Digital Common Sense

I know lots of folks have been posting wrap-ups for 2005, predictions for 2006, and even and occasional resolution or such here and there. I’ve been…well, out. Other things to do. Errand to run and things to do. New glasses today. Just running around taking care of things.

And now, the countdown hours are here, but I’ve gotta get my tux on and get moving. Going to go dance the night away at a black tie ball. You all be safe, be well, be happy.

New Year’s Eve, party, celebrate, black tie

Filed by Ken at 5:18 pm under General
No Comments

F-Secure : News from the Lab
Here’s an alternative way to fix the WMF vulnerability.

Ilfak Guilfanov has published a temporary fix which does not remove any functionality from the system (all pictures and thumbnails continue to work normally).

The fix works by injecting itself to all processes loading USER32.DLL. It patches the Escape() function in GDI32.DLL, revoking WMF’s SETABORT escape sequence that is the root of the problem.

Now, we wouldn’t normally blog about a security patch that is not coming from the original vendor. But Ilfak Guilfanov isn’t just anybody. He’s the main author of IDA (Interactive Disassembler Pro) and is arguably one of the best low-level Windows experts in the world.

More details from Ilfak’s blog: http://www.hexblog.com.

Ilfak recommends you to uninstall this fix and use the official patch from Microsoft as soon as it is available.

F-Secure, Ilfak Guilfanov, WMF vulnerability

Filed by Ken at 9:31 am under InfoSec
No Comments

Found this over wandering Jack Yoest’s site

If it’s not Core,
It’s going off-shore.

Every business has Core functions and Critical functions. It is the smart knowledge worker who knows the difference.
…
Anyway, if you are in a cubicle and never see a check writing customer, leave. Somewhere, someone in your company is shaking hands with a client, at this very moment. You must physically touch that customer, too.

And I don’t mean a phone call touch. I got a call center in Bangalore that does that. You must press a pound of flesh, not the pound button.

I’m just about sick of markets are conversations myself. But success is relationships. Personal relationship. People still buy from people.

Filed by Ken at 9:25 am under General
No Comments

Testing another Wordpress plugin called Simple Tags

Simple Tags, Wordpress, tags, Technorati

Filed by Ken at 2:00 pm under General
No Comments

I haven’t been involved in the women online discussions in a while, but this did catch my eye. The Pew Internet & American Life Project has published a new study on how women and men use the Internet.

Men continue to pursue many internet activities more intensively than women. At the same time, trend data show that women are catching up in overall use and are framing their online experience with a greater emphasis on deepening connections with people.

Some excerpts include:

The percentage of women using the internet still lags slightly behind the percentage of men. Women under 30 and black women outpace their male peers. However, older women trail dramatically behind older men.

Men are slightly more intense internet users than women. Men log on more often, spend more time online, and are more likely to be broadband users.

More online men than women perform online transactions. Men and women are equally likely to use the internet to buy products and take part in online banking, but men are more likely to use the internet to pay bills, participate in auctions, trade stocks and bonds, and pay for digital content.

Men are more likely than women to use the internet as a destination for recreation. Men are more likely to: gather material for their hobbies, read online for pleasure, take informal classes, participate in sports fantasy leagues, download music and videos, remix files, and listen to radio.

Men are more interested than women in technology, and they are also more tech savvy.

—– Note: They said that, not me. But there’s some fuel for discussion from a reputable source that you all can go flog to death.   

The entire report can be downloaded here.

Filed by Ken at 1:40 pm under General, Technology
4 Comments

You know, they aren’t always the bad guys
MSN Webcast: NYC New Year’s Eve Party Live

Thanks to Microsoft Corp. and its Windows Video service, on this New Year’s Eve, online visitors from all over the world will be able to enjoy a live video and audio feed of the New York City party coverage. This is the second consecutive year that MSN Video has webcast the Times Square New Year’s Eve festivities.

I’ll be off dancing the night away myself.

Filed by Ken at 12:57 pm under General, Technology
No Comments

December 29, TechWeb News — Microsoft promises to patch worsening zero−day flaw. As bleaker details emerged Thursday, December 29, about the threat posed by a zero−day vulnerability in Windows, Microsoft said it would produce a patch for the flaw but declined to put the fix on a timetable. In a security advisory posted on its Website, Microsoft confirmed the vulnerability and the associated release of exploit code that could compromise PCs, and listed the operating systems at risk. Windows 2000 SP4, Windows XP, Windows Server 2000, Windows 98, and Windows Millennium can be attacked using the newly−discovered vulnerability in WMF (Windows Metafile) image file parsing, said Microsoft. The advisory stated that Microsoft will “provide a security update through our monthly release process or providing an out−of−cycle security update, depending on customer needs.” Microsoft rarely goes out−of−cycle to patch a vulnerability −− it’s done so only three times since it began a once−a−month patch release schedule in October, 2003; the last time was over a year ago −− and didn’t patch early in December when another zero−day bug surfaced, even after experts called on the developer to fix fast.
Source

Filed by Ken at 12:19 pm under InfoSec, Technology
No Comments

December 28, Internetnews.com — Virus tempers MSN Messenger buzz. Finnish security firm F−Secure is reporting a new scam that is masquerading as the MSN Messenger 8 Beta (to be released in several months), which will be called Windows Live Messenger. Rather than a beta of Microsoft’s latest instant messaging (IM) client, users will download a virus file, BETA8WEBINSTALL.EXE. Once installed, the virus’ payload connects the users IM client to a botnet and sends download links to the virus file to everyone on the users contact list. A Microsoft spokesperson told internetnews.com that this threat does not exploit a security vulnerability, but relies on significant user action to spread to all the contacts in a user’s MSN Messenger contact list. With the declining cost of domain registrations, “throw−away” domains have become a popular breeding ground for transmitting viruses by hackers. MSN Messenger’s successor, Windows Live Messenger, is part of Microsoft’s rebranded “Live” initiative. According to the IM Logic Threat Center, MSN Messenger has borne the brunt of IM attacks with 43.1 percent of all attacks. In the last 90 days, the target has shifted to AOL’s Instant
Messenger (AIM) which now bears 44.8 percent of attacks in comparison to MSN Messenger at 26.1 percent in the same period.
Source: http://www.internetnews.com/ent−news/article.php/3573971

Filed by Ken at 12:19 pm under General
No Comments

December 28, WebProNews.com — AdSense Trojan could be on the loose. An Indian web publisher claims a Trojan program that replaces Google ads with a different set of ads has been found in the wild. A report on the TechShout website said a Trojan affecting AdSense has been discovered. Google has not confirmed this yet on the AdSense blog, but a web publisher named Raoul Bangera is said to have contacted Google about the problem. Google reportedly confirmed the information provided by Bangera, including screenshots, logfiles, and system files, demonstrated the ads displayed on his site were not legitimate. “We can confirm from the screenshots that these are fake Google ads, formatted to look like legitimate ads. We agree that this phenomenon is likely the result of malicious software installed on your computer,” Google reportedly said in response. Only small publishers appear to be affected, not premium publishers or Google sites.
Source

Filed by Ken at 12:19 pm under General
No Comments

For the Do-It-Yourselfers and those among us who just can’t resist fiddling and tweaking there’s an interesting story on Newsforge this morning, GNU Telephony Stack Announced

David Sugar writes “Tycho Softworks, a provider of free software based telephony solutions and migration support, today announced support for the GNU Telephony Software Stack. Tycho Softworks will offer and support a prepackaged GNU Telephony software stack so that developers of scalable enterprise, carrier hosted, and governmental telephony solutions can focus on developing their applications rather than on configuring the underlying platform.

