Secure your Wi-Fi networks now!
Last time I visited an Internet cafe in Bangalore to scan a few documents I was in for a surprise. They asked for a photo ID before they offered me any service, even if it is just to scan a couple of documents to my USB stick. That is a good thing – makes it difficult for terrorists to operate and communicate.
This person apparently had his WiFi network wide open for anyone to access and abuse it. It is suspected that terrorists used his network or mail account to send a warning email hours before the blasts in Ahmadabad where about 54 people were killed.
He says “I’m not an IT professional. I have no idea how all that works”.
It is as good an excuse as saying “I am not a locksmith. I have no idea how to lock my doors”. Search google or ask a friend.
Some amount of blame rests with folks who make these Wi-Fi devices and not making them easy to operate in a secure by default mode.
Notes from the 20th FIRST conference in Vancouver
I was at 20th FIRST Conference Vancouver last month. Forum of
Incident Response and Security Teams is a community of folks
who work behind the scenes to keep the world running – from people
securing your banks to people protecting your national infrastructure.
Here are pointers to some of the interesting topics from the conference:
-
Fast Flux networks
Fast Flux nets are where compromised computers are used to temporarily
host malware. -
A talk on “Applied Security Visualization” demoed state of art
of network visualizations and tools. There is a live CD project called
DAVIX which aggregates the tools. -
An interesting demo was of “RFID hacking” – where Adam Laurie
demonstrated duplicating company badges and electronic passports with
gadgets that cost less than $100. He could take his scanner near a passport with RFID (aka E-passport) and display holder’s information including passport photo -
A Keynote presentation from former security chief of OLPC (One Laptop
per child) talked about features of OLPC as something as a great
advancement in security – for eg. the ability that only a open dialog
box can open files! (BTW, that sounds very similar to what we call in the UNIX setuid – that only password command can change passwords) -
A presentation about Mozilla development process talked about how
testing is done: they are always running enormous number of test suites
against the latest tree. They don’t rely on the developers to do the
testing for changes. -
Honey spiders – that crawl spam and phishing sites in search of malware and execute or analyze them.
-
Atanai Sousa showed how a phishing malware operated in Brazil,
giving insight into how the spyware and malware have an upper hand in
capturing your bank passwords weather you type them or use any
other practically useless mechanisms invented to circumvent
keyboard spys.
Overall it was good listening to stories direct from people in the
battleground, to get an understanding of real world problems and
threats they face. It also gave a good opportunity to meet
product security folks other companies and CERT folks from around the
world – many whom we communicate over email daily.
In the heart of Europe
I was in Praha (or Prague) a couple of weeks ago. Praha is a neat little capitol of a beautiful state in the middle of Europe.
Old city is full of buildings with great design, each is different from the others. City’s old buildings – unscathed in the world war – and neatly dressed old ladies and gentlemen make the whole place a surreal theme park.
An old Czech lady was telling me that she has seen her country occupied by three regimes: Germans, Soviets and now tourists 🙂
While Praha is a clean city, the most unpleasant experience was its cigarette smoke. Restaurants and most souvenir shops had an ambiance of tobacco haze.
In the city I marveled at the architecture and design of Obecnà Dům (or the Municipal House) where every door knob and hinge seems to have been crafted with the same care and attention to detail as rest of the ornate building.
Czech countryside is full of castles that dwarf any western mockups in both in size and grandeur. Spring weather was brilliant with full bloom of yellow flowers on lush green grazing grounds and bright red roofs.
The thing I enjoyed most was an evening walk in the hilly Village of Large Bungalows (sorry I don’t recall the name of the Village). It was a small village with large houses with beautiful gates, gardens, statues, fountains and luxury cars. Dates on the houses ranged from 1800 to 1950s and styles reflecting the era they were built in. There were rows and rows of such bungalows. There seemed to be only one restaurant in town which was closed.
Fast Forward in Time
I was trying out time lapse photography. My camera was clicking every 5 seconds whole evening and through the night. Captured set of photos (thousands) were converted to a movie using mencoder,
then cropped to 1080-HD resolution. You can see stars glide towards the horizon and moon going down (but google video quality is not HD and and not all starts can be noticed)
Last weekend I was on top of a hill to capture sun rise over the Sierra Valley in California. It was freezing and windy in the morning and the movie is a bit shaken:
Goodthings: The Greatest Invention since Bell’s Telephone..
No, its not the iPhone, nor VoIP and forget the cordless phones.. A while back, shopping for a land line phone. I would ask the shop sales folks if they had anything which had:
- quick dial – i.e ability to directly dial a handful of numbers quickly (max one or two button press)
- mute button
- speaker phone
- no AC adapter or batteries
I am surprised that there are really advanced phones (phones with bluetooth, skype etc.,) which don’t even have
quick dial settings. (I returned a good glossy black Philips Skype phone because it had no quick dial!)
At first it did not seem possible for me that such a phone could exist, because the smart sales folks at Fry’s or BestBuy
told me that they had never seen aything like that. The closest they could get was a Panasonic
It did not have an AC adapter but needed three batteries.
Then recently I stumbled upon this GE phone at OfficeDepot. (There is also an Activa branded one which is exactly the same model) It provided all the features I was looking for without an ugly AC adapter or batteries. I couldn’t believe it, I unpacked it in store to double check what it claimed on the carton. Apparently it is powered by the telephone line! It doesn’t have glossy black designer finish, but it gets my nomination for the greatest invention in telephone hardware since Alexander Gram Bell’s phone.
