IT Resource

This is a guest post contributed by Raja of MrFeedback

We have seen privacy introduced in Internet Explorer 8 (beta 2 version) & Google Chrome, and Firefox has recently announced that private browsing will be incorporated into their browser in version 3.1 – currently you can get private browsing mode by downloading the Stealther 1.06 plugin available through Download.com, and there are similar solutions available from Mozilla’s add on website.

The concept behind Privacy mode is simple – any record of your browsing history is discarded once you close the browser session in IE or Google Chrome. Firefox plan to take this feature a few steps further and will have:

• no autofill for passwords
• all cookies will be discarded after browsing
• all downloads in Download Manager will be discarded after browsing
• Unlike IE, you won’t even be able to tell if you’re surfing in Private Mode. IE has a neon indicator to announce the activation of private mode. Firefox will keep the fact that you’re surfing in private mode, well..private. Nice feature.

Private surfing is useful, despite the obvious concern that it will assist people to do things on the internet which are questionable. As internet shopping becomes the norm, it will enable people to keep gift purchases, for example, and other activities private. It’s good that browsers are installing this feature, despite it inevitably being misused by a percentage of people.

I’d love to hear any comments or feedback on Privacy mode and Browser security in general.

Raja Devanathan
Founder of MrFeedback.net

If you would like to guest post or have a post/review written, please get in touch via our Contact page. Standard rates for paid posts/reviews can be found on the Advertising page.

An interesting post on MaximumPC sheds some light on the reasons why the Microsoft Vista rollout process was flawed. It includes some benchmarks testing between XP, Vista and Vista SP1, plus some feedback from Microsoft staff giving an insight into how the problems arose and what’s being done.

Of course, it basically boils down to an underdone release, made too early with inadequate co-operation between Microsoft and driver manufacturers. The article lists 7 major areas where the release really failed: 

Instability

At launch, Vista was much less stable than XP, and the problems weren’t limited to high-end hardware - users with low-end & standard setups also reported instability. Considering that improved stability was one of the biggest promises Microsoft made for Vista, users were understandably upset.

Incompatibility

If a desktop application didn’t follow Vista’s rules for behavior, Vista wouldn’t let it run. The program would fail to load, crash on use, or eat the user’s data, depending on the development infraction. This even affected such mainsrteam programs as Acrobat Reader, iTunes, Trillian, and dozens of others.

Hardware incompatibilities could be just as challenging, and Vista also shipped without support from major VPN manufacturers, including Cisco.

The sheer number and range of compatibility problems meant that every user would be affected in some way.

Performance

New OS releases can suffer from performance issues – but Vista showed dramatic degradation in performance on release. This poor performance affected even the most common of tasks.

User Account Control

Vista brought  improvements in the overall security of Windows, but one of the mechanisms that helps enable that security comes at a high cost – it’s incredibly annoying.

User Account Control, or UAC. Even if you don’t know what it’s called, if you’ve used Vista, you’ve used UAC. It prompts you whenever an app tries to write to an area of your hard disk or registry that Windows finds suspicious. This seems like a good thing but UAC prompts every time the installer does something suspicious. A problem compounded by the fact that each prompt looks and behaves differently, even though they’re all asking for basically the same thing.

To make matters worse, none of the UAC prompts tell users what the application is trying to do. When you click that Allow button, you still don’t know what it is you’re agreeing to.

Activation

Activation was introduced with Windows XP, and Vista activation includes the Windows Genuine Advantage software, which periodically checks in with Microsoft to ensure that the copy of Windows you’ve already activated remains genuine. WGA isn’t foolproof though, and it can be easily confused by something like a BIOS reset.

Version Overload

In the good old days, there were two distinct versions of Windows: one for home users and one for corporate users. For home, you bought Windows 98; IT departments bought Windows NT. With Windows XP, this trend continued, despite the fact that both the home and enterprise versions used the same core.

With Vista, Microsoft added three more versions of Windows, removing crucial features from the low-end release and forcing power users who want access to both work-related and enthusiast features to shell out for the $400 Ultimate edition.  The upgrade path from XP was also inflexible and expensive.

‘One More Thing’

To put it bluntly – Vista didn’t come with any ‘killer’ apps or new features.
 

The full article can be read  here

Just a few days after public release, vulnerabilities in Google’s Chrome browser have already been publicised. Ramifications of an attack could range from an application crash to remote malware installation.

The first vulnerability was found on Wednesday by researcher Aviv Raff, who discovered that the browser was open to a highly-publicised ‘carpet bombing’ attack first found in Safari. The Safari hole was patched earlier this year, but because Chrome uses Apple’s WebKit software, the flaw has reappeared in the Google browser.

