Five things you (possibly) didn’t know about Mario

1. Mario’s last name is also Mario. He’s Mario Mario, in fact.
2. His first appearance was actually in 1981 in the arcade version of Donkey Kong, where he was known as “Jumpman”. He wouldn’t het his official name until following year’s Dongkey Kong Jr., also the only game where he plays the bad guy.
3. Not only inMario the best-selling video game character of all time, he’s also its most prolific: according to Guiness World Records’s 2008 edition, he’s appeared in 116 seperate games.
4. Mario’s distinctive high-pitched voice is provided by actor Charles Martinet, who also voices Mario’s brother Luigi andhis longtime foe Wario.
5. Nintendo released a follow-up to Super Mario Bros. in Japan in 1986, but deemed it too difficult for Western audiences. It wouldn’t hit U.S. shores as a standalone title until 2007, as a Wii Virtual Console title dibbed “Super Mario Bros.: The Lost Levels. “

Cool eh?

Quirino Grandstand Hostage: Ten things the Philippines bus siege police got wrong

While searching for articles about the shootout/hostage that took place yesterday I saw this one from bbc.co.uk that summarizes all that went wrong to our PNP procedures… specifically MPD. According to what I heard it started by 8 am in the morning while I’m still in the office and got televised by 10am while I’m in the gym. I didn’t saw any news flash when I got home by 2pm not until 8pm in the evening when I woke up with our tv volume up by 50+ and shots fired everywhere..

So here it is.

A security analyst who has worked in counter-terrorism with the British Army and Scotland Yard, Charles Shoebridge, says the officers involved in Manila’s bus siege showed great courage - but they were not properly trained or equipped for the task.

Here are 10 areas where, in his view, they could have done better.

1. Determination

Philippine police end Manila bus hijack

The first officers who tried to storm the bus were driven out by gunshots from the hostage taker, former policeman Rolando Mendoza. “They showed great courage to go on board. It’s very crowded, just one aisle down the middle of the bus. But once you get on board it’s not unexpected you are going to be fired at. Squads like this have to be made up of very special people, specially trained and selected for their characteristics of courage, determination and aggression. In this case they acted as 99% of the population would have, which was to turn round and get out. They didn’t seem to have the necessary determination and aggression to follow the attack through.”

2. Lack of equipment

The police spent a long time smashing the windows of the bus, whereas explosive charges (known as frame charges) would have knocked in windows and doors instantly. “They had no ladders to get through the windows. They smashed the windows but didn’t know what to do next,” Mr Shoebridge says. “They almost looked like a group of vandals.” Their firearms were also inappropriate - some had pistols, some had assault rifles. Ideally they would have carried a short submachine gun, suitable for use in confined spaces.

3. Lost opportunity to disarm the gunman

Mendoza’s gun was not always raised

There were numerous opportunities to restrain the gunman, Mr Shoebridge believes. “The negotiators were so close to him, and he had his weapon hanging down by his side. He could have been disabled without having to kill him.”

4. Lost opportunity to shoot the gunman

The video of the drama also shows there were occasions when the gunman was standing alone, during the course of the day, and could have been shot by a sharpshooter. “You are dealing with an unpredictable and irrational individual. The rule should be that if in the course of negotiations an opportunity arises to end the situation decisively, it should be taken,” Mr Shoebridge says. Either this possibility did not occur to the officers in charge, he adds, or they considered it and decided to carry on talking.

5. Satisfying the gunman’s demands

“I wondered why the authorities just didn’t give in to all of his demands,” says Charles Shoebridge. “A promise extracted under force is not a promise that you are required to honour. Nobody wants to give in to the demands of terrorists, but in a situation like this, which did not involve a terrorist group, or release of prisoners, they could have just accepted his demands. He could be reinstated in the police - and then be immediately put in prison for life for hostage taking.” The Philippines authorities did in fact give in to the gunman’s demands, but too little, too late. One message promised to review his case, while he wanted it formally dismissed. A second message reinstating him as a police offer only arrived after the shooting had started.

6. Televised proceedings

The gunman was able to follow events on television, revealing to him everything that was going on around him. This was a “crucial defect in the police handling”, Mr Shoebridge says. He adds that police should always consider putting a barrier or screen around the area, to shield the scene from the cameras and keep the hostage taker in the dark.

7. No element of surprise

It was clear to the gunman what the police were doing at all times, not only because the whole incident was televised, but also because they moved “laboriously slowly”, Mr Shoebridge says. The police did not distract him, so were unable to exploit the “crucial element of surprise”.

8. Safeguarding the public

This boy, a bystander, was hit by a stray bullet

At least one bystander was shot, possibly because the public was allowed too close. The bullet from an M16 rifle, as carried by the gunman, can travel for about a mile, so preventing any risk of injury would have been difficult, Mr Shoebridge says, but a lot more could have been done. “When you saw the camera view from above, it was clear there was little command and control of the public on the ground,” he says.

9. Using the gunman’s brother to negotiate

Relatives and close friends can be a double-edged sword, Mr Shoebridge says. While they may have leverage over the hostage taker, what they are saying cannot be easily controlled. In this case, the gunman’s brother was included in the negotiations - however, at a certain stage he became agitated and police started to remove him from the scene. The gunman saw this on television, and became agitated himself. According to one report he fired a warning shot.

10. Insufficient training

In some parts of the Philippines, such as Mindanao, hostage taking is not an uncommon occurrence, so the country has some forces that are well trained in the necessary tactics. The detachment involved in Monday’s incident clearly was not, says Mr Shoebridge. After smashing the windows, one of the officers eventually put some CS gas inside, though “to what effect was not clear” he says. A unit involved in this work, needs to be “trained again and again, repeatedly practising precisely this kind of scenario,” he says.

Source: http://www.bbc.co.uk

AV vendors detect on average 19% of malware attacks

Traditional AV vendors continue to lag behind online criminals when it comes to detecting and protecting against new and quickly evolving threats on the Internet, according to a report by Cyveillance.

Testing shows that even the most popular AV signature-based solutions detect on average less than 19% of malware threats. That detection rate increases only to 61.7% after 30 days.

  (Click the pic to enlarge.)

 “Even after 30 days, many AV vendors cannot detect known attacks, making it critical for enterprises to take a more proactive approach to online security in order to minimize the potential for infection,” said Panos Anastassiadis, COO of Cyveillance.

Cyveillance tested thirteen popular AV solutions to determine their detection rate over a 30 day period and found that popular solutions only detect an average of 18.9% of new malware attacks. By day eight, AV solutions average a 45.7% detection rate. This rises to 56.6% on day 15, 60.3% by day 22, and 61.7% after 30 days.

    (Click the pic to enlarge.)

 Top AV solutions take an average of 11.6 days to catch up to new malware. Since this does not include malware signatures undetected even after 30 days, users should not rely on the AV industry as their only line of defense.

All figures and statistics in the Cyveillance report (registration required) are actual measurements rather than projections based upon sample datasets, unless otherwise noted.

The data used for this study were collected and analyzed between April 20, 2010 and April 22, 2010, resulting in an overall total data set of approximately 1,708 confirmed malware files. The files were then run through the latest release of the top desktop AV solutions upon initial detection and again every six hours for one month to determine their detection and lag rates.

Source: Net-Security

How can I know if my computer is infected? 10 signs of infection

Malware technology is fast evolving nowadays. Good thing that PandaLabs has produced a simple guide to the 10 most common symptoms of infection, to help all users find out if their systems are at risk:

1. My computer speaks to me. There are all types of pop-ups and messages on the desktop either advertising things, saying that the PC is infected and needs protection… This is a typical, surefire case of an infection. There is either spyware on the computer, or it has been infected by a fake antivirus (also called “rogueware”).

2. My computer is running extremely slowly. This could be a symptom of many things, including infection by a virus. If it has been infected by a virus, worm or Trojan, among other things, which are running on the computer, they could be running tasks that consume a lot of resources, making the system run more slowly than usual.

—You can view your running apps in the Task manager (CTRL+ALT+DEL) and look for any suspicious apps that is running.

3. Applications won’t start. How many times have you tried to run an application from the start menu or desktop and nothing happens? Sometimes another program might even run. As in the previous case, this could be another type of problem, but at the very least it’s a symptom that tells you that something is wrong.

