Archive for February, 2008

5 Reasons Why Illegal Downloaders Will Not Face a UK Ban

Published by
Aaron.Smith
at February 25, 2008 in Tech World. Comments

The Times says “people who illegally download films and music will be cut off from the internet under new legislative proposals to be unveiled next week.” Actually, this story is complete balderdash. But the fact that this nutty proposal is getting anywhere at all illustrates how ignorant the powers that be are about downloading.

Let’s get a couple of things straight –

1. This proposal was a draft consultation green paper, defined as “a proposal without any commitment to action.” The government receives many of these on a daily basis. They are like junk mail at Number 10 Downing Street. The Prime Minister’s toilet paper is more important than most green papers, and both are usually filed in the same place.

2. This proposal is totally and completely unworkable in the real world. ISPs will not accept liability for the contents of packets (nor should they), and it would be impossible for them to open and check if every single download and upload was legal or not without the entire Internet grinding to halt. This isn’t in the best interests of the government, the ISPs or the voters. Banning customers and exposing yourself to billions in liability isn’t a good business strategy. Criminalizing six million citizens and inconveniencing the rest is not a vote winner.

3. It would be impossible to tell the difference between illegal downloading and legal activities such as downloading software patches, using torrents to share stuff legally, playing online video games, using VoIP, photo sharing, telecommuting, and many others. The resistance from the private sector would be as strong as it would from the general public.

4. The very idea of this goes against the ruling of the European Court, which says EU member states are not obligated to disclose personal information about suspected file sharers. It would also fly in the face of Article 10 of the European freedom of expression laws, which gives every European the “freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.”

5. WiFi piggybacking and encrypted packets make it impossible to tell who is downloading what in the first place. These techniques are only getting more sophisticated, while for the most part, the content industries collectively remain as dumb as a box of hair.

So in summary:

Insert Toilet Flushing Sound FX Here

This idea makes as much sense as trying to ban people from singing ‘Happy Birthday’ to each other over the telephone network, or burning down libraries to protect the publishing industry. But what’s frightening about such ideas is that they are still taken seriously all over the world by powerful decision makers in government and industry who have absolutely no clue about how the Internet actually works, or the damage such laws could do to democracy.

Before there is any more discussion about this, the music and film companies need to definitively prove illegal downloads cost them millions of dollars in lost revenues. CD sales are falling because nobody uses them anymore, and Hollywood is in rude health despite the pirates. There should be no more talk about changing laws and spending tax payer’s money on this ‘problem’ until someone proves there really is one.

Furthermore, if there is a problem, tax payers shouldn’t have to pony up in the first place. The content industries need to stop braying at governments to protect inefficient business models and look at the real solution that’s been staring them in the face for ten years.

[Source : TorrentFreak]

35 Things to avoid at your Job Interview

Published by
Aaron.Smith
at February 8, 2008 in Work and Personal. Comments

1. Show up unprepared: Most candidates have several days to prepare for a job interview. This is plenty of time to freshen up your resume and references, and learn everything you can about the company and job for which you’re applying. Knowing the business and its major players is great way to give you the edge over other candidates.

2. Pay little attention to your appearance: Think your appearance doesn’t count? Think again! The trend may be for business casual, but it’s still proper business etiquette to wear a suit. When it comes to the job interview, it’s all about the first impression. The company wants to hire the best person to represent the business, mohawked and hardwared individuals usually don’t fit the description.

3. Have nothing to say: It’s frustrating to an interviewer to receive one syllable answers. Go into detail. Sell yourself.

4. Say too much: Give your interviewer time to talk. By monopolizing the conversation and not letting others get a word in edgewise, you’re showing yourself to be a poor listener and disrespectful to higher ups.

5. Give a sob story: No one cares how deep in debt you are. If you give your interviewers the impression you’re irresponsible or your problems are a distraction, you won’t get the job.

