Saving The World, One __________ At A Time

Delicious LiveJournal Links for 6-26-2009

Fri, 26 Jun 2009 23:07:05 GMT

Stop Password Masking (Jakob Nielsen's Alertbox)

"Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures."

A lot of truth in this article, especially for new users. What do you think?

(tags: security passwords usability)

Wedding Photo Album

Thu, 25 Jun 2009 03:53:03 GMT

The wedding photos are online:
http://picasaweb.google.com/deshantm/WeddingAlbum

I commented on most of the photos.

For my earlier reaction to the wedding see:
http://deshantm.livejournal.com/36750.html

and in case you missed them, the honeymoon pics:
http://picasaweb.google.com/deshantm/Honeymoon

Honeymoon

Delicious LiveJournal Links for 6-24-2009

Wed, 24 Jun 2009 23:08:43 GMT

Analysis of an Intrusion

“Why do strong passwords matter?” “Who cares about my data? I don’t have anything worth stealing.” These are common arguments raised by users when presented with the requirement of using strong passwords. The strongest counter-example to these arguments came this week in the form of a compromised user account. Let’s travel back in time…

(tags: security clarkson phd)

Delicious LiveJournal Links for 6-20-2009

Sat, 20 Jun 2009 23:05:49 GMT

Browser Security - ACM Queue

A nice article from Google Chrome developers on browser security.

"There is no silver bullet for providing a perfectly secure browser, but there are several techniques that browser developers can use to help protect users. Each of these techniques has its own set of challenges.

In particular, browsers should minimize the danger that users face using three techniques:

Reduce attack severity by applying the principle of least privilege in the browser architecture. This technique limits the damage caused when an attacker exploits a vulnerability.
Reduce the window of vulnerability by ensuring updates are developed and deployed as quickly as possible. This technique minimizes the number of vulnerable browsers an attacker can target.
Reduce how often users are exposed to attacks by filtering out known malicious content. This technique protects users during vulnerable time windows.."

(tags: security browser google chrome phd)

Delicious LiveJournal Links for 6-13-2009

Sat, 13 Jun 2009 23:08:15 GMT

German Design Firm Calls Its Car Concept "Open Source"

"is based on a core chassis which can accommodate many modular types of exterior designs. Going further with the modularity concept, it has daisy-chained organic light-emitting diodes (OLEDs) under its surface that allow the user to configure the look of everything from headlamps to brake lights to the car's interior. Although EDAG is approaching other companies to help with the design, it's a stretch to call this car open source, but it does leverage open source concepts."

(tags: opensource writing cars)
Riversimple to Unveil Open Source Car in London This Month

"The team decided to release the car's designs under an open source license in order to speed up the time it takes to develop the vehicle while also driving down the cost of its components. There's an altruistic value to the idea as well:

Human society is facing the twin challenges of peak oil and climate change, and transport represents a significant proportion of global emissions.We urgently need more fuel efficient vehicles, and by sharing our ideas and our designs we hope to encourage others to adopt this novel technology. "

(tags: opensource car fuel technology)
The inside story of the Conficker worm - tech - 12 June 2009 - New Scientist

A really good explanation of the Conficker worm's evolution

They call it the worst they have seen, but we have been hearing about these types of things for a long time.

A good defense: don't use the most popular systems

(tags: security conficker worm botnets phd)

Delicious LiveJournal Links for 6-11-2009

Thu, 11 Jun 2009 23:09:27 GMT

eChannelLine USA - Palo Alto Networks announces new breed of firewall software

"Any application can use any port and firewalls tend to make all policies and assumptions based on ports so they don't really do anything anymore," said Chris King, Palo Alto Networks director of product marketing. "You've got this whole crop of firewall helpers that came up into orbit around the firewall and our contention is if you fix the firewall . . . you can rip off a lot of the band-aids."

(tags: security firewall phd)

Delicious LiveJournal Links for 6-6-2009

Sat, 06 Jun 2009 23:05:04 GMT

How to Write a PhD Thesis

A really nice howto on writing a PhD Thesis

(tags: phd research howto advice dissertation)

Delicious LiveJournal Links for 5-27-2009

Wed, 27 May 2009 23:08:21 GMT

W32/Bagle@MM | Virus Profile &amp; Definition | McAfee Inc.

