Digital Common Sense

So I have to ask -

Zune This November with VoIP Om Malik

Microsoft Zune rumors continue to swirl. Engadget is reporting that Microsoft’s “seamless music experience” device/service, Zune will launch on November 14, presumably with much fanfare. Engadget says that the device is going to have a 30 GB storage device and will have a FM Tuner along with Wi-Fi.

Does anybody give a rabbit’s fart that Microsoft finally sald me too in response to the iPod? Really? I mean, I confess that tie iPod’s pretty much a yawner for me. There were times I wanted one, but I’ve always had at least two other devices that did what I need pretty well. A $400 iPod today is simply the $7 transistor radio of yesteryear.

I just don’t get it. And Microsoft continues to unimpress…

Technorati Tags: Zune, yawn. Microsoft, boring

Filed by Ken at 6:34 pm under Technology
No Comments

July 27, Register (UK) — United States cedes control of the Internet. In a meeting that will go down in Internet history, the United States government Wednesday night, July 26, conceded that it can no longer expect to maintain its position as the ultimate authority over the Internet. Having been the Internet’s instigator and, since 1998, its voluntary taskmaster, the U.S. government finally agreed to transition its control over not−for−profit Internet overseeing organization Internet Corporation for Assigned Names and Numbers, making the organization a more international body. However, assistant commerce secretary John Kneuer, the U.S. official in charge of such matters, also made clear that the U.S. was still determined to keep control of the net’s root zone file −− at least in the medium−term.
Source

Note: The rest of the world says “you are not the boss of me.”

Technorati Tags: Internet, ICANN, you are not the boss of me

Filed by Ken at 11:13 am under Technology
No Comments

I’ve been involved in a number of conversations about Skype security with vendors, VoIP practitioners and network security managers for the last several months. I recently tagged an article by Antonio Nucci, CTO at Narus on the subject. Dr. Nucci’s article entitled Skype Detection: Traffic Classification In the Dark is online and well worth reading if you’re interested in the Skype security issue.

Here are some key observations and excerpts -

…perhaps more importantly, the very nature of Skype traffic is raising security concerns, especially for large enterprise networks. Skype uses a unique peer-to-peer technology, making it challenging for network operators to identify, classify and manage associated traffic.

Here’s a succint description of the dileman from a security manager’s viewpoint -

In order to avoid detection, many peer-to-peer applications, including Skype, change the port that they use each time they start. Consequently, there is no standard “Skype port” like there is a “SIP port” or “SMTP port”. In addition, Skype is particularly adept at port-hopping with the aim of traversing enterprise firewalls. Entering via UDP, TCP, or even TCP on port 80, Skype is usually very successful at passing typical firewalls. Once inside, it then intentionally connects to other Skype clients and remains connected, maintaining a “virtual circuit”. If one of those clients happens to be infected, then the machines that connect to it can be infected with no protection from the firewall. Moreover, because Skype has the ability to port-hop, it is much harder to detect anomalous behavior or configure network security devices to block the spread of the infection.

Peer-to-peer technologies concern us because they establish virtual connections that bypass corporate securiy. Port-hopping technologies concern us because they consciously work to evade corporate security, and they’re harder to detect. Evasion techniques are things expected of the “bad guys.”. Legitimate corporate software solutions don’t need to evade corporate security. Any technique that uses port-hoppign evasion is suspect right out of the gate.

Here’s what he says about the whole supernode issue:

Supernodes

Like its file sharing predecessor Kazaa, Skype employs an overlay peer-to-peer network. There are two types of nodes in this overlay network, ordinary hosts and super nodes. An ordinary host is a Skype application that can be used to place voice calls, send text messages, etc. A super node is an ordinary host’s end-point on the Skype network, meaning that any ordinary host must first connect to a super node and authenticate itself with the Skype login server. Any node with a public IP address having sufficient CPU, memory, and network bandwidth is a candidate to become a super node - including machines that reside on enterprise networks. Because Skype super nodes are created dynamically, and could conceivably consume as much bandwidth as is available to them, enterprise IT managers consider these super nodes a significant risk to the health of their network.

That’s important! Skype supernodes can caonceivably consume all available bandwidth. I’m involved with one network that has 3 100 Mbps connections to the Internet. 300 Mbps isn’t cheap. And yes, if Skye port-hops to evade detection and uses PCs that users put in place as supernodes, Skype is stealing resources from the corporation. Period.

“Traffic classification in the dark” is a technique Nucci describes using two different approaches -

• Payload-signature model: TCP and UDP streams of packets are processed first by the payload-signature application. The payload of each incoming packet is matched against a large set of constantly signatures. A match is achieved using proprietary algorithms that guarantee excellent performance at very high-speed (up to OC48). The majority of standard protocols (and their associated applications) are promptly classified by this application.
• Behavioral-signature model: Any TCP and UDP streams not classified by the Payload-signature application are forwarded to the Behavioral-signature application. Streams of packets with encrypted payloads, emerging P2P protocols for which a signature is not available, or multimedia applications using proprietary technologies (such as VoIP, Video, Gaming, File Transfer, Chat, etc) fall into this family.

I know I’ll be doing some more work and research in this area because I bump into it daily. As your business looks at VoIP solutions, while I’m a big fan and user of Skype in my personal life, I encourage yoo to look askance at Skype on your corporate network. Go read Dr. Nucci’s full article.

Technorati Tags: Skype, security, detection, Infosec, VoIP security, port-hopping, evasion

Filed by Ken at 9:10 pm under General
No Comments

I didn’t get the SightSpeed upgrade installed and tested last night. Their servers were pretty busy and it got late, so I put it off until today. I’ve since upgraded two machines and played a little bit with it. Let me share a couple of impressions.

