Confused? I know I was... but this is actually quite interesting.
OS Version (via systeminfo)
Vista Ultimate Release: 6.0.6000 N/A Build 6000
Vista Ultimate Service Pack 1: 6.0.6001 Service Pack 1 Build 6001
Server 2008 Standard Release: 6.0.6001 Service Pack 1 Build 6001
You can read more about it here.
A discussion elsewhere got me thinking about this, and some quick googling didn't turn anything up. If there are already write-ups on this, I would love if people could point me toward them.
Let's say that you are using Tor. When your traffic traverses Tor, it hits an end-point somewhere. That end-point knows that it is your end-point. Now, I'm a malicious individual... a spammer who needs CAPTCHAs solved. What do I do? I setup a Tor server and pass you my CAPTCHAs to solve. I don't believe it would be that difficult to inject CAPTCHAs into the mix. Your Tor connection comes into the server, but outbound HTTP passes through a proxy... this proxy is designed to display CAPTCHAs.
As I said, maybe this has already been discussed elsewhere, and maybe Tor even has protections against it. Either way, I'm really surprised that you don't hear about this more often. I've read about people paying to have CAPTCHAs solved... the only cost associated with this would be bandwidth. You could even expand on it to save bandwidth. A botnet deploys Tor across several thousand machines... these machines all forward the non-local HTTP traffic to "CAPTCHA proxies".
Since Tor users are accustomed to solving proxies for search engines and other big sites, they may not even notice these CAPTCHAs.
So let me know what you think... Thoughts, ideas, evidence of this, papers on this... it's all good.
A couple of weeks ago I posted about certain GMail features not being available in Google Apps for Domains. I was out of town last week and other than taking in RENT last night on stage, I've pretty much been asleep the entire time. I just logged into my Google Apps for Domains account for the first time since getting back and I was surprised to see that all that lost functionality was now available. I don't know if someone from Google saw this and made the changes or if it was entirely coincidental, but either way... Thanks Google!
In ~5 hours I'll be on a plane heading to San Francisco... I'll be there for nCircle CONNECT. So if anyone is going to be in SF in the next few days... let me know... I doubt I'll have much free time, but I may have time for a drink in the hotel bar. Fire me an email (make sure you remove the ~ and the NOSPAM), or if you have the number, call my cell.
For quite some time now I've been a regular user of Cooperative Linux (coLinux), which I think is best described on its website:
Cooperative Linux is the first working free and open source method for optimally running Linux on Microsoft Windows natively. More generally, Cooperative Linux (short-named coLinux) is a port of the Linux kernel that allows it to run cooperatively alongside another operating system on a single machine. For instance, it allows one to freely run Linux on Windows 2000/XP, without using a commercial PC virtualization software such as VMware, in a way which is much more optimal than using any general purpose PC virtualization software
I've been using it for quote some time but I've never bothered to spend the time to take it beyond a console (mind you I see on their website that it'll run Knoppix Japanese Edition with a full GUI). A few months ago andLinux came to my attention. andLinux uses coLinux at it's core and then integrates the Xming server, allowing you to easily run Windows and XWindows applications side by side, both running natively. I think this is absolutely amazing, and something that is definitely needed. My laptop currently have notepad and firefox open on the Windows side and XFCE panel, firefox and Gnome Terminal (with apt-get install build-essential) open on the Linux side. It brings quite a bit of power and flexibility to the table.
I recently went from Ubuntu back to Windows on my laptop because I purchased a Vonage V-Phone. andLinux allows me to easily and conveniently maintain my favourite Linux apps along side my favourite Windows applications. If you've never used it, I highly recommend jumping over to the website and checking it out.
I've already partially talked about this recently but I wanted to bring it up again.
I'm a huge Google fan... I know a lot of people see them as the new Evil Empire, but I really don't see them that way. One of my favourite Google launches was Gmail. I used it for quite a while and only after Google Apps were released did I leave Gmail, but only because I could use my domain name with all the niceties of Gmail. I use Google Apps for Google Talk, GMail, etc... but I recently logged into my old Gmail account and noticed a number of changes. Gmail is getting a lot of revamp (as is Google Talk inside Gmail)... yet these changes aren't being translated to Google Apps (which I find very disappointing).
Changes:
I know I shouldn't be whining about something that's free, but I view a hell of a lot of ads and I view those ads while reading my email in exchange for all the Gmail functionality. What good is all of this functionality if I'm using an outdated UI with outdated abilities? I might as well go back to my own email hosting (which I'd rather not do). So to repeat my comment from my last post, I'd love if someone from Google could explain why users of Google Apps aren't getting all this new functionality.
Now the bridge from Gmail to LinkedIn. The LinkedIn Extension for Firefox is broken with the new Gmail UI. It is also broken for users of Google Apps (even though Google Apps is on the old working Gmail UI). If anyone from LinkedIn is reading this... please fix this.
Now that we've bridged to LinkedIn... What's up with the new UI over at LinkedIn? It's a major step backwards from the previous layout. I log in and feel like I'm on Facebook or MySpace rather than a "Professional Social Networking Site". I would LOVE to see a move back to the old version, and based on the discussions I've had with colleagues and the ongoing mailing list threads that I've seen, I'm guessing other people agree with me.
Lastly, on the LinkedIn issue... I haven't heard anything else regarding a LinkedIn App for the BlackBerry... not since Jim asked for some explanations via comment. So how about it guys? Any word on this yet?
One of my favourite non-IT blogs has got to be The Consumerist. I really like the idea of a public online watchdog that has the freedom to publish pretty much anything.
Anyways, the other day this post caught my attention:
Why doesn't a bank (cough HSBC cough) offer the option to have text message alerts sent to a registered phone number any time a withdrawal is made from a specific account via ATM? "$120 was withdrawn at 2:51pm EST in Palo Verde, CA. Reference #293005"
I think this is a great idea... There's plenty of software that takes advantage of Pager/SMS/Email notifications, why can't the bank due the same? We're becoming more and more technologically advanced and cell phones are everywhere. even my 15 year old sister has an HTC S720.
I would love this feature. My fiance, a while back, got a letter saying that her debit card had been used at a business known to have conducted malicious activities with customers banking information. She got a letter because the bank called, during business hours, and didn't leave a message (I've never quite figured out why service based businesses operate during the hours that people work... there should be an offset, especially if you're trying to contact the individual). Sure the proposed feature is for withdrawals, but why couldn't it exist for all fraudulent activities?
Now maybe the reason this doesn't exist is to avoid opening yet another avenue of attack. My bank "requires" (you don't HAVE to enter it, but they sure do want you to) an email address. They send me quasi-important information via email. The next think you know when I log into my online banking, there's a notice warning me about yet another phishing attack that's targeting customers of my bank. Perhaps they don't want to introduce a new method that phishers can take advantage of. I seem to recall getting random SMS spam with my first cell phone, coming from numbers like '00000' and '12345', however I haven't seen any of that in quite some time... either I'm really lucky or cell phone companies have figured out how to stop spoofed messages. (Which I find unlikely given that landlines can't prevent Caller ID spoofing.) So would we be making things riskier by allowing SMS Fraud Notifications?
Scenario
Do I foresee that scenario happening if SMS Fraud Notification is introduced? Definitely. Do I still think SMS Fraud Notification would be very beneficial? You bet! Banks simply have to remind customers to always contact the bank following an SMS, but to use the number on their debit card or a known trusted source (bank's website, phone book, bank statement, etc.) Banks also have to accept that this is for Fraud Notification only, if customers start getting non-fraud related notifications, they'll grow lax and be more likely to succumb to a targeted phishing attack.
So thoughts... SMS Fraud Notification -- Good or Bad? Beyond that would you pay for the option or only take advantage of it if it were free?
So I was browsing Task Manager on my Vista box as Admin (Show all users processes) and I noticed wininit.exe. This file has that "virus ring" to it, so I decided to check it out. I'm positive my system hasn't been infected with anything, but there's never harm in checking. I did some searching and the first two results on Google are:
Interesting... I don't know how this got here, but let's kill it. Click on wininit.exe, click end process, blue screen. That's right... blue screen. Apparently wininit.exe is a crucial system file in Vista and shouldn't be killed by anyone, yet the administrator can kill it and easily blue screen the system. This probably shouldn't happen, and it's most likely something Microsoft should consider looking into... no user should be able to end task a single process and blue screen the system... not even the Administrator... I'd probably label this as a vulnerability, but I'm sure Microsoft sees it as a stability issue. This would be similar to lsass.exe on Windows XP with the nice pop-up that says, 'This is a critical system process... Task Manager cannot terminate this process' (or something similar).
So end result:
Running Vista:
WinInit.exe is a system critical process, even though some malware scanners identify it as a bad apple. This file should exist in C:\Windows\system32 (or more accurately - %windir%\system32)
Details (Windows Vista Home Premium) as of Today:
File Description: Windows Start-Up Application
File Version: 6.0.6000.16386
MD5: D4385B03E8CCCEE6F0EE249F827C1F3E
Pre-Vista Windows:
Trust your AntiMalware Software.
Anyone with other versions of Windows... see if your wininit.exe is the same (I'm assuming they all are, but if it's different... please post the version of Vista and the MD5 Hash... Thanks.
Something I've had to accept is a slow computer at home... I currently have 1GB of RAM and I'm running Vista (I've purchased new RAM, however I purchased PC-6400 and my board only supports PC-5400 (it won't clock down)). On top of Vista, I'm a Firefox user. While I like the improvements to IE7, I dislike the location of the address bar in relation to the menu bar... and something about Opera just rubs me the wrong way (perhaps the fact that javascript on my pages still doesn't work properly). Anyways... Firefox is a memory hog... (I'm really hoping FF3 fixes this) and I'm used to firefox.exe using 450MB of my precious RAM. However when the latest NoScript update auto-installed, my Firefox memory usage went from 450MB to 750MB. I'm guessing that the latest version of NoScript shouldn't require 300MB of RAM. Has anyone else experienced this issue?
I just discovered this today when Komodo Edit said it had an update available... the release notes lead me to OpenKomodo and I eventually stumbled across an ActiveState press release.
ActiveState today announced an updated, open-sourced release of Komodo Edit, the popular and free editor for dynamic languages including Perl, PHP, Python, Ruby, and Tcl, plus support for browser-side code including JavaScript, CSS, HTML, and XML.
Komodo Edit, based on the award-winning Komodo IDE, offers sophisticated support for all major scripting languages, including in-depth autocomplete and calltips, multi-language file support, syntax coloring and syntax checking, Vi emulation, and Emacs key bindings. Komodo Edit is built on the Mozilla code base, and is now licensed under the same terms as Firefox: Mozilla Public License (MPL), GNU General Public License (GPL), and GNU Lesser Public License (LGPL).
This an amazing product, and this is huge news. The plugin system is also great and there are already a few cool plugins available.