zundel

Thursday 54

Security Recipes – A.1 – Hardening Windows XP

Microsoft makes operating systems — for botnets, malware, and spam.
Especially Windows XP.

Nothing can make Windows XP adequately secure.
If you must use Windows, upgrade to Windows 7. It has better but still flawed security.

If you must use Windows XP, do not connect the computer to the internet.

If you connect Windows to the internet, you must update.
(more…)

Wednesday 53

Virtual private server setup

LVS official logo

A good article, that misses a most crucial point.

First and foremost, I strongly recommend doing test builds of virtual servers on your own hardware.

The ABCs of virtual private servers, Part 2: Getting started

Because of how virtualized host servers are set up, adding more memory or hard disk storage often comes at what seems like a ridiculously high price.

The promised flexibility of virtual servers doesn’t always work out. Crossing the equivalent of a bracket costs. So have some idea of the range of your needs before starting.
(more…)

Tuesday 52

This is your bank account on Windows

malware hazard

Read this:

Sold a Lemon in Internet Banking Krebs on Security

An online bank robbery in which computer crooks stole $63,000 from a Kansas car dealership illustrates the deftness with which cyber thieves are flouting the meager security measures protecting commercial accounts at many banks.

The controller didn’t know it at the time, but thieves had already compromised his Microsoft Windows PC with a copy of the ZeuS trojan, which allowed them to monitor his computer and log in to the company’s bank account using his machine.

(more…)

Sunday 50

Spinning pot calling kettle black

Filed under: Open source — Tags: , , — zundel @ am

The single most consequential thing Novell has ever done to make itself look bad:
Solaris Alternatives.

No one likes what Ellison and Oracle have done in their takeover of Sun.

Oracle has already lost Open Office. It has become Libre Office

No one knows which operating system Oracle will go with: the Linux they ripped off from Red Hat, or Sun’s Solaris. They advertise both on their website.
(more…)

Selling digital snake oil to spooks

Filed under: Computers, Politics, Security — zundel @ am

Given that:

A Pentagon study in January found that it had paid $285 billion in three years to more than 120 contractors accused of fraud or wrongdoing.

this $20 million scam is small change.

Hiding Details of Dubious Deal, U.S. Invokes National Security

The software […] prompted an international false alarm that led President George W. Bush to order airliners to turn around over the Atlantic Ocean in 2003.

(more…)

Saturday 49

Security Recipes – Introduction

Filed under: Security — Tags: , , , , , , , — zundel @ pm

Does the background rumble of geeks chortling at the screw-ups of HBGary make you consider doing something about the security of your computer?

But you won’t give up Windows ’til they pry it from your cold dead fingers?

There’s a lovely bit about that with Vincent D’Onofrio at the beginning of the first Men in Black movie. Go watch the video. (This is your bank account on Windows.) I can wait. You’ll come back in a better mood and better motivated.

We all laughed at that.
Except, this time, you’re the meat-puppet.

Malware hasn’t gotten that aggressive — yet.
But it’ll take your banking access, your email, and your identity.

Major banks have warned against using Windows to access your banking.

You have received embarrassing spam from your friends. You might have sent it.

Microsoft makes lovely operating systems — for botnets, malware, and spam.

Your computer could be taken over right now and sending out spam. Do you know that it isn’t?

Not much you can do about your bank’s security except choose a better bank.

But you can control your own computer.

Next:

  • Security Recipes – A.1 – Hardening Windows XP

Coming:

  • A.2 – Hardening Windows 7
  • B – Virtual Machines
  • C – Wubi
  • D – Dual boot
  • E – Encryption

Why? Just the latest.

Open source becomes the standard

Filed under: Open source — Tags: — zundel @ pm

More than half of IT organizations deploy open-source software

Based on a survey of 547 IT organizations from 11 countries, research-firm Gartner has found that more than one-half of IT organizations use open-source software, or “OSS”, with commercial software usage dropping.

This is big news and represents a significant trend. Five years ago less than 10% of IT organizations used open-source software, with the number rising to 30% three-and-a-half years ago. Significantly, Gartner noted a proportional drop in commercial software usage.

“Gaining a competitive advantage has emerged as a significant reason for adopting an OSS solution, suggesting that users are beginning to look at OSS differently [….]

Black net ops

Filed under: Computers, Security — Tags: , , , , , , — zundel @ pm

Fascinating reading.

Anonymous cracking and publishing the email of Aaron Barr, Greg Hoglund, and HBGary has turned up all sorts of useful information. And Ars has done a very god job analyzing it and reporting.
Nothing unknown or unsuspected, but useful confirmation.

Black ops: how HBGary wrote backdoors for the government

Why you don’t want to use Outlook, ever.

