Dragan on Security

ZoneAlarm by Check Point, firewall, antivirus and antispyware is tool that I use for quite some time on one of my computers. It offered update to new version 7.0.462.000 today. After installation and starting antispyware scan it detected and considered Windows Live Messenger as Trojan with medium risk.  ZoneAlarm recommended that I should “delete this application immediately because it constitutes security and privacy risks, and has no known usefulness”.

Here is screen shot (censored because of privacy reasons):

ZoneAlarm offered options to quarantine, delete or ignore it. After I selected delete it actually deleted Windows Live Messenger!

I reinstalled messenger, scanned again for spyware and same situation repeated. So we can now say that Check Point firmly considers Windows Live Messenger as Trojan. Some people will say: Not to far from truth, isn’t it? :)

Hopefully Check Point and Microsoft will solve this in mutual talks and confirm messenger as safe software.

A recent paper found a flaw in the Windows 2000 random-number generator. Another paper found flaws in the Linux random-number generator. Back in 1996, an early version of SSL was broken because of flaws in its random-number generator.

Bruce Schneier discussed this problem on his blog and said:

Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.

Also there is post “NSA Helps Microsoft and Apple for Better Security” on this blog and it has couple of links that confirm this possibility in some way.

I think we should not. It is easy to cheat. If you want to know how, read bellow.

You are aware of many Internet pools on various Web sites. I can remember days when having poll on you web was one of pillars to increase numbers of visitors. Other pillars were: often update or content change, news, links from others site and, of course most important good ranking at search engines.

Polls are very interesting. How we can know if their results are honest and accurate? Hones voting means that one unique visitor has right for one vote. That is minimal criteria. But what is one visitor? Is it one person, one IP address, one computer, one Web browser, one user with user name and password?

What are usual poll logging methods to provide honest voting? Some of polls don’t log voters at all. But, basically, most of polls use logging by:

• Cookie
• IP address
• Cookie & IP address
• User name

Cookie seems as honest way on first sight. It means one user from one machine and one browser means one vote. If you have two or three browsers installed, you might want to vote 2, 3 or more times. Or simply you can delete cookie and vote as many times as you wish.

How to delete cookie? Not a big deal. You can do it in Firefox very easy. Chose Tools -> Clear Private Data.

And than check Cookies box.

And also in IExplorer - Go to Tools -> Internet options, General Tab and chose Delete in Browsing history section.

What about IP address logging? It is not honest voting system as many networks have one IP address. So it allows one vote. But, very often, behind one single public IP address there is network / organization with many people. However only one person can vote. Contrary, one single IP address doesn’t mean certainly that you can vote just one time. What if you wish to vote more times? You can just use tools that maintain your anonymity on Internet. For example you can use Tor. And with Tor you can vote almost as many as times you want. Number of times is limited by number of Tor servers around globe. Just click on click on Use a New Identity and voila.

You should have in mind that Tor only protects Internet applications that are configured to send their traffic through Tor — it doesn’t magically anonymize all your traffic just because you install it. It is recommended you use Firefox with the Torbutton extension. 

If a poll system uses combination of Cookie & IP address, you can use deletion of cookies in addition to Tor tools and its features. This will help to vote dishonestly.

System with user name and password is pretty honest voting system. Its problems are the same as problems with general user-name / password based security systems and its pitfalls.

If poll doesn’t log votes it is not worth considering. You simple shouldn’t believe its results. You can only consider it as way for site owners to show that they have poll and have lots of visitors who vote. Results are not of any value.

And what we can conclude about Internet polls? In most cases these systems are pretty invaluable. If somebody is interested in to jeopardize voting he can do it with some knowledge. Only voting of value is based on user name / password scheme. But it attracts a very few voters. People generally doesn’t want to be bothered with registration and logging to your Web in order just to vote.

I hope that Google AdSense program have good way of handling this issues. Otherwise it is easy to fake somebody other AdSense clicks and to get his AdSense account closed by Google because of fake clicks. There is post about it on this blog.

And couple words about Tor. What Tor is?

Tor is a software project that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security. Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the Internet’s TCP protocol.

You can download Tor & Privoxy & Vidalia & Torbutton bundle for free here and use it.  But remember:

…then please don’t just install it and go on. You need to change some of your habits, and reconfigure your software! Tor by itself is NOT all you need to maintain your anonymity. There are several major pitfalls to watch out for…

Enjoy polls including ones on my blog. And be carefull with its results.

Belgrade, Serbia - In Sava Center 15th TELFOR (Telecommunication Forum) has been opened today. Organizers are Telecommunications Society - Belgrade, ”Telekom Srbija” A.D., Public PTT Enterprise “Srbija”, ETF - School of EE, University in Belgrade, IEEE Serbia & Montenegro Section and ComSoc Chapter. This event will last 3 days: on the 20th, 21st, and 22nd November 2007.

