Uncategorized 6:32 am
Why WikiLeaks Is Raising Money Using MasterCard and PayPal Again – The Atlantic Wire.
“There you have it: companies like PayPal are more comfortable handling donations to accused rapists than to whistle-blowing web sites.”
you don’t have any idea if the rumours are true now do you?
- but would you concede that if you start leaking information certain people want to keep private, they may find artificial cause incriminate you?
Technology Firefox 6:19 am
Is Upcoming Firefox 4 inspired by Google Chrome? | Unixmen.
Today, I installed Firefox 4 beta. My very first impression when the new browser opened was “How much like Chrome!” On exploring 
Firefox 4 beta I found the design and functionality has incredible likeness with Google’s browser Chrome. In this post we will deem at the new features of Firefox and comment on how they look alike Google Chrome… Read More
Technology Apple, iPhone, iPod, iTunes, Macintosh 4:28 am
First of all, I’m a PC user, and my hate of the Mac interface will influence my judgment when drawing these criticisms. I haven’t thoroughly investigated the interface of any Apple interface save from the iPhone and iPod, so my analysis will be fairly limited. Anyhow, here are my thoughts:
Advantages of Apple:
- More applications preinstalled to edit and modify
- Pretty interface
Disadvantages of Apple:
- Lack of shell control (compared to Win Powershell & Linux Bash)
- Lots of preinstalled apps which hog memory
- Higher price for software, software extensions
- Restrictions and limitations on what can be done
ADVANTAGES
Ok, the latest Mac OS’s obviously have many interesting applications allowing you to make modifications to media. Aka, movie makers, disc burners, music composition programs, art progs, etc. (most of this is available on other OSs, but Mac gets points for making these more obvious and exciting). Aesthetics is one of the major reasons for this.
Aesthetics:
- The dock. This is one idea I praise most that comes from Apple related programs. What better idea to save application bar space than to dock all windows associated with a particular program under one icon? Then when you roll over each icon with a cursor, the fact it has some animation to draw attention to this program so you know precisely which program you are about to click on.. This is a nice design. Additionally, running applications have some sort of indicator on the dock to suggest they are running so you realise which programs are open and not. The docking features associated with applications such as email, email threads on the iPhone are also awesome. And the subtle numeric notifier to suggest apps on the iPhone need updating or whatnot – very sleek!
- Window management. Mac made Windows and other OS’s Alt+Tab rubbish look really ugly by inventing a window-cursor selection mechanism. This allows all windows for running applications to be visible at the same time and selected manually with a cursor. Good bye arduous task of Alt+Tabbing which was quite slow and cumbersome.
- The interface. The natural interface of Mac OS X is extremely sexy with all its panels, dock’s etc. great… so too is the touch capability of the iPhone.
DISADVANTAGES
- Mac Bash Shell: First thing I hated most when I jumped on the Mac was the shell. I figure bash shell, I use this on Linux, so I’m going to be fine right? Wrong! The file structure in Macintosh’s Bash Shell is completely different, there’s no .rc file for customising the shell, the only functionality that seemed to be present were basic UNIX commands. But worst of all, if I wanted to install shell applications I had to PAY FOR (Apple likes to make its customers PAY), some crappy program called backports. No I won’t buy your crap program, Apple, to allow me to install shell apps when every other OS lets you do this for free…
- Preinstalled apps & price. So many OS’s have preinstalled apps I’ll admit, but there seems to be many fairly heavy programs (compared to other OS) which you’re paying for but don’t apply to you and your personal requirements. It’s practically like if you had to purchase a meal with a thick shake every time you order a burger at MacDonalds. No I want, just my Big Mac, no fries, no coke, no thick shake, no movie making programs, no composing programs, just the basics (aka, a disc burner, rich text editor, simple art program, media program). This differs on the iPhone where many of the preinstalled apps are handy, but this rule still applies. Stocks? A compass? Please.. If I’m lost in the desert, I’d be putting my life on the line hoping my iPhone battery lasts while I’m using this electronic compass… The Maps program will suffice. Thank you. Stocks? Assuming I care about the stock market… yes, well I do. How clever you are to know I was into stocks mr. designer.. I may even use your stock program because I happen to be into stocks.. but what of the vast majority of the earth that does not trade in stocks? and why use this default program when Bloomsburg is that much better?..
- Limitations & Restrictions on what can be done. On the iPhone you can’t even get rid of the default apps – no I don’t want stocks and I don’t want your compass. Let me delete them please! But they have to use up your space which you could be using for other things unfortunately… but this does not get close to the limitations you face with syncing on iTunes grrrr! Ok on an Apple iPod you cannot add or remove tunes from the iPod via iTunes, you can only remove them from your iTunes music directory and sync (so they remove the respective programs on the iPod). Ok, Mr. Apple, no offence, but I want to use my hard disk space for things other than music! If I have to sync every time I want to put music on my iPod, it means I use up just as much space on one device as the other! I paid for this space, I don’t want to waste it because of syncing… Also, say goodbye to any playlist keys on your keyboard, because with iTunes they will not work… Every basic music program I know will run happily in the background when you’re doing stuff, and allow you to change tracks with keys on the keyboard while you’re engaged in some other activity. Not in iTunes, with iTunes you have to have iTunes open in front of you to be able to use track change, play and pause keys.. (kind of defeats the purpose, don’t you think?). iTunes is also limited in that it won’t adopt the Windows 7 aero look, like every other program on the system and it won’t automatically add Music files from the Music directory into iTunes (instead you have to manually add them yourself), it won’t look for album covers, provide lyrics to songs or information about their artists, and no visualisations… Kind of surprising how Apple’s only program for interfacing with iPods/iPhones and the like, is so so limited!
Using the GUI with Apple I also had some system administration issues and other issues which should’ve been handled by a basic drag & drop (which weren’t a problem on Windows/Linux), but now they’re a suppressed memory… When I think of them I’ll let you know.
Thanks for listening. To conclude my opinion on Apple products is that they are rubbish, and for anyone who asks for my advice on them, I will give the only ethical suggestion – to never buy an Apple product unless the company changes its highly immoral business strategy. If you’re thinking of buying a new computer I’d recommend HP/IBM with Windows 7/Ubuntu 10.10 installed.
SWC Prospecting Tool mySQL, PHP 3:49 pm
Greetings. You’ve arrived at the development blog for Tyrath Sadow’s SWCombine prospecting tool.
This section will outline project progress, any problems experienced, and provide a guideline for other people interested in programming for the combine.
Linux and Technology 2:32 am
DreamLinux 3.5 vs Ubuntu 9.04
First of all I’d like to point out that this is a vague comparison between the two operating systems. I haven’t had time to extensively test all the features of both (well I’ve had jaunty since its release so I might be a better point of reference there but still).
Anyhow, here were some observations.
Advantages of DreamLinux (DL) over Ubuntu:
- You have effectively the same workstation control on “no compiz” on DL as Ubuntu with compiz. In other words, you can drag running applications across workstations – a feature that will hopefully be present in the next Ubuntu release
- Features a dock with compiz disabled, unlike Ubuntu which requires compiz to support a dock.
- The “engage” dock on DL is a lot more stable (with settings saves, etc) and reacts a lot quicker than the AWN dock on Ubuntu. That said, unfortunately the “engage” dock forces apps on dock to be gnome/xfce apps, whilst not providing support for terminal apps, unlike the AWN dock which will allow you to add terminal launchers to the dock. Additionally, the engage admin dock doesn’t allow you to add a trash can and log off button but you have a desktop icon that fulfils this role, so it’s essentially the same
- I was impressed with DL’s superior handing of more recent editions to software, ie, firefox3.2 and OOffice.org3.1, than Ubuntu. I found new applications installed on Ubuntu tended to miss bits of functionality. That said, having not extensively downloaded on DL I can’t provide any empirical justification for my observation.
- It’s no surprise that battery life on DL is superior to Ubuntu. Also that loading and running applications is faster. I think it could be an xfce vs gnome thing though.
- Lastly, the default interface for DL kicks the default interface for Ubuntu’s arse in my honest opinion. It’s amazing when you consider that Ubuntu runs on Gnome and DL on Xfce.
Advantages of Ubuntu over DL:
- Creating launchers in DL is ridiculously difficult for what should be a simple thing. You have to right click on the “Computer” icon on the desktop, before going into another menu and selecting the create launcher option. Hopefully, they figure out that this isn’t the user friendly way of doing things by the next release.
- The newer apps aren’t included in the repos of DL, whilst the Ubuntu reps tend to have fairly updated applications. That said, in DL you can install the .deb apps from the site and they tend to work better than the updated apps installed from the Ubuntu repo in my honest opinion
-Lastly, it’s hard to find help/support for DL. It would be great if people attended the IRC channel like they do for Ubuntu
Synopsis:
I think DreamLinux takes longer to get used to and is much more Mac like (which has its pros and cons) than Ubuntu which acts more like Windows.
Comparitively it’s a great substitute and allows you to be very light weight (I hate running Ubuntu without compiz, and with compiz it’s an absolute resource hog).
I would not be surprised to see some great things from DL in the future and by the next release, wouldn’t be surprised if many users make the shift from Ubuntu
———————–
Please feel free to leave comments below on your experiences of the two operating systems.
Security - Articles of Interest 3:48 pm
Falling axe increases insider threat
Inside attackers frequently have a pre-existing grudge which is work-related, and so IT management attention must be given now to dealing with the “soft side” of their staff and contractors.
Organisations which have already deployed technical controls, such as identity management suites, and procedural controls, such as separation of duties, will be better positioned to help close the window of opportunity against sabotage and fraud.
But inside attackers frequently have a pre-existing grudge which is work-related, and so IT management attention must be given now to dealing with the “soft side” of their staff and contractors.
Observations:
This research note analyses the potential impact of the global economic downturn on the behaviour of employees, gives a summary of the three factors of the Fraud Triangle, and provides recommendations and advice for IT managers in supporting their organisation in meeting the potential increase in risk.
The autumn of our discontent (winter is coming): In times of economic contraction organisations invariably respond by slashing costs and cancelling projects. Consequently, headcount – and particularly headcount in the IT department – is often seen as a back-office cost centre which can be reduced with little immediate impact. Often IT contractors are let go prior to staff cuts.
Hundreds of positions in IT organisations around the world have already been made redundant and more are coming. Here in Australia, the tally is already starting to rise. The impact of this situation and the surrounding economic turmoil is increasing the pressure on many IT professionals across Australia and New Zealand, and this is creating an environment in which fraud and sabotage are more likely to occur.
The Fraud Triangle: The model of the Fraud Triangle comes from the field of forensic accounting. The model states that for any fraud to occur, three factors need to be present: opportunity, justification, and need.
Justification:
The factor of justification is internal to the attacker and is their internal capability to rationalise their behaviour. The attacker may justify their behaviour with the belief that they are a vigilante and taking action to right a perceived wrong, that the organisation deserves the fraud for some undesirable aspect of its business operations, or that the fraud is so inconsequential that the organisation will not miss the money.
Revenge is a powerful motivator and the desire to have revenge can easily drive an IT worker to attack the organisation where they work, or have previously worked. A 2005 study by the US Secret Service and Carnegie Mellon Software Engineering Institute found that in cases of insider attack;
For IT departments going through involuntary redundancies, there is a serious risk that disgruntled professionals might take their own redundancy, or that of a colleague, as justification to attack. The attack may be serious or minor, but it will carry a cost: quite probably on the organisation’s reputation.
