Tuesday, November 25, 2008

Google Apps - Unidentified Bot

Google, when validating domains for any of it's services, should send an appropriate user agent, not Jakarta Commons-HttpClient/3.0.1 as it does for Google Apps. Something with "Google" in the name would be lovely.

Sunday, November 09, 2008

Ajax webmail systems and bad performance

All these AJAX mail systems work fine for a while, then they start slowing down. Is it the amount of mail in the mailbox? The number of folders? Or is there a security flaw in AJAX related to mail systems?

Every time I use an AJAX mail system - even this latest one where I imported all my old mail - the system goes quickly for a while at first and then after a while suddenly the performance becomes a dog. Maybe it is the amount of mail in my mailbox of something but it seems to be something more than that.

I have nailed down in the case of my current webmail system that it is probably not the network - unless someone is hacking all four different networks I use at different times.

Saturday, November 08, 2008

CNN Reports Chinese Hackers Cracked Pentagon

CNN just had a big report about how Chinese hackers cracked the Pentagon network but not the "top secret" network. However there was some questioning about why President Bush was not responding. There is also question as to whether these Chinese hackers are acting on behalf of themselves, the Chinese government, or someone else. It is probably not good to make assumptions until the facts are known.

The point is - our networks and computer infrastructure is not secure. One of the reasons it is not secure is because we are using computer components with software drivers made in foreign countries. The software drivers are a good place to hide rogue code because it is very low level and would be difficult to track down and verify security problems with this code.

For example, I'm not exactly sure how the software for a network card works, but network information from the remote location probably passes through the network card drivers on the PC before getting into the operating system. What are the chances that network card software is altering the IP addresses that are being displayed as the remote computer from which the traffic is coming.

I have no idea if that is the case but I would think it is possible. I would also think that if a computer could be compromised one of the many people Microsoft employs that potentially worked on network related software could figure out how to swap out key code on a machine and/or cause an alternate class to be called to handle network traffic differently than Microsoft has intended.

How many people really understand the network software to this low level? Probably most of the people who understand it best are the non-US citizens employed by all of the top corporations in the US when they ship in people from Infosys while laying off US citizens who have years of experience and have completed successful projects for them that save them a lot of money (not that I have any personal experience with this or anything.....)

However it is sad but we must also consider the possibility that US Citizens (in a very tough economy created by all this job outsourcing) have compromised systems for external third parties. So it is not just safe to trust US Citizens either.

The issue here is: Audit Everything.

Wednesday, November 05, 2008

AT&T Wireless Card Doesn't work in Wisconsin

I was in the heart of America - center of Wisconsin - in some small towns and the AT&T wireless card advertised on TV to find the Internet - anywhere - didn't work. Try around Mauston, Tomah, etc.

Strange Characters on Web Pages using AT&T

Strange characters at the top of pages using AT&T Internet card.

I keep getting these characters at the top of web pages when using AT&T wireless card on the bus on the way to work: