You-Tubers beware!!!

YouTube is truly the most popular service for sharing and uploading video from people throughout the world. It has become a way of life for some people as they spend hours and hours on channels viewing videos ranging for funny clips to those showing high school students beating up and bullying other kids.

Since this craze has been spreading among the Internet users like an epidemic, some people have been devising ways of using this to their advantage, and these people have alternative motives than to just share a visually appealing video clip.

Yes I am talking about the black hat hackers once again exploiting something that people use because they simply can. Security experts say that those video files that you view can be booby trapped.

A fake video file containing the Zlob Trojan has been planted on the video-sharing site. If selected, the Trojan bombards infected users with ads. It might also be used to upload other forms of malware onto compromised PCs. - The Register

The black hats being one step ahead of the security professionals are not something new. And the key is knowledge and the effective channels by which they freely share information. However, even when there are people willing to give warning about such vulnerabilities and bugs that can be exploited, these services such as Google/YouTube don't pay serious attention or give them enough credit.

There were reports on a white hat who was expressing his frustration when Google / YouTube
developers didn't give any response for his reported security issues in their site.

But ultimately they responded and admitting to 40 plus vulnerabilities that this guy uncovered that could seriously jeopardise the users of the YouTube service.


Sources:

• The Register - Is that YouTube clip you just watched booby trapped?
• The Register - YouTube 'riddled with 40-plus security vulnerabilities'
• Top Image Taken from YouTube

Polish your negotiation skills

1. Always go for 'win-win' negotiation, keeping everything neutral (emotions, egoism etc.)

2. Understand your fair interest and the interest of the person you are with negotiation

3. If you are a buyer and in negotiation with a seller on an offer/point of a discussion, always support with some benchmark or reference, it's easy for the negotiation

4. If both parties are not comfortable with the negotiation, take a time to come back later as it leaves both parties time to think

5. Avoid confrontation at any stage of negotiation

6. A good negotiation leaves a future merit for a business relationship, or even a good friendship

7. Keep your negotiation not more than half-an hour to an hour at a stretch, take a break, it gives some time to think through it before you reopen the discussion

8. Show your interest to open for new ideas

9. Treat everyone involved in the negotiation with great respect

10. Thank every one at the end of the negotiation, no matter if you made a deal or not

Read more on CIO.com

Oh Microsoft, you did it again :-)

Check this out... this is hilarious. Some guy was able to validate Ubuntu as a genuine copy of Microsoft Windows. Makes one wonder of the greater things to come from this software giant in the future.

Get the full article from Slashdot.

Bye Bye Anti-Virus?

Recently I read an interesting article regarding Anti-Virus (AV) technology. This article reports that the AV technology is dying and will be replaced by a technology called whitelisting. Some of the trends that we are seeing today is that major AV companies are trying to acquire the whitelisting technology, and the rise of new whitelisting startups. More on this article can be read on The Register.

One of the whitelisting vendors stated in the article was SignaCert. So I did some research on their site. The basis behind the concept of whitelisting is software authentication. According to SignaCert, a whitelist is a repository of identified authentic individual data elements (file signatures generated using cryptographic hashing techniques) that are used to validate the integrity of contents on devices (such as files stored on PCs).

For the whitelists to be effective, it should contain software signatures and metadata of a wide range of commercially available software relavent to an enterprise’s specific needs. These signatures and metadata should be based on the source and from verifiable authentic sources. The signatures and metadata needs to be continually synchronized against the continuous changes to the software by the vendors. It should provide simple and flexible mechanisms to extend the repository for these commercial and also internally developed custom applications. And flexible and easy to use mechanisms for organizing the whitelists.

The goal of all this and other fancy products they have are to ensure the integrity of the IT platform. Whether it is the files stored on the servers/PCs or configuration, registries, etc. Besides this there are other products out their which specializes in file integrity and one of the most widely used and popular one is Tripwire.

With all this, I wonder if the signature based virus detection will get obsolete and whitelist technology will takeover. Or would other technologies will come to surface as they gain more production value such as more adaptive and intelligent techniques in detecting such malware. One such interesting project I came across sometime back is Janus (the intelligent firewall) project by InSeon Yoo. This project has a non-signature based virus detection module.

Whatever the future holds, I believe this battle with viruses and other malware will never end unless more innovative and intelligent solutions are developed.

References:

• The Register: A slow death of AV technology
• SignaCert Website
• SignaCert: Software Signature Quality
• Tripwire

Just another blog!

Yep! That’s right… it’s yet another blog. So what, you are gonna read it anyway. Haven’t been blogging for a few years now. But it’s never too late to pickup from where I left off. Or from a new place.

Anyways, this blog is dedicated to blog just about anything, but hopefully of some substance. So here we go again!!!