Old mass mailing worm that pretends to be the windows calculator.

It also listens on a port.

(tags: security virus worm phd)
OverTheWire - Wargames

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of funfilled games. To find out more about a certain wargame

(tags: hacking games challenge security research wargames)

Delicious LiveJournal Links for 5-22-2009

Fri, 22 May 2009 23:40:08 GMT

SOSP 2007 Program

Symposium on Operating Systems Principles 2007

(tags: conferences operating_systems phd)
OSDI '08 Technical Sessions

Operating Systems Design and Implementation

(tags: conferences operating_systems phd)
FAST '09 Technical Sessions

File and Storage Technlogies (USENIX)

(tags: conferences filesystem phd)
A Conversation with Van Jacobson - ACM Queue

A really nice audio interview.

The TCP/IP pioneer discusses the promise of content-centric networking with BBN chief scientist Craig Partridge.

(tags: internet content-centric networking)

Prime numbers and age correlation

Tue, 19 May 2009 04:37:09 GMT

So, I can't find any other people claiming this, so I thought I would throw it out there (for fun and for discussion).

It seems that prime numbers very much correlate with ages of prime. Prime ages, for different things of course.

Some examples:

2 is a prime age (anybody that has met most 2-year olds knows why this is true)
3 is still prime age to be a little kid
5 is a prime age to start school
7 is a prime age, 7 is a great time to be in second grade, 7 is also a lucky number and good second grade teachers are most common.
11 is prime time to get good at math and memorize multiplication tables.
13 is a prime age to become a teenager.
[Notice nothing prime between 13 and 17]
17 is prime age to be in high school, hanging out.
19 is a prime age to play sports (athletic prime), be in college, and all that goes with that.
23 is a prime age to go to grad school or finish college and get a job.
[Notice again nothing prime between 23 and 29]
29 is a prime age to be married.

I'll stop here for now. I am not yet 29 even, but my wife is.

Notice that interestingly enough 16, 18 and 21 are not prime, I bet a lot of people would consider these key/prime ages...

Ok, so as far as I know (I couldn't find anything with a google.com or searchme.com search), you heard it here first - prime numbers seem to very much correlate with prime ages. Your mileage may vary of course and as always, feel free to comment, disagree, or give your personal experiences.

Delicious LiveJournal Links for 5-18-2009

Mon, 18 May 2009 23:09:02 GMT

Crossroads - Spring 2009

HCI and Theology: Chalk and Cheese by Steve Clough.

A really interesting ACM Crossroads article on HCI + Theology

(tags: computers hci theology)

Delicious LiveJournal Links for 5-16-2009

Sat, 16 May 2009 23:06:16 GMT

Why Common Risk Scores Matter (Sync)

The date is May 12th 2009 and you are a mild mannered IT manager anticipating a single bulletin from Microsoft and a possible update from Adobe. The team has their assignments; their computers are locked and loaded. The team is ready to execute on the planned patch release mechanisms.

(tags: security IT patches phd)

Delicious LiveJournal Links for 5-13-2009

Wed, 13 May 2009 23:08:00 GMT

Schneier on Security: Zeus Trojan has Self-Destruct Option

"Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control.

But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.

This is bad. I see it as a sign that the botnet wars are heating up, and botnet designers would rather destroy their networks than have them fall into "enemy" hands."

(tags: botnets phd security)
Schneier on Security: Researchers Hijack a Botnet

A bunch of researchers at the University of California Santa Barbara took control of a botnet for ten days, and learned a lot about how botnets work

(tags: botnets phd security)
John W Powell : The 7 Habits of Highly Effective Developers

The 7 Habits of Highly Effective Developers

Passionate
Able to Learn, Unlearn and Re-learn
Balance Principle and Practice
Keep It Simple Software (KISS)
If You Don't Know the Answer, Know Someone Who Does
Focus on Value
Puts the Needs of the Many Before the Needs of the One

(tags: advice tips habits productivity)

Delicious LiveJournal Links for 5-11-2009

Mon, 11 May 2009 23:05:17 GMT

Testing for Conficker with Nmap

The latest nmap release can test Windows machines for Conficker infection

Port scanning techniques like sound very familiar...

