Mobile Phone Virus – Cabir

European virus writer collective 29A Labs have demonstrated a virus called Cabir which infects Symbian OS mobile phones with Bluetooth. This is a zoo virus which means it exists only in the laboratory environment and is not in the wild, that is, in circulation.

The Cabir virus was benign. The worm is transmitted over Bluetooth, but for your phone to become infected, you must accept and install the transmitted file. If you agree to install the code, the phone then displays the word “Caribe” and automatically looks for nearby Bluetooth devices to propagate onto.

The linked article quotes Bruce Schneier (author of the classic text Applied Cryptography and the more recent Beyond Fear: Thinking Sensibly about Security in an Uncertain World) in two places that echoed my thoughts; that these devices are essentially mini-computers running cell-phone software and therefore, Cabir like malware are 100% inevitable.

I have removed a lot of malware from computers of my friends and at office. Irresponsible computing is often amusing from a perspective but it’s not really funny once the worm starts crawling. I personally am witness to a Nimda infection in a 40 Windows PC network. The user received the email with the worm attachment. I was standing nearby. And this happened in slow motion:

  1. She said, “Hey, I got a mail from you.”
  2. I replied, “No, I didn’t send any. what’s the subject?”
  3. She said, “Hmm… There is an attachment.”
  4. I said, “Attachment? I didn’t send anything to you. Wait!”
  5. She said, “What’s it anyway?” And then she clicked it. The confirmation dialog box opened.
  6. I shouted as I rushed over, “Don’t open it!”
  7. She replied, “Why not? Why’d you send it then?” And she clicked OK.

*sigh* At least I knew why our network kept on getting reinfected after 3 continuous days of purging it using specialised tools.

A large part of processor time and more expensive RAM-space in a modern computer is taken up by an online-virus scanner–computing time and memory space that could be used for something productive. I wonder if anybody has done the economics of this and tried calculating average loss over a year incurred by an individual or perhaps a business. I understand large firms have dedicated people looking into security and anti-malware activities. Another additional expense. When you sit back and take a macro view of the whole situation, it is quite interesting.

Either way, with the newer phones become yet more powerful and spacious, sooner or later, Cabir-like worms and other malware will soon abound our wireless communication channels as well. It is, inevitable

Doom 3!

Doom 3’s website has been updated to announce an August 3 shipping date! Woo hoo!

Man Learns He’s Dead

Life never ceases to amaze me with some rather bizarre incidents popping up every now and then.

“I thought, ‘I hope they didn’t bury me on my birthday’,” Lunkov told the Moscow Times after visiting his grave in southeastern Moscow. “But it turns out they did.”

😀

Update: Some other miscellaneous ones.

Google Enters The Computer History Museum

The Google Blog talks about Google entering The Computer History Museum.

We’re five years old and already they’re sticking us in a museum.

The museum’s display is of Google’s first corkboard server rack from 1999.

A few specs: each tray contained eight 22GB hard drives and one power supply, and the rack itself required no fewer than 86 hand-installed cooling fans.

They’ve put up the photograph of the Original Atari Pont Arcade as well as a bonus. I had never seen it before so it was a small “wow” moment.

Thinking back on when Google first started operations and how they’ve grown and contributed to the Net directly and indirectly since then, it is a pretty incredible journey. The one thing I’ll probably always be happy about is how Google revolutionised not only the web-search technology but also the way it interacted with the user. Remember that we’re talking about the time Altavista, Yahoo!, HotBot and Excite were considered the 4 Horesemen and were exploiting their search technology and hold to promote their other services. Colourful, rich, graphic-laden pages. Google’s sparse look and super-fast loading pages were a refreshing change. I would venture to say that many people started using Google initially because they ‘perceived’ the searches to be faster. The part about them being better appears to me to have come on a later stage. Even now, with a plethora of services on offer, Google’s home page is still not busy. Their core focus remains web-search. When I go to Google, I am not distracted. I am not enticed by 20 different sales-people from the same store. There is a single core reason I’m there and they hand me the interface without much pomp or interference. To do that for 5 years is appreciable. To hold back the urge to promote another service by piggy-backing on another popular service for so long is incredible.

Great job guys. Keep it up.

