Iconic Hackers and Security Gurus convene in Kuala Lumpur. HITBSECConf2007

I am going to visit this conference. Looks very intresting. In life it's not only what you know that is important, but also who you know… and how you know them.

 

As read on Openpress :

Iconic Hackers and Security Gurus Convene in Kuala Lumpur

http://www.theopenpress.com/index.php?a=press&id=19537

 

Hack In The Box and MAKNA to Organise Charity Movie Screenings

http://www.theopenpress.com/index.php?a=press&id=20654

 

WabiSabiLabi Exclusive at HITBSecConf2007

http://www.theopenpress.com/index.php?a=press&id=22282

 

Related :

 

http://www.hackinthebox.org

http://forum.hackinthebox.org

http://conference.hackinthebox.org

http://training.hackinthebox.org

http://photos.hackinthebox.org

http://video.hackinthebox.org

Chris Pirillo sees 10 skype mac os x problems.

Chris P. sees some skype problems for skype running on mac osx.

http://chris.pirillo.com/2007/08/20/top-10-skype-problems-for-os-x/

Hack in the box conference in Malaysia, Kuala Lumpur.

I was just reminded by Dhillon Andrew Kannabhiran [Founder/Chief Executive Officer of Hack in The Box (M) Sdn. Bhd.

] of these great conferences on IT-security in Malaysia. Certainly something NOT to miss out on. It happens in Kuala Lumpur / Malaysia. The conference is on 5th and 6th. There will be internet access in the conference rooms and all surrounding areas.

 

See more on the upcoming conferences at http://conference.hackinthebox.org. I will be attending it and writing on it. I am looking forward to hear something about VoIP security. I do hope to hear something about Skype also.

 

http://conference.hackinthebox.org/hitbsecconf2007kl/

 

Related links :

http://www.hackinthebox.org

http://forum.hackinthebox.org

http://training.hackinthebox.org

http://photos.hackinthebox.org

http://video.hackinthebox.org

Iphone hack

Gearlog reports that the iPhone got Hacked, Unlocked: Part 2, and...3? and then ran down the 17-year-old New Jersey hacker's steps over at Gearlog.

Messaging Compliance and how to control instant messaging anyways…

Read the below and then imagine you want to threat Instant messaging like e-mail. How to keep things safe and managed. It's a hell of a job… Messaging Compliance Keeps an Eye on the Exits

" The fields of information security and its cousin, compliance, are facing a growing challenge: Their tasks are rising in complexity as new applications and devices are added, while penalties for not adequately protecting data grow more draconian. This area is moving beyond highly regulated sectors to companies interested in acting ethically and proactively protecting their reputations."

 

:: INSIGHTS FROM AROUND THE WEB :: Perimeter Security + Endpoint Security = Network Security :: CPILive.net Study Finds Federal Data Security Still Lacking :: Network World Data Breaches Occurring at an Alarming Rate :: Ars Technica Companies Look to Software to Prevent Data Leakage :: Sci-Tech Today How the Department of Justice Mitigates Risk :: CSOonline.com

Source : www.itbusinessedge.com

Related : Instant Messaging Control.

Jan’s computerized room.

My new computer room All cleaned up. It was necessary.

When you click on the picture you will fly directly to Malaysia and find our place on google earth via a KMZ-location file.

In the middle my Samsung 32 inch screen linked to a DVI-videocard. Basically it's 2 computers linked to the VGA, HDMI (via DVI convertor plug) cable to this screen. All Windows XP Pro – based. Soon I' will add some linux to mix.

It's best also to keep certain functions separated and not put everything on one PC.

I have split them up like this :

• Laptop for communications purposes (skype and email)
• Desktop for things that don't like computer that change too much
• Media Station with movies, music, pictures, videos

Keeping things simple. Still complicated but doable.

Very interesting to see what you can do with all this kind of hardware once you link the media content via mediaserver to TV and all that..

After the big Skype hardware cleanup...

Somebody I know states "everything comes in waves". I think it's right. It also counts for my adventures with www.skype-gadgets.com and www.skype-watch.com. At first I was baffled by the fact that you could make a global free phone-call (all this started about two years) ago. Then I started to collect some samples to test what this technology could really do. The amount of boxes produced by x,y,z manufacturing companies (mostly running their production in china and taiwan) was simply overwhelming.

So after a year of testing this and that, I let it all sink it and now the cheese has matured. Here is what I still use today.

