Thursday, April 30, 2009

vSphere Cloud Operating System Video

Bookmark and Share

In one of my last posts, we had seen vSphere Cloud OS from VMware.  In continuation of the same article, I am embedding following vSphere video.

vSphere is an operating system for cloud computing that runs on data-center instead of machine.

 

Find all other VMware video at http://www.youtube.com/user/vmwaretv


Virtualization and Cloud computing video from Bluelock

Bookmark and Share

I was trying to search good cloud computing environment and I found one below from Bluelock.

For more video from Bluelock, go to www.bluelock.com


The Structure of Conficker

Bookmark and Share

Honeynet.org blog has update regarding Conficker worm. They have visualized Conficker.C and released a video for it.

This is what original blog post says about the video…

“The video is a 3D animation of the functions inside Conficker.C and their functional relationships. Yellow balls are functions found inside Conficker. Green loops are functions imported from Dlls and red boxes are jump holes into other functions. The video shows the way our tools analyze Conficker and the derivation of dependencies among the control flow graph.”

Video can downloaded from http://four.cs.uni-bonn.de/uploads/media/video.avi.


Acunetix Blind SQL Injector tool in action

Bookmark and Share

I have just found video of Acunetix Blind SQL Injector tool being used for data mining purposes against a real life web application, DeluxeBB.

I am embedding this video to get our readers acquainted with depths of SQL injection.

Data mining against a DeluxeBB web application with Acunetix Blind SQL Injector tool
Read original post at Acunetix blog


Google Redesigned

Bookmark and Share

Google redesigned is a Firefox extension and can be downloaded from here.  I have just installed it on Firefox 3.0.10 and found it fabulous.

I don’t need to say much as below image will explain it all. Its incredibly fast, styles update automatically and its open source.

 Google Redesigned: Gmail login page

It not only supports Gmail but also supports other google services such as calendar and reader as well.

Check out other screenshots on Globex Designs site.


Wednesday, April 29, 2009

OpenID and I got too many of them.

Bookmark and Share

Most of the service providers ( e.g. social service provider such as Google,Yahoo,Microsoft) support OpenID. And those who don’t, are either trying to support it or eventually support it due to its wide acceptance.

For those who want to know what is OpenID? check out video below…

The basic motive behind OpenID was to eliminate the need for multiple usernames across different websites, simplifying your online experience. As most of the users already have user ids with different service providers, we will eventually end up having too many of OpenID(s) pertaining to single user.

Currently most of the service providers either don’t have facility to disable OpenID mechanism or if it is there then it is not accessible that easily. The point is if some service converts their user ids to support OpenID then they should be providing mechanism to disable OpenID  on individual user id basis. Advantage being that user will eventually has option to retain kind of OpenID from service provider he desires.

What’s your opinion on this?


Free Webcast: How to Build a Lean Startup, step-by-step

Bookmark and Share

There will be a free webcast on 1st May 2009, from Eric Ries on three key lean startup techniques: continuous deployment, rapid split-testing, and root cause analysis (five why's).

This is what webcast description at ttp://www.oreillynet.com/pub/e/1294 reads, “This webcast will cover the theory of how lean startups work, implementation details, and case studies. Participants will come away with a specific plan of action for how to apply these techniques to their product, company, or startup.“

You need to register for this webcast.


Adobe Reader security hole

Bookmark and Share

Adobe reader is prone to remote code execution vulnerability due to an error in the "getAnnots()" JavaScript function and exploiting it could allow someone to remotely execute code on the machine. Reader 8.1.4 and 9.1 for Linux are vulnerable; other versions or platforms may also be affected, according to securityfocus.com (Bugtraq ID #34736).

Users should disable JavaScript in Adobe Reader by navigating to Edit->Preferences->JavaScript->Uncheck enable Acrobat JavaScript as per US-CERT.

Check out Adobe blog post for their response.


Office 2007 SP2 is now available for download

Bookmark and Share

The service pack (SP2) for Office 2007 is available for download and includes major performance and security enhancements for Office applications, most notably Microsoft Office Outlook.

