This is my PERSONAL blog, as as of August 1, 2011, it focuses on personal matters and various things I find to be fun.
Wednesday, December 28, 2005
Matt McAlster Dotcom Prediction Generator
openBC Profile for Anton Chuvakin: Again, Privacy vs Promotion
Whenever I see a site like this, I think about how they balance privacy vs marketing the professional. I happen to think that since they contain just about the same info as a typical personal website, they are not a huge threat to privacy.
Friday, December 23, 2005
Predictions, forecasts, crystal balls, stuff
So far, I am holding and not posting my own stuff, but I am making a collection of what others already predicted. Check out this tag "2006" in my del.icio.us feed: http://del.icio.us/anton18/%222006%22
Antivirus Problems May NOT Lead To Sea Change In Antivirus Industry :-)
How is it a surpise??? Puleeeease! All software is buggy, period. You can be 0wned thru pretty much anything you run, and, yes, antivirus and personal firewall too.
Welcome to AppSIC :: The Application Security Consortium
Here is one more: AppSIC :: The Application Security Consortium: "The Application Security Industry Consortium is a community of security and technology experts united to establish and define the international cross-industry application security standards and measures"
Is this a real one, like WASC and OWASP, or a fake one, like SECMET and GAISP? Who knows...
It seems like the ones run by technical people survive (some thrive!) while others founded by those of more management pervasion seem to die off.
"Blame it on the technology!"
Its so common to "blame it on technology", because I suspect that people are condition to expect little from computers in terms of stability.
Thursday, December 22, 2005
Watson by Intellext
Watson by Intellext. Watson provides context search on the desktop.: "Why go searching when you can have results found for you? We're changing the game. From Search. To Found. "
Firewall The Movie
Wednesday, December 21, 2005
Schneier on Security: Sony's DRM Rootkit: The Real Story
Further, he is trying to claim that "this is exactly the kind of thing we're paying those companies to detect -- especially because the rootkit was phoning home."
Guess what? No! I think the dirty secret of the AV is that the answer is "no." I think every prudent computer user should run their computer(s) with an assumption that if they are hit with anything non-standard or innovative, their anti-virus will not save them.
In reality, it might save you sometimes, but you certainly cannot rely on it.
The Ins and Outs of Infosecurity - CSO Magazine - December 2005
Every time I see stuff like this (http://www.csoonline.com/read/120105/infosec.html), I wonder: just how much is this security industry is driven by fashion and personality and not by ROI, risk assessment, what have you???
Here is the blurb:
"IN: Intrusion “prevention” systems
OUT: Intrusion detection. Because wouldn’t you rather prevent the intrusion in the first place?
IN: Bots (remotely controlled worms). Armies of them. (See How to Tell If You Have Bots.)
OUT: Website defacements. One speaker called the idea “quaint.”
IN: “Designer worms,” made just for your company and likely to end up on your balance sheet.
OUT: Massive worms, targeted at everyone and likely to end up on CNN."
So, just try telling that defacements are "quaint" to someone whose site just got defaced... Further, "massive worms are OUT", does it mean I should just threw my antivirus off? :-)
Monday, December 19, 2005
Guidance Software hacked and customer info stolen
Digital Inspiration: Rapidshare, Yousendit, Megaupload Hacks & Tricks: Tips, Tutorials, Downloads, Hacks
Bandwidth is really the only non-free piece here; hard disk space is practically free nowadays.
Friday, December 16, 2005
Escaped...From a Twisted Mind: The Human Side of Security and SANS Top 20
Tuesday, December 13, 2005
On "company DNA"
All sorts of folks, from VCs to sales people to CXOs, talk about DNA: "this company has Oracle DNA", "he has his company DNA", etc.
I can obviously grasp the meaning of it, but I am getting more and more curious about this "DNA stuff"...
Ogre to Slay? Outsource It to Chinese
a)one of the funniest outsourcing stories of the day, and
b)one of the weirdest ways to make money: Ogre to Slay? Outsource It to Chinese!
eBay: 0-Day on eBay gift, autograph and contact email address (item 6588680836 end time Dec-19-05 13:21:23 PST)
And, reading the book finally cleared my head on the subject of ... oooh, so horrible ... "cyberterrorism." Intuitively, when you read about "cyberterrorism" you instantly think "what a load of bull", but the amount of press and "research" that you see coming about it, makes one wonder. Like, I was reading Dan Verton's "Black Ice" and it did sound believable, albeit sensationalist. As a result, I was somewhat confused about the subject.
Until now! Ira's book finally cleared it: at this stage, "cyberterrorism" is positively, absolutely, 100% "bull product." Here is why: computer failures are an accepted thing. "Everybody knows" that computers "are flaky", and might crash at any time, taking your work (or a billion-dollar Martian probe :-)) with them. Thus, computers do a pretty good job damaging themselves and things around them, and, thus, people will not be terrified if it happens due to malicious actions by whatever cyber-terrorists.