Happy Birthday Mozilla Foundation

Mozilla Foundation turned one this week. :)

I have been a Mozilla/Firefox user for a long time and have been a fan of Bugzilla since the first day I used it more than a few months ago.

The entire project, and their products are simply amazing! Happy Birthday.

DVD Pirate Tries To Sell To Police…. Caught!

In the story Police keelhaul world’s thickest DVD pirate, The Register reports on how an Essex man walked into a Chelmsford Trading Standards office and tried selling to the gobsmacked staff.

Peter Martin, Essex County Council’s Trading Standards supremo:

This incident will become part of Trading Standards folklore.

Okay! I had a feeling that the general intellect of humanity is on a decline but this surely takes the cake on how to promote one’s business and make an extra fast buck.

Hackers hacked by hacker

I just came across a funny story on The Inquirer which provides info on how Hackers got hacked by a hacker!

I’ve usually heard of stories about this, especially the tiff between pro-India and pro-Pakistan hackers/crackers/script-kiddies a few years back when they went on a site-defacement spree. But this is a pretty detailed account of how the hacker (Marcos) performed his deed.

Found it quite amusing indeed.

Silly Window Syndrome (SWS)

Did you know that there is something called Silly Window Syndrome? Don’t believe me? Read this Microsoft Knowledge Base Article if you don’t believe me. 😉

This site provides a huge list of humourous Microsoft Knowledge Base articles. Some of them are quite quite funny indeed! 😀

Patent Overload

This banner speaks a lot about software patents.

As more and more so-called intellectual property is being patented and licensing fees demanded, I am slowly beginning to wonder where the future is headed in this regard. Sooner or later, we’ll see amazingly high costs for all software because all new UI enhancements/processes require licensing fees to be used?

Bypass Compulsory Web Registration

Often you’ll come across site that require you to sign-up before you can access their content. These sign-ups are free, yet compulsory. I have often used Mailinator for this. But it still requires me to fill out a registration form and then visit the Mailinator site to check email and in some cases, follow links to complete the registration process.

Enter BugMeNot.Com. This site provides ready-made login usernames/passwords for sites that require compulsory web registrations. Just type in the URL and you get a perfectly valid username/password that you can use to access the content of the website. You can even add ones that you made yourself to the list.

Nice.

Rediscovering Google

I have been playing with Google a bit today on and off. Visiting the Google Zeitgeist “Search patterns, trends, and surprises according to Google” to quote from their page, browsing through he Google Blog, taking a look at photos of Google employees at work which are pretty dated by the way, and of course, the infamous Google Holiday Logos. Finally, decided to take a look at Site Map and just thereabout felt tired enough to go home. Wasn’t really bored but needed some break from the work in between. Google is good entertainment.

President Pushes for Open Source

The Indian national daily The Hindu has reported that the Indian President, Dr. A.P.J. Abdul Kalam has “advised defence scientists to shun proprietary systems and opt for open source codes to enhance software security in defence networks.”

Open source codes can easily introduce the users to build security algorithms in the system without the dependence of proprietary platforms. We should take maximum care to ensure that our solution is unique to protect our own defence security solutions implemented on open platforms.

I have noticed a general movement towards open-source in the Indian defence organisations over the last few years. However, I would venture to say that it’s mainly experimental since most of the IT-aware professionals that get hired are Windows oriented. But with the new breed of professionals more in-tune with open source and more and more people in the decision making levels becoming aware of what the noise is all about, it’s becoming quite interesting every year. Perhaps the reason why Microsoft decided to show India its source?

The next few years should be quite interesting indeed.

Apple OS X Tiger preview

eWeek has put up Apple OS X Tiger preview screenshots!

Some of the new things in this update are pretty exciting. For one, I’ve been looking forward to Safari 2.0 which comes with ‘private browsing’ — a feature, once enabled, does not store any information in the cache or browser history. Very cool. The RSS support in Safari 2.0 is quite impressive as well.

Overall, I think I will start using the iMac in my office a lot more soon. :)

Bush In 30 Seconds

Driven by the lack of fresh talent involved in creating political ads, Laura Dawn, David Fenton, Moby, Eli Pariser, Lee Solomon, and Jonathan Soros launched Bush In 30 Seconds.

