Email and Forum Profiles in IT: Chad Hurley, Steve Chen, and Jawed Karim Counterfeit Cisco Equipment from Chin Hackers Choice: Top Six Database Attacks Deal of the Week: The Ultimate Steal for Academics World's First Digital Camera Memrister Will Eliminate RAM DoD Fears Hardware Trojans NSA may have built secret back doors into some US-made software and hardware. Food Science: Emulsion Sauces NASA Plan to Land on Asteroid
Email from John: Dear Tech Talk: I have Windows XP running on my laptop. This week Microsoft update downloaded an installed SP3 (service pack 3) on my computer. Now it keeps rebooting without reason. What can I do? John
Tech Talk Answers: John, you must have an AMD processor and are probably using an HP computer.
The robooting problem mainly affects AMD users who bought their machines from HP. HP puts images of Windows onto its machines, using the same copy for both Intel and AMD boxes. Because the image for both Intel and AMD is the same all have the intelppm.sys driver installed and running. That driver provides power management on Intel-based computers.
On an AMD-based computer, amdk8.sys provides the same functionality. Some other OEM’s beside HP have the same practice and presumably their users will be seeing the same issue.
There is another problem with SP3 that has not yet been tracked down to anything so specific that is causing random hangs and system crashes though at least one can get into Windows itself (unlike the lucky AMD users.) We may wait a few weeks for all of the kinks to get sorted out.
Your only option is to restore you machine to a date prior to SP3 install date. Then wait a few weeks until MS fixes this service pack.
Profiles in IT: Chad Hurley, Steve Chen, and Jawed Karim
Chad Meredith Hurley was born 1977 near Birdsboro, PA
Hurley is currently Chief Executive Officer of YouTube.
He received his B.A. in Fine Art from Indiana University of Pennsylvania.
He got a job at PayPal around 2000.
He designed the logo that is still used by PayPal
Hurley is a user interface expert and was primarily responsible for the tagging and video sharing aspects of the site.
Steve Shih Chen was born August 1978 in Taiwan.
Chen is currently Chief Technology Officer of YouTube
His family immigrated to the US when he was 8.
He attended the University of Illinois at Urbana-Champaign.
After graduation from college, he became an early employee at PayPal.
Chen was also an early employee at Facebook, although he left after several months to start YouTube.
Jawed Karim was born in 1979 in Merseburg, East Germany.
He currently serves as YouTube advisor.
His family moved to the United States in 1992.
He graduated from the University of Illinois at Urbana-Champaign.
He left campus prior to graduating to become an early employee at PayPal.
He got his BS in computer science in 2004.
Chad Hurley, Steve Chen and Jawed Karim met while working at PayPal.
YouTube was born when the Hurley, Chen, and Karim wanted to share some videos from a dinner party with friends in San Francisco in January 2005.
Sending the clips around by e-mail did not work because of file size.
Posting the videos online was difficult.
So they got to work to design something simpler.
The site soon became one of the most popular on the Internet because it was designed it so people can post almost anything they like in minutes.
Jawed uploaded YouTube’s first video on April 23, 2005. He is standing in front of elephants at the San Francisco zoo
On October 16, 2006, Chen and Hurley sold YouTube to Google for $1.65 billion.
Hurley’s share was $345.6M (735,319 shares of Google)
Chen’s share was $326.2M (625,366 shares of Google)
Karim’s share was $64.6M (137,443 shares of Google
YouTube is currently not profitable, with its revenues being noted as "immaterial."
Its bandwidth costs are estimated at approximately $1 million a day.
It is estimated that in 2007, YouTube consumed as much bandwidth as the entire Internet in 2000.
As of April 9, 2008, a YouTube search returns about 83.4 million videos.
YouTube affected the Universal Tube & Rollform Equipment Corp whose web address was utube.com, which was frequently overloaded with high traffic volume.
The web address utube.com has since been sold to a copycat site.
Counterfeit Cisco Equipment from China
A high-number of counterfeit Cisco routers and switches has been installed in nearly all government networks that experienced upgrades or new units within the past 18 months.
The FBI is investigating the possibility that either the Chinese government or Chinese hackers have had the benefit of undetectable back-doors that were incorporated into these rogue devices.
The FBI traces this to a supply chain that rewards the lowest bidder.
Counterfeit equipment is typically 20% the cost of genuine equipment.
