Below are the 20 most recent journal entries recorded in PrinceCharlesMing's LiveJournal:

[ << Previous 20 ]

Sunday, February 3rd, 2008
12:50 pm	Club WhyNot Tribute Mix hi all, for those who may be interested, i've done up a mix featuring some of the distinctively familiar whynot tunes and i'm sharing it with all. for tracklist and streaming, go to http://sillypore.com/diary/?page_id=1007 gong xi fa cai everyone! huat huat huat! (1 Comment |Comment on this)
Thursday, June 21st, 2007
9:56 am	SAIC-OSM Alert: Hackers compromise 10k sites, launch 'phenomenal' attack: I am sending out an advisory alert to ensure your AV signatures are updated. --- Hackers compromise 10k sites, launch 'phenomenal' attack The large-scale attack is based on the multiexploit hacker kit dubbed 'Mpack' --- What happens is, sites from Europe have been compromised, and the infections are spreading. Legit websites are the ones hit, and it has not been determined how these sites are compromised. What can happen is, you surf onto a website, could be any popular website that has the malicious code injected into an iFrame. Your browser is then instructed to download a file. Eventually keyloggers get installed and if infected, whatever you type, gets recorded and sent to the attacker. Who are these people, we do not know yet. For Symantec users who are up to date, this is detected as Trojan.Mpkit!html and Downloader. (1 Comment |Comment on this)
Thursday, April 19th, 2007
4:54 pm	***Urgent*** New job opportunity : Infocomm Security Officer New Job Opportunity : Infocomm Security Officer Scope of work: * Lead team of security analysts to perform day-to-day security monitoring for the region * Monitors for potential security exposure, violations of security, policies and procedures, breaches of information security measures, and reports all significant discoveries to security management * In tune with all the new IT security developments and problems(issues) * Conduct system and network security parameters' reviews * Conduct vulnerability scannings within the asia region * Liaise with different service delivery teams Requirements * A strong technical team leader * Must be customer focused with good interpersonal skills * At least 3 years’ relevant working experience in a Data Centre or Enterprise LAN environment and possess fundamental network concepts. * Good working knowledge of risk management principles and network infrastructure security technologies such as system and database hardening, anti-virus, proxies, IDS/IPS, firewall, VPN and monitoring of logs. * A good degree in IT or related majors * Professional security certification such as CISSP, CISA advantageous but not a must. * Able to work diligently, independently and resiliently when under pressure Do drop me a mail if you have any queries or if you are interested in the position: contact *at* sillypore.com Do spread this around if you know of anyone who may be interested, thanks! (Comment on this)
Wednesday, April 18th, 2007
12:09 am	Any gay djs looking out for a good break? Not gay, but cute, and can pass off as a gay can do also. No kidding. Got someone looking for a successor. Drop me a note! (Comment on this)
Thursday, April 12th, 2007
12:44 pm	Illegal System DLL Relocation Some of you may be facing the following error when you logon to your computer after the latest round of patching done by microsoft: application_executable_name - Illegal System DLL Relocation The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL. There are patches to fix the problem, please go to http://support.microsoft.com/kb/925902 Note: The above could be the result of the .ANI animated cursor patch done last week. (4 Comments |Comment on this)
Saturday, April 7th, 2007
6:10 pm	I've been tagged! Although I still have no idea what this means but I am supposed to post 6 weird stuff about myself. I shall try and see what I can come up with. There were weird incidents but it seems this is on personality so here goes: 1. I am an extremist. Contradiction must have been my middle name. I swing both ways literally. I don't like to watch movies alone nor eat alone (getting used to this though) but I like traveling on buses, going to work and stuff alone. I like to be lost in my world of music, or just have sometime to sort out my thoughts. Generally, my own personal private time which I find disturbance an annoyance. But I do not like to roam around outdoors alone without any purpose. 2. I developed a liking for sweet carbonated soft drinks only in BMT. I guess it was such a treat to have a nice cold can of pepsi after a 'shiong' session that it is seen as something that makes me happier when needed. Sugar rush maybe! 3. My work involves looking at monitors all the time but when I come home I am either on the comp or watching TV. Screen-staring do not appear to bore me and everyone seems to wonder how it is so. *shrug* 4. I am attracted to scents, not looks. My sense of smell is greater than my ability to see. 5. I am hairy in some places but bald in others. Try not to go too much into this :P 6. My preference in music is rather selective. I do house, but do not like R&B/Trance/Hip-Hop one bit. That includes the 'screaming' I hear on the dreamgirls soundtrack. But I'll do Freemasons, certain remixes, Antoine Clamaran, Hed Kandi and MOS compilations of different remixes. Did I mention freemasons yet? (2 Comments |Comment on this)