[Bush in 30 Seconds is] an ad contest that’s intended to bring new talent and new messages into the world of mainstream political advertising. We’re looking for the ad that best explains what this President and his policies are really about — in only 30 seconds.

They received an overwhelming response and the top 150 videos are available online in Quicktime format. The list is an awesome pool of creative talent–the ads are thought provoking, humourous and full of satire/sarcasm that screams out to people to think.

Even as a non-US citizen but very much affected by their actions, watching these clips made me wonder how much damage was done, directly and indirectly to the Americans and the rest of the world for the short-term benefit of a few by a leadership that allowed itself to be puppeteered so easily. If for some reason somebody proves to me that they were not manipulated into molesting our planet and the people who were perhaps not powerful enough to oppose them, I really shudder at their concept of justice, freedom and liberty, and civil and human rights and hope that such utter neglect of principles and blind following of a misguided few in the name of ‘patriotism’ will never happen again.

I always used to wonder how the Germans were brainwashed into following Hitler and the Italians followed Mussolini in World War II and could never quite fathom how there can be such a complete blanket over common sense. Now, having witnessed something similar (I know here that those who support the so-called ’cause’ will scream, whine and stomp their feet in protest and mouth expletives at the comparision) on perhaps a different level, I see too many things common between these to not shudder in amazement of how human psyche can be manipulated so easily and those who remain unaffected and protest suppressed, ridiculed and persecuted.

Open Source Paradigm Shift – Tim O’Reilly

Progress is evolution–of thought, processes, pinciples, social order, etc.–but major and significant changes are sudden and swift, labelled paradigm shifts. The evolution of IT industry is no different; in parts incremental and dotted with a few paradigmatic shifts . Tim describes how the software industry should take a look in the past when a paradigm shift happened to the hardware industry and take a lesson from it for now a similar shift is happening here, brought on by the Open Source movement.

I came across Tim’s articulation on the paradigm shift in Open Source on Karan’s blog day before yesterday and read it today. Tim builds his case like a lawyer, slowly and meticulously–making the reader think and those who’ve been involed in the industry for some time would probably go, “Ahhh. Didn’t think of that in that way!” when he cites examples and analyses them.

A thoroughly enjoyable and thought-provoking article for anybody involved in software/internet industry.

Mobile Computing of Third Kind

When you mod your bike, how much do you really do it? A few internal changes perhaps. Most of us end up with plastic surgery mostly — everything superficial.

But this guy has modified his bike in a rather interesting manner. Cosmetic changes aside, the hardware maestro has installed a computer on his bike, complete with a regular hard disk! The bugger is running FreeBSD 5.2.1 on that thing! To do what? Record videos from the camera installed on his helmet.

Awesome! I am actually in awe.

Spiderman – Reborn in India

The Times of India reports that in light of Marvel Comics’ plan to indianise the superhero to take advantage of the popularity brought on by the two motion pictures, “Peter Parker of Queens, the hero under the classic Spiderman mask, will be replaced by a young, Indian boy named Pavitr Prabhakar” from Mumbai (Once upon a time called Bombay).

As Spiderman, Pavitr leaps around rickshaws and scooters in Indian streets, while swinging from monuments such as the Gateway of India and the Taj Mahal.

My imagination refused to draw the visuals in my head as I read that. Does India have enough high-rise buildings in India to help the guy swing around? Swing from the Taj Mahal? Are there other buildings around the Taj to swing to or do they plan our new hero to go to popular sites just for a swinging frenzy?

The Green Goblin will appears as a Rakshasa, the Indian mythological demon.

The way the sentence has been phrased, it can be taken to mean two things: “Rakshasa” or “a rakshasa”.

As a name, the only time I have come across it is as name of chief minister of King Nand, and there is a very famous anecdote on how Chanakya (the famous political brain) made him switch sides to Chandragupta Maurya. But that’s only a few hundred years ago. Not in mythology.

