Tag: Security

Categories
Mozilla

Securita 0.1 in the works

Well I did some work on it today. It’s now in extension form (the old version, prior to Ben Goodger’s changes). Also using a “database” (array) of 18 keywords right now, with a fair amount of success.

Now the big topic will be creating a RDF schema and a method for scanning efficiently, and “fuzzy”. Allow me to expand:

We can’t just ban the page because of the word “ass”, but the word “ass”, and several other words could be potential page worth blocking. So what needs to be done is attach point values to all words (scientifically). Then based if the point value gets higher than 5.0, we block it. This is basically how SpamAssassin operates. So what I need is for someone to do some experimentation, and find out exactly what keywords to use, and what point values to attach to them. A nice thing would be a little C++ app that could be used to generate scores based on data. I’m rather open to suggestions on how to do this. So… give suggestions, code solutions. Submit them to me, be a hero.

The RDF schema also needs to contain a method field. Since regEx is extremely slow, and bloated, we obviously don’t want to do that more than we need to. So we have the option to use window.find(). By using that method, there’s a speed increase (with obvious limitations).

Perhaps in the future, changing the core engine to compiled binary would be better, but for now, we make do with javaScript. So far performance on a 1.8GHz system is actually not much slower at all, I really don’t notice it. But we will need some more keywords. I figure about 50-100, provided we use a scoring system like mentioned above.

So code is coming, hopefully an initial checkin soon, I’m just not ready yet, and busy. I’ve had about 3hrs today of free time to play, and that was my break from the academic books. More to come, but lets get the creative juices flowing.

Categories
Google Security Tech (General)

Why people shouldn’t be afraid of Gmail

There has been a ton of buzz lately about Gmail, Google’s free email service. 1000 megabytes of free storage, Google Search Technology, and of course all sorts of Google usability improvements. I’m sure Google has stuff still in the labs to enhance it at some point in the future as well, I could see searching attachments, viewing Word, and Acrobat files as HTML, all in the works.

How will they pay for this quite amazing offer? “relevant text ads”. I think most already know what I’m talking about when I say, this, if not check out MacVillage.net which has Google’s text ad service on the homepage.

What is it?

Here’s a really simple summary. Google sells a ton of advertising. And I mean a ton, they sell for their own website, as well as many others. To make sure the ads are effective, they like to “target” the ads. This is similar on other forms of media. For example, on TV, you will find sports and fitness related ads on ESPN, while the Food Network may not necessarily carry the same ads. Why? Because the audience on ESPN is most likely into sports, and fitness. The ads are most effective when people interested in the products. Makes sense right?

Well, Google does the same thing. When it sells ads on a Macintosh Website like MacVillage.net, it targets them towards Mac users, hence you see ads like “Expert Macintosh service”, “Macintosh Support”, “Mac Service & Support”. Because those ads will do good on a Mac website, rather than a PC website. These ads are now worth more to the advertiser, who will pay more to Google, who will in turn payout more to MacVillage.net. Google does the same on it’s own search engine (the right hand side), relevant ads are worth quite a bit, since it’s perfect real estate for advertisers

How do they know what to show?

Google hasn’t disclosed the technology in real detail, but one could assume, their technology assigns keywords to the ad campaign. It then looks at the text of the page that needs an advertisement. If the examines that page for relevant keywords, and places the highest ranking advertisement that fits the page.

So what’s the deal about privacy?

That’s the question of the day. Google’s system is undoubtedly automated. It would be impossible to hire enough employees to screen all data and figure out relevant ads. Your mail is technically handled by many systems that process/analyze it anyway. From virus scans, spam filters, to your mail client just figuring out if it should make certain text bold, underlined, or italics. Or how to process an inline image. Lots of software looks at your mail.

Personally, I don’t see the difference between Google, and Yahoo, Hotmail, or any other mail provider’s technology, except that Google is being smart, and providing a superior service, by selling relevant ads. How is this any more invasive? All Google did was put things together.

Personally, I think some people worry to much about privacy, and not enough about security. Instead of crying because a company put ads on a free service that you choose to use… Why not apply some patches to your buggy Windows computer so a hackers/spammer isn’t using it to flood my email with spam. To me, that’s much more invasive.

Just my $0.02.

Categories
Software

Microsoft Software Update CD (FREE!)

This is actually a legitimate offer. Microsoft is offering a free CD. Granted it’s slightly out of date (October 2003), I’d still recommend getting a copy. That way next time you restore your computer, you don’t need to wait for the download of all those updates (especially if another virus attacks windowsupdate or Microsoft.com.

Also good to loan to someone who isn’t very good with keeping their computer up to date. I know I’m sure I’ll end up passing it along. Remember. Helping others cure their exploits means one less computer being used for evil on the network.

A good way for Microsoft to convince people their OS is secure may be to keep offering such Free CD’s. And encourage people to burn copies for friends. It’s not like someone will abuse it. They make them freely available for download (or mail them at no cost). It’s still their copyrighted works. They still own the patents and all rights to it. They don’t lose a penny. Just lowers their distribution costs in such a campaign.

