LongURL and the plugin for Firefox

URL shortening services are very useful and is great especially for those social networking sites (facebook, twitter, etc.). I have nothing against the use of TinyURL, bit.ly, is.gd, ping.fm and other URL shortening services. I am sharing the information that sometimes useful things are being abused by the bad guys. These bad guys can create malicious links and hide it using these URL shortening services.

For the security conscious individuals out there, they prefer to know where a link will lead them before they click on the link. A very helpful tool for this purpose is LongURL. You can manually enter those shortened URLs in the LongURL site and get the expanded URL. Or if you are using the Firefox browser you can try the LongURL Mobile Expander addon.

Quoting the Firefox addon page:

You should always know where a link takes you before clicking on it. Services like TinyURL.com make that difficult. LongURL Mobile Expander uses the LongURL.org web services to let you know where shortened links *really* go.

This is follow-up post for my fun article on GiantURL TinyURL article.

Hope you find this information useful 🙂

RSA 2009 Day 3, Day 4 and Day 5

This is a long delayed post. Was really busy with some office stuffs when I arrived to Cupertino office. So the highlights:

Day 3
Ira Winkler’s Is Google Evil? preso is a good one. He discusses some good points on potential Google apps with controversial policies. (From CNET/Schmidt, Google Streetview, UK protests, Japan Legal issues, to Google Health and Goog-411 etc.). I have used Google Maps here quite often and have tried the Streetview app. I agree with Ira that this street view feature is helpful for the commercial establishment but the risks to residential areas are high. The other points raised are worth some blog posts here in the future.
On the keynote speeches on the afternoon, the first one was The Obama Administration’s Cyberspace Policy Review. We were so excited to hear this out but sad to say that the speech was boring. Good thing John Chambers of Cisco came next and gave one good speech on Collaborate with Confidence.
Dave Dewalt, Mcafee’s CEO cannot keep up with the pace that Chambers set. Sorry but I find his “The Cybersecurity Challenge – How Do The Good Guys Win?” old news and boring.

Day 4
Day 4 gave the best session for me: Exploiting Online Games. The audiences were few, but all of us are very interested, as we are all gamers, young and old alike. Greg Hoglund discusses his progress on exploiting guess what? World of Warcraft. He also discussed the gaming sweatshops businesses in China, Philippines and other third-world countries. Another researcher discussed his experience with Disney’s Pirates of the Carribean. He also gave cool clips and funny experience. Another panelist is a lawyer who handled high profile game related lawsuits. And the last panelist discusses his tricks in the poker game Hold em.

No special keynotes for the day 4 since the one that we want to attend was cancelled (Wikinomics)

Day 5
First session I attended was “Threat Horizon – Discovering the Threats of the Future”. The methodology the presenter discussed is logical and overall the preso was good. Next session I attended is 2009 Cyber Threats and Trends which is a great last presentation for the RSA 2009 (as the afternoons was reserved for keynote sessions)

The afternoon keynotes were great. The Hugh Thompson show featured a victim of a Facebook Scam and share his experience. This is a very informative info and definitely worth another blog post in the future.

The Mythbusters session was A-OK. I initially thought that they will do some serious busting of a techie myth, but do it in front of all these security professionals and industry experts will be tough. I gave up deciphering the code they gave out in the early days of RSA 2009, and good thing they explained it was either all people will get it right or no one at all. They got the biggest deciphering machine that I’ve seen. See the picture taken by my colleague JC.

They gave some good loud bang to end RSA 2009 though and I think that was cool.

RSA 2009 Day 2

Some of my favorite topics for the RSA 2009 Day 2:
On the keynotes side:

  • I like the Moving Towards ‘End to End Trust’: A Collaborative Effort from MS’s Scott Charney. It shows the effort and commitment of MS on building the trust from end to end perspective.

On the afternoon sessions its worth mentioning the following:

  • Cloud Security Panel Discussion with Trend Micro’s Eva Chen, Zscaler’s Jay Chaudry. The two have good and interesting agreement and disagreement points during the panel.
  • Social Networks: The New Frontier for Malware, Spam and Identity Theft is a lively session. Of course we have Graham Clueley of Sophos. He presented the hot social networks and how bad stuffs interact with them.
  • In Crash Course: How to Become a Successful Online Fraudster, Uri Chavner of RSA shares his experiences on online fraud, and discusses the “career path” of the fraudster. Will you be a harvesting fraudster or a cash out fraudster?

Like my RSA 2009 Day 1 post and in the tradition of my free six video and my six tagalog love quotes posts I am sharing some another six pictures of the IT Security Vendors that I chanced upon in RSA2009.


Cisco’s The Realm


Simply Google


IBM’s smarter planet


We got Intel


Microsoft End to End Trust


And Oracle

RSA 2009 Day 1

First things first, what is RSA 2009 Conference? It is the biggest Information Security Industry Conference and Exposition. I promised in my last post that I will update this blog with my San Francisco and RSA adventures so here we go…

Monday, April 20, 2009 is Day 1 for the RSA 2009 conference in San Francisco. Highlights of the day are the Registration at the Moscone Center, Welcome Reception and Exposition.

We went to the Moscone Center at around 9AM and registered. Registration a breeze, it’s really an efficient process (and high-tech too). You will line up in booths with laptops and enter your name (as we are pre-registered). Then next pit stop will be the printing station, where conference badges will be printed. Sometimes a photo ID will be asked to validate your identity (so it’s always a good idea to bring your Philippine Passport all the time). RSA2009 badges have built-in RF chip which is kinda cool (see details below). Next you need to get your conference materials and other RSA stuffs (bags, etc). If RSA 2007 was a windbreaker (with RSA 2009 and Symantec logo), this year it is a dark sweat shirt, with the logo of the major sponsors (Cisco, Mcafee, Qualys, CA, IBM, and TippingPoint) on the sleeves.


Conference theme is Edgar Allan Poe. He was not just a poet and a journalist; he was an accomplished cryptographer of his time.


Day 1 is a light day with registration on the morning, and some non technical sessions. I skipped the First-Time Attendee Orientation, since this is my 2nd RSA and went directly to the welcome reception.

In the welcome reception, food and drinks are served in the exposition hall. In the exposition hall different IT security vendors showcase their products and interact with the delegates and attendees. If you are really lucky, some vendors raffle out great items (Wii, netbooks, gadgets, etc) so if one is really a luck magnet (even if you still have not won in Philippine lotto) they just need to scan your badge with the vendor.

One great thing I noted in RSA 2009 is that they are very eco-friendly now. Lots of lots of eco-friendly bags are hanging out there for the delegates. Most of it are just like the SM Bonus Green bag 🙂 but some bags are great.


And in the tradition of my free six video and my six tagalog love quotes posts, I am sharing some free six pictures of the IT Security Vendors that I chanced upon in RSA2009. The list is a long one so for this post, I will limit it to AV companies.

CA’s Take Control Campaign

Kaspersky’s medieval theme 🙂

Mcafee the sponsor

Sophos’ Let Them Audit

Symantec’s STR type hero 🙂

Trend Micro’s Think Again Campaign

Downad, Conficker and April 1 – Part 3

A follow-up post on my Downad Conficker April 1 article series.

The D-Day has passed and it is good to hear that there were no major devastating issues related to Downad. But as Mad-Eye Moody of the Harry Potter series would say “Constant Vigilance!“. Nuff said 🙂

Below is an interesting article from ZDNET blogs. If you like some visualization to know if you are infected by Downad, read on…

Because Conficker blocks victims from visiting Web sites for anti-malware vendors, Joe Stewart from SecureWorks has come up with a clever eye-chart (if that gets blocked, try this one) that provides visual confirmation on infections.

If you can see all three images in the top grid below, your computer is NOT infected with Conficker. However, if one of the F-Secure, SecureWorks or Trend Micro logos appears broken, chances are your computer is part of the Conficker botnet. Here’s the explanation on how to interpret the chart.

Want to know more, kindly visit this ZDNet Zero Day article.

Another visualization of Downad/Conficker Traffic can be viewed at this Trend Micro Malware Blog article.

DefConPH BeerTalk Manila on April 24

I’ve heard from a colleague that DefconPH will have their Beertalk in Manila this April 24. I’d love to come and be a noobie or a poser 🙂

Seriously, I would like to attend and join the fun but it seems I cannot make it that day (will post the reason when it’s already final). Hope I can be free by the annual DefConPH event in Cebu this June. Good luck to the presenters!

So what is DefCon? DefCon is the largest “underground” hacking convention held every year in Las Vegas. DefConPH is the Philippine counterpart of the DefCon International. Beertalk is a gathering and discussion on techie issues, over beer of course. Want to know more, kindly visit the DEFCONPH site.

DefconPH BeerTalk2 Details:

Grilla Paseo De Roxas Avenue Branch, Makati
Near Greenbelt

April 24, 2009 @ 1900 HRS PHT

Who Should Attend:
Everyone can attend not just IT enthusiasts. We mean everyone, humans on different fields like Feds, Lawyers, Salesman, anyone who are willing to learn what is going on with information security these days.

Registration Fee:
Early Php800.00 / Late Registration Php1500.00 includes DEFCONPH Official T-shirt, 2 Bottle of Booze and 2 Slice of Pizza

NOTE: Early Registration closes on April 12, 2009

Complete details here.

Downad, Conficker and April 1 – Part 2

As promised on my earlier Downad, Conficker and April 1 post, I will be doing an update when I have some new information on this issue. So here it is:

Quoting Trend Micro Malware Blog:

Trend Micro is part of the Conficker Working Group, also called the Conficker Cabal. As part of this group, we must continue to set straight misconceptions surrounding DOWNAD/Conficker and what it’s set to do on the anticipated date. Allow us to reiterate some facts:

Q: What will happen on April 1, 2009?
A: Based on our collective technical analysis, we’ve determined that systems infected with the latest version of Conficker will begin to use a new algorithm to determine what domains to contact. We have
not identified any other actions scheduled to take place on April 1, 2009.

