In the past weeks Microsoft introduced Windows Genuine Advantage, which checks user’s computers for illegal copies of the popular operating system. One can wonder why WGA and why now? Why not starting WGA together with the future release of Windows Vista?

Although Microsoft incorporated product activation in many of its products, such as Windows XP, it did not stop hackers from cracking the activation process, and illegal copies of Windows were soon circulating around the net, and especially in P2P networks.

Users who are found to have pirated copies of Windows are encouraged to buy a legal copy at a discounted rate. In addition Microsoft cut Windows prices around the world and selling the operating system at deep discount.

These steppes by Microsoft made me think why Microsoft lowering prices, creating cheap trimmed down versions of Windows XP and fighting piracy with new tools other than product activation. Well the conclusion I could come with is Microsoft is making a clearance sale before the release of Windows Vista.
(more…)

Wireless technology is becoming main stream in recent years. When home users considering building a home network a lot of them, if not most of them end up choosing Wi-Fi network, i.e. 802.11b or the latest 802.11g, since wireless networks have become fast and easy to install especially with the help of Windows zero configuration feature.

Wireless networks are also taking a major step in to business with a growing number of companies deploying hotspots across corporate offices.

With current Wi-Fi technology, wireless networks are limited to connecting to the Internet or to the local network using computers. Multimedia devices that use wireless technology to stream video and audio are not very popular, mostly due to the limited range and bandwidth of 802.11b. Even 802.11g is not fast enough to fulfill the high bandwidth requirements of video streaming.

A new emerging technology promises to overcome the limitation of current wireless standards. The new technology, called 802.11n or MIMO (pronounced My-moh), which stands for Multiple Input – Multiple Output. IEEE has not yet set the standard specs, which are expected to be finalized sometimes next year, but that is not stopping companies to come out with 802.11n products based on the draft proposal submitted to IEEE.
Today’s Wi-Fi radios use 20-MHz of analog baseband bandwidth to transmit information across the two frequencies used by 802.11b/g, and 802.11a. Moving to 802.11n will require approximately 100 MHz of bandwidth.

The IEEE 802.11n standard is currently deadlocked between the TGN Sync proposal, which Intel supports, and the competing WWiSE proposal. TGn Sync has proposed using 40-MHz channels in the 5-GHz spectrum band used by 802.11a, while WWiSE’s proposal involves using 20-MHz channels in the 2.4-GHz band used by 802.11b/g radios.

XML technology is very popular with software development. One of the most common ways to work with XML files is using the ch is part of Java API for XML Processing. Although DOM gives you the basic functionality to work with XML files, simple operation it can be tedious if you don’t have several utility classes to work with DOM objects.
In this article we’ll write some useful utility methods that you should have in your arsenal when working with DOM objects.

The first method we’ll need in our arsenal is one to load an XML file and create a DOM object. In order to be as generic as we can we’ll use InputSource as our input.
Note in this method we’ll be using a default EntityResolver which is a good idea to have one. I’ll leave the implementation of getDTDResolver() and your own EntityResolver to you.


/**
* Creates and returns a Document from the given input source.
* @param inputSource the source of the document
* @param validating true if the parser should validate
* @param namespaceAware true if the parser should be namespaceAware
* @param errorHandler errorHandler for the DocumentBuilder
* @param coalescing true if the parser produced will convert CDATA
* nodes to Text nodes and append it to the adjacent (if any) text node; false otherwise.
* @param entityResolver the entity resolver
* @return the parsed and loaded DOM document.
* @exception XMLException if an error was encountered loading and parsing the file
*/
public static Document fromInputSource(InputSource inputSource, boolean validating, boolean namespaceAware, ErrorHandler errorHandler, boolean coalescing, EntityResolver entityResolver) throws XMLException
{
   DocumentBuilderFactory dbFact;
   Document doc;
   try
   {
     dbFact = DocumentBuilderFactory.newInstance();
     dbFact.setNamespaceAware(namespaceAware);
     dbFact.setValidating(validating);
     dbFact.setCoalescing(coalescing);
     DocumentBuilder db = dbFact.newDocumentBuilder();
     if (errorHandler != null)
     {
       db.setErrorHandler(errorHandler);
     }
     if (entityResolver != null)
     {
       db.setEntityResolver(new EntityResolverDelegate( new EntityResolver[] { entityResolver, getDTDResolver() }));
     }
     else
     {
       db.setEntityResolver(getDTDResolver());
     }
     doc = db.parse(inputSource);
   }
   catch (IOException e)
   {
     throw new XMLException("An error in parsing the input source", e);
   }
     catch (ParserConfigurationException e)
   {
     throw new XMLException("An error in parsing the input source", e);
   }
   catch (SAXException e)
   {
     throw new XMLException("An error in parsing the input source", e);
   }
   return doc;
}


Next it is a good idea to have some convenience methods to load your XML file such as fromInputSource, fromFile and fromString, in these methods just call the fromInputSource method we created.

Imagine a new portable device that can play mp3, display pictures, record and display video (PVR), surf the internet, write and receive emails, have a calendar, notes and a phone book. A device that you can play games with it, has a 40GB drive and you can install any other application that you want. All that at a price range of $300-$400.

(more…)

It seems like spammers have set a goal to their selves to invade and ruin every good aspect of the internet.