Ipevo Trio Usb speakerphone.
Ipevo Xing box for small conferences.
USR Mini Camera for Skype
Plantronics Voyager Bluetooth 500 headset for the laptop (ideal for travellers)
Plantronics CS60 Headset for the desktop (long inhouse range)
Belkin Skype Phone for travel and free long distance call (no computer and cables allowed there)
- brandname for whom I don't provide free publicity - Skype Phone on my desk too
Dualphone with Skype built in livingroom somewhere.

That's what I still use. And there are much more gadgets that I don't use at all. I have been looking around if somebody made something interesting and refreshing, but I see nothing much.

The only thing I could not test yet is the topcom skype phone (with Skype built) in. I think they have the same things inside as the Ipevo desktop phones. Still got to see one.

No sample; no report.

For those who wonder, I have decided to keep www.skype-watch.com and www.skype-gadgets.com, after all it's a living thing and nobody told me they want to see it go. So it stays.

unlocking the iPhone.

" In the past week, New Jersey teenager George Hotz published instructions for unlocking the iPhone. Meanwhile an anonymous group called iPhoneSimFree plans to sell its software-only solution, and a company called UniquePhones is set to sell a remote unlocking service. These offers generated buzz from iPhone owners, who are restricted -- by technological locks built into the GSM-based handset -- to using the AT&T wireless network. On Monday, some buzz circulated from AT&T lawyers trying to shut down the distribution of unlocking software. Does AT&T have a leg to stand on?"

Source http://www.wired.com/politics/onlinerights/commentary/circuitcourt/2007/08/circuitcourt_0829

More on the Iphone and Iphone Hacks.

Did Skype receive pressure to give the Bush Administration access to their encrypted voip / p2p network traffic ?

Concerns on security come in many forms. We already had like utilities such as www.skypekiller.com to detect skype in a network, then a whole bunch of methods for p2p blocking, dectection and throttling and so on… and now here is a bit more speculation on the skype outage. I have always wondered what governments, telecoms, internet providers would think of 256-AES encrypted traffic running on "their" networks.

Quote : "Who is to say that Skype didn't receive a little pressure to give the Bush Administration access to network traffic, above and beyond whatever the wiretaps at AT&T switching facilities could gather from the Internet? " source.

"The Skype network has been a concern of government intelligence agencies since its inception because it provides a worldwide network of encrypted VoIP calls to potential "terrorists". So how coincidental is it that 10 days after Bush signs into law a Bill giving the government authority to track foreign calls that go through U.S. networks that Skype, for the first time in its existence, undergoes a massive worldwide outage?" source.

What is true or not on the above wild speculations, it is clear to me that Skype can be used by anybody for all sorts of reasons. I find that Skype has made a mistake by letting anybody from anywhere make any account, over and over, assuming any or no identity. There should have been some an activation mechanism before you can use an account (like sending an activation-sms or email-activiation to which you must reply before the account becomes active). It is an almost perfect one time pad.

There is no real authentication in Skype (unless you start filling in your credit-card), there is no real proper way to properly manage the skype traffic (yet) and now there is the concern that somebody might be really wiretapping it, if where and when needed. Nothing is really properly clarified. What is Skype policy on allowing wiretapping anyways ? With whom do their share data, if they suspect somebody is doing something fishy ? What is their surveillance procedure and call or chat intercept strategy ?

How safe is all this ? Have there been reported and convicted cases on real abuse of Skype's network ?

More questions keep popping up, lesser and lesser answers are given. Skype is black box and Skype's PR weaves a (credible) net around this type of technology.

Somebody should write a "wiretap-plug-in" to see who else is listening. It would be great to see that the skype dual-login without notification could be switched off. Answer to this topic are not really given. I wish I could switch of the dual login feature.

Foreign Intelligence Surveillance Act (FISA) | Wiretapping Skype | Skype and FBI | Skype and NSA | Skype and CIA | Skype espionage | Skype Security issues |dual login feature without notification (*)|

Gphones, Jaxtr and nothing more about the Skype outage. Business as usual.

Farewell iPhone, the gPhone is coming to eat you for lunch http://www.i4u.com/article11123.html

Good article o How Skype Handles Relationship Marketing in a Crisis and something about Skype Outage Dialling Up Conspiracy Theories . Skype's outage not a hang-up for user base

Yahoo benefits from Skype outage

Jaxtr Takes $10M Collect Call (unding round which was led by new investor August Capital included Mayfield Fund and early Skype investors Draper Richards, Draper Fisher Jurvetson)

No Skype espionage via the Firefox browser.

Nothing going on it seems. Read the below :

" Confusion due to Skype file access. An ambitious user using the AppArmor security application has observed that Skype for Linux opens some strange files. After having published his observations in the Skype forum , suspicions of espionage are circulating on the Internet, although the explanation is probably quite harmless.

AppArmor is a Linux security extension, which can be used to fine-grain access rights. For instance, the software allows users to restrict access of programs to a few individual files and prohibit and log access attempts to all other files. When a user did this to increase his system's security, he noticed that Skype opened the /etc/passwd file and recursively searched the Firefox directory in his home directory. Other users have confirmed this behaviour with the strace utility. As a consequence, espionage suspicions have immediately started to circulate on the internet. A German reader has even established a connection to the Federal Trojan.

However, the explanation is probably quite harmless. AppArmor and strace do not only register direct file access, but also access attempts caused by executing system functions in libraries. For instance, accessing /etc/passwd is required in order to assign a numerical user ID to the user name. Some system functions and many programs do this by default. The harmless ls command for example delivers:

# strace -eopen ls –l
...
open("/etc/passwd", O_RDONLY) = 4
...

It is a common method to fetch the users home directory from the relevant entry in passwd (with something like getpwuid()). Also, the file passwd, despite its name, no longer contains any passwords. Searching the Firefox directory, on the other hand, is more critical, since confidential information is often stored there. But again, the explanation could be a harmless and plausible one.

One possible reason to read the Firefox directory is in order to retrieve from there proxy settings as it is done by Skype for Windows with Internet Explorer. This is supported by tests performed by heise Security, in which Skype opened only directories. The only real file it opened in the Firefox directory was prefs.js which does indeed contain the proxy settings. Another reason for Skype to access the user's directory might simply be to check if the user has installed the vendor's Firefox extension.

So far, the vendor has not published any statements about all this, but there should be no need to worry about file accesses such as these.

Incidentally, for security reasons, the path to your Firefox configuration files contains a random "username". Remember never to post the full path including that random string because that would compromise the security of your system. "

Source : http://www.heise-security.co.uk/news/94975

Writing proper email messages.

Read Your Email Message Backwards to Avoid Common Pitfalls Here are some common problems to look out for:

• Misspelled words - It's a good idea to spell-check a document, but it's not enough. A spell checker won't catch every error.
• Wrong word used - This is why a spell checker isn't enough. A spell checker will only flag words it doesn't recognize. It can't tell if a legitimate word is used incorrectly. Some words commonly confused: accept, except; your, you're; then, than; there, their, they're; cite, site, sight; lay, lie; loose, loosen, lose. Also, look out for a missing "r" in the word "your." It's easy to overlook a sentence such as "Visit our Web site now to receive you free copy."
• Grammar error - Again, if you know you're not a good writer, have someone else check your writing for grammatical errors. Mistakes make you look bad.
• Punctuation error - This is another area where you'll benefit from a review by someone who knows their stuff. If you're determined to do it yourself, purchase a good grammar or style book. One of the most common punctuation problems: Too many stupid commas!
• Vague or confusing statement - Make sure every sentence is crystal-clear. You don't want your promotional message to raise more questions than it answers.
• Illogical statement - Read over what you have written slowly. At the end of each paragraph, ask yourself: "Did that make sense?" Rewrite so that it does.

 

Just something I got via email. Good one.

The secret p2p formula that brought Skype down has been revealed.

Looks like it's dangerous to play with global p2p based voip…

Some Interesting views here on what brought Skype down around the 16^th of august 2007 :

" This is a great explanation of the Skype Out(age) by someone named Julian Cain (no idea who he is, but obviously has experience with Distributed Hash Tables (DHT) and p2p programming) - he posted this explanation in the comments in this thread @ GigaOm.

Number of Skype Authentication servers:

Count == 50; // Clustered
Number of potential Skype clients:
Count = 220,000,000 // Mostly decentralized
Number of SuperNode clients to maintain network connectivity:
Count = N / 300 at any one time.

• If there are 3.0 million users online then the ratio is 3,000,000 / 300 = 10,000 == Supernodes available
• Supernodes are bootstraps into the network for normal first run clients("and handle routing of children calls").
• Supernodes maintain the network overlay via a DHT("Distributed Has Table") "type" method. // This is normally very slow and done over UDP
• If a client cannot find a Supernode, regardless of authentication via central server then is NOT allowed on the Skype network.