The highly-competitive lowest-bid environment of government procurement has inspired several vendors to look for cheap alternatives for hardware… resulting in a catastrophic meltdown of security
In some cases the prime contractor has a subcontractor who used another subcontractor to drop ship the equipment directly at the government site.
The equipment either travelled through an intermediate country or was purchased online via eBay.
Many IT experts have been speculating that the counterfeit hardware will provide backdoor capabilities and access into compromised networks for the originators of the equipment.
FBI is concerned about critical infrastructure damage and the potential of access to secure government systems.
Brute-force (or not) cracking of weak or default usernames/passwords
It used to be that most Oracle databases came with a default user — ?username: Scott? and ?password: tiger? — and Microsoft’s SQL Server came packaged with default passwords for systems administrator accounts.
Those default logons were convenient, for sure — especially for malicious hackers who got an instant back door into the database by using them.
Some users select passwords that are easily cracked (guessed)
Privilege escalation
There have been several insider attacks that came as a result of a malicious user possessing more system privileges than he or she should have had.
And outside attackers sometimes grab higher-level privileges by compromising the operating system.
More often than not, privilege escalation has more to do with misconfiguration: A user is mistakenly granted more access and privileges on the database or related applications than he actually needs to do his job
Exploiting unused and unnecessary database services and functionality
With a little Google hacking, an attacker can search and find exposed Listener services on databases.
Many customers don’t set passwords on Listener… so the hacker can search for strings and find out where live Listeners are on the Web.
Targeting unpatched database vulnerabilities
The good news is that Oracle and other database vendors do patch their vulnerabilities.
The bad news is that organizations can’t keep up with them, so they’re always at the mercy of a wily attacker looking to capitalize on that window of opportunity.
SQL injection
SQL injection attacks have hit some high-profile sites
It’s a lot easier to execute a SQL injection attack on a Web application that front-ends a database than on the database itself
SQL injection attacks occur where the fields available for user input let SQL statements through to query the database directly.
For instance, instead of a user name, it’s a SQL command and it’s put into a packet and sent by the app server to the database.
Stolen backup (unencrypted) tapes
This type of attack is more likely to occur with an insider selling the media to an attacker.
The lesson here is to encrypt the backup data.
Deal of the Week: The Ultimate Steal for Academics
Get MS Office Ultimate 2007 for $59.00 for download
You can get DVD disk for $12.95 more (including shipping)
The regular price is over $680.
Offer ends May 16, 2008
You must have an .edu email address because this is an academic discount.
World’s First Digital Camera
In 1975, Kodak released the world’s first digital camera prototype, a clunky-looking device that used casette tapes as the medium to store pictures.
Each photo took 23 seconds to snap, producing a 100-line black and white image that could only be displayed on a television set.
No wonder why it never became popular.
Memrister Will Eliminate RAM
Researchers at HP Labs have created a fourth basic element in integrated circuits that could make it possible to develop computers that turn on and off like an electric light.
The memristor ? short for memory resistor – could make it possible to develop far more energy-efficient computing systems with memories that retain information even after the power is off.
There’s no wait for the system to boot up after turning the computer on.
It may even be possible to create systems with some of the pattern-matching abilities of the human brain.
This invention, as is obvious, has huge potential in electronics.
If this works out according to plan, no RAM will be needed in our computers!
In addition, this could result in analog computers that process information the way the human brain does.
The Hewlett Packard memristor, based on a thin film of titanium dioxide, appears to be practical and ideal in its initial incarnation.
Being much simpler than currently popular MOSFET transistor, memristors may enable nanoscale computer technology.
While using memristors, the memory will be a part of the circuitry rather than a separate module; this will save valuable space.
It can make possible for computers to power up instantly, cell phones will go much longer without a charge, and no information will ever be lost in case of power failures or battery death.
DoD Fears Hardware Trojans
The possibility that someone could slip a malicious and basically undetectable bit of circuitry into a commodity processor is a real threat.
NSA may have built secret back doors into some US-made software and hardware.
Now we fear that the tables may be turning because of widespread production capability in other countries.
There is no question that the technological infrastructure in the United States is under siege.
We have seen a steady litany of attempted intrusions originating from abroad, most likely perpetrated by a mix of foreign governments and organized crime groups.
An emerging concern is that the same agents behind those cyber-attacks could also have access to the chip fabrication facilities that make the components used in US military technology.
