November 29, 2011

Google Chrome Extensions

Filed under: General Ramblings,Security Ramblings,Technical Ramblings,The Great Tech Blog-Off — Tags: add-ins, chrome, extensions, google, plugins — PeterWallace @ 9:19 pm

Here are some extensions you can run to see what is happening behind the scene or to help protect your surfing:

Web of Trust – shows you which websites people trust for safe surfing, shopping and searching on the web (even has a setting for color blind accessible version). This extension can access your data on all websites and your tabs and browsing activity
(https://chrome.google.com/webstore/detail/bhmmomiinigofkjcapegjjndpbikblnp)
Last Pass – is a free password manager and form filler. LastPass is also available for Firefox, Internet Explorer and Safari. All the password data is locally encrypted, so even if the LastPass service is hacked, your passwords are safe. This extension can access your data on all websites and your tabs and browsing activity
https://chrome.google.com/webstore/detail/hdokiejnpimakedhajhdlcegeplioahd
Password Fail- Warns you if the website being used stores their passwords in plain text form. This extension can access your data on all websites and your tabs and browsing activity.
https://chrome.google.com/webstore/detail/ockgeenjbijlgilppfieaklfopnbdpge
Credit Card Nanny - This Chrome extension is just like Password Fail except Credit Card Nanny highlights websites that store or send your credit card number (and other data) as clear text. Credit Card Nanny helps you avoid the online stores that engage in this risky business. This extension can access your data on all websites and your tabs and browsing activity
https://chrome.google.com/webstore/detail/lfmmjpapolbaaddobpnlcjkgchmhhoog
Secure Profile – It’s all fine and good not to share your passwords or browsing data with unknown online parties, but what about the people who use your PC? The Secure Profile Chrome extension encrypts and password-protects your Chrome profile data — including all those stored passwords and form auto-completes — so that anyone who gains access to your machine can’t also gain access to your online accounts. This extension can access your tabs and browsing activity.
https://chrome.google.com/webstore/detail/eddeeogaiodnhfkingpegpmhpdiifbgh
Bug Me Not Lite – Almost every web site seems to want you to create an account — and to track your access history across the Internet — even if you only plan on visiting once. With the BugMeNot Lite Chrome extension, simply click CTRL+i and those login forms will be auto-completed with anonymous information. You get access, but the site gets no data. This extension can access your data on all websites and your tabs and browsing activity
https://chrome.google.com/webstore/detail/lackfehpdclhclidcbbfcemcpolgdgnb
Google Alarm - Perhaps more amusing the useful, the Google Alarm Chrome extension sounds a shrill siren alert anytime you load a page where Google is collecting browsing data (Google Analytics or Google AdSense) This extension can access your data on all websites
http://jamiedubs.com/googlealarm/
KB SSL Enforcer - If certain sites or services offer a Secure Sockets Layer login or access option, the KB SSL Enforcer will automatically select that https:// URL. This extension can access your data on all websites
https://chrome.google.com/webstore/detail/flcpelgcagfhfoegekianiofphddckof
Click & Clean - The Click & Clean Chrome extension is the option for erasing your browsing history. Besides removing all the URLs from your browser logs, Click & Clean also deletes every cookie, web temporary file, local web artifact, LSO and download history item from your browser — whether they could do harm or not. In short, it makes it look like you’ve never browsed the Internet before… This extension can access all data on your computer and the websites you visit.
https://chrome.google.com/webstore/detail/ghgabhipcejejjmhhchfonmamedcbeod

So lets get out there and see if there are others we can use

Comments (2)

November 28, 2011

Google search engine or personal assistant?

Filed under: General Ramblings,Social Ramblings,Technical Ramblings,The Great Tech Blog-Off — PeterWallace @ 8:20 am

We all use Google and know pretty much about the search features but what about some of the other things it can do? What do you like doing with it?

Let’s do some playing!

