IT Security Blog

RSS, blogs and security

By

RSS icon

Blogs are popularly being read on RSS aggregators these days. That or via Atom feeds and recently, it has been said that attackers could use Javascript to take advantage of this. According to an article on USA Today, this could be any kind of information as long as it is in this format. In the said article, you could also find out the list of vulnerable readers: Bloglines, RSS Reader, RSS Owl, Feed Demon, and Sharp Reader.

This kind of news is actually not so new. Mark Pilgrim was one of the bloggers who has written about this before. He even set up an experiment of sorts, wherein subscribers to his blog feed saw a screen full of platypi. He has mentioned in his blog entry that the difficulty with RSS is that there is a lot of arbitrary HTML and it could include Javascript — it could be malicious Javascript as designed by some attackers. Mark Pilgrim even listen down the elements that should be stripped off by RSS readers, just to be safe:
script tags, embed tags, object tags, frameset tags, iframe tags, meta tags, link tags, style tags, style attributes from every tag.

If you are always subscribing to different blogs, forums and mailing lists through RSS, you should be careful about it. If there are comments RSS, you could also take precautionary measures by not subscribing to it. It is possible to get attacked through the RSS of comments. Aside from that, if you have set up your own personal aggregator, make sure that you have a ‘smart’ aggregator which strips off the said tags. If you have an aggregator on your computer, check if it is vulnerable. Maybe you could install something else that isn’t prone to attacks via RSS. It is better to be secure after all.

New Cybersecurity Chief Chosen By Obama

By

20091222schmidtEarly this week, Obama once again made a move that set certain circles a-buzzing. You might have heard of it already – he appointed a cybersecurity chief. President Obama picked Howard Schmidt, who already has a reputation for being good at what he does. He has vast experience both with the government and the IT industry.

This move is no less controversial than others. I guess it’s always like that when you’re a public figure. You can’t please everyone, and you’ll always have various opinions about what you do. According to Richard Waters of Financial Times, the news was welcomed by security experts. He writes:

The appointment of Howard Schmidt, an internet security veteran with experience in both industry and government, was greeted with relief among security experts, where the move was seen as a welcome outcome after a seven-month delay in filling the role.

Like other security industry experts, Mr Silva said that Mr Schmidt’s broad experience and personal contacts in both the public and private sectors would put him in a good position to make the most of the role.
The Computer and Communications Industry Association added that the new official will also be in a position to represent the administration’s position as momentum builds on Capitol Hill for legislation on cybersecurity.

Of course, there remains some skepticism as to just how effective the role will be. It’s not even the person that some are questioning – it is the office and the powers that are associated with it. What do you think?

The Penetration of LCD Monitors in the Technology Market

By

The cost for owning LCD monitors today have severely been lowered, putting into peril the usual CRT monitors known as the bulky packaged ones that are usually partnered with a desktop system. While the CRT series have gone as far as widening their screens towards the 19” Flat Screen monitor, from all indications, everyone will be leaning more towards a space consuming and screen optimized LCD monitor regardless of its screen width.

LCD Monitors

Such was forthcoming. In its initial introduction to the market, a lot of people were hesitant due to the astronomical price that it was pegged at. But like all competing products, once the competition sets in, the need to adjust the price to be competitive in the market is a must. Thus, such a trend can be seen with the large drop in the price of LCD monitors such as Samsung and LG Collins, two players who are not really tagged to be in the line of Viewsonic and AOC.

As it stands, the final decision would be left on the price and the screen resolution as required. For people who are simply wanting to get in with the times, this is certainly welcome news for the lower costing manufacturers who aim to satisfy the need for LCD monitors, regardless if this is just for personal satisfaction or not.

[tags]lcd monitors, samsung, lg collins, crt monitors, desktops[/tags]

Next Generation Robotics with Feelings?

By

Cybernetics

We are all aware the field of cybernetics has slowly been penetrating the market, especially from the side of Japan. Miniature androids or robots have been seen as the next generation of machines that will aid human in their daily work, both in personal and business aspects. They are programmed to carry out any task as required without complaints since machines are deemed to be objects that do not have feelings.

However, various insights have shared that the eventual robots may come to a point where they would be created to have feelings. Playing god is what people would tag the creators of such a race and should this become a reality, the movies that we are used to seeing such as I-Robot may eventually come true. Although this development may be exciting to most people who love to invest on technology, the question of up to what extent these inventions would be as far as playing god is concerned will still be big question mark that will be in the air of technological breakthroughs for future gains.

[tags]robotics, robots, cybernetics, technology, automation[/tags]

The Bearing of an Internet Gateway’s Malfunction or Breakdown

By

Broken Chain in the Web

A lot of people have probably heard about now about the earthquake that hit Taiwan during the holiday break. While the natural disaster caused a lot of discomfort to the Taiwanese community, the world has suffered as well in terms of Internet connection speed.

Taiwan is among the chains or gateways to which the Internet also passes through. Similar to that of a hose that allows water to pass through from one point to another; one hole in it will lower the pressure of the amount of water that should be traveling. In the same way, the underground cables to which help transmit Internet connections from one point to another were damaged and thus today, many are experiencing lousy connection speeds. This has thoroughly disrupted the flow of operations, becoming a discomfort that has left surfers and professionals totally helpless.

Natural disasters are hard to predict. The best that technology personnel can do is come up with better cable durability, but this is no promise for disruptions as we are experiencing today. Among the millions that have been damaged by this untimely event, technology based companies and organizations are surely suffering the most for the gapping whole in the entire connection the web provides.

[tags]internet, gateway, connection, fiber optic, cabling[/tags]

An Example Of Trojans To Come?

By

floppy1.jpg
I’ve always thought that hackers stick together when it comes to controlling someone’s machine, but apparently they don’t. The Trojan SpamThru comes with its copy of anti-virus software to remove any of its competitors from the machine.

Malware that attempt to block access to anti-virus software updates is pretty common, but this takes a different tack to keep itself ahead of its rivals. How does it work? SpamThru secretly installs a pirated copy of Kaspersky’s anti-virus for Wingate onto your compromised computer from a server controlled by hackers. It then programs to bypass any license signature checks before downloading updates. That means users remain unaware of the hidden anti-virus scanning for any of the other malware and eliminating them. SpamThru also uses P2P to control all of the machines it has infected. Even if the central server gets shut down, the hacker can immediately update his peers in the network to identify a new central server. As long as he controls one peer, his network will remain strong. All this is done so SpamThru’s built in junk mail dispatching client can operate in peace. It can even randomize the height and width of embedded gif files in the spam sent to defeat anti-spam solutions that reject e-mail with static images.

Good thing it’s easy to remove by downloading the latest set of anti-virus updates. This increase in sophistication, comparable with commercially available software out in the market, does raise an interesting question. If the hackers can use anti-virus software to promote their own ends, will security personnel come up with ways to put viruses and Trojans to good use?

[tags]news, trojans, malware[/tags]