First and foremost, it just works. No mucking about with anything. Out of the box, it just works. Given the environments we all work in today, that’s an important distinction. There are too many software solutions that require a ton of fiddling with. Not SightSpeed.

The changes in the software are nearly invisible. The codec revisions are built in, so the quality improvement really just happens quietly behind the scenes. Most of you have seen screen shots before, but here’s the screen shot of a call to myself.

Its a simply and friendly inteface. Note that I have a small window showing me inthe lower right. The larger window is the person I’m talking to. The self-view can be easily toggled off and on, and the whole thing is easily blown to full screen. 30fps, great quality video on live calls. And great voice quality too.

The calling out feature to the the PSTN is easy to set up and use. Inbound calling looks just as easy, but since they don’t yet support Washington numbers, I didn’t set one up yet. That’s all technology I’m sure the SightSpeed folks have mastered. I’ll be setting that all up as soon as WA shows up on the list of available states and area codes.

For many people, the hot new feature is placeshifting TV. While that doesn’t particulary excite me, here’s a screen shot of that.

Note the video quality. Channel hopping is easy and fast. If you’re looking to placeshift your TV stream, this could be a great tool. From a business perspective, I bet you could placeshift video surveillance cameras easily and set them up so they could be pulled up on demand for centralized monitoring. I was really impressed with this feature’s quality and ease of use. It’s just probably not something I’d use personally for my home TV viewing. I don’t watch enough to find the value. Then again, I don’t do Tivo or Slingbox or any other extras either.

You can record your own videos and post them on your blog. That’s right, you can be the next cross between YouTube and Rocketboom right there at your computer. Easily and quickly. I’m not at a point in the day I can kick out a video blog post, but I’d suggest you check out the SightSpeed Guy. He’s the master at these.

Feel free to check it out. Note that you have to be running IE. It doesn’t work under Firefox. Still a neat little addition to the mix.

I like SightSpeed because the video quality is awesome. I do Skype video some, but it doesnt’ hold a candle to this. The vioce quality is superb. The developers are focused on integration, interoperabilty and new things. I can tell you that this version went online last night and they’re already hard at work on the next version. The SightSpeed team doesn’t let grass grow under their feet at all.

There are things I hope to see in future releases. For me the big missing piece is recording the audio and peeling it off to something for podcasting. I’d like to be able to record longer sessions. Much longer. I’d like to be able to sign up for a premium business service that lets me record 30 minute webcasts. I’d like to record calls in both video and audio. I’d like SIP URL calling both inbound and outbound. I think those things will come. They’re an industrious team of folks

In a couple of weeks, I’ll be in Santa Clara for the VoIP Developer conference. I’m hoping to make a run to Berkeley and tour their offices and maybe even do a video with the SightSpeed Guy himself. in the meantime, I encourage you to check it out.

Technorati Tags: SightSpeed 5.0

Filed by Ken at 3:57 pm under Unified Communications
2 Comments

When I look at issues like Net Neutrality, a largely fabricated issue, I can’t help but observe (again) the serious disconnect between the two groups I’ll refer to as the Bellheads and the Netheads. The Bellheads are winning by the way. Sure the Netheads creat cool startups and think they’re making lots of money, but their revenues are generally peanuts to the Bellheads.

Need an example? Think about IM in the context of what it reall is…delivering text messages. How much revenue do you think the Netheads make from IM? Combine AIM, MSN and Yahoo all together. How much revenue do you think the wireless carriers make from text messagin? Who wins the revenue war?

That isn’t the only place the Bellheads win. Look to political process. I’ve often wondered about our own ranks. Jeff Pulver. David Isenberg. Tom Evslin. Several others. Leading voices fighting the battle from without rather than stepping into the political fray of politics to redirect the system from within. If we’re going to win some measure of control away from the Bellheads, there is only one way. The political power base needs to shift. Netheads have to become the influencers of policy, something we are clearly not today.

One way to do this is for many of use to run for office. To shift from the things we love to the things we want changed. Most of us are loathe to do so. I know I have no interest in political office. My passion for change isn’t so great that I care to make that change.

I personally have taken a different path. The grow your own Senator approach. My oldest son has intense political interests. He’s also in a different generation than I. The next generation of influencers. The next generation of leaders. The next generation of Senators. He doesn’t often talk of his personal politcal aspirations, but down inside, I know they exist. I do what I can to encourage that personal growth and pursuit of passion. And I try to help him bridge the gap to my generation by promoting new technologies and using technology from with the political process. For change. For new campaigns. For new public services. For good.

Today this appeared in the Daily Kos. Note this is a reference to my son, not to me -

Ken Camp’s The Revolution Has Begun looks at the use of newer technology - text messaging podcasts, etc. - in various campaigns.

I’d encourage the rest of you in my generation to chase your options. You can invest of yourself in making change, or you can foster change in the next generation of politics. Either will bring change. You can also blog about it, talk about it, post about it and whine about it. That will feel good perhaps, but it won’t bring change. Be an agent of change rather than a strident voice raging against the machine to no productive end.

This public service announcement brought to you by one too many cups of coffee after dinner.

Amended 15 minutes after I posted to add this link http://www.dailykos.com/story/2006/7/25/233213/844

Technorati Tags: politics, Ken Camp, Net neutrality, be an agent of change

Filed by Ken at 10:16 pm under Politics
No Comments

I’m cross posting this here from my orginal post on the Realtime VoIP Conversation.

Regular readers know by now that while it isn’t an application that has depth of enterprise penetration yet, I’m  one of SightSpeed’s biggest supporters. You should know that support comes as a user and customer and friend. I don’t have any business relations or financial relationship with SightSpeed. But I talk to them often and manage to stay pretty close to what they’re doing. In the morning they’re going to send a press release out about version 5.0, which will be available tomorrow. I haven’t seen the new version yet, but I have been using the 4.6 release that provided a lot of the foundation work for 5.0. If you haven’t looked at SightSpeed lately, you’ve missed some dramatic improvements in the last two releases, and this 5.0 release will be the biggest leap yet.

I’ll be watching the servers tomorrow to get upgraded as soon as it’s available, and I’ll be looking for some of my Speed-list contacts online to see just how good this new release is.

Oh, and while it won’t go out to the world at large until tomorrow morning, here’s the press release scoop.

(Berkeley, Calif.—July 26, 2006) On Wednesday, July 26 at 9 p.m. (PDT), SightSpeed, the leading provider of free and premium personal video services over the Internet, will unveil the latest version of its award winning personal video services with the debut of SightSpeed 5.0.

With 5.0, SightSpeed will offer the highest quality and first complete suite of easy-to-use personal video services that are delivered over the Internet for both Windows PCs and Macintosh personal computers and are interoperable between both.

SightSpeed Voice Only Calling (VoIP)
In addition to significant enhancements to its award winning video communications services, SightSpeed 5.0 adds all new PSTN Out and In-calling features, giving SightSpeed users the ability to make and receive great quality voice calls to and from regular telephones and cell phones at competitive rates. SightSpeed 5.0 also introduces free and unlimited PC to PC voice-only calling which, as do all of SightSpeed’s award winning features, works cross platform between Macs and PCs. With 5.0, SightSpeed’s real-time communications suite is complete with the best quality video and voice over IP (VVoIP), voice over IP (VoIP) and text (IM) solution.

SightSpeedTV
SightSpeed 5.0 also introduces a new breakthrough extension of its personal video services with SightSpeedTV, a revolutionary place shifting television viewing feature that gives users with a TV capture card the ability to watch their TV anywhere in the world on their PC or Mac for personal use. SightSpeedTV requires no additional hardware and comes complete with an intuitive “remote control” interface, enabling true channel surfing. SightSpeedTV will be introduced as a beta feature that is available for free to all SightSpeed users.

Significantly Enhanced Video
While fleshing out its overall suite of best in class personal video services, SightSpeed 5.0 stays true to the company’s central mission of providing the world’s best free Internet video communications services. SightSpeed adds a new enhanced video codec to 5.0 and, once again, raises the bar for video calling and makes the best even better. Users of SightSpeed 5.0 will immediately see significantly enhanced video clarity across all network conditions, while continuing to experience full 30 frames per second video, no latency, and perfect synch of video and voice unmatched by any other service.

“The first thing that will strike 5.0 users will be the amazing video quality and clarity delivered by our new enhanced video codec,” said SightSpeed’s CEO, Peter Csathy.

Overall Usability Improvements
Recognizing the importance of its fast-growing Mac user base, SightSpeed 5.0 places the Mac user experience at true parity with the PC experience. SightSpeed 5.0 also adds important enhancements to its video blogging capabilities with extended two minute video recording time; and to overall ease of use, including support for portable devices and the introduction of “My SightSpeed” click-to-call buttons that can be easily placed in blogs, websites and emails.

“With SightSpeed 5.0, our goal was to delight our users by offering the world’s first complete suite of personal video services available anywhere, giving them the best and easiest to use one-stop communications and content creation and publishing solution, as well as new SightSpeedTV,” said Csathy. “This true Web 2.0 mash up shows that imagination, innovation and fresh ideas are central to both our company’s culture and our product strategy.”

“SightSpeed always has led the pack in video communications over the Internet, and delivering best-in-class video experiences always will be central to the SightSpeed brand and to what we do as a company,” added Csathy. “With SightSpeed 5.0, we have strengthened our leadership position by applying our unique expertise and technology to significantly enhance and extend our personal video services. Expect to see more innovation in the future as we give our users the ability to experience SightSpeed more richly beyond their desktops, in their living rooms, and in the mobile world.”

About SightSpeed Inc.
SightSpeed offers consumers and small businesses the most complete and compelling suite of personal video services over the Internet. 

SightSpeed’s award-winning free and premium services include best in class video and voice over IP (VVoIP), voice over IP (VoIP), and text messaging (IM). SightSpeed offers advanced community features, including a public directory and an easy-to-use video creation platform that gives users the ability to record and publish original user-generated content to blogs, websites and emails. SightSpeed also offers SightSpeedTV place-shifting features, as well as support for mobile personal video. SightSpeed’s suite of industry-leading video services offers unique opportunities for video-enabled advertising and e-commerce, in addition to communications, content creation and publishing.

Founded in 2001 and based in Berkeley, California, SightSpeed is a privately held company funded by The Roda Group, best known for launching the company Ask Jeeves.

# # # #

Technorati Tags: SightSpeed, unified communications, video, VoIP

Filed by at 8:22 pm under Unified Communications
No Comments

I confess, hugh inspires me to draw cartoons, even though I do it poorly. I use his basic characters to frame many of my own thoughts. I do this in my paper journal. I don’t have a tablet PC, nor do I really want one. This is simply an experiment in Treo art. Nothing more.

