My critique of the article "Religion, Marxism and Slumdog

My comments on this article "Religion Marxism and Slumdog" by Francois Gautier.

1. I disagree with the notion that "Slumdog Millionaire" conveys an utterly negative image of India and should be protested by the Indian Government (like the Chinese would have done). I dont understand why? The film shows the real life of people living under those conditions. Slums, poverty, corruption are an unfortunate part of our society today and we cannot run away from it. By not showing it we would not be getting rid of it. And in todays connected world (in the age of google and youtube), i am not sure information can be controlled anyways.
2. Why should we be like China? Comparison between a Communist and a Democratic government is an apple and orange case. If China would have responded, its because they want to maintain a controlled global image irrespective of what happens inside their country. India cannot do it because we are a democracy and rightly so.
3. Leaving aside the missionary part, which of the following : caste, poverty, child marriage, superstition, widows, sati, are a virtue of Hinduism? They may have served a purpose centuries back when the society was different but they have no purpose now. The mere fact that these are still used by upper caste people as exploitation tools is infact a huge shame on us. There is no doubt that missionaries have capitalized on this. But, what will the lower castes who become the victims of these vices do? For many of these people, escaping into another religion was probably the only answer.
4. Author says, "Today, billions of dollars that innocent Westerners give to charity are used to convert the poorest of India with the help of enticements such as free medical aid, schooling and loans." But, who is responsible for this? It is we ourselves. Everyone dreams of a good life and so do the poor. If the Government cannot fulfill its promises for the poor, the poor are going to find some other means of fulfilling their needs. I think instead of blaming the missionaries (whose work can be viewed as both good and bad in different contexts), we (the people of India along with the Government) have to solve our problems of poverty and caste. If that is done, there wont be any incentive for anyone to either get converted or convert others.
5. Author says that western authors portray detrimental images of India and especially talk of 'Hindu fundamentalism'. I personally believe that fundamentalism of any kind is wrong be it Hindu, Islamic, German etc.. What i would defend is "Hinduism" and its core principles and not fundamentalism. What RSS,Bajrang Dal and Shiv Sena do in the name of Hindutva is precisely what Osama Bin Laden does in the name of Islam. This is what Hitler did half a century ago. Do you agree with them?
6. The immediate paragraph says "Hinduism has given refuge throughout the ages to those who were persecuted at home: the Christians of Syria, the Parsees, Armenians, the Jews of Jerusalem, and today the Tibetans, allowing them all to practice their religion freely." The author is now talking of Hinduism here and not of any extremist philosophies and he is absolutely right now.
7. The notion that India only belongs to Hindus is complete bullcrap and Hinduism does not say anything like that. "Hindu Fundamentalists" say that.The central idea should be for people to unite and live in harmony irrespective of their religion, caste and color.
   
8. Finally, author asks, When will the West learn to look with less prejudice at India, a country that will supplant China in this century as the main Asian power? My question is why do we need an approval from the west. If we eradicate our own vices and solve our problems, everything will fall in line automatically. I believe that asking this question is what makes us subservient to the west more than anything else.

I found this article completely off. The line of reasoning did not appeal to me at all and the conclusions drawn do not follow from the arguments.

Gold Farming in the digital age

Ever heard of 'Chinese Gold Farmers'? Read on.

Check out the following documentaries which investigate gaming workshops in China that hire people to play online games like World of Warcraft. The workers, called 'Gold Farmers' by Westerners, sweat it out in front of their consoles to collect virtual currency, equipments and produce whole characters, which are then sold for nifty amount to other players over ebay or trade portals.

Why does this industry exist? Well, because not everyone who wants to enjoy the game can spend insane amounts of time collecting virtual money and building their armory. Thus, many prefer to just buy characters and virtual currency from people who have already done the hard work.

Check out this link to get a taste of the amount of money involved in gold trade. To quote a price from the site, 30000G (i.e. in-game currency) is valued at 494USD. That is almost 60G per dollar.

