Lowyat.NET: Latest topics by sky_micro

Pillow too high?

sky_micro — Thu, 29 Jul 2010 11:13:26 +0800

once in a while (maybe around once every 2-3 months), I will have stiff neck & shoulder or my back will feel really sore, sometimes it affect my upper arms too, that I feel sore too.

I am wondering, is the main problem on my pillow, bring too high (I stack 2 pillows and it feels REALLY comfortable) or is it my sleeping pattern causing it? I have been sleeping on double pillow for many many years.

I have the habit of visiting the hair saloon for hair-wash every week, so that I could get head & shoulder massage to relieve the stiffness & release tension. Every single time, my shampoo girl will tell me my shoulder are very stiff, which she assume is due to work pressure.

p/s: it is definitely not my mattress problem as I changed my bed type base on doctor's advise, when I had serious backache problem back them.

Secunia: Apple Software Has the Most Holes

sky_micro — Tue, 27 Jul 2010 13:03:13 +0800

No offense to Apple fans. I came across this article and thought of sharing, anyone has something to say about this?

I myself, I am not sure how true is this.

Secunia: Apple Software Has the Most Holes

A new report from security software provider Secunia shows that despite considerable security investments, the software industry at large is unable to produce software with substantially fewer vulnerabilities.

The latest data shows that Apple has surpassed Oracle and even Microsoft with accounting for the most software vulnerabilities, though the No. 1 ranking is related only to the number of vulnerabilities--not to how risky they are or how fast they get patched.

This analysis also supports the general perception that a high market share correlates with a high number of vulnerabilities--with Apple (maker of iTunes and QuickTime), Microsoft (Windows, Internet Explorer), and Oracle's Sun Microsystems (Java) consistently occupying the top ranks during the last five years, along with Adobe Systems (Acrobat Reader, Flash), which joined the group in 2008.

Mac OS has remained relatively untouched by major viruses and hacking efforts in the past, as most ne'er-do-wells may have considered the operating system's market share and thus potential for private information less enticing than those of Microsoft's Windows. With the rise of Mac market share and the popularity of the iPhone, however, there is little doubt that Apple platforms will become major malware targets in the near future.

Highlights from the report:

* Ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco Systems, account, on average, for 38 percent of all vulnerabilities disclosed per year.

* In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010, to 760.

* During the first six months of 2010, 380 vulnerabilities, or 89 percent of the figures for all of 2009, has already been reported.

* A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third-party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

While not particularly surprising, it's a bit depressing to think that the multibillion-dollar security software industry continues to be so easily thwarted by bad guys. If there is one positive takeaway from the report, it's that since 2005, there has been no significant upward or downward trend in the total number of vulnerabilities in the more than 29,000 products monitored by Secunia.

Maybe flat is the best we can hope for?

Site down. Suspect Web-hosting Has Been Hacked!

sky_micro — Mon, 19 Jul 2010 11:31:49 +0800

Office site is down & our web-hosting company can't even provide us a solid reason on what happened. We suspect that they have been hacked and we MIGHT not be the only victim.

It has got me thinking, in this scenario, we ourselves can't do anything about it and can only sit while wait for the provider to do SOMETHING about it. IT IS NOT FAIR!!! It is OUR company reputation we are talking about here but to them, I don't care whether their image is being bring down. I pay for their service, I don't deserve to get my company reputation being scarred!

UGH!!! It's time to either depend on a more reliable web-hosting provider OR to overtake our own security within our company. I can't believe this company don't understand what precautions or competency that they need to build on, to protect their own rice bowl.

Lesson learnt: Why let outsider take care of my own company's image & security? In other words, a risk of business / reputation lost.

Use Hacking to Keep Hackers at Bay

sky_micro — Fri, 16 Jul 2010 18:09:01 +0800

I suppose the concept it shown here is pretty much like what the police says: "To catch a thief, you must think like a thief"... In this case, "To Beat a Hacker, you must think like one". Well, I must agree, it does make sense.

Check this out:

Use hacking to keep hackers at bay, webmasters suggest

WEB developers and experts in Nigeria who have been monitoring debates traded on the floor of different IT summits held both locally and internationally in recent times in an attempt to finding a lasting solution to the menace posed by cyber criminals have said that by carrying out repeated hack attacks on one’s server system to test for security weaknesses, hackers may be kept at bay.

“These hackers target codes that give them administrator level access,” says Metu Kingsley; an IT consultant “These codes should be the ones constantly under fire from these test attacks as an illegal entrant onto this platform will leave an entire site at the hands of the intruder”, as reported in the Vanguard by Charles Mgbolu on July 7th, 2010.

