Some of you probably read about the vulnerability in Vista that doesn’t just take advantage of any new exploit but rather Vista’s fundamental architecture all together.

Well the way this systematic attack is approached is via an arbitrary browser exploit.  But what if browser exploits were cut off from the main machine?

Meet ZoneAlarm’s new security tool that’s been a bit long in coming in my opinion.  It’s called ForceField (and with good reason).

What the product does is put your browser inside of a virtual environment that’s totally cut off from the underlying OS.  It also cuts off the OS from the browser (helping negate the effects of keystroke loggers and such).

Now earlier they were giving away free CD keys for ForceField and I registered for a copy (1 year subscription).  It doesn’t have Vista 64-bit support unfortunately but it is on my laptop (32-bit Windows XP) and I’d say that it runs rather well.  My laptop is a machine that’s gaining a little age (although it’s far from old) and typically has some trouble running Firefox 3.0 with all my normal extensions.  However even running virtually, it still runs rather fast (negligible performance decreases).

So aside from negating this proposed attack, it can also protect against a wide variety of other problems, and it’s existence (albeit probably inevitable) is certainly welcome.  It will certainly be nice to be even less concerned about visited websites leaving cookies, ads containing exploits, and the like.

Well apparently the new e-passports that were supposedly so good have already been hacked, furthermore with minimal equipment and within an hour.

Kind of ignorant to think about something as simple as that as secure.

The Public Key Directory sounds like a decent way to make it more secure.

Personally my idea is that every e-passport needs more hardware.  Hardware that stores data, preferably in a rotating array like RSA SecurIDs, and would better yet have another mechanism which would never transmit the internal rotating IDs but rather would transmit a hashed ID, which would furthermore be salted with an ID that is unique to the scanning station, so every single scanning station would have a unique salt ID, or better yet a group of salt IDs that change depending on several factors, that would be added to the internal ID upon hashing and would produce the more secure resultant ID.

With how cheap FlashROM is now, it’d be great if they had an updatable internal mechanism for rotating keys for your personal ID (such as updating internal IDs whenever you renew your passport), as well as keeping an internal database of the salt IDs for all the stations so the salt ID wouldn’t have to be transmitted anywhere near as often, thus reducing risk of an attack on the hashing algorithm.

Also, since all of this hardware is going into these things, might as well build in an authentication mechanism so the e-passport doesn’t arbitrarily send out IDs where a differential attack may be observed, similar to how WEP was cracked.

But like I said, this would require a lot more hardware.  However, RFIDs are not really a good idea for important information.  Security, especially like this, needs to be taken seriously in this day and age and even if it’s not "cost effective", then don’t bother giving out a far less secure system that can endanger the privacy and identities of people.

Hackers, despite what you may have heard, have ethics, but apparently a couple of giddy Frenchies though they would be "1337" and sniff a few packets on a line designated as secure at hacker convention Black Hat 2008.  Turns out monitoring traffic when parties involved are not informed is a felony.  What a surprise.  Furthermore surprising is that FBI agents attend Black Hat (I’m being sarcastic, it’s not surprising).

Lest we all forget the NBC "shock" reporter…

Explanation:
Reporters are welcomed at hacker conventions like Black Hat and Defcon, but they are also required to declare themselves as reporters and wear a press badge.  This woman was hiding a camera in her purse and recording the events.  Unsurprisingly she was caught very early in the con.  She was attempting to do a shock piece for NBC Dateline on hackers and federal agents.  Unfortunately, aside from the usual fun of "spot the fed" (where the people try and point out who they think are federal agents in good fun but no real seriousness), this woman would have revealed the identities of many agents and otherwise.  Hence it’s a big deal.

Ok so Adaptive Path’s Aurora concept is very cool

But even so with this cool concept, I can’t help but keep thinking back to Windows Live Search for Windows Mobile.  Windows Mobile is a platform people have really been neglecting and it’s really a highly advanced, and easy to use, mobile OS, which I happen to greatly prefer to the iPhone OS.  More after the break.

Read more

So just 3 more days until the LHC goes online this Thursday (the initial beams get injected on Thursday, the first collisions aren’t scheduled but for another 2-3 months or so).  Currently the whole thing is being frozen to 1.9 Kelvins using liquid Argon.  Can you say really cold?

Anyways the idea is that they’ll be able to recreate the big bang, but (hopefully) on a much smaller scale.  The internet is having a field day because the thing is so powerful it can create micro-black holes as well as other space-time anomalies, and the natural assumption is that we’re all going to die.  This suspicion of impending doom is further exaggerated by CERN (the orchestrating body) publishing reports stating that they "beyond reasonable doubt, heavy-ion experiments at RHIC will not endanger our planet"[src] (Murphy’s Law….) as well as the facility looking like the Black Mesa Research Facility from Half-Life.  More after the break.

