MikeB Top Story

Subic Mountains Guide and Porter Fees

mikeb@mikeb.info (MikeB) — Sun, 18 Dec 2011 17:49:28 +0000

The new chieftain of Sitio San Martin is now Chieftain Binggoy and he replaced Chieftain Jimmy. Chieftain Perla Jimenez (Chieftain of Cawag Resettlement) is now handling the registration, guides and porters of mountaineers going to Mt Cinco Picos, Balingkilat, Nagsaza, Dayungan and its traverses in coordination with Chieftain Binggoy. Here are their new sets of fees for every 5 mountaineers and I need your comments and suggestions so that I can bring these to them for a meeting or dialogue.

HP to Contribute webOS to Open Source

mikeb@mikeb.info (MikeB) — Fri, 09 Dec 2011 16:00:00 +0000

HP to enable creativity of the community to accelerate the next-generation web-centric platform.

PALO ALTO, Calif., Dec. 9, 2011

HP today announced it will contribute the webOS software to the open source community.

HP plans to continue to be active in the development and support of webOS. By combining the innovative webOS platform with the development power of the open source community, there is the opportunity to significantly improve applications and web services for the next generation of devices.

webOS offers a number of benefits to the entire ecosystem of web applications. For developers, applications can be easily built using standard web technologies. In addition, its single integrated stack offers multiplatform portability. For device manufacturers, it provides a single web-centric platform to run across multiple devices. As a result, the end user benefits from a fast, immersive user experience.

2011's Biggest Breaches: What We've Learned

mikeb@mikeb.info (MikeB) — Fri, 09 Dec 2011 07:17:01 +0000

By: Hord Tipton

In virtually all of the breaches of 2011, there was a human error or failure that could have been avoided. As IT people, we tend to focus more on the technology surrounding these compromises, but as I look more closely at each of them, I believe that humans are still at the heart of great security successes - and, unfortunately, great security breaches.

Humans are still at the heart of great security successes - and, unfortunately, great security breaches.

With this human factor in mind, let's take a look at some of this year's biggest compromises. Interestingly, many of the human errors involved in these breaches were basic mistakes made in the domains that (ISC)2 describes in its CISSP program. As such, it is clear that so much of security boils down to education and experience.

Download.com "Apologises" For Bundling

mikeb@mikeb.info (MikeB) — Fri, 09 Dec 2011 06:58:24 +0000

In a statement, Sean Murphy, the Vice President and General Manager of DOWNLOAD.COM, says that the company's policy was not to bundle open source software with the installer it used for other software. The author of the NMAP network scanning software, Gordon "FYODOR" Lyon, had complained that Download.com – a CNET company and part of CBS Interactive – had repackaged the open source software with an installer which, if the user accepted it, installed one of a number of toolbars which changed the user's browser home page and default search engine.

The Most Notorious Cybercrooks Of 2011 -- And How They Got Caught

mikeb@mikeb.info (MikeB) — Fri, 09 Dec 2011 06:39:51 +0000

By Ericka Chickowski, Contributing Editor | Dark Reading

A torrent of attacks from groups like Anonymous, LulzSec, Goatse Security, and Antisec has made it a busy year for cybercrime investigators

While there are plenty of elusive hackers that will forever manage to outrun the law, the good guys scored some impressive arrests, indictments, and convictions in 2011. Here are some of the highest profile cases to hit the headlines this year.

Download.Com Caught Adding Malware to Nmap and Other Software

mikeb@mikeb.info (MikeB) — Wed, 07 Dec 2011 06:51:26 +0000

I considered myself as a user of NMap and a subscriber to the newsletter of Gordon Lyon (A.K.A. Fyodor). I think this one is worth posting since most people are encountering CNET's Download.com whenever they download and install free and trial version of software.

Difference Between Vulnerability Scans and Penetration Testing

mikeb@mikeb.info (MikeB) — Mon, 05 Dec 2011 04:06:33 +0000

I. Vulnerability Assessment/Scans

Vulnerability assessment is the process of identifying and quantifying vulnerabilities in a system. The system being studied could be a physical facility like a nuclear power plant, a computer system, or a larger system (for example the communications infrastructure or water infrastructure of a region).

A vulnerability scan/assessment looks for known vulnerabilities in your systems and reports potential exposures. A penetration test is designed to actually exploit weaknesses in the architecture of your systems. Where a vulnerability scan can be automated, a penetration test requires various levels of expertise within your scope of systems. In short a technician runs a vulnerability scan while a hacker performs a penetration test.

Vulnerability scanning is a necessary part of maintaining your information security and should be used more often in the field. For example, every new piece of equipment that is deployed should have a vulnerability scan run against it and another approximately monthly thereafter. Baseline reports on key equipment should be maintained, and changes in open ports or added services should be investigated. In this way, a vulnerability scanner can be used as a detective tool to alert an information security program when unauthorized changes have been made to the environment.

Linux kernel archives host compromised by attacker

mikeb@mikeb.info (MikeB) — Thu, 01 Sep 2011 18:29:29 +0000

The Linux kernel archive website, which is located at kernel.org, was compromised by attackers last month. According to a statement posted yesterday on the website, unauthorized parties successfully seized root access to several kernel.org servers and planted a trojan. The site hosts the source code of the Linux kernel, and a number of other projects.

The intrusion was reported to kernel.org users earlier this week by site administrator John Hawley. The attack is believed to have occurred on August 12 but wasn't detected until August 28. The attack vector isn't known for certain, but it is thought that the attacker somehow obtained a legitimate user's login credentials and then exploited an unknown privilege escalation vulnerability. The attack was discovered when an Xnest error message was found in the system logs on a server that did not have Xnest installed.

The Crazy Ones

mikeb@mikeb.info (MikeB) — Sun, 28 Aug 2011 21:39:37 +0000

Original

Here’s to the crazy ones. The misfits. The rebels. The troublemakers. The round pegs in the square holes. The ones who see things differently. They’re not fond of rules. And they have no respect for the status quo. You can quote them, disagree with them, glorify or vilify them. About the only thing you can’t do is ignore them. Because they change things. They invent. They imagine. They heal. They explore. They create. They inspire. They push the human race forward. Maybe they have to be crazy. How else can you stare at an empty canvas and see a work of art? Or sit in silence and hear a song that’s never been written? Or gaze at a red planet and see a laboratory on wheels? We make tools for these kinds of people. While some see them as the crazy ones, we see genius. Because the people who are crazy enough to think they can change the world, are the ones who do.

GIMP 2.7.3 arrives with single-window mode

mikeb@mikeb.info (MikeB) — Tue, 23 Aug 2011 15:30:15 +0000

In a post on the project's homepage, the GIMP development team has announced the arrival of the third point update to the 2.7.x branch of GIMP (GNU Image Manipulation Program). According to the developers, GIMP 2.7.3 introduces a number of important features and graphical user interface (GUI) improvements, such as a fully functional single-window mode.

In the single-window mode, elements such as the tools or layers menus are lined up alongside the image in the same window instead of being displayed in separate windows next to the image. The new single-window mode is not enabled by default; users can switch to the single-window mode via Windows -> Single Window Mode. Other changes include working session management and a new hybrid spinbutton/scale widget that takes up less space. New tooltips have also been added to tool options.