People also trade characters. Some websites which i found out are

• http://www.wowtrades.com/
• http://www.buymmoaccounts.com/
• http://mmotp.com/trade/

BBC News Coverage of this phenomenon

My favorite moments of Obama's Presidential Inaugaral Speech

The following two lines from Obama's speech were my favorite moments

Moment 1:

To those who cling to power through corruption and deceit and the silencing of dissent, know that you are on the wrong side of history; but that we will extend a hand if you are willing to unclench your fist.

Moment 2:

We reject as false the choice between our safety and our ideals.

I believe that both these lines symbolize his philosophy of change and hope. They show his commitment to shedding worn-out dogmas and notions which have traditionally influenced US foreign policy decisions. The start has been great and one has to see how it all plays out over the next 4 years.

Interesting reads for the weekend

1. 30th Anniversary of the Spreadsheet (Very interesting and sarcastic perspective on how the spreadsheet has shaped our society)

2009 marks the 30-year anniversary of the now-ubiquitous spreadsheet program. And society as a whole has deteriorated ever since its invention. It was the spreadsheet that triggered the PC revolution, with VisiCalc the original culprit. Can anyone say that we've actually benefited from its invention? Look around: I think we've suffered.

2. How undersea cables get repaired

Videos of how the repair process works.

[Update] This Alcatel page explains the process with text and a cool flash animation. It also has a section on how cables are laid in the first place.

3. Interview with an adware author

Very interesting business and technical insights into the dark part of the cyber-world.

4. 10-power saving myths debunked


5. Saving power in datacenters with DC power

Interesting article on how converting from AC to DC in datacenters may help save power.

In a typical datacenter environment, power conversions abound along the path from the outside utility pad to the servers. With each conversion, some power is lost. The power starts at the utility pad at 16,000 VAC (volts alternating current), then converted to 440 VAC, to 220 VAC, then to 110 VAC before it reaches the UPSes feeding each server rack. Each UPS converts the incoming AC power to DC power, then back to AC. The UPSes then distribute that AC power to their respective servers -- where it's converted back to DC. As much as 50 to 70 percent of the electricity that comes into the datacenter is wasted throughout this long and winding conversion process.

There's a more efficient approach, one promoted by Validus DC Systems: taking the utility-supplied 13,000 VAC and converting it directly to 575 VDC (volts direct current) using an outdoor-rated conversion unit, then running power into the datacenter over 1.5-inch cabling. Each rack in the datacenter then has a 575-to-48-VDC converter that is 95 percent efficient. The direct DC approach can save users 50 percent or more between cooling savings and elimination of conversion losses, according to Ron Croce, COO of Validus

The worlds first flying car : Terrafugia Transition

OMG ! Check this out. The future of travel is here. Has the Jetsons era begun?

Terrafugia, a Massachusets based company is purportedly test driving its road-cum-air vehicle, the Terrafugia Transition, next month. Check out the animation of this vehicle in action here. The animation shows the vehicle as a two-seater with ability to fold its wings. Its currently priced at $200,000 :-) .

It will be interesting to see how this concept picks up. For one, it will require a host of changes in current laws and infrastructure. Simple problems like, how would one take-off and land and license issues (will a pilot license be required or a driving license will suffice?) will hinder the concepts adoption. It will be interesting to see if it solves any energy related issues or adds to existing problem.

Whether it takes off or not in the immediate future, it may well be the pioneer of things to come. I am certainly excited and would have even bought one if not for the current economic crisis :)))).

A dose of my photography

Please visit my website to get an (over)dose of my photography. Pretty amateurish stuff but i am learning.

Also, i hacked up a simple perl script for generating web albums called geekalbumz. The idea behind this was to display the photograph metadata (or EXIF information) along with the photographs. This helps newbies like me to compare various photographs and learn the nuances.

Frank W. Abagnale and the irony of security industry

If you remember that name then most probably you have seen the epic movie Catch me if you Can starring Leonardo DeCaprio and Tom Hanks. In short, the movie is about this guy Frank Abagnale, (played by DeCaprio) who figures out novel ways to commit check fraud and embezzle money posing as various people (as a pilot, as a doctor and as a lawyer). The movie is all about how the hacker mindset works and is a must watch if you are in the information security field. The movie is replete with examples of social engineering tricks that determined hackers so often use. Its a good way to train ones thinking in the ways of the hacker.

This movie not a work of fiction but is based upon a real guy who did these things in real life. This is the website of the real Frank Abagnale, who is now, not surprisingly, one of the world's most respected authorities on the subjects of forgery, embezzlement and secure documents. Check out his website for more details on his lifes work in the last 30 years. Ironically, the guy who literally started check-fraud has been at the helm of defending against it for the better part of his life.

This irony presents itself in the security industry again and again with the guys who now defend the world were the ones who were once defended against. There is nothing wrong with it and maybe thats the way it should be but i just found the thought very interesting.

Art of Elevator Pitching

Elevator Pitching is the art of getting your point across to an executive in less than 60 seconds, i.e. about the time you have with an executive in an elevator.

This website is a place where enterpreneurs have to pitch their products to the audience in less than 60 seconds. Some of the pitches are really great. Check it out !

I remember my mentor once telling me the importance of "back-of-envelope" or "back-of-napkin" presentations to executives and this seems to be the same concept but on steroids. It makes a lot of sense, especially for IT Security guys where the investments don't always translate to a predictable ROI.

How the Indian IT Industry is tiding the current global crisis ? - A Nasscom Report

PuneTech blog reports about a recent talk by Ganesh Natarajan of Nasscom on how the Indian IT industry is tiding the current IT crisis. The presentation can be found here. The report is full of graphs and figures and is a very interesting and motivating read.

My summary of the report

• Inspite of global uncertainities, the revenue aggregate (from IT-BPO sector) as a percentage of GDP continues to rise (albeit a little less compared to the rises in previous years).
• This growth (in the face of current global crisis) is partly due to entry into new market verticals like Airlines, Media and healthcare apart from Banking, Financial, Insurance and Telecom. This reduces dependency.
• The industry is progressing towards providing more end-to-end services. The report cites the BPO industry as an example, where in addition to customer support, services like finance, accounting, HR, procurement and knowledge services are also being offered.
• India is exporting its services to more and more regions (though US still holds 61% of the share). The fast growing areas are Europe and Middle East. This makes us less prone to mistakes made by "Superpowers" :).
  
• The report indicates that by 2020 India will lead the world in working age population. The estimated work force in India will be 47mn compared to -17mn in the US. This extreme imbalance in work force will work towards India's sustained growth.

To ensure that India does not lose its advantage a number of initiatives are being undertaken:

• IT Export services are being spread across more cities to manage pressure on Bangalore, Pune, Hyderabad, Chennai, Delhi.Nasscom identifies around 43 Tier 2/3 cities.
  
• There is a comprehensive program in place for making Indias large talent force "employable". These include short-time objectives like making large investments in training, medium-term objectives like faculty development programs to train and sustain faculty (this is very very important given the current crisis of good teachers in our country) and long-term objectives like setting up new IITs, investing in technology innovation etc.
  

Embracing New Technology : The Twitter Case

I am a technogeek and try to integrate new technology in my everyday life as much as possible. This post is about how i am using twitter.

As most of you may know, twitter is this short messaging service which people use to convey updates in real time. It has become the micro-blogging platform of choice and has many cool advantages, one amongst them being able to convey live updates using a computer, regular mobile or smart phones. These updates can then be fetched via RSS feeds.

I use twitter to tell people (whoever is interested) what i am currently upto. These are normally sent to my twitter account as an SMS from my mobile. The current status then appears on my webpage.

So the next time, you call me and i do not pick up the phone, please check the twit on my webpage!

IPv4 Countdown vs. State of IPv6

The Internet Assigned Numbers Authority (IANA) is the body that manages the unicast IPv4 address pool (ie from 0.0.0.0 to 223.255.255.255.255). IANA assigns blocks of this space to the 5 RIR's (Regional Internet Registries) i.e. AFRINIC, APNIC, ARIN, RIPENCC and LACNIC. The RIR's use their distribution policies to further allocate addresses to local registries and ISP's which propogate them to the endhosts.