4. I cannot connect to the Internet or it runs very slowly. Loss of Internet communication is another common symptom of infection, although it could also be due to a problem with your service provider or router. You might also have a connection that runs much more slowly than usual. If you have been infected, the malware could be connecting to a URL or opening separate connection sessions, thereby reducing your available bandwidth or making it practically impossible to use the Internet.

5. When I connect to the Internet, all types of windows open or the browser displays pages I have not requested. This is another certain sign of infection. Many threats are designed to redirect traffic to certain websites against the user’s will, and can even spoof Web pages, making you think you are on a legitimate site when really you have been taken to a malicious imitation.

6. Where have my files gone? Hopefully nobody will be asking this type of question, although there are still some threats around designed to delete or encrypt information, to move documents from one place to another- If you find yourself in this situation, you really ought to start worrying.

7. My antivirus has disappeared, my firewall is disabled. Another typical characteristic of many threats is that they disable security systems installed on computers. Perhaps if one thing shuts down it might just be a specific software failure; but if all your security components are disabled, you are almost certainly infected.

8.My computer is speaking a strange language. If the language of certain applications changes, the screen appears back-to-front, strange insects start ‘eating’ the desktop… you might just have an infected system.

9. Library files for running games, programs, etc. have disappeared from my computer. Once again, this could be a sign of infection, although it could also be down to incomplete or incorrect installation of programs.

10. My computer has gone mad… literally. If the computer starts acting on its own, you suddenly find your system has been sending emails without your knowledge, Internet sessions or applications open sporadically on their own - your system could be compromised by malware.

–No task manager or regedit… definitely ! lol

Hope this helps!

How to get video off a 5G iPod Nano

Below is the step by step instructions on how to copy videos from your 5th Generation iPod Nano to your computer. Captured videos by the way.

1. Connect your 5th Generation iPod Nano to your computer with you iPood cord.
2. Locate your iPod in My Computer.
3. Open the Folder titled “DCIM” then open the folder titled 000Apple.
4. Open the folder titled 000Apple.
5. The files ending in .mp4 are your videos. Copy and pste these files to a folder on your computer.
6. Now you can edit and share you iPod videos with your friends!

LOL.. it’s that easy e?

Jogging experience from Edsa Ayala MRT to Mckinley hill.

It’s actually my second time to jogged the same distance.. The first one was last year of November but I didn’t make it a habit because of the bad experienced when walking from Mckinley Road/Forbes. Anyways, it took me 40 minutes to actually finish it. After that I’m now sick. I have colds and my back hurts. I want to rest for a week, away from work if only I could. I’m still thinking of going to work tomorrow. But I feel great that I’ve done it again. Hoping to do it again next time.

iPhone vulnerability..

I think that was last week when I read an article about iPhone vulnerability. For all we know iPhone have a security feature like the security pass or something like that to prevent others from using your iPhone without your permission. Well guess what! Someone successfully cracks that shit.. LOL anyways, you need an Ubuntu 10.04 to be able to access the iPhone. Given a scenario that I found an iPhone somewhere and obviously it is not mine… When I checked the iPhone it has a security pass which compose of a 4 digit number for which the owner only knows. Well all I have to do is turn off the iPhone and plug it in my PC that is equip with Ubuntu 10.04. Open it again and presto! I can view all the pictures, videos, files, calendar, contacts etc of the iPhone with ease. Apple was already notified by the vulnerability and still no action is being file or release for the said incident.

By the way, this trick can be done in all iPhone version. Try it for fun. J

Change of management.

Last June 4, 2010 I was shocked to read an email coming from our new manager. I was surprised and excited to meet him but at the same time will be missing the manager that handled our team for the past 1 year 1/2. I’m thrilled to be joining the Engineering team because new faces and people to get to know and share jokes and ideas in the long run. Hope for a lot of challenges to face with them and good vibes with our new manager..

HUUUUURA!