6. Tell jokes: A job interview isn’t the time or place to be a comedian. You need to show you’re serious about the job.

7. Lie: Don’t lie about education, qualifications, past employment or a prison record. These are all things that businesses look into nowadays. Lying during a job interview can also be grounds for dismissal later on.

8. Trash a former employer: This is one of the biggest mistakes made during interviews. When asked why they’re seeking new employment many candidates will complain about a past employer. Why would anyone want to hire a malcontent?

9. Blame problems on co-workers: If there was an incident at a past place of employment, own up to it as honestly as possible. Casting the blame on other people only makes you look worse.

10. Act too familiar with your interviewers: Don’t call your interviewers Bob and Suzy (even if it is their names). Unless invited to do otherwise, address them as Mr. Ms, Dr or another respectful title.

11. Give too many personal details: Do you think an employer would want to hire you if he finds out you like to go out and party every night or you’re getting over a drug problem? Your personal life has nothing to do with your job. Don’t divulge unnecessary details.

12. Fidget, bite your nails, drum your fingers or show nervousness: Employers are looking for confidence, especially if you’re expected to meet with clients or give presentations.

13. Chew gum: No one wants to listen to the equivalent of a cow chewing its cud.

14. Bring your breakfast, lunch or dinner: Not only is it impolite to bring a meal to the job interview, it’s the best way not to get the job. Your interviewer doesn’t want to watch you eat, nor does she want to wait until you’re finished chewing to learn the answer to her questions.

15. Be disrespectful: Even if you don’t agree, it’s best to hold your tongue. No business wants to hire someone who is disrespectful to others.

16. Turn in a messy application: If you’re asked to fill out an application, do so in a neat, tidy manner, filling in as many of the sections as possible.

17. Bring only one copy of your resume: You may have several people interviewing you. Bring several copies of resumes and other pertinent information. It’ll show you’re someone who comes prepared.

18. Sit before you’re offered a chair: Wait to be invited before sitting. You may not even be staying in that room.

19. Smoke or drink alcohol: If you’re at a lunch interview, refrain from smoking and drinking, even if invited to do so. The interviewer may be testing you. Some businesses frown upon smokers because they spend a lot of time outside and no one wants to hire someone who indulges in cocktails during his or her lunch hour.

20. Talk on your cell phone or read text messages: To not turn your cell phone or pager off for an interview is just plain rude. Your interviewer should have your complete attention.

21. Show up late: Being tardy for a job interview tells your potential bosses, you really don’t care enough to make an effort. If you have an emergency such as being caught behind a traffic accident or a subway stalling, call ahead.

22. Discuss money, time off or benefits unless an offer has been made: Though this is probably what you’re thinking about the most, you want to the potential employer to think it’s the least of your concerns. The job should be on your mind first and foremost, not the pay or vacation time.

23. Ask no questions: Your potential employer wants to know you’re interested in the job. If you don’t ask any questions, you give the impression you don’t care.

24. Bring your cute little dog on the interview: Pets don’t belong at interviews. They’re distracting and present the potential for disaster.

25. Brush hair, file nails, put on lipstick: Primp before the interview, not during.

26. Cut short the interview for another appointment: Your potential employer doesn’t expect to be your only job interview but he does expect you to block out enough time to give a complete interview. Leaving to go to another appointment is rude and tells the employer he’s not a priority.

27. Hit on the receptionist or pass your phone number to a cute girl: If you give the impression you’re more interested in dating than working you won’t get the gig.

28. Get too comfortable: Don’t put your feet up, put your arms behind your head, cross your legs or stretch them out in the aisle. A job interview isn’t the place to let your hair down.

29. Give vague answers: Don’t tap dance around issues. Answer questions to the best of your ability. If you can’t answer a straight forward question, this employer might wonder what you have to hide.

30. Use foul language: It should go without saying that foul language isn’t appropriate at an interview let alone a place of business.

31. Act as if they need you more than you need them: You’re not the only candidate. If you act smug or make the hiring agent feel inferior you won’t get the job.

