Search This Blog

Tuesday, June 30, 2009

Firefox 3.5

Despite the title bar and many references which says FireFox 3.5 RC, check the About box. Its 3.5 Final. The Transformer look alike start page is cool though.

Firefox 3.5 Final is out

Grab it from softpedia:

Some of the enhancements:
New JavaScript engine called TraceMonkey
Porn mode privacy browsing
Location-aware (tracking?) browsing
Support for HTML5 Audio and Video tagging
Enhance scripting which shifts Javascript to background (AJAX?)

Personally, I am very concern about point 2 and 3 for obvious reasons. Oh, btw, this works with Windows 7 (finally).

Monday, June 29, 2009

IObit Security 360

At the same time that Microsoft released Security Essentials, IObits has also release their anti-mlaware solution. Actually, its much earlier, but I had not covered it since its still in beta. Well, its call Security 360. I wonder if Xbox or Symantec is going to kick a big fuss about "360", but of course we all know that nobody can copyright a number.

In any case, IObits solution is a beta and it is free as well. So, do pop by and try it at:

Friday, June 26, 2009

Microsoft Morro is now Microsoft Security Essentials

Microsoft Morro is a highly anticipated Microsoft solution for anti malware. It is officially Microsoft Security Essentials. Just pop by here to download the beta now:

The installation is pretty straight forward.

The picture with the castle is quite suitable for a security product.
However, its should be very expected that it can ONLY be installed on a genuine Windows product as you can see from the WGA below:

The install should take only a while.

After which, if you are installing this offline, I strongly suggest you download the updates in advence.

Manually download the definitions:

In then end, I can only conclude that this is not going to be able to replace OneCare in anyway... This is simiply a glorified and updated version of Windows Defender with real time monitoring.

Thursday, June 18, 2009

IBTRM v3 Problem

Ok, this is related to my previous post:

If you had not read that, you should and think about it before reading on.

OK, there is 2 things wrong with the statement. And I do not mean the part in english, whether its 6 characters consisting ONLY of alphabets or ONLY digits. Let's just blame that on bad english and bad interpretation.

The first thing that is wrong is 6 characters. We all know that 8 characters are being recommended even on average security. Its the BANK we are talking about here. 6 is definitely too low. In fact, 8 is too low, by today's standard. For example, common rainbow tables for 8 characters are available and within 10GB. Easily downloaded and executed. That will take 5 seconds to break if the hash is available. Super computer is another way to look at it. With chips like Intel i7 (8 virtual cores), bruteforcing on the maths is not so much a big deal than it used to be. I think 8 is not really enough.

The second thing that is wrong is the restriction on repeated characters. This is the MOST critical mistake. While this seems to be a good idea to avoid combination like "111111" or "abcabc", it is a BAD idea when we come to the cryptoanalysis. Without restriction, we are talking about 10x10x10x10x10x10=1000000 combinations of digits. With the restriction, its 10x9x8x7x6x5=151200 combinations. Thats almost 85% of the space lost. Reducing the combinations space reduces the strength of the PINs / Password. Having this restriction for digits is almost reducing it to only 5 digits instead of 6. In a lame mans term, I probably only need at most 5 tries to get your password if I saw 5 of your digits, instead of 10 I normally need to.

Lets see how much worse / better it is for alphabets. Without restriction, its 26^6=308915776, with restriction its 26x25x24x23x22x21=165765600. Its not so bad, about 50% of the space lost.

For alphanumeric, it will be 36^6=2176782336 for non-restriction. If restricted, it will only be 36x35x34x33x32x31=1402410240, its slightly better, but still about 50% of the space lost.

Therefore you can see, giving such a restriction does not improve anything. In fact, it makes the PINs easier to be cracked in terms of computation.

I strongly urges MAS to rethink the way this restriction should be imposed.


Here is an extract from the IBTRM (Internet Banking and Technology Risk Management Guidelines) June 2008 published by MAS (Monetary Authority of Singapore) :

"PIN should be at least 6 digits or 6 alphanumeric characters, without repeating any digit or character more than once."

Can you see what is wrong with the above recommendation? Well, if you do not get it, I will explain in the next post.

The full guideline is available via:

Wednesday, June 17, 2009

Truecrypt V6.2a Release

Truecrypt is a FREE and open source encryption software for file or disk based encryption. It has been quiet for a while, but the latest release is now 6.2a. You can download it from:

Wireshark 1.20 Released

Wireshark is the most commonly used network sniffer. Back in v1.0.7, there was a exploit to allow user to escalate priviledge. Thats all fixed now and the latest release is V1.20. Grab it here:

Monday, June 15, 2009

Sitemeter was broken

Due to the change in the template, I had accidentally removed the Sitemeter tracking. Therefore, for the pass months, the stats for the site has been zero all the way. Just added it back in now.

Friday, June 12, 2009

Going Full Evil with Microsoft Sidewinder X6 Gaming Keyboard

I used to be on the good side with all the blue-ish hardware such as Reclusa and Habu. However, I changed to Sidewinder Mouse some time back. If you had forgotten, this is roughly how the Sidewinder Mouse looks like:

However, its imcomplete with the blue Reclusa keyboard. So therefore, the choice is clear, I got myself the Sidewinder X6:

The feel is very different from the Reclusa and the key positions are slightly different resulting in some retype and typo for now. I also notice that the Sidewinder does not have a USB hub (Reclusa's was 1.1 anyway) and the connector was not gold plated. Despite that, Sidewinder allow me to movethe side paf away and put it on the top of the table. I had yet to try out the macro and other functions. Maybe after a while, I will post again to give you a break down of how I feel about the Sidewinder X6.