Franco - For My Dearly Departed lyrics

When I woke up it seems
Like my world is caving in
I won’t break down this time
I’ll be fine

Let your love caress me
Like the tide embraces the sea
Let our soul connection
Bring me alive today

When insomia kicks in…

It’s been almost 5 days since I slept properly (properly meaning 7+hours of sleep)… My body wants to sleep but my mind doesn’t want to. Something’s bothering me and I don’t know why.. I want to drink some meds but my mom won’t let me to. Can someone help me with this. I’m pissed off with what I’m thinking everytime I close my eyes and my mind is starting to play around (not the green stuff you stupid peeps ) with some ideas that I myself is not possible.

Hope next week will be a great week after our company outing. I heard that the Wideout is going to sponsor 2 kegs of beer plus Sonny bought 1 750ml and 1 liter of Black label. I hope that’s enough to put me into sleep. I know that I’m nearing my end point where I would suffer from this but what can I do. This stupid mind keeps my adrenalin pumping.. arggggg

Another Atlas spoofing domain.

Please don’t try to visit the domain listed as it can cause damage to your pc.

Well, here’s another spoofing domain. 

rogloard .com/…..

• Recently created. (2010-05-18)
• Registrant’s location (US) differs from where the IP is located (Sweden).
• Atlas spoofing domain.

So please be cautious in visitin domains.

Sunday fun run…

I’ve decided not to go to the gym today and instead run/jog/walk here in our village. I’m starting to make it a weekly routine to run 8 laps for 30 minutes since I only finished 5 laps last week. I want to push myself to the limit. lol.. I miss that part where I have to jog for 1 hour going to NLEX when I was still an instructor under Sir Batario. Anyways, love the cool wind and my sweat won’t stop until now.. lol

Anyways, need to rest for work later this evening. I’m on the night shift from 12am to 9am.. Hope to do good tomorrow sa gym. Need to have a complete body work out since I didn’t go there for 2 days.

Have a great day/night ahead guys!

Hachiko: A Dog’s Story

This movie is the shit. I’m an animal lover especially with dogs and cats. Thanks to my Team Leader (Sonny Gulanes), he’s the one to blame for my teary eyes after the movie, the feeling and wanting to get an Akita.

In the movie they showed the loyalty of a dog to his master. As have said in the tagline that can be seen in imdb.com (http://www.imdb.com/title/tt1028532/) it displays the true story of faith, devotion and undying love which I felt after watching it. Hachi did make the entire animal lovers cry. I always suggest this movie to other people when looking for a new film to watch. Although I’m quite disappointed on how they changed the story to the original but what can I say it’s much better than the original. I don’t know… I’m still thinking, what if I watched first the original before I watched the US version…

Anyways, a little backgroud about Akita to enlighten up some of you who don’t know what they are. According to dogbreedinfo.com, Akitas have 2 kinds which is the Japanese Akita breed also known as Akita Inu and a separate breed for American standard Akita’s. A lot of differences can be seen with their weights and sizes, American standard have a black mask, where the original Akita Inu does not allow a black mask. Average life span would be 10-12 years and litter size can be from 3-12 puppies average would be 7 or 8. By the way, Akita has been declared a “National Treasure” in Japan and is believed to be a symbol of good health, prosperity and good fortune.

So if your planning to get one better have 18-25k here in the Philippines. I haven’t seen a Akita Inu here but still hoping that someone have one. J

tugstugstugs at Encore

As I have said to my previous blog, my date was canceled. First of all, she can’t make it because her uncle suffered from heart attack. Second, all of her relatives was in the hospital. Third, she don’t want to go to Makati and it’s my fault. I just want her to be happy although I know that she is pissed off because “makulit ako” or maybe got turned off when I introduce her to my friends and hear me say bad words or maybe got bored. I really miss her.. I don’t know what happen. I hope she can tell me… (sad)

Anyways, it’s my second time to go to Encore. Long lines but thanks to Michi and Junko we were able to go to asap with VIP status… We don’t have to wait to th line just to enter. Got pissed off by the way, I really need to get a liscense right away. I’m not used in commuting in The Fort. Roar! I’ll fix that after our company outing in isabela if I’m right. Drank 2 bottles of SML and danced, played and laughed with my friends. I miss the old times. 