A proof of concept page was published demonstrating how an attacker could embed malicious code on a web page and then use it to conduct a remote malware installation with a separate specially-crafted Java applet.

Then researchers Rishi Narang and JanDeMooij posted separate reports of a vulnerability in the browser’s chromium.dll component that was exposed through the browser’s URL bar. The flaw can be made to cause an application crash, though neither report mentioned the possibility of remote code execution.

There is often a requirement to block/deny user access to certain websites and this post shows how administrators can utilise Squid to achieve this:

Squid is a popular open source web proxy server and web caching software. It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other network lookups for groups of people sharing network resources and (which is of most interest to us for the purposes of this post) by aiding security via traffic filtering. It was originally inteneded for Unix/Linux but has been ported to a number of platforms.

Squid has powerful ACL (access control list). The primary use of the ACL system is to implement simple access control. This can be used to deny a user from accessing particular site.

In order to do this we have to edit the Squid configuration file.

e.g. # vi /etc/squid/squid.conf

Search for `Access Controls’ and append the following lines (in this example we are blocking access to ‘nastysite.com’):
acl badsite dstdomain .nastysite.com
http_access deny badsite

Save and close the file, and then restart Squid:
# /etc/init.d/squid restart

 If required, you can specify more than one site to be blocked:
acl badsite dstdomain .nastysite.com  .anothernastysite.com
http_access deny badsite

You can also use regex expressions to block access to more than one website. for example,  if you would like to deny access for any sites where the URL contains the word “twitter”, use the following ACL lines:
acl badsitegroup url_regex -i twitter
http_access deny badsitegroup

More information on Squid commands can be found at: http://wiki.squid-cache.org/FrontPage

Microsoft has released a new beta test version of IE8, stating that this version comes with new features to enhance privacy, ease-of-use, and security.

Beta 1 of IE 8 was released in March, but that was aimed at letting web developers take a first look at the new browser. This latest version is aimed at a broader consumer audience.

Although there is no official release date for IE8 as of yet, Microsoft has pledged to deliver more regular updates of Internet Explorer, whose lead has been chipped away by Mozilla’s Firefox browser. It released Internet Explorer 7 in October 2006.

The latest version of Internet Explorer boasts features found in Firefox 3, including a “smart” address bar that remembers and redirects user to website addresses they have visited before.

IE 8 will also offer a mode called “InPrivate Browsing,” which ensures that history, temporary internet files and cookies are not recorded on a user’s PC.

A new security feature that allows a user to block content coming from third-parties trying to track and aggregate the user’s online behavior will also be available.

Microsoft has also updated features such as “Activities” which allows a user to use information found on one page (e.g. an address) in conjunction with online services such as mapping, without leaving the original site.

The latest test release of Internet Explorer 8 can be found at www.microsoft.com/ie8

The infamous Microsoft “Blue Screen Of Death”, or BSOD, can of course have many causes, some of which can be fixed up with a reboot. Other BSOD errors may signify a more serious issue related to Drivers, memory or other factors.

Listed below are a few of the most common Error messages that accompany a BSOD, together with explanations of what they may mean.

The error messages take the form of an 8-character hexidecimal code (the last eight characters in the ‘STOP’ message code).

 
STOP: 0×0000000A
IRQL_NOT_LESS_OR_EQUAL
Indicates that a kernel-mode process or driver attempted to access a memory location it did not have permission to access, or a memory location that exists at a kernel interrupt request level (IRQL) that was too high (a kernel-mode process can only access other processes that have an IRQL that’s equal to or lower than its own).

 
STOP: 0×0000001E
KMODE_EXCEPTION_NOT_HANDLED
The Windows XP kernel detected an illegal or unknown processor instruction. The problems that cause this error can be either software or hardware related and result from invalid memory and access violations, which are intercepted by the Windows default error handler if error-handling routines are not present in the code  itself.

 
STOP: 0×00000024
NTFS_FILE_SYSTEM
Indicates that a problem occurred within Ntfs.sys, the driver file that allows the system to read and write to drives formatted with the NTFS file system. (A similar Stop message, 0×00000023, exists for the file allocation table [FAT16 or FAT32)] file systems).

 
STOP: 0×00000050
PAGE_FAULT_IN_NONPAGED_AREA
The requested data was not in memory. The system generates an exception error when using a reference to an invalid system memory address. Defective memory (including main memory, L2 RAM cache, video RAM) or incompatible software may cause this error.

