IT PRO: Blogs: Davey Winder: 2006 November

Home

Davey Winder's Blog

Fight global warming with local cooling

Posted in Green IT on November 28, 2006 at 4:15 pm

An interesting take on environmentally friendly computing hit my desktop today, the LocalCooling.com project from Uniblue Systems, better known for the Windows Task Manager on steroids, WinTasks Pro. LocalCooling.com aims to build a community of people all using the Local Cooling software utility to control the power consumption of their PCs. The idea being that if enough people join in, and the target is a perhaps rather optimistic 100 million, the global computing carbon footprint could be reduced dramatically.

Here

Not yet rated

Loading ...

i Caramba!

By Davey Winder in Editorial

Posted in Uncategorized on November 25, 2006 at 2:01 pm

Permalink | Author Profile

My Finnish friends at F-Secure have told me that their security research labs have taken delivery of a proof-of-concept sample for an AdWare application. Nothing particularly exciting or unusual about that, you might think, but if I tell you that it is an AdWare application that targets Mac OS X would you perhaps change your mind?

Bearing in mind, as a proof-of-concept code sample this is still in the realms of theoretical threat, there is no danger out in the wild. Yet. But given that it exploits a combination of the ease of use of a Mac and no Administrator rights in order to attach itself to your user account and then subsequently every application you use, that danger could be very real unless Apple do something drastic to fix the underlying weaknesses in OS X that allow a System Library to be installed without prompting the end user.

Sensibly, F-Secure are not revealing the precise methods used by the iAdware code, after all they are in the prevention not scare-mongering business (although it can often be a close call as far as security firms are concerned.) However, F-Secure did tell me that an Administrator could easily install iAdware globally for every user, as all it requires to do its stuff is Copy permissions. In their testing, the guys at the lab say the code sample managed to launch the Mac web browser client successfully for every application they used.

File under interesting rather than highly risky for now, but let it at least wipe the smug grin off the faces of the Apple Advocates who insist that their platform is impenetrable when it comes to such things. AdWare may not be a Windows based problem alone for very much longer…

Not yet rated

Loading ...

Panic Ye Not

By Davey Winder in Editorial

Posted in Uncategorized on November 24, 2006 at 12:00 pm

Permalink | Author Profile

At first glance the news that German security researchers have managed to uncover a new method of breaking RSA public-key encryption using a side channel attack concept known as Simple Branch Prediction Analysis might sound awful worrying. More so seeing as it is said to be particularly effective in the realm of digital rights management software. Doubly more so with knobs on as the code breaking in question can be done using readily available consumer PCs rather than ultra expensive and dedicated kit.

Branch Prediction Analysis itself is nothing new of course, it is the addition of the

Not yet rated

Loading ...

The NAT Nazi

By Davey Winder in Editorial

Posted in Uncategorized on November 19, 2006 at 1:06 pm

Permalink | Author Profile

In the drive towards solving all networking problems, everything from security to spam to world peace it often seems like, plus the constant and media friendly

Not yet rated

Loading ...

SimulateWorld

By Davey Winder in Editorial

Posted in Uncategorized on November 13, 2006 at 8:52 pm

Permalink | Author Profile

When you are a geek, and I readily admit to being of that ilk, there are some invitations you just don

Not yet rated

Loading ...

Cross-Organisational Information Security Breaches

By Davey Winder in Editorial

Posted in Uncategorized on at 2:56 pm

Permalink | Author Profile

Nobody would argue that it is vitally important, in the overall scheme of things, to discovering information security breaches as soon after they have occurred as possible. That is common sense after all. And as our systems become ever more complex, so this common sense approach becomes ever increasingly critical. Not only from the strictly security oriented perspective either, but also from a financial one because the later in the lifecycle such exposures are revealed so the more expensive they become to fix. This basic rule applies whether we are talking about communication breaches, OS breaches or application breaches. But the most damaging of all, and ironically the ones likely to be discovered latest of all within a system

Not yet rated

Loading ...

DoS illegal, problem solved. Not!

By Davey Winder in Editorial

Posted in Uncategorized on November 12, 2006 at 4:58 pm

Permalink | Author Profile

Sometimes I do not know whether to laugh or cry. The cause of this emotional confusion? The hilarious read that is the Police and Justice Act 2006.

Now please do not get me wrong, it is not that I am against legislation when it comes to IT security issues. The trouble is, I have seen all too often otherwise fairly sensible grown-ups, actually scrap that as I am talking about politicians and lawyers here, believing that by making something illegal it will simply go away. The truth is, obviously enough to anyone with their thinking head on, that the world just does not work that way.

Sure, the gap in the Computer Misuse Act which did not include Denial of Service attacks within its remit, mainly because there was no such thing as a DoS, or DDoS for that matter, when the CMA was penned, needed to be filled. And the 10 years in pokey available to the judiciary courtesy of the Police and Justice Act fills the gap nicely enough I guess. But I am not going to be giving up my day job, fearful of nothing to write about, no clients to advise on defence against the crime, and you, dear reader, can not let your defences down sure in the knowledge that the bad guys have been beaten away with this legal big stick.

