Monthly Archives: September 2007

11
Sep

New Skype worm and rejoinder on URL obfuscation

Posted by | Categories Byte

F-Secure, Trend Micro, and Symantec reports on a new worm spreading via Skype.

The malware is the usual IM variety, propagating by sending links to Skype contacts. The link at face value points to a purportedly harmless JPEG file. But once clicked, a copy of the worm is downloaded and executed on the user’s computer. It displays the image SOAP BUBBLES.BMP (if it exists on the user’s computer) to hide the malware’s existence.

It also exhibits properties common to bot worms, like shutting down security applications and blocking security-related Web sites via HOSTS file modification.

Skype users are advised not to click on links sent via Skype’s chat feature, unless they are very sure that the link is legitimate.

Incidentally, in a previous post, I discussed the problems in lack of standards in making malware descriptions. Once again, the lack of standards defeat the purpose of obfuscating malicious URL. Both Trend Micro and F-Secure blog posts on the Skype worm published the malicious URLs that the worm sends. Both employed URL obfuscation, but with different output.

(click on the image to view full size)
On F-Secure:

On Trend Micro:

Based on the two posts, we can determine the complete URL.

10
Sep

“Everything is political and it all begins with sex.”

Posted by | Categories Journal

As much I want to start this post with something as “controversial” as that, I cannot, as I am no Manolo Quezon.

Anyway, I had attended the first Bloggers’ Kapihan. Held at Philippine Science High School last Saturday, old, new, and potential new bloggers converged to listen to three of well-known Pinoy bloggers.

So, there I was at the gates, told the guards that I was there for the Kapihan, and the lady guard asked my name. My name is not on the list, despite raising my hand here. I was hoping back then that it was not a foreboding of things to come. The guard then asked if I had an invitation. This puzzled me, as I had no invitation. Only got to read this important announcement today. The lady guard just asked me to sign my name.

Then I thought I was late. Arriving at the AVR, I was surprised that the program had not started yet. It was already past 2PM. I sat myself at the back, but when I realized Mam Noemi Dado was seating in front, I had gathered all strength and sat beside her. Yes, ganun kakapal mukha ko.

At the same row, I got to meet Mong Palatino, one of the BK Crew. Saw very unfamiliar faces, though there were familiar ones, which was a comfort. Aside from Mam Noemi, I also got to talk with The Jester-in-Exile; both Mam Noemi and I were surprised to see him, him being detained by the UP College of Law for hitting the Sigma Rho too hard on several blog posts for his law studies.

Mong opened the hostilities, este the program:

Victor Villanueva was the first to speak. To be honest, his talk had the most impact for me, and I am reserving a separate, serious post about it. Basically, his assertion is simple: if you have posted something, expect people to react and be ready to defend what you have said.

Next was the Yuga himself. Here is the master at work:

And lastly, Manuel L. Quezon III:

During the coffee-and-donuts time, me and AJ and Ederic were watching The Jester-in-Exile and Benj exchanging words regarding Cris Mendez. I think The Jester won this round.

And around this time, very typical of him, came Joyfulchicken. He got two donuts and a cup of coffee; I only got a donut, and nothing to drink. He was actually eyeing those cakes and cookies, no luck for him.

Afterwards, Joyfulchicken, Tiffany, and I went to Starbucks in Katipunan to join The Jester, the Yuga, and the Filipino Librarian. When we were ordering, Joyfulchicken announce that it was his treat. I was surprised, since it was so uncharacteristic of him. Well, when he got some Starbucks gift certificates from his wallet, my surprise was gone. =P (Thanks for the vanilla frapp and the ride, Josh!)


(Image stolen from the Filipino Librarian)

Glad to have finally shook hands with Bikoy, Yuga, and MLQ3. It was actually embarassing: during the open forum, I was seated at the back together with Joyfulchicken and Tiffany when MLQ3 approached us and shook my hand.

Jove Francisco brought his crew to cover the event. Was not able to shake hands with him and thank him for the TV airtime.

And, Shari got to have her picture taken together with MLQ3. Lucky girl she is.