Potaroo.net predicts the following dates for the exhaustion of IPv4 address space.

Projected IANA Unallocated Address Pool Exhaustion: 04-Feb-2011
Projected RIR Unallocated Address Pool Exhaustion: 05-Mar-2012

A live down-counter counting number of days until we hit exhaustion of the IPv4 address space can be found here . This counter is generated using data from potaroo.net report The report is pretty detailed and explains the modelling used for predicting the dates. Please note that the modelling is based on current address distribution policies used by RIRs and current consumption trends. The following graph (from potaroo.net report) shows the current status of IPV4.

An explanation of the graph follows:

Note that there are 256 /8's where each /8 is 16,777,216 addresses.

IETF_Reserved : Blocks reserved for special purpose. It consists of 16 /8 Multicast blocks + 16 /8 reserved blocks + 1 /8 (0.0.0.0/8) block for local identification + 1 /8 (127.0.0.0/8) for loopback + 1 /8 (10.0.0.0/8) for personal use + 1 /8 (14.0.0.0/8) for public-data networks.

IANA_Pool : Pools of /8 left with IANA for allocation to RIRs.

Allocated : Allocated by IANA to RIR. This does not reflect current consumption because RIRs may have a pool of their own.

So much for IPv4. Now lets look at IPv6.

In 2008, there have been atleast 2 big studies around the state of IPv6.

• Google Study on State of IPv6 for ordinary users
  
• Arbor networks study on overall state of IPv6
  

The reports are detailed but these are a few interesting points.

1) Arbor networks experiment measured the total amount of IPv6 flowing in the backbone , and they note that

At its peak, IPv6 represented less than one hundredth of 1% of Internet traffic.

2) The biggest reason cited in the summary for the above observation is money.

Specifically, the department of commerce estimates it will cost $25 billion for ISPs to upgrade to native IPv6.

3) Googles effort measures the state of IPv6 from a end node perspective as opposed to the Arbor measurement. Their key observations are :

• 0.238% of users have useful IPv6 connectivity (and prefer IPv6).
• 0.09% of users have broken IPv6 connectivity.
• Probably a million distinct IPv6 hosts exist.
• Russia leads the chart in IPv6 penetration.
  
• IPv6 prevalance is low but increasing steadily by the week.
• IPv6 - IPv4 tunelling is the most common transition mechanism.
  
• MacOS has better IPv6 penetration than Vista because of its default policies in the OSes.
  

So given the predictions about end of IPv4 and the rate of adoption of IPv6, are we ready for migration? In Feb 2008, ICANN added IPv6 addresses for 6 of the 13 root DNS servers (news here) which is a step in the right direction but is it enough to prod people to migrate?

I have the following concerns about the migration:

• What would dictate the migration: economics or a better-future-internet?
• Will ISPs be willing to pay the price?
• Even if they are willing to do so, can the consumers and business transition to IPv6 seamlessly?
  
• Will security products continue working the same way?
  
• Are the vendors testing their implementations with IPv6 to make a simple software update to the tons of software already out there?
• How will this migration be different in impact than the Y2k bug of the last century? Are these comparable in any sense?
  

I have a feeling that economics will dominate this race more than anything else. If the migration is going to cost a lot of money for businesses without any added value then there is bound to be a huge pushback. Somehow the cost has to be justified to them to make this transition happen and just saying address space exhaustion may not strike a chord with every business.

The Rise and Fall of Gas!

People who have been following the economy know the state of gas (petrol) prices. But, I can provide a visual reinforcement of that fact, clearly showing the bumpy ride that gas prices have followed over the year. The following graph is plotted using data collected by me over the last one year on gas prices in the Southern California region (in Los Angeles County and Orange County). The way i collect the data is by diligently recording the date, the mileage since the last fuel fill, price of gas, gallons filled and location every time i visit a gas station to refill my car . This data helps me keep a check on my car's fuel efficiency and also serves as an early warning diagnostic system for problems. (As an aside, i once noted a consistent drop in my mileage over a period of 2-3 weeks. It turned out to be due to carbon buildup in my EFI system. Quick action probably helped me save some engine life :) ).

