I've used Live Mesh for about a year and a half now, using it to synchronize folders across multiple computers and for remote access. When I upgraded to Snow Leopard a couple of months ago, I was disappointed to find out that Live Mesh didn't work. But finally Microsoft has released a new Live Mesh client that is compatible with Mac OS X 10.6.x (Snow Leopard). Woo hoo!
Sunday, October 25, 2009
Live Mesh Finally Available for Snow Leopard
I've used Live Mesh for about a year and a half now, using it to synchronize folders across multiple computers and for remote access. When I upgraded to Snow Leopard a couple of months ago, I was disappointed to find out that Live Mesh didn't work. But finally Microsoft has released a new Live Mesh client that is compatible with Mac OS X 10.6.x (Snow Leopard). Woo hoo!
Wednesday, October 14, 2009
The Broken Web Browser Model
On episode #217 of Security Now, there is a great discussion about a recently-publicized idea that the web browser is inherently broken and easily susceptible to man-in-the-middle attacks. A hacker that goes by the moniker Moxie Marlinspike recently released a paper and demonstration at Black Hat 2009 about how easy it is to fake an SSL certificate, and how easy it is to intercept a user’s traffic on a LAN, even when the user thinks he is visiting a secure site.
Since most web pages are not encrypted over an SSL/TLS connection by default (for example, going to www.paypal.com takes you to an unencrypted page), the traffic on that page is in the clear and can easily be monitored by anyone with the right tools sniffing the network traffic on your local area network (such as in a coffee shop or other public Wi-Fi hot spot). If you login to Paypal, it isn't until you click the login button that your credentials get passed to the server via an encrypted HTTPS connection. Since the web page is not initially encrypted, an attacker who has inserted himself can intercept the network traffic, strip out the HTTPS request (the secure SSL/TLS request), and replace it with an HTTP (unencrypted) request. The attacker now has the login credentials of the PayPal user and the attacker then seamlessly passes on the request to PayPal, and then passes it back to the user. The only clue the user has that he has been compromised is the fact that the page that gets returned is not encrypted (by looking for the https:// prefix in the address bar, or the “padlock” icon).
Most users just assume when they go to PayPal that the web site will handle security. However, Steve Gibson of Security Now proposes a fundamental change in the way web browsers work, requiring that all pages be encrypted HTTPS from the beginning, and not just when you click the login button, which everyone assumes will be encrypted. Watch an interview with Moxie Marlinspike.
Since most web pages are not encrypted over an SSL/TLS connection by default (for example, going to www.paypal.com takes you to an unencrypted page), the traffic on that page is in the clear and can easily be monitored by anyone with the right tools sniffing the network traffic on your local area network (such as in a coffee shop or other public Wi-Fi hot spot). If you login to Paypal, it isn't until you click the login button that your credentials get passed to the server via an encrypted HTTPS connection. Since the web page is not initially encrypted, an attacker who has inserted himself can intercept the network traffic, strip out the HTTPS request (the secure SSL/TLS request), and replace it with an HTTP (unencrypted) request. The attacker now has the login credentials of the PayPal user and the attacker then seamlessly passes on the request to PayPal, and then passes it back to the user. The only clue the user has that he has been compromised is the fact that the page that gets returned is not encrypted (by looking for the https:// prefix in the address bar, or the “padlock” icon).
Most users just assume when they go to PayPal that the web site will handle security. However, Steve Gibson of Security Now proposes a fundamental change in the way web browsers work, requiring that all pages be encrypted HTTPS from the beginning, and not just when you click the login button, which everyone assumes will be encrypted. Watch an interview with Moxie Marlinspike.
Tuesday, October 06, 2009
AlternativeTo
This afternoon I found a cool site called AlternativeTo that helps you find alternatives to software. Looking for a replacement for Photoshop, Microsoft Office, Norton Antivirus, or any other software (desktop, mobile, or web-based)? Simply search for the software you would like to replace, and AlternativeTo will offer up community-driven results that show you great alternatives.
Friday, October 02, 2009
Workaround for CDBOOT: Cannot boot from CD - Code 5 Error
I tried to install Windows 7 on an older home-brew PC (MSI 875P NEO FIS2R motherboard, Pentium 4 2.8GHz), but when I tried to boot to the install DVD, the following message comes up: "CDBOOT: Cannot boot from CD - Code 5". I spent hours researching different ways to get my old machine to boot from the Windows 7 install DVD, but I finally found one that worked for me:
- Download Gujin boot/system loader (scroll to the bottom for the latest version, standard-2.7.tar.gz, as of the time of this post)
- Use 7-Zip to unpack the file you just downloaded
- In 7-Zip, with the standard-2.7.tar.gz file opened, double-click on the nested file standard-2.7.tar, and then double-click on the nested file full.img.gz
- Drag the file floppy.144 out of 7-Zip to your desktop, and close 7-Zip
- Use InfraRecorder to create a bootable CD that will emulate a floppy drive (using floppy.144 as the image)
- Launch InfraRecorder and create a new data CD
- Click File, Project Properties, and click the Boot tab
- Click the plus + button to open the floppy.144 file you extracted in step 4 above
- Leave the Emulation type set to Floppy and click OK, and click OK again
- Click the CD icon in InfraRecorder to burn the current compilation to a CD
- Once the CD is finished, boot the machine with the new Gujin CD you just made
- If you have two CD/DVD drives, insert your Windows 7 install DVD also. If you only have one CD/DVD drive, wait until Gujin loads, then insert your Windows 7 install DVD
- Once Gujin loads, it will search your computer for all bootable drives, follow the instructions and then select your Windows 7 install DVD from the menu and watch the Windows 7 install load! No more "CDBOOT: Cannot boot from CD - Code 5" errors! Whew!
Thursday, October 01, 2009
Goodbye Comcast!
I dumped Comcast yesterday, and I've never been happier. After being contacted by Comcast corporate representatives promising to "make things right," I actually got a call from someone else at Comcast wanting to send out a fourth technician. What was surprising was that it was as though they didn't have all of the information on our months-long horrendous service ordeal. Long story short, I'm now enjoying insanely fast Internet connectivity with different, local ISP for $29.95/month. And what's really great is that the connection has actually stayed on for 24 hours straight without having to power cycle any equipment or make any phone calls. W00t!
Subscribe to:
Posts (Atom)