The GNU Telephony stack has initially been packaged for use on RedHat and CentOS GNU/Linux distributions, and will later be packaged for Debain based GNU/Linux distributions such as Ubuntu. Support for the GNU Telephony stack will also be offered for other GNU/Linux distributions, as well as OpenSolaris and various forms of BSD systems such as FreeBSD, NetBSD, OpenBSD, and Mac OS/X. Limited support for some components of the GNU Telephony stack will also be available under Microsoft Windows.

The GNU Telephony stack currently consists of the CAPE Framework of GNU Common C 2, the GNU RTP Stack (ccRTP), and GNU ccAudio; SIP support using libeXosip2 as supported by antisip.com; H.323 support through the OpenH323 stack (soon Opal); Desktop VOIP clients LinPhone and GNOME Meeting; PartySIP and Ser SIP call servers; GNU Gatekeeper H.323 call server; GNU Bayonne2 Voice Application Server; and Telephony Drivers for Voicetronix and Sangoma computer telephony hardware.

Links to resources are in the story.

VoIP, open source VoIP, GNU

Filed by Ken at 12:19 pm under Unified Communications
No Comments

I’m a bit late posting this because I’ve been traveling to San Diego and in some early meetings here. Brian McConnell dropped me a note this morning to let me know that Open Communications Systems (OCS), the folks behind RadioHandi and a really interesting newer venture, Stream Codes, are listed up on the block for sale on VentureBeat.

Here’s the story on OCS and some great skiiniy on the details.

Open Communication Systems
Open Communication Systems, based in San Francisco with engineering and support offices in Buenos Aires, develops cutting edge group communication and multimedia content delivery services that are accessible on a broad range of computing platforms and communication networks. The company has completed development of two products, both derived from a common underlying platform based on open standards telecommunication and content delivery technology.

Beyond the sale announcement, Brian has a nice article online in the Venture Beat contributors section too.

An alternative to VC: “Selling In”
By Brian McConnell 10.10.06

Silicon Valley prides itself on its ability to transform entire industries, yet it is surprisingly resistant to change itself, notably in the way high tech deals are conducted, from investment to acquisitions.

I am a serial entrepreneur, currently on startup number three, having sold two previous businesses, one to a public company, and one to a private company. The third one is on the block now, at VentureBeat’s new marketplace VentureBoard.

The market for emerging technology deals is inefficient (unless you’re a hot property like YouTube). The process is broken. It forces entrepreneurs to spend a lot of time searching for acquirers or partners, and makes starting a business riskier. The way companies get funded and sold can cause entrepreneurs to think about raising money first, product second. While some companies like 37 Signals can bootstrap their way to profitability, this is the exception, especially in capital intensive industries like telecom.

Brian’s often described as a serial entreprenuer because he just loves starting new things, incubating them to get things started, and then looking at the next new thing. His viewpoints are well-balanced with some depth of experience in the telecom sector that sometimes eludes people. This article’s well worth a read.

Technorati Tags: Open Commnications Systems. RadioHandi, Brian McConnell

Filed by Ken at 12:19 pm under Unified Communications
No Comments

December 29, IDG News Service — Gunman attack unnerves Bangalore outsourcing industry. An attack by a gunman late Wednesday, December 28, at the Indian Institute of Science (IISc) in Bangalore, India has sent shockwaves through the city’s large outsourcing industry. One person was killed and four injured in the gunfire on the campus of IISc, one of India’s most prestigious educational institutes. They were part of a large group of scientists and professors that were coming out of a conference held in the auditorium of the IISc, when the gunman attacked. Bangalore police have so far said that they cannot definitely confirm that the attack was by terrorists. But the police have put the city on high alert and asked outsourcing companies to strengthen security. Earlier this year, police in India warned that the country’s software and services outsourcing industry and other high technology installations are likely new targets for a terrorist group operating in the country. On Monday, December 27, the Delhi police arrested three suspected terrorists who were planning to attack software parks in Bangalore and Hyderabad besides other targets, the police said. Documents seized from three members of the Lashkar−e−Toiba terrorist group, revealed that they planned to carry out suicide attacks on some software companies in Bangalore.
Source

---

Note: I’ve heard lots of comments, both positive and negative about outsourcing to Bangalore. I’ve got a tech sector friend who used to work in the optical networking division of Lucent Technologies who now lives and works there. Regardless of how you feel about outsourcing (the where work gets outsourced to is irrelevant), Bangalore is a key high-tech development and support center for the industry. This threat poses a real concern and could have far-reaching impact.