The plot clearly shows that gas prices started around $3.0 per gallon beginning of year, climbed all the way upto $4.7 / gallon in mid of 2008 and are falling to less than $3.0 / gallon at the end of year.

Can one predict which direction the curve is headed now ? I cannot.

The Anonymity Paradox

Scott McNealy, the former founder CEO of Sun Microsystems, once famously remarked on Privacy : 'Get over it'. This was a very bold statement to make especially for the CEO of a reputed company but he nevertheless spoke out of his experience. Its almost ten years since that statement was made and anyone who even barely uses the internet today wouldnt disagree much with Scott, though all of us would still want to believe in a perfect world.

As an aside, Privacy and anonymity are closely linked though there are subtle differences. Anonymity is keeping ones identity secret while privacy can imply keeping identity plus other information secret. For the purposes of this post i will consider privacy and anonymity the same and use them interchangebly.
In my opinion, privacy and connectivity are complimentary ideas i.e. both cannot coexist. The moment you are connected to the internet, your privacy ceases to exist. I believe that this is an unfortunate but true fact and one that people often find hard to digest. But believe it or not, total privacy does not exist in a connected world. At some level, privacy is just like security i.e. there is nothing like total privacy just as there is nothing like total security.

I can offer many reasons for this :

• Every time we do an online transaction and give out our Name, Address and Credit Card details, we are essentially "hoping" and trusting that the website will not leak out our data. Some informed users may go one step further and check if the website displays a secure logo like HackerSafe or McAfee Secure etc. Unfortunately, as detailed in this blog, it turns out that these certifications are mostly useless and can be easily sidestepped.
  

But name, address and credit cards are not the only definitions of identity and hence privacy. There are still many ways of inferring identity. A few of them are :

• Almost all websites that you browse will always log your IP address which can always reveal you or your ISP or your Organization. That is, you can almost always be tracked back.
• With the explosion of social networks and Wikis, we are getting into the habit of revealing too much information about ourselves, our families, pets and everything that was once personal to us to a much wider audience. This voluntary discloure of information is in effect resulting in very complex attacks on privacy as witnessed in the Sarah Palin and Paris Hilton case.
  
• The notion of Googling for information has caught on so much that we inadvertently reveal "stuff" about ourselves to google when we type in the search bar.
• Every time we open our gmail account and browse our emails, we also get with it some relevant advertisements placed alongside our emails. What this means is that there is a program out there that is parsing our emails and trying to "understand" us.
  
• Websites that measure website usage statistics such as Google Analytics also impact privacy in some way by storing information about your visits to websites(tracked by your IP) on its servers.

All this is fine, but where is the paradox in all this?

To state simply, my Anonymity Paradox is :

While it is difficult to maintain anonymity on the internet for the common user, the same internet offers a magical cloak of anonymity for hackers.

I was myself amazed when this realization struck me. Users find it difficult to keep their identies secret but hackers get away with their mischief without hardly ever being tracked down. The big reason for existence of the malicious hacking industry is because of this cloakability that the internet offers. Purists might argue that the law has been able to track down hackers but i do not think they will disagree over the fact that the ratio of captures to hacking incidents is very apalling at best. Hackers typically get caught when they themselves make a stupid mistake which compromises their anonymity (for instance see how Palins hacker was caught).

So at one end we have people cribbing about privacy on the internet while at the other end we have bad elements basking in the glory of the anonymous internet. To me, it looks like this is the way it is going to stay. Just like fire does not know intent and it just burns whatever it is asked to burn, the internet just does what its being asked to.

Does this all make sense ?

A Linux solution for copying and burning DVDs

The following are my experiences with copying and burning DVDs on Linux. To summarize the experience in a phrase : "It was a walk in the park".

