• XML/RSS Feed

  Big fat juicy icon

• Recent Posts

  • MS err msg haikus
  • iPhone 3G MS Exchange sync pricing strategy
  • San Diego Gulls vs. Armed Forces
  • Hidden flaws in strategy (part un)
  • For-profit corps can change the world
  • Lindros P88 composite blade
  • JavaScripherTution in{j|f}ection
  • My App Engine “Wall”
  • Web 2.0 weekend roundup: Mashup (projected) money, Slide, plus mobile
  • Breaktrough at hockey practice yesterday

• Categories

  • automation (3)
  • backpacking europe (4)
  • business (29)
  • career (32)
  • changing the world (25)
  • cleantech (2)
  • did you know (17)
  • engineering (5)
  • entrepreneurship (10)
  • execution (19)
  • failure (23)
  • fear (25)
  • geeky (24)
  • goal setting (20)
  • google (9)
  • hacks (4)
  • hardware (1)
  • healthcare technology (1)
  • howto (4)
  • humor (20)
  • ice hockey (6)
  • ideas (10)
  • innovation (25)
  • marketing (12)
  • math (1)
  • mentoring (2)
  • microfinance (6)
  • mobile (8)
  • pantun (1)
  • passion (38)
  • people i like (21)
  • perseverance (21)
  • photos (5)
  • poverty (6)
  • product management (16)
  • project management (5)
  • quotes (62)
  • regular reads (20)
  • retards (2)
  • san diego (7)
  • security research (12)
  • self improvement (54)
  • silicon valley (1)
  • songs (6)
  • stanford (9)
  • startup (28)
  • strategy (12)
  • technology (23)
  • things to ponder about (37)
  • things to remind myself (57)
  • time management (12)
  • travel (4)
  • uncategorized (26)
  • values (11)
  • web 2.0 (1)
  • websense (10)
  • winds of change (4)
  • wokai (5)

• Blogs

  • All About Product Management
  • Ask A Good Product Manager
  • Career Intensity
  • Founders At Work
  • Hacker News (Y Combinator)
  • I Will Teach You To Be Rich
  • Nesheim Online
  • Passion, People and Principles
  • Paul Graham
  • Paulo Coelho
  • The Global Perspective
  • The Long Tailpipe
• Don't feel bad! Victims from all over the world have been conned into visiting this blog:
  
  
  Got a microphone? Leave me a message
  
  
  
  And here's some obligatory Google Ads! Never mind that I haven't actually gotten any money out of this--I just laugh at the poor javascript's attempt to guess my blog's context in order to serve up the appropriate target ad (which it usually fails miserably to do)
  
  

This is a cross-post from my company’s blog that I posted today.

The injection of malicious <script src="malicious.js”> JavaScript tags on a massive scale into everyday popular and reputable Web sites, commonly visited by the casual surfer at home (and at work), has been the trend. Today, as my team and I here at Security Labs made our routine rounds around the block to spy on what the bad guys are up to next, we discovered a somewhat weak but interesting piece of malicious code, whose techniques date back to the early days of encryption - the substitution cipher.

Wikipedia has a good introduction on this topic:

In cryptography, a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution.

Doing a character for character substitution, using a keyword of “MALCODE“, we get:

Plaintext:  ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: MALCODEHIJKFBNGPQRSTUVWXYZ

Using that mapping, we can encrypt a message from a hypothetical botnet master to his/her herd of bots from this:

LAUNCH THE DDOS ATTACK NOW

to this:

FMUNLH THO CCGS MTTMLK NGW

It’s a very trivial algorithm, and extremely weak in terms of the protection it provides (by today’s standards), but it is definitely good enough to conceal the true message from casual prying eyes. This was certainly as good as bulletproof during the days of Julius Caesar (wow, we’ve come a long way!).
Read more

This is pretty darn cool. I never thought of immediately taking RAM out and freezing it. The fading picture of the graphic as the capacitors lose their charge is also pretty cool. You read the theory of why RAM is volatile memory but you don’t actually get to see it in action (or at least, I didn’t!)

Coverage from news.com

Here is what I did for Valentine’s day at work.

Happy Valentine’s, and don’t let the Google IE toolbar 404 hijackers bite

Yeah, so I’ve been busy and haven’t posted for a while here. But today, I posted a blog for work, so I’m cross-posting it here. Read: recycling information because I am lazy. That’s right, I’ve said it.

What’s in a domain parking?

Wikipedia defines this practice as “an advertising practice used primarily by domain name registrars and internet advertising publishers to monetize type-in traffic visiting an under-developed domain name. The domain name will usually resolve to a page containing relevant advertising listings and links. These links will be targeted to the predicted interests of the visitor and may change dynamically based on the results that visitors click on.”

Or in normal people jargon, random marketing material that is mostly pointless for most people. Typically, our readers immediately navigate away from such pages upon visiting them by accident.

Continue here.

This story on \. today reminds me of a “what if” thought that I’ve had once before.

