Skip to main content


Showing posts from February, 2010

Exploitable Third Party Software

The company that is the target of 80% of the Internet desktop exploits uses a third party software downloader to distribute it’s product. The downloader turns  out to be exploitable. In this case, I have no sympathy for Adobe. Based on their track record, it’s safe to assume that if they’d have written the downloader instead of buying it, it’d be exploitable anyway.But for the rest of us? What do we do when our dev team wants to integrate third party software into our home-made applications?  How do we know that widget-kit6 is not going to be the exploit path that leads us to our RGE? Let’s pretend that we’re writing the worlds best code and that we’ve got a sound design. What about that pie-chart wizard thing that we downloaded from the net and included in our build?I don’t want to think about it right now. I need to check all my online bank accounts & make sure they haven’t been hijacked in the hour since I checked them last.

O Broadband, Broadband, Wherefore Art Thou Broadband?

The FCC Chairman wants faster broadband. Perhaps as much as 100Mbps to 100 million households (out of about 115 million total households).Google wants to see what happens if we have Gigabit to the home. They could ask University students. Gigabit to the dorm room isn’t unusual. Instead they’ll wire a community or two and try to figure it out themselves. (What they’ll find is that when you have gigabit to your residence, you plug in a wireless access point, step it down to 50Mbps and share it with your friends). Broadband deployment is rising, but only 2/3rds of households have it. Some people don’t want broadband. Others want it but can’t afford it.Some people can’t have it. I’ve taught network management courses at a nearby community college the last couple years, and each semester I have at least one student who can’t get terrestrial service at ‘better than dial-up’ speeds at any price. The students live within an easy commute of a  metro area with 2.5 million people. Something’s wr…

Items on your computer may not yet have been classified for risks.

I finally figured out the problem with the Internet. Microsoft has not yet classified the risk of installing Flash’s OCX control:It would be nice is there was a way of giving Microsoft a hint. A minor modification to the dialog box would be sufficient:I can dream, can’t I?

Only My Manager is Authorized to Comment....

In a somewhat tragic story, an Uzbek  photographer has been convicted of "slandering and insulting the Uzbek people" by publishing pictures of unhappy Uzbek citizens. Apparently all Uzbeks are actually happy, so the pictures were considered slander. 

Repression and totalitarianism aside, there is an amusing bit:
"An employee of the Uzbek general prosecutor’s press office said that only his manager was authorized to comment and that the manager’s position was at present unfilled." I'll have to remember that one.

Payroll Processor Hacked, Bank Accounts Exposed

From the Minneapolis Star Tribune:“A hacker attack at payroll processing firm Ceridian Corp. of Bloomington has potentially revealed the names, Social Security numbers, and, in some cases, the birth dates and bank accounts of 27,000 employees working at 1,900 companies nationwide”A corporation gets hacked, ordinary citizens get screwed. It happens so often that it’s hardly news. This is interesting to me because Ceridian is a local company and the local media picked up the story. That’s a good thing. I’m glad our local media is still able to hire professional journalists. The executives of a company that fail like that need to read about themselves in their local paper and watch themselves on the evening news. They might learn something. If we’re lucky, the hack might even get mentioned at the local country club and the exec’s might get a second glance from the other suits.We aren’t that lucky.In a follow up story, the Star Tribune interviewed a man who claims that he has not had a re…