Wednesday, March 31, 2010

Motivational Moment

Thought for the Day

March 31, 2010

THERE IS HARMONY THROUGHOUT THE UNIVERSE IN EVERYTHING EXCEPT HUMAN RELATIONSHIPS.

Our universe is characterized by order and harmony, yet we human beings must constantly struggle to achieve the same characteristics in our relationships. In fact, human beings seem to find it unnatural to cooperate with others. Successful individuals are those who have learned to swim against the current, to do the things that others refuse to do. They have learned how to work together for the benefit of the entire group. Achieving harmony in any relationship-business, personal, or professional-requires work. Take comfort in the fact that you’ll accomplish far more working with others than working against them.trate that you care about all the members of your team.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at http://www.naphill.org.


Big Bang machine makes history

Big Bang machine makes history

With record-breaking particle collision, scientists on the hunt for great mysteries of the universe
By Sharon Gaudin

Scientists at the Large Hadron Collider succeeded today in smashing two particle beams into each other at an energy level three and a half times greater than ever achieved before.

Today's record-breaking collision marks the beginning of intensive scientific research for the collider, which has suffered through expensive and time-consuming glitches since it first went online in September 2008 .

With the success of this high-energy collision, scientists at the European Organization for Nuclear Research (CERN), which runs the collider, said they now can begin their long-anticipated hunt to answer some of the great mysteries of the universe - understanding dark matter and black holes and finding new dimensions.

"We've all been impressed with the way the [collider] has performed so far," said Guido Tonelli, a CERN spokesman, in a statement. "We'll address soon some of the major puzzles of modern physics, like the origin of mass, the grand unification of forces and the presence of abundant dark matter in the universe. I expect very exciting times in front of us."

On March 19, CERN scientists announced that the collider had broken a second energy record , accelerating proton beams to 3.5 teraelectronvolts (TeV), the top speed for an atom smasher machine. That came on the heels of the collider, which sits astride the Swiss/French border, setting the previous record by accelerating two protons at a speed of 1.18 TeV late last November.

Today, the collider went beyond accelerating beams and smashed two beams together that were individually accelerated to the 3.5 TeV level. It was a combined energy of 7 TeV.

"It's a great day to be a particle physicist," said CERN Director General Rolf Heuer, in a statement. "A lot of people have waited a long time for this moment, but their patience and dedication is starting to pay dividends."

Barring any mechanical trouble, physicists at CERN are hoping to run the collider for the next 18 to 24 months, looking for information on such things as the Higgs boson particle, otherwise known as the God particle. This elusive piece of matter is thought to be the answer to why objects have mass. Without this cornerstone of physics, many theories that serve as the underpinnings of human understanding of the universe evaporate.

So far, the Higgs bason particle remains a theory and CERN physicists are looking forward to investigating it. Today's collision is a forebear to the time when scientists will accelerate two particle beams toward each other at 99.9% of the speed of light.

Smashing the beams together creates showers of new particles that should re-create conditions in the universe just moments after its conception.

The collider, which has been called "one of the great engineering milestones of mankind ," was built to explore the Big Bang theory, which holds that more than 13 billion years ago, an amazingly dense object the size of a coin expanded into the universe that we know now.

The collider has been plagued with problems, however. Shortly after the collider's first test run in September 2008, scientists running the machine disclosed that a faulty electrical connection had knocked it offline . Fixes and the addition of safeguards kept the collider offline until this past November.

Tuesday, March 30, 2010

Unauthorized code boosts clock speed on Palm Pre smartphones

Palm warns smartphone users against using 'overclocking' patch

Unauthorized code boosts clock speed on Palm Pre smartphones to 800MHz from 500MHz
By John Cox

Palm is warning that installing on the Palm Pre smartphone an unauthorized kernel, created by two hackers to spur the phone's performance, will likely void the warranty. An online video shows a customized Pre responding immediately and smoothly with multiple applications active, and an "insanely fast" Web browser.

The overclocking patches, one for 720MHz and one for 800MHz, were released last Thursday, the work of hackers unixpsycho and caj2008. They dubbed the code an "optimized kernel" for webOS 1.4 only on Palm Pre or Palm Pre Plus, not the Pixi smartphone models.

The patches come with several warnings. "Do not use on any other OS version or you may may frakk your Pre. You must read and abide to all the below guidelines. This may shorten the lifetime of your cpu so be forwarned and to due so will be at your own risk. Use of this software may result in the potential voiding of your warranty. Our initial data shows good safety, and no significantly higher battery drain or cpu temperature as a result of use of this kernel (data still being collected)."

Palm issued its warning on Sunday. "Palm is working hard to improve the speed and performance of webOS, as shown in our recent 1.4 update. While we appreciate the effort the webOS community has put forth to try and help us along that path, the use of this application is neither endorsed nor recommended by Palm and will likely result in a voided warranty. Palm encourages webOS users to let Palm release official updates that provide safe, reliable, over-the-air features that improve their device in a number of areas, as we have in the past at a rate of approximately once per month."

The Pre CPU is a Texas Instruments OMAP 3430 chip, which is based on the advanced Cortex A8 core from ARM coupled with the PowerVR SGX chip for 2D/3D graphics and video. The 3430 can run at 600MHz but Palm reportedly "underclocks" it to run at 500MHz on the Pre smartphones.

Palm tweaked software performance when it released webOS 1.4, at the end of February. But clearly not enough for its hardcore users.

Fellow coders and Palm enthusiasts welcomed the unauthorized code, confirming substantial speed boosts. "Nothing short of awesome so far, no heat and much better battery performance," posted aezrilov, at Precentral.com, in a thread titled "Day 2 of the 800MHz patch." "Speed is incredible," posted another member, Bricktop.

But some others were reporting problems. "Day 1 was incredible, nothing bad can be said," posted Precentral member squeezy, with a Verizon-based Pre. "Today has been different. It started off when I was in headset mode talking on the phone, the screen would not come back on. So I held the power button down, it made the sound and vibrated, but still no screen. Not two hours later when on a call normal, I go to end it and the screen is unresponsive. Again I press the power button, sound, vibrate and screen notification come up, but the touch screen is not responsive. Both times I had to pull the battery. It has froze and locked up on its own just sitting there as well, each time resulting in a battery pull."

One member, Shadavis08, confirmed in a forum post that there are some similar reports "but im not sure that its related to the patch . what i would do is remove it and go down to the stock speed for a day and see if it still does that or drop down to the 720 kernel instead and see how that runs for you ok !"

Another user said his phone had begun randomly shutting down since he installed the kernel. He was going to remove it and "wait and see."

On Day 3 of the kernel "trial," there were similar mixed results. In some cases, users noted the phone heating up more than usual when doing sustained video downloads, for example. (there's a Device Temperature Warning Patch available). The occasional random shutdown continued to be reported. One Precentral member, kevintranca, posted "i've been using my pre on 800 MHz and the battery life seems good until i actually make calls. making calls seem to totally drain my battery, does anyone else feel this way too? "

Monday, March 29, 2010

Are intimate details of your life on SPOKEO.COM?