Spam has started with email, sending millions of email messages every day; spam mail is responsible for most of the email traffic in the world. But spam email is not the only form of spam.

Spamming instant messages networks is growing strong and increasing from day to day, but most instant messages software have the ability to block messages from people who are not in your buddy list.

Crackdowns on spammers has just begun with companies like America Online, EarthLink, Yahoo and Microsoft suing spammers trying to reduce the amount of spam, causing damages of millions of dollars in lost time, bandwidth and server expenses.
The increate in popularity of anti spam software, and anti spam systems integrated in the mail servers forced the spammers to find new ways to infect the internet with unwanted ads.

In the recent months another and new form of spam is getting more popular with spammers.

With the increase in popularity of Blogs, and content sites enabling comments and talk back sections, spammers found a new ground for polluting the internet. Zombie machines, infected with malware are posting spam messages to the comments sections on websites, usually containing links to or drugs, gambling or porn web sites.

With the increase awareness to security the demand for securing data is rising. Fortunately Java provides pretty good tools that can help developers encrypt and decrypt data.

One of the most popular encryption is called RSA encryption. Named after its inventors, Ron Rivest, Adi Shamir and Leonard Adleman, RSA encryption transforms the number “char” into the number “cipher” with the formula

cipher = char^e (mod n)

The numbers e and n are the two numbers you create and publish. They are your “public key.” The number char can be simply the digital value of a block of ASCII characters. The formula says: multiply the number char by itself e times, then divide the result by the number n and save only the remainder. The remainder that we have called cipher is the encrypted representation of char.

Using the two numbers you have published, anyone can scramble a message and send it to you. You are the only one who can unscramble it; not even the sender of the message can decrypt the ciphertext.

Standard Java 2 distribution includes security provider support for generation of RSA digital signatures, but does NOT contain a provider implementation for generating RSA encrypted data. An extra provider must be added to obtain this capability from standard Java 2, such as the Bouncy Castle Provider.

Since I couldn’t find any good examples that use Java with RSA, we’ll build a nice RSAEncryptUtil class that you can use as a reference for using RSA encryption (you can download the full source code here).

The first thing we need to do is to define the algorithm that we want to use.


protected static final String ALGORITHM = "RSA";


Then as stated before we’ll need to add Bouncy Castle as our RSA provider. In order to do that we’ll write an Init method for our class

/**
* Init java security to add BouncyCastle as an RSA provider
*/
public static void init()
{

Security.addProvider(new BouncyCastleProvider());

}

To generate what is called private and public keys, Java provides us with a simple to use KeyPairGenerator class. The java.security.KeyPairGenerator generates the two keys that are returned in a java.security.KeyPair object.


/**
* Generate key which contains a pair of privae and public key using 1024 bytes
* @return key pair
* @throws NoSuchAlgorithmException
*/
public static KeyPair generateKey() throws NoSuchAlgorithmException
{

KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM);
keyGen.initialize(1024);
KeyPair key = keyGen.generateKeyPair();
return key;

}


Follow @aviranm

There are many discussions about who is the most secure browser. In the last few month people are more aware to the fact that the browser we use can be dangerous, due to recent security flaws discovered and highly publicized in both Internet Explorer and in Mozilla.
With the rollout of Windows XP service pack 2 Microsoft claims that windows and Internet Explorer are more secure then ever before. But recent discoveries show otherwise and although Internet Explorer is still the most popular browser in the world, the wind of change started to blow with the release of Mozilla’s FireFox 1.0PR, and for the first time in many years IE market share started to drop, as many users migrated to the new kid in the block, FireFox.

In the browser market there are three major players. Microsoft with IE, Mozilla based browsers and the fast and lean Opera.
So who is the safest browser?
To answer this question we first need to point out one fact. Most hackers will use well known vulnerabilities in your browser to hack in to your system. Having said that, in order to determine who is the most secure browser we’ll take a look at known vulnerabilities in each browser, and see how their respective developer handled those flaws.
In this review we’ll try to answer the question which browser has less vulnerabilities and how long it takes to fix new security flaws. In order to come to a conclusion we’ll take a look at the 2003-2004 period and compare Internet Explorer, FireFox and Opera browsers. The data is taken from Secunia.com which is one of the leading provider of IT-security services.

Internet Explorer 6.

As of October 2004, Internet Explorer 6 holds 69.8% of the browsers marker share.
According to Secunia.com 44 security advisories where issued for Internet Explorer 6 during the period 2003-2004. Out of the 44 advisories, 16 remain unpatched (36%). 27 of the 44 advisories are ranked as “Highly critical” and “Extremely critical” flaws (ranks 4 and 5 of 5), out of which, 5 still remain unpatched. The oldest unpatched flaw dates 2003-03-13.

Internet Explorer Advisories (source)

Mozilla – FireFox

Mozilla based browsers holds 17.0% of the market share as of October 2004
In the time period of 2003-2004 FireFox issued 14 advisories. Out of the 14 advisories, only 2 remain unpatched, and both ranked as “Less critical” (rank 2 of 5). 2 of the 14 advisories where ranked as “Highly critical” (4 of 5) flaws, none was ranked as “Extrmrly critical”. The oldest unpatched flaw dates 2004-08-30.

FireFox Advisories (source)

Article continues (more…)

(more…)

(more…)