Tuesday, March 31, 2009

Mixed links

From Andy Helsby's  Bookmarks: How do I Reset a Dell BIOS Password? – apparently for laptops there is a free (if you live in the USA) number you can call, and after giving the serial number for your laptop, they give a master unlock code. This is cool, but also a reminder that BIOS passwords don’t provide real security.

From the same source: Free PDF to Word converter. I didn’t try it myself, but it is the kind of utility several people have asked me about.

Via terminal23.net: CIO's agree that application security is more important, but network security is more "visible". An important point to keep in mind if you need to justify where you’ve spent the money.

An other example that companies can't secure their sites – and even worse, the security companies which are supposed to help them, have some glaring omissions.

Via 0Kn0ck's Blog: Internet Explorer 8: Anti Spoofing is a Myth – the title is clearly sensationalistic and the subtitle misleadingly worded (intentionally or not): “Broken Status Address Bar Link Integrity”. What it boils down to, is that you can spoof the contents of the status bar via javascript (so not the address bar). While not that problematic (since, lets face it, not that many people look at their status bar or their address bar for that matter), it can be used to make some attacks more believable.

Again from terminal23.net: wisdom from a hacker looking at 50 (warning! the link points to a ~226 MB M4V vide file). Interesting and inspiring. One minor caveat: you might have heard the this talk from other sources.

From dammit.lt: When you have a lot of traffic, minor optimizations can have big impact.

From taint.org:

On the DVLabs blog we have a good explanation of what the recently released !exploitable add-in for WinDbg does: “The rule may ask "Is the faulting instruction a read violation of EIP?". If the answer is yes, it calls it a day and labels it exploitable”. Get the slides for more details (they are in PPTX format, but OpenOffice 3.0 can render them acceptably).

From The Dark Visitor blog: The 2009 Annual Report to Congress on the Military Power of the People’s Republic of China [PDF] has been released by the USA DoD. And they do use the word cyber a couple of time :-)

From the xkcd blog: there seems to be some controversy regarding the effectiveness of the Dvorak layout. The second link seems to more balanced (even though it is from a “make the switch” side :-)). On a related note: the support in Windows seems to be awful, the layout switching almost randomly :-(. And I didn’t manage to find a typing tutor currently, which shows the layout of the keyboard on the screen.

Via Security4All: Insecure 20 is out – my usual complaints still apply (the articles are somewhat superficial and there are many advertisement), but after all – it is free. One interesting tool it gets mentioned is XProbe2, an application-level fingerprinting tool. There is also a discussion about ISP level filtering, but sadly it is confused with child pornography and other such issues (I would like a discussion – or a sub-discussion – based entirely on the security aspect).

An other gloomy security presentation from the Invisible Denizen blog: Common Enterprise Security Weaknesses [PDF].

Again from the Security4All blog: a presentation about social engineering from practitioners. Interesting, unfortunately the sound quality is not very good.

A few links from the Lookup blog (which has the subtitle “Unicode conformance and security testing”):

Via a Slashdot comment: How to disable parts of RAM under Linux which are bad?

From episode 99 of Windows Weekly comes the following video:

Yes, that is Jim Allchin, a former member of the Microsoft Senior Leadership Team.

From the braindump blog:

Via the GSD blog: How to run a batchfile minized – basically it detects if it is already minimized, and if not, respawns itself.

Via the Scale-Out Blog: Eventually consistent – it seems that with distributed systems we need to reconsider quite a lot of our assumptions about the data we can store. It references an interesting paper: Brewer’s conjecture and the feasibility of consistent, available, partition-tolerant web services

Via the Web Axe blog: Accessibility to the Face – why accessibility is important.

Via the Sunbelt blog: Advertising fraud – how “clever” websites try to convince the sponsors that more ad impressions are shown / clicked than seen actually by the user:

From the Yahoo Pipes blog: YQL (the Yahoo! Query language) – yet an other way to consume data from Yahoo. An interesting experiment and very nice to see companies adopting the concept of free data.

From Monty: Web of Trust – a collaborative way to replicate the functionality of SiteAdvisor. In some way it is more powerful (because it can spot things which are hard to spot automatically – like money mule scams), but in other ways (like adware / spyware / malware) it is questionable if enough people have the know-how to correctly determine if a site is or is not infected (I would fall on the “no” side).

The following link is probably only interesting to my Romanian speaking readers: Salariile reale din industria IT din Romania 2008 – a quick translation of the title: “The real salaries in the IT industry in Romania, 2008”.

The Freshman – seems to be a good movie, especially because of Marlon Brando. Speaking of good movies, Das Leben der Anderen is an exceptional movie (worthy of the “German tradition” of Das Experiment and Good-bye Lenin).

From chimeric.de: some interesting 8-bit-like music. If you like the genre, you might want to take a look at 8bitcollective.com and the streaming radio station I mentioned some time ago.

From Coding Horror: The Ugly American Programmer – basically the same ideas I outlined earlier: if you want to be a (good) programmer, you have to know English. It is interesting to compare the reactions in the comments (which mostly agree with the premise) with the comments on Scott Hanselman’s post – the later had more disagreeing posts. Different demographic I guess.

A recent SANS diary entry pointed me to RANCID - Really Awesome New Cisco confIg Differ. A very interesting tool to have in your arsenal if you manage Cisco routers.

From Otaku, Cedric's weblog: Do you want to play a game? (and here is the solution). A related article: The Coin Flip: A Fundamentally Unfair Proposition?.

From the Random things in IT blog: A couple of free data restore utilities: PhotoRec and TestDisk – and they are open source too! Anyway, if you’ve deleted something you didn’t mean, stop writing to the given partition as soon as possible (and I mean as soon as possible), because otherwise the chances of recovering anything are extremely slim.

1 comment:

  1. Couldn’t be written any better. Reading this post reminds me of my old room mate! He always kept talking about this. I will forward this article to him. Pretty sure he will have a good read. Thanks for sharing!

    ReplyDelete