Filed by Ken at 4:45 pm under General
No Comments

I post news clips from a variety of sources here. Typically I post them with no or little comment, simply sharing information I get with those of you who might not see it in a timely manner. I get a lot of news from a lot of different places. Sometimes the stories warrant comments.

July 21, Information Week — UBS trial aftermath: Even great security can’t protect you from the insider. The recent UBS PaineWebber computer sabotage trial is a perfect example of the damage that can be caused by a knowledgeable insider with high−level access and an axe to grind. A company employee is already inside the perimeter, where the vast majority of the protective technologies sit. That same employee also knows what information is most vital to the company’s ability to make money and sustain itself. He has knowledge of passwords, and he also probably knows what kind of machines and operating systems the company is running. An IT professional has all this information, plus he has access to the inner workings of the infrastructure. He has high−level privileges that allow him access to key servers and databases, and possibly even root−level access, which would give him all−encompassing power over the system. UBS PaineWebber’s network was hit by a logic bomb in March of 2004. A jury last week found Roger Duronio of Bogota, NJ, guilty of two crimes: computer sabotage for building, planting and distributing the malicious code that brought down nearly 2,000 servers on the company’s nation−wide trading network; and securities fraud.
Source

The single greatest threat to any network is a trusted insider. Let me repeat that - The single greatest threat to any network is a trusted insider. This story demonstrates a perfect example, but there are many variations on the theme. This story plays out the worst possible example, a malicious, trusted user. Someone with an axe to grind.

Trusted insiders can also be naive. They can install applications that evade or violate corporate security policies. (See Skype thread here). Naivete is a common cause of problems and network security breaches. Naivete is often driven but lack of understanding of corporate policies. It’s also common among users who just want to do things they see as helpful to them in their job. They’re looking for productivity gains in some way.

And yes, trusted insiders can sometimes just do something boneheaded. It happens. Shit happens.

Education and awareness are the most effective tools Top level managers need to drive a corporate culture and creat a set of behaviors whereby every employee in a company feels a sense of stewardship toward protecting copmany information. This is an element of corporate culture and it can only be built over time, and only succeed when managers, all managers, lead by example.

I’m reminded of a time when I was working on military systems and was lectured by a Navy admiral on how crucial security was and how strong his units policies were. And how he was a strong leader who insisted everyone from the top down take ownership for their actions. I confess, I set him up for this both purposely and purposefully. Ocne he finished lecturing me, I reached into my pocket and retrieved the key to his STU-II encrypted phone which he had left in the telephone. I’d removed it two days earlier. I tactfully suggested he revisit those policies wih his team. And all he could do was grin sheepishly and try to give me a bullshit excuse. And we both knew it. But I’d bet he hasn’t walked off leaving open access to a secure phone since.

I say again, because this is important - The single greatest threat to any network is a trusted insider

Technorati Tags: Infosec, network security, trusted insider, The single greatest threat to any network is a trusted insider

Filed by Ken at 1:49 pm under InfoSec
No Comments

Tom Keating did a really nice writeup of SightSpeed yesterday.

SightSpeed 5.0 VoIP and remote TV (Slingbox) functionality impresses

July 24, 2006

Recently, I wrote an article titled “The Perfect VoiP Softphone and IM client”, where I listed my top requirements for the perfect softphone. Indeed, my perfect softphone client was much more than your typical softphone so I offered an alternative name - “unified communications client”. For instance, one really cool feature in my “wishlist” is “Streaming of my personal video and audio files to my buddies. Think Slingbox or Orb Networks.”

I think his closing paragaph summed it up nicely from my viewpoint -

Well, there isn’t a software client today that “does it all”, but SightSpeed comes damn close.

SightSpeed sent me their latest software v5.0 to try out, which features not only voice over IP and high-quality videoconferencing, but also the aforementioned Slingbox-like functionality to access a remote TV tuner card. They call this feature SightSpeedTV and although technically in beta, I was pretty impressed with the performance.

I confess that even though I talk to the SightSpeed team all the time, I wasn’t in on any pre-release view of SightSpeed 5.0. I really haven’t seen the new features…yet. But according the email I got last night, tomorrow’s the day, but I already knew that. Here’s the email that went to SightSpeed members and users -

On Wednesday July 26, 2006 SightSpeed will be releasing the new and improved version 5.0 of our award-winning SightSpeed personal video and voice service.

We will be implementing this upgrade to our service between 5pm and 9pm US Pacific Standard Time. During the upgrade you will be unable to use SightSpeed. When logging in after the upgrade, you will be prompted to download the new version.

This is a free update. As with all SightSpeed service updates, your preferences, settings, and contact list information will be maintained.

We hope that you enjoy the new version of SightSpeed. If you have any questions, please contact us at info@sightspeed.com.

Technorati Tags: SightSpeed

Filed by Ken at 10:04 am under Unified Communications
No Comments

This caught my eye last week, but I’ve been tangled up with a couple of really labor intensive projects and I really needed to think about how to put this in perspective. I play several different roles in my technology professional life. Beyond my VoIP work, network security makes up a large part of my professional work. Perhaps larger than the VoIP work much of the time

I’ve put my security hat on time and again to look at Skype. I do this in part because I use Skype actively. I SkypeIn. I SkypeOut. I Skype mobile from my Treo. My office telephone number is a SkypeIn number (and yes, I have alternate numbers from other solution providers).

In my security role, Skype poses a number of problems.As a network designer, it poses even further problems. Let’s explore why in this post from VoIPendium

VoIPWiki: “Supernoded” by Skype

Skype turns out to not to be as “FREE” some thought. I admit to using Skype and never gave the user agreement a second glance.

