Monday, December 22, 2008

Elevation gives Palm another hand

Good Morning Silicon Valley Newsletter from

Good Morning Silicon Valley

Elevation gives Palm another hand


Struggling Palm now has the cash it needs to buy some time. Elevation Partners (the only VC group with a lead singer), which in mid-2007 plunked down $325 million for about 25 percent of the smartphone maker and brought in some Apple-flavored new management, has boosted its holdings with a fresh $100 million investment. The money will ensure that Palm has one more chance to get a firm handhold in a market dominated by Apple's iPhone and RIM's BlackBerry lineup.
Last week, Palm reported a quarterly net loss of $506.2 million, as its smartphone revenue sank 39 percent below year-earlier returns and unit sales fell 13 percent, but it urged investors to hang tight. "We're working through an undeniably difficult period," said CEO Ed Colligan, "but near-term challenges shouldn't overshadow the fact that we are on track to deliver a breakthrough new platform and products that will bring a truly differentiated smartphone experience to our customers and reestablish Palm as a leading innovator in the mobile industry." Palm is hanging its hopes on a new operating system called Nova, expected to be introduced at the Consumer Electronics Show in early January, hoping to roll out handsets that can grab a chunk of what Colligan calls the "fat middle of the market," a hypothetical territory between the play-oriented iPhone and the work-oriented BlackBerrys. "The additional capital from Elevation Partners will enable us to put added momentum behind the new product introductions scheduled for 2009 and will provide us with enhanced stability in unsettled economic times," said Colligan. Palm's challenge is considerable — the iPhone is winning friends in the working world, the latest BlackBerrys have entertainment and social computing in mind, the parade of phones based on Google's Android platform is only beginning, and smartphone sales overall are under pressure from the general economic woes. But for now, investors are encouraged and Palm has a lifeline.
Comment on this post

Q  U  O  T  E  D

?Junkyards are great sources for parts. We have designs for pumps and a surgical aspirator that are based on car parts. The future medical technologists in the developing world are the current car mechanics, HVAC repairmen, bicycle shop repairmen. There is no other good source of technology-savvy individuals to take up the future of medical device repair and maintenance.?

-- Robert Malkin, director of Engineering World Health, sees great promise in projects like the infant incubator built from car parts by the Global Health Initiative at the Center for Integration of Medicine and Innovative Technology.
Comment on this post

No shock -- authority still trumps conscience: So you're a decent person, right? Not perfect by any means, but well intentioned, with a sound moral code. You try to do what good you can and cause as little harm as possible, and you certainly wouldn't inflict pain on a helpless fellow human just because you were told to. Would you? That question got a lot trickier to answer after psychologist Stanley Milgram's experiments in the '60's, in which he found people disturbingly willing to give what they were told (falsely) were increasingly strong electric shocks to a person they thought was a fellow test subject, even as the victim's screams rang out, all at the instruction of an authoritative experimenter. "Ordinary people, simply doing their jobs, and without any particular hostility on their part, can become agents in a terrible destructive process," Milgram concluded. "Moreover, even when the destructive effects of their work become patently clear, and they are asked to carry out actions incompatible with fundamental standards of morality, relatively few people have the resources needed to resist authority."
You may be disheartened, but you won't be surprised, to learn that human nature has not changed a whit in the intervening years. As part of a special section reflecting on Milgram's work, the January issue of American Psychologist is publishing the results of a similar test conducted by Santa Clara University psychologist Jerry M. Burger. Participants were told they were part of a study on the effect of punishment on learning, and that their role, under the authority of an "instructor," was to administer increasingly strong shocks to a "learner" who gave an incorrect answer. Burger found that 70 percent of the participants had to be stopped from escalating shocks over 150 volts, despite hearing cries of protest and pain. "The conclusion is not: 'Gosh isn't this a horrible commentary on human nature,' or 'these people were so sadistic,'" Burger said. "It shows the opposite — that there are situational forces that have a much greater impact on our behavior than most people recognize."
Elsewhere in the wide world of research:
* The iconography of the near-death experience is now so thoroughly entrenched in our culture that we're pretty much conditioned to expect a brightly lighted tunnel and greetings from departed relatives at that delicate transition point. But first-hand reports, common as they may be, are by their nature subjective and, for obvious reasons, difficult to confirm. That, however, will not stop scientists from trying. Twenty-five hospitals in the U.S. and U.K. that handle a lot of cardiac arrests are now participating in a study designed to test one of the most frequently mentioned aspects of the near-death experience -- the sense of leaving one's body and looking down at it from ceiling height. The test involves the use of "hidden targets," pictures placed on high shelves in hospital rooms, invisible to patients and staff, but easily spotted by someone floating at ceiling height. If you're skeptical, you have a lot of company. ?People can say they could have cheated, but if we have 50 or 60 of these cases where people leave their bodies and some see the pictures and some do not, then it looks like from the phenomenology that this does occur.?
* In previous attempts to see if octopuses enjoyed television (hey, don't look at me — it's science!), the subjects have shown a distinct lack of interest, and now Macquarie University marine biology researcher Renata Pronk has found out why — they prefer high-definition broadcasts, which has a higher frame rate and better suits their sophisticated eyes.
Comment on this post
Off topic: The video game systems of the 1983 Sears Wishbook, and a couple of holiday-themed diversions, the Flash puzzler Christmas Escape 2 and the hex-grid board game Elves Under Hoof, in which armed reindeer take on evil elves.
Comment on this post
Send folding musical keyboards to

But wait, there's more ...

