Email and Forum Profiles in IT: Chad Hurley, Steve Chen, and Jawed Karim Counterfeit Cisco Equipment from Chin Hackers Choice: Top Six Database Attacks Deal of the Week: The Ultimate Steal for Academics World's First Digital Camera Memrister Will Eliminate RAM DoD Fears Hardware Trojans NSA may have built secret back doors into some US-made software and hardware. Food Science: Emulsion Sauces NASA Plan to Land on Asteroid
Email from John: Dear Tech Talk: I have Windows XP running on my laptop. This week Microsoft update downloaded an installed SP3 (service pack 3) on my computer. Now it keeps rebooting without reason. What can I do? John
Tech Talk Answers: John, you must have an AMD processor and are probably using an HP computer.
The robooting problem mainly affects AMD users who bought their machines from HP. HP puts images of Windows onto its machines, using the same copy for both Intel and AMD boxes. Because the image for both Intel and AMD is the same all have the intelppm.sys driver installed and running. That driver provides power management on Intel-based computers.
On an AMD-based computer, amdk8.sys provides the same functionality. Some other OEM’s beside HP have the same practice and presumably their users will be seeing the same issue.
There is another problem with SP3 that has not yet been tracked down to anything so specific that is causing random hangs and system crashes though at least one can get into Windows itself (unlike the lucky AMD users.) We may wait a few weeks for all of the kinks to get sorted out.
Your only option is to restore you machine to a date prior to SP3 install date. Then wait a few weeks until MS fixes this service pack.
Profiles in IT: Chad Hurley, Steve Chen, and Jawed Karim
Brute-force (or not) cracking of weak or default usernames/passwords
It used to be that most Oracle databases came with a default user — ?username: Scott? and ?password: tiger? — and Microsoft’s SQL Server came packaged with default passwords for systems administrator accounts.
Those default logons were convenient, for sure — especially for malicious hackers who got an instant back door into the database by using them.
Some users select passwords that are easily cracked (guessed)
There have been several insider attacks that came as a result of a malicious user possessing more system privileges than he or she should have had.
And outside attackers sometimes grab higher-level privileges by compromising the operating system.
More often than not, privilege escalation has more to do with misconfiguration: A user is mistakenly granted more access and privileges on the database or related applications than he actually needs to do his job
Exploiting unused and unnecessary database services and functionality
With a little Google hacking, an attacker can search and find exposed Listener services on databases.
Many customers don’t set passwords on Listener… so the hacker can search for strings and find out where live Listeners are on the Web.
Targeting unpatched database vulnerabilities
The good news is that Oracle and other database vendors do patch their vulnerabilities.
The bad news is that organizations can’t keep up with them, so they’re always at the mercy of a wily attacker looking to capitalize on that window of opportunity.
SQL injection attacks have hit some high-profile sites
It’s a lot easier to execute a SQL injection attack on a Web application that front-ends a database than on the database itself
SQL injection attacks occur where the fields available for user input let SQL statements through to query the database directly.
For instance, instead of a user name, it’s a SQL command and it’s put into a packet and sent by the app server to the database.
Stolen backup (unencrypted) tapes
This type of attack is more likely to occur with an insider selling the media to an attacker.
The lesson here is to encrypt the backup data.
Deal of the Week: The Ultimate Steal for Academics
Get MS Office Ultimate 2007 for $59.00 for download
You can get DVD disk for $12.95 more (including shipping)
The regular price is over $680.
Offer ends May 16, 2008
You must have an .edu email address because this is an academic discount.
World’s First Digital Camera
In 1975, Kodak released the world’s first digital camera prototype, a clunky-looking device that used casette tapes as the medium to store pictures.
Each photo took 23 seconds to snap, producing a 100-line black and white image that could only be displayed on a television set.
No wonder why it never became popular.
Memrister Will Eliminate RAM
Researchers at HP Labs have created a fourth basic element in integrated circuits that could make it possible to develop computers that turn on and off like an electric light.
The memristor ? short for memory resistor – could make it possible to develop far more energy-efficient computing systems with memories that retain information even after the power is off.
There’s no wait for the system to boot up after turning the computer on.
It may even be possible to create systems with some of the pattern-matching abilities of the human brain.
This invention, as is obvious, has huge potential in electronics.
If this works out according to plan, no RAM will be needed in our computers!
In addition, this could result in analog computers that process information the way the human brain does.
The Hewlett Packard memristor, based on a thin film of titanium dioxide, appears to be practical and ideal in its initial incarnation.
Being much simpler than currently popular MOSFET transistor, memristors may enable nanoscale computer technology.
While using memristors, the memory will be a part of the circuitry rather than a separate module; this will save valuable space.
It can make possible for computers to power up instantly, cell phones will go much longer without a charge, and no information will ever be lost in case of power failures or battery death.