Check out this from Skype’s agreement:

“4.1 Utilization of Your computer. You hereby acknowledge that the Skype Software may utilize the processor and bandwidth of the computer (or other applicable device) You are utilizing, for the limited purpose of facilitating the communication between Skype Software users.”

You basically let them have at your processing power and bandwidth. If you are lucky enough to be “NAT’’d” behind a firewall, you are OK and Skype can’t use your machine.

We forget that Skype is built as a “peer to peer” network and that users ARE the network.

I’ve spoken out several times about issues with corporate security and why enterprise security managers looks askance at Skype. Let me put this in perspective,

Picture a corporate network with a large number of users.  I’ll be the IT director. It’s a big enough environment to buy a 100 Mbps Internet connection. They really aren’t that uncommon. Let’s assume 5000 employees, with a 2% penetration rate for Skype. That’s right, only 100 Skype users on the network of 5000 people (plus servers, web services, email systems, e-commerce web page, CRM and ERP systems. Standard business apps)

Let those users autostart Skype at boot time and be slovenly users who don’t turn their computers off when they leave for the day. We know there are lazy people everywhere who do this.

Since I’m the IT director, let me ask something. Did my network that I pay for…my network that I manage…my bandwidth to the Internet…did that just get turned into Skype’s resource of supernodes because I buy my staff high-end computers and resource my network properly?

I read that projecting the financial numbers Skype makes $1.56 per user per year spread across their customer base. Are they making that money by stealing my resources and riding on my network?

Now do you understand why security and IT managers dislike Skype? Skype’s a thief because it uses my naive corporate employess as proxies to steal my resources. My CPU cycles, my bandwidth, my network.

Is Skype network theft by proxy?

Technorati Tags: Skype, Supernodes, network resource theft, proxy theft

Filed by Ken at 9:52 pm under InfoSec, Technology
No Comments

Om asked and noted -

How Many Google Talk’rs Really?
The New York Times’ story on Yahoo v Google, says that only 44,000 Google Talk users. That can’t be true, and just doesn’t make sense.

comScore data shows a total of 976,000 unique users in June. comScore quantifies this number with “total activity” metric, which perhaps should be the only number that should matter. I have asked for clarifications from comScore. They have promised to get back shortly with more details. Worldwide, comScore data shows a total of 7,126,000 Google Talk users, and around 3 million people actually using the service daily.

Update: This just in from comScore:

“976 [thousand] have the google talk application installed on their computer, 44 [thousand] of that total have engaged in IM talks.” So in other words, the 44,000 represents the number of people who were actually using the application by engaging in IM conversations. The larger number refers to the number of times the application initiated on a computer, irrespective of it ever being engaged. So it looks like the 44,000 figure is the more appropriate comparison. It appears to be a lot smaller domestically than other IM apps

I’m not sure if I think that’s a high number or a low number. It is a deplorable number. It’s a deplorable, “pull that embarassement out of service” number. Then again, how much have you used GoogleTalk, Gtalk or pick a name? Be honest. Like all of us, you loaded it up and used it three times, then never touched it again right? How many people do you know that use it? Any?

GoogleTalk should quietly fade off to the dead media project. It was dead long ago

Technorati Tags: Google Talk, Dead Medai

Filed by Ken at 9:21 pm under Unified Communications
No Comments

July 20, eWeek — PowerPoint zero−day attack points to corporate espionage. A second Trojan used in the latest zero−day attack against Microsoft Office contains characteristics that pinpoint corporate espionage as the main motive, according to virus hunters tracking the threat. According to an alert from Symantec, a backdoor called Trojan.Riler.F is installing itself as a layered service provider, or LSP, allowing it access to every piece of data entering and leaving the infected computer. An LSP is a legitimate system driver linked deep into the networking services of Windows. Symantec said the Trojan also opens a back door on the compromised system and connects to the “soswxyz.8800.org” domain. The Trojan then listens and waits for commands from a remote attacker.
Symantec Alert
Source

Technorati Tags: PowerPoint, Microsoft, zero−day attack, Infosec

Filed by Ken at 8:14 am under InfoSec
No Comments

I caught this piece in one of the newsletters I read daily.

July 21, Networking Pipeline — Wi−Fi phone market to soar to $3.7 billion by 2009: Report. The Wi−Fi phone market will double every year between now and 2009, and reach $3.7 billion by that year, according to a new report by Infonetics Research. The report found that the worldwide Wi−Fi phone market increased 116 percent from 2004 to 2005 to reach $125.5 million, driven by enterprises and consumers deploying voice over wireless networks. The report says that voice over wireless networks are being initially used primarily by enterprises rather than consumers, but that ultimately, it will become popular with consumers as well, as part of a complete a VoIP service bundled with broadband connections.
Report
Source

Technorati Tags: WiFI, phone, VoIP

Filed by Ken at 8:13 am under Technology
No Comments

July 21, Newsfactor Magazine — MySpace banner ad infects million users. A banner advertisement posted on the MySpace Website may have infected more than one million users with adware, according to security firm iDefense. The advertisement was included in user profiles on MySpace and could have been operating for about one week. The deckoutyourdeck.com advertisement exploited a flaw in the way Microsoft’s Internet Explorer (IE) browser handles Windows Metafile image files. Users running unpatched versions of IE would never have realized that the banner ad had silently installed programs that generate pop−up ads on their system.
Source: http://www.newsfactor.com/story.xhtml?story_id=11100AT9AXG3

Technorati Tags: MySpace, Infosec, adware

Filed by Ken at 8:10 am under Technology
No Comments

Due to scheduling conflicts, I won’t be able to joni this gathering, but I’m sharing the information for those of you who either knew Meg or learned form all the magnificent things she taught us over the years.