Filed by Ken at 12:18 pm under Technology
No Comments

Interesting read over on The Corporate Rat and The Elusive Cheese this morning as CorporateRat weighs in on SIP issues.

Infact, I think SIP has pretty much become a subject of its own market hype as well as lack of completeness of thought in the original ideas espoused. As far as I am concerned, today, SIP stands in the market as a ‘HTTP similar expandable protocol’ but to the developer, stands as a ‘Massive hack of spaghetti headers and rules”. [Full post here]

I’ve only recently found this blog, but the insights and knowledge these two bring to the VoIP sector is well worth following. Some great insights on the reality of foibles and faux pas in the evolution of SIP as a VoIP protocol.

SIP, VoIP

Filed by Ken at 1:31 pm under Unified Communications
No Comments

Here’s a news story -
December 28, Security Focus — Microsoft Windows Graphics Rendering Engine WMF format unspecified code execution vulnerability. Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. The issue may be exploited remotely or by a local attacker. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine. Microsoft Windows XP is considered to be vulnerable at the moment. It is likely that other Windows operating systems are affected as well. Security Focus is not aware of any vendor−supplied patches for this issue.
Source: http://www.securityfocus.com/bid/16074/discuss

---

Here’s details from US-CERT on how to deal with the problem

Vulnerability Note VU#181038
Microsoft Windows Metafile handler buffer overflow
Overview
Microsoft Windows is vulnerable to remote code execution via an error in handling files using the Windows Metafile image format. Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems. However, other versions of the the Windows operating system may be at risk as well.
I. Description
Microsoft Windows Metafile format images are graphical files that can contain both vector and bitmap-based picture information. Microsoft Windows contains routines for displaying Windows Metafiles. However, a lack of input validation in one of these routines may allow a buffer overflow to occur, and in turn may allow remote arbitrary code execution.

This new vulnerability may be similar to one Microsoft released patches for in Microsoft Security Bulletin MS05-053 (VU#433341). However, publicly available exploit code has been discovered that reportedly affects systems updated with MS05-053.

Current public exploits use the Windows Picture and Fax Viewer (SHIMGVW.DLL) as an attack vector affecting users of any Windows-based application that can handle Windows Metafiles. However, disabling the Windows Picture and Fax Viewer will not eliminate this vulnerability as it is currently thought to exist in the Windows Graphical Device Interface library (GDI32.DLL).

It has also been reported that Google Desktop may be another potential attack vector and that various anti-virus software products cannot detect all known variants of exploits for this vulnerability.

II. Impact
A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.

III. Solution
We are currently unaware of a practical solution to this problem.
Please be aware we have confirmed that filtering based just on the WMF or EMF file extensions or MIME type application/x-msMetafile will not block all known attack vectors for this vulnerability. Filter mechanisms should be looking for any file that Microsoft Windows recognizes as a Windows Metafile by virtue of its file header.

Do not access Windows Metafiles from untrusted sources

Exploitation occurs by accessing a specially crafted Windows Metafile. By only accessing Windows Metafiles from trusted or known sources, the chances of exploitation are reduced.

Attackers may host malicious Windows Metafiles on web sites. In order to convince users to visit their sites, those attackers often use a variety of techniques to create misleading links including URL encoding, IP address variations, long URLs, and intentional misspellings. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.

Block access to Windows Metafiles at network perimeters

By blocking access to Windows Metafiles using HTTP proxies, mail gateways, and other network filter technologies, system administrators may also limit potential attack vectors.

Reset the file association for Windows Metafiles

Remapping Windows Metafile files to open a program other than the default Windows Picture and Fax Viewer may prevent exploitation via some attack vectors.

Systems Affected
Google Unknown 28-Dec-2005
Microsoft Corporation Vulnerable 29-Dec-2005
Mozilla, Inc. Unknown 28-Dec-2005

References
http://www.us-cert.gov/cas/techalerts/TA05-362A.html
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://isc.sans.org/diary.php?rss&storyid=972
http://isc.sans.org/diary.php?storyid=975
http://secunia.com/advisories/18255/
http://www.securityfocus.com/bid/16074
http://vil.mcafeesecurity.com/vil/content/v_137760.htm
http://www.f-secure.com/weblog/archives/archive-122005.html#00000753
http://www.symantec.com/avcenter/venc/data/bloodhound.exploit.56.html
http://www.ciac.org/ciac/bulletins/q-085.shtml

Credit
This document was written by Jeffrey S. Havrilla.

Other Information
Date Public 12/27/2005
Date First Published 12/28/2005 11:59:50 AM
Date Last Updated 12/29/2005
CERT Advisory
CVE Name CVE-2005-4560
Metric 45.60
Document Revision 32

Filed by Ken at 10:12 am under InfoSec
No Comments

This from F-Secure early today -

There’s a new zero-day vulnerability related to Windows’ image rendering - namely WMF files (Windows Metafiles). Trojan downloaders, available from unionseek[DOT]com, have been actively exploiting this vulnerability. Right now, fully patched Windows XP SP2 machines machines are vulnerable, with no known patch.

spyware_traffic.png

The exploit is currently being used to distribute the following threats:
Trojan-Downloader.Win32.Agent.abs
Trojan-Dropper.Win32.Small.zp
Trojan.Win32.Small.ga
Trojan.Win32.Small.ev.

Some of these install hoax anti-malware programs the likes of Avgold.

spyware_warning.png

Note that you can get infected if you visit a web site that has an image file containing the exploit. Internet Explorer users might automatically get infected. Firefox users can get infected if they decide to run or download the image file.

In our tests (under XP SP2) older versions of Firefox (1.0.4) defaulted to open WMF files with “Windows Picture and Fax Viewer”, which is vulnerable. Newer versions (1.5) defaulted to open them with Windows Media Player, which is not vulnerable…but then again, Windows Media Player is not able to show WMF files at all so this might be a bug in Firefox. Opera 8.51 defaults to open WMF files with “Windows Picture and Fax Viewer” too. However, all versions of Firefox and Opera prompt the user first.

As a precaution, we recommend administrators to block access to unionseek[DOT]com and to filter all WMF files at HTTP proxy and SMTP level.

F-Secure Anti-Virus detects the offending WMF file as W32/PFV-Exploit with the 2005-12-28_01 updates.

We expect Microsoft to issue a patch on this as soon as they can.

And this

Over the last 24 hours, we’ve seen three different WMF files carrying the zero-day WMF exploit. We currently detect them as W32/PFV-Exploit.A, .B and .C.

Fellow researchers at Sunbelt have also blogged about this. They have discovered more sites that are carrying malicious WMF files. You might want to block these sites at your firewall while waiting for a Microsoft patch:

Crackz [dot] ws
unionseek [dot] com
www.tfcco [dot] com
Iframeurl [dot] biz
beehappyy [dot] biz

And funnily enough, according to WHOIS, domain beehappyy.biz is owned by a previous president of Soviet Union:

Registrant Name: Mikhail Sergeevich Gorbachev
Registrant Address1: Krasnaya ploshad, 1
Registrant City: Moscow
Registrant Postal Code: 176098
Registrant Country: Russian Federation
Registrant Country Code: RU

“Krasnaya ploshad” is the Red Square in Moscow…

Do note that it’s really easy to get burned by this exploit if you’re analysing it under Windows. All you need to do is to access an infected web site with IE or view a folder with infected files with the Windows Explorer.

You can get burned even while working in a DOS box! This happened on one of our test machines where we simply used the WGET command-line tool to download a malicious WMF file. That’s it, it was enough to download the file. So how on earth did it have a chance to execute?

Google desktop
The test machine had Google Desktop installed. It seems that Google Desktop creates an index of the metadata of all images too, and it issues an API call to the vulnerable Windows component SHIMGVW.DLL to extract this info. This is enough to invoke the exploit and infect the machine. This all happens in realtime as Google Desktop contains a file system filter and will index new files in realtime.

So, be careful out there. And disable indexing of media files (or get rid of Google Desktop) if you’re handling infected files under Windows.

---

I spent a portion of the day getting some folks prepared for the inevitable, but spotted this later in the day, thanks to Xavier Ashe for this workaround which will indeed protect systems -

For this WMF exploit: Until Microsoft patches this thing, here is a workaround:

From the command prompt, type REGSVR32 /U SHIMGVW.DLL.

You can also do this by going to Start, Run and then pasting in the above command.

This effectively disables your ability to view images using the Windows picture and fax viewer via IE. This is an old Windows feature that doesn’t even show up under programs. Not “core” or critical.

However, it is a preventative measure. If you are already infected, it will not help.

All it does is to prevent the WMF file from being opened in the viewer where the bug is that makes it execute the code in the picture.

Works for IE, should work fine for Firefox users as well.

From SunBelt Blog.

Filed by Ken at 9:22 pm under InfoSec
No Comments

I resolve to not say anything bad about Microsoft.
I resolve to not say anything bad about Cisco.
I resolve to not say anything bad about the current adminstration.

Yeah, right. They are what they are. Obvious targets. As long as they remain obvious, they remain targets.

In a word - Simplify

That’s easier said than done and sometimes it takes more to achieve less, but simplification of daily life is my single over-arching goal for 2006. I see two ways to achieve simplicity. Tools that make life easier. And saying no. Just say no. Don’t ever underestimate the power of no. It’s always wise to remember without billing, it’s just a hobby.

Interestingly enough, lately it seems I’ve been using that phrase, digital common sense, a lot more in casual conversation again. It was a key motivator in bringing this blog to life (about four platform iterations and five years ago) after blogging in other spots. I sense a refocusing of thought in areas tied to digital common sense in the months ahead. Call it a disturbance in the force…

Conferences, Un-conferences and Camps (oh my!)

As in the past year or three, I will not attend conferences about conferencing, blogging, metablogging and other exercises in self-abuse. After all, what’s the point really. Trackbacks in person, right? (In the old days we called that a slap on the back. Who wants to hang out with a room full of people breaknig their arms slapping themselves on the back?) I will be un-available to participate in un-conferences because they’re inherently un-interesting. Camps involve tents, trailers, fishing and hiking.

I will attend real industry events of substance, VON, Internet Telephony, RSA, and other real trade show events qualify. IEEE conferences count as real events of substance. They have value.

Technology

I’ll buy a new laptop very soon. Windows XP Pro. Most likely a Dell Latitude D810. I have three Latitudes now and they’ve been good solid machines. I do confess I’ve seriously considered a Powerbook. At this point it’s only commercial software I already own that keeps me tethered to Windows for my primary machine. The call of the Mac is strong and before the next cycle of requiring new machines comes around, I will begin that switch. I will replace two Windows laptops with one Powerbook. But that doesn’t mean I’ll be firing Microsoft. It just means more of a blended environment.

I won’t explore Vista in 2006. No media center. Don’t need them. I remember plug and pray. I’ll wait until there’s some viable, sustainable reason to make those changes.

I will fine tune the Asterisk server I recently brought online. More VoIP. More open source tools.

More wireless. More mobility. More untethered Internet.

Geek Dinners

I will have dinner with one or more geeks this year, on several occasions, but will continue avoiding the herding instinct that takes over when geeks run in packs.

