Victor's Blog about the Web, Security and Life

The web for me is a hobby where standards and best practices are daily bread. Security is a concern that everybody must be aware of its details for IT in general, and the web in particular, to be a safer place. My life, on the other hand, is that of a regular Lebanese citizen where politics and social issues are discussed on a daily basis. I hope you enjoy reading my blog and make sure to drop me a comment about any topic you find interesting.

Domain Name Locking

Printable Version

victor | 07 April, 2006 07:46

It has come to my attention lately that many hosting companies in Lebanon do not implement the domain locking policy that was recommended by ICANN back in 2004. In this article, I will simply state what ICANN (Internet Corporation on Assigned Names and Numbers) has to say about this topic and about its importance.

Bird Flu Abuse: A Broken Trust Chain Problem

Printable Version

victor | 10 February, 2006 19:20

As the bird flu problem gets closer and closer to Lebanon, I have been informed of some people making use of the safeless state that people are going through to achieve success in other illegal actions such as theft, drug abuse, rapes, etc.

This message is of two parts:

The first is humanitarian and simply asks you NOT to open the door to anyone who claims to be from the Ministry of Health in Lebanon to give you Bird Flu vacancies. These people simply drug victims and rob appartments!

The second part is related to security and serves as a valid up-to-date example of how a broken trust-chain can be misused by criminals. In this type of security attacks, criminals are pretending to be from the Ministry of Health. People, driven by the search for being safe of this lethal disease, simply forget to ask for a proof of authenticity. The "doctor" simply goes in, takes out a needle, puts some "trojaned-drug" in it, and "vaccinates" the victim. Trojaned because the drug that is supposed to protect from Bird Flu is actually putting the victim into a deep sleep.

In this simple example, while taking into consideration how tragic the result can be, we find a simple proof of how broken trust chains can be easily used to bypass authenticity.

A lesson to the Lebanese Government, in general, and to the Ministry of Health, in particular, from this fact is that the minimum required proof of authenticity is to have an identity card (Yes a simple card similar to the ones that the Police use in Western Movies, it is that simple I know ;). This identity card must show the picture, name and job title of the person working for the ministry. A stamp, as well, must be provided as a proof of trust.

Firefox Replies Back

Printable Version

victor | 02 February, 2006 10:44

In reply to Internet Explorer having a hidden egg related to Mozilla, the Firefox team introduced an egg into Mozilla as a reply.

To check these in sequence, do the following:

In Internet Explorer: type About:Mozilla in the Address Bar and you will get the blue screen.
In Mozilla Firefox: type About:Mozilla and you will get a verse from the book of Mozilla.

The cold war is back ;)


Printable Version

victor | 31 January, 2006 16:20

An interesting solution that we've launched recently is: LiveMediaPlus.
LiveMediaPlus is intended to be a complete online marketing solution for businesses and individuals interested in online marketing.

What is so special about LiveMediaPlus and why would NetDesignPlus invest on such a solution?

How Does the Visual Code work?

Printable Version

victor | 23 January, 2006 11:39

Another interesting question that I received was about how the Visual Code protection works? I will try to explain it here in brief for the curious researcher.

Is Spamming a Security Breach?

Printable Version

victor | 23 January, 2006 11:22

I received some interest emails from readers regarding the relation between Spamming and Security breaches. In summary, some of these emails thought about spamming comments as a security breach related to Denial of Service attacks where the space is "filled" up by bogus messages.

I tried answering some of them but it turned out that a lot of typing and explanation is required so I figured out that the best thing to do would be to post the anwer in here as an article.

The question to answer is the following:
How To Avoid Blog Spamming?

Read more for the answer.

Visual Code Protection

Printable Version

victor | 21 January, 2006 18:05

As you may have noticed, my blog was subject to various attacks from spammers who where using comments to place their ads to other websites with the hope of having some better SEO results.

As a result, I had to add a visual code confirmation while posting comments to avoid forcing users to register for placing their comments. I am really sorry for this inconvenience but this is a must if I am to move on with my blog.

Also, please excuse the long time it took to get the code in there (a 1-hour work) but my late days were very busy so I barely had time to login here and add this fix.

Now we're back to normal discussion and I will be updating the blog soon with some interesting data about my latest findings in Linux hosting.

«Previous   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17  Next»
Accessible and Valid XHTML 1.0 Strict and CSS