Mrs Sarah Aniacholim; a web host expert says “the hackers look out for vulnerable codes and weak links and then ride on them. But if a hack had been previously carried out by the organisation, it would detect these weaknesses and reinforcements quickly made.”

Another respondent, Mrs. Funke Bamigboye an IT consultant said: “These criminals are very patient. Many times they are not lucky to find breaches in the first place but then they keep chiseling away at the walls until a point weakens and opens and then they strike.

A hack simultaneously being carried out by the organisation would have detected this growing weakness on the wall. Immediate fortification would frustrate further attempts on the site.”

According to the developers, the hack is not meant to destroy a site that had been built after weeks of hard work but to constantly monitor and fortify the walls.

Already this is a practice creating gainful employment in advanced nations as these computer gurus some of whom were previously criminal hackers are now paid heavily to detect chinks in computer systems armory.

Source: vanguardngr.com

MAS KIARA Taman Tun

sky_micro — Wed, 14 Jul 2010 09:38:36 +0800

I passed by MAS KIARA (Opposite Kiara Condo), Taman Tun yesterday morning. I remember seeing those "in-progress" building being abandoned for quite some time last year but they are back at working on it.

The guardhouse / entrance is done, looks pretty impressive.

Any agents out there have any details on this up-coming condo? I am looking around.

My worry:
Since earlier they abandoned the work, i wonder will there be any problem that I should be prepared to foresee now? like being abandon again? *scared*

Budget RM400k for New Property

sky_micro — Mon, 12 Jul 2010 10:50:02 +0800

I am looking around for new property, preferably around areas like Sri Damansara, Petaling Jaya, Damansara, etc... A lot of friends are recommending places that are outskirt, which is not my preference.

I work in PJ & partner works in Old Klang Road, families are all in PJ area therefore it will be good to be around. We are actually not ready to move in now, that's why we do not mind considering on new properties which are still in progress.

Any recommendations?

Biceps & Triceps workout - Pole Dancing!

sky_micro — Mon, 12 Jul 2010 10:34:38 +0800

I HATE EXERCISING!!!

with my age catching up, I think I really really need to do something about it. I was in awe & totally salute my long lost friend, when I bumped into her doing a pole dancing performance in Jaya One, PJ on one Saturday evening. She looked so graceful on the pole mastering all the stunts.

She is soooooo skinny & petite, it gave me a light bulb on my head! If she can do it, I can too!!!

I started my fit-pole dancing classes a month ago and man it's SOOOOOO addictive! And surprisingly, I managed to sweat a lot and felt all the strecthes & grabbing on pole & spinnings are actually good for working it out for my biceps & triceps.

Now, I feel that I should spread the positive perspective of this exotic dance and find some pole kaki that can accompany me for practices in the clubs. *lonely*

p/s: I used to think pole dancing is very slutty but turn out to be, it's NOT! It can be a healthy work-out too

Hackers Target Instant Messaging Apps

sky_micro — Mon, 12 Jul 2010 09:21:54 +0800

It's not surprising, with the amount of spams I am getting everyday. I guess first level of security that IT newbie like me could do is to change my password from time to time? Yes? No???

Hackers target instant messaging applications

Security experts in Germany are warning of a new threat to MSN Messenger and Windows Live Messenger. As reported in the SC Magazine Australia/ NZ today, G Data SecurityLabs research has found a recent surge in spam and phishing sites that link to the services, as well as a wave of seemingly 'endless' fake friend requests. Adding to these woes is a rogue application that promises to tell users who is blocking them, but in fact is a lure to a scam.

Any links included in messages will take users to a Russian software site which offers products at unrealistically low prices, the firm warned, with the goal of the scammers to obtain personal information and credit card details from their victims.

"We created an account to try out these services ['Michael']. The results were as to be expected: disappointing," explained Eddy Willems, security evangelist at G Data SecurityLabs. "The 'who-blocked-you' service was not able to identify that, from the two contacts on our list, one actually blocked Michael and one did not. The names were both listed. "These failings aside, the firm will still have to wait and see what impact handing over Michael's log-ins has. However, Willems said that whatever happens to Michael will be insignificant when compared with what could happen to a real IM user.

"What will happen with the Michael account, now that the login details are in the hands of these scammers, remains to be revealed. Possibly Michael, with his mere two contacts, is not an interesting enough target for these cyber criminals to put any effort into," he said.

"Most IM accounts hold many contacts, that include email addresses and sometimes even more information about your friends. It's not a good idea to share that information with cyber criminals."

