Security hole found in Google desktop search

Infoworld talks about a security hole that Researchers at Rice University found in Google’s desktop search engine, that could allow third parties to access users’ search result summaries thus providing a sneak peek at part of the content of personal files. Google it seems has already fixed the issue at hand. To check make sure you are running the new version (number 121004, indicating Dec. 10 2004, or later).

To be affected, a user would have to visit a Web site where an attacker has embedded a particular Java applet. The applet makes certain network connections that trick Google Desktop into integrating a users local search results with results from an online search. When users visit the compromised site, the applet reads their local search result summaries and sends them back to the attackers server.

[Listening to: Love in an Elevator – Aerosmith – Pure Rock Moods [UK] (03:35)]

Bush Prepares for Possible Shutdown of GPS Network in National Crisis

MIT Technology Review is running an article that states that U.S. President Bush has ordered plans for temporarily disabling the U.S. network of global positioning satellites during a national crisis to prevent terrorists from using GPS technology. Bush also instructed the Defence Department to develop plans to disable, in certain areas, an enemy’s access to the U.S. navigational satellites and to similar systems operated by others. The European Union is developing a $4.8 billion (euro3.59 billion) program, called Galileo.

Assuming this does happen, does it mean they will “scramble” the signal for the general public and only the US military have it? What are the implications for the rest of the world who rely on this service – especially the essential services in other countries such as Police or an Ambulance getting to a life-saving situation? So, what is next on the line, shutting down the DNS servers so the terrorists cannot send emails across?

I don’t know if I should shake my head or laugh out loud.

Back in Civilization…. and rain

Finally I got the high-speed up and running at home last night – yippee – its good to be back in civilization! This is only 2 mb dsl line – a little slower than the 3.0 megs I had back in the US, but certainly much better than the dial up we were on for the last 2-3 days (and no internet connectivity before that from home)! Well, now you will have the pleasure of more of my meaningless babble – ah the festive season – rejoice *grin*.

[Listening to: Walkintothesun – Dirty Vegas – One (05:21)]

Farce amongst gravity

Lapdeep pointed this one my way. BBC has a very funny report on the Northern Alliance in Afghanistan and how they are coping with the fighting! Hope you enjoy it as much as I did. Before you start reading this story, if you have a serious laughter problem, then please stop!

[Listening to: Don’t Throw It Away! – Dirty Vegas – One (04:19)]

Tracking down managed memory leaks (how to find a GC leak)

At work, recently I attended an excellent presentation given by a colleague where we talked about Debugging in general (across both Managed and Unmanaged code), and what the various categories are, and various tools at ones disposal, etc. I thought this post from Rico on how to find GC leaks was quite timely for that topic.

[Listening to: City of Blinding Lights – U2 – How to Dismantle an Atomic Bomb [Bonus Track] (05:48)]

PInvoke.NET

If you ever thought that PInvoke was a pain in .NET, don’t fret, Adam Nathan has a VS.NET addin that you can get from here after using which you wondered, how the heck did I live without this! He also has a PInvoke.NET wiki for you to use and of course contribute to.

If you rather get to it yourself, then there is an wsdl endpoint exposed and Stripe has written a version that is proxy friendly. If you happen to be a Delphi.NET (strange as that might be) kind of guy or gal, you can get the check out Shenoy’s implementation of this.

After installing the add-in you can right-click in the source code to see the following two menu items:

 

Clicking on the first item opens a dialog allowing you to enter the signature e.g.:

[Listening to: Home Again – Dirty Vegas – One (04:47)]

Microsoft's answer to Google Desktop

Well, you probably have heard of the new MSN Toolbar Suite that is their answer to Google’s desktop search. To install it you need to have IE 5.01 (if you want the popup blocker then IE 5.5+), XP or Win 2000 (with SP4) and Outlook 2000 (or higher) or Outlook Express 6.0 (or higher) if you need to search in emails and half-gig of recommended disk space. Feel free to check out a list of all the features. If you fancy checking it out, then you can download it for free too (its about 4.8 mb). I still have not tried it yet, will give it a spin and upload my findings over the holidays sometime (no time in the short term and no broadband at home). Has anyone else tried it? What have your experiences been?

[Listening to: Home Again – Dirty Vegas – One (04:47)]

Look ma, no OS!

.netcpu Corp, a small startup in Microsoft’s backyard is beginning to ship a tiny, 32-pin chip-like computer module that runs “.NET Embedded”, the same platform developed for use in the SPOT watches. The embedded software stack, called .NET Embedded, (shaded in blue in the architecture diagram below) contains the bootstrap code (to initialise the system on powerup), a Tiny HAL plus device drivers ( to control the underlying system hardware) and a Tiny CLR through which the device is programmed.

