Security

Now we will get VoIP SPAM

Tejas Patel — Tue, 25 Jan 2005 19:50:00 GMT

SPIT is what the new term is for SPAM which comes through VoIP. SPIT stands for Spam over Internet Telephony. Now intruders and spammers can insert SPIT onto our VoIP systems too. More details can be found from this article on Business Times.

Tejas Patel

FBI retires Carnivore

Tejas Patel — Wed, 19 Jan 2005 03:39:00 GMT

Carnivore is a controversial software that has been used by FBI for few years now. The news is FBI is retiring Carnivore software now and are going to use other commercial products ( I am sure other products are smarter than Carnivore was).

“FBI surveillance experts have put their once-controversial Carnivore Internet surveillance tool out to pasture, preferring instead to use commercial products to eavesdrop on network traffic, according to documents released Friday”

Tejas Patel

Wallop makes me angry

Tejas Patel — Thu, 13 Jan 2005 04:16:00 GMT

I don't understand! I just got an Wallop invitation from a friend of mine. The invitaiton comes from mywallop.com domain. Here is a copy of the email.

“Dear Tejas Patel :

*********has invited you to join Wallop, where you can share photos, blog and interact with your friends!

Click on names of people in your social network to explore what's new with your friends and their friends. In Wallop, the more you interact with your friends, the more you will appear connected. We will let you know who's interacted with you in Wallop through email.

To join Wallop, go to http://www.mywallop.com. Your login name is "my email address", and your Wallop password is: "my password".

Here is a personal message from *********: “

I really don't expect Microsoft Research to send me my password in a simple email message. Are'nt they aware of the security threats? Will anybody explain me why would they do so, especially when people handling this work for a company like Microsoft! Am I missing anything? Explain , please explain.

Tejas Patel

Installed Microsoft Anti-Spyware Beta

Tejas Patel — Thu, 13 Jan 2005 01:56:00 GMT

I had to try this. Since I came back from holidays I heard from people that Microsoft came out with a anti-spyware program. They said they won't be trying it soon as it was still in Beta. Well I could not wait nor do I care of it breaking anything on my system. So I searched for it and here it was. The installation was smooth. I started the scan and it finished scanning 15200 files on my system (Intelligent Quick Scan) in 1 mintue 30 seconds on my system. As my system is well protected by firewall and stuff, there were no spyware found on the system. I have tried some other Spyware programs before but this one is neat. 5 minutes of roaming around the system should make one familiar with the features and functionalities of the system. Well I like this application as I now won't have to install 2-3 different small apps. I used to use 'Hijackthis' and 'Lavasoft Anti-spyware' before to clean out all the spyware from my system.

Specially I liked the System tools (which contains System Explorer & Browser Hijack Restore) & Privacy tools section of this application. I think Browser Hijack Restore and Privacy tools can be handy to most of the people and can be used on a daily basis. If I continue to use this tool, I can use these features on a tool on a daily basis. I can delete my traces from my system (superficially) while leaving for home from office and while going to bed at home. Well I look forward to see a better product with better and more features in the future. Not sure if the rumours are right or wrong, but I have heard that Microsoft is going to charge for this tool as soon as this tool comes out of Beta.

A recommended tool to try out.

Tejas Patel

Microsoft Security E-learning

Tejas Patel — Wed, 29 Sep 2004 22:53:00 GMT

Try Microsoft E-learning labs, both for developers and for networking guys.

The following Security training and labs are offered for now: -

Clinic 2801: Microsoft® Security Guidance Training I

Clinic 2802: Microsoft® Security Guidance Training II

Clinic 2806: Microsoft® Security Guidance Training for Developers

Hands-On Lab 2811: Applying Microsoft® Security Guidance Training

Tejas Patel

Talking Virus

Tejas Patel — Tue, 14 Sep 2004 17:19:00 GMT

Now this is funny, but I am a little bit horrified. There is a new virus/malware that will use Windows Speech Engine to give users the intended message.More info on Theunofficialmicrosoftweblog.

Tejas Patel

One more P2P program that seems to be fire-wall friendly

Tejas Patel — Tue, 07 Sep 2004 22:32:00 GMT

Sumit Dhar links me to Filetopia which and sumit says that it is a firewall friendly P2P program.

“Filetopia is a free communications software that includes: instant messaging, chat, a powerful file sharing system with a search engine, online friends list and message boards.

What is unique to this software is the level of security and privacy that it provides. It uses a choice of strong ciphers and public key techniques for all communications and sophisticated techniques to protect your IP and thus make you truly anonymous and safe from attacks.”

Will have to give it a try sometime just to check the security.

Tejas Patel

Update:- Updated Sumit's blog link.

Nilesh Chaudhari on 'Auditing Web Applications'

Tejas Patel — Tue, 07 Sep 2004 22:23:00 GMT

A new blogger is on my list, name is Nilesh Chaudari.He did a recent presentation on 'Auditing Web Applications'. I went through the presentation slides and even though I am not a developer I could learn quite a few interesting bits about web applications and security and few things about SQL Injection. The presenatation can be downloaded from here.

Tejas Patel

A worm might letting you watched and heard

Tejas Patel — Tue, 07 Sep 2004 22:16:00 GMT

There is a worm called W32/Rbot-GR which gets onto Windows system and if they have webcams and microphones, than start recording the coversation and sending the images through the webcam.Creeppy Crap. Darn scary. I have shivers in my body now just imagining what pictures and conversations might get out by this. More information from here.

Tejas Patel

"Are Privacy Policies Unenforceable and Meaningless?"

Tejas Patel — Fri, 03 Sep 2004 21:51:00 GMT

“Are Privacy Policies Unenforceable and Meaningless?” if was asked to me, I would say “ they should be not meaningless but sometimes it seems that they are meaningless”.

Plaxo's Privacy Guy 'Stacy Martin' is doing an excellent job convincing people on to trust Plaxo and their privacy policy. She has sure convinced me that I can use it as well as recommend using Plaxo to others, but still there small particle of suspicion allways remains somewhere in the mind with so many bad things that have happened over the years on the Internet.

Today she writes about how much enforceable and meaningfull Plaxo's privacy policy is to them with some interesting links. Check it out here. She writes “ trust is essential to our business. Any violation of the provisions in our privacy policy would undermine the trust we have established with users of our service. We realize in order to be successful we must continually earn that trust from both members as well as non-members. We strive to operate in an open and public fashion and allow people to judge for themselves. Our Plaxo Privacy Policy is one such example of our public statement.”

Tejas Patel