The target user would preview a specially crafted e-mail message in Outlook that took advantage of an Outlook preview pane vulnerability to execute a bit of code in the background. This code would install a kernel driver, one operating at the lowest and most trusted level of the operating system […].

When installed in a target machine, the rootkit could record every keystroke that a user typed, linking it up to a Web browser history. This made it easy to see usernames, passwords, and other data being entered into websites; all of this information could be silently “exfiltrated” right through even the pickiest personal firewall.

“This is ideal because it’s trivial to remotely seed C&C messages into any networked Windows host,” noted Hoglund, “even if the host in question has full Windows firewalling enabled.”

HBGary stockpiled and sold zero-day exploits. Nice people.
Most experts try to help the community fix security vulnerabilities. These guys were finding them and selling them.

These guys were not very good. Anonymous penetrated them easily. And often seem really juvenile, like they wanted to be James Bond. (Shades of Ollie North.) Yet they sold ready exploits to defense contractors working for the government. Defense procurement is as sophisticated as ever. But also, most systems are easily compromised.

If you need security, don’t use anything these guys mentioned.

Friday 48

Virtual Servers

Only a few reasons remain for running your own server:

  • You have one and haven’t yet gotten around to transitioning
  • You think doing your own maintenance will cost less
  • You need really high performance and tuned hardware

Otherwise, you should consider a virtual server.

The end of a faithful server

The ABCs of virtual private servers, Part 1: Why go virtual?

The above article provides a useful chart of VPS providers.

At least consider using virtual servers on your own hardware.
It doesn’t have the advantage of a service’s redundant hardware, but you gain the easy backup and redeployment of virtual servers, and it makes a good transition path to full VPS.
LXC is the lightest and most efficient technique for isolating and managing processes.
KVM is the most efficient method for running virtual machines.
(Avoid VMware: they have an installed base but are no longer competitive.)

Thursday 47

Pity Nokia developers

Filed under: Open source — Tags: , , , — zundel @ am

Symbian C++ to WP7 migration questions – 2011-02-12 05:1

This is going to suck.

Not on your phone

This is rather sad.

It started with Apple.

Apple’s operating systems are based on open source. Apple uses and contributes to open source. And you can install and use open source software on a Mac.
But not on an iPhone.

Microsoft uses and contributes to open source. You can install and use open source software on Windows.
But not on a Windows Phone.

Microsoft: Absolutely No (GPLv3-Or-Compat-Licensed) Free Software for Windows Phone and Xbox Apps

Microsoft chose to forgo a large base of established high quality software for their new platform.

This is about control.

Who gets to control what’s on your computer and phone? Them or you?

For instance, security:
Need to protect information on your mobile devices?
Want to use strong open source encryption?
Not on an iPhone or Windows Phone.
You’ll have to take the security they offer you. And trust them.
Good luck.

Microsoft had a chance with Windows Phone to create a mobile platform that met business needs with easier administration and more innovation than BlackBerry. They just blew it.

Everyone has seen Apple’s billions from consumer dollars. And now everyone chases those billions.

Balmer understands marketing and chases the money. He does not understand computing.
Microsoft has lost enterprise. They have a large installed base but it dwindles. Years of defective and outdated products lost the market. And Microsoft no longer has any advantage on the desktop. The lock-in they once had with Exchange has gone: open source can connect to and replace Exchange. As businesses further rely on open source for enterprise functions they will choose desktop and mobile products that work best with their open source services.

Perhaps Balmer tacitly concedes the business market and refocuses Microsoft to chase consumer dollars.

It looks like we’ll get a bifurcated computer market. Business will use Linux and any open system that can use the tools. Consumers will get media computers, media boxes, and mobile media devices; all closed and hard to control.

Sad.

Wednesday 46

Enterprise-grade Open Source Software

Filed under: Open source — Tags: , — zundel @ pm

Delightfully succinct and authoritative summation of the state of play:

Supply, Demand, and Open Source Enterprise Adoption
by Eric Gries, CEO, Lucid Imagination

Now, more often than not, it delivers better software than commercial vendors — software that’s being adopted by successful companies where exasperated managers recognize they are being charged inflated prices to maintain and upgrade existing packaged software that simply isn’t as good as lower priced alternatives.

[….] the meritocratic development ethos of open source promotes only the best and brightest content through the engineering process, creating an environment of “frictionless innovation.” It is fundamentally a much better way to collaborate, ensuring that the features users really want end up in the product — with public peer review filtering out poor code. Compare this to the way most proprietary vendors move the development process forward. With only token input from customers, factions within the company battle it out to prioritize new features, usually optimized for a few of the largest customers or customer deals. If you’re not in that elect group, your needs won’t be met.

Older Posts »

Blog at WordPress.com.

%d bloggers like this: