31 March, 2009

The "Conficker.C"-hype

I've read like tenfolds of articles both international and national about the suspected D-day, April 1st 2009. It is rumored that over 10 million computers will release a tidal-wave of DDoS-attacks on a global scale...

However, if you secured your home-setup earlier/today (like I have), you SHOULD be safe, for the time being...

Time will show.

But... to give you an idea about HOW malicious this worm is, Microsoft has promised a $250.000 reward for anyone able to provide information about it's creator(s). So, it's a serious issue.
Or...is it? ;P (April 1st 2009?? C'mon...)





For mine norske lesere, her er en ganske detaljert artikkel om "problemet": http://www.dagbladet.no/2009/03/31/kultur/tekno/internett/virus/5549841/

For å utfylle litt mer ut ifra det engelske innlegget ovenfor:
Er du sikret mot Botnets, som f.eks. ved å bruke OpenDNS istedenfor en lokal navnetjener (router, gateway, e.l. som cacher navnespørringer lokalt, utgjør en sikkerhetsrisiko på IP addressering mot Internett), så er du rimelig sikret i tilfelle noe av dette finner sted. Lite trolig, siden det dreier seg om 1. april...


Like I said...

Like in my previous post, a lot of IT professionals are also realizing the global network threat that is upon us.

Crackers (like everybody else) are now able to hookup to a decent Internet-connection with "broadband"-sufficient bandwidth, which also means; crackers are now globally able to take down multi-national corporation networks without too much hassle (provided they're not secured too much, not that it can't be bypassed, it just takes a lot longer to do it).

While researching how to protect my domain and network @ home, I discovered this article @ computerworld.com, entitled "100% Cure for Conficker": http://blogs.computerworld.com/100_cure_for_conficker

Steven J. Vaughan-Nichols (Cyber Critic) advises people to jump over from traditional DNS systems, to OpenDNS. After switching my static DNS adresses in my router(s), I found some interesting features in OpenDNS, like the ability to stop phishing-attack attempts, or advanced adress-filtering. They've gone through the works and secured the OpenDNS system to be as secure as can be, without crippling day-to-day performance.

For example, you have to be a registered OpenDNS user with a/multiple registered and confirmed IP-adress(es) to use name resolving through OpenDNS.

30 March, 2009

E-warfare

The time has come...


Fellow IT crowd: electronic espionage and malicious takeovers are upon us.

The following article-link takes up the subject about cyber espionage on a global scale: http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network
A 10-month investigation uncovered what seems to be a Chinese cyber-spy network crossing the globe. Further investigation through fieldwork, technical scouting and laboratory testing uncovered that the "GhostNet" can consist of as many as 1.295 individual computers residing in 103 countries. At least 30% of these can be considered high-value political, diplomatic, economic and military targets.
Some malicious crackers are surely having fun harvesting quite the bot-farm I must say...

And if the technical advisors are right, the Chinese can do ALOT more damage than just steal sensitive information.

We are now living the nightmare a lot of sci-fi literature predicted years ago...

Ph34r!

I'm not saying this affects everyday people at the moment.., but it's a wake-up call to remind us that we're not totally 100% secure online, what-so-ever...

28 March, 2009

E-beauty


;P

26 March, 2009

OS/2 lives on :)

The oldschool types never really die, they update and evolve ;) The 90's operating system: OS/2, was a development collaboration between Microsoft and IBM, to introduce the 2nd generation operating system to accompany IBM's second generation personal computers of the early 90's. Today you would assume the OS was long since dead and forgotten.., well, you'd be wrong.

OS/2 lives on to this day, and is represented by Serenity Systems as "eComStation 2.0 RC6a" (2 pictures below).





What I liked about OS/2 was it's clean intuitive interface :) It even had pseudo-3D games! (chessboard in picture below)


From wikipedia.org:

Future

There is a community of OS/2 users and developers, along with loyal company customers, hoping that IBM will release OS/2 or a significant part of it as open source. Petitions to that end were made in 2005 and 2007, but IBM declined, citing legal, technical and strategic reasons.[35] It is unlikely that the entire OS will be open at some point in the future, because it contains third-party code, much of it from Microsoft.