Yes, if PJA had been around this time last year then David Lennon, accused of sending some five million emails to a former employer by way of a revenge attack, might not have escaped with a technical not guilty because there was no suitable offence under the CMA. But, you see, he didn

Not yet rated

Loading ...

Wikipedihacker

By Davey Winder in Editorial

Posted in Wikipedia on November 9, 2006 at 4:03 pm

Permalink | Author Profile

I guess it was only a matter of time before some evil minded sod took advantage of Wikipedia in a way more malicious than just saying Mr X is twit. Unfortunately that time would appear to be now, according to my contacts at SophosLabs. Because the very nature of a Wiki, and Wikipedia is no different (the clue is in the name folks), allows anyone to create and modify articles it can bring out the best in people so as to establish a community driven truth. That

Not yet rated

Loading ...

End user behaviour lacks responsibility

By Davey Winder in Editorial

Posted in Uncategorized on November 7, 2006 at 8:02 pm

Permalink | Author Profile

New research commissioned by Check Point Software Technologies (the company that owns ZoneAlarm) and carried out by YouGov, was published today and reveals that the challenge of controlling security threats triggered by users in the workplace is showing no signs of diminishing. Well no surprise there, and I didn

Rated: 20% (1 votes)

Loading ...

Tag cloud

ISP management Developers Addiction Windows Phone 7 Series IDC Johnny Depp Advertising Press Death trust virtual machine Recall service eBook storage innovation payment server Enterprise OCR SSL Windows 7 library Retail office holidays smartphone books Digital Footprint botnet Intel Hack Psion Texting Performance computing Mars snooping virus email VeriSign second life Twitter HP open source iPod Military McKinnon Top 500 Bill Gates Health XP Election earth hour theft Firefox Lotus hardware spending Gateway scam remote working sick Vista NBC lawsuit Music staffing credit card fraud Amazon standards graphics Internet Explorer betting statistics Kin virtualisation help information Education SMS Steve Ballmer cloud Software Jesus Phone Mobile Phone IBM web Eee PC ecommerce avatar spam Kaspersky museum YouTube Flash App economics iPad xmas money Mobile Phones NASA computers privacy ROFL terrorism survey Experiment computing Jobs printing students Obama crime Employment Palm Apps credit crunch Olympics data Android Rumour e Russia Porn chips social networking Video Big Brother Space virtual world Networks PS3 gadgets iPhone 3GS parental control debian Scotland HPC Dell wifi Project hacker worker DNS code Media Texas Instruments campaign VM Yahoo Facebook millions desktop IP Ballmer Government patent Silverlight Internet Netbook Finjan Gartner acquisition Google Blogging rootkits gaming data protection console hypervisor Patents iPhone prison The Federation BSI global Europe linkedin Paris Hilton School Steve Jobs Acer Meh Programming BOFH size CAPTCHA banks Adobe dumb Analysis Noro President Digg RAM Licensing teleworking admin network support ASUS transactional security Google Earth Nintendo tax worm MessageLabs hubdub Madness Architecture remote search IT Guardian Gadget carbon copy politics Energy Michael Jackson outsourcing migration ISPA Tesco Psychic banking home ID Theft scan mobile EU malware memory archiving hacking Zango payments Army FBI shopping Opinion stupidity universe Top 10 Parenting VPN broadband Linux Sex symantec hoax USA christmas development web 2.0 Trousers Mafia meme Cisco stupid Browser InfoSec policy documentation news RATM Application world of warcraft services Palm Pre Marketing disclosure green Game Microchip MSNBC OS nightmare patch management scareware Rant Harry Potter MSN iPhone 3G Battery Eee Microsoft Review adware mail games Kill Switch copyright poll fake Trojan technology phishing Nexus fraud Funny Deal law Pirate MiniBook fool China Banned Backlash Supercomputer work Data Centre GSM Beta man-in-the-middle Spotify fun computer environment monetisation Children Apple workplace Web Development recession compromise tech Sony Business GMail Notebooks encryption report family Blog App Store exploit Study Geeks Conference Windows biometrics Voice e-commerce football science Browsers Kindle productivity economy black hat AMD digitise Research security surveys

Highest Rated Blog Posts

Why ecommerce fails (100%)
Google Chrome stands alone at PWN2OWN (100%)
Betting on Hubdub technology (100%)
Has Google gone insane as GMail goes back to beta? (100%)
Chinese whispers as government implicated in UK hack attacks (100%)
Crimeware toolkit targets 10,000 trusted sites (100%)
Black Hat risk to migrating VMs (100%)
Tough on cyber crime, tough on the causes of cyber crime (100%)
Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
Has the US Army declared war on Windows 7? (100%)

Fight global warming with local cooling

i Caramba!

Panic Ye Not

The NAT Nazi

SimulateWorld

Cross-Organisational Information Security Breaches

DoS illegal, problem solved. Not!

Wikipedihacker

End user behaviour lacks responsibility

Tag cloud

Archives

Most commented posts

Highest Rated Blog Posts

Advertisement