Spokeo may be a little Spooky-O
Are intimate details of your life on SPOKEO.COM?
A new website is taking personal details of your life from various places on the Internet and combining it all on one page for anyone to see.

Reporter: Lizz Marrs

GRAND JUNCTION, Colo. (KKCO)- A new website is taking personal details of your life from various places on the Internet and combining it all on one page for anyone to see.

It's has typical things like your address and phone number, but it also has intimate details like your hobbies and even lists your family members.

The website called Spokeo takes public information from social networking sites like Facebook and Myspace, and then it takes phone book listings, business websites and marketing databases and creates a page for you.

But be careful because not everything is accurate.

Some of the astrological signs, or hobbies have been wrong.

Nancy Wood was shocked and says, "I am on facebook but knowing my father's name is a little bit creepy."

And Joan Axthelm says that's why she's cautious online. "I have a blog and a facebook page and twitter so I have all this information out there but it's only accessible to people I allow to be accessible but this just reaffirms for me this is an important thing to do."

There is a way to delete this Spokeo page if you are not comfortable with your information being out on display.

Copy the URL link from your page
Then, click on the privacy button in the bottom right corner.
Paste the URL and type in your email, and you should get an email from Spokeo to complete the removal process.

This website is a helpful reminder that anything you put online is public and can come back to you haunt you.

Saturday, March 27, 2010

Save Cooley High from the wrecking ball



2-day events next week:
Monday March 29,2010SAVE COOLEY HIGH MARCH @ 4pm assembly.
Tuesday March 30,2010 Robert Bobb's town hall meeting @ Cooley 7pm.
All Cooley Grads and the community are all encouraged to come for both days.
Come out and save a piece of your history.

Friday, March 26, 2010

Free app makes paid web scanners dead in the water

Free app makes paid web scanners dead in the water

By Darren Pauli,

Google's upgraded version of its automated Web application scanner, SkipFish, has received glowing reviews from local security experts.

The free tool designed by Google software engineer Michal Zalewski, and launched late last week, scans for web application vulnerabilities.

Penetration testing firm HackLabs director Chris Gatford said the tool is "blazingly fast" and accurate.

The revamped SkipFish outperformed other free and commercial offerings during HackLab tests. Gatford said some full-featured web application scanners return HTTP request at a rate of about one or two a second.

"SkipFish fired more than 400 requests per second, that's under less than ideal conditions, on a standard broadband connection and using its default settings," Gatford said, adding it did return some errors.

Security blogger and RedSpin consultant jhaddix said the application returned 600 requests per second over a 10Mb connection, but reported some problems.

The massive request rate means the tool can also be used for malicious Denial of Service (DoS) attacks. Such an attack would require less compute-power -- roughly 20 servers according to estimates -- to crash a small corporate site.

Malicious users could employ the tool to discover application vulnerablilities for exploitation, but that possibility is available through many existing tools.

Gatford said SkipFish is a "smart move" by Google as it represents an attempt to improve online safety, a suggestion echoed by IBRS security analyst James Turner.

Zalewski has been quick to introduce fixes as testers report them. He fixed six flaws discovered by Gatford within hours of their publication on Twitter.

SkipFish is targeted for people who typically do not test web applications, but security experts say some knowledge or research is requirement to locate vulnerability fixes that Zalewski has reportedly planned, but not yet incorporated into the tool.

New malware overwrites software updaters

New malware overwrites software updaters

It's the first time researchers have seen the malware overwrite rather than mask itself as an update program
By Jeremy Kirk

For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users.

The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.

BKIS showed screen shots of a variant of the malware that imitates Adobe Reader Version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available.

Users can inadvertently install malware on computers if they open malicious e-mail attachments or visit Web sites that target specific software vulnerabilities. Adobe's products are one of the most targeted by hackers due to their wide installation base.

After this particular kind of malware gets onto a machine, it opens a DHCP (Dynamic Host Configuration Protocol) client, a DNS client, a network share and a port in order to received commands, BKIS said.

Malware that poses as an updater or installer for applications such as Adobe's Acrobat or Flash are nothing new, said Rik Ferguson, senior security adviser for Trend Micro.

Decent security software should detect the malware, but those people who do become infected could be worse off even if the malware is removed, Ferguson said.

"They will lose the auto-updating functionality of whatever software is affected even after the malware is cleaned up," Ferguson said. "That could of course leave them open to exploitation further down the line if critical vulnerabilities don't get patched as a result."

That means that users would need to manually download the software again, which they may be unlikely to do if they don't know the effect of the malware.

Wednesday, March 24, 2010

Free phone service for SMB's

RouterBrick made of servers and network interfaces has total capacity of 80G bps

Lights out on incandescent bulb production at Toshiba

Lights out on incandescent bulb production at Toshiba

The company ends a 120-year manufacturing history of the products
By Martyn Williams

Toshiba ended production of mass-market incandescent light bulbs on Wednesday, putting to a close a 120-year manufacturing history of the products.

The company, which is one of Japan's largest makers of lighting products, had planned to halt production next year but brought up the date by a year. It will now focus on more energy efficient products including LED (light-emitting diode) lights, which contain a handful of white LEDs and draw a fraction of the power of incandescent bulbs.

Incandescent bulbs are inefficient because the vast majority of the power consumed is converted and released as heat and not as light. LED lights are several times more efficient.

Toshiba traces its history in incandescent bulb production back to 1890 and the start of bulb production at Hakunetsu-sha, a company that would eventually merge into Toshiba and was Japan’s first manufacturer of incandescent light bulbs.

Production began at just 10 bulbs a day but peaked in 1973 at 78 million bulbs per year. Last year Toshiba produced 7 million incandescent bulbs versus 14 million compact florescent bulbs. It also began manufacturing LED lights, which at present are largely aimed at commercial users because of their higher price tag.

Incandescent light bulb production at other companies is expected to end in the coming years as regulations come into force banning their sale. Governments around the world are keen to promote the use of more energy-efficient lighting products.

At the forefront of the push has been Australia, which began regulating the sale of incandescent and older florescent lighting products from last year. The government changes are expected to cut greenhouse-gas emissions by 28 million tons over 12 years and save the average household A$50 (US$46) per year.

In the next few years similar regulations will come into force in a handful of countries, including the European Union and the U.S. Most of the restrictions make exceptions for specialist incandescent bulbs for which LED or florescent alternatives are not readily available. Toshiba will also continue small-scale manufacturing of these devices

Conficker may be quiet now but it's still a threat

Conficker may be quiet now but it's still a threat

Readers react to post about how bots are cloud providers to criminals

By Robert Mullins

My recent post on how botnets are operating like cloud providers provoked a lively discussion in the comments section about Conficker but mostly about world geography.

I got on the phone this morning with Rodney Joffe, senior vice president and senior technologist at Neustar, whose presentation at the Cloud Connect conference last week in Silicon Valley was the basis for my post "The biggest cloud on the planet is owned by ... the crooks."

Joffe said the Conficker botnet has spread to 230 "countries" in the world, which alert readers pointed out is more countries than there are on planet Earth. The most reliable number I could come up with was 195 countries from About.com.

On the phone, Joffe explained he took "poetic license" in using the word countries when, he actually should have said top level domains (TLD). There are a total 260 top level domains on the Internet today, 246 of which are "country codes" such as USA, UK, CN for China and the like, while others are generic domains such as .biz, .org, .net and etc. Why are there still more country codes than countries? Well, EU is considered a country code, even though the European Union isn't a country but a group of countries. Hong Kong is part of China but it has its own HK TLD.

Of the total 260 TLDs, Joffe said 230 are infected by Conficker.

The other issue with commentors was the current status of Conficker. I referred to Conficker in the present tense as if it were still active, a point with which some disagreed.

Conficker was fingered just last month as the culprit behind a computer outage at a police department in the United Kingdom.

But besides that Conficker has been largely dormant, but could become active again, said Joffe.

The previous record of Conficker activity dates back to April 2009 when Conficker was "rented," Joffe said, for two weeks to the perpetrators of the Waledac worm to spread spam and a fake pop-up ad for computer virus protection. This speaks to the point he was making in his presentation that a botnet is like a cloud in that other users can rent access to that network of compromised computers.

You'll recall that the Waledac botnet was taken out of action by order of a U.S. District Court judge last month at the request of Microsoft and other technology companies. But the April 2009 event was only the last use of the Conficker botnet "that we know of," Joffe said. And there could have been other activity since that could not be traced to Conficker as that UK attack was. And new computers are still being infected by Conficker "as recently as yesterday."

So while Conficker is believed to be less active today than it used to be, it is still a threat as are other botnets, including ZeuS, Mariposa, Bobax and others. Here's a list of America's 10 most wanted botnets from July 2009, including Conficker at No. 10.

Long Live Your Laptop Battery!

Long Live Your Laptop Battery!

Keep your laptop battery working for years (and for hours between charges).

by Lincoln Spector


Laptop batteries are like people--eventually and inevitably, they die. And like people, they don't obey Moore's Law--You can't expect next year's batteries to last twice as long as this year's. Battery technology may improve a bit over time (after all, there's plenty of financial incentive for better batteries), but, while interesting possibilities may pop up, don't expect major battery breakthroughs in the near future.

Although your battery will eventually die, proper care can put off the inevitable. Here's how to keep your laptop battery working for as long as possible. With luck, it could last until you need to replace that aging notebook (perhaps with a laptop having a longer battery life).

I've also included a few tips on keeping the battery going longer between charges, so you can work longer without AC power.

Don't Run It Down to Empty

Battery settings in Windows 7. (Click for larger image.)
Despite what our screen shows, most laptops probably won't allow you to set the critical battery level at 0 percent--and you shouldn't try.

Squeezing every drop of juice out of a lithium ion battery (the type used in today's laptops) strains and weakens it. Doing this once or twice won't kill the battery, but the cumulative effect of frequently emptying your battery will shorten its lifespan.

(There's actually an exception to this rule--a circumstance where you should run down the battery all the way. I'll get to that later.)

The good news: You probably can't run down the battery, anyway--at least not without going to a lot of trouble to do so. Most modern laptops are designed to shut down before the battery is empty.

In fact, Vista and Windows 7 come with a setting for just this purpose. To see it, click Start, type power, and select Power Options. Click any one of the Change plan settings links, then the Change advanced power settings link. In the resulting dialog box, scroll down to and expand the Battery option. Then expand Critical battery level. The setting will probably be about 5 percent, which is a good place to leave it.

XP has no such native setting, although your laptop may have a vendor-supplied tool that does the same job.

Myth: You should never recharge your battery all the way.

There's considerable controversy on this point, and in researching this article I interviewed experts both for and against. But I've come down on the side of recharging all the way. The advantages of leaving home with a fully-charged battery--you can use your PC longer without AC power--are worth the slight risk of doing damage.

Keep It Cool

Heat breaks down the battery, and reduces its overall life.

When you use your laptop, make sure the vents are unblocked. Never work with the laptop on pillows or cushions. If possible, put it on a raised stand that allows for plenty of airflow.

Also, clean the vents every so often with a can of compressed air. You can buy this for a few dollars at any computer store. Be sure to follow the directions on the can, and do this only when the notebook is off.

Give It a Rest

Removing a battery from a laptop. (Click for larger image.)

If you're going to be working exclusively on AC power for a week or more, remove the battery first.

Otherwise, you'll be wearing out the battery--constantly charging and discharging it--at a time when you don't need to use it at all. You're also heating it up (see "Keep It Cool," above).

You don't want it too empty when you take it out. An unused battery loses power over time, and you don't want all the power to drain away, so remove it when it's at least half-charged.

Never remove the battery while the computer is on, or even in standby or sleep mode; doing so will crash your system and possibly damage your hardware. Even inserting a battery into a running laptop can damage the system. So only remove or reinsert the battery when the laptop is completely off or hibernating.

If you've never removed your laptop's battery and don't know how, check your documentation. (If you don't have it, you can probably find it online.) The instructions generally involve turning the laptop upside-down and holding down a button while you slide out the battery.

Myth: Refrigerate your battery.

Some people recommend you store it in the refrigerator, inside a plastic bag. While you should keep a battery cool, the last thing you want is a wet battery, and condensation is a real danger in the fridge. Instead, store it in a dry place at room temperature. A filing cabinet works fine.

You don't want the battery to go too long without exercise or let it empty out entirely. If you go without the battery for more than two months, put it in the PC and use it for a few hours, then remove it again.

Also, before you take the laptop on the road, reinsert the battery and let it charge for a few hours before unplugging the machine. Allow the battery time to get a full charge before you remove the AC power.

Heal a Sick Battery

Myth: You can rejuvenate a worn-out battery.

This isn't, strictly speaking, the case. You can't make old lithium hold more electrons than it can currently manage.

But if the battery is running out unexpectedly fast, or if your laptop is having trouble figuring out how much power it has left, you might be able to fix the battery's "gas gauge," so it at least gives a more accurate reading.

If you suspect the battery can't tell if it's charged or not, run it through a couple of cycles. Drain it of all its power (yes, this is the exception to the "don't drain the battery" rule mentioned above), recharge it to 100 percent, and then repeat.

But how do you drain the battery when Windows won't let you do just that? Don't bother with the settings described above. They're not safe (you might forget to change them back), they may not be getting an accurate reading, and they quite possibly won't let you set the critical battery level to 0 percent. (If they did, it would crash Windows.)

Instead, unplug your AC power and keep your laptop running (you can work on it if you like) until it automatically hibernates. Then reboot your PC back and go directly to the system setup program.

I can't tell you exactly how to get there; each computer is different. Turn on your PC and look for an onscreen message (one of the first you'll see) that says something like "Press the X key for setup." Immediately press the designated key.

It may take a couple of times to get the timing right. If there isn't enough power to let it boot, plug in AC until you're at the setup program, then unplug it.