Lack of Supernodes mean lack of network connectivity regardless of successful login via "central server". You CAN be a Supernode but not have full network connectivity because you have only a portion of the "Distributed Index Data aka DHT". MOST people that become Supernodes will bail out if they cannot keep a clear route ("aka calls bail out, client restarts and aborts Supernode status, thus booting it's 300 - 500 Children and putting them into a "Connecting mode". Children that are trying to "Connect" are unable to do anything unless they have a "Supernode" as a parent. // No calls, No IM…. " read more here.

Why does Skype need to read my Firefox profile adn linux passwords ?

As picked up on Slashdot : "mrcgran writes "Users of Skype for Linux have just found out that it reads the files /etc/passwd, firefox profile, plugins, addons, etc, and many other unnecessary files in /etc. This fact was originally discovered by using AppArmor, but others have confirmed this fact using strace on versions 1.4.0.94 and 1.4.0.99. What is going on? This probably shows how important it is to use AppArmor in any closed-source application in Linux to restrict any undue access to your files.""

Rumour or fact remains the question. May the Skype PR and FORUM shed a light on this.

Skype is the medium, not the message.

I think that Skype has some kind of problem. The reason why skype has a problem is because there is no real community. Except the skype community and a bunch of voip geeks. skype has not created a social community. people already have one. they already know who they want to talk to. it's not totally like msn, yahoo, googletalk. (those have email-services attached also). it's the community that dictates what medium will be used, not the medium itself. maybe skype does not understand that ? who is interested in live skype, skype this and that. i don't think people are interested. Skype does not have a facebook. do we want it, do we need it ? It's a great free phone with video. Maybe one day it will be clear that it is nothing more than that. Maybe that is why they are working on the price-strategy now "how cheap can your dialtone" be.

Matsalleh Jan Geirnaert becomes 40 when Malaysia become 50 on 31 Ogos 2007

There will soon be big a party in Malasyia. The occasion is Malaysia's independence which reaches 50 years now. It's something you can't miss. There are flags and signs everywhere.

Malaysia becomes 50 on the 31^st of august 2007. And I become 40 on the 31 of august 2007.

 

Many evens ongoing and upcoming. See more info on : http://merdeka.virtualmalaysia.com/

Let's call this blogpost. Something like Jan Geirnaert Matsalleh has his 40^th birthday on the 50^th birthday of Malaysia on Merdeka Day.

Malaysia Boleh J. 31 Ogos 2007. Yes.

Realated : Malaysia Boleh search on google | Wawasan 2020 | Malaysia | Merdeka | Malaysia's independence |

Intel Phone being served for corporate travelers.

Very interesting report. Good timing to relaunch this piece of information dating already from 2005. Kind of strange to see this pop now again. But read it. it's a good summary.

VoIP Solution 'Soft Phones' Change Business Travel
" Being out of the office disconnects employees from their onsite peers, workgroups, and coworkers, and reduces their communication effectiveness. Learn more about Intel's "soft phone" solution that allows employees to stay connected to their teams while traveling, greatly increasing both individual and team productivity."

Source : www.itbusinessedge.com

New call center solution unveiled for Skype, but does Skype has a call center ?

I read on ZDNET that a New call center solution has been unveiled for Skype revealing that Skype has vivid aspirations of being a major player in the call center game. Skype is doing this through Skype for Business.

My take is that Skype should (have) setup their own helpdesk calldesk centre and have the manufacturers print on every box that runs skype the skype ID skype.support.

As far as I know there is no real calldesk and helpdesk at Skype. Looking forward to one.

Plantronics Calisto Pro Can Do Skype, Landline and Cellphone

Gizmodo.com

Plantronics Calisto Pro Can Do Skype, Landline and Cellphone
This Plantronics Calisto Pro set takes your standard Bluetooth headset and adds in landline and Skype dialing, which means you get the big three. PLT

I have not seen or tested it yet. Maybe I'll get a sample later on. It does look like something interesting. Basically when I look at my skype hardware adventure. I have kept the Plantronics 510 voyager USB headset for my laptop and my desktop skype / voip communications work with the Plantronics c60 USB. It's working fine and has a very nice design too.

