detect & fix the same problems so it might be a good idea to have more than just one anti-spyware program. I recommend you use Spybot and if you experience spy/adware problems that aren’t going away, if you suspect you have spy/adware that isn’t being detect or if you are simply paranoid install Webroot Spy Sweeper.
Posted: June 21st, 2005
The University of Porto has signed an agreement (in portuguese) with SUN Microsystems Portugal (Press Release). UP purchased 3 clusters with a total of 48 nodes (96 processors) and now, apparently has the first Campus Grid in Portugal.
The three clusters are divided: one is at the Faculty of Engineering (in english), the other at the Faculty of Science and the other at IRICUP (in english). Each node consists of a Sun Fire V20z (an AMD Opterton powered sever) runing Red Hat Linux. Addionally they use the Globus Toolkit, Sun Grid Engine and Sun Control Station.
Posted: June 20th, 2005
I decided to make a quick blog entry on this subject after reading about Seagate’s plans to include encryption technology in its laptop harddrives.
Laptop theft is a problem not just because of the stolen hardware but because of the data inside its HD. Corporate espionage, identity theft and similar crimes have been commited by stealing a laptop. A couple of examples:
MCI employee data stolen in laptop theft
UCLA laptop theft exposes ID info
What can you do about it?
Laptop Security, Part One: Preventing Laptop Theft
Laptop Security, Part Two: Protecting Information on a Stolen Laptop
Posted: June 17th, 2005
Games:
- Metal Gear Solid 3, PS2 (Review)
- God of War, PS2 (Review)
- Vampire The Mascarade Bloodlines, PC (Review)
- The Chronicles of Riddick: Escape From Butcher Bay – Developer’s Cut, PC (Review)
- Grand Theft Auto: San Andreas, PC (Review)
And more Starcraft and maybe Warcraft 3.
Posted: June 16th, 2005
Posted: June 16th, 2005
Posted: June 9th, 2005
Joi Ito has Some notes on the .XXX Top Level Domain. My opinion was pretty much expressed by joat in this post: It’s not going to work. And not just because of the silly price tag but mainly because it would be trivial to censor all .xxx websites. This has little to do with parental control software – children can’t pay for porn. This has to do with people watching porn at work/university/school/public libraries/whatever. In summary, porn sites currently have nothing to gain by moving to .xxx and a lot to lose.
Posted: June 9th, 2005
SANS Webcasts are live web broadcasts that allow you to hear a knowledgeable speaker while viewing presentation slides that you download in advance. You need either Real Audio Player or Windows Media Player (free downloads are available on the webcast access page), and a SANS Portal account. If you don’t have an account, just go to the SANS Portal page and fill in the simple registration form, it’s free. Once you have an account you can also access an archive of past webcasts.
SANS Tool Talks are special webcasts that offer an opportunity for you to hear from Information Security Vendors. At SANS we believe that you cannot accomplish Information Security tasks without tools. A surprising number of security professionals have no idea what technology is available in the marketplace. Tool Talks are designed to give you a solid understanding of a problem, and how a vendor’s commercial tool can be used to solve or mitigate that problem.
Posted: June 8th, 2005
No I’m not dead I’ve just been busy. With what? Well I have an important exam coming up (on the 14th of June), I’ve been to a birthday and a lan party and I’ve been trying to avoid blogging because I don’t want to make an “I-told-you-so” post about Apple’s switch to intel processors. I’ve also been trying to think of stuff to submit in my google summer of code application(s?) – getting 4500 dollars to work on something fun would be sweet.
Posted: June 3rd, 2005
SecurityFocus.com has a new look – it looks great.
Posted: June 1st, 2005
I remember a conversation I had with João Paredes (Chefax R&D) a couple of years ago about using FPGAs instead of microprocessors in high-performance/super computers. João did hint it in a comment under his interview at OSnews:
I’ll just give you a hint: it’s amazing what one can do with FPGA’s.
Fast-Forward two years and I see a story entitled Self-wiring Supercomputer on /. – it links to this NS Article.
The FPGA supercomputer will be more powerful and efficient than a conventional system of similar physical size.
Will it also be cheaper? I was a bit skeptical when João told me about his idea and I still am. I did notice a couple of ifs on that article:
“f it can be made easy enough to program”
“If we can get these [programs] to work, we’ll know that we have a general purpose solution”