With this release, Office supports additional built-in file formats such as PDF and ODF.

As per information available on download page, Service Pack 2 is the first service pack to support uninstall of client patches through both the command line and the use of the Microsoft Service Pack Uninstall Tool, available as a separate download.

You can download Office 2007 SP2 and uninstall tool can be downloaded from here.


Tuesday, April 28, 2009

What is RSS? Feed? Subscription?

Bookmark and Share

I understood that few of our readers are not aware of RSS or Feeds. How did I come to know? Answer is Google Analytics and help link next to subscription link. Site overlay provides good estimation in percentage of clicks.

So this post is an attempt to resolve all questions related to RSS. This video from www.youtube.com explaining RSS in plain English. If you like to read a text then go for http://www.whatisrss.com/.

In case if someone still has open questions then please drop a comment.


Talking About Windows

Bookmark and Share

Talking About Windows

Meet key engineers behind Windows 7 on Talking About Windows. Get to see videos of key engineers and professionals behind windows 7 and join the conversation.

(Adding viral video for Talking About Windows)


Talking About Windows – BitLocker to Go

Firefox 3.0.10 is released

Bookmark and Share

On April 23rd 2009, I wrote a post about frequent crashes with Firefox 3.0.9. It was expected that new release is around the corner.

Yesterday, mozilla released Firefox 3.0.10 with fixes for major stability issues along with few fixed security issues. You can get the list of fixed bugs at bugzilla.mozilla.org

You can read original release notes at http://en-us.www.mozilla.com/en-US/firefox/3.0.10/releasenotes/


Windows 7 will have Windows XP mode using Windows Virtual PC

Bookmark and Share

Windows 7 will support Windows XP mode to run older productivity applications. This is how it is implemented as per windows blog.

User will able to install application in Windows XP mode which is actually a virtual XP environment running under Windows Virtual PC. Once application is installed it will be published to Windows 7. 

Only thing to look for is the amount of memory and CPU any application will consume when launched under Windows XP mode.

Read original entry here.


Monday, April 27, 2009

React OS: a Ground-up implementation of Windows XP compatible operating system

Bookmark and Share

For those who don’t know there is open source windows compatible operating system which looks like windows. In fact they aim to provide OS which is binary compatible with Windows OS. This will allow your Windows applications and drivers to run as they would on your Windows system.

Being an open source OS you can learn lot from its source code.

They have recently released ReactOS 0.3.9 . You can also see few of the videos available at ReactOS Media showcase.

 ReactOS Shell

You can download ReactOS from www.reactos.org


Sunday, April 26, 2009

Identify - a Firefox Extension: Explore online profiles

Bookmark and Share

We all have different profiles across multiple social websites or online social service providers. This could be the case for anyone who has presence on the web.

So if you visit profile of someone, say at http://twitter.com/scimandar then how will your find how many active profiles pertaining to my identity are available on the web which are either searchable or publicly visible. One possible way is to go through web and try to find possible public profiles. I would prefer another way which I am going to explain it today.

So lets get back to my twitter profile at http://twitter.com/scimandar. You need to have Firefox 3.0 installed on your machine. Now Get Identify - Firefox Extension and install it. After Firefox browser restart go to http://twitter.com/scimandar profile and press “Alt+i” on your keyboard. And voila! you will see different social public profiles pertaining to me.

Identify scimandar twitter account

This can be applicable to any profile and Identify will try to aggregate all social information available on net. Click image below to go to original website for this extension.

image

There are many use cases of it. How will you be going to use it?


Saturday, April 25, 2009

Windows 7 Learning Portal is live

Bookmark and Share

Windows 7 Learning portal

If you are enthusiastic about upcoming Windows 7 and want to get head start then here is a good news for all windows professionals.

Microsoft Windows 7 learning portal is live. Get to know some sample chapters on Windows 7 and other cool stuff. Get to know about Microsoft training, books, and certifications that are available to help you gain the skills and knowledge.


Microsoft Mythbusters: Top 10 VMware Myths

Bookmark and Share

Busting the top ten myths about VMware virtualization from Microsoft.


