Remarks on “Debunking the WMF backdoor”

January 27, 2006

Last night, I sat down with Thomas C. Greene’s article from Security Focus, “Debunking the WMF backdoor”. I found it to be pretty disrepectful to Steve Gibson and all the work he has done for the computer world. Maybe I hold Gibson in too high regard, but I find his knowledge to be very insightful and thought-provoking, especially in his Security Now podcasts. I learned a lot from his talks on VPN’s and wireless security. Maybe he is off in left field about the WMF flaw; I can’t say for certain myself as I am what people might refer to as a “security amateur.” I try to keep up on security topics, try to understand what I can. But I am no security expert, though I am passionate about computer security and would like to learn more.

One thing I found wrong with Greene’s article was that the article was improperly titled. It was not focused on debunking the idea that Gibson had, that Microsoft left this flaw in the Windows source code intentionally. In my opinion, it probably was an oversight by the Microsoft developer’s. Realize that they do have tons of code to deal with and an oversight like this will tend to happen. I wish Greene would have titled the article “A Debunking on Steve Gibson.” Greene spent more time telling his audience how Gibson has been wrong before and trashed his reputation. Greene did not debunk the comments Gibson, or tried to do that in any respect. I really like the way one SecurityFocus commenter put it. I think I share the same opinion with him about Greene’s article.

Maybe Greene will think I am as of base as Gibson,  but I think everyone is entitled to their own opinion. Come on Greene, debunk me next.

After reading Mark Russinovich’s blog post January 19, I love the way he wrapped things up. “The bottom line is that I’m convinced that this behavior, while intentional, is not a secret backdoor.” While the functionality was intentional, it was, in his opinion, not done with malicious intent.

technorati tags: , ,



January 26, 2006

Zach and I sat down for about an hour tonight and worked on some preliminary outlines for the first few episodes. We are planning to record our first show Monday night, though we might move that up to this weekend, depending on how things work out. So more details to come as we get closer to our pilot release. I’ll make sure to post on my blog when the first episode is out.

technorati tags:

Site Up

January 21, 2006

Well, Zach and I  worked on the site for a few hours last night and earlier today. The site is now up, and pretty much functional. However, there is no content online yet as we have not recorded any podcasts yet. I don’t want to put a timeline on getting a podcast recorded, edited and ready for download, as both Zach and I have work and school to deal with. However, we are currently working on a possible topic and are hoping to sit down this weekend and plan things out. So in the meantime, check out the site and tell us what you think.

technorati tags:

Simply Tech and Gamer-Cast

January 19, 2006

Hey guys, I think it’s time for me to update you on the status of Simply Tech and Gamer-Cast. The site for Simply Tech is coming along nicely. Zach has finished the design of the site as of last night and has started the coding of the template this afternoon. I am hoping to have a semi-functional site up sometime this weekend, but I haven’t spoken to Zach about this possibility yet so I don’t have a good idea of the feasibility of getting the site online this weekend. We are hoping to have our first podcast online and ready for download around the first of February, but barring any setbacks on the site and school/homework/work issues, it could be later than that.

Gamer-Cast is pretty much dead as of right now. Matt and Kaleb are putting a lot of time and effort into Gamernode and their shows over there. They don’t feel they have enough time for the Gamer-Cast side project, so if you must hear their voices, go listen to the Gamernode Radio. While I would love to keep the Gamer-Cast episodes coming, Gamernode Radio is a major project and I wish both Matt and Kaleb all the success they can have. From what I hear, they are planning a final “Good-bye” episode of G-C 2.0 and I am looking forward to that.

I also want to discuss the goals and purpose of Simply Tech.  Zach and I both love technology. Any topic from HDTV’s to computer viruses can produce a lot of discussion between the two of us. We spent hours discussing random topics in technology and also spend many hours of the week doing research for our own knowledge gathering. Simply Tech is the culmination of many chats and discussions on technology. We want Simply Tech to be the instrument through which we deliver our knowledge and opinions on technology to the masses. It’s purpose is to provide our listeners valuable insight into the world of tech the way we, two college students with a passion for tech, see it. For us, it is not about gaining a huge listenership as TWIT or Security Now have achieved. The hosts for those two shows are professionals with years of experience under their belts. We are young tech followers who will try to educate our listeners on a wide spectrum of tech topics and also encourage their own pathways into the technology world.

