IBM X-Force Report Reveals Unprecedented State of Web Insecurity

Wow, I am reading this report and it is a sad world. Some highlights

• Vulnerabilities have reached a plateau. There were 3,240 new vulnerabilities discovered in the first half of 2009, an eight percent decrease over the first half of 2008. The rate of vulnerability disclosures in the past few years appears to have reached a high plateau. In 2007, the vulnerability count dropped for the first time, but then in 2008 there was a new record high. The annual disclosure rate appears to be fluctuating between six and seven thousand new disclosures each year.


• PDF vulnerabilities have increased. Portable Document Format (PDF) vulnerabilities disclosed in the first half of 2009 already surpassed disclosures from all of 2008.


• Trojans account for more than half of all new malware. Continuing the recent trend, in the first half of 2009, Trojans comprised 55 percent of all new malware, a nine percent increase over the first half of 2008. Information-stealing Trojans are the most prevalent malware category.


• Phishing has decreased dramatically. Analysts believe that banking Trojans are taking the place of phishing attacks geared toward financial targets. In the first half of 2009, 66 percent of phishing was targeted at the financial industry, down from 90 percent in 2008. Online payment targets make up 31 percent of the share.


• URL spam is still number one, but image-based spam is making a comeback. After nearing extinction in 2008, image-based spam made a comeback in the first half of 2009, yet it still makes up less than 10 percent of all spam.


• Nearly half of all vulnerabilities remain unpatched. Similar to the end of 2008, nearly half (49 percent) of all vulnerabilities disclosed in the first half of 2009 had no vendor-supplied patch at the end of the period.

How is image-based spam making a comeback? I use Gmail and also Outlook both of those disable images by default. Adobe also seems to have a real problem with reader and flash, PDF vulnerabilities are rampant. If you listen to the Security Now podcast (like every IT person should) you will notice that there are almost always problems with Reader/Flash/Shockwave.



Read the full report here http://www-03.ibm.com/press/us/en/pressrelease/28257.wss

My little boy is growing up

So my oldest son Christian lost his first baby tooth yesterday



Of course he wanted to know all about the Tooth Fairy, he wanted me to do a search on the computer so that he could see what she looked like. I must say there is not a lot about the Tooth Fairy on the internet, maybe she is elusive. Lucky for him she stopped by that night and left some money for him.

In a way I am glad that he is growing up and in a way I am sad because I want him to stay this little and innocent. I guess this is normal for all parents?

Zune HD Previews Available at Best Buy This Weekend

The Zune is partnering with Best Buy to showcase the new Zune HD portable digital media player that will be releasing this Fall. Zune Reps will be in select Best Buy stores on August 22 and 23 demoing Zune HD and answering customer questions. This event will be the first time the Zune HD will be demonstrated in store for public viewing, so come by and check it out!

Go to www.bestbuy.com/zunehd for a list of the participating Best Buy stores that will have these in-store events.

And remember you can already preorder your Zune on Amazon.com: Zune HD 16 GB

LEGO Mindstorms Sudoku Solver

Wow, take a look at this thing, it is a LEGO Mindstorms Sudoku Solver. And I thought the one that solves Rubik's Cube was impressive



What do you think, are you impressed?

Bambus or Kalimotxo

In yesterday’s post about situation puzzles I mentioned Bambus and that I would explain today what Bambus is. Bambus is just basically red wine and Coca/Pepsi Cola mixed. Wouldn’t you believe that Wikipedia has an entry on this, here is what they have about the origin of the name.

Calimocho (from the Basque Kalimotxo) is a drink consisting of approximately 50% red wine and 50% cola-based soft drink. Alternative names include Rioja libre (from "Rioja", and "Cuba Libre"), kali, motxo. In Chile the drink is known as jote (Chilean Spanish for the Black Vulture), and in Bosnia and Herzegovina, Serbia, the Republic of Macedonia, Croatia and other former Yugoslav republics of it is known as bambus (meaning bamboo) and musolini (as in Benito Mussolini). In the Czech Republic it is known as houba, and in Hungary as Vadász (meaning hunter) or vörösboros kóla or shortly VBK. In Mozambique and South Africa it is known as Catemba. In Germany it is called Korea.

Now I have never heard where the name came from or if it even comes from bamboo, I did hear of musolini and if I recall correctly then musolini is made with red wine and Fanta not Coke. The reason that people drink this is because it is relatively cheap; all you need is some crappy wine and some soda. You certainly would not use Opus One to make this drink. In the US I have made this drink several times for my friends and they are all surprised by the sweetness of the drink, I have yet to hear from a person who did not like this drink.