Monday, April 2nd, 2007
7:22 pm	Standby allowance calculations Hi all, My colleagues and I are working on a standby allowance and if you do have one too or you are familiar of different models, please share! There is a requirement to be on standby. Let us set aside the cost needed for activation, just the cost for being on standby after office hours. My calculation is in terms of hours, while my colleague goes by a fixed amount so the more models we have the more we can propose. Hours wise, it will be 16 hours per weekday (covering 6pm-9am the next day), and 24 hours weekends and public holidays. I am looking at doubling the rate for weekends, hence for a Saturday for example, it will be 48 hours. So for 1 week of standby duty, 16*5 + 48 +48 = 176 hours. If we ask for $5 for an hour, one week will be $880. Is this figure reasonable? Pls do share of various models if you know, thanks! (2 Comments |Comment on this)
10:11 am	Exploit code in the wild - Animated cursor vulnerability I walked into the office and was faced with yellow threat alerts from security websites, due to a exploit code being released in public. This means everyone can have the code and use it to compromise systems, while Microsoft is still working on a patch. So this means the scale of attacks can be quite massive. This threat exploits a vulnerability in the animated cursor in windows system. For those of you who got a Mac based on my recommendation, good for you. But don't be too happy cause they have been exploited actively in the past 2 months. I don't really talk much about vulnerabilities on the Mac cause it doesn't apply at my work place so I don't keep an eye on it that much. Other than the fact that a couple months ago, someone posted a vulnerability in the Mac everyday for the whole month. So that is quite a lot and he did it because Mac wasn't acting on his emails reporting the vulnerabilities. And now he is facing a lawsuit by Mac, last I know. Dumb. Anyway, back to Animated Cursors. Animated cursors are a feature that allows a series of frames, one after another, to appear at the mouse pointer location instead of a single image, thus producing a short loop of animation. The Animated Cursors feature is designated by the .ani suffix.An attacker could try to exploit the vulnerability by creating a specially crafted web page. An attacker could also create a specially-crafted email message and send it to an affected system. Upon viewing a web page, previewing or reading a specially crafted message, or opening a specially crafted email attachment the attacker could cause the affected system to execute code. While animated cursors typically are associated with the .ani file extension, a successful attack is not constrained by this file type. What I see is in the wild, they are renaming .ani files to .jpeg and other extentions, so blocking out .ani is not going to work anymore. The threat is caused by insufficient format validation prior to rendering cursors, animated cursors, and icons. An Animated cursor is that little mouse cursor thing you see when you move your mouse. That is an .ani file. Some people may like their own custom made cursor. Even the hourglass that turns repeatedly when your system is working on something and is asking you to wait, is all done in .ANI format. I have a list of websites that are known to be exploiting this code but I won't put them out here. Tips: - Do not access unknown websites for now. In particular, websites that look like the real thing, eg microfsot.com. - Remember what I said a long time ago? Do not click on links in emails. For the above exploit, this is yet another way this is being spread. - Keep all your AV signatures and patches up to date as far as possible. This is probably the one and only thing that will protect you as a home user. No one knows which website is next, or if they come up with a new way to exploit. - Reading email in plaintext does NOT work as outlook/OE will still parse the ANI (or any file/extention it has been renamed to) and hit the exploit. - Last known, firefox 2.0 is not vulnerable, neither are XP SP0 and SP1. But don't count on it. The exploit works on : Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 for Itanium-based Systems Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Windows Vista While NT and below are not listed as they are no longer supported, do not assume they are not vulnerable. It has been reported that users of Internet Explorer 7 with Protection Mode are protected from active exploitation. Here is what happens: - You click on an email link/surf onto the 'wrong' website. - The .ani exploit is done silently, ie you won't even know. - It attempts to download an executable, WINCF.EXE For some, you get infected with a trojan, as detected by AV software. For others, dropping the malicious .ANI file will cause a DoS or a reboot(crash restart) loop (system crash), but this won't happen to most as their attacks will usually come via a web browser. By the way, it runs on whatever privilege access you are on. This could be administrator access, which will violate Confidentiality, Intgrity and Availability (CIA violation, for those in the industry) completely. (2 Comments |Comment on this)