Researchers say that virtually undetectable kill-switches and backdoors can be built into any of the countless integrated-circuit chips used in mission-critical military hardware systems.
Chips can be fitted with trojan horse circuitry in a number of ways.
The structure of a processor could, for instance, by altered by replacing one of the mask layers that are used during the photolithographic process.
Or, hackers could potentially infiltrate the computer systems where the chip designs are stored in the form of "code" written in a special design language then modify the original designs.
The Department of Defense (DoD) is responding to this growing threat by launching the DARPA Trust in IC program, a new research project that aims to find consistently reliable methodology for discovering compromised circuitry.
Three of the companies that are participating in the project?Raytheon, Luna Innovations, and Xradia?will attempt to uncover malicious components that have been hidden intentionally in a set of chips by researchers from MIT’s Lincoln Laboratory.
The testing process began in January, and the participating companies are expected to provide preliminary reports to DARPA by the end of the May, at which point the next stage of testing will begin.
If the results are good, the techniques could continue being developed until the Trust in IC program comes to a close in 2010.
Food Science: Emulsion Sauces
Emulsion sauces are basically two liquids that don’t naturally blend with each other such as oil and vinegar.
The emulsion sauces are mixtures of oil and water stabilized with egg yolk lecithin.
Hollandaise, bearnaise, and even mayonnaise and vinaigrettes are all emulsion sauces.
The key to an emulsion sauce is making sure that it doesn’t separate into its component parts.
Making Mayonnaise
2 egg yolks
1 tbsp Dijon mustard
1 3/4 cup vegetable oil
1 tbsp white wine vinegar
salt and pepper to taste
Bring all ingredients to room temperature.
Combine the egg yolks, mustard, salt and pepper in a bowl and beat well with a small wire whisk.
Whisking continuously, add about a half cup of the oil, drop by drop until the mayonnaise has thickened and emulsified.
Then whisk in the remaining oil in a thin, slow stream until the mayonnaise is smooth and thick. Whisk in the vinegar, add salt and pepper to taste.
Tartar Sauce
Add a tablespoon of pickle relish, a tablespoon of minced onion, and two tablespoons of lemon juice to one cup of mayonnaise.
Hollandaise Sauce
2 tbsp lemon juice
4 tbsp boiling water
3 large egg yolks
1/2 cup unsalted butter
1/4 tsp cayenne
1/2 tsp salt
Melt the butter and keep it warm.
Place the top of a thin-bottomed metal mixing bowl over, not in, a saucepan of simmering hot water. Place the egg yolks in the mixing bowl and whisk until they begin to thicken. Add one tablespoon of the boiling water.
Continue to beat the sauce until it beings to thicken. Repeat with remaining water, one tablespoon at a time, beating the mixture after each addition.
Add the warmed lemon juice and remove from heat. Beat the sauce briskly with a wire whisk. Continue to beat the mixture as you slowly pour in the melted butter. Add the salt and cayenne and beat until thick. Serve immediately.
Bearnaise Sauce
To make Bearnaise sauce, substitute lemon juice for one tablespoon tarragon vinegar and one tablespoon sherry vinegar and add 1 finely chopped shallot.
Season with 1 tablespoon fresh tarragon, chopped and one tablespoon fresh parsley, chopped.
NASA Plan to Land on Asteroid
Nasa plans landing on 40m-wide asteroid travelling at 28,000mph
US eyes Asteroid 2000SG344 for Armageddon-type mission
It was once considered the most dangerous object in the universe, heading for Earth with the explosive power of 84 Hiroshimas.
Now an asteroid called 2000SG344, a lump of rock barely the size of a large yacht, is in the spotlight again.
Nasa engineers have identified the 1.1m tonne asteroid, which in 2000 was given a significant chance of slamming into Earth, as a potential landing site for astronauts.
The mission – the first to what officials call a Near Earth Object (NEO) – is being floated within the US space agency as a crucial stepping stone to future space exploration.
By sending astronauts on a three-month journey to the hurtling asteroid, scientists believe they would learn more about the psychological effects of long-term missions and the risks of working in deep space.
It would allow astronauts to test kits to convert subsurface ice into drinking water, breathable oxygen and even hydrogen to top up rocket fuel.
All of which would be invaluable before embarking on a two-year expedition to Mars.