Anyway, more blog posts about the Bloggers’ Kapihan:

* Bakla Goes to the Bloggers’ Kapihan
* Chilling with Bloggers
* Bloggers’ Kapihan
* Bloggers’ Kapihan
* Bloggers’ Kapihan
* But.. why?
* Change of heart
* Deviations
* Bloggers’ Kapihan + Post-Event @Giligan’s Trinoma
* (Untitled)
* The First Bloggers’ Kapihan Series at the Philippine Science High School in Quezon City!

And all roundup for this event can be found here: Post-BK Blog Entries.

10
Sep

New poll: Who should lead this year’s Wall of Shame?

Posted by | Categories Ink

Last year, the AWBHoldings.com Wall of Shame contained the names of all the honorable congressmen who voted not to impeach Gloria Arroyo. This year, it is time to put new names in that virtual wall.

So vote in the poll at the side bar. Basically, these four choices are to be included in this year’s Wall of Shame. The thing is, who should be number one? That I leave to you, dear readers. So vote now.

If you want to explain your vote, leave a comment. If you want to nominate someone else, leave the name at the comments. Prank comments shall be deleted.

10
Sep

If you can’t defend it, don’t publish it

Posted by | Categories Ink

In his lecture for the Bloggers Kapihan, Victor Villanueva gave four tips to new bloggers. One of them is worth expounding further, and in context of what had happened in the blogosphere recently.

His four tips are as follows:

1. Know what you are saying.
2. Try to be visual.
3. Link up.
4. Go out.

For the first tip, he said the following:

* Be prepared to face the consequence(s) of what you write.
* Be prepared for confrontation.
* Deleting (or locking) entries can be futile.

Let me discuss his first tip and apply it in the context of the the Malu Fernandez controversy and the Cris Mendez case.

Bloggers took note of the mean things Malu Fernandez had said about Filipinos in general, and they blogged about it. The posts range from intellectual ones down to outright ad hominem attacks. The comments were worst. Fernandez isssued an apology and resigned from the publications who published her articles. The daily did not accept her resignation.

A show on a cable news channel took notice of what had happened, and they had invited several bloggers and journalists for a discussion. The bloggers were put on the defensive, as if the problem began with the bloggers, and the show never even bothered dealing with what Malu Fernandez wrote. Aside from an implicit validation that blogging is a new avenue for information (which for some journalists is a direct competition), it somehow made me reflect on blogging at that point.

When the time comes that a blogger has to take a stand, he has to think hard about it; when he does take a stand and blog about it, he should expect that someone will contradict him. And if the blog post is controversial enough, the blogger should expect negative comments. He should be prepared to explain, to answer questions, to receive brickbats.

Which leads me to the next issue.

Dr. Tess Termulo pointed to a blog post at a certain social networking site where the blogger said something controversial enough to merit comments that are against the blogger’s idea. The blogger cannot defend her assertions, so she locked the entry so that only a select few can read and post comments.

Remember what Bikoy had said? “Be prepared to face the consequence of what you write.” “Be prepared for confrontation.” “Deleting blog entries can be futile.”

That blogger should have attended Bloggers’ Kapihan.

You are free to write about what you feel and what you think. When you publish it for the entire world to read, expect that someone will disagree. That someone will express his disagreement. He will point out why you are wrong. There will be confrontation. If you cannot defend what you have written, if you cannot face confrontation, you are only defeating yourself. You are only showing that your stand is weak, your opinion untenable.

And locking a blog post is like deleting it – it is futile. Going back to that locked post that Dr. Termulo had pointed out, The Jester-in-Exile had managed to read the post, and published that post in his blog, together with his comments blasting the locked post to bits.

Blogging is not as simple as journal or diary writing. In writing a diary, only you can read what you write. When you blog, it can be read by everyone with an access to the Internet. I suggest that you think first, and think hard, before clicking the Publish button. If you can’t defend it, don’t blog about it. You are only putting yourself to the slaughterhouse.

UPDATE:

While this blog post is old, it is a classic example of how the blogosphere works, and ultimately, how a flawed commentary should be addressed – blasting all arguments to bits.

7
Sep

Scary manghihilot and tawas sessions

Posted by | Categories Journal

I have two scary memories about manghihilot. I’m not sure about the English equivalent for the word, but I don’t like to use quack doctor, for some of them are really quite good. Anyway, these two manghihilot were consulted when I was terribly sick (sending me to a hospital was court of last resort).

