Echo Binary

I’m not sick of spooky costumes, decorations or whatever, I’m just sick — as in ILL.

Last Sunday, I felt that my body was aching so much like I was battered or something to that effect. I was still able to watch “The Employee of the Month” with my girlfriend and eat Whooper at Burger King, but the next day, I suddenly felt feverish. I could not withstand the coldness in our office even if I have 3 layers of clothes. I tried to stay back but the chills penetrate in my bones and I could not tolerate my shivering anymore so I decided to go back home after lunch.

It seems that I have flu — fever, combined with colds, headache and sore throat. I don’t mind most of these except sore throat because I could not easily recover from sore throat. Most of the times, it will develop to tonsillitis which is even more problematic. What I don’t understand is when my mouth sore kicks in too. It’s worse now, but it is healing slowly.

Good thing, it was Ramadan last Tuesday and was a public holiday so I was able to rest the entire day. With the help of my medicines, I was able to slowly recover. I went to office from Wednesday to Friday with slight fever and colds. It’s not fun but I need to work since I don’t believe that I could get any better lying in bed.

If I could have just taken multivitamins more often, I’m probably more resistant to flu and other common virus. Well, lesson learned. I should not let stress and fatigue trouble my work and life. Sa panahon ngayon, bawal ang magkasakit.

I joined the Security Interest Group in our workplace and one of my quest is to make it as my secondary job since I’m interested in security-related programs, vulnerability assessment and protection.

One of my concern right now is how to find relevant information to prove that the improper use of a typical USB flash disk (thumb drive) is a security threat to our workplace. Then I stumbled upon the Hak .5 video podcast episode 2×03 regarding USB Hacksaw:

The USB Hacksaw is an evolution of the popular USB Switchblade that uses a modified version of USBDumper, Blat, Stunnel, and Gmail to automatically infect Windows PCs with a payload that will retrieve documents from USB drives plugged into the target machine and securely transmit them to an email account.

Sounds cool and dangerous.

I tried the proof of concept and I wasn’t able to get the expected result because one of the program was detected as trojan. I am using a corporate anti-virus during my test. If you are not using an updated anti-virus, good luck.

The USB switchblade is supposed to silently steal information from a victim PC with Windows 2000, XP or 2003 OS while a USB hacksaw is supposed to copy files of the unsuspecting user of your PC. The switchblade can be defeated by disabling the autorun option in Windows and using an updated anti-virus. However it is not guaranteed that this precautionary measure will really help the victim. At this moment, the password recovery tool is yet to be encrypted. Using anti-virus disabler can also enable the switchblade do its job unsuspectedly. The thing is, with USB Hacksaw, the hacker (host PC) may have overriden his or her anti-virus program so that the stealthy program does its job copying the whole content of the victim’s USB.

When you read things like this, you will now have second thoughts on plugging in someone’s else thumb drive in your PC or laptop or using your thumb drive in someone’s else PC or laptop. There are some flash disks with password protection and encryption but I doubt that it will be useful at all. So the next time you use flash disk, handle it with care because it is regarded as a security threat.

Links:
Hak .5 Wiki - USB Hacksaw

Typhoon Milenyon, also known internationally as Xangsane, have brought Metro Manila, including nearby provinces, down to its knees. Many people have suffered the onslaught of Milenyo due to its unexpected strength. Many were caught by surprise as the strong wind surge Milenyo brought torn down many billboards, uprooted countless trees and even overturned trucks. The damage was so devastating that even I could not believe my own eyes.

I had witnessed super Typhoon Rosing 11 years ago and Milenyo is not really that strong compared to it, yet, Milenyo managed to cause wide scale damage comparable to Rosing not only in Metro Manila but also in the provinces that Milenyo passed by.

I have counted the battered billboards from Alabang to Makati via SLEX. Along the west service road, I counted 15 and 8 along east service road. Most billboards were twisted, mangled and toppled like scrap metals ready for junk shop. It is disturbing how these billboards caused structural damages to the nearby buildings and houses. Some houses were flattened while the stronger buildings survived. The sight of the billboard which used to advertise Pancake house in the middle of Skyway-EDSA-Magallanes is just stunning — in a dreadful way. Everytime I look at it, I get chills down my spine. Most of the big trees in Filinvest Alabang seemed to be cut down to serve as firewood. It’s a pity that many trees didn’t survive Milenyo. It’s also NOT typical to see flying corrugated iron roof in our place but I saw several taking off from our neighbor’s house.