Friday, March 23rd, 2007
9:31 am	Dog up for adoption Guys, an ex army colleague of mine has a dog that is up for adoption. He just sent me pictures but I can't put them up now cause I am in the office. From the pictures it looks like a rottweiler, like Diesel, the dog I had. Male, 4 months old. If you do have the intention to adopt or know anyone who is capable of taking care of dogs, do drop me a note and I'll refer you accordingly. For those reading this on my blog, I will try and put up the pictures on live journal and provide the link when I am home. In case I forget, do remind me please. Cheers. (Comment on this)
Friday, March 2nd, 2007
9:42 am	Advertisements galore Are you unhappy? Have you thought that no matter what you do, you could never get everything you wanted? Is it our lifestyle in question? Specifically, have you noticed how we have been subjected to advertisement from our craddle to our grave? Since young, we have been bombarded from birth with advertisements and inducements to spend. Remember when we were young and we watched cartoons and during commercials there is bound to be some on action toy figures that are sold in departmental stores. "Batteries not included". I remember that tag line that came with most commercials I saw. Enticing the young so that they will bother their parents to spend. As if that is not enough, this goes on and on forever. The Lee Hwa or Soo Kee diamond commercials etc.. the list just goes on. And this I see, is partly responsible (if not all) for our attitudes of today and ultimate unhappiness. You can't have everything, and we can never buy enough to satisfy the advertisers. But the thing is, true happiness doesn't come from owning that piece of diamond ring, or that flashy iPod. I read somewhere that one of the central tenets of Buddhism is that happiness is achieved by conquering desire. That is what we should be advocating to the young. Dont' blame and berate YouTube for the problems they have nothing to do with. (Comment on this)
Monday, February 26th, 2007
12:14 pm	Beep beep Anyone has any recommendation for a good driving instructor that satisfies the following condition please? : 1. Provides 3A training 2. Training centre at SSDC Thx! (Comment on this)
Saturday, February 17th, 2007
2:51 pm	i read this on darkbeat's posting and thought it reflected him rather accurately. so i did one myself. i think it is fairly accurate too. try it. :) The Keys to Your Heart You are attracted to obedience and warmth. In love, you feel the most alive when things are straight-forward, and you're told that you're loved. You'd like to your lover to think you are loyal and faithful... that you'll never change. You would be forced to break up with someone who was emotional, moody, and difficult to please. Your ideal relationship is open. Both of you can talk about everything... no secrets. Your risk of cheating is zero. You care about society and morality. You would never break a commitment. You think of marriage as something precious. You'll treasure marriage and treat it as sacred. In this moment, you think of love as commitment. Love only works when both people are totally devoted. What Are The Keys To Your Heart? (1 Comment |Comment on this)
Saturday, February 10th, 2007
7:31 pm	Financial advisors wanted I wanna buy investment policies. CPF, $$, whatever. Options all open. I wanna look at what's a good fish to buy these days. Any advisors to come forward, or to recommend? (1 Comment |Comment on this)
Sunday, January 28th, 2007
12:50 pm	Tattoo removal Asking for a friend, if there are any government hospitals or clinics that deal with removal that can be paid partially or in whole through medisave? Private doctors quoted around 700 to remove a tattoo on the neck (person wants to return to school but must have the tattoo removed first) but we're wondering if anyone has some recommendations that is cheaper? Thanks! (3 Comments |Comment on this)
Friday, January 12th, 2007
11:15 pm	artiste and title query Hey anyone knows of this song done quite a while back, 80s or 90s I think. Male artiste. I remember it used to be on class 95. Someone was asking me for it too, and I know the song but I fuckin can't remember the artiste and title.. :( If anyone can trigger something i'll be grateful! :P Here's a portion of it: “What about love, What about hope, What about trust, What about us..” There are extra lines in between but I wonder if those lines above is enough to trigger the tune in someone who knows the song maybe. Thx! (12 Comments |Comment on this)
11:10 pm	Birthday parties for kids! Hey just wondering, has anyone organised/attended a birthday party for a kid outdoors? Any recommendation of venues anyhow? Asking for a colleague. :P (1 Comment |Comment on this)
Monday, December 18th, 2006