Bye Bye Nero

I still remember it was a long long time ago when there so many CD Burning software out there. Nero was certainly not hte first. I believed I started off with a very small one which I believe was later acquired by Roxio and its it merged into what you have today in the Roxio family of products. I had also tried Sonic Foundary, which if I am not wrong, is now part of Sony. But my favorite was Nero.

I had been with Nero since the early days. I believe I saw it expanded into multiple products and of course got bloated with all the extras as well. The latest I was with is 9.4. However, I had to call it quits now. The basic reason is that it simple cannot install successfully onto my Vista x64 SP2.

The fault may lie in the installer, but however, it was combined into a single EXE making debugging difficult. Not only that, it is extremely hard to remove Nero from the computer cleanly. The is this Nero Cleaner software (by Ahead of course) here:

However, even this fails in my Vista. I spend almost 2 days trying to install, failed, remove, reinstall etc... In the end I simple ask myself. Do I really need Nero? In fact, I do not install ALL the components of Nero. I only mainly uses Recode (which was originally DVD Shrink, and you wonder why its illegal when its free and legal when its now Nero...) and Nero Burning ROM. The rest is simple bloatware for me.

So, after some thoughts, I decided its time to say goodbye to Nero. I no longer need it. Its not really that Vista came with a fantastic burning software, but I found CD Burner XP (Free!) :

This is actually what I needed to burn files, VCD etc. It even support Bluray.

Of course, I do not forget Recode. I had AnyDVD all the time, so it does not matters. But converting from DVD9 to DVD5 is cool and a good waste of CPU resources. So here we have DVDFab for that:

Its not all free, but if you wish to use the decryptor only, it is. Its still a good pay compare to Nero 9. Now I have to sell that off to some sucker... :)

Wednesday, June 10, 2009

Fedora 11 on Microsoft Virtual PC 2007 SP1

Again, its time to boot up Fedora 11 on the classic MS VPC...
If you remember, it totally crashed in Fedora 10 without some tweaking, and yes, as expected, it did so again in F11...

So, before we even talk about the installation, you will need to ensure you select the basic video option, then press [tab] and append "vga=0x32D noreplace-paravirt" to the back and press [enter]. This will allow you to boot up all the way into the installer.

Next, it will complain about disk is not initialize. Well, its because you had not formatted your HDD. thats perfectly normal. Just let Fedora do it.

For me, I needed the common applications and some development, so I selected both the "Office productivity" and " Software development" option during the installation.

Will update this, waiting for it to complete now...

Monday, June 08, 2009

R4 for NDS using YSMenu Update June 2009

Its becoming inevitable. Many of the newer ROMs on the NDS using R4 (Not R4HD) is giving errors about not able to create save files and quitting. Trying to update it to version 1.18 does help for some, but not all. The solution is to use another firmware. The one I will talk about here is YSMenu.

Now, the trciky part about YSMenu is that the author does not allow premade firmware to be posted online. But I will show you that Maikel's Automater (R4YSAuto) will make it simple.
First you will have to download that from:

But you know my style. I always prefer to have everything done for you. So, don't worry about the download first. But for YSMenu, you have no choice. Since I cannot host it, you will have to download from:

Its in Japanese, but here is how to do it, use search. Find YSMenu. First link is the summary at the top, next link is the right one. you should be getting "".

Now, grab my prepacked R4YSauto here:

The main difference is that I had made the R4YSauto works with the latest YSMenu "" while the original requires you to rename it. Well, it will be the same if you use a newer one anyway. In addition, I had also included the latest usrcheat.dat as of 2 June 09.

Now, all you need to do it to unpack the R4YSauto to a directory. Then throw the "" into the same directory and run r4.bat. Answer the question accordingly, basically "R4" and "Firmware" are hte important choices. The rest can varies.
Then you will have you firmware. Unpack it into your MicroSD and its done.

Friday, June 05, 2009

Popular Book Store is vulnerable!

I just want to bring your attention that you should not visit the site and neither should you trust Nettrust or whatever they said they were protected by. It just show that it failed.

Compromised Site:
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ ThreatSeeker™ Network has discovered that the home page of Popular Bookstore in Singapore has been compromised, and is infecting site visitors with malicious code.
Popular Bookstore Web site:
The homepage at has been injected with malicious code. Normally this page would just redirect users to (where the main site operates), but malicious obfuscated code has been injected into that page.
Screenshot of the malicious injected code:
Popular Bookstore is an integrated business company comprising publishing, distribution, bookstore operations, and franchising. The Web site is very reputable and popular in Singapore.
We have been monitoring this attack because earlier, the obfuscated code resulted in an Iframe leading to the exploit site at Currently, the Iframe has changed and redirects users to the exploit site at
Websense Messaging and Websense Web Security customers are protected against this attack.

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008, All rights reserved.