 
STOP: 0×0000007B
INACCESSIBLE_BOOT_DEVICE
Windows XP has lost access to the system partition or boot volume during the startup process. Incorrect device drivers typically cause this error although it can also indicate a possible virus infection.

 
STOP: 0×0000007F
UNEXPECTED_KERNEL_MODE_TRAP
A hardware problem e.g. resulting from mismatched or defective memory, a malfunctioning CPU, or a fan failure that’s causing overheating.

 
STOP: 0×0000009F
DRIVER_POWER_STATE_FAILURE
Indicates that a driver is in an inconsistent or invalid power state. This error typically occurs during events that involve power state transitions, such as shutting down or moving in or out of standby or hibernate mode.

 
STOP: 0×000000D1
DRIVER_IRQL_NOT_LESS_OR_EQUAL
The system attempted to access pageable memory using a kernel process IRQL that was too high. Typical cause is a bad device driver (one that uses improper addresses) although it can also be caused by faulty or mismatched RAM or a damaged pagefile.

 
STOP: 0×000000EA
THREAD_STUCK_IN_DEVICE_DRIVER
A device driver problem is causing the system to pause indefinitely. Typically, this problem is caused by a display driver waiting for the video hardware to enter an idle state. This might point to a hardware problem with the video adapter or a faulty video driver.

 
STOP: 0xC0000218
UNKNOWN_HARD_ERROR
A required registry hive file could not be loaded. The file may be corrupt or missing. The registry file may have been corrupted due to hard disk corruption or some other hardware problem. A driver may have corrupted the registry data while loading into memory or the memory where the registry is loading may have a parity error.

 
STOP: 0xC0000221
STATUS_IMAGE_CHECKSUM_MISMATCH
Driver, system file, or disk corruption problems (such as a damaged paging file). Faulty memory hardware can also cause this message to appear.

There’s been some wild and panicky stuff in some of the Tech press lately about a potential exploit that could bypass Vista’s security model. It all sounds pretty drastic but please bear in mind that most reports have been pretty sensationalist about it.

A ZDNet blog post contains a bit more ‘measured’ information about it along with responses from one of the guys who reported the exploit.

Sybase has teamed up with Australian Business Intelligence (BI) provider Yellowfin to package up the Sybase IQ Data Warehousing tool with YellowFin’s Presentation layer & User Interface.

Sybase IQ is a database product optimised for fast analytics and reporting (using a column-based architecture), while the Yellowfin products will provide a web-based Reporting and Delivery capability with easy-to-use dashboards and charting tools.

The alliance already has a live customer in New Zealand based Paymark, and is actively looking to promote the packaged solution in Australia, NZ, Japan, India and China.

Yellowfin are at: http://www.yellowfin.com.au

Sybase can be found at: http://www.sybase.com.au

Sun’s ‘Light-weight UI Toolkit’ (LWUIT) has been made available for download under a version of the GPL2 open-source license, which will make it easier for developers to create applications for the Jave ME mobile/smart phone platform.

According to Sun’s Craig Gering: “We are enabling mobile developers to quickly and easily create rich, portable interfaces for their applications,” declared Craig Gering, Sun’s senior director of embedded Java software.

“This software will also help address the mobile industry’s fragmentation issue by enabling developers to create a single interface that will work anywhere Java is found.”

More information: http://lwuit.blogspot.com/

The August upate from Microsoft is likely to contain a number of critical and major fixes.

The update will include seven items rated as ‘critical’, the highest of Microsoft’s security alert levels. All of these will address issues that may allow an attacker to remotely execute code on a targeted system.

Four of the critical fixes relate to Office issues, one addresses critical flaws in Windows 2000, XP and Server 2003, another fixes a critical issue in Windows Media Player while the last addresses a critical vulnerability in Internet Explorer.

Also planned are five fixes rated as ‘important’. The patches include two remote code execution flaws in Windows and one in Office. The other two updates address information disclosure vulnerabilities found in Windows Messenger, Outlook Express and Windows itself.

The company plans to release the update on Tuesday 12th August. The release will also include non-security updates for the Windows Malicious Software Removal Tool and the Windows Update, Microsoft Update and Software Update Services

iiNet is offering free streaming access to English Premier League matches.

That’s “free” as in there will be no charge for the matches, and “free” in that iiNet won’t count the data usage (streaming will be in .wmv format, and will require Media Player 10) against the user’s monthly allowance.

The Premier League season starts on the 16th of August with Arsenal vs West Bromwich Albion at 12:45 UK time (9:45pm AEST). Up to four live games and five recorded games will be made available each week.