Leave the notebook on until it shuts off. This can take some time (45 minutes on my laptop); setup uses a lot less power than Windows.

Once the PC is off, plug in the AC power, then wait a few hours before rebooting to Windows and making sure you've got a full recharge.

Repeat the process once or twice.

With luck and proper care, your battery will still be useful when you're looking for a new laptop.

Longer Life Between Charges

The tips above should lengthen the time before you need to replace your laptop's battery. But on a daily basis, we're far more concerned with another type of battery life: how long we can keep our laptop running without AC power. You may know most of the following tips already, but it never hurts to refresh (or recharge) your memory.

Dim your screen
Your laptop's backlight requires a lot of juice. Keep it as dim as you can comfortably read it.

Shut off unneeded hardware
Turn off your Bluetooth, and if you're not using the Internet, turn off your Wi-Fi receiver, as well. Don't use an external mouse or other device. And muting the PC's sound system not only saves power, it avoids annoying everyone else in the café.

Avoid multitasking
Run as few programs as you can get away with. If possible, stick to the one application (word processor, browser, or whatever) you're currently using, plus your antivirus and firewall in the background.

And if you're not on the Internet, you don't need those two.

Avoid multimedia
Save chores like photo editing and watching old Daily Show videos for when you have AC power. And if you must listen to music, use your iPod (or similar device).

Know when to sleep and when to hibernate

Choose Sleep or Hibernate depending on how long you plan to be  away from the computer. (Click for larger image.)

You need to think about when you want to save power by sending your laptop into Standby or Sleep mode, and when you want to hibernate it.

There's a difference. XP's Standby and Vista and Windows 7's Sleep modes keep your PC on, using some power, but less of it than in normal use. Hibernate saves the PC's state to the hard drive, then shuts it off entirely, so that no power is used.

On the other hand, Windows takes much longer--sometimes minutes--to go into and come out of hibernation. And those are minutes that the battery is draining heavily and you can't work.

XP's Standby mode isn't really all that efficient. If your laptop will be inactive for more than about half an hour, hibernate it. Otherwise, use Standby.

But Vista and Windows 7 do a much better job with their Sleep mode. Don't bother hibernating your PC unless you think you're going to go more than two or three hours without using it.

Myth: Adding RAM saves battery life.

True, more RAM means less hard drive access, and the hard drive uses a lot of electricity. But RAM uses electricity as well, and unless you're doing a lot of multitasking (not a good idea when you're on battery power), more RAM won't reduce hard drive use.

Juiced for more battery life tips? Check out our other battery life tips or post your favorites in the comments!

Tuesday, March 23, 2010

Motivational Moment

Thought for the Day

March 23, 2010

THE MIND GROWS ONLY THROUGH USE, AND IT ATROPHIES THROUGH IDLENESS.

Just as the physical body becomes strong through regular exercise, so does the mind require regular use to remain strong. Make sure that your personal development plan includes plenty of mental stimulation. One of the best ways to develop your imagination and visualization skills is through reading. As you read, your mind translates the words into images that help you better understand the concepts about which you are reading. Become a voracious reader. Read newspapers, trade magazines, self-help books, and novels; all will contribute to your store of knowledge and to your ability to visualize and more effectively use your imagination.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at http://www.naphill.org.

Friday, March 19, 2010

Motivational Moment

Thought for the Day

March 19, 2010

CLARENCE SAUNDERS MADE MILLIONS BY BORROWING THE SELF-HELP CAFETERIA IDEA FOR THE GROCERY BUSINESS AND NAMING IT PIGGLY WIGGLY. IMAGINATION PAYS!

The founder of the Piggly Wiggly grocery chain was a low-level employee in a corner grocery when he visited a cafeteria and got the idea that the same techniques could be applied to the grocery business. He was ridiculed by experts, but he was convinced that the idea was a good one. Saunders persevered, and his adaptation of the self-service idea to the grocery business led him to become the father of the modern supermarket. It is often true that a great idea alone is not enough to achieve success. Implementation may require as much as or more imagination than coming up with the idea originally. Those who study such things, however, report that when you have a really good idea, even if you can’t prove it, you will intuitively know that it is good. If you’re convinced, stick with it. Others will eventually recognize the value of your idea.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at http://www.naphill.org.


Thursday, March 18, 2010

Motivational Moment

Thought for the Day

March 18, 2010

THE MAN WHO DIPPED A CHUNK OF ICE CREAM IN CHOCOLATE AND CALLED IT ESKIMO PIE MADE A FORTUNE FOR THE FIVE SECONDS OF IMAGINATION IT TOOK TO CREATE THE IDEA.

We are just beginning to understand the mysterious ways in which the mind works, but successful people have long known how to use the power of creative vision to their advantage. Many "new" ideas are really nothing more than a new combination of two well-known products or ideas. Nevertheless, great fortunes have been built upon such combinations when they are supported by a clever name and marketing campaign. There is a definite process that you can use to tap into your imagination. In his book A Technique for Producing Ideas, James Webb Young identified five steps: 1. Gather the appropriate information. 2. Work the information over in your mind. 3. Incubate the idea in your subconscious. 4. Recognize the "Eureka!" stage when the idea is born. 5. Shape and develop the idea for practical application. The technique works. Give it a try the next time you’re searching for a creative solution to an old problem.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at http://www.naphill.org.


Wednesday, March 17, 2010

March Information Exchange (IE) Meeting





BDPA Detroit Chapter - Upcoming Event

Event: March Information Exchange (IE) Meeting

General Membership Drive – Corporate “Mix and Mingle”

Shield’s (Restaurant – Bar – Pizzeria)

25101 Telegraph Road, Southfield, MI 4803

Location: 4

Date: Thursday, March 18, 2010

Time: 6:30 – 8:30 PM

Please join BDPA Detroit chapter for the 2010 General Membership Drive!


Why you would absolutely, positively want to be there…….

  • To take advantage of an opportunity to “Mix and Mingle” with BDPA’s Corporate Partners, gain insight as to current opportunities within their organizations, and “best practices” for landing that new position.
  • Join / Renew BDPA Detroit Membership - Learn of the newly revised 2010 Value Proposition for BDPA Detroit membership.
  • To support BDPA Detroit Fundraising efforts with 25% of your Shield’s food purchases being generated for organization operational expenses, while learning more about chapter, our corporate partners in attendance, and having some fun too!

Corporate Partner Invites:

Blue Cross Blue Shield of MI

Compuware

HP

Strategic Staffing Solutions (S3)

Vaco


There is no admission or cost to you for attending. Please join us, have a meal, network, join or renew your BDPA membership and come prepared with your best elevator speech.

Hackers lock Zeus crimeware kit with Windows-like anti-piracy tech

Hackers lock Zeus crimeware kit with Windows-like anti-piracy tech

Ties do-it-yourself botnet software to a single PC using product activation code
By Gregg Keizer

The newest version of Zeus, a do-it-yourself crimeware kit responsible for millions of dollars in losses by consumers and businesses, comes with anti-piracy provisions similar to those used by Microsoft's Windows, a researcher said today.