Also IBM made a deal with Commodore to license Amiga technology for OS/2 2.0 and above in exchange for the REXX scripting language.[36] This means OS/2 may have code not written by IBM, which can prevent the OS from being open-sourced in the future.[37][38]

Version 2.0 had such a long design cycle that its design started while OS/2 1.1 was still under development, and thus, portions of it were developed in conjunction with Microsoft, even though Microsoft never released a branded version of 2.0 (although they did release a beta in their name). IBM's contribution to versions 1.2 and earlier mostly resides in the GUI components; however, bug fixes and substantial performance changes to the entire system in 1.3 were made by IBM, and much more of the overall system (including the kernel) for 2.0 was developed by IBM.

The aborted PowerPC port did not involve Microsoft at all, and has been proposed as the basis for an open-source 64-bit version of OS/2.

Still, the community has suggested that, even if only the IBM portion of it is made open, the missing parts could be written by the same community to form a next-generation version of the OS. Code could perhaps be integrated from the Wine or ReactOS projects. Many developers believe that these missing parts include many of the legacy 16-bit components not revised since OS/2 1.x, and are exactly the parts that should be rewritten anyway. There is an ongoing petition to open parts of the OS arranged by OS2World.com.[39]

With the possibility of an open-source future for OS/2, the OS may be given a new lease of life. IBM's current and heavy involvement with several open source projects indicate that opening parts of OS/2 will not be difficult for the company. But until then, OS/2's future remains in limbo.

Open source operating systems such as Linux have already profited from OS/2 indirectly through IBM's release of the improved JFS file system which was ported from the OS/2 code base.

OS/2 programs will eventually use emulators and compatibility layers for running programs dedicated for OS/2.

25 March, 2009

Restrictions, copyright, modification

After watching the NUUG's webcast video of RMS's (Richard M. Stallman, FSF) 2009 Oslo copyright speech, I had a lot of ideas and opinions floating around.

What he said about proprietary software vendors implementing backdoors, malicious functions and spy-features did not surprise me, but what he said about Microsoft's latest systems DID.

I knew that they have always put in security-features making them able to update and/or fetch debug information about crashes and bugs.

But having the ability and non-authorized access to modify personal computer systems without the user knowing, pissed me off. You can definitely assume I'M not going to use neither Windows 7 or any of the Vista-flavours.

I use Windows XP Professional @ work, because I have to, not because I prefer to. That's it. My netbook runs Xandros (modified Debian), my server/desktop @ home runs Slackware Linux (-Current). And, as soon as it hits the electronics stores, I'm going for an Android-powered smartphone ;)

Asus 900 PC w/10hrs battery ;P

Hehe, my Asus Eee 900 PC with the 7,4V 10,4Ah battery case

(mildly oversized if you ask me, as shown in the 2nd picture below ↵)





A personal note about modifying this machine:

I cannot believe how easy it was to replace the RAM-module in this netbook! In contrast to the Acer Aspire One (AAO), this netbook was kids-play to open, remove the original RAM-module, and successfully replace with an upgrade.

Two screws opens an access hatch on the underside, which in turn gives access to both the single RAM-module and the miniPCI-express wireless card contained within ;) Both of which are not particularly wear resistant. So it was a blessing to be able to do this task in right under 5mins without having to dismantle the whole machine (as with the Acer Aspire One) to further risk electrostatic damage and so fourth...

I didn't really like Asus all that much before...but now, I LOVE Asus ;]

Among other nice features, it took my Huawei 220 3G USB modem out-of-the-box! No driver compilation, no additional kernel module...nothing. Just 'Plug-And-Play' ;P sweet!

24 March, 2009

Hahaha, hackers steer clear of Chrome

http://blogs.zdnet.com/Google/?p=1334

Charlie Miller (Security Hacker) at the CanSecWest security conference in Vancouver BC, says:

There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.

23 March, 2009

Flash memory

After getting my new Asus Eee 900 PC, I was curious to research flash memory, to see the current state of events surrounding this technology.