1. www.google.com/pacman you can spend hours playing 1 or 2 person pacman

2. www.google.com/logos/2011/lespaul.html Play some music on a Les Paul Guitar

3. www.google.com/logos/2011/henson.html – Play with the Muppets

4. Go to Google.com, Type Google Gravity, Click on I’m feeling Lucky

5. you can convert your Google page to have an Elmer Fudd language www.google.com/webhp?hl=xx-elmer

6. What is the answer to life, the universe and everything?

OK enough playing here are some of the other things you can use with it. Presented in no particular order:

1) Use it to get local time anywhere: To see the time in many cities around the world, type in “time” and the name of the city

2) Use it as a spell checker: Google’s spell checking software automatically checks whether your search uses the most common spelling of a given word. If it thinks you’re likely to generate better results with an alternative spelling, it will show you the results for the other spelling.

3) Currency conversion: simply enter the conversion you’d like done into the Google search box

4) Unit Conversion: convert between many different units of measurement of height, weight, and volume among many others. Just enter your desired conversion into the search box.

5) Track flight status: To see flight status for arriving and departing U.S. flights, type in the name of the airline and the flight number into the search box.

6) Use it for the current weather: To see the weather for many U.S. and worldwide cities, type “weather” followed by the city and state, U.S. zip code, or city and country

7) A Calculator: To use Google’s built-in calculator function, simply enter the calculation you’d like done into the search box

8) See Public Data: To see trends for population and unemployment rates of U.S. states and counties, type “population” or “unemployment rate” followed by a state or county. You can click through to a page that lets you compare different locations.

9) Stock Quotes: To see current market data for a given company or fund, type the ticker symbol into the search box

10) Sunrise or Sunset : To see the precise times of sunrises and sunsets for many U.S. and worldwide cities, type “sunrise” or “sunset” followed by the city name.

11) Dictionary: To see a definition for a word or phrase, simply type the word “define” then a space, then the word(s) you want defined. Note that the results will define the entire phrase.

12) Use it to find local places: Example you have a craving for a sub but not sure where to go

Comments (6)

November 25, 2011

Social Engineering – A Matter of Trust

Filed under: General Ramblings,Security Ramblings,Social Ramblings,Technical Ramblings,The Great Tech Blog-Off — Tags: security, social engineering — Jaron H. @ 9:19 am

In the world of cyber security, there is one very dangerous exploit that no anti-virus can ever detect, that no firewall can block, and that no complex password can ever protect a person from. This one catastrophic flaw in security is enough to bring down large corporations and government agencies in mere seconds. So what kind of security threat could possibly be that big? Social Engineering.

Social Engineering is the art of manipulating people – usually through blind trust, habit, or curiosity – to either divulge what is seemingly innocent information or perform a rudimentary task. Most of the time, people don’t realize they have even fallen victim to a Social Engineering attack until it is too late (assuming they ever find out!).

Most people are familiar with the popular forms of Social Engineering attacks. For example, an email or phone call from your “bank” asking you to provide information they should already have or the ever-popular Nigerian Prince scam. Just about any get-rich-quick plan that has been floating around in emails or even the “smilingly-innocent” Facebook games can be boiled down to a form of Social Engineering (Random fact: Did you know that all you need to pull a person’s credit report is their name and address? Keep that in mind the next time you go to let a Facebook app access your personal information!).

A few days ago, I received a call from a man named “Tom” who works at the company that we will call “XYZ”. I’ve never worked with Tom directly before this but he knew all of the people whom I’ve worked with and he knew many details about the project our business was doing for company “XYZ.” The purpose of Tom’s call was to ask about a credit report that our business had processed for company “XYZ.” Now, one of my job requirements is to help our customers with any problems so my instinct was to immediately help Tom out. But here’s the problem: How do I know Tom really works for company “XYZ?” Does Tom even have permission within company “XYZ” to discuss confidential credit information?

As much as I wanted to trust Tom, I couldn’t. Caller ID’s can be faked and the information he had about the project could have been obtained through questionable means (namely, insecure emails). As far as I knew, Tom could be trying to using a form of Social Engineering known as pretexting (the practice of getting your personal information under false pretenses ) to squeeze information out of me that could be used against either the individual whose credit report he was asking for, against company “XYZ,” or against our business.

The good news is that I was able to call my contact at company “XYZ” and verify that Tom was indeed in a position to request help from me (more on this later). However, let’s assume Tom was trying to exploit me and look into areas where he would have been trying to exploit me through:

1) Helpfulness: He would have been trying to use my desire to help out a customer to gather confidential data!