1:00 pm	On the twelfth day of Christmas, ditchdog sent to me... Twelve darkbeats drumming Eleven joejuniors piping Ten nikeworths a-leaping Nine piglet_2005s dancing Eight playbens a-milking Seven juzzywuzzys a-swimming Six jesterjims a-networking Five sha-a-a-ayans Four lunarlevs Three baisuzhens Two bimbajims ...and an ai in a computer security. Get your own Twelve Days: (3 Comments |Comment on this)
Friday, December 8th, 2006
10:22 am	Housing experts anyone? Helo helo. Merry Christmas in advanced! Just wondering, is there anyone familiar with rules/policies etc when it comes to purchasing a resale flat/apartment under HDB or otherwise? HDB and CPF has so many schemes and grants and rules and policies that I am confused. I hear anyone can apply for a flat with a parent as joint owner but I don't know if it applies to resale. Questions like that. Please help if you do know! Thanks! :P (5 Comments |Comment on this)
Tuesday, November 21st, 2006
10:01 am	The thing about wireless networks There has been recent talks about the youngster who got charged for leeching on someone's network. And so many of us will now follow what ST recommends. ie disable SSID broadcast, encrypting WEP etc. Allow me to share some information with you based on my knowledge and expertise in terms of networking and network security. To me what is really important when you are using your laptop in an open wireless environment is to link up with the right Access Point (AP). With Singapore going wireless island wide, I forsee a problem in the near future. I am sure the technical people behind the wireless experts will do what they can but we as end users need to be aware of the problems too. I will try to put it as layman as I can. So you go to Macdonalds, turn on the wireless device and allow it to roam for available networks. And you see one network that is unsecure. Free internet! WOW! Not so wow after all. Someone (like me) who has malicious intentions can set up what we term as, a rouge Access Point. It entices people to connect to me cause perhaps, I am the only one offering internet access without the need for a password. And Microsoft allows the system to connect to it automatically unless you disable the feature (it is enabled by default). What happens is, all your internet traffic will go through my access point (which eventually means I have access to all the information that you upload and download onto the web). So you go into Live journal, key in your username and ID and guess who has the password now? You think your internet bank has good encryption when it comes to passwords? It sure does. But I can do something that will install a keylogger into your system, with or without your knowledge. What a keylogger does is that it logs everything you type. So when I view my logs and I see entries such as: www.dbs.com.sg princecharlesming abc123 It doesn't take a genius to realise what the 3 fields would mean. So in a way the banks issuing tokens are a good idea. But most people use the same password across the board. How many of you actually change your passwords every 3 months, or have different passwords for each account you log into online? Not many I would say. What are the odds that the same user id and password will work on say, live journal? Pretty good. And so I go into live journal, try out the passwords and whola! It works! Guess what sort of entry I would love to type in your name? Potentially the ones that will land you in jail for quite a while. The authorities may come to get me eventually after a long investigation (if I werent' careful in clearing my tracks) but do you really wanna be arrested and go through court sessions to clear your name when you did nothing? So that's one part of it. Be careful when you are out on a public wireless internet. Be VERY careful. As for home networks, enabling MAC address filtering is a good way to keep unauthorised people out. But you need to know what you are doing or you may lock yourself out. What is a MAC address? It is like the NRIC of your network card. The address is set by the manufacturer and is unique. How do you get the MAC address? Open up your command prompt and type "cmd" When the command prompt is up, type "ipconfig /all" (Please ignore the "" when doing the actual input). You shoud see something like : Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. H:\>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : xxx Primary Dns Suffix . . . . . . . : xxx Node Type . . . . . . . . . . . . : xxx IP Routing Enabled. . . . . . . . : xx WINS Proxy Enabled. . . . . . . . : xx DNS Suffix Search List. . . . . . : xxx xx xxx Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/100 VM Network Connecti on #2 Physical Address. . . . . . . . . : 00-08-02-7D-55-0E Dhcp Enabled. . . . . . . . . . . : xx IP Address. . . . . . . . . . . . : xx Subnet Mask . . . . . . . . . . . : xx Default Gateway . . . . . . . . . : xx DNS Servers . . . . . . . . . . . : xx xx I have put in xxx for the details that I need to hide (for security reasons) and details that don't matter anyway. Look at the Physical Address field. That is your MAC address. When you are in your router configuration (please follow the instructions in the manual that you get when you purchase your wireless router), look for the place that enables MAC filtering and key in that address into the field provided. Don't forget to save. BE VERY CAREFUL not to key incorrectly. The consequence is that you will lose your connection to that router. A After enabling MAC filtering, what this means is, only the machine with the MAC address listed will be allowed through. Let's go through some scenarios : 1. If you change your wireless network card, will your connection still work? NO. You will need to go through the same process above again. 