Among a few of my notations, I learned that non-volatile memory, is memory that can retain it's information even when power is cut. [ Thus SSDs (Solid State Drives) are non-volatile, because they are supposed to replace the now obsolete magnetic-disk storage format. ]

Another interesting fact about solid state memory, memory chips and programmable memory chips, is the little known fact about how they originated.., or, why they were developed in the first place.

What I found didn't really shock me at all. Like with everything else technology-related, the U.S. Air Force had it's cold, damp hands in the mix.

PROMs (Programmable Read Only Memory chips) were developed at American Bosch Arma Corporation in Garden City, New York as a request from the United States Air Force to serve as a flexible and more reliable way of storing targeting constants (ballistic targeting vectors / calculations) in ICBMs (or, InterContinental Ballistic Missiles).

PROMs are defined as "non-volatile permanent storage devices", as they are programmed after creation, by shorting fuses in the chip to state binary digit programming [1(on) or 0(off)]. Or, to be blunt: PROMs usually contain machine-level instruction-sets to execute pre-defined tasks.

But as with a lot of technology, permanent storage is not a preferred every day method for the average Joe. So, later years were dedicated to develop dynamic flash memory.

In modern flash memory, the chips should be/are able to re-write/delete data up to several times without any significant drops in performance.

19 March, 2009

"Hacker er en æresbetegnelse"



Hacking er en æresbetegnelse, digi.no
Hacking i denne sammenheng vil ikke si å skape problemer for andre. Han ser på seg selv som en problemløser der hacking er en æresbetegnelse for en person som gjør sin egen greie når ting ikke fungerer slik man selv vil: 

- Er du en nerd klager du. Det handler om å ikke resignere når man møter på et problem, men å jobbe til man har en løsning, forklarer Skjefstad

16 March, 2009

På tide ordensmakten tar steget...



Vekk med Windows! - digi.no : Kommentarer
Diskusjonen går høyt om Mac OS og Linux er tryggere enn Windows, teknisk sett. Konklusjonen synes å være at ja, begge de to alternative operativsystemene er mer robust konstruert enn Microsofts markedsledende system. Men selv om det kan stilles spørsmålstegn ved dette (og det gjør Microsoft, selvsagt), så er det et faktum at systemer som få bruker ikke er så utsatt for virusmakerne som systemer som brukes av en minoritet.

Norsk film i spillmarkedsføring



Ein! Zwei! Die!

Død Snø / Dead Snow

Kult å se at spillbransjen i USA faktisk følger med på internasjonal kultur :) Banner på at jeg kjenner en kompis med spillet som kommer til å bli ekstatisk for tilleggene ;P

Activision har nå besluttet seg for å markedsføre krigsspillet "Call of Duty: World at War" med den norske spille-/splatterfilmen "Død Snø" av Tommy Wirkola ;P

http://www.itavisen.no/807614/norsk-film-i-spillmarkedsforing

13 March, 2009

WEEEEEE!!!




Endelig RETT definisjon av mitt/mine favoritt-ord:
http://no.wikipedia.org/wiki/Hackere

En datasnok eller hacker er en som setter pris på den intellektuelle utfordringen ved å bryte grenser eller jobbe seg rundt begrensninger på et felt de er interessert i -- primært programmering. Begrepet oppstod blant informatikk-studentene på MIT på sekstitallet.

Jargon File definerer begrepet hacker slik:

  • En person som liker å utforske egenskaper ved programmerbare systemer og hvordan utvide sine evner, i motsetning til de fleste brukere som foretrekker å bare lære seg det mest nødvendige.
  • En som programmerer entusiastisk (og som gjerne blir oppslukt av det) eller som setter pris på programmeringspraksis heller enn bare teori om programmering.
  • En person som vet å sette pris på «hack value»
  • En person som er god til å programmere raskt
  • En ekspert på et bestemt program, eller som ofte jobber på eller i det, f.eks. en Unix-hacker.
  • En ekspert eller entusiast på et vilkårlig område (man kan være en astronomi-hacker, f.eks.).
  • En som setter pris på den intellektuelle utfordringen ved å bryte grenser eller jobbe seg rundt begrensninger.
  • En ondsinnet innbruddstyv som sniker i fremmede systemer for å oppdage hemmeligstemplet informasjon.