And that's a good thing.

Like Windows, Zeus 1.3 ties itself to a specific computer using a key code based in part on the machine's hardware configuration, said Kevin Stevens, a security researcher with Atlanta-based SecureWorks, and a co-author of a report on Zeus published last week. "It's just like a Windows license," said Stevens as he explained how the key code is generated.

After launching the Zeus Builder kit -- which sells for between $3,000 and $4,000 in its most basic configuration -- the software generates a hardware ID based on the PC's components as well as other factors, including the operating system's version number, said Stevens. That ID is then forwarded by the criminal customer to the seller of the program, who in turn cranks out a product activation code necessary to begin using the toolkit.

There is one major difference between the product activation practiced by Microsoft and what's used by Zeus, however. Although Microsoft will allow both minor and major changes to the hardware -- the latter may require a phone call to convince a support representative to issue another activation code -- there's no such protection for Zeus buyers. Even a small modification to the PC's hardware can prevent Zeus Builder from running. "You could request another [activation] code from the person who sold it to you, but there's no guarantee you would get one. The seller could say, 'I already have your money, pay for another.'"

The copy protection technology was added for obvious reasons, the same ones Microsoft cites when it explains why it regularly updates Windows Activation Technologies (WAT), better known by its earlier name of Windows Genuine Advantage (WGA). "This was definitely done to keep people from pirating the software," said Stevens, who noted that the previous versions of Zeus had been widely copied, tweaked and sold by others. "There have been a lot of Zeus [kits] hacked up."

Zeus 1.2, for example, only had a copyright disclaimer and a unique ID. If that ID was found on other copies in circulation, the malware seller might threaten to shut off sales to the buyer who had purchased, and likely leaked, the legitimate edition, said Stevens.

"It was a little like controlled pirating," he added. "[Zeus] 1.2.4.2 would come out, and then it would leak for a few months. Then 1.2.7.19 would come out and that would leak around for a couple of months."

The hackers who sell Zeus may have slapped on hardware-based copy protection to protect their investment, but a side effect is good news for computer users, argued Stevens. "I think it is good for us," he said. "It means that these new versions, which are even deadlier, are not being traded like they were before."

Zeus' steep price -- some modules go for as much as $10,000 -- along with its new anti-piracy protections will make it more difficult for amateur hackers to get their hands on the build-a-botnet software. "This is mostly for professional criminals now," said Stevens.

Zeus was first uncovered in late 2007 by SecureWorks researcher Don Jackson, who has been tracking its rise in the crimeware ranks since then. According to Jackson and Stevens, Zeus is probably the malware most used by criminals specializing in financial fraud.

Zeus was also in the news last week when reports surfaced of an ad hoc "takedown" of Troyak, an Internet providers associated with Zeus command-and-control servers. Within hours, however, Troyak had reconnected to the Internet , meaning that the quarter of Zeus' command-and-control systems that had been knocked offline were again able to reconnect with bots and issue new instructions.

The Rise of Free -- and Fake -- Antivirus Software

The Rise of Free -- and Fake -- Antivirus Software

With the tremendous growth in malware. identity theft, and on-line scams, you'd think that every PC owner in the world would make Internet security software a "must have" before connecting to the Internet. Unfortunately, this assumption is dead wrong. Believe it or not, lots of industry research indicates two huge misconceptions still exist:

1. Many users believe that all of the public media about Internet security must mean that things are improving (Author's note: Yes, this seems crazy but this perception is wide spread amongst computer novices).

2. Many users also believe that if they avoid problem sites like pornography and on-line gaming, they will remain safe (Author's note: Also untrue).

Folks like these need a cybersecurity wake-up call ASAP. They also need simple security tools that they can access and install without the need for technical help.

Fortunately there is a bit of good news. Free antivirus software seems to be gaining a foothold, especially in emerging markets around the world. AVG is a freeware leader but others packages like Immunet and PC Tools are also gaining appeal. Finally, Microsoft Security Essentials is now running on about 12 million PCs throughout the world. Microsoft deserves credit here for providing a free security offering strong protection and ease-of-use functionality.

These reputable free AV packages may help bridge the security gap by protecting previously unprotected machines. Unfortunately, the bad guys are outperforming their more altruistic counterparts. Back in late 2008, PandaLabs estimated that 30 million users had fallen victim to fake AV scams and my guess is that the number is up to over 50 million by now. Last year's Conficker worm was purpose-built to push this scam even further.

The bad guys know a good con when they see one. Many of the fake AV programs are "packaged" (i.e. fake ads show fake packaging) to look like McAfee, Symantec/Norton, Trend Micro and others. The names even sound like real Internet Security or mainstream software. Fake names include Vista AV, Security Essentials 2010, Antivirus 360, etc.

Ultimately, fake AV kicks unsuspecting users in the teeth. Instead of buying protection, they are actually buying malware that gets installed on their systems, turns them into zombies, or steals personal information.

To those of us in the IT and cybersecurity industries, these scams are relatively easy to spot but your parents, grand parents, friends, or kids who aren't as tech savvy need to be warned. Let these folks know about the good free offerings from AVG, Immunet, Microsoft, and PC Tools and warn them about the scams.

We need more public education about cybersecurity risks and threats but in lieu of this, lets get viral and spread the word.

Open Source, Preferred by 9 Out of 10 Supercomputers

Open Source, Preferred by 9 Out of 10 Supercomputers

Saw an interesting article today [1] that out of the top 10 supercomputers in the world, 9 of them are running some variant of Linux. On top of this a whopping 85% of the Top 500 supercomputers in the world run some form of the open source OS too.

If you are the type that likes to read the Forbes 400 list and are a tech geek, you may enjoy perusing the Top 500 supercomputer site [2]. Besides listing the top 500 supercomputers, it gives some background and performance information on many of them. Real geeky stuff for sure, but I enjoyed it.

Like the Forbes 400 list, there are lots of Americans on the list. In fact 8 out of the top 10. But again like the Forbes list there is a fair smattering of European, Russians, wealthy Arabs and of course some recent Chinese entries to the list. Do you think there might be a correlation between supercomputers and billionaires?

Anyway, the question could be asked, is this truly a testament to open source in general or Linux in particular? I say right on both counts. In so many ways Linux is the poster child for open source. Not only in terms of the great community and support, but in terms of spawning such commercial success as well. Looking at the Linux variants on the Top 500 list, Novell's Suse Linux is a very popular choice, but Red Hat Linux is represented and of course IBM has quite a few machines on the list.

The top rated machine is called Jaguar and is at the Oak Hill Labs run by the DOE. The DOE has several entries on the list, as does the US DoD. We can only guess what all of these supercomputers are spinning their Tflops on.

If you are old enough to remember a movie called Collossus: The Forbin Project [3] from 1970 (you probably have seen it on Syfy TV), we have certainly come a long way since the gigantic supercomputers that want to rule the world scared us. It would not have been possible without open source and Linux.

