Oh this is very very nice. Google has implemented a feature on gmail to detect suspicious account activity. Suppose you always access your gmail from the Netherlands… and all of a sudden it is accessed from Poland?… Gmail will now warn you about this kind of abnormal behaviour. It’s a good read. Here’s a little teaser…

A few weeks ago, I got an email presumably from a friend stuck in London asking for some money to help him out. It turned out that the email was sent by a scammer who had hijacked my friend’s account. By reading his email, the scammer had figured out my friend’s whereabouts and was emailing all of his contacts.

Yup once again the adoption of open standards by the EU has come under attack according to this article on Slashdot. They accuse Kroes of trying to get the open standards and open source off the agenda. Kind of weird isn’t it? She has been European Commissioner for Competition… go figure.

Well I’m pretty sure you already saw Merton improv’ piano playing video on chatroulette. You didn’t? Well here and here. But look at this…. this is Ben Folds who plays for an audience of 2000 people at the Fillmore in Charlotte, North Carolina on March 20th, 2010.
He does a nice improvisation on chatroulette as well.. with the audience right there.. really funny…

Now take a look at this: Mike Davey built a Turing Machine. And what a beauty it is… What? Don’t know what a Turing machine is? And you don’t know who Alan Turing is? Well no one special: he just happened to kickstart automated computing by formalizing algorithms , computability and programmable machines as we know it today. That’s all. Jeez what’s wrong with you?

]

Here are some more videos of different programs the Turing Machine is executing.

Well as many developers already know: security is a concept, not a product! You can’t just throw “some security” at a piece of software. Security considerations must be part of the original design and development of software. The Pwn2Own hacking contest shows –once again– that there is too little security awareness in current software design. Look at these embarrassing results: all major browsers took a fall: Internet Explorer,  Firefox and Safari. Most browser are compromised by popular plugins like acrobat reader

These OS’s took a fall: Windows 7, Windows XP, Mac OS X snow leopard. The only OS that is still standing is Linux. Because Linux is indefinitely more secure? Well maybe but there’s also something else: Linux is an open source OS where highly skilled developers are coding. Changes are reviewed by others before they are merged into the main kernel tree. In other words: security is part of Linux. Another thing is that people who run linux are people who are aware of abuse. These are –in general– not the people who would click on the ‘cute-kitten-movie.exe‘ attachment. So Linux is just not that interesting to Black Hat Hackers. True: Mac OS X is build on an open source OS as well: FreeBSD but the presentation layer and Safari is proprietary code from Apple (except for the WebKit on which it is build).

Microsoft currently runs the Security Development Lifecycle (SDL) model. This should make security an integral part of the development lifecycle. Well to be honest when budgets are getting tight and deadlines are running out: documentation and code quality are the first areas that take the fall. So really I don’t expect much from SDL. Especially since MS is trying to develop a ‘catch all’ (silver bullet) security measure inside the kernel… I’m not saying these measures aren’t worthwhile, they are (Linux has them for ages now), it’s just not enough.

The phrase ‘security is a concept, not a product‘ proves its point when you look at the measures current OS’s are implementing to prevent ‘arbitrary code execution’. Windows XP, Windows Vista (still in use?) and Windows 7 has DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). Both ‘techniques’ should prevent (or make it harder) to execute arbitrary code… but they don’t. Dutch security researcher Peter Vreugdenhil showed an impressive circumvention of DEP and ASLR in windows 7. See: security is not a product…

The good thing is that the hackers are not just updating the vendors on the leaks they found. Instead they tell the vendors how to find the leaks themselves in an attempt to raise awareness.

An article in the Washington Times reports on US cybersecurity experts who claim that the chinese cyberattack last year was targeted at stealing corporate secrets. One of the targeted firms was Google. They discovered the attack and claimed they could trace it back to the Chinese government. This is one of the reasons why Google is moving its business from China to Hong Kong. It’s a good read and I hope more details will follow.

Oh nice… on march 30 the first particle collision will be performed with the Large Hadron Collider. According to some it will also be the last collision… since the LHC might destroy the kittens planet galaxy universe.

So for all twats out there: here’s a countdown to doomsday: