• XML/RSS Feed

  Big fat juicy icon

• Recent Posts

  • MS err msg haikus
  • iPhone 3G MS Exchange sync pricing strategy
  • San Diego Gulls vs. Armed Forces
  • Hidden flaws in strategy (part un)
  • For-profit corps can change the world
  • Lindros P88 composite blade
  • JavaScripherTution in{j|f}ection
  • My App Engine “Wall”
  • Web 2.0 weekend roundup: Mashup (projected) money, Slide, plus mobile
  • Breaktrough at hockey practice yesterday

• Categories

  • automation (3)
  • backpacking europe (4)
  • business (29)
  • career (32)
  • changing the world (25)
  • cleantech (2)
  • did you know (17)
  • engineering (5)
  • entrepreneurship (10)
  • execution (19)
  • failure (23)
  • fear (25)
  • geeky (24)
  • goal setting (20)
  • google (9)
  • hacks (4)
  • hardware (1)
  • healthcare technology (1)
  • howto (4)
  • humor (20)
  • ice hockey (6)
  • ideas (10)
  • innovation (25)
  • marketing (12)
  • math (1)
  • mentoring (2)
  • microfinance (6)
  • mobile (8)
  • pantun (1)
  • passion (38)
  • people i like (21)
  • perseverance (21)
  • photos (5)
  • poverty (6)
  • product management (16)
  • project management (5)
  • quotes (62)
  • regular reads (20)
  • retards (2)
  • san diego (7)
  • security research (12)
  • self improvement (54)
  • silicon valley (1)
  • songs (6)
  • stanford (9)
  • startup (28)
  • strategy (12)
  • technology (23)
  • things to ponder about (37)
  • things to remind myself (57)
  • time management (12)
  • travel (4)
  • uncategorized (26)
  • values (11)
  • web 2.0 (1)
  • websense (10)
  • winds of change (4)
  • wokai (5)

• Blogs

  • All About Product Management
  • Ask A Good Product Manager
  • Career Intensity
  • Founders At Work
  • Hacker News (Y Combinator)
  • I Will Teach You To Be Rich
  • Nesheim Online
  • Passion, People and Principles
  • Paul Graham
  • Paulo Coelho
  • The Global Perspective
  • The Long Tailpipe
• Don't feel bad! Victims from all over the world have been conned into visiting this blog:
  
  
  Got a microphone? Leave me a message
  
  
  
  And here's some obligatory Google Ads! Never mind that I haven't actually gotten any money out of this--I just laugh at the poor javascript's attempt to guess my blog's context in order to serve up the appropriate target ad (which it usually fails miserably to do)
  
  

This is a cross-post from my company’s blog that I posted today.

The injection of malicious <script src="malicious.js”> JavaScript tags on a massive scale into everyday popular and reputable Web sites, commonly visited by the casual surfer at home (and at work), has been the trend. Today, as my team and I here at Security Labs made our routine rounds around the block to spy on what the bad guys are up to next, we discovered a somewhat weak but interesting piece of malicious code, whose techniques date back to the early days of encryption - the substitution cipher.

Wikipedia has a good introduction on this topic:

In cryptography, a substitution cipher is a method of encryption by which units of plaintext are substituted with ciphertext according to a regular system; the “units” may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution.

Doing a character for character substitution, using a keyword of “MALCODE“, we get:

Plaintext:  ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: MALCODEHIJKFBNGPQRSTUVWXYZ

Using that mapping, we can encrypt a message from a hypothetical botnet master to his/her herd of bots from this:

LAUNCH THE DDOS ATTACK NOW

to this:

FMUNLH THO CCGS MTTMLK NGW

It’s a very trivial algorithm, and extremely weak in terms of the protection it provides (by today’s standards), but it is definitely good enough to conceal the true message from casual prying eyes. This was certainly as good as bulletproof during the days of Julius Caesar (wow, we’ve come a long way!).
Read more

Here is what I did for Valentine’s day at work.

Happy Valentine’s, and don’t let the Google IE toolbar 404 hijackers bite

Yeah, so I’ve been busy and haven’t posted for a while here. But today, I posted a blog for work, so I’m cross-posting it here. Read: recycling information because I am lazy. That’s right, I’ve said it.

What’s in a domain parking?

Wikipedia defines this practice as “an advertising practice used primarily by domain name registrars and internet advertising publishers to monetize type-in traffic visiting an under-developed domain name. The domain name will usually resolve to a page containing relevant advertising listings and links. These links will be targeted to the predicted interests of the visitor and may change dynamically based on the results that visitors click on.”

Or in normal people jargon, random marketing material that is mostly pointless for most people. Typically, our readers immediately navigate away from such pages upon visiting them by accident.

Continue here.

I love pets but am too busy to tend to one. I could take care of a plant, but I can’t take a cactus for a walk. This, seems to be right within my realm! I do security research for Websense, I don’t know why I didn’t think of this earlier!

(click for bigger)

xkcd is my kinda comic. It’s funny and nerdy. Hmm.. I wonder how I can implement this.

The flatscreen LCD would be the most expensive. Then I’d need a pretty beefy machine (as host) to run that many virtual machines. For visualization, I guess I need to translate their actions into a network graph; for instance, if one machine DDoS’s another machine, the graphic would show one node firing small bullets at another machine rapidly. This sounds pretty cool, actually! MMmmmmm …………..

Update: I liked it so much I stuck up a print out of it on my cube wall:

I blogged at work tuh-day. MySpacitizens should check it out .. it’s a short read.

If you shop on eBay, did you know that their merchant rating system can be gamed to artificially inflate its positive feedback number? This happened on eBay.co.uk, I learned about this and wrote a short blog post for the Security Labs.