Need:
The factor of need is important for both fraud and sabotage. Need for money could be the driver for an employee to commit fraud against their employer. The need for money can either be driven by lack – and as the slowed economy takes its toll through 2009 this will be increasingly likely – or it can be driven by a desire to live a lifestyle which is not currently affordable. The strength of feeling for the need for revenge can drive an employee to actually commit an act of sabotage which might otherwise have stayed as a mere fantasy.
Opportunity:
In KPMG’s 2006 fraud report of Australian and New Zealand organisations, non-managers within the organisation accounted for 45 per cent of all detected frauds. While only a percentage of these non-managers were IT staff, the degree of power a single IT professional can hold over their employer must not be underestimated.
Just as IT professionals are presented with phenomenal opportunities through their access to an organisation’s technology, the factor of opportunity is the only factor of the Fraud Triangle which can be addressed through technology.
Technology can create either a physical or logical constraint against unhindered access. This is not to say that technology can either completely close the window of opportunity, or that opportunity can only be addressed through technology.
The time to paint the roof is when the sun is shining:
The IBRS Identity and Access Management survey found that 53 per cent of organisations were aware of identity management systems but did not yet use one. A further 11 per cent reported being unaware of identity management systems. This means that many of the controls automated by Identity Management products (for example: role based access controls, and de-provisioning) are not being used by many organisations; some of which may now be facing an increased prospect of an insider attack.
It is not too late to deploy controls, but it will be now be harder to do this. IBRS’s identity and access management survey identified that higher priorities and a lack of resources were already the two most prominent reasons for organisations holding back from identity management deployment. The economic climate has deteriorated even further since our survey and these inhibitors will be more prominent than ever.
Next Steps:
From a sabotage perspective, much of the risk will come from the technically savvy professionals, so the challenge of managing these will be higher than the non-technical. However, with fraud, the risk will be present for all professionals who have expert understanding of their work processes and the information they deal with – particularly when they are in positions of trust.
The common approach for both is communication. Management attention must be brought to bear on any negative work-related experiences. Professionals must be given the chance to feel that they have been given a fair hearing – this is the only way they can lower their own need to make an impact.
Make sure that formal grievance processes are articulated, adhered to, and taken seriously.
Most importantly, the increased risk of an insider attack must be flagged to senior managers who are discussing reducing headcount; they must be given an opportunity to consider the risk and what degree of mitigating controls may be appropriate.
Conclusion:
Many economists currently agree that the global economy is at least a year away from improving. Until the economy recovers, many IT professionals will have their positions made redundant and organisations must handle these redundancies with great care.
The expertise of IT professionals who feel a need to take revenge means that the impact of an insider attack could be very costly to an organisation which may already be struggling.
Click here for article – digg.com/d310whZ
Security - Articles of Interest and Technology 2:24 pm
Net criminals to target social networking sites in 2008
Senior security researcher at ScanSafe Mary Landesman stated that social networking sites are attractive to scammers because “the technologies that play there and the third party add-ons make it an environment that is susceptible to compromise”, the BBC reports.
As well as the technical vulnerabilities that social networking sites are susceptible to, the amount of information that individuals willingly share with others is also described as problematic.
Commenting on the issue, David Porter, head of security and risk at business and technology consulting firm Detica, stated: “It is remarkable that people use social networking websites to publish details about their lives, loves, jobs and hobbies to the entire world … Such data is invaluable to identity fraudsters.”
Posted from Diigo. The rest of my favorite links are here.
Security - Articles of Interest and Technology 1:55 pm
Social networking sites a hotbed for cyber crime – Network World
The distribution of malware on social networking sites first occurred in small amounts towards the end of 2007, but that trend appears to be on the rise.
According to a report from MessageLabs Intelligence, which specialises in the analysis of messaging security issues and threats, a popular tactic in 2008 among cyber criminals involved the creation of fictitious accounts on social networking sites. These fake accounts were then used to post malicious links, which usually led to a phishing site, to legitimate users.
