Gospel. Culture. Technology. Music.

Category: Technology Page 8 of 17


Google Chrome – First Impressions

As with most Google products, many of which I use, simplicity seems to be the overarching theme. This is good for many of their applications, such as Google Talk and Earth, which makes it easy for the average user to navigate and operate. However, I must admit, I was hoping for a bit more functionality with the release of this new browser. Because it lacks some of the “out-of-the-box” functionality of Firefox and even IE (such as a basic menu toolbar), it fell short of my expectations.

Now, I know you can add applications to it and so forth. In addition, it is still in Beta testing, so things could change with it. But I doubt much will be added, knowing Google’s simplistic mode of developing applications. Their web browser is no exception. And for that I think I will simply stick with Firefox, at least for now.

Also, I did some investigation on what “engine” (or the component that drives the browser) they are using to render web content to your computer screen and this is what I found in the log files after hitting my websites: “AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13.” So, they are essentially using Safari as the browser core? That’s disappointing, though I know it’s not for you Mac fans out there. However, that’s not me, nor is it a great majority of my colleagues.

I figured they would be developing their own engine and going from there. Maybe that was already outlined from the very beginning in the initial news release, but since I only heard about it the other day, I haven’t had much time to investigate that. Regardless, I’m disappointed. I guess I was hoping maybe they would create their own engine code that made browsing even more efficient. But it’s just (in the Democrats words) more of the same, it seems.

I will say though that if you just want a straight, vanilla browser with no complex parts to it and all you want to do is read news on the web, or whatever, this is the browser for you. But if you want more default functionality, stick with Firefox or IE. I’m not impressed so far.

Top Webcam Email Alerts

I’m a nerd. I’m not afraid to hide it, clearly. As a nerd, I love technology. I have a webcam setup at home for security reasons, pointed across my front yard to catch possible intruders that wish to invade my property or cause other harm. I have a threshold setup on the software I run along with my webcam that, when hit, sends an email attached with a picture (or series of pictures) to an offsite email account.

Most of the time, I just get cars passing by, lightning during a storm, really any kind of movement or light change that causes enough of a fluctuation to trigger a webcam picture alert. Sorting through the emails on partly cloudy days is not always fun and many times, I just delete them all because it is too many to sort through. However, there are some rare occasions that I actually get something good, funny, or odd. Here is a sample of some of the best shots from the past two years that I have kept:
This guy thought he might try and get into my garage and steal some junk in the middle of the night last year in June.

Apparently, it proved to be too much of a risk for him with the flood lights along with neighbors who are not afraid to use a gun. Good, please leave. Whew.

I’m pretty sure this jumping spider knew he would send off an email alert and intentionally walked across the viewing range of the webcam.

It really isn’t that uncommon to see people walking across the yard. You would be quite surprised to know how many neighbors do this during the middle of the day 🙂 Anyway, this guy caught my attention only because he looks exactly like my wife’s brother. It was just the electric meter guy though.

I thought this was a fascinating photo study in the custodial/lawn service arts.

Finally, these are two shots from last nights’ thunderstorm that I thought were pretty awesome.

——————————–
Updated at 2:00pm on 08/02/2008:

I almost forgot … though we live in the city, we apparently are still on a rural mail route (can’t figure that one out). As such, we receive our mail (I would guess) about every other day on average, from a guy in a jerry-rigged minivan. He drives the thing from the passenger seat. Yet the wheel still resides on the drivers side … and I assume he has pedals on the passenger side as well. I’m still trying to figure out how he drives the thing without easily running into stuff. Very interesting to say the least.

Major DNS Internet Server Flaw – How it Affects the Average User

(Original): http://www.breitbart.com/article.php?id … _article=1
(Archived): http://www.westerfunk.net/archives/secu … et%20flaw/

(Original): http://isc.sans.org/diary.html?storyid=4780
(Archived): http://www.westerfunk.net/archives/secu … ervations/

Most of you will more than likely have no clue about this major flaw unless you read any of the tech headlines. Even then, there really should be no reason why you would know about it, or why it is important to you. But the consequences of this giant hole, if the internet servers are not patched, could potentially be devastating. And I would like to try and explain, to the average user, why this is a not a small problem by any stretch of the imagination. I emphasize the word “try” because I’m attempting to break the language down and make it easier to understand.