Buyers beware. Read more about it here:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=130

My VP of Security Research just posted a demo of a dodgy piece of code, riding on the Youtube popularity wave. Kind of funny to me, to hear his voice over a Youtube stream. LOL

I’ve just written another blog post for my company Websense Security Labs, about the recent Month of Bugs trend. You may read about it here:

http://www.websense.com/securitylabs/blog/blog.php?BlogID=126.

I’ve written a post for my company’s blog. Just some food for thought when it comes to managing your identity information. It is available here:
http://www.websense.com/securitylabs/blog/blog.php?BlogID=111

It rarely rains in San Diego, but it did last night. I guess my car’s brakes were still wet although it was sunny today. As I made a pretty tight corner, jamming my brakes a little hard, I felt the ABS go off and I thought to myself, “wow, am I glad I went with the ABS on this car”. I drive a Mitsubishi Eclipse ‘05 and I remember the day I was debating if I should go with the GTS or the GT trim, the latter not having the ABS and cheaper.

I generally dislike the “scare” tactic used by salesmen. It usually entails providing you reason why if you don’t buy whatever they are selling, then something bad will happen to you.

But if I am going to be like that, then logic follows that I should start thinking about the things I need before I need them. I needed my ABS to stop my car before I hit another car. Surely, I can opt to get the ABS after I hit the car, but then I’d have to pay the financial consequences. So why not take the pre-emptive measure of getting the ABS first? I’m already penalized plenty for car insurance (namely because I am under 25, single, no kids, and drive a 2 door car). I do have a clean driving record, so my preference would be to keep it that way for as long as I can.

The punchline for this post is: What are the things in life that you should address before something undesirable occurs that will affect you, your loved ones, and/or belongings?

The other extreme would be to buy everything a scare tactic tells you. Sure, I could be struck by a meteor the size of Saturn that crashes on my car while I am driving to my hockey game, but what are the odds of that happening? (That was a jab at the insurance telemarketers that try to sell me their load of crap).

Without even feeling a *little* bit guilty for being biased (heh), another thing that comes to mind is my company’s flagship product. You can read all about it from the marketers, but one of the things we do is prevent people from accidentally visiting malicious websites that will silently install malware (trojan horses, viruses, spyware) on your PC. Did you know, just by visiting a link from your e-mail, you could get infected? That’s all it takes. Yes, that was a shameless plug for my company. I work for the Websense Security Labs. You could get a product as such AFTER you have been hit by piece of malware silenty running on your PC, harvesting all your credit card information from all that online shopping, but you’ve just paid the price. And if your Big Corp, Inc. — the damage to your reputation because you lost your customer information will be hard to undo.

There are plenty of examples like these in life, I guess I just need to list them all, and address them as they come. Do share in the comments below. I’ve just enabled Akismet, to combat comment spam. We’ll see how well this thing works!

On another note, I haven’t written anything for 1+ weeks because I was on a trip to Louisiana. Might post some hideous pictures up later. Cheers!

• Change The World Or Die Trying

  Time is the essence of life. It is something we all share. Each of us has a limited amount. How we use our time is the guiding force of our lives. How we spend our time tells other people who we are. We define ourselves by our use of time. We are what we do!

• Quote Of The Moment

  Choosing one path means abandoning others - if you try to follow every possible path you will end up following none
  -- Paulo Coelho

•  

  July 2008

  S	M	T	W	T	F	S
  « Jun
  		1	2	3	4	5
  6	7	8	9	10	11	12
  13	14	15	16	17	18	19
  20	21	22	23	24	25	26
  27	28	29	30	31

• 
  

• Archives

  • July 2008 (4)
  • June 2008 (9)
  • May 2008 (7)
  • April 2008 (4)
  • March 2008 (8)
  • February 2008 (21)
  • January 2008 (11)
  • December 2007 (15)
  • November 2007 (13)
  • October 2007 (2)
  • September 2007 (13)
  • August 2007 (17)
  • July 2007 (14)
  • June 2007 (17)
  • May 2007 (10)
  • April 2007 (6)
  • March 2007 (5)
  • February 2007 (5)
  • January 2007 (1)
  • December 2006 (6)
  • November 2006 (7)
  • October 2006 (9)
  • September 2006 (7)
  • August 2006 (9)
  • July 2006 (9)
  • June 2006 (9)
  • May 2006 (12)
  • April 2006 (4)
  • March 2006 (2)

• Stuff I have been reading

  • Appirio
  • Rough Type: Nicholas Carr's Blog: The cloud's not-so-silver lining
  • funny haiku
  • On-Demand Computing: A Brutal Slog
  • Why Silicon Valley Should Be Worried - GigaOM
  • Reflections of the Warrior of the Light - Something out of the ordinary at Paulo Coelho’s Blog
  • Reflections of the Warrior of the Light - Through and beyond at Paulo Coelho’s Blog
  • PC World - NASA: Robotic arm on Mars Lander shuts down to save itself
  • PC World - Notebooks/Desktops/Printers/Monitors - What does it take to get a PC with XP?
  • 3-D CAPTCHA

• Wokai: Non-profit China Microfinance

  • People Magazine, Us Weekly & Wokai Press Kits
  • The Movie Project phenomenon
  • Desperate times, desperate measures
  • WOKAI in World Journal
  • Starting a nonprofit: nature or nuture?
  • Are they right: Microfinance won't work?
  • The Web Portal - Glitz or Simplicity?
  • Who knew Tzu Chi and Wokai have something in common?
  • Hand-Out or Hand-Up
  • Does Wokai need Chapters?