2. If you take out the wireless card and put it into another machine (say your friend's laptop who is visiting), will it work on his/her? YES. Remember the setting is tied to that hardware, not anything else. Some other pointers: 1. Please change your default password as soon as you can. I cannot stress this enough. 2. Set your SSID to something else other than the default setting. Hmm I have mixed feelings when it comes to this. The way I see it, what it does is, it stops genuine novice users from connecting easily (your parents/brother who wants to use the network at home for the first time may have problems). As an intruder or the technically trained, they will know there is a point some where. They will have problems finding out where when they do a scan BUT it won't take more than 2 or 3 seconds on normal occasions to find the same SSID (even if you encrypt it) in clear text. You can encrypt your SSID, but if your network is in use and there is a lot of traffic going in and out, I will be able to see that same encrypted SSID in mere seconds. I don't really need tools for that. It is just the way the network functions. I won't go into the technical aspects, but just be aware that it can be done. For those who wanna go deeper in this, I am willng to. That's all for now! Have a jolly Christmas this season! Meantime, as what someone would say, Be Good. Else, be safe. :) (Comment on this)
Thursday, November 16th, 2006
12:32 pm	Mail from SAFE Singapore Got this in my email today. SAFE Singapore has talks/emails etc for PLUs and their parents alike. For those who intend to 'come out' or have issues with their sexuality, this is a good contact to have. I got this from the ST a few months ago. Check them out at your own time. Meantime this is the email : Dear Friends SAFE Singapore has sent out the following Statement to our Press and Media contacts in Singapore. The Government has asked for public feedback on the proposed changes to the Penal Code and it would be very helpful if you could write in to the feedback unit, identifying yourself as a straight ally, at this link http://www.reach.gov.sg/olcp/asp/ocp/ocp01d1.asp?id=3683 Thank you one and all for your continued encouragement and support! ------------------ 13 Nov 2006 To The Press We are a group of parents, families and friends of lesbian and gay people who believe in a society that accepts, affirms and empowers everyone to participate fully in it regardless of gender identity or sexual orientation. We write to voice our opposition to the proposed changes to the Penal Code and in particular to the retention of s.377A which criminalizes male same-sex acts even if conducted in private. The Ministry of Home Affairs has come public to say they will "not be proactive in enforcing the section against adult males engaging in consensual sex with each other in private." Why then have a law if it is not going to be enforced? Is it not illogical and a self-contradiction to have a law on the statute books and not enforce it? It appears that the government wants to have its cake and eat it too -- employing gay people in civil service, welcoming foreign talent even if they might be gay and benefiting from the contributions of intelligent & creative gay brains while not doing anything at all to protect these same gay people's human rights. Are we to remain on the surface, according to MHA, "by and large, a conservative society (where) many do not tolerate homosexuality, and consider such acts abhorrent and deviant" while covertly wooing the gay community's pink dollar and creative talents? As friends and families of gay people, we are strongly against any law that makes the people we love and respect -- our adult gay sons, brothers, grandsons, nephews and friends, "criminals" simply by what they do in private with another consenting adult. Do we have an agenda? Yes indeed. Our agenda is to strive for a society based on justice and equality, respect for individual dignity and opposed to bigotry, homophobia or any other form of hatred and discrimination. Ms Khoo Hoon Eng S2582275G Ms Susan Yap Siu Sen S2538443A Ms Tan Joo Hymn S6946231F Ms Ong Su-Chzeng S2690608C SAFE Supporting, AFfirming and Empowering Our lgbtQ friends and family ---- By the way I wanna get new memory for my comp. A new mouse too. I like the optical usb Microsoft mouse. Should I just get them all from Sim Lim? I am a bit worried about getting the wrong memory though. How do I check to ensure I get the right one at the right speed? I am lousy at PC hardware... help! (1 Comment |Comment on this)