Det siste punktet er kontroversielt, og mange mener den korrekte betegnelsen på en slik person med onde hensikter er cracker (Criminal Hacker).

Tidsskriftet 2600: The Hacker Quarterly tar opp spørsmål som er aktuelle for datasnoker.

I 2600 og miljøet rundt refererer begrepet «hacking» til grey hat, en form for hacking som utnytter og manipulerer dataprogrammer- og systemer til grensen for det som er mulig. Formålet med grey hat er ikke å bryte loven, selv om det i visse tilfeller blir gjort.

SERIØST...!?



Herregud folkens, dette er for dårlig når vi har de ressursene og mulighetene vi råder over i vårt fagre land!
>;/

Først Kripos, så Politiet, tollen... Hva skjer videre? Skal nasjonsviktige institusjoner bare falle som fluer i grusen?

"Hvordan skal normale individer kunne beskytte seg på nett når store offentlige organisasjoner ikke klarer dette?"

Vel, for det første hadde det kanskje vært lurt å sende ansatte på IT-kurs, evt. personverns-veiledning og sist men ikke minst; grunnleggende anti-virus og spionvare opplæring...

Eller.., hva med å FAKTISK BRUKE FINANSIERING PÅ DATASIKKERHET!? Rutiner er IKKE alfa-omega, men hjelper på med godt uttenkte retningslinjer og verktøy.

http://www.digi.no/807565/conficker-skapte-kaos-for-politiet

http://www.digi.no/807455/politiet-er-lammet-av-virus

10 March, 2009

Choosing the right flavour...

A lot of Linux enthusiasts argue/claim that Slackware Linux is an outdated and obsolete Linux distro. Fair enough, if compared to more modern bleeding-edge distributions like Ubuntu, SuSe, Gentoo and the like.

Allthough Slackware is a vanilla-distro (little or no changes/patches to system packages what-so-ever), it can be TWEAKED to include whatever you'd like. It is one of the last "hands-on" distributions out there. ANYTHING can be hacked/tweaked to suit any needs.

Slack forces the user to learn Linux from the ground up, and by this learning-curve, makes the user able to do whatever on whatever distribution in question. However, there are custom-distro's that focuses on specific user-scenarios: Ubuntu serves as a good "out-of-the-box" operating system for "gnubies", Fedora is Red Hat-based and serves as a rock-solid server framework or a good place to start as a sysadmin, SuSe is very good at security and Gentoo for compilation-wizards and optimization-gurus.

But since Slackware is the oldschool-type, it is basically barebones.., it is the base, and it works!

Patrick Volkerding is the maintainer and "BDFL" of Slackware Linux.

The three S' o' Slack:
  • Simplicity
  • Stability
  • Security

NAV / Jobb / Ledighet



"...venter doblet arbeidsledighet, nærmere 100.000 arbeidsledige ved utgangen av året..."

"...ikke siden 1988-90 har det vært registrert en like sterk ledighet som nå..."

http://www.dinside.no/807187/venter-doblet-arbeidsledighet

05 March, 2009

API / ABI / POSIX

API => Application Programming Interface

An application programming interface (API) is a set of routines, data structures, object classes and/or protocols provided by libraries and/or operating system services in order to support the building of applications.

The API itself is largely abstract in that it specifies an interface and controls the behavior of the objects specified in that interface. The software that provides the functionality described by an API is said to be an implementation of the API. An API is typically defined in terms of the programming language used to build an application. The related term, ABI (Application Binary Interface), is a lower level definition concerning details at the Assembly language level. For example, the Linux Standard Base is an ABI, while POSIX is an API.

POSIX => Portable Operating System Interface

The POSIX standard defines an API that allows a wide range of common computing functions to be written such that they may operate on many different systems (Mac OS X and various BSDs implement this interface); however, making use of this requires re-compilation for each platform.

03 March, 2009

Development & Simplicity

"everything should be made as simple as possible, but no simpler"
--Albert Einstein


"simplicity is the ultimate sophistication"
--Leonardo Da Vinci


"it seems that perfection is reached not when there is nothing left to add,
but when there is nothing left to take away
"
--Antoine De Saint Exupéry


KISS => Keep It Simple Stupid !