Add GMSV and other tech feeds to your social networking page, your blog or any widget-friendly surface. Click here.

Enjoy Good Morning Silicon Valley? Then subscribe to First Edition, a daily digest of tech news headlines.


You may cancel your subscription to this mailing or update other subscriptions and profile information after signing in to or, depending on where you subscribed. Subscription options are at the bottom of the page you see after signing in. If you no longer want to receive this mailing, uncheck the box next to Good Morning Silicon Valley.
To ensure delivery of this mailing, please add to the address book or contacts list in your e-mail program.
Did a friend pass along this e-mail to you? You can register for and subscribe to this e-mail list.
Please do not reply to this message. If you wish to contact us regarding the Web site, please send e-mail to Written communications concerning this mailing may be directed to:

MediaNews Group
1560 Broadway, Suite 2100
Denver, CO 80202

Add maps and directions to your party Show them the way!

Sunday, December 21, 2008

Preventative Measures to prevent Web Site Attacks

Preventative Measures

to prevent Web Site Attacks

Over the past year, there has been a considerable spike in cyber attacks against the financial services and the online retail industry. There are a number of actions a firm can take in order to prevent or thwart the specific attacks and techniques used by these intruders. The following steps can be taken to reduce the likelihood of a similar compromise while improving an organization's ability to detect and respond to similar incidents quickly and thoroughly.

Attacker Methodology:

In general, the attackers perform the following activities on the networks they compromise:

  1. They identify Web sites that are vulnerable to SQL injection. They appear to target MSSQL only.
  2. They use "xp_cmdshell", an extended procedure installed by default on MSSQL, to download their hacker tools to the compromised MSSQL server.
  3. They obtain valid Windows credentials by using fgdump or a similar tool.
  4. They install network "sniffers" to identify card data and systems involved in processing credit card transactions.
  5. They install backdoors that "beacon" periodically to their command and control servers, allowing surreptitious access to the compromised networks.
  6. They target databases, Hardware Security Modules (HSMs), and processing applications in an effort to obtain credit card data or brute-force ATM PINs.
  7. They use WinRAR to compress the information they pilfer from the compromised networks.

We are providing the following preventive measures. Performing these steps may not prevent the intruders from gaining access, but they will severely impact their effectiveness based on current attack methods.

  1. Recommendation 1: Disable potentially harmful SQL stored procedure calls.

    The xp_cmdshell, OPENROWSET, and OPENDATASOURCE stored procedures should be disabled on all databases unless they are explicitly serving a business need within the network.

    The xp_cmdshell procedure allows someone to execute commands on a local system from the database, with the permissions of the service account used for the database. The OPENROWSET and OPENDATASOURCE procedures allow one to cause the database to transfer data from the local database to a remote database and vice versa.

    The following two steps should be taken to remove the potentially harmful stored procedure calls.

    1. Disable access to the xp_cmdshell functions within Microsoft SQL Server.

      Microsoft SQL Server 2000
      EXEC sp_dropextendedproc 'xp_cmdshell'
      Microsoft SQL Server 2005
      EXEC sp_configure 'xp_cmdshell', 0
    2. Remove the "xplog70.dll" file from the server.

    If it is necessary to use the potentially harmful stored procedure calls, limit the exposure by applying IP filters on the SQL servers. Assign explicit ALLOW rules to the interfaces for the application the SQL server is supporting. Disallow communication between SQL Server hosts unless an application necessitates otherwise.

  2. Recommendation 2: Deny extended URLs.

    Excessively long URLs can be sent to Microsoft IIS servers, causing the server to fail to log the complete request. Unless specific applications require long URLs, set a limit of 2048 characters. Microsoft IIS will process requests over 4096 bytes long, but will not place the contents of the request in the log files. This has become an effective means to evade detection while performing attacks.

    1. Modify "%windir%\system32\inetsrv\urlscan\urlscan.ini"

      1. Ensure "MaxQueryString=2048" is present
      2. Ensure "LogLongUrls=1" is present
  3. Recommendation 3: Implement specific approaches to secure dynamic web site content.