32. Excuse yourself often to use the bathroom or phone: If you can’t attend the interview uninterrupted how will you do the job?

33. Forget to shake hands: A potential employer is looking for a good, firm handshake. Don’t overlook this important detail as it says a lot about your character.

34. Fail to follow up: Always follow up on the interview within a few days. It will show the employer you want the job, and also that you practice good business sense.

35. Fail to send a thank you note: It’s polite and makes a good impression.

Internet Security… Im sure iv heard of it !

Published by
Aaron.Smith
at February 7, 2008 in Tech World. Comments

Today as part of my MSc Course we had a special guest speaker from Kaspersky Antivirus labs do a presentation on the history and current landscape of Internet Security vulnerabilities, so i thought is share some of the info i got from the presentation here !

Well, lets start back at the beginning, before many of us new their were even viruses out their, security threats and malicious attackers out to do harm, Kaspersky had approximately 75 Viruses on file in 1990 most of which were Farly harmless. At the time, the original architects of viruses were aimed at notoriety, getting their reputation as a hacker/cracker with some know-how… This was achieved primarily through a competition of ‘Biggest Dick’ who could infect the most machine, who could cause the biggest denial of service, who could get Britney spears boobs on the most monitors… And while all this is fun and slightly annoying, its for the most part harmless and just an irritation.

Well thats changed over the years, by 1992 their were so many viruses floating around the Internet that AntiVirus (AV) organisations like Kaspersky were calling the phenomenon ‘GLUT’ as a term to describe their inability to keep up with the growing number of potential threats. Tactics were changed and now in 2008 Kaspersky has over 500, 000 Virus definitions floating around in its Definitions Library.

So what got us, as the consumer to notice this… well in short, attacks such as the Melissa virus and love letter, although only annoyances and still classed as ‘Wow’ style attacks within the hacker community (aka, biggest attack) these were the largest on the scene and drew the attention of many a home user and business into the concept of not letting their machine be the ‘willing’ victim of this style of abuse again.

Unfortunately, hackers motives have changed again over the years, whereby previously it was a competition to see who could be bigger, now its a lot more organised and focused towards getting the hacker some form of financial gain. Back in the 1990’s Viruses accounted for virtually all of the malicious code on the net, now in 2008 its only around 5%, with a whopping 90% dedicated to that of Trojans, backdoor applications which compromise a victims machine and use it for their own means.

The Trojan infection proves far more useful for the needs of many of the current hackers, creating what are known as ‘Botnet Army’s’ or ‘Zombie Army’s’ of compromised machines (small groups of machines, which are at the hackers mercy). The success of this style of attack can be seen just by having a quick browse around the net, many of these botnet Armies are created, just so the attacker can sell them to other hackers. Seems hacking has become a service orientated business by these standards.

The complexity of these attacks has also increased drastically since the original days, with Trojans attacking each other if they find themselves on the same machine (Looks like the days of Sarah Connor and her Terminators might not be too far off). The ability to mask themselves and hide from the user and AV software continues to evolve with each variant of infection. Polymorphic versions which appear totally different on each infected machine, rendered the traditional ‘Virus Definition’ Library useless, and force AV organisations to move towards Statistical Analysis and Heuristic Approaches to detect the characteristics of these infections, rather than their signature in active memory.

A prime example of a current worm which is proving to be difficult to terminate is that of the Storm worm, which uses Peer 2 Peer (P2P) control mechanisms to avoid the problem of a central controlled network. Traditionally a case such as this would be simply be stopped by stopping the controlling hacker or their means of controlling the worm (aka, blocking ports, or traffic analysis), but with a P2P style control, not all the infected hosts know about each other and none of them are aware who is the controller. So lets face it, if P2P has been working so well for Movie, Music and Software piracy for the last 10 years, i think this worm might be onto a winning tactic !