Monday, March 15, 2010

Seven Firefox Plug-ins That Improve Online Privacy

Seven Firefox Plug-ins That Improve Online Privacy

By Joseph Guarino, CSO


As strange as it might sound, there are times when I wish for the old days of the Internet circa the early 1990's. The days of Mosaic and Lynx, where there was no Flash, no Javascript and no Java. A simpler time where protecting your privacy and security wasn't as essential as it is today.

Time travel isn't an option for securing my browser. But Firefox gives me it all and then some. The number-two browser (with 32 percent market share), Firefox is a cross platform, standards based, open source browser. It is feature rich and has supernumerary add-ons to extend its functionality. In the spirit of Open Source, its community maintains a focus on security and has a strong record of swiftly patching known vulnerabilities, faster in some cases than most others in the market.

Firefox isn't just a killer app; it's also a pillar of the Internet community. When it comes to security and privacy, the Firefox picture is compelling, with over 600 plug-ins related to privacy and security. Acknowledging the current state of privacy and security, these plug-ins are a welcome addition to any browsing experience.

My goal in this article is to highlight a few of my favorites with the hopes that you too will take advantage of them.

NoScript NoScript is a powerful add-on that blocks and blacklists Javascript, Java, Flash, and other plug-ins by default. It features protections against Cross-Site Scripting (XSS), Flash XSS and clickjacking, to name a few. With most websites relying on these plug-in technologies, you effectively have to whitelist the sites for them to function. Using the NoScript status bar icon, you can whitelist on a temporary basis or add sites to your permanent whitelist. This preemptive script blocking tool is a must for any Firefox user.

BetterPrivacy BetterPrivacy is an add-on that lets you manage LSO-cookies -- or, as they are commonly known, flash cookies. Flash cookies are a newer and more enhanced way of storing information about you and your online activities than traditional cookies. Unlike the traditional Web cookie, flash cookies don't expire and can't be deleted within the browser's interface. Even "delete your recent history" doesn't remove these "super cookies." Adobe currently only provides an online-only website storage panel to manage them, which is hardly user-or-privacy friendly. Thankfully, BetterPrivacy helps us chomp on those pesky cookies, allowing us to manage and remove them.

Adblock Plus Adblock Plus is a simple add-on that gives granular control over page elements such as ads/banners content in your browser experience. Although it does use a region-specific block list, you can configure filters with great flexibility, blocking or allowing content as you see fit. Adblock is a God-send for those of us who don't want a Web littered with poorly targeted ads.

Foxproxy Foxproxy is a feature-rich proxy management add-on. It allows ease and customization in managing your proxy setting. For example, you can add multiple proxies and to define how and when they are used based on URL patterns, wildcards, expressions, etc. Added support for Tor provides some privacy and anonymity. Foxproxy even supports Tor in conjunction with Privoxy, the non-caching Web privacy enhancing proxy offering even greater potential for online privacy and anonymity.

Firebug Although Firebug is technically a Web-development tool, it certainly holds its weight in helping protect our privacy/security. This tool allows us to monitor, debug and edit the content of any website live in any webpage within the browser. We can see all the details on the regarding HTML, CSS, Javascript and related webpage resources in great detail. It does help the more nerdy among us ascertain what's going on under the hood of a website with nicely detailed, color-coded and organized displays. It's helpful in investigating websites that seem slightly fishy.

Torbutton Torbutton is A simple add-on that allows you to configure Firefox to use Tor. For those unfamiliar with Tor, it is a distributed, community run network that provides relative anonymity/privacy to those utilizing it. Torbutton allows for a Firefox user to easily and quickly turn on Tor for some basic anonymity in their Internet activities.

FireGPG FireGPG is an add-on that allows integration with the cross-platform, free software encryption suite GnuPG. (GNU Privacy Guard). GnuPG is an OpenPGP standards-based free software encryption tool that allows you to encrypt and sign your communications. FireGPG allows you to encrypt, decrypt, sign, etc. directly within Firefox. FireGPG also supports direct integration with Gmail, with more webmail applications planned the near future.

Firefox is a great choice for those interested in a feature-rich, stable and secure browser. With the addition of these add-ons it proves to be a powerful tool for protecting your security and privacy. If you're not already a user I encourage you to give it a try. The dedicated nature of the Firefox community promises more innovations to look forward to in the future.

Intel is showing off its new high-end “Gulftown” gaming chip

Intel Previews Six-Core Gulftown PC Processor

Friday, March 12, 2010

ZeuS botnet code keeps getting better… for criminals

ZeuS botnet code keeps getting better… for criminals

$10,000 will buy a ZeuS module that takes complete control of a compromised PC
By Ellen Messmer

New capabilities are strengthening the ZeuS botnet, which criminals use to steal financial credentials and execute unauthorized transactions in online banking, automated clearing house (ACH) networks and payroll systems. The latest version of this cybercrime toolkit, which starts at about $3,000, offers a $10,000 module that can let attackers completely take control of a compromised PC.

Zeus v.1.3.4.x (code changes are always underway by the author and owner, who is believed to be one individual in Eastern Europe) has integrated a powerful remote-control function into the botnet so that the attacker can now "take complete control of the person's PC," says Don Jackson, director of threat intelligence at SecureWorks, which released an in-depth report on ZeuS this week.

This new ZeuS feature, which was picked up from an older public-domain project from AT&T Bell Labs known as "Virtual Network Computing," gives ZeuS the kind of remote-control capability that might be found in a legitimate product like GoToMyPC, Jackson says. SecureWorks calls this a "total presence proxy," and it's so useful to criminals, just this one VNC module for ZeuS costs $10,000.

The Windows-based ZeuS Trojan software, which takes up about 50,000 bytes on a compromised Windows-based computer, is designed to plunder accounts in North American and United Kingdom banking systems via the victim's computer. The criminal might be located a continent away, directing unauthorized transfers of funds to accounts through elaborate command-and-control systems.

ZeuS, around since at least 2007, "was originally a spyware Trojan and it had good marketing" and became popular as botnets of all sorts proliferated, Jackson says.

A group called UpLevel was originally in a partnership working on the ZeuS source code. But today researchers suspect there's only one author of ZeuS, and this individual is now exerting tight control over the current ZeuS 1.3 (and later) versions by instituting a hardware-based copyright-protection mechanism.

SecureWorks researcher Kevin Stevens says the ZeuS hardware-based copyright mechanism is based on a hardware token method, similar to WinLicense, that takes into account a lot of hardware details about a computer before allowing the ZeuS Builder toolkit code to be unlocked by an individual.

Older versions of ZeuS are available for free, but the price for the current ZeuS and its modules, out since the end of last year, is not cheap. In the online criminal underground, fraudsters often pay for crimeware through Western Union or Web Money, according to SecureWorks.

According to a report published by SecureWorks this week, the basic ZeuS Builder kit runs $3,000 to $4,000, with another $1,500 for the "Backconnect" module to connect back to an infected machine to make financial transactions from it. This means banks that try to track money transfers will always trace it back to the computer of the account holder. To hack Windows 7 or Vista computers, criminals will have to ante up an extra $2,000 or be limited to Windows XP systems.