Would be a good idea for them to do.

Thankfully Apple at least makes software updates easy. It lets me know when they are available. I update, reboot, that’s it. And the server is always fast. Doesn’t overwhelm me with info I don’t care about (well I care, but I know most won’t). Doesn’t tell me what can be installed when, or what goes first/last. Just does it. Pure beauty.

But this campaign could help Microsoft a bit.

Thanks to Marc Rust for the info.

Categories
Mozilla

HTTP Decompression Bombs

Interesting find here. Just FYI.

Categories
Apple Security Software

Apple’s Life Cycle and Security

I don’t think I need to say I’m a Mac lover. I’ve been very satisfied with my Macs, and love OS X. But I got to agree with CNET about Apple’s recent trends.

Product Life Cycle
Apple’s been pretty firm about the 5 year rule for hardware. After that period, your not really getting hardware support. It’s a pretty solid rule, and one you can depend on (for good or bad). Developers, both hardware and software are well aware of it.

Unfortunately, there is a lack of an official product life cycle for software. Microsoft has a clear product life cycle. I sincerely hope Apple matches Microsoft and adopts a similar policy. For at least that length of time (if not longer), and sticks to it. The mystery involving product life is a real turn off for companies. How can you evaluate what Macs will cost? A good security issue may require the entire office upgrade their OS version. In such cases, a product cycle would allow an IT department to know very well what it will cost to keep Macs afloat. And dispel some cost myths.

I would like to propose a Security/Product Cycle Policy for Apple to adopt:
A product will be officially supported for 5 years after general availability. During this time, full support will be provided. This is the same as Microsofts policy. During this time. All security and bug fixes are available. No new features are required (though could be offered). For example, a WebCore update would fall in this category. Keeping Safari up to date and fixing rendering bugs. New OS X features such as Exposé, would not. That’s for a new product, and new product cycle.

A Security Phase would proceed for a period of minimum 2 years, during this time, only security bugs will be fixed. Keeping Safari up to date, and fixing crashes wouldn’t qualify. Only bugs that provide a security risk.

So in theory, a company can have a system for 7 years, and be able to maintain it for the original cost. Of course they will most likely want new features, and would upgrade in that time. But they have a buffer up to 7 years. This compares with Windows XP’s current product cycle.

A very inclining offer for IT departments. Buy a pretty powerful computer, and know for 5 years you have hardware support for new OS versions. For 7 years, your current OS will be secure. And we mean Mac OS X secure. Not Windows Secure 😉

Apple needs to use it’s strong point. A solid UNIX security model. Take advantage of the fact that it can do so. Security is a big advantage the Mac platform has. It will cost more to support older OS’s. But in the end, will make the OS much more attractive than it is now.

Categories
Mozilla

Consensual Downloads

I’m a little concerned by some linkage brought by Mozillazine.

Two possible uses here, one inferred is not so good. I’m a bit concerned about this idea being spread around the community. We do NOT want to download Open Source products behind the users back. Doing so would not be a good idea. It will associate fine products like Mozilla, OpenOffice, and Gaim with Spyware and Trojans. If the user wants the files, that’s a different story.

One thing all these products share, is the promise to fight such evils (Mozilla doesn’t download ActiveX, OpenOffice is more secure than Microsoft Office).

An individual who uses such an app for anything such as downloading without the computer owners consent should be well aware that this contradicts the ideas of Open Source, and the values the community holds. Open Source is about freedoms. Freedoms don’t need to happen behind someone back.

While it’s great to see enthusiasm in getting Open Source projects into the world. Don’t do so with unethical means. All it will do is put a negative spin on a good thing. It will hurt, not help Open Source.

Perhaps someone can turn this little Gem into a convenient App so that a user can learn about Open Source alternatives, download and install them from 1 nice little App.

It’s great to be an open source zealot (tell all your friends and family). But don’t do anything that puts open source projects in a negative light. Thousands of programmers have made these projects what they are. They love people promoting their products. But they don’t like people making their products look bad.

I hope others will make a mention of this as well on their blogs, and open source projects. Don’t ruin Open Source.

Categories
Mozilla

Most anoying bug almost done

Password Manager forgets password when checking mail might be the most annoying bug in the entire world.

Thankfully David Bienvenu seems to have found a fix.

Hopefully 1.5 isn’t ready yet, so we can test this on 1.6, and perhaps get it in for 1.5? What do you say Asa? Any chance?

Categories
Tech (General)

Viruses

W32.Sobig.F is getting very annoying. So is W32.Blaster.Worm.

Why can’t people just take proper precautions:

  1. Firewall. I have 3, Win XP firewall/OS X Firewall, Sygate Personal Firewall (laptop), and a Netgear Hardware firewall (w/ SPI). All you really need is 1.
  2. Virus Scan
  3. Secure up to date software. At the very least, update Windows. Use a good email client like Mozilla.

Viruses are a real pain in the butt. And avoidable for all but the first few to get infected.