Scammers would then make use of the phished personal information, such as usernames and passwords, to gain access to legitimate accounts. This access would be used to post blog comments on their pages of their friends, and send messages from the phished accounts to other contacts. These messages usually contained spam, including links to spam sites such as online pharmacies.
“Web 2.0 offers endless opportunities to scammers for distributing their malware–from creating bogus social networking accounts to spoofed videos–and in 2008, the threats targeting social networking environments became very real,” said Richard Bowman, regional manager, MessageLabs South Asia.
Trend continues
Another report from security expert Symantec, which owns MessageLabs, showed this trend does not look to be slowing down.
The report, which analysed Web threats for the month of January 2009, said social networking sites continue to be popular premises for cyber criminals seeking potential victims.
According to the Symantec report, January saw the emergence of e-mail spam which closely mimicked legitimate notification e-mails of two major social networking sites. These spam messages, which invited users to join a group on the social networking site, contained a link to a virtual group created on the site by the spammers.
This virtual group would be linked to a free blogging site before redirecting the user to the destination URL. Upon clicking this URL, users would be faced with the request to fill out a form collecting personal information. Information collected could then be sold to marketing companies or used for other malicious purposes.
Posted from Diigo. The rest of my favorite links are here.
Security - Articles of Interest and Technology 10:39 am
Learning Lessons From the Twitter Outage – Business Center – PC World
Chief Security Officer of Tenable Network Security, says “Back in the mid 1990s we concluded that denial of service attacks are ALWAYS possible. It’s just a battle of creativity between the opponents and sooner or later someone will always have more bandwidth.”
Does that mean that Twitter just has to accept that its site and service will crash and remain offline every time there is a DoS attack of some sort? No. Facebook did not experience an outage, just degraded performance. Google did not experience any noticeable performance issues. They were all targeted by the same attack so apparently Facebook and Google are doing something different that allows them to withstand the attack and remain online.
Ranum explains that “sites like Twitter will evolve to be able to handle huge loads over time, if they prove to be important enough to justify the build-out. The main thing sites need to think about is having a software architecture that can withstand success, because a DDoS attack, or a flash crowd from slashdot, or a big marketing success – all look pretty much like a huge load on the system.”
Posted from Diigo. The rest of my favorite links are here.
Security - Articles of Interest and Technology 8:19 am
Twitter Continues to Battle DDoS Attack – Business Center – PC World
More than two days after experiencing a complete outage as a result of a distribute denial-of-service (DDoS) attack, Twitter and other social networking sites such as Facebook are still battling a surge in traffic related to the attack. Twitter has taken some steps to mitigate the spike in traffic and ensure that the site is not knocked offline again, but some of those steps are having an impact on third-party tools that link to Twitter through API’s (application programming interface).
Evidence gathered thus far from Twitter and other sites targeted by the DDoS attacks seems to suggest that the attack is actually a politically motivated attack aimed at silencing a Georgian activist. The victim, known by the online handle Cyxymu, uses blogs and social media sites like Twitter and Facebook to express views related to the tensions between Russia and Georgia.
To defend itself against the ongoing DDoS attack, Twitter has implemented various defensive actions, some of which are blocking third-party Twitter applications from being able to connect with Twitter API’s. The mitigating steps are also affecting the ability of many users to post to their Twitter accounts via SMS (short message service) text messages.
Other steps that can be taken involve identifying and isolating sources of attack traffic and simply dropping all incoming packets from those sources. That can have some affect, but when an attack leverages a botnet and the attack traffic is literally coming from hundreds of thousands of sources simultaneously it quickly becomes cumbersome and impractical to try and filter the traffic in this way. Another temporary solution could be to filter all traffic intended for the suspected victim, Cyxymu, and block that so that it does not hog the network bandwidth or server processing horsepower.
Posted from Diigo. The rest of my favorite links are here.