2) Trust: He would have been looking for me to trust that he really did work for company “XYZ” and that he had their best interest in mind.

Notice something? The very things that make a good employee and support person – or just a nice person in general – can also be that person’s biggest weaknesses! Let’s look at a few more, simpler cases of Social Engineering:

- Holding the door: You’re assuming that the person you are holding the door for is actually allowed in the building.

- Piggybacking: Letting someone who “locked themselves out” or “forgot their ID” inside the building.

- Dumpster Diving: If you don’t shred documents or destroy hard drives properly, anyone can get your confidential data out of the trash.

- Curiosity/Learning (AKA Baiting): “Let’s see what’s on this CD…”, “Let me try this application…”, “I’ll open this document/url…” – All of these are famous last words before unknowingly installing a virus or malware!

- Diversion: Persuading a person responsible for a legitimate delivery that the package they are delivering (data or physical) is to be delivered to an alternate location through a last minute decision the company had made.

- Email: Most people don’t realize that all of their emails bounce from server-to-server in plain text and can be easily snooped.

Notice that all of the above examples do require an element of trust or false sense of security. So, how do we get around this? Simple: Don’t blindly trust anyone. Now this solution sounds easy but how can you do this practically in the real world?

In IT, one of the most reliable forms of security is a process known as Pretty Good Privacy (PGP). It is a complex security protocol that essentially requires a form of trust in order to allow a recipient to access its encrypted payload. Prior to exchanging any secure data, the two parties involved will exchange what are known as “keys.” The purpose of this is so that two key’s are required to “open” (decrypt) any secure file exchanged between the two parties. Those key’s are:

1) The sender’s public key (we’ll call the sender “George”): This is the key that George presents to the individuals who are authorized to decrypt his encrypted data. This way, since George’s private key was used to “lock” the file, his public key is required to “unlock” it.

2) The recipient’s private key (we’ll call the recipient “Sam”): This is the key that only Sam will possess, which will unlock anything that was locked by his public key.

As a result, George knows that Sam is the only one who can unlock the file since Sam is the only one who has the matching private key. Likewise, Sam knows the file is from George because the file can only be unlocked using George’s public key (and only George has the matching private key required lock the file in the first place).

Why did I mention this? Because the basic principle behind this security is also the best way to establish trust and therefore minimize the chance of being exploited through Social Engineering. This is because your trust is based on:

- Something you have (i.e. George’s public key)

- Something you know (i.e. Sam’s private key)

Going back to my case with Tom, before I could help him, I had to be sure he was who he claimed to be. My processes of authenticating Tom went like this:

1) Something I know: I called up my contact at company “XYZ” and verified that Tom worked for them and that he was authorized to look into this case.

2) Something I have: I then asked my contact for Tom’s contact information so that *I* could call him.

The last step is just as important as the first one. Why? Because even though Tom (the one who worked for company XYZ) passed step one, there is no guarantee that the person I talked to was that Tom. However, since I was the one calling him, I knew that I was talking to the correct Tom. Therefore, I was able to address his problem and work with him in confidence.

Further reading: http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars/1 This details how the hacking group Anonymous used simpl attacks and social engineering to take down the entire Federal branch of the computer security company HBGary.

Comments (5)

November 23, 2011

My Top Technology of (all) Time

Filed under: Computer Ramblings,General Ramblings,Technical Ramblings,The Great Tech Blog-Off,Video Game Ramblings — Tags: Apple Airport Base Station, Apple II, Atari 2600, Atari VCS, Game Boy, Iomega Zip Drive, NES, Netscape Navigator, TiVo HDR110 — rjmccray @ 7:21 am

I was thinking back over the years about all the interesting gadgets that have been created, invented, and discovered. Some were gone before the public even new they were created. While some are still around today, in one form or another.

Anyone remember the Atari VCS/2600 which found it’s place in many homes (including mine) in the the late 1970′s. You can’t underestimate the importance of the original Atari, which made home gaming what it is today. All modern game systems owe some portion of their success to this simple machine. The VCS (later named the 2600) sold 8 million units in 1982. The 2600 eventually sold nearly 40 million units, paving the way for competitors and imitators alike.

