Friday, March 27, 2009

CDR-King 12” Tablet Review by Nurses & Geeks

For some of you who doesn’t know about tablet, it is an input device used by artists which allows one to draw a picture onto a computer screen without having to utilize a mouse or keyboard.

A tablet consists of a flat tablet and some sort of drawing device, usually either a pen or stylus. It may also be referred to as a drawing tablet or drawing pad. While the graphics tablet is most suited for artists and those who want the natural feel of a pen-like object to manipulate the cursor on their screen, non-artists may find them useful as well.

The smooth flow of a graphics tablet can be refreshing for those who find the mouse to be a jerky input device, and repetitive stress injuries such as carpal tunnel syndrome are less likely when using a graphics tablet.

Wacom Bamboo on Dell Latitude D830

It’s a Wacom Bamboo on a Dell Latitude D830 from Ken Schaefer’s Wacom Review. The tablet is quite small (about 19cm on each edge), thin (<1cm) and weighs about 300 grams. It has four buttons at the top (illuminated in blue) which can be programmed, as well as a little touchpad which allows scrolling up/down in windows using a motion similar to the click wheel in an iPod. Price is over $100 or over 4000Php (Philippine Peso). On the other hand, if you’re looking for a starter, low price, and fully featured alternative tablet, I recommend, CDR-King 12.1″ Slim Tablet.

CDR-King 12

Read the rest of the Nurses & Geeks' CDR-King 12” Tablet Review

Continue reading this article...

Feel free to share it!

Technorati Digg it Add to Stumble It! Add to Google Bookmarks Twitthis Reddit Blinklist Furl Live Yahoo

Wednesday, March 25, 2009

Assessing Internet Security Risk, Part One: What is Risk Assessment?

The Internet, like the Wild West of old, is an uncharted new world, full of fresh and exciting opportunities. However, like the Wild West, the Internet is also fraught with new threats and obstacles; dangers the average businessman and home user hasn't even begun to understand. But I don’t have to tell you this. You’ve heard that exact speech at just about every single security conference or seminar you’ve ever attended, usually accompanied by a veritable array of slides and graphs demonstrating exactly how serious the threat is and how many millions of dollars your company stands to loose. The “death toll” statistic are then almost always followed by a sales pitch for some or other product that’s supposed to make it all go away. Yeah right.

Am I saying the threat isn’t real? Am I saying the statistics aren’t true? No. What I’m saying is that many users fail to see what relevance any of this has to themselves and their company. Should the fact that e-Bay supposedly spent $120,000 dollars recovering from Mafia Boy's DDoS attack really have an impact on the reader's corporate IT policy? Perhaps not.

And yet, users can't afford to ignore these facts completely. That would be just plain dumb. What they need to do is to recognize that there are new threats and challenges and, like the other threats and challenges that businesses have always known, these need to be met and managed. No need to panic. No need to spend any money. Yet.

What users really need to do is to understand what the specific risks are that their company or home network faces from being connected to the Internet. In the same way that you don't borrow your business strategy from e-Bay, you probably shouldn't borrow your IT security strategy from them either. You need to develop an IT security strategy to meet your unique needs. You understand your company's own unique risk profile.

As with so many other things in life, the key to effective information security is to work smarter, not harder. And in this case, working smarter means investing your valuable time, money and human resources on addressing the specific problems that are the most likely to cause the most damage. The math is really quite simple. But before you can do the sums, you have to identify the variables. Here are some of the questions you'll have to ask yourself:

  • What are the resources - Information & Information Systems - I'm actually interested in protecting?
  • What is the value of those resources, monetary or otherwise?
  • What are the all the possible threats that that those resources face?
  • What is the likelihood of those threats being realized?
  • What would be the impact of those threats on my business or personal life, if they were realized?>

Having answered the five questions above, you can then investigate mechanisms (both technical and procedural) that might address those risks, and then weigh up the cost of each possible solution against the potential impact of the threat. Once again, the math is simple: if the cost of the solution is higher then the potential financial impact of the risk (or risks) being addressed, then one may need to investigate other solutions, consider accepting and living with a part of the risk, or accepting and living with the risk completely.

This article is the first of a series that is designed to help readers to answer questions three and four in the context of Internet-connected systems: What are the threats that my Internet-connected systems face and what are the chances of those threats being realized. Over the next few weeks we will explore the thinking around Internet Security Assessments, not only why they are done, but also how they are done. By the end of this series you should understand how performing an Internet security assessment can contribute to an effective information security strategy, what you should expect from such an assessment and even how you could go about performing such an assessment yourself.