DoD Fears Hardware Trojans
The possibility that someone could slip a malicious and basically undetectable bit of circuitry into a commodity processor is a real threat.
NSA may have built secret back doors into some US-made software and hardware.
Now we fear that the tables may be turning because of widespread production capability in other countries.
There is no question that the technological infrastructure in the United States is under siege.
We have seen a steady litany of attempted intrusions originating from abroad, most likely perpetrated by a mix of foreign governments and organized crime groups.
An emerging concern is that the same agents behind those cyber-attacks could also have access to the chip fabrication facilities that make the components used in US military technology.
Researchers say that virtually undetectable kill-switches and backdoors can be built into any of the countless integrated-circuit chips used in mission-critical military hardware systems.
Chips can be fitted with trojan horse circuitry in a number of ways.
The structure of a processor could, for instance, by altered by replacing one of the mask layers that are used during the photolithographic process.
Or, hackers could potentially infiltrate the computer systems where the chip designs are stored in the form of "code" written in a special design language then modify the original designs.
The Department of Defense (DoD) is responding to this growing threat by launching the DARPA Trust in IC program, a new research project that aims to find consistently reliable methodology for discovering compromised circuitry.
Three of the companies that are participating in the project?Raytheon, Luna Innovations, and Xradia?will attempt to uncover malicious components that have been hidden intentionally in a set of chips by researchers from MIT’s Lincoln Laboratory.
The testing process began in January, and the participating companies are expected to provide preliminary reports to DARPA by the end of the May, at which point the next stage of testing will begin.
If the results are good, the techniques could continue being developed until the Trust in IC program comes to a close in 2010.
Food Science: Emulsion Sauces
Emulsion sauces are basically two liquids that don’t naturally blend with each other such as oil and vinegar.
The emulsion sauces are mixtures of oil and water stabilized with egg yolk lecithin.
Hollandaise, bearnaise, and even mayonnaise and vinaigrettes are all emulsion sauces.
The key to an emulsion sauce is making sure that it doesn’t separate into its component parts.
2 egg yolks
1 tbsp Dijon mustard
1 3/4 cup vegetable oil
1 tbsp white wine vinegar
salt and pepper to taste
Bring all ingredients to room temperature.
Combine the egg yolks, mustard, salt and pepper in a bowl and beat well with a small wire whisk.
Whisking continuously, add about a half cup of the oil, drop by drop until the mayonnaise has thickened and emulsified.
Then whisk in the remaining oil in a thin, slow stream until the mayonnaise is smooth and thick. Whisk in the vinegar, add salt and pepper to taste.
Add a tablespoon of pickle relish, a tablespoon of minced onion, and two tablespoons of lemon juice to one cup of mayonnaise.
2 tbsp lemon juice
4 tbsp boiling water
3 large egg yolks
1/2 cup unsalted butter
1/4 tsp cayenne
1/2 tsp salt
Melt the butter and keep it warm.
Place the top of a thin-bottomed metal mixing bowl over, not in, a saucepan of simmering hot water. Place the egg yolks in the mixing bowl and whisk until they begin to thicken. Add one tablespoon of the boiling water.
Continue to beat the sauce until it beings to thicken. Repeat with remaining water, one tablespoon at a time, beating the mixture after each addition.
Add the warmed lemon juice and remove from heat. Beat the sauce briskly with a wire whisk. Continue to beat the mixture as you slowly pour in the melted butter. Add the salt and cayenne and beat until thick. Serve immediately.
To make Bearnaise sauce, substitute lemon juice for one tablespoon tarragon vinegar and one tablespoon sherry vinegar and add 1 finely chopped shallot.
Season with 1 tablespoon fresh tarragon, chopped and one tablespoon fresh parsley, chopped.
NASA Plan to Land on Asteroid
Nasa plans landing on 40m-wide asteroid travelling at 28,000mph
US eyes Asteroid 2000SG344 for Armageddon-type mission
It was once considered the most dangerous object in the universe, heading for Earth with the explosive power of 84 Hiroshimas.
Now an asteroid called 2000SG344, a lump of rock barely the size of a large yacht, is in the spotlight again.
Nasa engineers have identified the 1.1m tonne asteroid, which in 2000 was given a significant chance of slamming into Earth, as a potential landing site for astronauts.
The mission – the first to what officials call a Near Earth Object (NEO) – is being floated within the US space agency as a crucial stepping stone to future space exploration.
By sending astronauts on a three-month journey to the hurtling asteroid, scientists believe they would learn more about the psychological effects of long-term missions and the risks of working in deep space.
It would allow astronauts to test kits to convert subsurface ice into drinking water, breathable oxygen and even hydrogen to top up rocket fuel.
All of which would be invaluable before embarking on a two-year expedition to Mars.