Telecommunications Forum TELFOR 2007 is organized for the 15th time as a domestic and regional annual meeting of those professionals working in the broad fields of Telecommunications and Information Technologies. The participants are mostly telecommunications engineers, but also the economists, jurists, managers, governmental officials, students, researchers, operators, service providers and others. In this way TELFOR is the forum in which all relevant aspects of Telecommunications and IT are discussed: subjects of technical nature, development policy, regulatory and economics matters, education, equipment production, services and operation of systems.

The work of Telecommunications forum TELFOR is organized through: 

• Plenary sessions with invited papers or lectures, 
• Authors’ sessions from the defined program fields, 
• Undergraduate students’ sessions, 
• Special technical and development presentations of the leading international and domestic telecommunications companies and societies, 
• New books presentations, 
• Seminars and tutorials for young engineers and students, 
• Exhibition of the communications hardware, software, equipment, systems and services, 
• Commercial presentations of the companies and their products, 
• Thematic debates, panel discussions and round ta¬bles on current issues, 
• Social meetings, etc.

You can see more information on conference Web site: 15th Telecommunications Forum TELFOR 2007.

In its article: Hands-On with Windows Vista Service Pack 1, PC World says:

Microsoft’s first service pack for Windows Vista focuses on stability and security.

The first service pack for Microsoft’s Windows Vista operating system won’t arrive until early next year, but judging from our experience with a beta of SP1, the update will be more about stability and security fixes than noticeable performance gains.

It is obvious that Microsoft works hard on security and tries to overcome bad public opinion about Windows family of operating systems. Poll on this blog shows that, at moment, opinion about Windows OS family security is still unsatisfactory even of Microsoft’s big effort to improve and make better. Look at right upper corner and also at Polls archive. You can vote for your favorites in this poll up to end of January 2008.

Windows family is the widest used OS and it is expected that, something what is in common use, will be more exposed to attacks and therefore subject of increased analysis and critics.

It is secure only if no one uses it. :)

From http://www.dilbert.com/comics/dilbert/archive/images/dilbert2007113333116.gif.

And one more with biometric scanner:

From http://www.dilbert.com/comics/dilbert/archive/images/dilbert2007111111117.gif.

Paper Reduction of False Positive Intrusions by using Neural Nets, which I worked on with colleagues, is now available at IEEE Digital Library.

Abstract

The main idea of this paper is to propose a new solution for a Wireless Intrusion Detection Prevention System (WIDPS). The proposed WIDPS has a high degree of autonomy in tracking suspicious activity and detecting positive intrusions. Our focus was the reduction of detected false positive intrusion by implementing adaptive self-learning neural net in the system. Once it is fully developed and tested, this WIDPS would enable real-time response against threats, even to zero-day attacks.

Remark: Subscription to IEEE Digital Library required to download full paper in PDF format.

Symantec created an online FPS (first person shooter) game where you play a hero that roams around with his goggles and an anti-infection gun. This is definitely an interesting concept of game: Symantec - Endpoint Protection Game.

After registering on the Symantec Endpoint Game web site (you will need a valid e-mail address), you can login and start playing. For starting the game you will need Unity Web Player that enables you to view 3D content created on Unity platform directly in your browser.

The Symantec Endpoint Protection Game is a 3-D style, first person shooter game in which the player’s goal is to eliminate all threats and restore the network to full capacity through the power of Symantec’s Endpoint Protection.

Eligibility is limited to persons who are employed by companies with more than 500 employees as of the Contest start date, who are members of a team comprised of at least one but no more than five players who obtain the highest cumulative team score within the designated timeframe (such cumulative team score calculated by adding together the scores of the individual Players on that team).  Individuals may participate on more than one team.

This contest began on September 27, 2007 12:00 p.m. (PT) and ends at 11:59 p.m. (PT) on November 27, 2007. If you want to participate, hurry up and good luck!

You think it’s impossible? Try it here. You could be very surprised.

This is good and interesting “joke” that I had put on my Web site couple of years ago. I almost forgot it, until I’ve seen suddenly, these days, that number of visits to my site has been increased significantly. Looked to Google analytics and found out that popularity of page Virtual Mind Reader is increasing. Some forums and blogs put link to this page and many people obviously wanted to check if computer can read their minds. And they learned that computers can even over Internet and long distance. :)

Anyway, you might know what mathematical background of virtual mind reader is, but I will not disclose it here. I just want you to think a little bit about it and find explanation.

Have a fun!

P.S. Thanks to all of you who linked me on your blogs, forums and web sites.