Geek Bazaar

Today I introduced myself, to my own feelings!

Finally, yesterday evening I’ve seen Anathema live. By surprise last Tuesday I was talking to a friend and found out that Anathema will be playing live in Limassol, Cyprus. It was a very good concert, they played well live and played tracks from Serenades, The Silent Enigma, Eternity, Alternative 4, Judgement and A Natural disaster, 2 and a half hours concert. Since it was a small club (with just around 300 people) it was possible to meet the guys personally after the concert and have a chat. None of them offered a beer though (not like Septic Flesh) even if I have all their cd’s Just thought of uploading some pictures

Vincent live (Robert the artistic photo )
Danny (the guitarist) the emotional
Female Vocalist
Anathema Live

Darkreading has an article on Malware-Driven Child Porn.  While child porn is definitely bad, and anyone doing it should be punished - there is no question about that - it is not as simple as many people make it to be. Being in possession of child porn does not (and should not) mean that you’re doing it. There are so many ways that child porn can end up on one’s computer. The article mentions malware, but simply browsing to some websites might be enough to cache such content - and the websites need not have visible child porn.

The person featured in the article lost his job and his family as a result of this malware infection. How many victims will it take until the witch hunt is over?

This is crap. The shirt is nice.. the people at the airport, not so nice

Desktop 3D printers would be sweet

If you are a security professional, it is about time that you start telling your bosses about the dangers of leaving teapots (and other shiny objects) lying around the office. Three students at the University of Saarland have released a paper detailing these attacks. El Reg coverage here.

Drawing taken from Natalie Dee. Funky doodles btw

SecurityFocus has an interesting article about SoBe, a juvenile who operated a botnet together with some others.

here

Was checking out one of the latest advisories released by CoreLabs about Wonderware Suitelink DoS attack. This software:

“one third of the world’s plants run Wonderware software solutions. Having sold more than 500,000 software licenses in over 100,000 plants worldwide, Wonderware has customers in virtually every global industry - including Oil & Gas, Food & Beverage, Utilities, Pharmaceuticals, Electronics, Metals, Automotive and more”.

Some funny scary parts of this advisory:

• 2008-03-03: Core sends proof-of-concept code written in Python.
• 2008-03-05: Vendor asks for compiler tools required to use the PoC code.
• 2008-03-05: Core sends a link to http://www.python.org where a Python interpreter can be downloaded.

If you carry on looking at the advisory you’ll notice that the CoreLabs guys had quite a tough time on this one. Bet the tobacco and caffeine industries made quite a buck out of this as usual

This morning I woke up to go straight to the bank.

A few hours before I’d made use of an ATM that dispensed the right amount of money for me, but while I was fixing my credit cards, the money was absorbed by this greedy ATM again. I made another transaction because I still needed my 50 euros. So 2 transactions in a few minutes. However that is not what my statement said when I checked it out on the online banking service. To my surprise I noticed that there were 4 transactions during that time. A -50 EUR, a +50 EUR (i suppose this is when it ate my money), and a double -50 EUR. So I ended up with 100 euros less in my account instead of 50. Not good.

So I went to the bank and explained the situation to them, they acknowledged this and told me that I should have the money back over the weekend.

Did you come across any other ATM glitches?

If you read the original “Security Engineering” by Ross Anderson, then you’ll probably be pleased to know that an update is due to be released soon. Check out this interview.

The obligatory Amazon link.

ps. its weird that amazon says that it will be released on the 14th apr 2008 while they claim that they have it in stock. guess they’re mixing up the old version with the new one

Just as an update to my previous post HSBC, the world’s local secure bank after several emails I got contacted from the HSBC IT department group via phone.

First they asked me what is happening exactly to try and reproduce the issue themselves and they were surprised that such issue was being reproduces using Internet Explorer and XP, as XP is fully complaint but Vista is not, so they expect clients using Vista to have problems (another “latest” software not supported???).

When I asked them why they do not support the latest Internet Explorer, when they promote to users that they should always have the latest software and patches installed, they replied “As you might know yourself since you work in the software industry, new software and patches are being released every day and it is impossible to keep up with everything”. For God’s sake, you’re 1 and a half year late, as IE7 was released in Q4 of 2006. Even if it was released a couple of months ago, I do not think “it is impossible to keep up with everything” is not a valid excuse, I mean I do not care what is impossible or not, if you are offering a service to your clients, give them a decent service at least, especially when it is all about the clients’ money!!

Well, not worth hassling about it, it won’t take me anywhere. Just out of curiousity I asked them a question “Why don’t you support Opera as well?”, the answer was very clear (hope they were just fooling around and it wasn’t an honest answer) “Well, Opera runs on Linux and we do not support Linux”. Ok.. just FYI mate, Opera Download for Windows.

Enjoy e-banking with HSBC pals

HSBC E-banking is cool and fast. You receive emails every day from banking companies not to trust spam emails, that people from banks won’t ask for passwords over e-mail (hope not even over the phone). Well, HSBC e-banking supports only LATEST Firefox and Internet Explorer, for SECURITY REASONS (as they say). I had a problem transacting some Euros at 1 go between 2 accounts I have. I sent an email to HSBC help desk and I got a sweet reply:

HSBC helpdesk
Dear Mr X

Kindly note that problem is related to your browser since you are using IE7. The last version is not supported by us.

You are kindly request to use IE 6 or else Firefox.

Internet Explorer 7 was released in Q4 of 2006 and security wise “should be” much better. It’s about time HSBC keeps up to date with these things!

USENIX put up all online conference proceedings for free here.

And if you want to see some upcoming conferences of interest, then this site looks particularly useful.

The Navy’s way of saying “we can shoot things in space”

Via Infosthetics

all else is the work of man. More about the relationship between God and Math at TheStar. Did you know that Pythagoras was a cult leader?

Why? Here’s 4 things that prove this:

• Contact lenses will have circuits which can be used for augmented reality and other funky sci-fi stuff
• National Intelligence is ready to sacrifice anything to make us feel more secure but not really be more secure. See Bruce’s article.
  
• Hackers are taking over your power station!
• People are running around the house with gay looking guns

Got more?

We just got a new server and we’ve run out of muppet names to name it, so this afternoon we had a very entertaining discussion on what class of objects we’re going to name the servers next. The ideas:-

• animals
• mytological creatures
• countries / cities
• music composers (most of them are too long)
• greek gods (too common)
• names of flowers (not very masculine)
• names of beautiful women (too masculine + how would it sound if you say “what’s in Pamela?”)
• characters from whinny the poo (in the hope that someday we’ll have to name a server poo)
• numbers (1, 2, 3) (the reply to this suggestion was “do you call your children, child 1, child 2 …?”, to which the other countered, “since when have the servers become your children?”)

At the end we decided to go for countries and cities … and the server was baptised Bangkok.

What do you name your servers after?