Q: Will an updated version of Conficker go out to already-infected systems on April 1?
A: It is possible that systems with the latest version of Conficker will be updated with a newer version of Conficker on April 1 by contacting domains on the new domain list. However, these systems could
be updated on any date before or after April 1 as well using the “peer- to-peer” updating channel in the latest version of Conficker.

Q: Should the general public be alarmed? Why or why not?
A: No, the general public should not be alarmed. Most home users have been protected by Microsoft Security Update MS08-067 being applied automatically.

Read the complete Trend Micro Article HERE.

So my (personal) advice to all:
1. Make sure your machines are patched.
2. Do not panic.
3. Stay safe online

Got to get some sleep 🙂 Tomorrow will be a long long day for me.
Leave some comments here if you have related questions.

Downad, Conficker and April 1

A friend asked me about the conficker/downad malware on our yahoogroups. I replied that since I am not allowed to do official PR’s (Press Releases) on this issue, I will just post some publicly available articles related to the conficker/downad malware (and some of my personal opinions if I will have some extra time). So here we go:

First some definitions.
Downad is a malware. Different AV (Antivirus/Internet Security) vendors have their own naming schemes for it: Conficker, Downadup, Kido and Downad. I won’t go on the the details why different AV have different names, it’s really a long story and maybe worth a post or two in the future.
April 1 is of course April fool’s day. By experience, we know that some malware authors’ uses special days and events (like Halloween, Christmas, Thanksgiving, Valentines, etc) as trigger dates for their wares.
So why is April 1 associated with Downad?
The antivirus researchers know that a widely known Downad/conficker malware variant have the date “April 1, 2009” inside its code as some sort of trigger date. Trigger date that it will do something bad.

Why Conficker/Downad is so special?

Maybe because Microsoft offered some big bounty for the malware authors responsible for the downad. Read more here

There are also some ongoing discussion in some high tech blogs that all these things are hype. My personal opinion: Better be prepared than be pwned.

In the tradition of my free six video post, Below are some six articles/links if you’re interested to dig further:

  1. New Downad Generate More URLs
  2. Conficker’s next move a mystery to researchers
  3. The Conficker Worm: April Fool’s Joke or Unthinkable Disaster?
  4. What Will Conficker Bring on April 1?
  5. Houses of Parliament computers infected with Conficker virus
  6. Trend Micro Virus Description for Downad malware variants

Will post some other related articles here (or as a new post) as we near April 1.

Adobe Releases Acrobat 9.1 Update

Adobe released some updates for Adobe Reader 9.1 and Acrobat 9.1. The company said that these updates solve the recent JBIG2 security issue (If you’re geeky and know CVE, the exact vulnerability is CVE-2009-0658).

Quoting the Adobe Product Security Incident Response Team

We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1. The Adobe Reader 9.1 update is available here. Acrobat 9 users should refer to the Security Bulletin for download details

Read complete details here.

Calling all PDF files users, time to patch up your Acrobat readers. I tried it and its around 40 MB of download. Who uses PDFs? Let me see, free ebooks from blogs and sites usually comes in PDFs so that’s one group.

Hope this helps.

Microsoft’s Ballmer Shares His Seven Bets for 2009

While I’m rooting for my free six for menardconnect this year, Microsoft’s CEO Steve Ballmer is having his top seven bets for 2009. The list includes:

  • Windows. Definitely the core of MS and this is also my guess why he chose seven, since they are focusing on Windows 7.0 this 2009.
  • Mobile. Touched Windows Mobile platform as well as Zune entertainment services (read: iPhone and iTunes turf)
  • Desktop Productivity. Office and Sharepoint. This is Microsoft’s bestseller and profit maker (cash cow? 🙂 ) at the present.
  • Server and Tools. Kinda vague for me but I guess this have something to do with the online hosted service offering. Will research further if they are also putting some things in the cloud.
  • Enterprise Software. SQL Server and other middleware. (read: Oracle’s turf)
  • Search and Advertising. Wow this is Google’s turf so I find it very interesting. He talks about plans of combined resource of MS and Yahoo to combat the Big G, but definitely no buyouts/acquisition. He mentioned that MS have 3 to 4 percent of the global search engine queries and they will not give up on this since there is no turning back if they give up.No concrete details other than not throwing the towel
  • TV and Entertainment. Beyond Xbox. The key strategy he says is putting gaming and entertainment to the PC, phone and television.

Wow this is not like betting on Philippine Lotto. The stakes are higher here and this affects a lot of lives and companies out there.
If you want to read more on this topic visit zdnet article.