Microsoft Mythbusters: Top 10 VMware Myths

Friday, April 24, 2009

Gmail: Edit/view PowerPoint and TIFF files

Bookmark and Share

One more feature addition to your Gmail box. Now you can view PowerPoint and TIFF files directly in your browser. Thanks to Google DOCS technology.

Gmail Powerpoint view 

You can print presentation,edit it online as well. However, when I tried to edit presentation online, it give out an error as below,

Gmail powerpoint edit error 

What’s your experience with presentations in Gmail?


How cyber criminals attack websites – A DDOS video

Bookmark and Share

This video was posted @ http://news.bbc.co.uk/2/hi/programmes/click_online/7940485.stm

I have embedded it to display how DDOS (Distributed Denial of Service) attacks take place.

BBC had acquired control of 22,000 home computers as part of an investigation into hi-tech crime.

BBC Video

Thursday, April 23, 2009

Abiquo releases AbiCloud: The Enterprise Open Source cloud computing Platform manager

Bookmark and Share

Abiquo has released abiCloud is an open source cloud computing platform platform manager which allows users to easily deploy a cloud over organizations’ datacenters.

I have embedded abiCloud video available on www.abiquo.com below,

As per Abiquo blog, abiCloud will offer following features,

Features:
Rich interface,User management through ACL,Infrastructure management (from datacenters to virtual machines),Network management,Appliance repository,Design virtual datacenters

Requirements:
Linux or Windows,VirtualBox hypervisor,JavaVM

Download it from sourceforge.net

You can get more details at Abiquo blog.


Virtualization Security? Virtual Machine Trojans are here.

Bookmark and Share

We all know the technologies that exists today to secure infrastructure from Trojans.  Current technologies that are available will protect infrastructure if some anti-malware or anti-virus is installed on your machine.

But what if someone downloads virtual machine (VM) image directly from Internet on your IT infrastructure?  There is no way that security software installed on your machine will able to recognize threat inside your VM image as your security software may not able to dig into your VM image or may not have access to your VM image (that you have booted). Hence Trojan inside your virtual machine will never get scanned or caught.

Virtual Machine Trojan (ViMtruder) comes embedded inside virtual machine image. You can read a article detailing threat of virtual machine Trojan at www.infosecgura.net.

ViMtruder has client/server architecture. Client is installed insider virtual machine and control server machine will be somewhere on Internet. Client runs automatically when VM image boots up and tries to contact periodically to control server on Internet using outbound port 80 (http port). It should be noted that http port 80 is generally open under most of the firewall policies. The possible threat is once ViMtruder client connects to control server it can scan network infrastructure where VM image is booted. There could be many other attacks that could be possible on network infrastructure.

You can download POC (Proof-Of-Concept) code from code.google.com.

So next time when you download any virtual machine image from Internet then make sure you download it from trusted source. Install and boot it first in isolated network environment (may be I am too paranoid) and make sure it is clean from such treats.

IMO, there could be serious implications of this considering wide spread of cloud computing and virtualization technologies that are being used with cloud computing.


NMAP 4.85BETA remotely detects Conficker worm

Bookmark and Share

Its rather old news but Nmap 4.85beta7 is capable of detecting Conficker worm remotely along with many other improvements. Check out announcement at insecure.org.
By the time, I wrote this article Nmap 4.85Beta 8 was also available.

You can download it (whichever latest available) from http://nmap.org/download.html

CLI for detecting Conficker worm using nmap is

#nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1

A clean machine should report at the bottom: "Conficker: Likely Clean", while likely infected machines report "Conficker: Likely INFECTED". Refer to How to use Nmap to scan very large networks for Conficker? at nmap development page.

You can download paper on Conficker from honeynet.org.


Wednesday, April 22, 2009

Firefox 3.0.9 is crashing…(?)

Bookmark and Share

Today morning, Firefox installed on my machine auto-updated to version 3.0.9 from 3.0.8. However, it is crashing continuously and strangely their feedback agent is not launching at all.

It has happened more than 4 times today. Is their anyone who has experienced such strange behavior?