Road Trips

More road trips this year. I will continue to avoid air travel other than when necessary for business. Planning one trip to Backus, MN at some point later in the year. Another road trip to CA. Hoping to squeeze in a road trip to Ketchikan. Road trip tools include -

There will be more

Hiking, biking, photography. Good wine. Good music. Dancing. Good friends. Family time, especially with Connor. Good coffee. Flyfishing. Golf. More writing.

More focus on the real communities on the net. Not the technologies or technologists, but the people at the ends who really make up the communities. Not contrived communities, but naturally forming communities of interest.

I shudder to think it, but there will be more podcasts. More to follow on that a bit later, but there will be more. And while I do listen to podcasts and music on my LifeDrive, I anticipate in 2006 I’ll become one of the pod people. There will also be more podcasting over in the Realtime VoIP Community here. I anticipate things like podcasts live from industry events (not blogging an event, podcasting interviews near real-time). And yes, it’s quite likely that webcasting video will also come into play, from events and perhaps in the form of online tutorials.

There will be less

Less work hours. Less intensity. Less stress. Less technical writing.

Less attention paid to things like Technorati, A-lists, metablogging, closed jargon about the net. These things are irrelevant and only suck life force away from things that matter.

—–
I’d like to be less snarky in ‘06 (just a touch less), but some folks make that a real challenge. So will some of you all make that a bit easier but not being such obvious tools and easy targets. It’s hard not to lose all patience with some of you. (hehe that will have a couple people wondering all year long who I’m talking about.)
—–
Carpe Noctum

Digital Common Sense, Simplify, road trips, conferences, un-conferences, camps, geek dinners, podcasting, Realtime VoIP

Filed by Ken at 9:03 pm under General
No Comments

CSO Fundamentals: ABCs of Physical and IT Security Convergence - CSO Fundamentals

Call it convergence, call it holistic security management. By either name, it’s the subject of much talk these days. Here’s the definition of convergence and an explanation of the desired payoffs and unexpected pitfalls that can obstruct efforts to get all security functions working off the same page.

Very good article on the need for a holistic approach to security. I recently wrote about the lack of holistic network and security management myself.

IT security, convergence

Filed by Ken at 9:02 pm under InfoSec
No Comments

I found another interesting blog today thanks to Rich Tehrani. Here’s a sample from The Corporate Rat and The Elusive Cheese: Call 2.0?

VOIP is a giant leap forward in dragging us “Call Processing” types out of the dark ages to the modern world. SIP is the motivation.

While SIP improved the interoperability between systems, it did not take away the inherent complexity of developing voice applications. Many of us VOIP application vendors basically built proprietary constructs from scratch (a HUGE benefit) that helped develop applications rapidly.

Filed by Ken at 9:02 pm under Technology, Unified Communications
No Comments

The Year in Review for Security

by Robert McMillan for CSOonline.com

If there was one force driving the computer security industry this year, it was money, plain and simple. Gone were the days when teenage hackers vied for bragging rights by defacing a website or writing an annoying worm. In 2005, a more sinister class of hacker emerged, working for money and often using quieter, more precise techniques. This was also the year that the financial cost of security breaches became crystal clear, thanks to a California disclosure law that is expected to become a model for upcoming federal legislation in the U.S.

Highlights include:

• Crime pays, when you’re online
• Privacy matters
• The network becomes the target
• Rootkits for everyone
• Microsoft eyes the security market

Filed by Ken at 12:05 pm under InfoSec
No Comments

Where are Rootkits Coming From?

Where are Rootkits Coming From?
By Ryan Naraine
December 7, 2005

The sharp rise in rootkit detections on Windows machines is a direct result of adware/spyware vendors using sophisticated techniques to hide processes and prevent uninstallation, according to anti-virus vendor F-Secure Corp.

The Finnish company, which ships an anti-rootkit scanner in its security suite, has identified ContextPlus, Inc., makers of the Apropos and PeopleOnPage adware programs, as the company responsible for a large number of stealth rootkit infections.

Nice writeup on rootkits and some of the problems we all live with every day.

rootkits, vulnerabilities, InfoSec

Filed by Ken at 12:05 pm under InfoSec
No Comments