How about the Nintendo Game Boy (1989)?

A monochrome screen, four way control pad, and two action buttons used to be all it took to entertain kids for hours! The original Game Boy may look primitive by today’s standards, but consider the state of handheld gaming prior to then. Two words: Mattel Football. Through a whopping nine versions, the Game Boy has gotten progressively smaller, while Nintendo’s hold on the portable gaming market keeps growing larger. More than 188 million Game Boys have been sold throughout the years, making it easily the most influential portable gaming device ever constructed.

Iomega Zip Drive (1994)
Before broadband, and before the ubiquitous writable CD, there was the Zip disk. If you regularly dealt with files larger than a few hundred kilobytes, you invested in a Zip drive, which used a super-floppy disk of sorts to hold 100MB (later 250MB and even 750MB) worth of data. The Zip was fraught with technical problems (the “click of death” being its most infamous), but during the latter half of the nineties, you really had no other choice. (What, you were going to buy a SyQuest cartridge? Please.) Look through your desk drawer, and we wager you’ll find at least one of Iomega’s iconic squares collecting dust.

Nintendo Entertainment System (1985)

You didn’t think I forgot this masterpice, did you? Gaming had been wallowing in a two-year depression when its savior finally arrived. The NES was a powerful gray box that introduced millions to the world of Super Mario Bros., the console’s most visible and lasting hit. With the NES, Nintendo began a years-long reign over home gaming, thanks largely to its near-perfect ports of various arcade classics, like Super Mario Bros. and Donkey Kong. The NES’s legacy is still apparent today in the success of Nintendo’s Wii console, with characters like Mario and The Legend of Zelda’s Link still holding court, some 25 years later.

Apple Airport Base Station (1999)
Apple wasn’t the first company to introduce Wi-Fi, but in 1999 its flying saucer Base Station became a visible (and stylish) emblem for the joys of wireless connectivity. Apple was a forerunner when it came to incorporating 802 b into laptops, and it championed the technology before other vendors did. Nowadays, Apple’s Airport Extreme Base Station is a direct descendant of the earlier technology. But even though the company is a relatively minor player in networking hardware, the original Base Station had a powerful influence in the early days of Wi-Fi and helped kick-start the migration to the wireless world as we know it today.

Netscape Navigator (1994)
Before IE, Chrome, Firefox, and Safari there was Netscape. Netscape was the reason people started spending hours a day on the Internet, leading to the boom (and bust) of many a Web site. The advent of the browser also led to the U.S. Department of Justice’s antitrust suit against Microsoft, after the company embedded Internet Explorer into Windows. And Netscape’s August 9, 1995, IPO is universally considered to be the official start of the dot-com era. Netscape, unfortunately, couldn’t keep up with the times and was surpassed by Internet Explorer in the late nineties. The Netscape browser still exists (under the ownership of AOL), but has fallen into utter disuse. Nevertheless, its influence can still be felt all over the Web. Fragments of its original code, for instance, live on in just about every browser still in production, from Mozilla Firefox to Internet Explorer.

Apple II (1977)
What was so special about the Apple II? It offered plenty of productivity tools (it was the first PC to run the VisiCalc spreadsheet, for instance), it was good at gaming, and it was quite extendable (when is the last time you saw a computer with eight expansion slots?). And the machine itself looked so much cooler than anything that had preceded it, a philosophy that still lives on in the Apple computers of today. The Apple II may not have been the first personal computer, but it was the spark that ignited the personal computing industry. If you’re lucky, you might still be able to find an Apple II on eBay, thought they don’t seem to last long.

Lastly, my personal favorite, TiVo HDR110 (1999)
It’s hard to believe but it’s true–TiVo has been around for almost a decade, making it nearly geriatric in the world of technology. The premise is simple: TiVo replaced the VHS tape with a monster hard drive, recording shows to disk instead of to analog media. That meant you could pause and resume live TV, skip through commercials in an instant, and record an entire season of 24 with just a few clicks of the remote control. TiVo’s innovations helped it to handily beat ReplayTV in the battle for mind share, though it struggled to reach profitability and now risks falling prey to that killer of many a promising company: commodity status. Though TiVo the brand may eventually die, “tivo” the verb will probably be with us forever.

