†è¢h båbblè

My daily dose of rant & whine !

Anonymous Proxy: Demystified

Sunday, May 15, 2005
Well if you have ever considered hiding your system from the internet then anonymous proxy are the first things that will pop-up that list.There are different types of proxy like content filtering,the one that can be used to share a single internet connection to many computers..blah blah & anonymous proxy which we will be talking about.
This is how it works,any information that flows through the anonymous proxy first, then reaches the destination,so this means the IP[32-bit address] address of the proxy machine gets logged where ever I go & not my IP address.This seems all Oober & make a everyday joe feel ultra cool at first but if you think logically then this is a stupid mistake.Agreed you arent stamping your authority everywhere you go when you log-in to the internet but what about the machine through which information is flowing[anonymous proxy machine] ? Can you trust that machine? Anyone with administrator priviledges on the machine can make a profile out of your internet activity,you ask how? Well since the information is flowing through that machine anybody with a decent amout of knowledge & proper tools[Ethereal] can sniff every single piece of information thats flowing & easily make a port folio of you for malicious purposes.
What more scares me is that there are more such free services available lying around the internet than any reputed paid service.Incase there are then please do let me know.But the practical aspect still remains the same for both.

What seems more amusing is why do people wanna hide? My point is if you got nothing to show then why worry about someone who has your IP address?
Below are a fewbasic pointers to secure your machine,
1.Disable un-necessary services.
2.Close open ports.
3.Install a firewall possibly a hardware since that would take the load of your processing which would otherwise be required in the case of software variants.
Btw a hardware firewall doesnt have to be a appliance firewall like Cisco PIX... but even a old machine lying around can perform firewall like capabilities.The definitions are changing my dear friend.There are freebie solutions like Smoothwall,Clarkconnect which are based on GNU/Linux can pretty much help you in getting what you want at a 0$ price.Some may say even routers can perform firewall like functions,which is true under certain products & rest plain vanilla routers are just NAT routers which block everything that isnt requested from the inside.
4.A good Anti-virus which is frequently updated really helps catching the malicious code.
5.Oh how did I miss this? scumware,its all about spyware,adware,dialers,trojans which all collectively qualify as scumware.The new threat on the internet these days.
There are few programs which like Spybot Search & Destroy,Adaware & MS Anti-spyware[this is a really cool product,i'm mightly impressed] which are must haves !
6.And most importantly common sense & you should be on your way to safe hex !

Google going the manera común ?

Tuesday, May 10, 2005
My experience with google has been great.Their services offer so much: google search,gmail,orkut ..etc These are my daily bread & butter when it comes to knowing,learning,accessing,having fun & getting stuff.Athough I very well know how google adsense works the ads in my email dont bother me much,what the heck those are just ads put up by intelligent machines[thats what google says] ! And as if other email providers are providing fool proof user privacy,checked any email provider EULA while registering yet ?
All this was fine until I downloaded Google Web Accelarator,another free creation by google labs to improve broadband internet speed.Although still being in its infancy[read as beta] stage I as usual was happy to play around with it.
After installing the software I loaded ethereal & windump & started capturing packets & analayzing them just in case if some backdoor calls back to everyday joe's computer who is ready to make my internet profile !
You know I always do this,I'm paranoid alright or a security buff who likes to see the inner workings of information flowing,either way I'm learning but thats a different story.
Back to the topic, few packets flow while I access a couple of pages through Opera,nothing in it,
Google is clean as usual! I knew it,its my faithful google afterall...but wait a minute a RSS feed from a Tech Site had its title : Google Web Accelerator sparks privacy fears !
This virtually shook me for a minute & rest as they say is making rounds in the internet.
One user wrote,allow me to quote:
"I went to the Futuremark forums and noticed that I'm logged in as someone I don't know. Great, I've used Google's Web Accelerator for a couple of hours, visited lots of sites where I'm logged in. Now I wonder how many people used my cache. I understand it's a beta, sure, but something like that is totally unacceptable."

WTF !! More was soon to follow for me,my cousin just came home to access a few important emails since his internet connection had gone bad.After opening webmail yahoo & entering the authentication informatiom required the next screen led to "Your Session has been logged out.Please log-in again" Thinking that its a browser cookie problem I cleared them all,the same thing continued though no matter what.
Disable google web accelerator,refresh the page & KABOOM !! he has been logged in.
Well I for one can adjust with Indian Broadband standards rather than installing pieces of code that could very well erase my online life[Oh btw i've very little social life,so burial of my online life would indeed mean I'm dead !].This has put me off from using their services on the 0th day[in the process of the first day].Its the last thing I want to see google going the manera común !

Windows XP SP2 Firewall doesnt offer egress filtering !

Monday, May 09, 2005
Yes I very well know it doesnt offer any egress filtering but what about people who are not looking for egress filtering at all? All that matters for them is ingress filtering which they have very well in place.I've always said & will defend my words,the windows firewall is for a particular audience !

If your not from that species then go get a software firewall & make merry.I've seen similar windows bashing in quite a number of security forums as well as other forums like Neowin.People do not consider the other aspect of using it.I also admit that windows firewall isnt too great in defending attacks,software variants arent too behind either,just check bugtraq & you'll find large number of exploits for software firewalls including the most trustable zone alarm[moral of the story:software code cannot be perfect],but the very reason of not using it since it lacks outbound protection is very lame.Its a matter of choice & personal requirements to say the least.
Well this is just my stand on it,majority will disagree but thats just me !
Absolute security is a Myth !!

Pure bliss or placebo foo effect ?

For the basic level audiophile[I said "basic",I love the 30gigs music collection I've, but not all are ripped,encoded professionally]listening to music has been only through Winamp-the number one music player.
For decades now winamp has ruled the best music player spot & still continues to be number one for many.Its GUI,shortcuts,the music that came out of it & oh most importantly the huge database of plugins that are available for it...btw my fav was DSP plugin.There was simply no need for alternative to look for.
All this changed suddenly when the creators of winamp decided to stop providing further versions of the player.Although new versions still continue pouring in,that desire & passion is not there anymore.To put it in simple words:Winamp is dead & burried for me !
30Gigs of music is raw scum if there isnt a music player to make the best out of it.Further other factors matter too like GUI,plugins,support & most importantly it should sound good !
My quest with foobar started hereafter.Although I must admit its GUI sucks[it somewhat reminds me of Windows 3.11,my first operating system :) ].Above all that if you finally decide to customise it,the pain & agony of putting it all together is just too much.
I've never been able to distinguish between foobar & winamp w.r.t the music that came out of both,but recent happenings,low resource management has made foobar my favourite music player afterall.
Here let me quote from the official foobar faq:

Does foobar2000 sound better than other players?

No. Most of "sound quality differences" people "hear" are placebo effect (at least with real music), as actual differences in produced sound data are below their noise floor (1 or 2 last bits in 16bit samples). Foobar2000 has sound processing features such as software resampling or 24bit output on new high-end soundcards, but most of other mainstream players are capable of doing the same by now.

Why use it then? Well it does mostly everything that winamp used to do for me & more.Plays music the way I want it too,well organized,plenty of visual customisation,minimizes to system tray,very light on resources,plays every file format that I've.. jeez what more does it need to have?
All in all call it a placebo foo effect or blame it on me for writing this at 5:50 AM IST,but hell yeah foobar rox.Afterall once a change is good for health :)