(tags: security virus botnets nmap phd)

Delicious LiveJournal Links for 5-9-2009

Sat, 09 May 2009 23:05:05 GMT

Yellowpipe - Lynx Viewer

Easily support another browser (lynx) with the Lynx viewer

The Lynx Viewer allows webmasters to see what their pages will look like when viewed with Lynx , a text-mode web browser. It is also presumably, how search engines see your site. In addition to that, it can help determine if web pages are accessible to the vision impaired.
Note: For best results, you should download a copy of Lynx itself and run it locally on your own computer. Lynx for MAC OS X.
This service is intended to be used only by content developers, on their own pages.

(tags: lynx accessibility browser utilities)
5 Sources for Free Computer Technology Education Online -- Education-Portal.com

Lacking in computer knowledge? Here are 40 computer technology courses that can be taken for free online.

(tags: reference howto education tutorials computing)

Delicious LiveJournal Links for 5-7-2009

Thu, 07 May 2009 23:10:06 GMT

Slashdot | Let Big Brother Hawk Anti-Virus Software

Frequent Slashdot contributor Bennett Haselton writes with his idea for mass adoption of anti-virus software: "If the US government did more to encourage people to keep their computers secure — by buying TV ads to publicize free private-sector anti-virus programs, or subsidizing the purchase of anti-virus software — we'd all be better off, on average. That's not just idealistic nanny-statism, but something you can argue mathematically, to the point where even some libertarians would agree." Read on for the rest of Bennett's thoughts.

I don't disagree that there is a problem, but don't agree with the solution. Anti-virus doesn't block everything. Users are still susceptible to zero day exploits

(tags: security antivirus phd slashdot)

Delicious LiveJournal Links for 5-2-2009

Sat, 02 May 2009 23:06:05 GMT

http://software.intel.com/en-us/articles/isolated-execution/

intel page for the isolated exec project

(tags: opensource isolatedexec intel virtualization sandbox)
Official Google Enterprise Blog: What we talk about when we talk about cloud computing

Google's take on the cloud and also some on virtualization.

(tags: cloudcomputing virtualization google)

Delicious LiveJournal Links for 4-26-2009

Sun, 26 Apr 2009 23:05:30 GMT

Conficker

"The New York Times called it an "unthinkable disaster", the television news show 60 Minutes said it could "disrupt the entire internet" and we at the Guardian warned that it might be a "deadly threat". Naysayers were few, and drowned out.

The first of April passed without incident, but Conficker is no less dangerous today. About 2.2m computers worldwide, are still infected with Conficker.A and B, and about 1.3m more are infected with the nastier Conficker.C. It's true that on 1 April Conficker.C tried a new trick to update itself, but its authors could have updated the worm using another mechanism any day. In fact, they updated it on 8 April, and can do so again.

...
But people being people, it takes a specific story for us to protect ourselves."

(tags: security virus conficker phd botnets ddos)
Oracle's Ellison nails cloud computing | Outside the Lines - CNET News

(Re-delicious ~ Re-Tweet RT) RD @sdague

The Wall Street Journal quoted the Oracle CEO's remarks: "The interesting thing about cloud computing is that we've redefined cloud computing to include everything that we already do. I can't think of anything that isn't cloud computing with all of these announcements. The computer industry is the only industry that is more fashion-driven than women's fashion. Maybe I'm an idiot, but I have no idea what anyone is talking about. What is it? It's complete gibberish. It's insane. When is this idiocy going to stop? "We'll make cloud computing announcements. I'm not going to fight this thing. But I don't understand what we would do differently in the light of cloud." (yes, it's an old article, but the quote is awesome, and spot on)

(tags: cloudcomputing)
Virtualization experts debate security of thin, robust hypervisors

"Should the code running a virtual machine be as robust as a desktop operating system or thin and transparent? That question was debated Thursday at the 2009 RSA Conference."

(tags: virtualization security opensource phd)

Delicious LiveJournal Links for 4-24-2009

Fri, 24 Apr 2009 23:08:50 GMT

ACM SIGOPS: Volume 43, Issue 2 , Virtual machines: a whole ...

"This article addresses a problem of performance monitoring inside virtual machines (VMs)"

Probably a good benchvm reference

(tags: virtualization performance benchmarking phd benchvm)

Delicious LiveJournal Links for 4-23-2009

Thu, 23 Apr 2009 23:06:53 GMT

Not A Hat—Hit by an OS X exploit

"That's a PHP script, running as root, and DoSing a website. (I've taken out the website URL, but it is one that has recently been under a documented DDoS attack.)"