A "Firefox form grabber," costing another $2,000, lets a criminal grab data out of fields that are submitted using the Firefox Web browser, such as usernames and passwords for banks. A "Jabber (IM) chat notifier," costing another $500, will let the attacker get stolen data immediately in order to access the victim's account after the victim logs in using a token provided by the bank to randomly generate numbers. And the VNC module, which allows the attacker to get around any smartcard that's required for large-dollar transactions, is $10,000.

The latest version is also designed to blow through the most current defenses in place regarding two-factor and other authentication in banking systems, and is especially oriented toward facilitating high-dollar transactions of $100,000 or more, Jackson notes.

"Zeus automatically detects top-tier, gold-level targets" associated with online banking services, Jackson says. A signal is given to the botnet controller, and a highly automated transfer can be made into accounts the attacker desires.

There are many stories starting to appear of companies complaining about unauthorized ACH transfers, or fake employees fraudulently added to automated payroll systems, when high-dollar amounts are transferred into accounts where banks either can't or won't retrieve these sums.

Jackson says the latest version of ZeuS gets around most of the advanced online authentication mechanisms used by banks today, with perhaps the exception of a transaction approval process based on at least two people, often randomly selected from a pool of people trained for this purpose, who manually authorize a transfer. "It's an arms race," he says.

The upcoming version of ZeuS, v.1.4, is still in beta but promises yet more deadly features. Its "Web Injects for Firefox" capability, for instance, would let the attacker present a screen on the fly in the Firefox browser in order to elicit more sensitive information during the banking transaction by pretending the bank needs the information. The ZeuS Trojan is also getting polymorphic encryption to re-encrypt itself to appear unique each time, thus making it even more difficult for anti-virus software to detect it.

Motivational Moment

Thought for the Day

March 12, 2010

WHEN THE GOING IS HARDEST, JUST KEEP ON KEEPING ON, AND YOU’LL GET THERE SOONER THAN SOMEONE WHO FINDS THE GOING EASY.

If you think achieving great heights of success will be easy, you either don’t understand at all how the process works or you have your sights set too low. Reaching the top of any field is difficult, time-consuming, and often tedious. The reason it isn’t crowded at the top is that most people won’t do the things that are necessary to achieve success. They are all too willing to give up when the going gets tough. If you need inspiration to persevere, read the biographies of men and women who have achieved greatness in their lives. You will find that they prevailed because they refused to quit. They continued to toil alone long after the masses had given up and gone home.

This positive message is brought to you by the Napoleon Hill Foundation. Visit us at http://www.naphill.org




Thursday, March 11, 2010

Shutdown of Zeus botnet controller has researchers wondering

Shutdown of Zeus botnet controller has researchers wondering

Cisco researchers suspect Russian ISPs de-peered troublesome Troyak ISP that controls Zeus botnets
By Ellen Messmer

The sudden disappearance yesterday of a known command-and-control point for ZeuS botnets had security researchers appreciative — but wondering about the reason for the sudden takedown.

Registered in Kazakhstan but with a network topology that suggests it might actually have been co-located in a facility in Russia or the Ukraine, Troyak dropped from sight yesterday, according to researchers at Cisco. The researchers have been monitoring the Troyak.org command-and-control system, which they believe has been a conduit for about 25% of all ZeuS-related traffic spawned by criminal botnet operations.

The ZeuS software itself has several variants used to compromise computers in order to steal financially-valuable information from victims.

“We don't know exactly why this happened," says Mary Landesman, senior security researcher at ScanSafe, which was recently acquired by Cisco. But she and colleague Henry Stein, Cisco senior security researcher, believe the Troyak shutdown occurred because the Russian ISPs iHome and Oversun-Mercury, as upstream providers, engaged in a “de-peering" action that basically shut off Troyak's access to the Internet. That doesn't mean that ZeuS-infected machines are made free from malware, but that Troyak, at least for the moment, isn't controlling actions on infected machines.

It's not yet known why the Russian upstream ISPs decided to take the actions they did, but presumably it's because they responded to complaints from some source. Then again, the operators of Troyak may simply be on an evasive maneuver to stay ahead of the law.

The shutdown of Troyak, at least for the present, is extremely good news for those trying to keep dangerous botnets from plundering victims around the world, says Landesman. Other recent events, including Microsoft striking a blow at the Waledec botnet and the takedown of the so-called Mariposa botnet , are encouraging signs that cyber-crime activity can be challenged and fought.

Tuesday, March 09, 2010

Hard drive evolution could hit XP

Hard drive evolution could hit XP
By Mark Ward

Hard drives are about to undergo one of the biggest format shifts in 30 years.

By early 2011 all hard drives will use an "advanced format" that changes how they go about saving the data people store on them.

The move to the advanced format will make it easier for hard drive makers to produce bigger drives that use less power and are more reliable.

However, it might mean problems for Windows XP users who swap an old drive for one using the changed format.

Error codes

Since the days of the venerable DOS operating system, the space on a hard drive has been formatted into blocks 512 bytes in size.

The 512 byte sector became standardised thanks to IBM which used it on floppy disks.

While 512 bytes was useful when hard drives were only a few megabytes in size, it makes less sense when drives can hold a terabyte (1000 gigabytes), or more of data.

"The technology has changed but that fundamental building block of formatting has not," said David Burks, a product marketing manager for storage firm Seagate.

This fine resolution on hard drives is causing a problem, he said, because of the wasted space associated with each tiny block.

Each 512 byte sector has a marker showing where it begins and an area dedicated to storing error correction codes. In addition a tiny gap has to be left between each sector. In large drives this wasted space where data cannot be stored can take up a significant proportion of the drive.

Moving to an advanced format of 4K sectors means about eight times less wasted space but will allow drives to devote twice as much space per block to error correction.

"You can get yourself into a corner where you cannot squeeze much more onto the disk," said Steve Perkins, a technical consultant for Western Digital.

This shift also allows manufacturers to make more efficient use of the real estate on a hard drive.

"We can put more data on the disk," he said. "It's about 7-11% more efficient as a format."

Slow down

Through the International Disk Drive Equipment and Materials Association (Idema) all hard drive makers have committed to adopting the 4K advanced format by the end of January 2011.

Hard drive makers have begun an education and awareness campaign to let people know about the advanced format and to warn about the problems it could inflict on users of older operating systems such as Windows XP.

This is because Windows XP was released before the 4K format was decided upon.

"The 512 byte sector assumption is ensconced into a lot of the aspects of computer architecture," said Mr Burks from Seagate.

By contrast, Windows 7, Vista, OS X Tiger, Leopard, Snow Leopard and versions of the Linux kernel released after September 2009 are all 4K aware.

To help Windows XP cope, advanced format drives will be able to pretend they still use sectors 512 bytes in size.

When reading data from a drive this emulation will go unnoticed. However, said Mr Burks, in some situations writing data could hit performance.

In some cases the drive will take two steps to write data rather than one and introduce a delay of about 5 milliseconds.