Tuesday, April 21, 2009

Similar-images from Google Labs

Bookmark and Share

similar_images_labs_logo_large

In one of my previous posts, we had seen reverse image search engine.

Now this time, we will see a new addition to Google labs called Similar Images.  It allows user to search similar images using pictures. e.g. If you try  to search for ‘Golden Temple’ using Similar Images, it will display images along with ‘Similar images’ link underneath each image listed in search. Upon clicking this link, it will try to search images similar to the one which you have selected while clicking ‘Similar Images’ link.

Golder Temple results with Similar Images from Google Labs

Just remember, it is currently listed on Google Labs and experimental.


World’s First Cloud OS: VMware vSphere 4

Bookmark and Share

Yet another new development into Cloud computing domain.

Today VMware has announced VMware vSphere 4, a Cloud OS platform. As I understood (correctly?), it is a next generation of VMware Infrastructure that is will be called as VMware vSphere. The key difference between Cloud OS and OS (Linux,Windows,AIX,Solaris) installed on machine is that Cloud OS manages data center while OS installed on machine manages only that machine.

VMware’s vSphere will manage data center as depicted in image below and will comprise of two main components,

1. Application Services
2. Infrastructure Services

VMware vSphere 4 Cloud OS Image from 'vmware.com'

You can find announcement about VMware vSphere 4 at VMware site. You can also watch video available at VMware vSphere page to get more visual understanding.

So it seems VMware has edge over other virtualization players. Do you agree?


UBitMenu: Classic Menu for Office 2007

Bookmark and Share

http://www.ubit.ch/

From the time when Office 2007 was released, many users were complaining or uncomfortable about the usability of ribbon based interface. Probably this is due to learning curve that one has to go through.

However, UBit has released a software component or rather a add-on to office 2007 when help users utilize Office 2003 styled menus from Office 2007. And of course, this will help increase productivity as well.

Following are screenshots Word 2007,Excel 2007 and PowerPoint 2007 respectively.

Word 2007 with UBitMent

UBitMenu Word 2007 with UBitMent

PowerPoint 2007 with UBitMent

You can download UBitMenu from UBitMenu site.

So what’s your opinion about UBitMenu?


Saturday, April 18, 2009

OfficePalooza: A Contest For Advanced 2007 Office System User

Bookmark and Share

For those who are advanced users of Office 2007, there is now opportunity to win prizes as well. MS has about to launch contest called OfficePalooza.

OfficePalooza contest will run two weeks beginning April 20, 2009, and features ten fun VBA coding challenges in the form of puzzles and games. Each entrant will earn a chance to win one of hundreds of available prizes, determined by a random drawing at the end of the contest.

So tighten your seat belt and get ready to dive with Office 2007.

You can find all details about this contest at OfficePalooza page.

So are you going to be part of it?


Gmail: Suggest more recipients features

Bookmark and Share

People, it seems Gmail labs is rolling out features like anything. Just after releasing support for inserting inline images, Google labs has rolled out another feature that will auto suggest recipients while composing an email. Based on your email composing  history, it will figure out the probable recipients for your email.

In order to  use this features, you have to enable the same from settings->Labs->Suggest more recipients

image

Nothing special about it but it is truly innovative. You can find Gmail announcement about this at this address.


Google code university: Learn to code

Bookmark and Share

After posting a lot about different aspects of technology, it is time to learn some coding.

No! no! I am not going to teach you how to code. But rather tell you where to go to learn coding from masters.

image

Just go to Google Code University to dive into different courses such as AJAX,Algorithms,DS,Web Security and Languages.

And these are not only texts… video classes are also available. So its time for us to learn something new.

What do you say?


Thursday, April 16, 2009

Shutting down Yahoo! Market Summary Alerts ?

Bookmark and Share

Just received following email in my yahoo inbox.

Dear Yahoo! Alerts user, 
Thank you for using the Market Summary Alerts service.   
Please note that we will shut down this service on April 17th, 2009. 
As a result, you will stop receiving email/IM/SMS messages after April 17th for this service. 
We apologize for any inconvenience caused. 
Thank You! 
Yahoo! Alerts Team

It seems they are shutting down Market Summary Alerts service.