The Reasoning Behind Security Assessments


An Internet Security Assessment is about understanding the risks that your company faces from being connected to the Internet. As already discussed, we go through this exercise in order to effectively decide how to spend time, money and human resources on information security. In this way our security expenditure can be requirement driven, not technology driven. In other words, we implement controls because we know that they’re needed, not just because the technology is available. Some firms refer to security assessments as ethical hacking or penetration testing. Although I also use these terms, I see them as referring to something completely different than risk assessment and thus do not see their use as appropriate in this context.

Security Assessments vs Risk Analysis

Later in this article, I'll show you a diagram of what is know as the "security life cycle", a depiction of the concept that security is a continual cycle with a number of distinct phases being repeated on an ongoing basis. You'll notice that this cycle distinguishes between a risk analysis and a security assessment. You may even have come across both terms before and wondered at the distinction. It's not my intention to argue semantics here. Indeed, I'm not even convinced that there is universal consensus on the precise definition of each term. Here's how I see it, briefly: A risk analysis is typically performed early in the security cycle. It's a business-oriented process that views risk and threats from a financial perspective and helps you to determine the best security strategy. Security assessments are performed periodically throughout the cycle. They view risk from a technical perspective and help to measure the efficacy of your security strategy. The primary focus of this paper is on this kind of assessment.

Internal vs External Assessments

I have further limited this paper to a discussion of Internet Security Assessments. Let me point out right from the start that this is only a part of the picture. An Internet security assessment can consist of one or both of two things: an internal assessment and an external assessment. The company for which I work distinguishes between the two in the following way:

"An external assessment is also known as perimeter testing and can be loosely defined as testing that is launched from outside the perimeter of the private network. This kind of testing emulates the threat from hackers and other external parties and is often concerned with breaching firewalls and other forms of perimeter security.

On the other hand, in internal testing the analyst is located somewhere within the perimeter of the private network and emulates the threat experienced from internal staff, consultants, disgruntled employees, or, in the event of unauthorized physical access or a compromise of the perimeter security. These internal threats comprise more then 60% of the total threat portfolio."

Although an Internet assessment is attractive because it is finite and answers a direct question, the following should be noted at the outset:

  1. An Internet assessment will not identify all the risks to your information resources. Areas that are clearly not addressed include the following:
  2. Threats from within the trusted environment;
  3. Threats from RAS and other external connections; and,
  4. Threats from your extranet and connections to 3rd parties.
  5. There are other ways of assessing risk, without doing a technical assessment.

Although it's beyond the scope of this discussion, the scope of an Internet Assessment can easily be expanded to include areas like RAS and the Extranet (which is why we actually refer to the service as an external assessment). However, even with the limited scope, there are a number of strong reasons for performing an Internet Security Assessment.

But first, let's remind ourselves why we want to do an assessment in the first place.

Reasons for performing a Technical Security Assessment

I've often thought, at the end of a security assessment project, that I probably could have advised the customer without having to perform the entire analysis. Internet installations are generally fairly similar and one sees the same mistakes being made at different installations all over the world. And yet I haven't quite given up on the idea. There are a number or reasons for my continued faith in technical assessments.

Firstly, a technical assessment allows me to fully familiarize myself with the customer's architecture. By the time the assessment is finished, I usually understand the client's Internet architecture at least as well they do, often even better. This puts me in a unique position to offer then real and useful advice and ongoing technical support.

The technical familiarity I've acquired also very often buys me the respect of the customer's technical personnel. That, in turn, puts me in an even better position to advise them. Because our clients themselves are often non-technical people, such as risk managers and financial managers, it is essential that we also win the trust and respect of the technical team. Penetration testing, a later phase in the assessment methodology during which we actually attempt to breach security and compromise the customer's systems, is particularly effective in this regard. It's hard for someone to argue that their security is sufficient when you've already clearly demonstrated that it can be compromised. The fact that our findings are based on a formal assessment methodology lends weight to the recommendations we make.

Sometimes an organization needs an objective assessment from an independent third party is necessary to convince others that they are taking security seriously. This is becoming more of an issue in certain sectors, where government, shareholders and other regulatory authorities are expecting companies to provide proof of proper information security.

Moreover, the fact is that a properly executed assessment may very well identify problems that otherwise may have gone unnoticed. A single small finger-fault in your firewall configuration may be all that's needed by an attacker and a thorough technical assessment may be the only way of determining this.

But most importantly, an assessment introduces objectivity. With the overwhelming number of security products and vendors in the market, it's important that security-conscious organizations and individuals spend money for the right reasons. A good assessment should help you to understand and prioritize your security requirements, allowing you to invest resources effectively. Very often, the most serious requirements will not be addressed by the simple acquisition of more technology, and it's important for the customer to understand that.

Actually, this last point is nothing new and security assessments have been seen as an important phase in the security lifecycle for as long as there has been information security theory. One version of the lifecycle looks like this:

The Security Lifecycle

The Security Lifecycle

Notice how the assessment phases (threat/risk analysis and security assessment) are the first and last step in the process. The analysis is used to identify what needs to be done, and the assessment is used to measure how effective the other phases in the cycle have been. A number of companies are even starting to use the outcome of these repeated assessments to measure the performance of their technical personnel. Some companies even use security assessments as a key performance area for regular personnel. Now there's an interesting idea.