"All other things being equal you will have a noticeable hard drive reduction in performance," said Mr Burks, adding that, in some circumstances, it could make a drive 10% slower.

In a bid to limit the misalignment, hard drive makers are producing software that ensures 512 sectors line up with 4K ones.

Those most likely to see the performance problems are those building their own computers or swapping out an old drive for one that uses the new format.

Monday, March 08, 2010

Kickin' VAS with OpenVAS!

Kickin' VAS with OpenVAS!

Looking for a scanner to replace Nessus? Look no further

By JimmyRay

Twitter can be used for a bunch of useless, time killing things. Things like what a goober celebrity thinks of grooming a cat with a dog brush or the endless string of folks posting lines to songs. OK, I get it! you like Spandau Ballet (UNFOLLOW). If you follow me on Twitter, I also do my fair share (and then some) of stupid tweets. From my love affair with In N Out Burger and Popeye's Chicken to the ramblings of a sleep deprived, caffeine fueled mind.

The real reason I tweet is so I can share technical info I find doing research or stuff I come across in the field and hopefully glean some back from others. Stuff like cool tools or bugs, etc. Twitter is great for honest real time information. The other day, I got a tweet from one of my favs and highly recommended follow; Charles Wyble (twitter handle:charlesnw) Now ole Charles is a smart Dude even if he disagrees with me on fireworks... He's from SoCal so I cut him some slack. We trade info back and forth all the time. He sent me a tweet and asked if I have tried OpenVAS yet. At first I thought he meant OpenVMS and I thought, ummmm...yeah Dude back in the 90's love that DCL! (I still believe that OpenVMS clustering is some of the best out there)

A quick trip to http://www.openvas.org/ made me start to see why Charles was so jammed on this code base. OpenVAS is a fork of the infamous Nessus project and at one time was called GNessus. Instead of downloading it, I took a short cut and just config'ed it up on my BackTrack4 machine. http://www.backtrack-linux.org/downloads/ I have seen OpenVAS in the BackTrack4 menu options before but I am not to big on noisy scanners. I do more with NMAP Metasploit and W3af but when it comes to a broad noisy assessment, customers (goober managers and bean counters) like the cool print outs that Nessus along with some custom NASL scripts gives me. However with Nessus going to a commercial licensing model folks like me have been using version 2.2 for a loooooooooong time! I can use a replacement for sure. To be honest, I ain't paying for Nessus when I can pay Core Impact.

Come on OpenVAS!!!

OpenVAS is a client-server design, which I like for a vuln scanner. There are 3 mandatory components; Client, Server and Libraries plus two optional modules but you also should install; administrator and management. Remember OpenVAS is a fork of Nessus so some of the stuff you already know carries over. The only real OpenVAS bummer is that is has quite a few dependencies and it is not packaged. Being integrated in BT4 is just what I am looking for to keep out of dependency jail which is equal to discussing politics with your in-laws.

I started config'ing. The documentation for developing on OpenVAS is excellent, getting it up and going is a different animal. Lucky for me there is a great You Tube video on getting OpenVAS up and kicking by a Dude named; H34dcr4b http://www.youtube.com/watch?v=wpVSdXfmAYU plus he has some...other things you may like...

After getting the server started; which can take some time depending upon how many Network Vulnerability Test (NVT) you have. NVT's are kinda like NASL scripts which is very cool since I do not have to learn a new methodology for scripting. NASL sucks enough as it is. I launched the client and connected to the server on port 9390. The GUI interface is very nice, snappy and super easy to use.

I used the client scan assistant tool to run a few test in safe mode. I ran the MS RPC buffer overflow, A bunch of PHP test because I loathe PHP, SPAM and DNS Zone Transfers. OpenVAS passed with flying colors. I am still testing a few other things but I think I have found my new scanner! I am very impressed with OpenVAS and can see why Charles was so pumped up about it. I would highly recommend any security geek type person to give OpenVAS a test drive. It has a strong community behind it and I believe it is going to keep getting better and better.

Now it is time for me Tweet about my breakfast cereal choice this morning and how I like to spell out network terms with my Alpha Bits...I just wish they had a hexadecimal version...

Jimmy Ray Purser

Trivia File Transfer Protocol
The saltiest lake in the world is not the Dead Sea it is actually Lake Asaal in Djibouti. Man, I wish it was in a place I know how to pronounce..

Thursday, March 04, 2010

Smarter Plastic Solar Cell to Solve Energy Crisis?

Smarter Plastic Solar Cell to Solve Energy Crisis? By: R. Colin Johnson
Plastic solar cells are inexpensive, but silicon cells are more efficient. Now Caltech claims the best of both worlds -- a miracle cure for the energy crisis that marries 2 percent silicon to 98 percent cheap plastic.

Silicon is the material of choice for microchips, sensors, solar cells and every other kind of electronics today, save a few high-frequency applications using the even more expensive gallium arsenide. Solar cell manufacturers try to minimize costs by making the silicon wafers they use thinner, but they are still meticulously oven-grown perfect crystalline disks of ultra pure silicon semiconductor.

Schematic diagram of the light-trapping elements used to optimize absorption within a silicon wire solar cell.

Using less-expensive polymers instead of silicon in solar cells is already being done today, but at much lower efficiencies than silicon solar cells. Now, Caltech claims to have married the efficiency of silicon to the low cost of plastic, yielding the best of both worlds. The technique grows a forest of tiny silicon wires atop a plastic substrate. Each silicon wire is just 1 micron in diameter, but as long as 100 microns (0.1 millimeter). Each wire is coated with a nonreflective coating so that light particles (photons) can more easily penetrate them. Almost no light is reflected back, as in normal solar cells. Instead, the light tends to bounce around among the forest of silicon wires until it is absorbed by one. The overall measured quantum efficiency is over 90 percent.

The thinnest traditional silicon solar cells today are about the same overall thickness as Caltech's new material, but costwise it is drastically reduced, since the new material only contains 2 percent as much silicon, the rest being inexpensive polymers. The new material can also be mass-produced using inexpensive roll-to-roll manufacturing techniques instead of expensive semiconductor ovens.

The researchers predict that their technique not only will be less expensive, but Caltech also claims the forest of silicon wires acts like a solar concentrator, converting more photons and a wider range of wavelengths. Silicon solar cells only work well for certain wavelengths of light, and have to be tuned to the reddish hue of sunny skies in California or the bluish hue of overcast skies in Oregon. Caltech, on the other hand, found that its new material could be tuned to absorb 96 percent of the incident sunlight at a single wavelength, plus was wide-band enough to convert 85 percent of the total collectible sunlight across the spectrum.

Also, because the new silicon-wire solar cells are flexible, they can be formed onto the surface of other products to give them photovoltaic capabilities, such as window coverings, roofing and even the outside car body of an electric vehicle.

Caltech's lead researcher on the project is professor Harry Atwater, along with fellow professor Nathan Lewis and doctoral candidate Michael Kelzenberg. Funding is provided by BP, the Energy Frontier Research Center program of the Department of Energy, the National Science Foundation and the Kavli Nanoscience Institute at Caltech.