Malvertising

The new entry point for attacking the enterprise is the web browser. Bugs in web browser implementations allow hackers to exploit your users. You know what Google says? The browser is the new operating system.

It is difficult to lock down web browsers. Hackers are injecting malware in advertising. This process is being coined malvertising. It is simpler than trying to get a user to download and execute a file.

The injection of malware ads is also pretty simple. You just put together a real ad which has the hack embedded in it. You don't need to take user a web site. Allow the web site to come to you to serve up your ad.

How do you stop such a malvertising attack? You can make sure you users are not administrators of their machines. You can also disable the technologies that allow the attacks to work. This includes JavaScript and ActiveX. The only problem with these extreme measures is that it may impact legitimate user activities.

Tweaking Vista

My friend's Windows Vista computer is slow. I have gone through some general steps to get the thing running fast. Let's now go over some last ditch specifics to speed things up.

The theme is that you should disable anything that might take up extra CPU resources, and thus slow things down. Turn off any fancy visual effects. Turn off disk performance monitoring. Disable user account control (UAC).

Clear out your Internet Explorer browsing history. There might be tons of stuff in your web browser cache. And if you are using Firefox as your default browser, install FasterFox to help it run better.

Turn off any Windows services you don't need. This one is a little tricky. You don't want to make Windows crash. However every service may be configurable to run at startup. If you can identify some that you definitely don't need, disable them.

Finally you can fine tune your page file. This is a big file on your disk that acts as virtual memory. Make this file be on your fastest disk if you have many physical hard drives. Set the size to a fixed large size. Normally Windows can manage this for you. However if you have a lot of free disk space, make it big and constant size.

If you follow all my advice from the last couple posts, I bet you can get some old hardware running Windows Vista lightning fast. Good luck.

Windows Optimization

How do you make a Windows machine run fast? There are a couple themes. One is to ensure that unnecessary programs are not running. Another is to make sure the system is optimized.

If you have spyware running on your system, it might slow it down. Run a spyware removal program like AdAware.

When Windows starts up, it runs a number of programs that you have configured as startup items. Execute msconfig from the Windows command prompt. Then uncheck any startup programs that you don't want to run. This will get your system faster in booting and running.

Another way to prevent spyware or bloatware from running on startup is to uninstall the stuff. Go to Add/Remove programs from your Control Panel. Get rid of anything you don't use. The uninstall will normally take the items out of the startup path.

Then there are some system optimization tricks you can try. Defragment your hard disk(s). Turn off indexing on your hard drive. Get programs out of your system tray. All the items I mentioned so far could increase your performance significantly. Maybe I will do one more post with some very special techniques.

Making Windows Fast

A friend of mine was complaining how slow their computer was. It was taking around 5 minutes to copy a file locally. That did not sound right. He was running Windows Vista. Luckily I have never ran that version of Windows. How do you make such a beast run faster? It seems to be a black art.

To start with, I have heard that you should have at least 1GB of RAM to run Windows Vista. And it always helps to have more memory. But I doubt that is the specific cause of this slowness. Another hardware option I read about was to get a faster hard drive. Upgrade from a 5400rpm drive to a 7200rpm one will give you some gains. That also did not seem to be the root cause.

I plan to review how Windows works, and what might make a system slow. Then I can try these things out on this machine.

Rubik's Cube

A friend recently got a bunch of Rubik's cube, as well as a solution guide. I decided to try the cube by myself. Did not want to "cheat" and read the solution. That initially got me 1 side solved. Got lucky and solved a second side. I figure it is time to analyze this thing and come up with some techniques to solve the whole thing.

One good start is to get one side solved. However that is not enough. Each side adjacent to the solved side must also have the common squares in the correct order. That way you can solve a second or third side without having to move the pieces on the first side. That's the way I want to proceed with my hack. I want to figure out a way to manipulate some cube faces without messing up a side that I have already solved.

Blogger Start Page

I like using Blogger. They give you free unlimited blogging abilities. However I had a problem with it recently. The start page where you log in was always being displayed in Chinese. WTF? I always view my pages in English. This curse just would not go away.

Logically Google must be storing some Chinese language preference somewhere. Should I get rid of all my cookies? Or is there some other secret place where they stored the language? This questioning was getting me nowhere.

Then I found out a trick of my own. I forced Blogger to display in English. From then on, the Blogger start page always shows English. I consider this a Blogger bug. But hey. The thing is free so I won't complain too loudly.

FaceBook Infio

So 171 million FaceBook names and profiles have been captured and put into a text file. You need BitTorrent to download the files. Let me tell you. The files are huge. I spent a number of hours downloading the torrent.

The text file with the URLs of all the profiles grabbed was so huge I could not open it up. I downloaded a few programs to see if they could open up such a massive file (10Gig). The only one I found that worked was called UltraEdit. This program costs $60 for the full version. Strangely enough there was a cracked copy of UltraEdit available as a torrent. I used the 30-day trial version to spy on the FaceBook profiles.

My next idea is to stuff all these URLs into an Oracle database. Then I will run a program that browses the profiles to see what nice info I can grab. The profiles sometimes show the user's FaceBook friends. That might provide even more profiles. A brute force crawl of the profiles could take a couple years. Might need to put an army of machines on that task. I will start with a few trial runs, and keep you posted.