The Tiny CLR implements a subset of the .NET clr and occupies under 132kb of memory. It contains enough functionality to be suitable for embedded device applications and is programmable and debugable using Visual Studio.NET (C#). There is also support for all of the things one would expect, like threads, strings, numeric types, date time, fonts, bitmaps, etc. including several domain-specific object libraries for the watch and .netcpu [CPU Module] (VTU, PWM, LCD, I/O, IRQs), etc.”

.NET Embedded also provides a Tiny HAL that implements system-level functions, which interface with the system’s underlying hardware, and a boot-loader. The Tiny HAL takes up less than kb of memory.

The computer module is implemented in the format of a 32-pin “DIP” (dual inline package) chip, allowing the module to conveniently plug into a standard 32-pin DIP socket. In addition to the Ollie SoC, the “.netcpu CPU Module” integrates mb of nonvolatile Flash memory (interfaced via an SPI interface on the SoC). It also provides 24 general purpose digital I/O lines, which are multiplexed with other functions including 8 VTU ports, a USB port, two serial ports, and SPI and I2C interfaces.

But note: “SPOT doesn’t have an OS, just enough ASM/C/C++ to support the TinyCLR”

The .netcpu Corp is also offering a carrier board (pictured below) that provides a 32-pin DIP socket for the CPU module, and routes signals from the CPU module’s 32-pin interface to various connectors that provide easy access for experiments and projects.

More Information: http://tinyurl.com/4jhtp

[Now Playing: The Bourne Supremacy – The Bourne Supremacy – Alexander Platz – 03:35]

Extension Room (Firefox, Mozilla and Thunderbird)

This probably is no surprise to you (it sure was to me), but there is an excellent collection of extensions (@ the time of this post 228) for Firefox (you can also get to Mozilla and Thunderbird). There are various categories and seem quite cool. I have not tried them yet, but am going to install some soon. Also not sure, if these are cross platform or do they depend on a platform basis. Anyways, if you have not heard of Firefox, then which planet have you been living on? If you are back from Saturn, then I would recommend to install it right away and have fun browsing.

Your favourite comics by RSS

Tapestry has a bunch of comics they provide as RSS which contain some of my all time favourites (B.C, Dilbert and Wizard of ID) and wishing they add some more! Irrespective, it is pretty cool and if you want a good laugh in a day, then worth checking out.

Blameless

To some of my friends who recently joined the hen pecked husbands association!

Linksys and common sense

This is pretty idiotic (and funny). Since I recently moved from US to UK, I wanted to buy a adaptor for the 240v (and funny plugs) that are there in the UK for my Linksys router. So I find out their sales number here in the UK and give them a call and say I just want the power adaptor as mine is “broken”. Guess what they tell me? Sorry, can’t have one mate. Huh? What? Seems, like they don’t sell power adaptors, I would either have to buy a new router, or if mine is covered in warranty (which it is), then that would need to be replaced under that. Grrr….

Now, is that funny or what? Don’t you think it would be cheaper for them to sell just the power adaptor instead of just changing the whole thing within warranty! I honestly Now I am scared to call Dell also for the local power adaptor for the laptops.

*SIGH*, I long for the days when common sense is common!

Working ones way up…

And ain’t it true. 🙂

PS – click on the image to see the full size.

Why you shouldn't be using passwords of any kind on your Windows networks

Robert Hensing writes a very interesting and controversial article where he recommends not to use any kind of passwords on a Windows network?

Why you ask? Well because passwords are very easily cracked and worms such as Agobot / Phatbot / Polybot / SDBot / RBot / etc. ship with boat-loads of dictionaries of passwords. Not to mention that either automated or human attackers don’t even need to guess the password as there are many hacking tools that will let a miscreant sniff your network traffic to get the authentication material for the LM, NTLM and Kerberos protocols and then brute-force that material back into a working password. You can try and protect the network with segmentation, encryption (IPSec etc.) and even 802.1x , etc. but really they just workaround with the inherent vulnerability in your network which is – the password.

So what is the solution? Instead of using passwords, you should try and use pass-PHRASES.  What is a pass-phrase? To quote Robert: “Let’s take a look at some of my recent pass-phrases that I’ve used inside Microsoft for my ‘password’ :

  • “If we weren’t all crazy we would go insane“ (Jimmy Buffet rules)
  • “Send the pain below!“ (I like Chevell too)
  • “Mean people suck!“ (it’s true)”

Pass phrases are great because: they meet all password complexity requirements, they are so easy to remember and lastly with the most advanced hardware you are not going to guess / crack / brute-force or pre-compute these passwords in the 70 days or so that they were around (remember you only need the password to survive attack long enough for you to change the password).

So, is that the real solution? What of two-factor authentication – say using a Safe-word token / smart-card in addition top your password (always), is that good enough? What do you think? Also, read up on the original article many interesting comments there.

Google in Punjabi!

Thanks to Rohit for pointing this out, but if you are a Punjabi (and unlike me you are the literate lot and can read it), then you can google in Punjabi. To check it out browse over to http://www.google.com/intl/pa/ and have fun!