From Frank

Memorial for Mandarin Meg, Friday July 28th 3:45pm Pacific Time By Frank Paynter
From 3:45 to 4:45 Pacific Time (GMT -8 hours), people will gather at BlogHer to honor the life of Michelle Goodrich, our friend Mandarin Meg. The memorial will be in room 8111 at the San Jose Hyatt Hotel.

Hyatt San Jose
1740 North First Street,
San Jose, California, USA 95112

An IRC chat room named #mandarinmeg will be open on Freenode and friends around the world are invited to join us as they can and share their memories online. We’re sorry that the timing can’t be convenient for everyone everywhere. Late afternoon at BlogHer seemed like a good time for North America, and not impossible for Europe (11:45 pm London, 12:45am Berlin, and morning in much of east Asia and Australia).

If you are not all that famuiliar with Internet Relay Chat, here is an easy way to join up. Download the Mozilla 1.7.13 browser for your operating system from http://www.mozilla.org/download.html.

Install the browser, but don’t select it to be your default.

Open the browser after it has been installed and click on the Window button in the menu bar at the top. The pull down menu that opens has an item near the bottom called IRCChat. Click that and in the text are on the bottom of the page enter:
/attach freenode

after you are attached to freenode you will be asked to idfentify yourself with a nickname. Just pick a one word name you want to be known by and hit enter.

type /join #mandarinmeg

you will be connected to the mandarinmeg room

if you want to give it a try this week and you have problems, just email me and I’ll try to walk you through it.

I’ll look forward to sitting with you next Friday and remembering meg.

Meg, you are missed my friend.

Technorati Tags: Mandarin Meg

Filed by Ken at 7:41 am under General
No Comments

You gotta love this, right? It’s not new, but resurfaced in a couple of conversations I’ve had just lately.

Microsoft Says Recovery from Malware Becoming Impossible

LAKE BUENA VISTA, Fla.—In a rare discussion about the severity of the Windows malware scourge, a Microsoft security official said businesses should consider investing in an automated process to wipe hard drives and reinstall operating systems as a practical way to recover from malware infestation.

“When you are dealing with rootkits and some advanced spyware programs, the only solution is to rebuild from scratch. In some cases, there really is no way to recover without nuking the systems from orbit,” Mike Danseglio, program manager in the Security Solutions group at Microsoft, said in a presentation at the InfoSec World conference here.

I was curious, so I tested a theory. It takes less than half as long to clean that malware out with an Ubuntu CD as it does with a Windows CD. That’s a really good reason to do something different.

Another approach? Don’t run Windows native. Always run it in a virtual machine that can be destroyed and reloaded without imapcting yout work flow. There are lots of ways to work around Windows malware. Working around Windows is the most effective….

Technorati Tags: Windows, malware, Infosec

Filed by Ken at 10:48 pm under InfoSec
No Comments

Dark Reading exposes the 10 Biggest Myths of IT Security

JULY 20, 2006 | Like most wars, the war between attackers and IT security managers is full of misinformation. Attackers fill open message boards with boasts about their latest exploits, yet the smart ones keep the most effective hacks to themselves. Enterprises issue press releases about their latest upgrades and purchases, yet many never report penetration of their most sensitive systems. And like combatants in their foxholes, security professionals are left to sort through a mix of rumor, propaganda, news, and real intelligence in order to find the true lay of the land.

Here at Dark Reading, we’re overloaded with the same information and disinformation. Like you, we’re trying to separate fact from fiction. To help further that cause, we recently asked the Dark Reading editorial advisory board — some of the industry’s top IT consultants, security managers, and market experts — to help us identify 10 of the most prevalent myths in the IT security space. The following article is a result of that discussion (along with a little research from our dutiful editorial staff).

The myths as they see them -

The List:

• ‘Epidemic’ Data Losses
• Anything But Microsoft
• Vendors Have Your Best Interests In Mind
• Separate Physical, Electronic Security
• Employees Always Trustworthy
• Bad Guys Are Winning
• Hackers Are a Necessary Evil
• Antivirus Software is 100% Effective
• Clean Bill of Health Attainable?
• More Spending = Better Security

I’ve read all these, and while I can’t necessarily agree they’re all generally accepted myths, the points made are pretty much on track. Here’s my quick summary -

• There is no data loss epidemic in progress.
  
• Any operating environment has flaws. Microsoft isn’t the problem
  
• Vendors are in business to make a profit. They are not always your friends.
  
• Your employees can’t always be trusted. Sometimes you’ll hire people that really aren’t trustrworthy. Sometimes you’ll hire people that are naive or will do something stupid.
• Tha bad guys aren’t always winning, but it’s important to remember that they’ve already been where we are right now. Hackers aren’t all evil.
• AV software isn’t 100% effective. Neither are firewalls. Neither is any other approach we use today. If you want yout computer to be safe, seal it in a room with no outside connection to any thing. No dial tone, Internet, no LAN. Loadthe operating system on it from scratch and never let anyone else touch it. Don’t add any software that you don’t write yourself. Assume you write good secure code, this system will be safe.
• Security can’t be bought. Period. It’s not a milestone, it’s a destination. One that constantly moves down the horizon away from us as we approach,
  

Technorati Tags: security myths, Infosec

Filed by Ken at 5:44 pm under InfoSec
No Comments

Some of you would say I was too harsh on Microsoft in yesterday’s pots referenceing their new twelve golden rules. Suffice it to say, you would be wrong. I was far kinder and gentler than I could have been. Yet some readers exhibit a prurient natture that shrinks from the harsh light of day. Ok, som of ya’ll just think I come on too strong sometimes. I really held back and made an effort to be fair and moderate in my view of Microsoft this time.