Hays. Anyways, I need to sleep… I still have work tom by 12am and still need to go to the gym. Good night Guys, and Little Miss (that’s what I call her)…. 

Twitter malware campaign???

Since my date is canceled and I have my netbook with me I decided to check on some of my favorite blog sites. After reading a couple of pages there’s this certain topic that I got interested and I want to share it with you guys.

Well, it’s about twitter again having a malware attack if I can call it that way. Basically, it’s the same stuff like for example I’m using a fake account or a bogus one and I followed everyone and spam them with messages like “this is the shit!!! check this out guys.. http://stupidline.com/sdfghj”. The /sdfghj is a URL shorterning stuff that when you tried and visit in cmd you can see the real URL. These type of attack is very well known in the malvertising world where hackers and bad actors do. So be careful to what you visit and click over thet net. There’s a lot of bad guys that will try everything to get your personal information.

As for the solution for not getting infected. If you don’t want to use or load Java in your browser you can disable it in you browser.Making this kinds of attacks miss their attack.

togueno.com and pierran .com to be blacklisted..

Just a few hours ago, a group message was sent via DoubleClick groups. The domain in question is togueno .com which is said to be spreading malware through-out the net. Let’s see how can this be a possible threat. My initial findings can be seen below.

togueno .com

•  ”There was an error processing your request” message in WHOIS.
• Recently registered. (2010-05-18)
• Registrar is BIZCN .com whose name is familiar to any malvertising investigator.
• As well as the Swedish hosting. (No offense to Sweden but most malvertising is coming from  unlikely detail given the context.
• Reverse IP: Pierran .com
• Pierran .com same results.

And according to some people in Trend Micro that it is associated with crimeware (Rogue AV, et al.). So please refrain from visiting any ads that may point to it or going to those sites as well…

Malware and spam trends continue to grow

A new McAfee report uncovered that a USB worm has taken the No. 1 spot for top malware worldwide. Spam trends show that email subjects vary greatly from country to country with diploma spam out of China and other Asian countries on the rise. Earthquake news and other major 2010 events drive poisoned Web searches, and U.S.-based servers host the majority of new malicious URLs.

Threats on portable storage devices took the lead for the most popular malware. AutoRun related infections held the No. 1 and No. 3 spots due to the widespread adoption of removable devices, mainly USB drives. A variety of password-stealing Trojans rounded out the top five. Those include generic downloaders, unwanted programs and gaming software that collects statistics anonymously. Unlike past studies, the popularity of these threats ranked consistently worldwide.

While spam rates remain steady, their subjects vary considerably from country to country. One of this quarter’s biggest discoveries was that China, South Korea and Vietnam have the most significant diploma spam, which promotes the purchase of forged documents to establish qualifications for items such as jobs. Singapore, Hong Kong and Japan have exceptional rates for Delivery Status Notification spam indicating a possible issue with preventative mail-filtering capabilities.

” Thailand, Romania, the Philippines, India, Indonesia, Colombia, Chile and Brazil have a higher portion of malware infections and spam. These countries have experienced significant Internet growth over the past five years and are lagging in security awareness. “

Attackers are leveraging major news events to poison Internet searches. Haiti and Chile earthquake disasters led the list (No. 1 and No. 2, respectively). The Toyota recall, Apple iPad and NCAA March Madness followed. Referred to as search engine manipulation, cybercriminals continue to use analytics and page-ranking logic to exploit hottest search terms and drive traffic to malicious websites.

At 98 percent, the United States hosts the majority of new malicious URLs in Q1 2010. The massive share of new malicious URLs hosted in the U.S. is due to the location of many different Web 2.0 Services, most of which are provided with U.S. locations. Within the remaining 2 percent, China hosted 61 percent and Canada hosted 34 percent.

AutoRun worms got "smarter". ( eg. Autorun.inf )

Over time, users have become more careful when handling removable, external drives and devices such as iPods and other MP3 players, flash drives, USB sticks, digital cameras and frames, and others.

When it comes to removable drives, the biggest danger used to be the autostart procedure executed by Autorun.inf, but people learned their lesson and learned to disable AutoPlay or delete the malware in the device via command prompt then choosing the “Explore” option when they right-click on the drive.

