Yahoo! 360° News | Beta Feedback
Start your own Yahoo! 360° page
Home|My Page|My Blog|My Friends|Mailbox|Invite|Search|Settings

Sandy

Top Page  |  Blog  |  Feeds  |  Friends  |  Lists

  • Work: Microsoft
  • School: GBPEC

Add

Sandy is not connected to you in Yahoo! 360°.

Last updated Tue Jul 04, 2006 Member since April 2005

Click Me for MySpace--> Click here Reply

1 - 5 of 24 First | < Prev | Next > | Last

Sandy's Blog Full Post View | List View

This is for my personal use

Entry for August 06, 2007
I dont update this blog often so check out this one which I use to update more frequently.
http://deadlydevil.blogspot.com/

Monday August 6, 2007 - 01:07pm (PDT) Permanent Link | 0 Comments
Dhoomricated
Dhoomricated : This word means "Filled with Smoke"
Origin - Hindi word Dhoomra(Smoke)
Tuesday April 11, 2006 - 10:49am (PDT) Permanent Link | 0 Comments
How Internet worm caught child porn

Email worms aren't always as harmful as generally thought.

The Sober Y Internet worm forced a 20-year-old German man to surrender before police for owning child pornography.

The man had received a copy of a mass email worm which warned that he was being investigated. The messages had a subject line in German that stated, "Preliminary investigation commenced".

And it went on to say that, "The downloading of movies, software and mp3s is illegal and therefore punishable. We can hereby inform you that your computer and IP address have been confiscated. The contents of your computer have been seized as evidence and a preliminary investigation will be launched. In the coming days, you will receive a written statement informing you of the charges and your options to file a statement."

The email was signed by the German Federal Bureau of Criminal Investigations and landed in the mail box with an attachment containing the Sober Y virus.

The message prompted the man to confess before the police that he owned pornographic pictures of children. He turned himself up at a police station in the city of Paderborn in Germany on Thursday, a local police press release claimed.

According to the release, an investigation showed that the man had sent images by email and stored images on his hard drive.

Sober Y worm spreads itself using several email messages.

Security firm F-Secure recently had issued a Radar Level 1 alert, which is the highest, on a new variant of the Sober internet worm being sent as an email attachment.

F-Secure had said that the worm seemed to be very successful in spreading partly because the messages contained bogus warnings from the FBI, the CIA or the German Bundeskriminalamt.

Wednesday December 21, 2005 - 01:07am (PST) Permanent Link | 0 Comments
Entry for December 09, 2005
Technorati Profile
Friday December 9, 2005 - 02:41am (PST) Permanent Link | 0 Comments
OSS means slower patches
Excerpt from a news paper article.
 Link : http://australianit.news.com.au/articles/0,7204,16650762^15306^^nbv^,00.html From full-disclosure mailing list
 The obvious criticism: "The Mozilla family of browsers had the highest number of vulnerabilities during the first six months of 2005, with 25," the Symantec report says. "Eighteen of these, or 72 per cent, were rated as high severity. Microsoft Internet Explorer had 13 vendor confirmed vulnerabilities, of which eight, or 62 per cent, were considered high severity." Microsoft IE had at least 19 vulnerabilities from 2005-01-01 to 2005-06-30. Why does Symantec make the distinction of "X vulnerabilities in Mozilla" vs "MSIE had X *vendor confirmed vulnerabilities*"? This all to conveniently allows the silently patched vulnerabilities to slip through the cracks of our statistics. Does Mozilla's honesty in acknowledging vulnerabilities come back to bite them in the ass? Mozilla browsers had more than 25, but are 72 per cent really "high severity"? Download information spoofing x2, File extension spoofing, URL restriction bypass, DoS x2, redirect spoofing, XSS, link status bar spoofing, Dialog overlapping, URL Wrap Obfuscation.. are all of these really "high severity"? Is that theoretical, practical, or hype? Now, the media/symantec driven propoganda (for lack of better word?): THE growing popularity of open-source browsers and software may be responsible for the increasing gap between the exposure of a vulnerability and the provision of patch to fix it, security software vendor Symantec has said. Mr Sykes said the increasing popularity of open source software, such as the Mozilla Foundation's Firefox browser, could be part of the reason for the increase in the gap between vulnerability and patch, with the open source development model itself part of the problem. "It is relying on the goodwill and best efforts of many people, and that doesn't have the same commercial imperative," he said. "I'm sure that is part of what is causing the blow-out in the patch window." The growth in Firefox vulnerability reports coincides with its increasing popularity with users. "It is very clear that Firefox is gaining acceptance and I would therefore expect to see it targeted," Mr Sykes said. "People don't attack browsers and systems per se, they attack the people that use them," he said. "As soon as large banks started using Linux, Linux vulnerabilities started to get exploited." The premise of this article is open source software is to blame for longer vendor response times. In laymen's terms, blame vendors like Mozilla for having vulnerabilities patched slower? Err, compared to what? This shallow article doesn't even qualify that statement! Slower than previous vulnerabilities? Slower than non open source? Given the article directly compares Mozilla browsers to Microsoft IE, it is trivial to assume the claim is made in relation to closed source vendors such as Microsoft. So then what .. 30 days "blown out" to 54 days is some huge time gap compared to Microsoft IE patches? What clueless *moron* really believes this crap they are shovelling? Is it Symantec or Chris Jenkins or Australian IT? Given that Symantec won't even quote previous statistics: "Symantec had not published previously statistics on the average time required to produce patches, but Mr Sykes said data showed the lag had previously been about 30 days." Given that Jenkins/AusIT/Symantec won't give us any statistics (even questionable ones) regarding MSIE patches, we're supposed to take this at face value? It is *well documented* that Microsoft takes well over 30 days to patch vulnerabilities. It is also becoming crystal clear that Microsoft is hiding behind their "30 day patch cycle" to imply that is the longest they go before patching a vulnerability, when it simply is not the case. Taking a look at a *single vendor* [1] and their experience with reporting vulnerabilities to Microsoft, we see that they give MS a 60 day window to patch vulnerabilities, and are consistantly overdue. As of this mail, the worse is *ONLY* 114 days past due (we've seen it closer to 250 days before). So again, where are these implications coming from? Where does this statement/conclusion/observation that "OSS causes slower patches" come from exactly?"

link:
 BlogSpot
 Yahoo! 360
BlogoMonster
Tuesday September 20, 2005 - 01:11am (PDT) Permanent Link | 0 Comments

Add Sandy's Blog to your personalized My Yahoo! page:

Add to My Yahoo!RSS About My Yahoo! & RSS
1 - 5 of 24 First | < Prev | Next > | Last

HIGHLIGHTED POSTS