In Indian mythology, rakshasa is a community. A culture. A way of life. But very much human. The activities of a rakshasa were perhaps not very ethical or moral by accepted standards that were perhaps more prevalent. That is why sometimes we mention that a person’s activities are ‘rakshasi’ (that which befits rakshas). Rakshas are described as powerful men who did not put their power (be it physical, armed or political) to much good use most of the time. Case in point: Ravan — often described as a ‘demon king’ (sic) — was a pundit by his community who knew all 4 Vedas and 6 Shastra (and hence the description of 10 heads), but he was a rakshas by his karm (activities). He misused the power provided him as a king and a highly educated man and led his people in what could be described as immoral/unethical ways of life. Yet, his very brother Vibhishan is not considered or described as a ‘demon’ (sic) and is nowhere drawn anywhere in resemblance to the rest of his brothers in physical appearance.

“Indian mythological demon”? I know of no such thing. I am apalled that we continously quote the existence of ‘demons’ in Indian Mythology. I would love to be proven wrong by anybody who can quote any Indian scripture where such a thing as a ‘force of darkness’ is mentioned and quotes the activities of minions that work for it.

What utter hogwash. Market-Sense surely cannot obfuscate common sense so thoroughly to come up with such an outrage.

Update: Wasn’t Spiderman supposed to be all about science? I remember watching interviews of Spiderman (the movie) where those in production underlined their requirement to remain relevant to science in the true spirit of the character and its creator. Everything about this superhero is supposed to be believable, based on some scientific possibility, even if it is stretched a bit. Introducing mythology would be against the spirit of Spiderman.

Infectious Web Sites

A story on ZDNet reports that “online organized crime groups are breaking into Web servers” and installing code there that takes advantage of two unfixed flaws in Internet Explorer to install a program that “takes control of the user’s computer.”

The most significant paragraph of this story is:

Researchers believe that attackers seed the Web sites with malicious code by breaking into unsecured servers or by using a previously unknown vulnerability in Microsoft’s Web software, Internet Information Server (IIS). When a victim browses the site, the code redirects them to one of two sites, most often to another server in Russia. That server uses the pair of Microsoft Internet Explorer vulnerabilities to upload and execute a remote access Trojan horse, RAT, to the victim’s PC. The software records the victim’s keystrokes and opens a back door in the system’s security to allow the attacker to access the computer.

This problem would not exist if these IIS servers were patched tight. Yet, despite numerous crippling infections because of other IIS exploits, stupid, ignorant and completely clueless idiots who manage IIS web-servers and don’t patch them are putting every user who visits their website in good faith at risk. They’re violating the implicit trust a user places in the website of a reputed and trusted organisation–that they will not be taken advantage of and not be served code that is malware.

An even more serious part of the report says that the compromised websites include those of financial institutions and ecommerce sites. These would be sites that actively solicit a user’s personal data and stores it on the server. If the server is compromised, so is the security of any data on that server. Will you be comfortable in having an online credit card transaction on such a site?

The possibilities of such a network to be used for DDoS (Distributed Denial of Service) attacks, SPAM-bot networks, et al are only the tip of the iceberg. This network represents computing power equivalent of supercomputers — in teraflops. It could potentially be used for anything… paranoid? Think not.

Stung or Kissed?

I got stung (read kissed) by a yellow indian wasp while coming to my office. It’s quite painful on the neck. But what about it makes it interesting enough that I must put it here?
The sting after 30 minutes
Notice how the sting has swelled up into a beautiful shape. My first reaction was, “Saturn… nice!”. This image was taken approx. 30 minutes after the incident.

AOL worker arrested in SPAM scheme

A story on CNN/Money reports that AOL worker, Jason Smathers has been arrested for stealing AOL’s subscriber list and selling it to a spammer (Dunaway) who used it to promote his own Internet gambling business. Then, Dunaway sold the list to other spammers for $52,000.

With all the ruckus going on about SPAM and privacy, I am amazed that 92 million screen-names were downloaded onto a transferable media and taken out of AOL’s facilities (physical/virtual) without any alarm bells ringing. I figure it was much later that the theft was actually discovered. The amount of data that 92 million screen-names represents is phenomenal. AOL maintains that no credit card numbers were taken by Smathers but admit that he did include the credit card type besides phone numbers and ZIP codes. If I was a subscriber of AOL (and I’m not), I would be very very worried.

This incident also exposes the hollowness of claims made in their Privacy Policies by companies. If a tech company like AOL whose credibility depends on the security of their user data cannot keep it safe from being exposed to/accessed by unauthorised or unscreened employees, I shudder to think what the other Privacy Policies are doing out there other than giving people lip service.