    Certain measures can be taken to mitigate the risk of these types of attacks by developing a secure code base. The steps below are a few of the best practices for secure coding that will help prevent the attack associated with this incident. Additional information can be found at

    1. Replace escape sequences
      private string SafeSqlLiteral(string inputSQL)
      inputSQL.Replace("'", "''");
    2. Use parameters with stored procedures
      using (SqlConnection connection = new SqlConnection(connectionString))
      DataSet userDataset = new DataSet();
      SqlDataAdapter myDataAdapter = new SqlDataAdapter(
      "SELECT au_lname, au_fname FROM Authors WHERE au_id = @au_id",
      myCommand.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);
      myCommand.SelectCommand.Parameters["@au_id"].Value = SSN.Text;
    3. Constrain input in ASP.NET web pages
      if (!Regex.IsMatch(userIDTxt.Text, @"^[a-zA-Z'./s]{1,40}$"))
      throw new FormatException("Invalid name format");
  4. Recommendation 4: Install and run authorized Microsoft SQL Server and IIS services under a non-privileged account.

    Unless a specific application requires system or administrative level permissions, all instances of Microsoft SQL Server and IIS should run under accounts with restricted user permissions.

  5. Recommendation 5: Apply the principle of 'least privilege' on all SQL machine accounts.

    The attackers generally create tables into which they store malware or data collected from the enterprise. Unless specific applications dictate otherwise, restrict the capabilities of the accounts used to modify databases on the servers. In particular, remove the ability to create new tables, denying the attackers a means of transporting malware and stolen data.

  6. Recommendation 6: Require the use of a password on Microsoft SQL Server administrator, user, and machine accounts.

    Several SQL servers examined had an empty password on the "sa" SQL account. All accounts with access to resources should be protected with passwords or certificates.

  7. Recommendation 7: Lock out accounts on the mainframes after several unsuccessful logon attempts.

    Locking accounts and requiring IT support to restore service aids in protection against brute force attacks. This can serve as an early detection of potential security problems.

  8. Recommendation 8: Run the minimum required applications and services on servers necessary to perform their intended function.

    Several servers, to include Active Directory master servers, have unnecessary software installed (e.g. Microsoft Office). In addition, ensure that no unnecessary services are running. This includes SQL Server and SQL Server Express on support and other workstations. Should these services be necessary, restrict access through IP filters on Microsoft Windows or through third-party firewall software.

  9. Recommendation 9: Deny access to the Internet except through proxies for Store and Enterprise servers and workstations.

    Attacks on victim networks make extensive use of HTTP, HTTPS, and DNS network ports. Denying direct access to the Internet will frustrate and mislead an attacker.

  10. Recommendation 10: Implement firewall rules to block or restrict Internet and intranet access for database systems.

    Disallow all traffic outbound from servers harboring sensitive data. Communication to the SQL servers and data warehousing servers should be tightly controlled. Restrict traffic between data centers and stores to essential ports and services only.

  11. Recommendation 11: Implement firewall rules to block known malicious IP addresses.

    Firewall rule sets designed to block all ingress (incoming) and egress (outgoing) traffic to the known malicious IP addresses have been put in place. Note that traffic violating the rules should be logged and observed in near-real time.

  12. Recommendation 12: Ensure your HSM systems are not responsive to any commands which generate encrypted pin blocks. More specifically, HSMs should not accept commands that allow plain text PINs as an argument and respond with encrypted PIN blocks.

    HSMs are normally used to verify Personal Identification Numbers (PINs), generate PINs used with bank accounts and credit cards, generate encrypted Card Verification Values (CVVs), generate keys for Electronic Funds Transfer Point of Sale systems (EFTPOS), and generating and verifying Message Authorization Codes (MACs). These systems, if accessed by an unauthorized intruder, can provide the attacker the ability to discover the appropriate PIN number for a corresponding credit or debit card. Therefore, in an effort to prevent this, HSMs should be configured to disallow "in the clear" PINs as an argument for performing its tasks.


Tuesday, December 2, 2008

Disable the UAC feature in Vista

Disable the UAC feature in Vista

Are you tired of those User Account Control (UAC) prompts that appear whenever you're trying to run some admin tool on your Vista computer? They appear even if you're user account is a member of the Administrators group on your machine. That's because Protected Admins (PAs) normally run with the privileges of a standard user on Vista, which means to perform some administrative task or use an admin tool you have to first elevate your privileges to admin level, which is what the UAC prompt is designed to do.

Well, UAC is there for a reason--if your computer got infected by some malware and this malware tried to run an admin tool, the UAC prompt would appear to warn you that someone (you? Malware?) is trying to run a tool designed only for administrators. And a UAC prompt when you don't expect it would be a sure sign that something's gotten into your machine's innards.

Still, some users (especially sysadmins) are likely to find these UAC prompts annoying at best, so here's how to disable UAC on your machine:

1. Open Administrative Tools in Control Panel

2. Double-click on System Configuration

3. Click Continue to accept the UAC prompt

4. Select the Tools tab

5. Scroll down and select Disable UAC

6. Click Launch

7. Reboot your machine

Note that you may not be able to disable UAC if Group Policy configured for enforcing UAC on your computers.

Note: This tip is based on a pre-release version of Windows Vista and may not reflect functionality in the final


Laser Printer Cleaning Tips




Popular Posts