What do you think?


Wednesday, April 15, 2009

“Here Comes Another Bubble," YouTube music video about the Web 2.0.

Bookmark and Share

Its old video (originally posted @ http://richterscales.com/blog/) but its fun to see it…


Tuesday, April 14, 2009

Browse and find files on web in windows explorer like interface.

Bookmark and Share

This is one more post which will elevate our internet experience. We had already covered few add-ons for developer and testers. There is new add-on for Firefox which will help us to find and browse information in windows explorer like interface. Here is how it works.

Just download and install OutWit Docs add-on. I have tried it on Firefox 3.0.8. Now navigate to Tools->OutWit->OutWit Docs or press OutWit Docs button on toolbar. It will open OutWit Docs interface…

OutWit Docs Interface

On right top corner search box, type in your search phrase(marked in Red) e.g. networking documents. Now we will get list of all files (as Icon view or as a List view) in our OutWit Docs interface as below…

OutWit Docs Interface with Files

Just remember that its a beta release (and read disclaimer on their site).

Are you gonna use it?


Monday, April 13, 2009

TinEye: Reverse image search engine

Bookmark and Share

We all know image search engines from Google, Yahoo and others which help us search images based on keywords/metadata. However, there is interesting service called TinEye which help us search image based on image identification technology instead of keyword or metadata of an image. Just upload an image and it will try to find matching images. It works by matching partial or full digital fingerprints of image with their image database.

Check out FAQ for more details.


Browser plug-in/add-on are also available.

Firefox add-on available at TinEye Reverse Image Search 0.6.

Internet Explorer 8 plug-in available at Install the TinEye plugin for IE.


Nessus 4 is released

Bookmark and Share

Nesus 4 was released few days back with bulk of improvements.

Blog at tenablesecurity.com has updated list of features and improvements for Nesus 4.

Major areas for updates are Nessus Engine,Port Scanners,Compliance Checking,NASL,NessusClient and improvement in their cross-platform support. They have claimed that Nessus 4 is ten times faster than Nessus 2. You can read Nesus4 upgradation benefits at their site.


Friday, April 10, 2009

Gmail: Inserting inline image support

Bookmark and Share

Finally, Google has added support for adding inline images while composing an email similar to MS Outlook. For inserting images, you have to enable this feature ‘Inserting images’ from Settings->Labs menu as below.

Gmail Inserting Images

Once you enable this feature under (Settings->) Labs tab, you will see following option (squared in Red color in below image) on toolbar while composing an email.

Gmail formatting toolbar with Image Insert option

Below is dialog box (popup) opened when you click on insert image option above….

Insert Image

And after inserting an image it should look like this,

image

Thanks for reading this post.


Wednesday, April 8, 2009

Windows XP desktop: nothing is displayed except background

Bookmark and Share

This is a quick post. We will see an issue, when one of the applications hang and killing (End Task) then it blanks out your desktop. Nothing is displayed except your desktop background. Issue is explorer.exe gets killed sometimes and unless it comes up windows desktop will not able to show start-menu and other system tray icons along with task bar.

In this particular scenario, trick is simple. Just press CTRL+SHIFT+ESC key combination (All keys in one go). This will launch “Windows Task Manager”. Now select menu, File->New Task(Run…) and type in “explorer.exe”.

Let me know if it works for you.


Tuesday, April 7, 2009

Monitoring Web/Internet

Bookmark and Share

We often hear about monitoring web. Generally it is related to monitoring web traffic.

Have you ever wanted to monitor web for your interest? How about different updates that you want about specific domain e.g. technology, politics and different job openings etc? Most of us will take help of Google search to get to know about something(?). How about automating this task and get updates about your interests directly in your email account? We will take help of Google to keep us informed about latest happenings around the web. 

So let’s start. Suppose we want to monitor updates regarding cloud computing and utility computing (being currently hot topics across web). Google provides interesting service called Google Alerts. We will use this service to solve our purpose.