Reasons for performing an Internet Security Assessment

Hopefully I've convinced you now of the value of a technical security assessment. But I've also said that this paper is limited to a discussion of Internet security assessments only. Does it make sense to focus on one area of your system like that? Actually, no. But Rome wasn't built in a day, and a complete assessment of a large environment will typically need to be broken up into a number of distinct and manageable phases. The Internet is only one of a number of different areas we could examine. However, Internet-connected systems are the single area we assess more than any other. And, given limited time and resources, it is sometimes the only area we consider for clients. Here is a summary of the reasons that companies still perform Internet security assessments:

  1. Internet systems are an obvious part of the problem: Given the almost overwhelming size of the complete information security problem, it's often hard to know where to start. Internet systems are very often a clearly defined subset of the complete infrastructure and can be easily isolated, analyzed and secured. Although we realize that this only a small part piece in a much larger puzzle, it very certainly is a piece. If we can confirm that the Internet systems are secure many managers feel "Whew, at least that's out of my hair."

  2. The Internet is a unique network: The tools and methodologies that we apply in analyzing Internet security are different from those we use when looking at "internal" spaces like WANs, LANs and Extranets. For this reason we tend to see an Internet assessment as a separate body of work from the rest of the assessment and tackle it separately.

  3. Internet systems are an obvious target: Attack via the Internet is by no means the only threat your company faces, but it is a clear and obvious threat and one would be foolish to ignore it. And, just as you want to be sure you've locked your front door, you want to be sure you've secured your connections to the Internet. The threat of attack via the Internet is easily identified, tested and eliminated. We test our Internet security because then we can know that it has been done and move on.

  4. Internet systems are a high-profile target: It smarts to be hacked from the Internet. Even though the financial impact of such an attack is often smaller then other forms of attack, a defaced Web site and other forms of Internet attack can often do huge damage to your company's reputation. For this reason we want to know that our Internet security has been taken care of.

  5. Internet systems are often beyond our control: The Internet began its life a utopian exercise in community collaboration. Although this early utopianism has long since evaporated and the Internet has now developed in a battlefield for new-world commerce, there are still a rather scary number of uncontrolled inter-dependencies that make it possible for your company to operate on the Internet. The magical routing of IP packets from one network to the next is one example of this. The mapping of machine names to IP addresses via the Domain Name System is another. Yet we have no real control over these systems. They are critical to the safe operation of our Internet infrastructure and yet their security is beyond our control. Similarly, we have no control over when new vulnerabilities will be discovered in our Internet technologies. Quite simply, the only defense we have is to regularly assess this infrastructure for safe and secure operation. This is probably more true for the Internet then for other areas of your infrastructure.


In this section I've tried to convince you of the value of doing a technical risk assessment and to explain why we often consider the Internet systems separately from the rest of the infrastructure. In the next installment in this series, I'll give you an overview of the steps that we follow in performing this kind of assessment. The methodology is designed to ensure that our work is complete and consistent.

By: Charl van der Walt on Security Focus

Continue reading this article...

Feel free to share it!

Technorati Digg it Add to Stumble It! Add to Google Bookmarks Twitthis Reddit Blinklist Furl Live Yahoo

Thursday, March 19, 2009

AMD lawyer: Intel would 'like us dead'

In the wake of the latest kerfuffle between Advanced Micro Devices and Intel, AMD's chief counsel seized the moment to sound off on a primal fear at his company: Intel is bent on its destruction. Intel, of course, doesn't quite see it that way.

After Intel accused AMD on Monday of breaching a 2001 patent cross-license agreement with Intel, AMD's top lawyer had some choice words for its bigger rival.

In a phone interview Tuesday, AMD general counsel Harry Wolin refuted Intel's claim that the AMD manufacturing spin-off Globalfoundries is not a subsidiary--and thus cannot legally use Intel intellectual property--and talked more broadly about Intel's tactics.

Intel's ultimate goal, Wolin believes, is to crush rivals into oblivion. "In their perfect world, we wouldn't exist. If they had to deal with the government every now and then, that's fine, and they're still extracting monopoly profits from the industry," he said.

Wolin doesn't buy into the oft-repeated theory that Intel needs AMD to keep the industry honest and to keep the U.S. government at bay. "I don't agree with the premise that they have to have us and they think they have to have us. I think they would absolutely like us dead," Wolin said.

The Dickensian depiction of AMD as the impoverished, distressed victim of Intel's bullying and manipulation is inaccurate and, more importantly, misses the relevant point, according to Intel spokesman Chuck Mulloy. "It's nice of them to try to speak for us. AMD has been a competitor for almost 40 years in one form or another. This is not about AMD going away," he said. "This is about our rights and AMD's rights under the patent cross-license agreement."