Apart from its immediate effect such as suspension of classes and work, cancellation of flight and sea travel, Milenyo also caused blackout in Luzon. Fallen trees, posts and billboards contributed much of the power disruption. Our area was unlucky because we didn’t have electricity for 4 whole days. It was a torture and test of patience.

Some lessons and revelations that I learned from Milenyo:

1. Huge billboards along the road or near buildings are VERY dangerous especially with the tarpaulin or canvass on it.
2. Having a fully-charged cellphone and spare battery helps a lot in times of calamity
3. Battery-powered radios are cool
4. My office is my second home. Thanks to the generator.
5. Scrabble is the best family game to waste your time on
6. My PC is useless without electricity (duh!)
7. Without electricity, I go to bed 3 to 5 hours earlier

Yesterday was my graduation march and it is one of the most special day for my parents. All their sweat and tears didn’t go to waste after all. Now I need to return the favor to my parents. I graduated with honors! Oh, really?! I won’t elaborate much about it. I’m just happy to get one. Btw, the keynote speech was really inspiring. It removed my doubt as a fresh graduate. Age is all the advantage I have right now; being young means I can do more things to improve myself and there will always be room for improvement.

Today, I officially entered the workforce — my first job. I attended the orientation, mingled with other new hires, chatted with complete strangers in the office and listened intently to my superiors. I know it will be hard to shine because I am surrounded by talented people — it is a challenge to work harder. All employees are members of one big family. My boss actually feels like a big sister to me and my team mates are about my age. We are like brothers. The true competition here is among me, myself and I.

As quoted in the keynote speech yesterday, Today’s excellence is tomorrow’s mediocrity. Very true.

I realized that there are so many things in the IT industry that are intentionally left in gray areas. That includes list of clients, systems infrastructure, softwares, and other technologies. That’s not new. Everyone who have taken economics 101 should know that trade secrets are very important to have an edge to competitors and protect the company from prying eyes. It’s also discussed in professional ethics. However, having just exposed myself to the real working environment, I just realized how serious IT companies are in hiding secrets. I’m talking about IT companies in the Philippines in general but this should apply to all companies.

One thing that strikes me is the 10 things that companies should be monitoring in the web as suggested by Pronet Advertising. What disturbs me are #6, #7 and #8 in the list. Others are pretty obvious. This should be a warning to all employees out there who leak information about their company’s secrets carelessly.

Pronet mentioned about the industry “hang outs” which includes blogs, message boards and review sites. Be aware that popular message boards like pinoyexchange.com, tipidpc.com and MMORPG forums are most probably included in A-list of industry hang-outs in the Philippines.

Employee blogs are probably monitored by employers as well. If you are not aware, some people are sued because of what they type in their blogs. Scary? Not really. Just be sure to double check that all your statements are not libelous. If you want to be extra careful, do not even mention anything work-related in your blog at all especially if it is too sensitive to be published in web, let alone in your personal blog. IMHO, these things are better left in your conventional [paper] diary, not blog.

Social network is both a blessing and a curse. For instance, any member of friendster.com and myspace.com could easily search members of the entire social network. Companies can easily track your profile and conversations with other people. When you leave comments to other people’s blog you sometime leave a link to your personal blog. That’s aweful if the company can aggregate these information and found out that you are leaking out company secrets that are not meant to be revealed. Call me paranoid but these are all possible.

If there’s anything you can do to totally conceal your identity in the internet, then do not create a personal blog to hide yourself in the obscurity. Do not reveal your name easily. Do not give out personal information in the public. Plain and simple. I can continue discussing the probability that some companies are monitoring their employees’ activities but there are so many things you can do in the internet that these companies are probably not aware of your activities yet. However, they may find out your blunder in the end and you might lose your job.

You can argue that these are all invasion of privacy. However, the moment you use the internet, privacy becomes a gray matter as well. To avoid any repercussions, be discreet and professional in the web. Know your limitation and use your knowledge wisely.