But, malware authors aren’t easily deterred from finding ways to infect your computer, and they decided to use autorun.inf’s Action Key to make this happen. Action Key is one of the file’s parameters, and it defines the text that appears in the AutoPlay dialog:

 Options such as “Open folder to view files” or “Open folder to view files using Windows Explorer” that appear in the menu become triggers that make the malware execute each time the drive is open via Windows Explorer - as you can see in the AutoRun code of the worm:

 

Critical Facebook bug exposes sensitive information

Yet another Facebook privacy bug has been discovered - this time by M.J. Keith, a senior security analyst with AlertLogic.

The bug in question makes it possible for an attacker to access the account of a user and modify its content - if the user is duped into clicking on a link that leads to malicious Web site containing the Javascript code that exploits the cross-site request forgery flaw.

According to the security advisory released on Wednesday by AlertLogic, the bug was spotted last week, and Facebook has been notified of it immediately. Three days later the social network confirms it has fixed it, but additional testing executed yesterday by Keith show that the bug is still present.

IDG News reports that Keith had created a simple Web page containing an invisible iFrame, and when they clicked on the page while being logged into Facebook, they have automatically “liked” several pages.

When you think about it - “liking” pages you normally wouldn’t could be a big deal if your account is public and the pages in question are embarrassing enough to make your boss think about firing you or friends wondering if they really know you. The attacker reading and misusing you personal information and making that information public (if it isn’t) could also lead to a heap of trouble.

The KHOBE attack: Are all AV solutions vulnerable?

Dubbed an “8.0 earthquake for Windows desktop security software” by its creators, the KHOBE (Kernel Hook Bypassing Engine) or the argument-switch attack has been recently presented as a technique that can bypass most - if not all! - security software.

The following software is considered vulnerable:

• 3D EQSecure Professional Edition 4.2
• avast! Internet Security 5.0.462
• AVG Internet Security 9.0.791
• Avira Premium Security Suite 10.0.0.536
• BitDefender Total Security 2010 13.0.20.347
• Blink Professional 4.6.1
• CA Internet Security Suite Plus 2010 6.0.0.272
• Comodo Internet Security Free 4.0.138377.779
• DefenseWall Personal Firewall 3.00
• Dr.Web Security Space Pro 6.0.0.03100
• ESET Smart Security 4.2.35.3
• F-Secure Internet Security 2010 10.00 build 246
• G DATA TotalCare 2010
• Kaspersky Internet Security 2010 9.0.0.736
• KingSoft Personal Firewall 9 Plus 2009.05.07.70
• Malware Defender 2.6.0
• McAfee Total Protection 2010 10.0.580
• Norman Security Suite PRO 8.0
• Norton Internet Security 2010 17.5.0.127
• Online Armor Premium 4.0.0.35
• Online Solutions Security Suite 1.5.14905.0
• Outpost Security Suite Pro 6.7.3.3063.452.0726
• Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
• Panda Internet Security 2010 15.01.00
• PC Tools Firewall Plus 6.0.0.88
• PrivateFirewall 7.0.20.37
• Security Shield 2010 13.0.16.313
• Sophos Endpoint Security and Control 9.0.5
• ThreatFire 4.7.0.17
• Trend Micro Internet Security Pro 2010 17.50.1647.0000
• Vba32 Personal 3.12.12.4
• VIPRE Antivirus Premium 4.0.3272
• VirusBuster Internet Security Suite 3.2
• Webroot Internet Security Essentials 6.1.0.145
• ZoneAlarm Extreme Security 9.1.507.000
• probably other versions of above mentioned software
• possibly many other software products that use kernel hooks to implement security features.

As the researchers explain in their paper, the attack is so successful because the great majority of these solutions modify the user and kernel code and data structures. These modifications - colloquially dubbed hooks

According to The Register, the attack has its limitations: “It requires a large amount of code to be loaded onto the targeted machine, making it impractical for shellcode-based attacks or attacks that rely on speed and stealth. It can also be carried out only when an attacker already has the ability to run a binary on the targeted PC,” so there is no need to panic. Even if the attack is possible, it doesn’t mean it is likely. - are often poorly implemented and create holes in the system.