Just sign in and you will end up in “Manage your Alerts” page. Now press “New Alert” button.You will see a new row with a text box for your search terms. Enter "Cloud Computing" | "Utility Computing" term. Then select type from the lists based on your monitoring needs such as news,blog,web,comprehensive,video and groups. We will select comprehensive for wider coverage of our term or interest. Select “Email” delivery (Feeds are also possible) and frequency as “as-it-happens” and press “Create Alerts”.

Now you will receive frequent email alerts in your Gmail account for cloud computing and utility computing. We have just seen one of the use cases of using alerts. You can also create alerts for your name to see how your name is appearing on web if you want another use case.

There is also a paid service called GoogleAlert (they are not affiliated with Google). However, I haven’t used it personally.

Let me know how you utilize Google alerts to your benefit.

 


Thursday, April 2, 2009

Consolidate your Online Identities and Social network contacts with chi.mp

Bookmark and Share

In 24th Feb 2009 article, Online IDENTITY buzz resolved... , we had discussed about online identity. Most of us have different identities with different service providers such as yahoo, hotmail, Google etc.

This post is about a service called http://www.chi.mp (Content Hub & Identity Management Platform). This is one more example of how cloud computing is helping different technologies. Just go to FAQ page at chi.mp and select “how does chi.mp work?” They are using Amazon EC2 and S3 system.

image

They help us manage and own our online identity on web. They provide free domain (So hurry, if you want to grab one for you) , OpenID and a website. You can consolidate all your identities at one place. e.g. you can add twitter,flickr,facebook etc…

I have just created my site called “http://www.pise.mp”.

 image

Currently I have updated my twitter and blog services on “pise.mp” domain/site. I have also imported my Yahoo,Gmail contacts.  So this will give us a single platform to centrally manage most of our online identities.  I am really impressed by their concept. They also allow us to create multiple personas to help us manage our identity and relate it to different services and three personas (Friends, Public, Work) are available by default. See image below.

image

However, to my disappointment they currently do not support Orkut which,in my opinion, is one of the popular social networking sites in Indian subcontinent (You have right to disagree :) ). Hope to see orkut as a new crown in supported list of services as currently they are in beta state.

Just check it out and let me know your comments.


Wednesday, April 1, 2009

Content filtering software: Testing for Partial/MIME messages

Bookmark and Share

Welcome to this new post. Today we will see how to test your content filtering software (on your network gateway, hopefully) for partial/mime email messages.

In order to follow this post, you need basic understanding of networking, Linux/Unix and your content filtering software. This post is aimed at software test engineers however it can also benefit network administrators or system administrators as well.

Before continuing lets see what partial mime message means. It is rather a feature available in MIME which can be exploited to deliver unwanted contents. So basic idea is if you were to send a large file using email then you can break email message into multiple (partial) messages of equal size and deliver it to its destination. On other end, mail client will receive all parts of that single message and regenerate original one. MS outlook express will regenerate complete email message out of different partial email messages. However, this can be exploited or misused for unwanted purposes.

So open question is how do we protect these partial messages? and in my opinion it is best to prevent partial messages altogether. So this can be implemented on user end using mail client that do not support partial messages or blocking such messages on your gateway itself. Best way is to block partial messages at gateway level.

So next thing is how do we verify if content filtering gateway is blocking incoming partial mime messages. Answer is to test it.  How do we test it is what we will see below.

First enable partial/mime message filter and apply some action such as BLOCK, email alert or simple alert based on your content filtering software.

Next, you need to download and install tool called ‘mpack’  on your Linux/Unix box. A quick goggle search led me to mpack man page.

# mpack –s “Test Subject” –m 1024 –o partial_mime <File_Name>

The above CLI will generate files of 1024 size with file named partial_mime.01, partial_mime.02 etc…

Now we can use standard ‘mail’ CLI available on all unices to send all these generated files… You can also pipe output of mpack to mail CLI to automate this process. This (Automation) is the prime objective of using mpack tool (easy automation :) ).

Now verify if all files are blocked or alerts are received on your gateway software.

References:
Refer to RFC2046, RFC2646,RFC3798, RFC5147 and RFC5321 @ http://www.ietf.org/iesg/1rfc_index.txt

 




Technology