Operating System Ubuntu 8.04

Tools of the trade

• k9copy (for copying DVDs)
• brasero (for burning DVDs)

Installation
Installation in ubuntu for the above packages is as simple as
$ sudo apt-get install k9copy
$ sudo apt-get install brasero

Procedure

• Insert DVD into tray and open k9copy.
• Choose File -> Open. This will load the DVD and show the chapters and titles as shown below. Select all the titles that you wish to copy.

• Select Action -> Copy. You will be prompted for a location where the final iso file will be saved. Make sure that you have disk space atleast 2 times the size of DVD.
• Leave all the options in the below pane as is unless you know what those options mean.
• Once the copy starts you will be able to view the progress in the right-side pane.
• The copy process creates a folder called dvd and an iso image in the location specified earlier.
• You can remove the folder dvd as it is not required during the burning process.
  
• Now to burn the iso image, open brasero and select the option for burning iso images.
  
• Insert and blank DVD and start the burn process.
• Enjoy !
  

In my experience, i have copied 4 DVDs and burnt around 12 DVDs and the whole process took slightly more than half a day. There were absolutely no errors and the original DVD quality was maintained in all the copied DVDs.

Announcing another blog !

Hello dear readers (if any).  I have started another blog (with a better purpose this time). The blog is about Indians and our innovations i.e. Jugaadu Indians and our Jugaads. The inspiration for the blog came to me while reading an article in August 24 issue of The Week. The article is about Indian Ingenuity and our innovations (or colloquially called Jugaads).  The following quote by  Dr. R. Mashelkar puts everything in perspective 

"we should think of innovation as a movement. The I in India has stood for imitation and inhibition for far too long. It is high time it stood for innovation. And the best thing about this movement is that we have the jugaad energy of a billion of us to power it forward. "

The NEWS Equation

Our life today is controlled by media. Be it newspaper, television, radio or the internet, we depend on news for a lot of our day-to-day decisions and sometimes even blindly. This fact is well understood by Media companies, Governments and Businesses alike. Unfortunately, it is also being used actively to mislead the common man.  News today is no more the simple raw information but it undergoes a complex process of editing and mixing before being delivered. Thinking over it for some time, i feel that the Media companies operate a  huge mixer which continuously churns out news according to the following equation 

NEWS = x% Information + y% Hype + z% Personal Biases + w% Political Biases 

Different media companies use different values for x, y, z and w and yield different types of news. A case in point is the recent news about the bootup of Large Hadron Collider (LHC) in CERN. A channel called Aaj Tak in India ran a TV series which would have made a layman believe that the bootup of LHC would destroy the world.  In this case, their percentage of hype was very high and little factual information was presented. Even if they would have done a simple google search for LHC and the myths surrounding LHC, they would have realized that speculations about formation of massive black holes have been long dismissed by emminent Scientists. But the media today is more interested in their own TRP ratings and very little interested in presenting facts. 

When will people learn ?

Airtel (one of India's leading cell phone providers) has recently tied up with Apple to offer the iPhone 3G in Indian market. Everything is good but is the following sort of sales pitch necessary to sell of iPhones?? Airtel is quoted here as saying :

"even the most deadly hackers on the planet won't be able to crack the
codes that support the iPhone's Airtel applications with rival company
SIMs."

My question is : WHY ???. Even if you really have provided tamper-proof security, throwing a n open challenge to the highly skilled and distributed hacker work force on the internet is nothing short of the proverbial "hitting the axe on your own leg". Such stunts may be good to test your products before entering the market but not once the products are already out there. Such stupidity has surely attracted the bees and its just a matter of time before the bees sting.

Return gifts from an internet cafe

Today, i was at an internet cafe for getting a printout as my old printer died its natural death. As usual, the cafe was running Windows XP machines in administrator mode. I never like the look of a windows machine running in administrator mode in a public place and i was quite sure that it was already pwned. Nevertheless, i plugged in my USB drive which contained just the file i wanted to print. After a few seconds, my drive was detected and i could print the file i wanted. All was well and good.