Read more

So I was at the pumps today filling up and I noticed the State of Oklahoma Standards testing and noticed a few things interesting.  Just a thought but you can maximize your return by going for the pumps with the closest measurement to being accurate.  Oklahoma has a legal tolerance of +/- 6 cubic inches and I noticed regular was -2, mid-grade was 0′d, and Premium was +2.  Check the pumps next time to get a true maximum return.

Also, I always put in premium once every 5 fill-ups or so to help with engine gunking and carbon buildup.  Your ECU typically will compensate for the higher octane of fuel but most premium gasolines come with cleaners in them to help remove gunk(I use Shell V-power usually) and I seem to get better gas milage on higher octane fuels as well.

Finally, I don’t let my car go bellow 1/4 tank(I did this week but I try not to).  Reason being is the fuel pump.  Think gas is high, how about a $1000 fuel pump replacement job?  Fueling more often doesn’t hurt your gas economy much to the best of my knowledge and it can save you that fuel pump damage due to overheating and burnout.

A lot of people ask me why I stick with Logitech gear when I could be getting Razer and other gaming branded stuff.  Why?  This is why.  I remember having that exact same keyboard and mouse(STILL have them in fact, the MX500 mouse currently serves my laptop) before I stepped up to the Logitech MX5000 combo.

Why do I keep on using Logitech gear?  Because it’s solid, it works, and it’s comfortable.  I mean solid too.  I can recount countless times where I’ve ended a game bashing on my keyboard, both my old and new keyboards have held together like you wouldn’t believe(even though Xbox 360 controllers aren’t up to the task).

They’re always comfortable to me.  I can spend hours on these things without much problem at all.

And best yet, it works.  Ok so the MX5000′s bluetooth stack has a few issues but it’s really pretty rare for me and it’s not much of a problem.

So go ahead and spent that extra money on "gaming" hardware.  Logitech is still going strong and I love their gear.

Don’t like it?  Well…

Everyone should know about the recent investigations against Intel.  Personally, I use Intel processor(I also have a few AMD processors) and I like how Intel has really been spending some money to push in some fresh new blood into the desktop x86 market.  I also like seeing them push some extra competition into the mobile products market(them and nVidia), but has anyone ever ventured to go beyond the major computer players such as Intel and Microsoft and investigate someone who is blatantly conspiring against consumers?

I’m talking about the RIAA and MPAA and the entertainment corporations behind them.  They’re blatantly conspiring together, and they’re definitely out to get "pirates" and they don’t care who or what they step on.

Now maybe they really are loosing a lot of profits.  My sentiments are really, too bad.  I’m not going to pirate music personally but that’s not going to stop several hundred million others.  But really, if they’d get off of their high wagon and do something innovative and fresh, maybe they’d make more profits.

Lets take the consumer laptop/desktop market.  This is obviously a market with razor sharp margins on products.  Yet people like HP(I’m a big HP fan, sorry if you’re not, but I have my reasons) are pumping out some seriously cool stuff(you didn’t think I’d forget the Blackbird would you?).  And they also seem to be making plenty of money in the consumer market.

Remember my previous post on the future of profits for Hollywood?  Well that’s what other companies seem to be well doing.

But back to anti-trust.  Isn’t one inclined to think that these companies need a good dose of reality and need to have some consumer rights forced down their throat(since they’re obviously not interested in doing it themselves)?

Up to you, but as for me, I’m off of their "products" until they see the light, or maybe they never will and I’ll be stuck in the indie world forever(fine by me really).

I recently saw Iron Man, which I thought was quite good (good for technomorons such as myself), but one thing that was blatantly apparent was all the product placement.  From all the Audis in the movie to the Burger King bag…you get the picture.

Well recently I was having a movie-fest celebrating my new Samsung upconverting DVD player which I bought for myself as a gift for being on the Presidential Honor Roll last semester, and I noticed that it’s been in past movies as well.

That got me thinking, with all the piracy going on and Hollywood "loosing money" (they’re still making plenty, just not as much as they did, oh noes!), maybe the product placement is a good thing for us.

Maybe Hollywood will get off of their traditional bandwagon and using product placement and advertisements, we can start seeing movies be much cheaper or even free, such as how Paramount did with Jackass 2.5.

I’m largely a hermit and the ability to check these movies out without having to fight the crowd and getting to see them in glorious HD streaming over the internet seems excellent to me.  Plus the movies being discounted when I DO decide to head out to say Bricktown seems just that much better.

Get to it Hollywood.  Stop suing people and implement better strategies for making money and I’ll stop boycotting you.

Now, if we can only do something about our internet bandwidth…