There is also a white wine version of this drink; instead of Coke you would use Ginger Ale or Sprite/7UP. This also taste pretty good….and again you would not use Grgich Hills Chardonay or Gavi de Gavi La Scolca for this but something much cheaper.
There are also these variations:
Diesel (Coca Cola + beer)
Submarine (drop a shot of whiskey in a beer)
Čiket (Brandy/Cognac with Coca Cola)

In Holland they have something similar but instead of wine they use beer. So beer with 7UP is called Sneeuwwitje (Snow White). There is also a drink named Kopstoot; this is beer with Jenever (Dutch gin). Usually you drink the gin first and then the beer; there is a version of this drink where you put the glass of gin inside the glass of beer. This version is called duikboot (U-boat)…you have to be careful with this because there is a possibility that the glass inside the beer glass will hit your teeth

Avatar official trailer available

AVATAR takes us to a spectacular new world beyond our imagination, where a reluctant hero embarks on a journey of redemption and discovery, as he leads a heroic battle to save a civilization. The film was first conceived by Cameron 14 years ago, when the means to realize his vision did not yet exist. Now, after four years of actual production work, AVATAR delivers a fully immersive cinematic experience of a new kind, where the revolutionary technology invented to make the film, disappears into the emotion of the characters and the sweep of the story.

Genre: Action and Adventure, Science Fiction
Director: James Cameron
Cast: Sam Worthington, Zoe Saldana, Stephen Lang, Michelle Rodriguez, Sigourney Weaver

You can watch the trailer here: http://www.apple.com/trailers/fox/avatar/hd/

The official Avatar site is here: http://www.avatarmovie.com/


The Youtube channels is here: http://www.youtube.com/officialavatar#

Situation puzzles are a nice way to spend time near that camp fire

The first time I did a situation puzzle was over 20 years ago. I was on the beach with some friends in Istria (Croatia), we were drinking bambus (more about that tomorrow) and it was night time. You have to remember that this is in a small town, there is not such a thing as a board walk where you can go and buy stuff……no, the closest light source is half a mile away.

Situation puzzles are often referred to as lateral thinking puzzles or "yes/no" puzzles.The way you start with a situation puzzle is like this: you tell a short little story and people then have to guess what happened. The one rule is that you can only answer Yes or No.

Here is one example I took from Wikipedia

One of the most famous situation puzzles is told similar to this:

A man walks into a bar, and asks the bartender for a drink of water. The bartender pulls out a gun, points it at the man, and cocks it. The man says "Thank you" and leaves. What happened?

The question and answer segment might go something like this.

Question: Could the bartender hear him? Answer: Yes

Question: Was the bartender angry for some reason? A: No

Question: Was the gun a water pistol? A: No

Question: Did they know each other from before? A: No (or: "irrelevant" since either way it does not affect the outcome)

Question: Was the man's "Thank you" sarcastic? A: No (or with a small hint: "No, he was genuinely grateful for some reason")

Question: Did the man ask for water in an offensive way? A: No

Question: Did the man ask for water in some strange way? A: Yes



Eventually the questions lead up to the conclusion that the man had the hiccups, and that his reason for requesting a drink of water was not to quench his thirst but to cure his hiccups. The bartender realized this and chose instead to cure the hiccups by frightening the man with the gun. Once the man realized that his hiccups were gone, he no longer needed a drink of water, gratefully thanked the bartender, and left.


Here are 2 more examples; these are the ones that I have been told on that beach

Situation Puzzle 002: Why did this person shoot himself?
A person enters his room, goes to get something out of the closet, grabs the handle from the door of the closet, gets terrified, opens the closet takes out a gun and kills himself

Why did this person kill himself?
You can look for the answer here: Situation Puzzle 002: Why did this person shoot himself?


Situation Puzzle 001: What happened to this man?
There is man laying in the Sahara deserts, he has a toothpick in his hand, he is dead, there is nothing nearby for miles and miles. He is 300 feet away from an oasis; he doesn't have GPS on him or any food or drinks

What happened to this poor person and why is he laying here dead?
You can look for the answer here: Situation Puzzle 001: What happened to this man?

Of course these days with all the gadgets that we have and the ADD we have developed because of it makes these kind of things seem lame and also too long to play. But I think you should try and you will see that you will have a good time