These are some of my top gadgets….tell me some of yours.

Source: http://www.pcworld.com/article/123950-7/the_50_greatest_gadgets_of_the_past_50_years.html

Comments (14)

November 21, 2011

Shrink-Wrap Agreements

Filed under: General Ramblings,Social Ramblings,Technical Ramblings,The Great Tech Blog-Off — Tags: agreements, eula, shrink wrap — Davina W. @ 8:30 am

The next time you order something from a manufacturer, be it a computer or a toaster, take time to read the paper or booklet entitled Terms of Sale or Terms of Agreement that comes with your order. In the past you may have ignored this booklet filled with microscopic mumbo-jumbo (I know I have). But In doing so, you unwittingly entered into a contract.

A shrink-wrap agreement (also called shrink-wrap license) is an agreement between a manufacturer and purchaser/user, which becomes valid when the purchaser opens the box the product is shipped in. Regardless of whether or not the purchaser reads the agreement, by keeping the product they validate the agreement.

For example, say you order a computer part from a manufacturer. When you receive and open the box, you validate the agreement contained in the box. If you keep and use the product, you are legally bound by this shrink-wrap agreement.

If the shrink-wrap agreement states that all sales are final after 15 days instead of the normal 30 days, you cannot return the product if it breaks on the 16^th day. If the agreement states that all arbitration will take place in Alaska, you have to travel to Alaska to arbitrate or sue the manufacturer.

In most cases, shrink-wrap agreements cover terms that we generally expect when purchasing products. But when you order an expensive or specialty item, be sure to read the shrink-wrap agreement so you are aware of your legal options should something go wrong.

Comments (6)

November 18, 2011

Web Accounts Hacked?

Filed under: General Ramblings,Security Ramblings,Technical Ramblings,The Great Tech Blog-Off — PeterWallace @ 7:30 am

So I keep talking about web security and passwords but now how do web accounts get hacked? Most of the time it is a crime of opportunity, that is not to say talented individuals with advanced knowledge are not a threat, but it can be easier than you think to expose your password. Wikipedia defines crime of opportunity as a crime that is committed without planning when the perpetrator sees s/he has the chance to commit the act at that moment and seizes it. Such acts have little or no premeditation. A lot of people think ok my e-mail really is not that important anyway as all I get is e-mails from friends or forwards of jokes. But it could be used to send notices from your banking, send passwords, or resets for accounts. Here are some ways you may give out your information:

Recovery E-mail Account: A recovery e-mail account is method a lot of systems use to help you get back into an account that you have lost the password for We have all done it and signed up for a free e-mail account to use to get information sent to or set up accounts with. When you sign up for some services they may ask you for a backup e-mail. You ask the site to send you your password (some will just reset it). The site says: “Sure, it’s been e-mailed to you.” As long as you have access to that other account, you are just fine and dandy.

The interval at which you need to check your free e-mail account to keep it from falling dormant and being automatically discontinued, cancelled or even deleted varies from service to service. Here are the log-on requirements of the most prominent:

Windows Live Hotmail: 120 days
Yahoo! Mail: 4 months
Gmail: 9 months
AIM and AOL Mail: 30 days

If someone claims that account accidentally and you reset your password, then you just lost control of your main account. If it was on purpose, then the next step is to simply go through the password recovery process.

Avoid Duplicate Passwords: An easy way to get hacked is to give a site your e-mail address and then use the same password at that site. The same goes if you use the same user name and password at two or more sites. If the site does not encrypt the password, then there is a huge problem. Anyone who works for the site and has access to this information (or gains it) now has everything they need to log-in to your account. While most sites protect passwords, there are still ways for employees to get it. At the least, use a different password for your e-mail account than everything else.

Public Computers are scary! – If you must use a public computer always remember to sign out. Even better try to go back into the site to make sure you did not forget to log out. How often do you see the browser box pop up and ask you if you want to save the password? You didn’t check it did you? Also on that shared computer it may have spyware, virus, or key loggers watching for your user names and passwords. Also clear your history and Browser cache if it allows you to do that. You have no idea who was there before you and who will use it next.