The flaw has to do with the internet servers you may have heard of called DNS servers. DNS stands for Domain Name Server. DNS servers function as a hostname to IP address resolver (e.g. www.google.com translating to 64.233.167.104, for arguments’ sake). So instead of looking up Google’s home page using an IP address (64.233.167.104), you enter in a name you can remember and it points to that particular IP address for you (www.google.com). That is a very simple description, but it will suffice to explain the issue at hand.

In comes the flaw: a hole exists within the widely used open source (i.e. free) DNS server software called BIND that allows an attacker to poison its DNS cache to change the hostname from it’s original IP to a different one. You say to me now, “what the … what are you saying?”

Let me try to explain. Whenever you look up www.google.com using your Internet Service Providers’ (ISP’s) DNS servers, that lookup request stays within the DNS server for a specified amount of time so it doesn’t have to keep looking up the IP address over and over again. The lookup request gets “cached” (or saved temporarily) in the servers’ memory. Basically, it makes the look up process much faster for you.

With that said, here’s the vulnerability: because of the hole that must be patched, hackers can currently insert or change www.google.com to point somewhere it was never intended to point. That’s a big problem.

And it only gets worse. A majority of us use the DNS servers provided by our ISP’s (e.g. AT&T, Charter, Verizon, etc.) who themselves use BIND (remember … the DNS server software?) to serve up DNS requests to users. Most of these ISP’s – yes, most – have YET to patch their servers and they remain highly exposed and vulnerable to, well, a massive attack by hackers.

Now here is how the attack would look from the average users’ point of view to, say, a banking site: you look up www.wellsfargo.com, get a page that looks like Wells Fargo’s, using their hostname even (ya know, www.wellsfargo.com). Yet you are pointed to (as an example) a foreign IP address to, oh, say, in Latvia. The fake Wells Fargo site employs the standard phishing tactic of asking you for your personal information to “verify” your identity. You input your information thinking it is your bank’s website. Yet all you are doing is giving your personal information to some hacker in Latvia who can then drain your account and steal your identity ultimately.

In all reality, this is a cyber national security threat, as our core DNS infrastructure remains highly exposed and ultimately could, in a worse-case scenario, hit the economy because of rampant fraud. Don’t think this could happen? Well, it’s likely ISP’s see how big the threat is now and are working vigorously to get their servers patched.

But, nevertheless, we should all take a sober look at what happened to OmniAmerican Bank within the past year (Archived) as an example of how the unforeseeable can happen, because there are people who are smart and determined enough to make it happen – even in a short amount of time.

Prime Example of Poor Project Management and Deployment

(Original): http://www.breitbart.com/article.php?id … _article=1
(Archived): http://www.westerfunk.net/archives/tech … %20iPhone/

“Let’s get this software out as fast as possible without setting up the proper infrastructure and implementing a stable design,” seems to be the motto for giant proprietary software vendors like Microsoft, in light of Vista’s implementation upheaval.

But now Apple is the next “bad management” culprit. It appears today as if the iPhone update to version 2.0 is not going so well. In fact, for many, it could possibly be disastrous, much in the same way many I know have lost their purchased iTunes altogether because of some iPod software issue (in the form of a total software reinstall which wipes out all their content, content that wasn’t backed up either, which is a separate issue).

This is one of the reasons I just don’t deal with Apple products in general, particularly iPods, iPhones, etc.: they are too dependent upon a system that is unstable in it’s deployment of new OS software. When it works it works, when it doesn’t it doesn’t, then all your data is gone, and you must reinstall the software from the bottom up.

Now I don’t have a Mac personal computer, so I don’t know about those. From what I’ve heard, they’re great to work with, that’s at least what everyone tells me. However, they are way out of my price range when I can get something with the same processing speed for literally a quarter of the cost.

I would like to add too though that I am not very pleased with how poorly Microsoft has been managing their software deployments either, such as Vista and XP SP3. For companies, these deployments have been disastrous and expensive, costing profit. I’m convinced these companies need to start setting their project deadlines back further instead of quickly just throwing something out there and hoping it works for the sake of a dollar. Maybe consider moving away from a profit-centric business model to a more customer-centric model and profits will inevitably increase as a result?

A Look at Security Vulnerabilities in Web Applications

Fascinating look at how vulnerable web sites and web applications are and how they became so insecure.

