What I Know

Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device’s power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That’s why they’re presenting a paper at the Design, Automation and Test conference this week in Europe, and that’s why — until RSA hopefully fixes the flaw — you should keep a close eye on your server room’s power supply.

via: Engadget.com

The fastest brwoser on earth for windows platform has been released & you can download it from here.

Just a reminder of what’s new in this release:
1- New Look
2- HTML 5 + CSS 3 support
3- Private browsing
4- Superfast JavaScript engine
5- Smother graphic rendering
6- Privet browsing
7- Fully integrated with windows 7 superbar

Yesterday, Opera team released Opera 10.5 beta 2

no major changes only bug fixes as far as i can see

if anyone interested in detailed change log it can be found here.

Click here to download

Benchmark Results by Betanews

Opera team released a new version of my favorite browser opera (Opera 10.5 beta 1). I really love the new GUI it’s  simple and beautiful. Yes, there is some similarity between the look & feel of opera 10.5 and Google chrome but to me opera looks more elegant.

The benchmarks that i saw today says that Opera 10.5 beta 1  is the fastest browser it’s even faster than chrome v5 dev version. here is a short list of what’s new in Opera 10.5 beta 1

1- Redesigned interface (much better than opera 10.1)
2- HTML 5 + CSS 3 support
3- Private browsing
4- Much Much faster JavaScript engine
5- Smother graphic rendering

You can download it and try it from here ( http://www.opera.com/browser/next/) just rememeber it’s a beta version so don’t expect it to be bug free. Currently, Opera 10.5 beta 1 only available for windows platform.

Side Note: Sorry for the podcast delay i’m really really sorry but i’m busy with projects that I’m comittieted to deliver on time so it’s taking all my time for now the minute I have a space to breath I promise you that I will release the first episode of whatiknow podcast . Thank you for your understanding.

A video is worth a million words

These days, the word “hybrid” gets tossed around like a rag doll. We’ve got hybrid cars, hybrid SLI and hybrid image stabilization — and that’s just for starters. But friends, this hybrid is one worth paying attention to. DFI has been working overtime in order to concoct the next great mainboard, and if this thing can really deliver as advertised, we’d say the gurus responsible for it will succeed greatly. The Hybrid P45-ION-T2A2 motherboard can actually house a complete Atom / Ion-based system on one side, while handling a traditional Socket 775 CPU system on the other. In other words, this single motherboard can power — let’s say — a low-power server system and your next gaming setup. At the same time! We’re still waiting on a firm release date and price, but ’til then, hop on past the break for a swell demonstration vid.

Source: Engadget.com

Snow Leopard lacks security features that are built in to Windows XP, Windows Vista and Windows 7, a noted Mac researcher has said. Dubbed ASLR, for address space layout randomization, the technology randomly assigns data to memory to make it tougher for attackers to determine the location of critical operating system functions, and thus make it harder for them to craft reliable exploits.

“Apple didn’t change anything,” said Charlie Miller, of Baltimore-based Independent Security Evaluators, the co-author of The Mac Hacker’s Handbook, and winner of two consecutive “Pwn2own” hacker contests. “It’s the exact same ASLR as in Leopard, which means it’s not very good.”

Interesting news isn’t it you can continue reading @ the source here

Hi and سلام to All

In this post, the use of the male ‘him/he‘ is used for easy reading and can be replaced by ‘her/she‘ depending on who is reading the post. For the ladies out there, I make a profuse apology.

I have been asked by reader to give examples of situations I have been in that have or may have impacted upon my ethics.

I must comment here that not all of you will have experienced all of them but I am sure you have experienced at least one.