These manghihilot were like shamaness. They had this ritual called tawas, wherein they threw melted candle wax into a basin of water, then they interpret whatever they saw in the solidified candle wax. By then they would have determined if you were a victim of supernatural creatures (pinagkatuwaan ng dwende or natikbalang – played with by dwarfs or by a creature with a head of a horse and body of a man) or something else (like pilay), then they would prescribe something.

Anyway, the first manghihilot was scary because she looked scary. She was very old and very thin, the kind that you would see in a vintage 80s Regal horror movie. For the tawas sessions, what she did was to cut a portion of a thin, white candle called “esperma”, put this on a spoon, then hover the spoon over a lighted candle. When the candle wax was melted, she poured it on a basin of water. Then the interpretation.

The next manghihilot was scarier. Aside from the fact that she looked scary (though she was younger than the first manghihilot), her tawas method was downright scary. Instead of using a spoon, she used a bolo. Yes. A large, dark, almost rusty bolo. What she did was to put the bolo in candle light. When that side of the bolo was hot enough, she would press the butt end of an esperma, and the melted wax fell on the basin.

Good thing I only had one session with the bolo-wielding manghihilot.

And oh, they were manghihilot in the true sense of the word – they can break your bones and make your muscles hurt in pain if needed. Now that is scary.

7
Sep

Hamsters and trains

Posted by | Categories Journal

Here are some shots using Sony Ericsson P1i’s 3.2 megapixel camera. Note that Photobucket has reduced the image size to 1024×768 pixels, from the original 2048×1536. Click the image to view in full.

An officemate gave me a pair of teddy bear hamsters. At the top is Berto, below is Berta. Temporary names – everyone in the family hate the names.

These are usual MRT scenes. The top one is common on morning rush hour, between 7:30 AM and 9:00 AM. The next image was taken from the North Avenue MRT station platform’s edge, and shown is where the trains shift from northbound to southbound rails. The time it takes for the train to move from northbound platform to the southbound platform is what I call turnaround time, and is crucial to the clockwork operations of a train system. For the MRT, well….

Maybe I should consider a career in photoblogging. Hmmmm…..

7
Sep

In memoriam: Luciano Pavarotti (1935-2007)

Posted by | Categories Sound

6
Sep

Goodbye, Nokia E61i, I got this instead…

Posted by | Categories Byte

Speaking of touchscreens, I gave up on Smart giving me that Nokia E61i. Like what happened to my first application for Nokia E61, months had passed and still no phone. So I gave up.

Instead, I went to Smart Wireless Center at Araneta Square-Caloocan (I am forever swearing off SM Megamall Wireless Center) last Sunday after church. Took a number, and waited for more than 20 minutes. My number was 5042. Number currently being handled by agent when I was given a number: 5041. Yes, that long. Why? After serving 5041, the agent heehawed, yawned, looked at his cellphone, went inside the office, chatted with another agent, went back to his table, heehawed, yawned, and looked at his cellphone. Finally, my number was called.

Anyway, I asked him point-blank for the units that were available at that center at that time. So I was shown Sony Ericsson K800i, K610i, P1i, Nokia N73, N92, E90, and one Samsung phone whose model I can’t remember. No Nokia E61i again.

So I settled for this:

This is the Sony Ericsson P1i.

It cost me an arm, but it’s cheaper than the usual retail price, so I guess that’s a bargoon. And I got it on the same day, which was fun. This is my second phone under Smart’s retention program. I got my first one from this Wireless Center also.

Review will follow, after a thorough use. But in a few words: it is the M600i, just add a 3.2mpixel camera and WiFi-B. The package comes with a 1GB Memory Stick Micro (M2).

6
Sep

Apple unleashes iPod Classic, Touch; fanboys cry in ecstasy

Posted by | Categories Byte

So, Apple has unleashed amongst us mere mortals new iPods for you to drool on. I am not an Apple fan, and just for disclosure rules, I own a 30GB iPod Video. No, I have not bought it; I won it at the Philippine Blog Awards last March.

With that out in the bag, let me note two products announced last night Manila time that are of interest to me. These are the noteworthy among the lineup.

