My Humble Blogworld

To be, or not to be: that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune" William Shakespeare, "Hamlet" (1600-01)

Monday, June 20, 2005

GooglePAL ?

Now this is something very interesting, i thought to myself, I had to blog about !

Google, the leading search engine company in search of itself has again
added a new service to its eclectic portfolio. Later this year, Google
plans to offer an electronic payment service that will compete directly
with PayPal, owned by eBay. Services will, reportedly, include processing
payments using consumer credit cards and checking accounts, the mainstay of
PayPal's service !

Should Google enter the payment processing market, PayPal will have to
dance with the wolf, and catch up quickly, if it wants to remain in business.
E-business helps to flatten the world, and Google is taking full advantage of
of its global presence and name.

Before you go any further read this: Paypal Sucks

Google Plans Online Payment Service

Sunday, June 19, 2005

ISO 7799 - 2005 !

Hi everyone !

Sorry for the silence, havent had the opportunity to be online for some time.

Travels have taken up space and prioritised over these areas :(

The latest revision of ISO 17799, has been under development for
several years, is now available. It introduces a number of fundamental
changes to the standard.

ISO 17799 now contains eleven 'core' chapters, as opposed to the
previous ten, with existing chapters also being re-organized. The new
setup is as follows:

- Security Policies
- Organizing Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Information Security Incident Management
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Business Continuity Management
- Compliance.

ISO 17799 2005 also introduces controls to address security related
issues not previously covered. These include outsourcing provision,
patch management and others. Other issues have been extended or
re-written (eg: employment termination, and mobile comms).

On the overall, the document itself is much more user friendly !

The following official outlet (via BSI) has been updated to provide
downloads of the new standard:

The ISO 17799 Toolkit, the standard's support kit, has also been
updated to include the 2005 version:

Thursday, June 16, 2005

New lyrics to Beatles Song

Write in C' (Let it be)

When I find my code in tons of trouble,
Friends and colleagues come to me,
Speaking words of wisdom,
"Write in C."

As the deadline fast approaches,
and bugs are all that I can see
Somewhere, someone whispers:
"Write in C."

Write in C, Write in C,
Write in C, oh, Write in C.
Logo's dead and buried,
Write in C.

I used to write a lot of FORTRAN.
For science it worked flawlessly.
Try using it for graphics!
Write in C.

If you've just spent nearly 30 hours,
Debugging some assembly.
Soon you will be glad to
Write in C.

Write in C, Write in C.
Write in C, oh, Write in C.
BASIC's not the answer.
Write in C.

Write in C, Write in C.
Write in C, oh, Write in C.
Pascal won't quite cut it.
Write in C.

Tuesday, June 07, 2005

Kaspersky Privilege Escalation

Users of Kaspersky ! Here is something to take note. Yet another "unpatched" vulnerability.
This time around its with the Kaspersky Labs Antivirus Program.

Those who are running Kaspersky Antivirus on Windows 2000, you're affected. A vulnerability was identified in Kaspersky AntiVirus, which can be exploited by attackers to execute privilege escalation attacks. This flaw is due to a bug in the "klif.sys" driver where insecure functions calls are made from the user level, which may be exploited by local users to execute arbitrary commands with kernel privileges .

This leads to my theory, which i repeat time, and time again. An antivirus, is JUST and antivirus. It ain't a god sent program ! Often end-users are made to think, "If you've got an antivirus, then you're all fine buddy !" ... Now... Think again.

PoC Code

Windows 2000 Finale

Micro$oft has recently announced that as early as next week , the LONG awaited security update rollup for Windows 2000 would be released.

The Update Rollup, which replaces Windows 2000 SP5 (Service Pack 5), is a cumulative set of hot fixes, security patches and critical updates packaged together for easy deployment.
The Update Rollup comes just one month before mainstream support for Windows 2000 client and server releases expires on June 30. Micro$oft divides its support lifecycle into two phases: mainstream and extended. Once a product enters the extended support period, Micro$oft charges for support.

So , Here it comes the final awaited finale of Windows 2000. I'm sure we'd see a lot corporates who are stuck with a Windows 2000 Server , and with no updates, being victims of "new" hacking tricks.

Microsoft Announces Security Rollup

Thursday, June 02, 2005

No Internet Explorer for Windows 2000

Well all those of you who have been die hard supporters of Internet Explorer from Micro$oft , here's another blow...

"With Internet Explorer 7 Beta 1 set to debut next month, Microsoft has quietly closed the door on Windows 2000 users planning to adopt the new Web browser. IE7 will require Windows XP Service Pack 2 due to internal security changes that rely on Microsoft's latest operating system release."

IE program manager Christopher Vaughn said , "It should be no surprise that we do not plan on releasing IE7 for Windows 2000. One reason is where we are in the Windows 2000 lifecycle. Another is that some of the security work in IE7 relies on operating system functionality in XPSP2 that is non-trivial to port back to Windows 2000."

Read more here : IE weblog

Oh gosh ! Oh gosh ! There goes the ticker of sarcasm for Micro$oft again !

My thoughts on this ?

This spells bad news for governments across the globe, as Windows 2000 is the predominant operating system in use today on these networks. With the hundreds of bugs and vulnerabilites on IE 6, users of Windows 2000 would eventually be forced to find alternative browsers (such as Firefox or Opera), or abandon the Windows operating system completely.

As for the geniuses who thought about IE7, CMYAZZ.

Wednesday, June 01, 2005

XSS - NS@?

Well, Here is something for u to laugh ...
A simple XSS attack on a website.

Not even the NS@ can get it right !

Google Groups Subscribe to My Humble Blogworld
Browse Archives at