Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Tuesday, January 1, 2008

Shot or Not? New Bhutto's Assassination Video released on Channel 4

New Bhutto's Assassination Video released on Channel 4

Slate magazine says "Bloggers are turning into ballistics experts" after the British Channel 4 released a new footage of Benazir Bhutto's last moments. The new video, according to Slate, is now compared to the Zapruder JFK assassination film and "further calls into question the Pakistani government's assertion that Bhutto died from hitting her head on the sunroof handle" as it clearly shows Ms. Bhutto was shot. Watch Channel 4's new Bhutto's assassination footage.

Wednesday, December 12, 2007

IE7: "A little over a year". Lots of CSS bugs. Still no bug tracking.

IE7: A little over a year. Lots of CSS bugs. Still no bug tracking.

Well, yes, it has been a little over a year since "they" released IE7 on Windows XP and for Windows Vista, so IE7 Group Program Manager Mr. Tony Chor, who is also an avid blogger, thought "it would be worthwhile to talk about where we are after the year." Why? because of "the positive impact IE7 has made" for Microsoft users, because "as you know" Microsoft "focused a lot on improving security in IE7" making "IE 7 the safest Microsoft browser released to date" and because - yes - "IE7 had both fewer fixed and unfixed vulnerabilities in the first year than the other browsers" they compared with.

Also, says Mr. Chor, "according to internal Microsoft research based on data from Visual Sciences Corporation "over 300 million users are experiencing the web with IE7" making it "the second most popular browser after IE6." I'll save you the rest of the exciting new features and reasons specified by Chor. You can read them all here if you like. The point here is that many angry folks seem to have been waiting a long time for such an opportunity to express their real feelings towards IE7 as well as Microsoft's approach for how to handle their interaction with Internet developer community. I quoted up some of the best onces for you as there are just too many of them. Enjoy.

"Sorry, I can't get past the all-too-frequent IE 7 crashing or hanging at seemingly random times to appreciate anything you just posted." (Internet Explorer has stopped working)

"...It would be sad for IE to fade away in its own delusions of grandeur and support its own misguided standards of how the web should be. Good luck and hope to hear about IE's future developments so I can properly hack my sites to work with its arcane developments." (Joshua)

"From the horrifically god-awful (IE6) to the merely depressingly buggy, nonstandard, and incomplete (IE7)... congratulations!" (Joseph E. Davis)

"... 1 year, still no bug tracking 1 year, still no updates on IE8 features 1 year, still no updates on IE8 bug fixes 1 year, still no ETA on IE8 release 1 year, still no ETA on IE8 Beta release(s) 1 year, still no ETA on IE8 Alpha release(s)" (Sam)

"...Every single day, web authors of all experience, from amateurs to experts/gurus, experience difficulties (from minor to major) with bugs of all kinds in IE 7. When is Microsoft going to finally fix all these proven and testcase-ed bugs?" (Gérard Talbot)

"IE Team called out for biased numbers" (Concerned User)

"I wonder when will you release IE without click to activate..." (n-blue)

"... Let's see... six years for IE7, so you guys are on track to have IE8 by what, 2012? Your problem is you think in terms of years. Your problem is that your company sees the web as a competing platform. Do us all a favor and stop making IE altogether." (Paul)

A few words about my own view. After spending four years with Conceptis development team putting up a totally dynamic yet 100% standard compatible application server there are simply no words to describe how horrible is the fact IE is a closed undocumented software ignoring the fact Internet is not owned by Microsoft:

We had a professional top-gun graphic designer added to our payroll to have the most spectacular GUI ever seen. At least a year was spent on coming up with the basic layout look and language. Aiming to support everyone's Internet experience we took a huge effort to have all of it implemented using 100% W3C standards. We came to a point where IE is supported on the site and design look almost as it should - there is not a single line of code in this project containing the bad behavior of mixing graphic design with code and all graphic instructions are done exclusively via CSS, just as they should be "by the book".

In short, we did our part. Yet, most of the time we spent on CSS development went to solving IE6 particular bugs. There were times when we were certain that eventually we'll bump into all of them, a frightening thought in light of the fact there are hundreds. Now with IE7 around it looks like things are not going to be very different. It looks like we will probably just have to add a bunch of IE7 dedicated hacks to our IE CSS override pool. As explained by a fellow named Gérard Talbot the IE development team still has to fix -

"at the very least 700 bugs, incorrect implementations (all testcase-ed, all demontrable, reproducible) happening in HTML 4, CSS 2.1, DOM 2 interfaces and then implement more or less 500 properties, attributes, methods specified in official W3C Technical Recommendations, W3C web standards (HTML 4, CSS 2.1, DOM 2 interfaces, DOM 2 Core, DOM 3 Core)."

How lovely...

There is one particular comment on this thread which I thought should be brought in full as it pretty much sums up my personal feelings towards the subject discussed. Here it is, exactly as posted on the official IE blog by owner of a web development company Adam Tichy on Thursday, December 06, 2007:

"I'm a web developer, not a literary scholar, therefore I cannot quite find proper words to describe my total disgust with IE. I honestly can't wait long enough for that horrible thing to just crawl into the depths of forgotten projects and die.

"Most of my customers provide consumer or business internet services and they rightfully insist that the web applications work properly in all major browsers. Since MS packages this crap together with the OS it is a small wonder that in whatever diminishing numbers, the IE is still out there in force. It makes my life a living hell! I have to either seriously compromise the design and functionality or essentially build several variants of the sites just to make it work for the ignorant IE6/7 crowd.

And I'm not so sure the smaller number of support calls is something to boast. Judging from the stats on my sites, more and more people access them via the "other" browser(s). If this trend continues (and hopefully it will) you will be receiving even less support calls in the future. 300 million my foot."

[Above illustrative image courtesy of Alex who bumped up a confirmed bug by Microsoft. Confirmed since medieval ages of IE 5.]

Tuesday, September 11, 2007

New virus attacks Skype for Windows users

What do you know, Skype are on my news once again, and once again not for very good ones. After the recent service outage last month, Skype now have new computer virus called “w32/Ramex.A” affecting their Windows users. Hey, I am using Skype for Windows myself...!

According to an official announcement now published on the Skype blog homepage Infected users appear to be sending chat messages to other Skype users asking them to click on a web link that can infect the computer of the person who receives the message. The infection only occurs after downloading the linked file and running the malicious software. The chat message, of which there are several versions, is 'cleverly' written and may appear to be a legitimate chat message, which "may fool some users into clicking on the link".

Skype says they have been in contact with "the leading" antivirus software companies about this worm and that these companies are "updating their software to effectively stop this worm and as well as its side effects". By now F-Secure, Kaspersky Lab and Symantec have been reported already to update their products to detect and remove the worm.

Also according to Skype, expert users "and only expert users" who know what they’re doing can remove the worm manually with the following procedure:
  1. Restart the PC in safe mode
  2. Run regedit
  3. Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
  4. Go to Windows\System32 directory and delete following files: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe
  5. Go to windows/system32/drivers/etc
  6. Find file hosts
  7. Open it with notepad, ctrl+a and delete all entries (this will resume your antivirus updates), save, close.
  8. Restart the PC.

Tuesday, August 21, 2007

Skype: Microsoft patch triggered outage

Last Tuesday, August 14, the great Redmond giant released another one of its patch batches claiming to fix (at least) 14 operating system security holes in computers powered by different versions of Windows and MS Office. The updates were pushed to millions of MS users all over the world using the Microsoft's "Automatic Updates" system.

Windows XP users were pushed with at least six updates from this patch batch, and more if they have any version of Microsoft Office installed. Office 2000 users had to scan the Office Update site for additional fixes not offered via Microsoft Updates.

On Thursday, 16th August 2007, the whole world was amazed to watch how Skype's legendary peer-to-peer network - used by millions for VOIP communications - had actually crashed and became unstable for about 48 hours. According to an official announcement released yesterday by Skype the crash was triggered by a massive global restart of Microsoft based computers across the globe within a very short timeframe. Also according to Skype:

The high number of restarts affected Skype’s network resources. This caused a flood of log-in requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact.

Normally Skype’s peer-to-peer network has an inbuilt ability to self-heal, however, this event revealed a previously unseen software bug within the network resource allocation algorithm which prevented the self-healing function from working quickly. Regrettably, as a result of this disruption, Skype was unavailable to the majority of its users for approximately two days.

According to Washington Post blog a Microsoft spokesperson claimed the August 14 patch release - fixing at least 14 vulnerabilities in its software - was "hardly out of the ordinary" and that "Windows Update is a routine service Microsoft provides to its users to receive software updates, including last Tuesday's security updates, which were not unique," the spokesperson said. "As indicated in Skype's blog, their specific disruption was caused by a bug in their software."

Did you get that? fixing at least 14 vulnerabilities in a software is "hardly out of the ordinary". There are many common jokes about the need to restart Windows based systems but I think this last one is certainly one of the best amongst them. We'll still have to live and see how funny this joke is for Skype / eBay, their engineers and their managers.

By now there are 435 blog responses to Skype message on Technorati.


Tuesday, July 24, 2007

kindergarten violence

Yesterday Nitsi became really ill and couldn't get out of bed. I therefore had the privilege of fetching Carmel from the kindergarten myself. I came in, going near lots of other children which were having their noon nap and looked very cute when one of the assistants approached me saying "Carmel got punched up a little bit today... its nothing serious but she has those little red areas on her nose..."

I wasn't sure how to react and all I wanted was to see her as soon as I can. "I see. Where is she" i asked quietly with a forced smile, trying putting my good guy face on. "She is there, playing. she is all right now..." I heard the assistant voice already going to the direction she was pointing at.

