Category Archives: General Tech Stuff

I’ve been playing with the beta of VMware Fusion on my Mac Pro. Why? I’ve been delighted with Parallels, but I need to be able to host 64-bit Windows VMs in order to run native Exchange 2007 machines. VMware handles this quite nicely so far, and I’ve been able to run my work XP VM under Parallels while simultaneously installing Windows x64 under VMware– a nifty trick. However, I discovered that if you want to copy a VMware VM, you have to manually edit the VMX file, then generate a new UUID for the machine. It’s not hard, but if you don’t edit the VMX file by hand, the Fusion application will endlessly prompt you for the location of the VM disk image. It doesn’t hurt anything, but it also doesn’t work. That’s what I get for using beta software, I guess.

Parallels, though, isn’t sitting still. I love coherence mode, and I look forward to testing the direct disc burning features in their latest beta. My experience has been a bit different from Tom Yeager’s in that I find Parallels’ video performance perfectly acceptable on both the Mac Pro and the MacBook Pro. Visio, Office 2007, and Office 2003 all work faster under Parallels than the PowerPC builds of Mac Office do under Rosetta.

Technorati Tags: Mac, Virtualization

This is pretty cool: Autonet is launching a new service/gadget that provides seamless Internet connectivity as a hotspot in your car. I’m betting that they use cellular data, but they don’t say whose. I’ve contacted their PR person for more details.

Continue reading →

I wish I’d thought of this; Martin “MC” Brown has a great tip for improving the performance of Parallels virtual machines running under Mac OS X. I’ll be trying this as soon as I can shut down my VM.

I’ve been using Vista daily for a while now, and on balance I like it quite a bit. However, there are some things that irritate the dickens out of me, mostly because I haven’t figured out to escape them. I’m going to keep a running list in the hope that either people will suggest solutions, or that I’ll attract enough other people who have the same problems to gain critical mass.

1. My new #1: turning off offline file sync for an existing folder. It’s possible, but what a hassle!
2. Connecting and disconecting VPNs. I like the way XP and Mac OS X both do it: you get an icon in the system bar, and you can directly click it to disconnect. With XP, to connect I can hit Ctrl+Esc, T (for “Connect to”), <return> and be connected to my primary VPN. In Vista, there doesn’t seem to be an equivalent, except for putting a shortcut on the desktop.
3. Bonus annoyance: after you close a connection, you get a dialog telling you it was closed, which you must dismiss.
4. The center scroll feature of the TrackPoint doesn’t work. Update: this was because I didn’t have the correct driver. Lenovo will be releasing full versions of all their Vista drivers at the end of January; the prerelease versions I have work quite well.
5. There’s not yet a working version of Verizon Access Manager, so I can’t use the spiffy integrated EvDO modem. Update: still no love on this. I’ve seen reports
6. I’m having fits with one particular client’s VPN implementation; I can usually connect, but I can’t reach most of the internal sites I need. If I connect at the same time from my XP machine, the connection is rock-solid, so it’s clearly a Vista oddity. Update: Turns out this is a Vista bug, slated for a QFE sometime in the future.

Sneak King is hysterical! The boys and I had a great time playing it last night. The basic premise: it’s an Xbox 360 game in which you are the Burger King, and your job is to sneak around and surprise people by handing them Burger King food (or, as the package puts it, you “silently unleash your hot sandwiches on unsuspecting civilians”.) For $4, plus a value meal that I enjoyed for lunch, we’ve definitely gotten our money’s worth of entertainment.

Dr. Lorrie Cranor of CMU and her team have recently released a new version of their own anti-phishing analysis. It makes for interesting reading, as its methodology is slightly different from 3Sharp’s (and quite different from the Firefox team’s methdodology). Cranor’s team used an automated system to feed phish in and record the tool responses, which is much more scalable than the human-driven system that 3Sharp and Firefox both used; there are a few other methodological improvements detailed in the study as well. (Interestingly, they too chose to include SiteAdvisor, which scored very poorly.)
Table 4 of the study is the big burrito; it lists both false positive and catch rates for the ten technologies they tested. SpoofGuard had the best catch rate, but it also scored a whopping 38% false positive rate… oops. EarthLink came in second, followed by Netcraft, Google, IE7, and Cloudmark.
What does this mean? I’m not sure. The CMU study used a data feed only from Phishtank, which means its results should line up with what the Firefox team found. However, CMU didn’t test Firefox 2.0, so there’s no way to make a direct comparison. The URLs they tested were gathered over a 3-day period, which IMHO is too short to give a good baseline. However, I like the automated testbed that CMU used, and the discussion of toolbar exploits is really interesting stuff that I hope all the toolbar vendors are paying careful attention to.

Technorati Tags: 3sharp, phishing

Very cool news: six airlines (including Delta) will offer in-seat iPod docks that will charge the iPod

and allow the iPod to play video on the in-seat video screen! This is super cool for those (like Jim and I) who have to fly long-haul routes, though Jim does it a lot more than I do. This will definitely influence where I choose to fly (when I get a choice, that is.)

So, the fine folks at Mozilla have released their own anti-phishing study comparing the anti-phishing features of Firefox 2.0 with IE 7. Unsurprisingly, they claim that Firefox beats IE7 handily, which is the opposite of what we found in 3Sharp’s report.

