Outdated Penang Uncle

Friday, March 26, 2010

Windows or Macs, it still could be attack by hacker!

Just please careful, either on Windows or Macs. Read the news below:

Security Lessons Learned from Pwn2Own Contest

The CanSecWest security conference is going on this week in Vancouver. Part of the CanSecWest conference is the annual Pwn2Own contest where security researchers show off their hacking expertise and compete to exploit and compromise fully-patched systems--a challenge the security researchers seem to overcome with surprising ease year after year.

Two security researchers succeeded in exploiting a fully-updated iPhone 3GS in a matter of seconds--the first time the iPhone 2.0 has been hacked . Charlie Miller, famous for compromising a fully-patched Macbook the past two years, succeeded once again in hacking the Macbook to take the Pwn2Own prize. Another researcher bypassed Microsoft security controls like ASLR and DEP to compromise a 64-bit Windows 7 system.

There are two lessons for businesses to learn about security here, right off the bat. First, using Apple hardware and software is not an adequate defense, in and of itself. Despite the common perception that the Mac OS X operating system is just inherently more secure than Windows, the reality is that the primary reason Macs aren't attacked and compromised more often is that the platform with 92 percent market share promises malware developers a significantly higher return on investment than the platform with 5 percent market share.

Ironically, while there are admittedly no real malware threats circulating in the wild for the Mac OS X platform, the perception of inherent security makes Mac users more vulnerable in other ways. Many Mac users are so sure that the platform is impervious that they are oblivious to security concerns at all. Unfortunately for them, phishing attacks and identity theft are a function of social engineering more than security technology, and the lack of awareness makes Mac users more gullible.

The second lesson from Pwn2Own is that the browser is the new Achilles heel of security regardless of the hardware or software platform. The iPhone hack leveraged an unknown vulnerability in the Safari mobile Web browser. The Macbook attack by Charlie Miller also went through the Safari Web browser to get to the operating system. And, the 64-bit Windows 7 compromise relied on an exploit of Internet Explorer 8.

Contrary to the mantra to abandon Internet Explorer for "more secure" Web browsers, though, a recent study actually showed Internet Explorer 8 to perform significantly better than other browsers in defending against socially-engineered attacks. The operating system platform the browser is running on also has a significant impact on the security of the browser.

The number one lesson to take away from the Pwn2Own contest, though, isn't about which platform is more secure, or which browser was hacked the fastest. The important lesson to learn is that all platforms and browsers are vulnerable to an attacker with sufficient dedication and resources.

There is a common misperception that the targets of the Operation Aurora attacks earlier this year in China could have avoided being exploited and compromised had they just used a Web browser other than Internet Explorer.

This perception assumes that the attackers discovered a security hole in Internet Explorer, developed an exploit for it, and then sought out targets that use Internet Explorer as the default Web browser to attack and compromise. This logic seems reasonable because it fits--more or less--with the traditional model for malware attacks.

However, a targeted attack takes the opposite approach. A targeted attack identifies a target, researches what operating system, applications, and Web browser are used by the target, and then examines those products to find security vulnerabilities and develops exploits specifically aimed at compromising that specific target.

Using Mac OS X instead of Windows 7, or using Google Chrome instead of Microsoft Internet Explorer will not prevent a dedicated attacker from mounting a targeted attack.

I am not suggesting that you give up and simply abandon security. However, I am stressing that you not view anything as a security "silver bullet". It's not about choosing the right operating system, or the right Web browser, or even the right city.

Regardless of those choices, awareness and common sense are still the deciding factors in remaining secure. The Pwn2Own exploits against the iPhone and the Macbook both relied on luring the user to a malicious Web page to execute the attack. If users are aware of security risks, and have the common sense not to click on unknown or shady links, attacks such as these would not succeed.