 

Related :

Plantronics shows the home worker some love San Francisco Chronicle,  USA - 9 hours ago
Plantronics Calisto Pro talks three ways infoSync World
Plantronics Introduces Calisto Pro: The Web Worker's Dream Phone WebWorkerDaily
Plantronics Transforms Home Office Communications CNNMoney.com

Is this a new type of bicycle or torture tool ?

I you can't guess what this is (supposed to be) then check this out . www.fastexercise.com

American Intelligence community has joined the social networking phenomenon. The Myspace for spies ?

As thrown to me via Skype and then read on tECHCruncH : "American Intelligence community has joined the social networking phenomenon with the launch of A-Space, a MySpace style social network." More here : "Spies and teenagers normally have little in common but that is about to change as America's intelligence agencies prepare to launch "A-Space", an internal communications tool modelled on the popular social networking sites, Facebook and MySpace."

Related : FT.com report.

SERVICE LEVEL MANAGEMENT PROCESS KIT

" In business, it used to be the most important three words were "location, location, location." In today's information-dependent environment, the rules have changed. It's now "service, service, service!" That means knowing who your customer is and defining a clear understanding of their needs and matching that to your team's capabilities. This process is often very detailed and is actually never complete. The Service Level Management Process Kit establishes a framework from which to address the movement toward service orientation." Source : IT Business Edge Management Resources www.itbusinessedge.com

How to protect the VoIP / IM users from self-inflicted damage.

Must reads that I just got from IT Business Edge www.itbusinessedge.com. Security: The Problem Is That People Are Human

" It's so depressing reading stories like the one about user behavior on Facebook. Facebook, of course, is worlds away from corporate applications. But not all Facebook users are teenagers and some of the behaviors described no doubt are carried into the workplace. That's a scary thought. Without getting too deeply into the minutiae of how Facebook works, folks easily allowed access to vital information, including in some cases their mother's maiden name, in reaction to a fake profile set up by security firm Sophos. Twenty percent of those who received random requests allowed access to their full profiles. Seventy-two percent of those who allowed access also gave out their e-mail addresses, 84 percent revealed their dates of birth and 23 percent provided their phone numbers." Source : Related : :: INSIGHTS FROM AROUND THE WEB :: Phishing Researcher Hopes to Aid the Unsuspecting — Eventually :: Computerworld Gartner Warns of Web 2.0 Security Risks :: Gartner Facebook Users Handing over Their Personal Info :: PC Advisor Show Me the Money, Security Researchers Say :: Forbes Hackers Start to Use Spears When Phishing :: DogReader

IBM has bought Webdialogs / Unyte. Will they integrate it in Lotus SameTime ?

IBM has bought Unyte and burying it in Lotus SameTime. Unyte is a Skype Addon so does this means that IBM is now hosting a Skype Addon (rofl).

Would this mean that soon you too can start skype, a Unyte session and all your contacts can potentially be peppered with ads to buy Lotus SamePlace to replace Skype ? SamePlace is IBMs VoIP everything play for SMB market. It used to run under OS2 only. I wonder where it runs today. They have been very silent about couple of years about it.

Official news :

• IBM Acquires WebDialogs to Expand Web Conferencing Capabilities in Industry-Leading Lotus Sametime
• Click here for IBM Lotus® Sametime® Unyte™ FAQs
• A letter to Unyte+ and Unyte Lyte Customers

 

Find more on Unyte.
Find more on Lotus Sameplace
Find more on Lotus Sametime

Skaɪp (Skype) peer 2 peer Skypegoat gossip for 23 august.

All what is going on (press,media,blogs) based on the Skype Outage has caused more attention to be shed on p2p based systems. I think the likes of Skype, Bittorrent and so on are more in the corner (not necessarily a good thing) than before. There will certainly be more attention now for p2p enabled security and bandwidthmanagement devices. Think about all those things that are attached to the black box Skype… All these "things" (plugins) could be doing anything. Anyways I think that such outages might happen again. I don't want them to happen again, but I think it will happen again. And if it does now you will have something like the tsunami panic reaction… People will read the early warning signs and start running (towards the backup solution) even in the case of false alarm.

Skype's nightmare weekend highlights peer-to-peer fears
Skype absolves Microsoft from outage The Microsoft connection clarified

How Skype lost credibility
Security expert: Skype's explanation for outage is "line of bull ...

Vendor Warning on Skype Eavesdropping
Webcam Software serves as monitoring/security application.