Then i took the drive home and plugged it back into my laptop which fortunately runs Ubuntu. Lo and behold, my drive now had three return gifts from the internet cafe. Doing a quick antivirus scan on the files revealed the following

neoblitz@n30:/tmp$ clamscan /media/PKBACK#\ 001/*
/media/PKBACK# 001/1.jpg: OK
/media/PKBACK# 001/2.jpg: OK
/media/PKBACK# 001/autorun.inf: OK
/media/PKBACK# 001/New Folder .exe: Trojan.Autoit.gen FOUND
/media/PKBACK# 001/regsvr.exe: Trojan.Autoit.gen FOUND

----------- SCAN SUMMARY -----------
Known viruses: 396428
Engine version: 0.92.1
Scanned directories: 0
Scanned files: 6
Infected files: 2
Data scanned: 1.57 MB
Time: 6.231 sec (0 m 6 s)

As you can see, i had 2 trojan binaries and an autorun.inf which pointed to those binaries. For people who didnt realize, this is a worm which uses an unsuspecting user to physically propogate it from machine to machine.

It makes me wonder, how many unsuspecting folks would have got infected by this. Also, the public machine itself is probably a part of some botnet and has all types of exotic malware already installed, sniffing passwords and recording transactions of unsuspecting users. Phew !

So the moral of the story is two-fold,

• Do NOT trust public machines. Avoid using them for doing electronic transactions using your credit card, using your username/password for your email accounts and so on and so forth.
  
• If you run as administator, then very likely you are not the only administrator :)
  

I will publish results of analysis of the binaries in the next post soon.

Sound bytes could now play the devils tune !

The next time you want to download your favorite song (illegally ofcourse :)) from a p2p network or some illegal site, think twice. The latest in malware infection has just been found. According to this report from Kaspersky Lab, there is now a worm to infects your .mp3 files.

From the report, the workings of this worm are as follows:

The worm, which was named Worm.Win32.GetCodec.a, converts mp3 files to the Windows Media Audio (WMA) format (without changing the .mp3 extension) and adds a marker with a link to an infected web page to the converted files. The marker is activated automatically during file playback. It opens an infected page in Internet Explorer where the user is asked to download and install a file which, according to the website, is a codec. If the user agrees to install the file, a Trojan known as Trojan-Proxy.Win32.Agent.arp is downloaded to the computer, giving cybercriminals control of the victim PC.

You can get directly infected by the worm or via an already infected mp3 file downloaded from some malicious site or P2P share. The simple precautions to take against this type of infection are the age-old and time tested ones:

1. Never run as administrator on your computer. I repeatedly keep hearing that its insane to not be administrator on your own machine. Please note that, if you run as administrator of your own machine, then there is probably another administrator of your machine :). This simple precaution can help mitigate tons of security issues and make attacking your system that more difficult.
   

2. Do not install stuff from websites that you do not know or trust i.e. do not randomly click install buttons unless you are absolutely sure.

3. If you are really crazy about p2p downloading as if your life depends on it, then try using a VMWare to download stuff. This way, in the event of a compromise, atleast your critical data residing on your real system is protected.
   

Testing your DNS servers for CERT VU#800113 (or Dan Kaminskys bug)

Here are 2 pointers to diagnostic tools for testing your DNS server against Dan Kaminsky's vulnerability (or CERT VU#800113). Please note that these tools use a very simple test and may not be enough to provide a foolproof assessment of the strength of your DNS server.

• DNS-AORC htps://www.dns-oarc.net/oarc/services/dnsentropy
• Dan Kaminskys Page - http://www.doxpara.com
  

[Update] There is also a simple command-line from the same folks at DNS-OARC. Just fire the following command from a command line (ofcourse you need to have dig installed).

dig +short porttest.dns-oarc.net TXT

The first gives out a real cool output. Sample shown below. If you see GREAT as the output it means you are ok against the bug (as far as the tool is concerned).