Beware of your surroundings: ok you just pulled out your laptop at the coffee House/Bookstore/McDonalds and you have people around you. They could be watching what and where you are going. Also remember that cell phones and cameras are everywhere. If they can capture/record or watch you enter your password they now have keys to the kingdom.

Avoid Commonly Used Passwords: I’m going to sound like a broken record here but avoid the easy passwords. I will be trying your name, family names, pet names, favorite sports teams, and some of the other usually passwords. The longer the password the better. Also mix it up with upper case and lower case numbers, numbers and non-alpha charters. Just words of warning putting a 0 or 1 at the end of your password is very common so don’t do that. “A lot of personal information actually functions like a password and, as such, needs to be robustly protected,” said Chris Young, vice president of consumer authentication at RSA in a statement. “With a bit of sleuthing, motivated hackers can guess a password by having [a victim's] address and trying combinations that assume he’s a fan [of a particular sports team].

Written Passwords: Ok so you have all these different passwords. You write them down on a sheet or in a book. Guard them like they are a Million Dollars. I will walk up to your desk and look in the top drawers, under the keyboard, in the front of your date book or under your desktop calendar, or the best spot – the post-it note fastened to your monitor. Keep them secure very secure if you most write them down. Also avoid the online password vaults as they may also be hacked. In May 2011 a online multiplatform password manager, noticed “a network traffic anomaly,” possibly a hacker attack, so it forced its users to change their master passwords.

Use only Trusted Computers: This is almost like public computers. If you do not have control of the machine a quick log into a site may just be captured and you gave up everything. If you use the same passwords for everything you have a big problem. Your personal machine should be fully patched with all updates for the programs running and installed on your machine. Current firewalls and antivirus programs installed and running.

This is all stuff we hear every day but is a good reminder to check every so often. Lastly, remember the first rule of passwords: don’t ever give them out or share them! Now excuse me as I take this call from the Computer Department asking for my user name and password to reset something.

Comments (7)

November 16, 2011

Its Apple – it HAS to be better! (comparison of iPhone 4S and Droid Razr)

Filed under: General Ramblings,Social Ramblings,Technical Ramblings,The Great Tech Blog-Off — Tags: apple, Droid, HTC, IOS, iphone, Mac — KyleEberly @ 8:17 am

Now don’t get me wrong I love Apple, their features and OS are nice and the products themselves generally work very well. That being said I cannot stand the mentality that people have about Apple. They tend to overlook the facts and statistics because having a MAC is “cool”. My phone is an HTC Hero and over and over again people will see me using it and the conversation will go like this: Person - “is that a droid?” me – “yep it is.” person – “can I play with it a bit?” I give it to them they play with it for a minute and then inevitably they say “I would rather have a iphone”….well DUH It’s a 2 year old low end smart phone with the Android OS on it. The Apple OS is on one phone, the iphone. Android is on countless phones with specifications in all ranges. You cannot compare a phone like the HTC Hero to the iphone 4 and expect the Hero to win and yet for some reason people seems to think that all Android phones are exactly the same.

For all of you that blindly follow Apple simply because it is Apple I am going to list some specifications from the iphone 4s and the Motorola Droid Razr which was just released 11/11/11.