For those who want a truly well-stated view, I suggest you go read Microsoft’s Competition Principles by Professor Andrew Chin, at the University of North Carolina School of Law on his blog Voiceless. His tagline “blogging from the long tail” says it all. Welcome to the long tail Andrew!

Technorati Tags: Microsoft, competition principles

Filed by Ken at 8:46 am under Technology
No Comments

Father O’Malley rose from his bed. It was a fine spring day in his new Texas mission parish. He walked to the window of his bedroom to get a deep breath of the beautiful day outside.

He then noticed there was a jackass lying  dead in the middle of his front lawn. He promptly called the local police station.

The conversation went like this: “Good morning. This is Sergeant Jones. How might I help you?”

“And the best of the day te yerself. This is Father O’Malley at St. Mary’s. There’s a jackass lying dead in me front lawn. Would ye be so kind as to send a couple o’ yer lads to take care of the matter?”

Sergeant Jones, considering himself to be quite a wit, replied with a smirk, “Well now father, it was always my impression that you people
took care of last rites!”

There was dead silence on the line for a long moment. Father O’Malley then replied: “Aye, tis certainly true, but we are also obliged to notify the next of kin.”

Technorati Tags: homur

Filed by Ken at 5:19 pm under General
No Comments

Brad Smith told the National Press Club on Thursday that Microsoft will stick to 12 principles for future Windows versions. He said “our goal is to be principled and transparent as we develop new versions of Windows.” The he expanded on the twelve.

The 12 Golden Rules

1. Choice for computer manufacturers and customers
2. Opportunity for developers to build products that compete with Microsoft Windows products
3. Interoperability for users

Well, ok, Microsoft really does know how to count. And while transparency has increased, there’s been muted titter across the Internet about MS being principled. Then again. pirates had principles too, even if the code really was more of just a guideline. These are the three general categories the “golden rules will fall under.

Actually, they’re available online and I spent a little time reading them.

Windows Principles
Twelve Tenets to Promote Competition

Principle I: Choice for Computer Manufacturers and Customers

Microsoft is committed to designing Windows and licensing it on contractual terms so as to make it easy to install non-Microsoft^® programs and to configure Windows-based PCs to use non-Microsoft programs instead of or in addition to Windows features.

What this means:

1. Installation of any software. Computer manufacturers and customers are free to add any software to PCs that run Windows. More broadly, every computer manufacturer and customer is free to install and promote any operating system, any application, and any Web service on PCs that run Windows. Ultimately, end users are free to choose which software they prefer to use.

2. Easy access. Computer manufacturers are free to add icons, shortcuts and the like to the Windows Start menu and other places used to access software programs so that customers can easily find them.

3. Defaults. Microsoft will design Windows so as to enable computer manufacturers and users to set non-Microsoft programs to operate by default in key categories, such as Web browsing and media playback, in lieu of corresponding end-user functionality in Windows. Computer manufacturers are free to set these defaults as they please when building new PCs.

4. Exclusive promotion of non-Microsoft programs. In order to provide competitors with the opportunity to attain essentially exclusive end-user promotion on new PCs, computer manufacturers will have the right to remove the means by which end users access key Windows features, such as Internet Explorer and Windows Media^® Player. The Set Program Access and Defaults utility developed as part of the U.S. antitrust ruling makes it easy for users and computer manufacturers to exercise these options.

5. Business terms. Microsoft will not retaliate against any computer manufacturer that supports non-Microsoft software. To provide transparency on this point, Microsoft will post a standard volume-based price list to a Web site that is accessible to computer manufacturers, as it has under the U.S. antitrust ruling. Windows royalties will be determined based on that price list, without regard to any decisions the computer manufacturer makes concerning the promotion of non-Microsoft software. More broadly, Microsoft will offer Windows for license on standard terms and conditions so that a computer manufacturer knows that it will be offered the same licensing terms regardless of its decision to promote or not promote software from competitors. Microsoft will consider modifications to the standard license terms to reasonably accommodate computer manufacturers with individual business-model or operational requests, but these variances will never be based on the extent to which the computer manufacturer promotes non-Microsoft software.

Principle II: Opportunities for Developers

Microsoft is committed to designing and licensing Windows (and all the parts of the Windows platform) on terms that create and preserve opportunities for application developers and Web site creators to build innovative products on the Windows platform — including products that directly compete with Microsoft’s own products.

What this means:

6. APIs. Microsoft provides the developer community with a broad range of innovative operating system services, via documented application programming interfaces (APIs), for use in developing state-of-the-art applications. The U.S. antitrust ruling requires that Microsoft disclose all of the interfaces internal to Windows called by “middleware” within the operating system, such as the browser, the media player and so forth. In this way, competitors in these categories will know that they can plug into Windows to get services in the same way that these built-in Windows features do. This has worked well, and we will continue to disclose these interfaces even after the U.S. antitrust ruling expires. In fact, we will go further, extending our API commitment to the benefit of all software developers. Going forward, Microsoft will ensure that all the interfaces within Windows called by any other Microsoft product, such as the Microsoft Office system or Windows Live™, will be disclosed for use by the developer community generally. That means that anything that Microsoft’s products can do in terms of how they plug into Windows, competing products will be able to do as well.