Wired story about scientists who plan to use genetically modified mosquitoes to reduce the population of Dengue-carrying insects. The altered genes cause newly born mosquitoes to die before they are able to breed if they are not supplied with a crucial antibiotic. This is a more aggressive approach than the anti-Malaria work we discussed last year

In the security arms race against black-hat hackers, it’s common for them to copy our security measures and use it against us. Perhaps it’s time we did the same. What if we made malware to infect their malware? I mean, they make malicious stuff to infect victims, so how about us infecting their malware with our payload (malware for malware? If the two terms cancel out, does that make it goodware?) — just like the genetically modified mosquitoes?
Read more

I love pets but am too busy to tend to one. I could take care of a plant, but I can’t take a cactus for a walk. This, seems to be right within my realm! I do security research for Websense, I don’t know why I didn’t think of this earlier!

(click for bigger)

xkcd is my kinda comic. It’s funny and nerdy. Hmm.. I wonder how I can implement this.

The flatscreen LCD would be the most expensive. Then I’d need a pretty beefy machine (as host) to run that many virtual machines. For visualization, I guess I need to translate their actions into a network graph; for instance, if one machine DDoS’s another machine, the graphic would show one node firing small bullets at another machine rapidly. This sounds pretty cool, actually! MMmmmmm …………..

Update: I liked it so much I stuck up a print out of it on my cube wall:

I blogged at work tuh-day. MySpacitizens should check it out .. it’s a short read.

An interesting thought by Paul Vixie that I stumbled upon while I was incident handling yesterday.

Basically he compares the botnet problem to the human health virus/bacteria problem. Medical antibiotics are great but viruses eventually develop an immunity towards it. Then we are forced to come up with something better. He says that minor incremental stopgap measures against botnet herders cause more trouble in the long run:

Annoying botnet handlers educates them. Don’t do that! Let them succeed at what they try, but watch their every move. Learn to predict what they will do next. Learn how they did whatever they’ve done. Learn who they are. Learn where they live, and where their money comes from. Let them have a wonderful, annoyance-free life, right up to the instant that the front door of their apartment is kicked in and the handcuffs go on. Don’t create more antibiotic-resistant superbugs. Don’t teach them how to be more careful next time, on a painless incremental basis.

Botnet herders are humans just like us, who can think and problem-solve. It’s true that the most dangerous animal to hunt of all, is ourselves.

Full post is here.

If you shop on eBay, did you know that their merchant rating system can be gamed to artificially inflate its positive feedback number? This happened on eBay.co.uk, I learned about this and wrote a short blog post for the Security Labs.

Buyers beware. Read more about it here:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=130

My VP of Security Research just posted a demo of a dodgy piece of code, riding on the Youtube popularity wave. Kind of funny to me, to hear his voice over a Youtube stream. LOL

I’ve just written another blog post for my company Websense Security Labs, about the recent Month of Bugs trend. You may read about it here:

http://www.websense.com/securitylabs/blog/blog.php?BlogID=126.

I’ve written a post for my company’s blog. Just some food for thought when it comes to managing your identity information. It is available here:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=111

• Change The World Or Die Trying

  Time is the essence of life. It is something we all share. Each of us has a limited amount. How we use our time is the guiding force of our lives. How we spend our time tells other people who we are. We define ourselves by our use of time. We are what we do!

• Quote Of The Moment

  Choosing one path means abandoning others - if you try to follow every possible path you will end up following none
  -- Paulo Coelho

•  

  July 2008

  S	M	T	W	T	F	S
  « Jun
  		1	2	3	4	5
  6	7	8	9	10	11	12
  13	14	15	16	17	18	19
  20	21	22	23	24	25	26
  27	28	29	30	31

• 
  

• Archives

  • July 2008 (4)
  • June 2008 (9)
  • May 2008 (7)
  • April 2008 (4)
  • March 2008 (8)
  • February 2008 (21)
  • January 2008 (11)
  • December 2007 (15)
  • November 2007 (13)
  • October 2007 (2)
  • September 2007 (13)
  • August 2007 (17)
  • July 2007 (14)
  • June 2007 (17)
  • May 2007 (10)
  • April 2007 (6)
  • March 2007 (5)
  • February 2007 (5)
  • January 2007 (1)
  • December 2006 (6)
  • November 2006 (7)
  • October 2006 (9)
  • September 2006 (7)
  • August 2006 (9)
  • July 2006 (9)
  • June 2006 (9)
  • May 2006 (12)
  • April 2006 (4)
  • March 2006 (2)

• Stuff I have been reading

  • Appirio
  • Rough Type: Nicholas Carr's Blog: The cloud's not-so-silver lining
  • funny haiku
  • On-Demand Computing: A Brutal Slog
  • Why Silicon Valley Should Be Worried - GigaOM
  • Reflections of the Warrior of the Light - Something out of the ordinary at Paulo Coelho’s Blog
  • Reflections of the Warrior of the Light - Through and beyond at Paulo Coelho’s Blog
  • PC World - NASA: Robotic arm on Mars Lander shuts down to save itself
  • PC World - Notebooks/Desktops/Printers/Monitors - What does it take to get a PC with XP?
  • 3-D CAPTCHA

• Wokai: Non-profit China Microfinance

  • People Magazine, Us Weekly & Wokai Press Kits
  • The Movie Project phenomenon
  • Desperate times, desperate measures
  • WOKAI in World Journal
  • Starting a nonprofit: nature or nuture?
  • Are they right: Microfinance won't work?
  • The Web Portal - Glitz or Simplicity?
  • Who knew Tzu Chi and Wokai have something in common?
  • Hand-Out or Hand-Up
  • Does Wokai need Chapters?