(tags: security malware mac virus osx botnets phd)
iBotnet: Researchers find signs of zombie Macs | Zero Day | ZDNet.com

(tags: mac botnets osx security phd)
Researchers Find Massive Botnet On Nearly 2 Million Infected Consumer, Business, Government PCs - DarkReading

"Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the U.S. "

(tags: security malware botnets phd)
Slashdot | New Mega-Botnet Discovered

"According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"

(tags: botnets security phd)
The Future Of Computing Will Be Good Enough - Business Center - PC World

"The latest version of the Linux kernel includes an experimental driver module that tears apart the fabric of space-time. Keir Thomas tested this module, and in doing so managed to retrieve the following article, posted on PC World supersite in the year 2025."

(tags: linux microsoft windows good-enough computing)

Delicious LiveJournal Links for 4-22-2009

Wed, 22 Apr 2009 23:11:16 GMT

Slashdot | Botnet Expert Wants 'Special Ops' Security Teams

slashdot botnet article (links)

(tags: security botnets phd slashdot)
Researcher wants hacker groups hounded mercilessly

"Rather than pursue malware makers the old-fashioned way -- a tack Stewart argued is haphazard, at best -- he said that teams of paid security researchers should be created to stalk and disrupt specific criminal gangs or botnets. Set up like a police department's major crimes unit or a military special operations team, the researchers would take a long-term view, get to know their target, perhaps even infiltrate the group responsible for the botnet and employ a spectrum of disruptive tactics."

(tags: security botnets phd)
All Conferences . Com - Conventions - Trade Shows - Convention Centers - Meetings

a database for all conferences

(tags: phd research conferences reference)
The Fifth International Conference on Information Assurance and Security (IAS09)

another interesting security conference

(tags: conferences security phd)

Delicious LiveJournal Links for 4-21-2009

Tue, 21 Apr 2009 23:09:23 GMT

iptables Tutorial

another good iptables howto

(tags: iptables phd)

Delicious LiveJournal Links for 4-20-2009

Mon, 20 Apr 2009 23:09:25 GMT

Symantec Endpoint Virtualisation Almost Open for Customers! Read the First Review | Symantec Connect

desktop-oriented security workspace virtualizaton tool from symantec

(tags: security desktop symantec phd)
freebench - Google Code

"freebench is an open-source multi-platform benchmarking suite. It makes use of existing open source tools to give a well-rounded score to measure a system by. Our goal is to have 10 tests that run in under 10 minutes, representing a variety of workloads:"

(tags: linux benchmark phd)
Performance Evaluation of Virtualization Technologies for Server Consolidation

Keyword(s): server consolidation; virtualization; multi-tier application; performance; overhead

(tags: virtualization benchmarking performance phd)
Publications

lots of virtualization, performance, benchmarking papers

(tags: papers virtualization benchmarking phd)
Security Conference Ranking and Statistic

(tags: security research conferences advice ranking phd)
Patrick Drew McDaniel - Publications (by type)

Patrick McDaniel publication list.

Many related to security.

(tags: publications security conferences phd)
Security Conferences

"Please note that this is by no means a comprehensive list of security conferences, just a list of the ones I want to keep track of, and some of the better known conferences in other areas of security (e.g. in cryptography). I have also restricted myself, for the most part, to conferences with an academic flavour.

A conference is a gathering of important people who singly can do nothing, but together can decide that nothing can be done. - Fred Allen"

(tags: security research conferences list phd)
Annual Computer Security Applications Conference (ACSAC) 2009

ACSAC has a tradition of bringing together security professionals from academia, government and industry who are interested in applied security.

(tags: phd security malware research conferences)

Delicious LiveJournal Links for 4-18-2009

Sat, 18 Apr 2009 23:10:17 GMT

Oracle smashes the VMware Virtual Appliance Marketplace

Oracle getting into Virtual Appliances and attacking VMware

(tags: virtualization oracle phd)

Delicious LiveJournal Links for 4-17-2009

Sat, 18 Apr 2009 00:00:16 GMT

Microsoft Certified Professional Magazine Online | Column: Bottleneck Battle

netperf article, with windows binaries linked

(tags: netperf benchmark performance windows)