OS	iOS 5	Android 2.3.5 (Gingerbread)
Updatable OS?	? (OTA)	? (OTA)
Subsidized Price (US$)	199(16gb)/299(32gb)/399(64gb)	299.99
Carrier(s)	AT&T, Verizon, Sprint (Oct 2011)	Verizon
Network	GSM Edge, 3G + CDMA	CDMA + 4G/LTE
CPU type	A5, dual core	TI OMAP (dual core)
CPU speed	1 GHz (?)	1 GHz
RAM (MB)	1024 (?)	1024
Display type	Retina LCD/TFT/IPS	LCD/TFT “qHD” *
Display res. (pix)	960 x 640	960 x 540
Display (diag, in)	3.5	4.3
User storage (GB)	16/32/64	16
MircoSD slot	x	? (Comes with 16GB Card)
Rear camera (MP)	8, record 1080p	8, record 1080p
1st photo, shot-shot (s.)	1.1, 0.5	3.7, 1.6
Video image stab.	?	x
Front camera (MP)	0.3 “VGA”	“VGA”
Camera flash	?	?
Audio out	3.5 mm jack	3.5 mm jack
Speakerphone	?	?
On-screen video	1080p playback	1080p playback
Wireless video	AirPlay @720p	DLNA
USB port	x	?
Wi-Fi	802.11 b/g/n	802.11 b/g/n
Bluetooth	4.0	2.1 + EDR
Compass	?	?
Gyroscope	3-axis	x
Accelerometer	?	?
Sensors	proximity, ambient light	proximity, ambient light
Size (in)	4.5 x 2.31 x 0.37	5.02 x 2.63 x 0.43
Weight (oz)	4.9	5.6
Battery (mAh)	1420 ?	1735
Talk time (min)	480 (3G)	650
Standby time (hr)	200	200

Now there is a lot of information there but I want to pull out a couple key things.

1: The Razr is on Verizons 4G LTE network while the iphone 4S is only capable of 3G speeds. This means the Razr will have faster download and upload speeds.

2: The Razr’s battery power is supposed to last 30% longer then the iphone 4s. This is even more impressive when you consider that the Razr is on 4G which takes more battery power then 3G.

3: The Razr has a .8 in. larger screen then the iphone 4s does.

4: The iphone 4s is sold with 16/32/64 gig internal memory but does not have a slot for a microSD card. The Razr is sold with 16 gig internal memory and a 16 gig microSD card. I don’t know about you but if I need more then 32 gig I’d rather buy a 40 dollar microSD card then pay another $100 for a 64gig iphone 4s.

Other then that the specifications of the phones are very very similar. So in conclusion I am not saying the Razr is better then the iphone4s. I am not saying Android is better then iOS, what I am saying is that Apple is not better simply because it is Apple. Don’t make your decision because of a preconceived idea of either OS. Take some time to look at the specifications and if possible to actually go and try out the phones/laptops/tablets and make an educated decision.

Source http://www.macobserver.com/tmo/article/iphone_4s_vs._motorola_droid_bionic_spec_comparison_chart/

Comments (9)

November 14, 2011

Zero-day Exploit Duqu has Microsoft posting hot fix

Filed under: Computer Ramblings,Security Ramblings,Technical Ramblings,The Great Tech Blog-Off — PeterWallace @ 8:58 am

In the past few days a zero-day exploit named Duqu has surfaced. It is a word file containing malware that exploits a previously unknown flaw in windows that was sent to one if its victim companies, but still doesn’t provide much more information on what Duqu is up to or who all should be worried about it. Duqu was found in some European organizations and seemed to be going after Certificate Authorities (CAs) and industrial control-system vendors.

Microsoft and Symantec who are studying the malware have not shared any dropper information with other virus companies. Droppers are typically very small, are designed to evade detection by anti-virus and can sometimes contain exploit code used to inject themselves onto the target computer. Microsoft is working on a fix but knows it will not be ready for patch Tuesday so they released a hot fixed November 3, 2011. Even if you’re not a certificate authority or a manufacturing firm — the two industries cited publicly so far as having Duqu victims — security experts say there are some steps you can take to help protect your infrastructure from this new targeted attack.

1) Install the “hot fix” from Microsoft and Workaround. Microsoft has posted security advisory 2639658 (http://technet.microsoft.com/en-us/security/advisory/2639658) to address the recently disclosed Windows kernel vulnerability (CVE-2011-3402) exploited by the Duqu malware. The flaw lies in the Win32k TrueType font parsing engine, according to Microsoft: “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. We are aware of targeted attacks that try to use the reported vulnerability; overall, we see low customer impact at this time. This vulnerability is related to the Duqu malware,” Microsoft said in an advisory today.

2) Run updated anti-malware – Not all antivirus products can detect Duqu yet, but security experts say to keep updating to be sure you get protection for Duqu as soon as it’s released. They also highly encourage people not to click on attachments in email that seems suspicious, even if it comes from someone they know.