Maybe Apple should go ahead and approve that Opera Mini Web browser for the iPhone so users have another, possibly more secure option than Safari, though. Just in case.

http://www.pcworld.com/businesscenter/article/192419/security_lessons_learned_from_pwn2own_contest.html

Thursday, March 25, 2010

Test your broadband or 3G speed

Test your broadband/EDGE/3G/GPRS/etc speed:
http://gotfreestuffs.blogspot.com/2010/03/free-data-or-connectivity-speed-test.html

I used to test using this web, but it might not work on Phone that don't have flash (especially iPhone!). The link above don't use flash, so it is good for PC/laptop/phone and iPhone that don't support Flash!
http://www.speedtest.net/

p/s: See also making fun of iPad from worldwide

Wednesday, March 24, 2010

Apple and Flash

Apple blame Macromedia, then Macromedia blame Apple. And it keep on continue. Sorry iPhone/iPad users, Steve just too stubborn to amid that he has problem. You have to see no animation of when you surf the internet while Windows users laughing at you. That's why Steve sue HTC, coz he dunno what he want to do next. Hahah. Anyway, people start to making fun of Apple not supporting flash.

Translation:
1. Steve: "Hi Superman, this is iPad, the future of comics, you are safe!"
2. Steve: "Hi Spiderman, this is iPad, the future of comics, you are safe!"
3. Steve: "Hi Hulk, this is iPad, the future of comics, you are safe!"
4. Flash: "What about me?". Steve: "Sorry Flash, you are not that lucky"

Enjoy!

p/s:
also enjoy making fun of iPad
http://outdatedpenanguncle.blogspot.com/search/label/apple%20ipad

How to post blog post in later date and time in Blogger

1. Sign into your blogger account, usually it will take you to dashboard.
2. Click "New post" and start writing your blog post as usual.
3. Remember to click "Save Now" from time to time to avoid your post lose in nowhere because internet connection or pc/laptop/mac/phone problem.
4. Before press "Publish Post" button, click on "Post Options" on the bottom left of the box where you compose the post.
5. Change the date and time on the boxes below "Post date and time" to the date/time that you want this post to be publish. (You can also choose to allow reader comments or not).
6. After you finish set the date and time, click "Publish Post".
7. Then it will go to the list of blog post, the post that you write just now will have "scheduled" word next to it indicating it haven't being publish yet.

Enjoy!


Hope you will enjoy this post, subscribe to my RSS or mailing list or follow me on blogger or twitter. :)

Sunday, March 14, 2010

Your surname/last name/family name is invalid!

I was Formula1 (F1) fan some time back, recently few years was very boring, super boring (prove: I fall asleep for a few times while watching it, okay?). This year with some rules changed, I would think it will be exciting again. Anyway, I always keep up with the development with F1 by subscribe to F1 official website. I received email from the website during weekend that ask me to re-register for news update and/or live timing access for 2010 season. So here I go to the register page.

Okay, fill up first name, it check for validity, okay, normal. Next fill up last name, what? My last name is invalid? I have been using my last name since my birth, now you tell me it is invalid?


Okay, I tried other name then. HoHo is valid, huh is valid, even number is valid! And Monkey for first name is valid!



For your information, there are a lot of surname/last name/family name with 2 letters only, see google answers.
http://answers.google.com/answers/threadview/id/77066.html

Harlo, F1 website IT, please fix this!

Thursday, March 11, 2010

How to Extract CAB files from the Activesync Installer

A lot of times you want to be able to install all your applications directly from you SD card, but most applications don't make that easy. Most of the time all you get from the application vendor is the PC installer. To get the CAB file you can normally do the following:
Most applications make it easy to find the .cab file you need for a direct install on your pocket PC. They are usually located on your desktop PC in the following folders:


  • C:\Program Files\Microsoft ActiveSync\<appname>
  • C:\Program Files\<appname>
  • C:\<appname>

In most cases you can just copy and paste the cab file into to your storage card.

The trickier installation routines delete the CAB file after the installation, however the only way to install a program is through a .cab (or to copy an .exe) so every installer has to leave the .cab file on your harddrive for a small portion of time. For those installers here are the steps to getting the files:
  1. Connect your device
  2. Run the install for the program, click the appropriate yes's until,
  3. The Activesync message box for "install to default location" comes up--at this point don't click anything, let it sit
  4. Use the windows search or find feature(depending on what version of windows you are using) and search your local drives (including hidden and system folders) for *.cab it helps if you have an idea what the file name might be, or the date of the file, or what the temporary subdirectory it might be placed in is called, regardless that search will list all of the .cab files on your machine at that time.
  5. Copy and paste the .cab to your favorite storage location.