Ashok Kumar, an analyst at investment bank Collins Stewart, said the premise of a remorselessly predatory Intel set on killing off its rivals is attention-getting but not that realistic.

"Could Intel put them out of business? Probably. But is it a likely outcome? I don't think so," he said. "Because they'll get a lot of significant push back from the OEMs (PC makers). The OEMs will essentially be making a beeline to Washington, D.C."

Intel contends this is a very localized dispute about whether Globalfoundries is a subsidiary or not, and not a manufactured issue "to distract the world from the global antitrust scrutiny (Intel) faces," as AMD said in a statement Monday. "AMD cannot unilaterally extend Intel's licensing rights to a third party without Intel's consent," said Bruce Sewell, senior vice president and general counsel for Intel, in a statement on Monday. Intel maintains the issue is that Globalfoundries is 34.2 percent owned by AMD and 65.8 percent-plus owned by Advanced Technology Investment Co., an investment company. So, in effect, Globalfoundries is not an AMD subsidiary.

Wrong, AMD says. It is not about ownership. AMD has met the conditions that qualify it as a subsidiary. "It requires that AMD originally contributed at least 50 percent of the assets. If you look at the fact that we've thrown in the German factories, we've thrown in the people, we've thrown in the technology, we've thrown in the intellectual property. I don't think there's any credible argument that says we haven't thrown in more than 50 percent of this. It says nothing about owning. It says you have to originally contribute 50 percent of the assets," Wolin said.

And what happens from here?

"Let's say the parties end up in a lawsuit at the end of 60 days," Wolin said. (Intel says it will terminate AMD's rights and licenses under the cross license in 60 days if the alleged breach has not been corrected.) "Well, you know, that lawsuit doesn't come to court for years and wouldn't come to court until well after the antitrust suit would come to court, which is currently scheduled for February of next year," according to Wolin.

Intel says the next step is mediation, where Globalfoundries is brought to the table. If this doesn't resolve the issue, then they would both be off to the races and the lawsuits would begin.

Source: CNET News

Continue reading this article...

Feel free to share it!

Technorati Digg it Add to Stumble It! Add to Google Bookmarks Twitthis Reddit Blinklist Furl Live Yahoo

Friday, March 6, 2009

Koobface, Other Worms Target Facebook Friends (NewsFactor)

- As Facebook works to make itself more relevant and timely for its growing member base with a profile page makeover, attackers seem to be working overtime to steal the identities of the friends, fans and brands that connect though the social-networking site.

Indeed, Facebook has seen five different security threats in the past week. According to Trend Micro, four new hoax applications are attempting to trick members into divulging their usernames and passwords. And a new variant of the Koobface worm is running wild on the site, installing malware on the computers of victims who click on a link to a fake YouTube video.

The Koobface worm is dangerous. It can be dropped by other malware and downloaded unknowingly by a user when visiting malicious Web sites, Trend Micro reports. When attackers execute the malware, it searches for cookies created by online social networks. The latest variant is targeting Facebook, but earlier variants have also plagued MySpace.

Koobface's Wicked Agenda

Once Koobface finds the social-networking cookies, it makes a DNS query to check IP addresses that correspond to remote domains. Trend Micro explains that those servers can send and receive information about the affected machine. Once connected, the malicious user can remotely perform commands on the victim's machine.

"Once cookies related to the monitored social-networking Web sites are located, it connects to these Web sites using the user log-in session stored in the cookies. It then navigates through pages to search for the user's friends. If a friend has been located, it sends an HTTP POST request to the server," Trend Micro reports.

Ultimately, the worm's agenda is to transform the victim's computer into a zombie and form botnets for malicious purposes. Koobface attempts to do this by composing a message and sending it to the user's friends. The message contains a link to a Web site where a copy of the worm can be downloaded by unsuspecting friends. And the cycle repeats itself.

An Attractive Face(book)

Malware authors are investing more energy in Facebook and other social-networking sites because that effort pays off, according to Michael Argast, a security analyst at Sophos. Facebook alone has more than 175 million users, which makes it an attractive target.

"Many computer users have been conditioned not to open an attachment from an e-mail or click a link found within, but won't think twice about checking out a hot new video linked to by a trusted friend on Facebook," Argast said.

Argast called the Koobface worm a mix of something old and something new. The new is using social networks as a method to spread malware. The old is using fake codec Trojans linked to a saucy video to induce the user to install the malware.

Read the rest of the article here:
Yahoo News

Continue reading this article...

Feel free to share it!

Technorati Digg it Add to Stumble It! Add to Google Bookmarks Twitthis Reddit Blinklist Furl Live Yahoo