Source: securecomputing.net.au

FTC Forces Twitter ot Upgrade its IT Security Prog

sky_micro — Fri, 09 Jul 2010 12:39:52 +0800

This is not surprising, after the incident of a French hacker face prison after breaking into Twitter accounts of Barack Obama and Britney Spears by 'guessing' their passwords. Hahahaa... Btw, Facebook & Twitter = same developer right? correct me if I am wrong.

[/U]FTC forces Twitter to upgrade its IT security program

As picked from the SC Magazine Australia/ NZ today- cited by Dan Kaplan, in an agency first, the Federal Trade Commission (FTC) has settled with a social networking provider over charges that the popular website failed to properly safeguard the data and privacy of its users.

The settlement with Twitter resolves a complaint that the microblogging service committed a number of snafus that led to users' accounts being compromised to deliver bogus tweets to followers. In one case, attackers were able to exert administrative control over the site, which enabled them to deliver bogus tweets pretending to originate from the accounts of a number of well-known members, including President Obama.

In its complaint, the FTC contended that between January and May 2009, hackers "were able to view nonpublic user information, gain access to direct messages and protected tweets, and reset any user's password and send authorised tweets from any user account," according to a news release issued Thursday.

The hacker performed a "dictionary attack" – an automated technique in which a program attempts to guess the password by trying a long list of possible answers – on a Twitter employee's account. Once the hacker was in, he gained access to the credentials of Twitter users because the victim had administrative privileges.

The hacker later gave away some of the usernames and passwords on request through an underground forum. This allowed individuals to send fake tweets from nine accounts, including those belonging to Britney Spears, Fox News and Obama.
The FTC now has brought 30 cases against companies accused of poor security practices. Many involve organizations that were breached of some personal information. A Twitter spokesperson did not respond to a request for comment on Thursday.

Source: securecomputing.net.au

Clip-on Hair Extension

sky_micro — Tue, 06 Jul 2010 16:06:05 +0800

Bought a few clip-on hair extensions, which is REALLY EASY to use. Best of all, it's so much cheaper compare to the real hair extension. My saloon quoted me around 600-700 for 150 strands, crazy!

My concern now is, how do I maintain the clip-on? Do i wash it like real hair?

Anyone has experience in this here?

Facebook Flaw Exposes Private Information

sky_micro — Tue, 06 Jul 2010 15:58:41 +0800

was discussing about Facebook-ing with some friends yesterday and one of them said, "my Facebook has been hacked in for more than 10 times, just last week!"... Oh wow! It seems like he is a Texas Poker (Facebook online game) player, someone hacked into his account to transfer the virtual betting chips to other accounts, and make money out of it.

It got me thinking & started googling about Facebook hacking. And man!!! I am surprised by the number of search results I got:

Facebook flaw exposes private information
By Dan Worth
May 6, 2010

Social site admits to privacy settings 'bug'.
A major security flaw in Facebook has allowed users to see other people's personal information, and once again opened the social networking site to accusations of not securing user data effectively. The fault meant that users editing their privacy settings and then using Facebook's 'See how my profile looks to friends' feature were able to see friends' chat boxes and friend requests.

A Facebook spokesperson said that a bug in the system had revealed private information "for a limited period of time", and that engineers had disabled the chat function while a fix was carried out.
Candid Wueest, a security expert with Symantec, argued that the news is yet another worrying example of high-profile sites being affected by privacy breaches. "For any organisation, whether you are a social networking site or not, privacy breaches are worrying. This isn't the first privacy breach of its kind to plague a social networking site," he said.

The incident is not the first time that Facebook has been found wanting with its privacy settings, and will add more ammunition to those who say the site cannot be trusted with personal information.

Source: www.securecomputing.net.au

Anyone else has experienced similar problem?

Professional Certification > Academic Certificatio

sky_micro — Tue, 06 Jul 2010 15:04:15 +0800

The world has changed, I noticed a difference in the ACTUAL requirement in the working society, compare to years back then.

Degree used to be something great! Oh wow, you have a Degree! It's preferable in all organizations, everywhere you go but am I the only one who think Degree no longer is holding the same value now?

I come to learn that Professional Certification is carrying so much more value, as the skills learn truly apply to the industry specifically. My friends, they have started searching around for Professional Certification, after their Degree & before they started working. Chances of getting hired is so much better, in the employers' eyes, there are more advantages.

Maybe it's a good thing, that the market is catching up, as in improving in the standards in erm... services, quality, etc etc. Whereas, it may be a bad thing, to people who only has Degree, like me. Sigh~~~

Well, in fact, I am looking around too. Information Technology (IT) do look like a bright industry to advance into at this moment