3) Scan or Filter Word Documents from unknown sources - One handy tool is Microsoft’s MOICE tool (Microsoft Office Isolated Conversion Environment), (http://support.microsoft.com/kb/935865) which checks for malformed Word documents which is how Duqu starts: with a malformed Word file. It’s playing a trick on Microsoft Word to run this code.

4) Monitor for traffic from potentially infected machines – Be on the lookout for machines trying to connect to a Duqu command-and-control server or trying to resolve to a Duqu-related domain. Two command and control servers have been taken down thus far, but there are likely new ones. The IP addresses that were found and ultimately shuttered: 206.183.111.97 and 77.241.93.160.

5) Watch for any Port 443 traffic that’s unencrypted, and keep an eye out for ~DQ files – Watching for unencrypted traffic on the HTTP-S or SSL-based traffic port can help detect malware, including a possible Duqu infection. If it’s not encrypted it’s probably bad. Meanwhile, a Duqu-infected file may start with “~DQ” in the Windows temporary file directory, so be on the lookout for that as well.

Comments (4)

November 11, 2011

Are you pwned?

Filed under: Computer Ramblings,General Ramblings,Security Ramblings,Social Ramblings,Technical Ramblings,The Great Tech Blog-Off — Tags: hack, own, Pwn, Pwned, security — PeterWallace @ 7:16 am

PWN (verb)

1. An act of dominating an opponent.

2. Great, ingenious; applied to methods and objects.

Originally dates back to the days of WarCraft, when a map designer misspelled “Own” as “Pwn”. What was originally supposed to be “player has been owned.” was “player has been pwned”.

Pwn eventually grew from there and is now used throughout the online world, especially in online games.

“I pwn these guys on battlenet”
”This strategy pwns!” or “This game pwn.”

About 50,000 breached records appear online every week. Do any of them include your usernames and passwords? A free website – http://www.pwnedlist.com – has been created that lets you easily check if your information has been compromised. I sure would not want to be the one that sees the following message after inputting their information:

As of November 4, 2011 almost 5 Million e-mail and user names were recorded in the system. PwnedList introduces itself as

“…a tool that allows an average person to check if their accounts have been compromised. No passwords are stored in our database. You can read more about where our data comes from here. Just enter an email address or username associated with any of your accounts to see if it’s on our list. Data entered is not stored, re-used, or given to any third parties. Don’t trust us? You can also use a SHA-512 hash of your email/username as input. Just don’t forget to lowercase all characters first.”

Now this will sound like great news to a lot of people. A team of security experts are doing some good work to help the folks on the internet find out whether or not they have been compromised. That’s great but how many of you know how to do a SHA-512 Hash? Let alone what is? (You can find more information about the SHA-512 algorithm at The SHA-512 algorithm) SHA512 is a hashing algorithm that cannot be decrypted so the information they have stored may be safe.

My worry about sites like this is what is stopping a hacker from putting up a site like this to collect information? Sure the site looks good but if you’re worried that your user name or password may have been hacked it’s time to go change them. Also you’re not using the same user name and password on different sites are you? Are your passwords dictionary words? Time to change that around and create secure passwords and different ones for the different sites you are using.

Think about it is it real safe or is it fakes just trying to get your information?

Comments (5)

New Partner – BigCommerce Shopping Cart and eCommerce Platform

Filed under: Computer Ramblings,General Ramblings,Technical Ramblings — Tags: big commerce, bigcommerce, e-commerce, ecommerce, magento, online sales, online store, shopping cart, shopright — Kordel Eberly @ 12:10 am

Newsflash!

Eberly Systems has been partnering with BigCommerce to bring industry leading eCommerce solutions to new and existing clients. You can see what our clients have done with eCommerce and BigCommerce, leveraging this powerful platform to deliver simple, professional and automated Internet Sales and Marketing to their existing product lines.

Visit www.ArcFlashPPE.com and www.StokesSolar.com (still under construction) for ideas, and then visit www.BigCommerce.com to see how YOU could get up and running with a full-featured Online Store for as little as $24.95 per month! Free 15 day trials are available – what are you waiting for?

Comments (3)

« Newer Posts — Older Posts »