First off, I’m glad the Firefox team is doing this kind of testing. I always want to see as much data (and as much data about the data) as possible. That’s why I I like to read both Car and Driver and Road & Track to see how well their data agree– or where they don’t agree.

Anyway, reviewing the study didn’t take long, as it’s only 3 pages. (Interestingly, SmartWare, the company that authored the study, doesn’t seem to be distributing it; the only copy I could find is at the Washington Post. It’s not available yet from Mozilla, either. Go figure.) Here are my initial thoughts:

• They didn’t make any attempt to score false positives. This is a critical omission, because a filter that produces significant numbers of false positives will quickly train users to ignore its legitimate warnings. (Interestingly, PhishTank’s own FAQ agrees with me). IMHO any study that doesn’t include false positive data is meaningless.
• Speaking of “doesn’t include”, the report only looked at IE and Firefox. I would have liked to see some other products (note: not SiteAdvisor) included to give a broader basis of comparison.
• The Firefox report mentions that IE can warn or block, but it doesn’t credit IE with any actual warnings. This is a significant omission, although we can’t tell how significant because…
• The Firefox report doesn’t include any information about the actual URLs used. They promise to publish this data “soon”, but without that there’s no way to gauge the quality of their data. (I understand that they’ll publish the data later today; it’ll be interesting to see the raw stuff.) Of course, we published all our URL data in our report.
• Speaking of data: the Firefox team used 1040 phish from Phishtank, a community filtering system, gathered over a two-week period. That’s a good number of phish, but the study period was awfully short, and the phish all came from one source. We used multiple sources, including honeypots and user reports, to generate the phish list we used.
• Because they used a community-generated feed of phish, there’s no way to tell which of the phish had also (or already) been reported to other systems that may have fed into the “Ask Google” or Microsoft data feeds. By contrast, we took great pains to try to find phish that we knew hadn’t been submitted to Microsoft’s URL reputation service.

So, my personal opinion is that this study isn’t as rigorous as the 3Sharp study or the one done by Dr. Lorrie Cranor et al of Carnegie Mellon. Both our studies found that the version of the Google Toolbar available at the time lagged other products, sometimes by a wide margin. Some of the difference in Mozilla’s results and the ones we and CMU obtained are due to updates in the tool, but some are no doubt due to differences in methodology as well, and those are very difficult to discount.

Update: looks like Sandi independently came up with many of the same objections.

Technorati Tags: 3sharp, phishing

As part of some testing we’re doing, I’ve been running some lengthy command scripts. I don’t want to sit and wait for them to finish, and I don’t want to get an e-mail when they’re done because my e-mail app isn’t open. I asked a group of smart friends and here are the two best answers.

First, you can use the echo command to echo a beep. Try it: open up a Windows command prompt and type “echo ^G” (where the “^G” is displayed after you press Ctrl+G). Voila– a beep.

Second, you can use the very helpful color command. Try this:

dir && color E2 && pause && color

This will print a directory, turn the entire screen yellow, and pause. It’s impossible to miss this visual effect as long as any part of the window is open– especially if you’re using Vista. Two thumbs up!

I’m working on a project that requires me to spend a lot of time working with Vista’s BitLocker feature. That meant I needed a new computer. Sure, BitLocker runs on a wide range of machines, but its TPM mode requires a machine that has a supported TPM. The ThinkPad T60p has an upgradable BIOS, and word has it that there’s a BIOS upgrade that enables full BitLocker support for TPM, so I took the plunge and ordered one. It arrived last week, the day before I left for Vegas, but I didn’t have time to work with it last week. Today, while I was busy doing other things, I downloaded and installed the RC2 build. The installation went flawlessly, and I was easily able to join my home domain and install Office. I haven’t yet enabled BitLocker, though I did create the required “small” (~ 1.5GB) system partition that it requires. I’ll be occasionally writing more about Vista as I get more experience with it.

I’ve been using Office 2007 since before beta 2, and I’ve been very pleased with it. The ribbon interface makes Excel usable at long last; Word’s new document comparison features rock, and Outlook is a major improvement (the To-Do Bar alone would sell me an upgrade). Unfortunately, I’m starting to work on a project that requires me to use a set of custom content management tools, and they only work with Word 2003. I could always build a VM that has the older version, but that would introduce its own set of complications (like needing another Windows XP license). So, until the tool is updated to work with Word 2007, I’m removing Office 2007 and reinstalling Office 2003 on my two laptops (one’s physical, the other’s a VM on my MacBook Pro).

Earlier this year, I moved all my blog content from e2ksecurity.com here. At the time, I followed what I thought were NewsGator’s instructions to redirect my RSS feed so that e2ksecurity subscribers would automatically be redirected. Turns out we had a failure to communicate, and those subscribers haven’t been seeing updates. However, thanks to the fine folks at NewsGator support we got the problem ironed out: my web server needed to issue a 301 (permanent redirect) for the RSS feed file instead of redirecting everything. So, welcome back!

This is going to suck: Robert McLaws took Ed Bott’s analysis of the new Vista end-user license agreement (EULA) further, claiming that the new Windows Vista bans you from installing some editions of Vista on virtual hardware, including Microsoft’s own Virtual PC (and, of course, Parallels). Ed says, “not so”. Robert’s asked MS for a clarification; we’ll see what they come back with.