The first example goes back to my time in the military where I was a corporal; I was in charge of a platoon and was responsible for their health and well being as well as their discipline. During an inspection by the commanding officer, he noted that the one toilet bowl was a bit ‘grey’. I checked it and the bowl was stained but not dirty, so, the toilet bowl would never be ‘white’. I informed him about this to which our Lieutenant took exception to. After the inspection was over, the commanding officer said that it was good and to continue. The Lieutenant on the other hand, must have thought it had cost him his name ‘good’ versus ‘excellent’. He told me to punish the platoon by taking them for a forced march (20 Kms) and to drill them for at least 2 hours after the march. I disagreed with him and told him so, I even refused to do it and ended up in front of the commanding officer who stated; ‘Ferreiro you are an un-commissioned officer who will take orders from officers and carry them out EVEN if you do not agree with them.’ I again refused to do it and asked for a transfer to another unit (32 Battalion) which was approved. I left the unit 3 days later. I actually saw the Lieutenant a few years later to his surprise when I was a sergeant, he lost this time as we were working with mature soldiers aged 25 and up which you treat differently to soldiers who are 16 thru 18 years. He tried the same stunt, telling his platoon sergeant to punish the platoon, again the sergeant refused and took it to the Regimental Sergeant Major who agreed with him, the end result is that the officer ended up doing a lot of extra duties to teach him about leadership. I do not believe to this day that he did.

The second example skips a few years ahead when I worked for a supplier. I was responsible for a security tool called ESM from Axent Technologies (who were later bought by Symantec). We were tasked by the client to perform a comparison test between 3 products which measured baseline security compliance to a standard, these being; Axent, Computer Associates and Digital. In the review following a testing methodology, it was found that the CA product was not up to scratch and may meet 30% of the client’s requirement. The Axent and Digital products were very much the same mainly due them both being created by Raxco which developed tools for VAX VMS. Both products would meet at least 90% of the client’s requirement. The sales person who was responsible for the account, told me to bias the report to show that the Axent product was better. In doing so, he could make the sale. I disagreed and he went to the MD who also told me to do it. Again I refused and told them I would give them the report and that they could change it to suit their requirements. Needless to say, the client had actually expected me to bias the report and when they received the report were pleasantly surprised that it was not. The MD had chosen not to change the report as his name would have had to be put on the report. We got the sale as the opposition were tasked to do the same investigation and they biased their reports. We received other work from the client and the company made money. I resigned from the company and cited the experience as one of the reasons. The MD promised me that it would not occur again, but once bitten twice shy.

The third example skips a few years ahead to when I was a manager at a big company. The company made a great deal of money so I thought they would have a feeling of better responsibility for compliance. In this instance, I found that some people are motivated only by money and not what is ‘right’. ‘Right’ in this sense being the fact that you do not contravene laws such as Intellectual Property and Copyright or report back to management about instances that are cannot be proved. In this case, I was told not to answer a vendor’s request for licensing information on their product. Along the same lines, I was told not to tell management about a report that I compiled showing the serious lack of licence management and the associated cost to ensure licence compliance. I was also told by management that I was to do an investigation into an employee to prove that they had done ‘something’ wrong. After doing all the checks and verifying the balances, it actually identified that the manager’s ‘friend’ had planted the evidence against the employee. When I reported this with facts and figures, the manager told me that I must have been wrong and that his ‘friend’ would not do anything of the sort even thought the evidence showed differently. I was moved to another division so had nothing else to do with the manager again other than to audit his operations and raise comments and associated risks. I have since left the company after understanding that even in a large company ‘ethics’ is based on how much money ends up in your back pocket. I have since heard that the company is under investigation by the Business Software Alliance (BSA) and that they face legal litigation both civil and criminal.

The last comes from a project that I was involved in where the client was informed that the contractors knew what they required and to accept the deliverables. When prompted by the lead consultant and myself about best practices and frameworks such as 27001, eTOM, COBIT and TOGAF we were told to keep quiet and do the work which we were tasked to deliver. When asked to design a solution which following all practices requires the client’s input, we were told to ‘just deliver’ and not to trust the client. Again, this is against all principles of client engagements for each of the multi-nationals involved in the project with perhaps one not even having one. The lead consultant was removed from the project for I quote ‘bringing the consortium into disrepute’. In a later meeting, I was informed that the solution must meet the client’s requirements of a 360 degree Information Security view. When I prompted the consortium of what was required to deliver this, I was told by the multi-national that this could be discussed and that they would ‘HACK’ their product to deliver a 360 degree view even though it was not able to do it. I have since left the project.

There are many other examples that I could use but I believe that highlight what I have been saying in my posts.

Cheers and Wa Alaikum As-Salam until next time,

Enjoy the rest of the week and may you and yours travel safely.

Go Get it, What You Waiting For   

I already activated my desktop, laptop & netbook copies