That is what Simply Tech is all about to me, sharing our information and creating more passionate tech users. If I can help one person with one problem, I will be happy. If I can fuel fire to one person’s passion for anything tech, I will be happy. There have been many people that have helped educate and fuel me towards my current knowledge, and I want to help others just as those before have helped me.

The world of technology is such a vast and ever-changing place. The wide spectrum of topics and the rapid rate of innovation really excite me. I hope that it can excite all of you as well.


technorati tags: , ,

Gaim. My IM Client

January 17, 2006

For years, I had been using the standard AOL IM client and the standard MSN Messenger client. But then I thought how cool it would be to have both AOL and MSN in the same program. So I did some searching and found Trillian from Cerulean Studios. I used Trillian for a few years, but then I got interested in open-source software and I wanted to support an open-source chat client. That is where Gaim came into play.

From Gaim’s about menu, “Gaim is a modular messaging client capable of using AIM, MSN, Yahoo!, Jabber, ICQ, IRC, SILC, Novell GroupWise, Lotus Sametime, Napster, Zephyr, and Gadu-Gadu all at once. It is written using GTK+ and is licensed under the GNU GPL.” I have liked Gaim from the first time I tried it. Some have said that the user interface is clunky and ugly, I think its just simplistic. I have been running the 2.0 Beta and do like the way the Gaim developers reordered that menus. By spliting up the menus into different categories, it has made hard to find options much easier to spot. For example, for quite some time, I could not for the life of me find the option to change my MSN name. But now all the account options are grouped under one menu for accounts.

I also like the simplistic, clean look to Gaim. Trillian uses a more detailed, drawn up interface. Whereas, Gaim is simple and, to some people, boring. However, I think a good comparison for the different interfaces is the default Windows XP theme versus the Windows classic theme. I prefer the classic theme as it feels like home and the taskbar and menu bars actually take up less room. And I also hate the standard WinXP start menu. That is the first setting I change when I have a clean install of XP. I think the reason people use the default start menu is because it puts the frequently used programs in prominent places on the start menu. Well, my frequently used programs are in my quick launch bar. Plus, I had personalized menus in MS Office, so I tend to turn off alot of default settings.

Back to Gaim, it does support many, many protocols. Though, I haven’t tried all of them, just the main 3, MSN, AIM, and Yahoo. I have used IRC through Gaim, but I much prefer using mIRC for my IRC sessions. So if you use more than one protocol or just are looking for a better IM client than the default ones, give Gaim a try. I think you might like it.

technorati tags: , ,

Windows Update for Tuesday, January 10

January 10, 2006

Following very closely on the heels of Windows Meta File vulnerability, Microsoft released another two patches today, along with a software removal tool. Besides the WMF exploit, Microsoft’s security bulletin released details on two more critical security issues, a flaw in embedded web fonts and a hole in Office and Outlook.

All Windows users should run Windows Update to have the most recent and most secure version of Windows to date. Please install these most recent patches, MS06-001, MS06-002, and MS06-003, so that I do not have to deal with 173 instances of spyware, a virus or two, and three Trojans. That person is lucky that my friend has a removable hard drive, or she would be losing a lot of music, pictures, and documents.

Oh, one more thing. Zach and I are pretty certain that we will be following up dooganking’s question in the forums regarding setting up a home theater system for around $2,500 to $3,000.

technorati tags: , ,

Windows Update for the WMF Exploit

January 5, 2006

Windows has just released their patch for the WMF exploit early. Their goal was to have the patch ready for the January 10th update cycle, but it seems they have finished their testing and are ready to release early.

Sadly, it seems there will be no update for Windows 98 or later systems. However, Steve Gibson has been heard in the GRC newsgroups saying that if Microsoft didn’t release a patch for Win9x, he would gladly write his own patch.

Link to the security bulletin:

technorati tags: , ,