Source:
http://blogs.technet.com/vik/archive/2007/06/13/how-to-extract-cab-files-from-the-activesync-installer-and-copy-them-to-your-sd-card.aspx


Hope you will enjoy this post, subscribe to my RSS or mailing list or follow me on blogger or twitter. :)

Real reason for Apple sueing HTC

What the ****? Steve, you sue HTC because they eating into your market? You got no new innovation gadget already? Or you are just being too free! HAHAHAH

ComScore: Android gains on the iPhone


Apple Sues HTC for Patent Infringement


p/s: see funny stuffs about Apple iPad

Sunday, March 7, 2010

Thursday, March 4, 2010

Wednesday, March 3, 2010

iPhone lovers, get ready for 4th generation!

News on China's IT websites. iPhone 4th generation is coming. iPhone lovers, get ready to burn a hole at your pocket again!

This is time they got color!









Free PowerPoint to Flash Converter

Yes, it is free. I have tried it out. It is much better than other online web that provide PowerPoint uploading service. I was looking for this kind of software previously to display a Chinese New Year powerpoint, but couldn't. See how ugly this post:
http://outdatedpenanguncle.blogspot.com/2010/02/happy-chinese-new-year.html
The animated GIF not even being capture. The website just capture 1 frame per page. Unlike iSpring Free which I am going to show you the result here:


After installation, iSpring Free appear as a Quick Access Tool bar in PowerPoint. So to convert is very simple, open the powerpoint and then click at iSpring Free tab, then generate your flash. You can choose to loop it, generate html with the flash, etc. And it can capture all the animation on the animated GIF in the ppt. And audio is captured as well!


See also on how to create animated GIF:
http://outdatedpenanguncle.blogspot.com/2009/07/create-animated-gif.html

Get the software here:
http://www.ispringfree.com/
Or if you prefer portable version (green version):
http://www.portablesoft.cn/ispring-free/

p/s: see also another powerpoint that I converted into Flash (in Chinese only, with sound)
http://ahsiangboringdiary.blogspot.com/2010/03/blog-post.html

Tuesday, March 2, 2010

Free video capturing software

Today I found this really cool software. It can capture whatever thing happen on your windows. You can choose the area that you want to capture. This is really good if you want to show case or capture some instructions for your audience or students. You can capture it in avi or convert it to swf (flash)!

Best of all, it is free! If you like it, consider some donation to the developer to keep it going.

Go to the web to download it.
http://camstudio.org/

This is for windows only, not ppc.

p/s: Scan with McAfee liao, no virus.

RHBInvest did it again

what? again? this time they put some notice on it la. The IT fler still not wake up yet?


It was down during registration. These people might just not allocate enough money to rent better server la.
http://outdatedpenanguncle.blogspot.com/2010/02/what.html

Monday, March 1, 2010

Phone care - battery calibration

See the discussion of battery calibration for longer battery life here:
http://forum.xda-developers.com/showthread.php?t=585914


Also read the series of phone care:
http://outdatedpenanguncle.blogspot.com/search/label/phone%20care

Phone care - cleaning your phone

More and more people switch to bigger screen phone/smartphone/pocket pc, because they are getting cheaper nowadays and many other functions that basic phones can't do, example camera, wifi, gprs, 3G, etc. Usually these phone come with screen protector and some people switch to a better quality screen protector.

With screen protector or not, you will end up with oily screen that come from your hand, or face when pickup phone call. I am a good example because I have an oily face.

So what is the best way to clean your oily screen? I found out to use the same kind of cloths that use to clean glasses (some part of the world call it spectacles) is the best method to clean the phone screen. You can get it from optical shop for less than few dollars. Cheap and good! Some people might already using the cloths for LCD cleaning, it should be the same cloth! But if you think the spray does help, why not? But for my the cloth alone is good enough. :)