A cordless phone which adds two more cords at poor voice quality isn’t an advancement, a 500 number phone book which gets erased every time the power gets disconnected isn’t an advancement, but a phone which gives more features without retrogression is worth a praise.
Goodthings: Daylights
Things that deserve appreciation, should be appreciated, however trivial they are.
For what ever its worth, these notes of appreciation may help those in making decisions when needed.
I recently replaced all old electric filament bulbs at home with Compact Fluorescent Lights.
The prevalence of Edison era dim bulbs in USA surprises me.
Bulbs are rare in India, as most of Indian households use Fluorescent Lights. –> Insert Asrani’s classic “Ram laxman Bulb dena ” commecial here <–.
Even with Energy Saving CFLs with PG&E Rebates available in plenty harware shops, most give a dull yellowish light. Beware of the words “soft white light”, it means “dim”. The good lamps are those that say “daylight” or 5000 K+ ratings. Some shops don’t even keep stock of them and PG&E doesn’t seem to give a rebate on them. They may be couple of dollars more, but are worth for their natural light. Also look for lamps that say faststart or quick start, since ordinary CFLs take time to get to their full brightness.
Bank Robbery
8:30 pm at a deserted Bank of America ATM: as I drove into the parking lot, what I saw made my hair stand up. An old windowless car was the only one in the parking lot. Two people were dragging sacks of something hurriedly into that car. That made it look like a text book bank robbery, except they weren’t wearing any masks, nor holding guns up in the air. Looking at the volume of the bag it looked like they would have emptied millions of dollars. Our robbers then accelerated past me, innocently smiling at me. They looked like senior citizens burgling banks for fun!
I got down the car and went towards an ATM and there is no sign of breakage or forced entry; all lights were on inside the bank and the scene looked perfectly normal.
What our thieves looted wasn’t bank but the trash container!! It was completely empty as if the trash was cleaned up.
Either they were from a garbage pickup company which used cars instead of garbage trucks or they were the identity thieves trying to piece together account details from ATM receipts, or merely garbage thieves hoping to make money at the recycling unit. One thing for sure, I’ll go get a good paper shredder tomorrow!
Special Limited Edition Fridge Magnets on Sale!
I hadn’t experimented with any 3D things in a long time; lack of a supported 3D hardware on my Solaris laptop meant ray tracing and 3D technologies stayed out of my horizon. Much of the my art work remained exclusively two dimensional.
Recently stumbled upon something called polymer clay when I was scanning a local library for sculpting techniques. It is a wonderful technology where you can create colorful objects, shape them and bake them at home into hard plastic artifacts. My 3D graycells found a new avenue for expression. Over past few winter weekends scores of smiley faces popped up as fridge magnets.
All of them have a magnet embedded in them. You can use them as fridge magnets or stick them to office white boards. They sport wiggly eyes which adds life.
Sun Employees can buy them on Wednesday 28th Nov
at Sun’s Menlopark Cafeteria (building 11) as part of Sun’s Employee only Arts & Crafts Fair 11:30 to 2:00pm. This is limited special edition sale. Each piece in unique. If you want to buy them, be there early.
All are “on sale” except this one which is being auctioned!:
Night on the Royal Highway or El Camino Real (ell-ka-mi-no-rree-yal)
It was about 10:30 in the night. I was about to park my car inside our garage,
then the cool October night with a crescent moon tempted me to continue riding down the empty street.
El Camino Real or ‘The Royal Highway’ is only a furlong away from our house.
At night, while most of the shops were closed with lights off, few restaurants were still open.
There were people cleaning the footpaths and picking garbage like zombies; homeless people
pushing shopping carts in search of a place to sleep.
As a kid I had a BMX bicycle. While it was fun riding something that looked
like a miniature motorcycle, I never had thought that some people could be using them to commute to work.
All long the road there were many peddling down the footpath on a BMX bicycle.
Some may have been riding it for miles from affluent parts of the bay area towards slums.
Life on the The Royal Highway at night didn’t look as cheerful and colorful as it looks during the day
when car showrooms sport balloons and real estate agents wiggle signboards like clowns.
Magic of Fading Windows and Shadows on Solaris
Solaris Express has had updated Xorg server for some time. It now comes with a compositing extension. This extension needs to be enabled in /etc/X11/xorg.conf. Make sure that xorg.conf has these lines:
Section "Extensions" Option "Composite" "Enable" Option "RENDER" "Enable" EndSection
It can be used to create special effects in the X11 windowing system.
Compiz is one window manager that utilizes the extension to create multitude of eye catching effects. However it needs a good graphics card to run. If you just need smooth shadows and dissolving (fading) effects when windows appear or get closed, xcompmgr is good enough.
I run it with the following options:
xcompmgr -cf -D 5 -r 5 -t -6 -l -6.
It creates shadows behind windows. Menus, tooltips and windows appear and dissolve like magic.
Though overall effects are subtle and unnoticeable at first sight, it makes the Solaris user interface more polished. Also X11 applications which use transperancy appear as they were intended to be (see the clocks in the screenshot).
Note that the xcompmgr isn’t very stable, it crashes often.
Chandan Log 