Real World IT

Apple strongly denies getting information from SecureWorks

I posed some questions to Apple when I wrote "Apple patches Wi-Fi but refuses to give researchers due credit" to try and pin down exactly what Apple acknowledges to have received from SecureWorks or not. I was a bit surprised when I got all of them answered based on my past experience so I will have to give Apple some credit for not dodging any of the questions this time and answering in a straight forward manner. The answers also surprised me since this puts Apple and the two security researchers David Maynor and Jon Ellch on a collision course at Toorcon 2006 and there is no backing out at either end.

September 25, 2006 by George Ou in Apple

Proof that Antivirus software makes your PC crawl

Everyone has always suspected antivirus software of slowing computers down (at least through anecdotal evidence), but no one has ever been able to really quantify it precisely. A young English gentleman in the UK who goes by "Oli" has posted this wonderful analysis on "What really slows Windows down" and posted some detailed measurements on the effects of typical desktop software and security suites

September 24, 2006 by George Ou in Security

Apple patches Wi-Fi but refuses to give researchers credit

After all the controversy, it turns out that there really are critical vulnerabilities in Apple's Wi-Fi drivers that affect Intel and PowerPC based Macs described in three separate CVEs. After more than six weeks of Apple's spin that strongly implied there was no Wi-Fi vulnerability and six weeks of conspiracy theories that this whole thing was a fabricated stunt to garner attention for some fake security researchers, Apple released three critical patches before next week's Toorcon event where security researchers Brian Maynor and Jon Ellch are planning to release details on the Apple Wi-Fi exploit and more.

September 22, 2006 by George Ou in Apple

The real story on Vista application compatibility

Sorry Mary Jo Foley, Windows Vista does break applications but it breaks applications that need to be broken. These are either sloppy applications that compromise the security of Windows or they're Malware applications that you definitely want broken. People need to realize the significance of a locked down permission model and UAC because Windows Vista preemptively breaks every Malware application to date.

September 21, 2006 by George Ou in Windows

Hardware DEP saves day again on VML IE exploit

This is the third time in a row that hardware-enforced DEP has preemptively protected me from a zero-day Internet Explorer exploit. The first time I verified this was with the WMF exploit, the second time was a zero-day IE exploit this March. Therefore I highly recommend people enable DEP protection in Windows XP SP2 and Windows Server 2003 SP1 and never buy a CPU without NX or XD capability.

September 20, 2006 by George Ou in Security

How to defend against VML zero-day IE exploit

There is a new zero-day exploit for Internet Explorer and it's being exploited in the wild. Here are a few things you can do to protect yourself right now.

September 19, 2006 by George Ou in Security

How higher RPM hard drives rip you off

If someone tried to sell you a hard drive that performed slower, cost twice the money and had one quarter the capacity, what would you think? This is precisely what's happening to PC enthusiasts who think they're getting a great deal when they buy in to the hard drive RPM myth.

September 18, 2006 by George Ou in Hardware

Build a $300 HDTV media extender

Personal video storage on a home network is also getting very popular but getting that video to the HDTV isn't easy without paying for an expensive and extremely limited function HD media extender appliance. But with a little spare time and some cheap commodity PC hardware you can build a superior HDTV media extender that can easily be upgraded to a full fledged media center machine for $300.

September 14, 2006 by George Ou in Hardware

Mozilla and Microsoft and how we measure security flaws

A product that has a constant and plentiful stream of remotely exploitable flaws regardless of how good the "transparency" or the "architecture" is still stinks no matter how much perfume you spray on it. While Microsoft has had a steady stream of problems with Internet Explorer, there is no getting around the fact that Mozilla Firefox within the last year has had a higher number and frequency of exploits. It's no wonder why Mozilla would want to downplay the number and frequency of exploits in a particular product. Mozilla doesn't officially follow a monthly patch cycle like Microsoft but the reality is that they're pretty close to one if you look at their actual pattern of patching within the last year. On the other hand, Microsoft often chooses to wait a full 30 days to issue a patch for something that is already being exploited in the wild.

September 14, 2006 by George Ou in Security

Microsoft ISA 2006 firewall adds new features

Tom Shinder gives a great summary and overview of the new features of Microsoft's ISA firewall software. One of the features that caught my eye was the addition of web server farm load balancing.

September 13, 2006 by George Ou in Networking

Asterisk 1.4 adds GUI and unified messaging

Asterisk is already the dominant open source VoIP platform that everyone in the telecom industry is buzzing about, but version 1.4 will bring a GUI and unified messaging to the table.

September 13, 2006 by George Ou in Networking

Can Sun make Niagara II shine in late 2007?

Considering the fact that the T1000 is an $8000 server compared to the $3000 AMD Opteron server, the T1000 should have smashed the competition but the T1000 loses instead. The T1000 also lost the power consumption test against the rack mounted Opteron server and we haven't even compared HP's ultra energy efficient c-Class blade platform. Furthermore, Intel is preparing to launch its quad core CPUs by the end of this year and AMD will be launching quad core CPUs by the middle of 2007 which raises the bar even higher.

September 12, 2006 by George Ou in Hardware

A good warning on Storage virtualization

Are storage subsystems getting too smart for their own good? Here is a great article from Brian Betts about Jon Toigo's warning to the storage world speaking at Storage Networking World. Here are some points that are dead on.

September 11, 2006 by George Ou in Storage

Review of Intel Core 2 based quad core CPUs

Here is a review of Intel's Core 2 based quad core CPUs on TGDaily. "Intel packs two Core 2 Duo processors into one package. This poses several questions: How fast are four cores versus the not-exactly-a-weakling dual-core version? What will the heat dissipation and power consumption figures be like in a PC system with a quad core processor?"

September 11, 2006 by George Ou in Processors

Quickly configure and lock down an HP network printer

Did you know that an HP printer is really a Linux web server that can be hacked and defaced if you don't lock it down and properly configure it? Here is a guide to quickly configure and lock down your HP network printer.

September 8, 2006 by George Ou in Printers

George Ou

Latest Posts