Intel has announced details of a new generation of chips designed to handle increasingly complex and diverse requirements.

The “multi-core” processor technology, codenamed “Larrabee” will be showcased at an upcoming industry conference in Los Angeles.

By dividing tasks between cores, these multi-core chips will be able to cut energy use and heat while speeding performance, using a type of  parallel processing.

Intel and AMD currently sell chips with two or four “cores,” but the new Intel chips (pencilled for release in 2009 or 2010) will have 16 to 48 cores and will be tailored for handling computer game graphics. The chips will also accomomodate the increasingly complex, ‘multi-tasking’ type approach that see users running many desktop apps at once.

Intel say that the major task for software developers now will be to make full use of the available processing power and multi-threading capabilities. Predicted research breakthroughs include voice recognition software so accurate it could be used to record witness testimony in courtroom proceedings.

Intel expects Larrabee “to kick start an industry-wide effort to create and optimise software for the dozens, hundreds and thousands of cores expected to power future computers.”

Larrabee’s initial foray into the multi-billion dollar computer graphics market will put it in an arena dominated by Nvidia and AMD, which both reportedly plan to market chips with hundreds of cores.

See more at:
http://www.intel.com/pressroom/archive/releases/20080804fact.htm?iid=pr1_releasepri_20080804fact

Here’s a handy little list of useful Vista keyboard shortcuts:

• Win + d – show Desktop
• Win + f- search for files
• Win + g  – cycles through Gadget selections
• Win + l – lock your computer
• Win + m – minimize windows
• Win + t  - cycles through Taskbar programs
• Win + u  – activate the ‘Ease of Use’ Center
• Win + x  – cycle through the ‘Mobility’ Center
• Win + Spacebar  – bring Gadgets to the front

Also – if you use the Quick Launch toolbar, pressing the Win key + a number (from the top row of the keyboard) will launch the corresponding application in the Quick Launch toolbar.

e.g. if your first 4 Quick Launch icons are Outlook, Word, Excel, PowerPoint – If you press Win+2, that will start up Word, Win+4 will start Powerpoint and so on. This only applies to the first 10 QuickLaunch icons Win+0 being the last). 

Ping verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol (ICMP) Echo Request messages. The receipt of corresponding Echo Reply messages are displayed, along with round-trip times. Ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution.

Examples of Ping

Windows
ping google.com

Pinging google.com [64.223.167.99] with 32 bytes of data:
Reply from 64.223.167.99: bytes=32 time=37ms TTL=57
Reply from 64.223.167.99: bytes=32 time=37ms TTL=57
Reply from 64.223.167.99: bytes=32 time=75ms TTL=57
Reply from 64.223.167.99: bytes=32 time=40ms TTL=57

Ping statistics for 64.223.167.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 75ms, Average = 47ms

Linux
ping -c 5 itresource.com.au

PING itresource.com.au(203.88.118.177) 56(84) bytes of data.
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=1 ttl=57 time=36.6 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=2 ttl=57 time=36.5 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=3 ttl=57 time=37.0 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=4 ttl=57 time=36.9 ms
64 bytes from kookaburra.cbr.hosting-server.com.au (203.88.118.177): icmp_seq=5 ttl=57 time=36.6 ms

— itresource.com.au ping statistics —
5 packets transmitted, 5 received, 0% packet loss, time 9000ms
rtt min/avg/max/mdev = 35.918/36.638/37.106/0.400 ms

Mac OS X
ping -c 10 itresource.com.au

PING kookaburra.cbr.hosting-server.com.au (203.88.118.177): 56 data bytes
64 bytes from 203.88.118.177: icmp_seq=0 ttl=53 time=40.019 ms
64 bytes from 203.88.118.177: icmp_seq=1 ttl=53 time=47.502 ms
64 bytes from 203.88.118.177: icmp_seq=2 ttl=53 time=43.208 ms
64 bytes from 203.88.118.177: icmp_seq=3 ttl=53 time=50.851 ms
64 bytes from 203.88.118.177: icmp_seq=4 ttl=53 time=46.556 ms

— ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 40.019/45.575/50.851/3.588 ms

Useful links:
http://en.wikipedia.org/wiki/Ping

http://www.computerhope.com/jargon/p/ping.htm

Quick post to tell you about a very useful site (recently ‘wiki-fied’ covering free software for business, development and home use. There seems to be a lot of useful stuff in there and it’s pretty active as well…well worth a look:

It can be found here – Gizmo’s Tech Support Site