Then the kindergarten teacher heard they were calling Carmel's name so she left her previous business and approached me with the same news. "Yes, I just heard that" I said. "Did you see how it happened"? I asked, remembering the previous event, which was also the first, when she came back on her second birthday with a small human bit on her arm. "Another child hit her with this small plastic shovel but we didn't actually see it until a few seconds".

Increasing number of kindergartners coming to our attention for aggressive behavior

At this point Carmel and I noticed each other. She was lying down - alone - on one of the mattresses and stood up immediately. About 0.3 seconds later she was smiling ear to ear in my arms, hugging me in the most amazing way. Nothing else in the world compares with that feeling.

As you can see in the picture (right above the little pieces of the lunch) this is really not a very serious event (all right, the red marks can hardly be spotted but they are there!) but for Nitsi and me it still is a worrying one. I have done some googling about kindergarten violence yesterday evening when I became ill as well (temperature up, bad feeling, sweat, shakes, you name it I had it last night). Not many horrific stories seem to have popped up in the prominent worldwide media very recently and thats already a good sign. Yet, it might had more to do with me getting ill as Nitsi and failing to preform the search properly...

As expected, don't get too optimistic as things don't seem to be heading the "good" direction on this matter. Michael Parker, program director of psychological services at the Fort Worth Independent School District, USA, which serves 80,000 students., said in a 2003 Time interview:
I'm clearly seeing an increasing number of kindergartners and first-graders coming to our attention for aggressive behavior... We're talking about serious talking back to teachers, profanity, even biting, kicking and hitting adults, and we're seeing it in 5-year-olds.
And these are not the kids who have been formally labeled emotionally disturbed, says Nekedria Clark, who works in Parker's department:
"We have our E.D. kids, and then we have our b-a-d kids."
In the first four months of 2002, according to USA Today, under new schools chief Paul Vallas, 33 kindergartners have been suspended from Philadelphia public schools, up from just one during the same period last year. Israeli media has more recent reports of kindergarten violence. This article for example suggests some aspects depend on the parents.

OK, my temperature goes up again. I am ill, remember? Less than a year ago, few weeks after Carmel started going to this kindergarten I happened to manage "upgrading" such a simple flue to an real pneumonia and found myself visiting the local hospital. I think i am going to sign off now and rest for a while. I don't feel like having another round of this extremely expensive hi-tech antibiotics I was eating three time a day for 10 days back then.

Tuesday, July 17, 2007

World's Most Powerful Nuclear Power Plant on Fire! Causes Radioactive Spill

According to Associated Press (Mon Jul 16, 2:35 PM ET) a strong earthquake shook Japan's northwest coast Monday, setting off a fire at the world's most powerful nuclear power plant and causing a reactor to spill radioactive water into the sea - an accident not reported to the public for hours. There is also a video on Yahoo.

read more | digg story

Tuesday, July 10, 2007

Chinese mobile phone batteries explode

China have been popping up a lot lately with various defective products and product recalls. we red about pet food recall, recalled poisoner toothpastes, poisonous toys, we had major car company under pressure to recall its products because there is danger of the tire treads separating and more examples of how low-cost products can turn into high-cost ones very quickly.

If you read this blog (of course you are, what am I saying here?) you must know I make regular use of a Motorola RAZR V3X phone. As a result of this fact I was pretty much interested with this recent news item about how we now also have mobile phone batteries joining this defect spectacle show. Now mobile phone batteries are exploding and killing people for real and in tests! isn't it nice?

Apparently, an exploding cell phone caused the death of Chinese welder Xiao Jinpeng, who used to be working at Yingpan Iron Ore Dressing Plant in Gansu’s Jinta county. As far as I know, apart from the famous January 5, 1996 assassination of Yehiya Ayyash also known as "the engineer" (at that time the leading Hamas bomb expert) which was part of someone's plans, this is probably the first case in which an exploding mobile phone actually kills a man. The battery in the deceased Motorola cell phone exploded in his shirt pocket. According to IntoMobile - a website dedicated news and buzz in the world of mobile technology:

  • The explosion was linked to high-temperatures in the plant, according to colleagues - that must have been some crazy-hot work environment.
  • The fatal battery failure took place on June 19 and resulted in Xiao’s death on July 4th.
  • The battery explosion broke the welder’s ribs and fragments of the casing pierced his heart.
  • Authorities are investigating the incident - particularly whether or not the man was using an authentic Motorola phone and genuine Motorola battery
  • If the device turns out to be a bona fide Motorola product, the embattled mobile phone manufacturer could be in for some fun times.

Wednesday, June 20, 2007

MPack Trojan Attack Claims 10,000 Web Sites

Researchers and security companies are reporting that as many as 10,000 Web sites have been infected with malicious code that redirects unsuspecting users to a server booby-trapped with drive-by exploits - part of a wave of attacks originating in Italy and now spreading through Europe. Dubbed the "Italian Job" by Trend Micro, the attack was first uncovered June 15. Legitimate sites were hacked to include a malicious iFrames tag redirecting visitors to servers armed with a tool called MPack, an exploit tool that can target security holes in multiple products.

read more | digg story