7. Internet services. Microsoft is contributing to innovation in the area of Internet services with services that we call Windows Live. Microsoft will design Windows Live as a product that is separate from Windows. Customers will be free to choose Windows with or without Windows Live.

8. Open Internet access. Microsoft will design and license Windows so that it does not block access to any lawful Web site or impose any fee for reaching any non-Microsoft Web site or using any non-Microsoft Web service.

9. No exclusivity. The U.S. antitrust ruling generally provides that Microsoft may not enter into contracts that require any third party to promote Windows or any “middleware” in Windows on an exclusive basis. We will maintain this practice going forward, and in fact broaden it to apply to Windows or any part of Windows, whether or not it would qualify as “middleware” under the U.S. antitrust ruling. We will apply the concept of “exclusivity” broadly too, so that our contracts ensure that a third party can use non-Microsoft software in amounts equal to or greater than its use of Windows. More generally, we want the developer community to know that it is free to develop, support and promote products that compete with any part of Windows. Consistent with the U.S. antitrust ruling, Microsoft will not retaliate against any third party for exercising this freedom.

Principle III: Interoperability for Users

Microsoft is committed to meeting customer interoperability needs and will do so in ways that enable customers to control their data and exchange information securely and reliably across diverse computer systems and applications.

What this means:

10. Communications protocols. Microsoft will make available, on commercially reasonable terms, all of the communications protocols that it has built into Windows and that are used to facilitate communication with server versions of Windows. To facilitate this, Microsoft will document protocols supported in Windows as part of the product design process. We will also work closely with firms with particular needs to address interoperability scenarios that may require licensing of other protocols.

11. Availability of Microsoft patents. Microsoft will generally license patents on its operating system inventions (other than those that differentiate the appearance of Microsoft’s products) on fair and reasonable terms so long as licensees respect Microsoft’s intellectual property rights.

12. Standards. Microsoft is committed to supporting a wide range of industry standards in Windows that developers can use to build interoperable products. Microsoft is committed to contributing to industry standard bodies as well as working to establish standards via ad hoc relationships with others in the industry.

Microsoft will post these principles to its Web site so that they will be readily accessible to the computer industry and customers. We will review these principles from time to time, and at least once every three years, to determine whether we should adopt additional principles or modify existing principles to reflect technological, business or legal developments.

There you have it. Does it really say anything of substance? I recently took an extensive course in what is affectionaly referred to as “plain talk.”  The idea behind it is that it enable clear, concise writing, saying exactly what you mean. If I were to summarize the concept, I’d say it isn’t enough that what you write can be understood. The goal is that what you write is impossilbe to be misunderstood. Microsoft might look into it, although I’m sure that violates one of their key tenets somewhere along the way.

I’m going to take a cut at how I read these, but at the higher level of the principles and their components. I can’t bear to do a blow by blow on each.

Principle I: Choice for Computer Manufacturers and Customers
It will be easy to install and set up non-Microsoft software. You can install anything you like that will run under Windows. You can add icons and shortcuts so they can be easily found. You can even set non-Microsoft programs to be the defaults. And you can remove some key elements like Internet Explorer and Windows Media® Player. The U.S. antitrust ruling forced creation of the Set Program Access and Defaults utility, so we’re going to do what we were told we must. Of course we thrilled to make it easy for you.

We won’t retalitate or be vindictive with partners who don’t cave in to our wishes. We’ll think about variant versions for our OEM partners, but we’ll wrap it in so much legalese it will make your head explode if you really want it.

Principle II: Opportunities for Developers
Developers are key to our success, in part because we haven’t really created a new innovation since MS-Golf. We keep repurposing the same stuff with the same mindset. We thought we fooled you with a little change in look and feel, but that didn’t work. We cherish developers because they save our ass time and again. So we’re going to be nice to them. Within reason.

We’ll provide APIs to the community of friendly developers. After all, the anti-trust suit said we had to disclose the interfaces for middleware access. That way you can plug into our resources almost, but not quite, the way we can. And since we have to go through so much headace, we’ll find a way to do it that we can continue after the ruling expires. It’s a chance for us to confuse the hell out of you. Anything we can do, you can. But we’ll always know how to do it better.

We want you to believe we’re innovating with Windows Live. It’s important because it’s our only prayer of being perceived as doing something truly new. You don’t have to use it, but we really hope you do.

We won’t block access to “any lawful web site.”

We can’twon’t force you to sign exclusive contracts any more. Those bastards in the antitrust court saw to that too.

Principle III: Interoperability for Users
Once we really define interoperability, we’ll let you exchange data securely and reliably. It might be frustrating as hell, but you’ll e able to do it.

In a way that’s “reasonable” (we’ll define what to us is reasonable, by the way), assuming we can figure out how to make a buck off of it, we’ll share all the communications protocols. That’s right, when we embrace the SIP open standard, and revamp it as MS-SIP, we’ll be glad to sell you a path to interoperability with us. You know you want to interoperate with us, right?

We’re committed to a wide range of standards. Our favorites are the MS-xxx series that we’ll license for a fee. We’re committed to standards, even to the point of supporting ad hoc standards. These provide on-the-fly obstacles to the rest of you when we propose them. It’s a business strategy.

And we’ll post this all on a web site so we can point at it and pretend we told you something. We’ll even review these every now and then to see if we can muddy the waters further. We might be able to modify these to confuse you even more.

Technorati Tags: Microsoft, Golden Rules, Guiding Principles. Gobbledegook

Filed by Ken at 1:00 pm under General, Technology
No Comments