Wow … Burning Salt Water Could Cure Cancer

Google Android Phone Preview

Windows XP SP3 Released: DO NOT Upgrade Yet

Apparently, there are a number of people reporting serious problems with this service pack that have rendered some machines totally useless, in need of a total reinstall to get them to work again. You might want to hold out installing this for a little while longer. Here is just a sampling of some of the articles related to this release.

http://www.pcworld.com/article/id,14581 … ticle.html

http://news.idg.no/cw/art.cfm?id=1659E1 … 23FDD85185

http://www.eweek.com/c/a/Desktops-and-N … -Continue/

China’s All-Seeing Eye

Original: http://www.rollingstone.com/politics/st … _eye/print
Archived: http://www.westerfunk.net/archives/secu … ing%20Eye/

I don’t normally read RollingStone Magazine, but I stumbled across a link to an article while on Bruce Schneier’s security blog. In short, China is performing a social/spying experiment upon a city called Shenzhen. Every spy toy imaginable is being employed in the service of watching and controlling every movement its citizens make. This is 1984 stuff here. And one of the interesting comments in the article is that U.S. corporations are some of the largest financiers of this endeavor. Also, just like everything in China, it will be exported to a “neighborhood near you,” as it says in the article. I don’t know if that’s necessarily true and maybe a bit alarmist. But it is odd to me the U.S. seems to have such a vested interest in this. Also, at the very least, the technology could be quickly exported to current oppressive governments for the controlling of their people. Here are some quotes from the article:

“As China prepares to showcase its economic advances during the upcoming Olympics in Beijing, Shenzhen is once again serving as a laboratory, a testing ground for the next phase of this vast social experiment. Over the past two years, some 200,000 surveillance cameras have been installed throughout the city. Many are in public spaces, disguised as lampposts. The closed-circuit TV cameras will soon be connected to a single, nationwide network, an all-seeing system that will be capable of tracking and identifying anyone who comes within its range — a project driven in part by U.S. technology and investment. Over the next three years, Chinese security executives predict they will install as many as 2 million CCTVs in Shenzhen, which would make it the most watched city in the world. (Security-crazy London boasts only half a million surveillance cameras.)”

“This is how this Golden Shield will work: Chinese citizens will be watched around the clock through networked CCTV cameras and remote monitoring of computers. They will be listened to on their phone calls, monitored by digital voice-recognition technologies. Their Internet access will be aggressively limited through the country’s notorious system of online controls known as the ‘Great Firewall.’ Their movements will be tracked through national ID cards with scannable computer chips and photos that are instantly uploaded to police databases and linked to their holder’s personal data. This is the most important element of all: linking all these tools together in a massive, searchable database of names, photos, residency information, work history and biometric data. When Golden Shield is finished, there will be a photo in those databases for every person in China: 1.3 billion faces.”

One Shenzhen-based company, China Security & Surveillance Technology, has developed software to enable the cameras to alert police when an unusual number of people begin to gather at any given location.”

“Shenzhen is the place where the shield has received its most extensive fortifications — the place where all the spy toys are being hooked together and tested to see what they can do. ‘The central government eventually wants to have city-by-city surveillance, so they could just sit and monitor one city and its surveillance system as a whole,’ Zhang says. ‘It’s all part of that bigger project. Once the tests are done and it’s proven, they will be spreading from the big province to the cities, even to the rural farmland.’

In fact, the rollout of the high-tech shield is already well under way.”

I’m Not the Only One Apparently – Gmail’s Growing Spam Problem

A while back I wrote this post pertaining to what appeared to be spammers utilizing Gmail servers to send spam to my account. I didn’t know if it was just me or if others were experiencing it as well. It’s not just me apparently. This article on The Register in the UK shows that this is quite a growing problem for all mailing systems, that is now causing many mail services to start throttling Gmail (as well as Yahoo) emails that come in. This is bad news because Gmail was supposed to be one of the more secure mailing systems. In addition, it presents a big problem for services like Spamhaus because spam emails being sent through Gmail SMTP servers are not blacklisted. Therefore a spammer can send email from foreign IP address blocks that may be banned in the Spamhaus database, but because the email is actually being sent via Gmail servers, it is not blacklisted. So mail services have started enforcing throttling to limit the number of email that are sent from Gmail. This just shows that no matter how much security you put in place (even complex CAPTCHA techniques), there is always a way around systems, always. And at some point, someone will find the holes. It’s just a matter of time. The trick is staying ahead and always keeping people guessing.

Page 8 of 17

Powered by WordPress & Theme by Anders Norén