As said, more and more these attacks are aimed at financial gain for the attacking hacker, hence we can see a definite rise in the use of the Internet for Online Fraud, with over 17 Million UK based users now conducting their banking online its no surprise that 2006 saw a loss of £33.5 Million to online Fraud.

Phishing, as a tool of social engineering provides a perfect example of how this new evolution of hacking is being implemented in the real world, a technique which is only about 2 years old and in its infancy was a pathetic and a joke to most experienced Internet users has now grown into an industry generating millions. Two years ago if an phishing email was dropped into your inbox claiming to be from ebay, with the ‘reply to’ address “ebay@borris-navrist.rs” and ebay spelt ‘ebey’ with worse grammar than a 5 year old on crack, most of us would hit the delete button. But now, their getting better, with forged message headers, experienced web designers of their own, these attackers are creating forged emails and even websites which look convincing to the best of us ! A survey conducted by the University of Indiana showed than 2 - 3% of phishing recipients actually fall for the attack, which doesn’t seem like much, but when placed into context where 1 million phishing emails can be sent with the click of a button, thats 2 - 3 hundred thousand successful attacks ! Not bad for a days work eh !

Of course, phishing is the user interaction version of this, who now a days wants to rely in the user when the computer itself can do some of the work for you… Malware infections can infect a machine, disguise themselves as legitimate processes on the machine and perform any number of tasks, including forwarding all your passwords, credit details (stored within financial apps such as Quicken, MS Money, etc), documents (with keywords in name) to a waiting server under the attackers control (or even one of their botnet machines). Makes you think twice about installing that toolbar or strange poker software now doesn’t it lol !

Its about this time most people are thinking, ‘hey iv got Anti-virus software, isnt that on my machine to stop this sort of crap happening’… well yes, your right is it, but lets put it this way, what happens first thunder or lightening… most of us will agree its the lightening then you’ll have to wait around for the thunder for a few seconds. Well the AV industry works the same way, new Viruses get released every day, and although we can see them, and their effects (the same as lightening) its not really instant to get the response to these new viruses. Though not quite as fast as Thunder, new updates and ‘cures’ for malware & virus infections take time to be developed, and in this in-between time YOU ARE VULNERABLE… afraid its as simple as that, so it still comes down to you, the end user not to be the weak link, to look at the Internet and its content with a suspicious eye.

The Future has new things in store for us all, but for the Kaspersky experts their betting their bottom dollar on the targeting of social networking as the next big threat, with the absolute horde of information freely given by users to these sites such as Bebo and Facebook its no surprise that hackers look at them with wanting eyes… it was once said that ‘Knowledge is Power’ and if this claim is ever more true, then its now in our Internet driven money inspired culture of on-demand service…

Happy Surfing, watch out for the sharks !

Internet, Such a Fragile Thing

Published by
Aaron.Smith
at February 7, 2008 in Tech World. Comments

Well, it turns out that the world of Internet traffic isnt only affected by retarded ISP engineers and tractors cutting through telephone lines… But now also ships are having fun at doing it too. In recent news, iv caught wind of the loss of the SeaMeWe4 cable and FLAG Europe-Asia, effectively cutting the Internet access of the Continent of Asia by 75%.

Although claimed as an accident, caused by a ships anchor during bad weather, Internet conspiracy nuts are already hot on the heals of this and have been backed up by the Egyptian government who say their were no ships in the area where the cable was severed during the storm, O-Oh, back to the drawing board on that theory then.

Since then, February 4th has the announcement of a further 2 cables being severed around the mediterranean, Communications in the Middle East have been hardest hit by the damage, though India, the United States and Europe also experienced slowdowns. It is still undetermined what has caused the loss of these two original cables and now the Qatar-UAE & Falcon submarine line but most telecommunications experts and cable operators say that sabotage seems unlikely, one thing is for sure though, and thats undersea cables carry about 95 percent of the world’s telephone and Internet traffic so we cant afford to loose many more !

Click here for a world map of the current Submarine Cable network, published by The Guardian after the orginal two cables were lost !