First is the iPod Classic. From Apple Hot News:

Providing 80GB or 160GB of storage, the new iPod classic lets you carry up to 40,000 songs or 200 hours of video—your entire collection of music, photos, video, podcasts, and games—wherever you go. In addition to the features you already enjoy, the new iPod classic delivers an enhanced user interface, featuring Cover Flow, and a new, thinner and all-metal enclosure. Available immediately worldwide in silver and black, iPod classic costs just $249 and $349 for the 80GB and 160GB models, respectively.

Press release here.

This product is noteworthy for the storage capacity. For me, this is a nice music player/portable storage. Heck, my 30GB iPod is only 10% filled. So, this will be my portable hard drive he he. It being a music player is just a bonus.

And then there’s the iPod Touch. Again, from Apple Hot News:

The new iPod touch introduced today features built-in Wi-Fi networking and a revolutionary multi-touch user interface—first introduced on iPhone—that makes it easy to find all of your music, video, and other digital content and enjoy it on the gorgeous widescreen display on iPod touch. The multi-touch interface uses pioneering new software to present the perfect user interface for Safari, Apple’s YouTube application, and the new iTunes Wi-Fi Music Store—all of which come with iPod touch. An unbelievable 8mm thin, iPod touch features up to 22 hours of audio playback and up to five hours of video playback. Available later this month, iPod touch comes in 8GB and 16GB models for $299 and $399, respectively.

Press release here.

The storage capacity sucks, I know, but the beauty of this product (for me at least) lies on two: the touchscreen and the WiFi. Yes, if given one, the primary use for this one (again, for me), aside from being a music player, is a wireless Web browser.

Now, if only another blogger event would have this up for grabs in a raffle, count me in. As in now.

Oh, BTW, my birthday’s coming up. If you can give me an iPod Touch, I will blog about you everyday for 30 working days in gratitude. Or, free advertisement for your company/product/service in my blogs for a year.

6
Sep

MRT: Seconds from disaster (UPDATED)

Posted by | Categories Ink

The MRT is a disaster that is waiting to happen. All it takes is one accident or mistake, and you’ll probably have one disaster that might equal or surpass the Wowowee Ultra stampede a year ago.

Take a look at this picture:
disaster1 (1)

(Photo taken using Sony Ericsson P1i, image size reduced)

This scene at North Avenue Station (south bound) always happens during weekday morning rush hour. Picture was taken at around 8:05 AM. The inflow of people peaks between 7:30 AM and 9:00 AM, and overflow happens due to a lot of factors. For me, the inefficiency of the MRT as a system is the main culprit. Most train systems operate on a time table, and they should operate like clock-work, otherwise the system will crumble. But that is not the topic of this post.

As I have said, this scenario will lead to a disaster; all it takes is one mistake or one accident. I had labeled four parts in this picture where disaster can happen:

disaster2

1. Thank Bayani Fernando’s Gwapo project for this. The MMDA has raised EDSA’s sidewalks by several centimeters. So, imagine this number of people packed together, jostling in. Disaster can happen if one person trips because of the high sidewalk. With the pushing that happens, this scenario is the most probable.

2. After you have survived the MMDA sidewalk, half of the station entrance has two steps. Not as high as the MMDA sidewalk, someone can trip here, since at this point the jostling and the pushing is at its worst.

3. This is the most dangerous – a wayward vehicle. Multiple vehicle collision. Highly improbable. I hope.

4. At this point, you are about to enter the second set of stairs (there are three), and here is a bottleneck. Jostling and pushing is evident here, though not as bad as below. Still, just one person tripping, and it is a disaster.

mrt

There is actually one more point but I failed to take a picture. This point (pictured above) is at the station platform. Some people, in their eagerness to get in on the coming train, already stand near the very edge of the platform, despite the warnings blaring on the public address system. At rush hour, the platform can be jampacked. And when the train arrives, people are again jostling and pushing to get in. Trust me, if you are near the edge of the platform and the coach door opens, you don’t even have to take a step to get in.

Disaster almost happened one time when one lady tripped as she was getting in. Good thing no one’s got the worst out of it. But it did bring home the point (at least to me) that the MRT is just seconds from disaster (and yes, that is a show at National Geographic). And hopefully, there will never be an episode of that show that will feature the MRT.