Now, the above obviously doesn't cancel the use of computers and the Internet by the terrorists. They gotta use it, just like everybody else...
Monday, December 12, 2005
Thursday, December 08, 2005
LinkedIn Profiles: Privacy vs Publicity
For example, my LinkedIn profile (LinkedIn: Anton Chuvakin) does not have anything that I would not have disclosed on my website. Thus, supposedly no additional privacy risks. Also, McNealy's famous "You have no privacy, get over it" does sound largely true in this "Google Age"...
In general, how do you balance a desire for privacy with a desire for publicity?
eBay: Brand new Microsoft Excel Vulnerability (item 7203336538 end time Dec-12-05 20:54:35 PST)
It probably belongs ion my security blog (see http://www.oreillynet.com/pub/au/1207), but this is more humor than security, IMHO.
ZoomInfo.com. It appears to mine the web to coalesce information on people and fuse it into their distict profiles, that you can then search.
Check out whether it knows about you too! You might be surprised at the accuracy (I sure was!) You can then correct the info on yourself to enhance what their algorithms discovered...
hackoff.com: Chapter 9: The Fall, April 1, 2000 - June 30, 2000 - Episode 6
Tuesday, December 06, 2005
Here is a bunch of book reviews
I mostly review information security books, with an occasional stray title from other areas.
Some folks, for whatever weird reason, think that after a certain age one need to stop celebrating (and start mourning? WTF?) birthdays. What is that age? I'm guessing 200 :-)
Monday, December 05, 2005
On "The Game" book
A fun article on sleep - "Good sleep, good learning, good life"
This one seems useful for just about everyone: Good sleep, good learning, good life Here is some advice from the paper:
Do not use the alarm clock! Contrary to popular belief, well-scheduled nap will not last longer than 20-30 minutes (at least in people with free running sleep)
Measure exactly the optimum length of the period between the natural awakening and the nap to maximize the effectiveness of a nap (see Fig. 1). The nap should come at the nadir of alertness. Napping beginners often miss the right timing!
Drink coffee or other caffeine drinks only after the nap
You can drink alcohol in only very subtle doses, and the best timing is shortly before the nap (see below for more)
If you nap for more than 40-50 minutes, you probably need more sleep in the night (check free running sleep section above!)
Avoid stress 2-3 hours before your nap. Even things you love can make you excited and make it harder to avail of the benefits of napping
Exercise is good. Try to finish your exercise at least 30-60 minutes before the nap
Meal before the nap is recommended. Your main meal of the day should actually come right before the nap! This is usually 5-9 hours after awakening
Sex before the nap is recommended
Stick to your ritual (e.g. stick to your best sequence: exercise, bath, meal, beer, quiet place, nap, music, or similar) ..."
In addition, it also have some "myths about sleep", such as the one that sleepi9ng before midnight is more beneficial.
50 Strategies for Making Yourself Work (for Writers)
On "The Wisdom of Crowds"
Sunday, December 04, 2005
I've been to Kennedy Space Center the other week (here is the picture - just to test picture-posting capabilities of this blog :-)), and the whole place has a distinct and somewhat sad feel of the past. As if the high point of the space program was the Moon flight - and then it went downhill from there...
You can find both security-related and other things there too...
On "Influential Spinning"
So, specifically, he was talking about "selling the frame". If you "sold the frame", everything that fits in it will get sold too, pretty much automatically. For example, if you succeded in framing yourself as an "expert" in whatever area, it is likely that your opinions about that subject will get received much more positively.
It is amazing how some people "sold themselves as experts", without possessing the expert knowledge. Or maybe I just did not buy their frames? :-)
On Hackoff! blook
Obviously, by now everybody knows about it, but still. A "Hackoff.com: An Historic Mystery Set In The Internet Bubble And Rubble" by Tom Evslin can be found here: http://www.hackoff.com
Its a very fun book (eh, blook) to read. I do start my every day from reading the daily installment.
It also reminds me how I was waiting for a next magazine issue when, in the old times, some SciFi novels were spread over dozens of issues of a magazine. The bastards also used to end the montly installment at some breathtaking moment (I still remember one: "And he raised his blaster and took aim...(to be continued next month)" :-))
Is Wikipedia a good thing or a bad thing?
Yes, Wikipedia did seem to correct Britannica (see this: http://www.freedom-to-tinker.com/?p=675) on one occasion, but I have a sneaking suspicion that on the subjects that few care about the chance of error persisting for a long time is quite high...
Saturday, December 03, 2005
My non-security blog
I suspect my security blog will be much more active than this one...