home - news - articles - forums - gallery - user reviews - store - about - login - links - teams
 
 
 Home > Hardware Articles [ Submit an Article
Mike's Corner: Michal Zalewski Interview
By: Michael Hoffman
Date: 6/13/2005		Views: 9706
 
Post a Comment | Receive Email Updates  

If you recall, I recently authored a book review published here at TechIMO. The book dealt with Internet security and some of the methods that are used by people with malicious intent. I had the opportunity to chat with Michal Zalewski, the author of Silence on the Wire. Sit back and enjoy a brief Q&A session with a security expert!

Q:  For a home computer network, is it really crucial for people to put up firewalls for maximum defense?

A:  Sadly, computer security is not easy, and it will likely stay this way for a couple of years. The only way to stay reasonably secure is to get a basic grasp of the risks and defenses. Buying a product won't achieve a lot if you don't care about patching your system, reading, understanding, and responding to security warnings, etc.

Once you know how to protect yourself, you should know the answer to that firewall question - and the answer differs, depending on how and where you use the computer, and how much time you are willing to spend on initial setup and occasional maintenance. Some people do exceptionally well without firewalls, while others get hit by worms, spyware and trojans despite having one.

Q:  Many people like to run something simple like Zone Alarm and a spyware removal program only. Is this enough?

A:  Well, if Zone Alarm is indeed enough for them, they would not need a spyware removal tool to start with, because such tools are meant to at least partly repair an already compromised system - and spyware such as CoolWebSearch often proves them ineffective.

Q:  I bank, pay bills, and use credit cards via the Internet. Your book states that my computer and the bank's computer establish an encryption protocol that is very difficult to break. How would a hacker go about breaking this encryption?

A:  Usually, he wouldn't bother. He'd exploit a flaw in your e-mail client, web client, or even simply trick you into running a specific program - then log your keystrokes or redirect your HTTP traffic.

An ambitious hacker who is specifically after you could use more sophisticated tricks, including attacking the SSL session itself. There are various types of such attacks: exploiting weaknesses in encryption algorithms themselves, protocol implementation, etc - but just to discuss them briefly, it would take another book or two.

Q:  Do you have any other books that are currently in the works?

A: No, not really. I have some tentative concepts and an offer from a publisher, but I have yet to make up my mind.

If you have any security questions for Mr. Zalewski, I would be happy to forward any questions to him for a future interview.

Console Wars

It is popular news that Sony, Microsoft, and Nintendo all have upcoming consoles under heavy promotion. It wasn't very difficult to hear spectators and media at E3 2005 talking about each of the different consoles.

Microsoft wants to try and overtake Sony and hopes an early release (before 2006) of the Xbox 360 will help do just that. A common complaint - not surprisingly by a lot of Sony fans - is Microsoft's latest console doesn't have any revolutionary technology. Since I am not here to try and convince someone why the Xbox 360 may or may not be a better console, I will only mention that I thought Call of Duty 2 looked and felt pretty good when I played it during E3.

The one thing that I am curious about is how Microsoft is going to try and successfully sell the Xbox 360 in Japan, where Sony and Nintendo obviously reign supreme.

The console that may surprise a lot of people is the Nintendo Revolution, though I am not sure whether that is a positive or negative aspect. Although Nintendo hasn't released what the technical specifications of the Revolution will be, it is already known that people shouldn't expect an overly powerful system. An aspect that excited people at E3 was the backwards compatibility support that will allow users to download any Nintendo game over the Internet. Those old school gamers that want to take on Super Mario Brothers again will be able to do so!

Additional coverage about the different consoles that consumers will continue drooling over: IGN's Xbox 360 pictures, some of the different Xbox 360 games featured at E3, GameSpot's PlayStation 3 coverage, and information about the Nintendo Revolution.

Final Thoughts

A quick reminder for everyone that TechIMO is having a contest for a NZXT Nemesis Elite Case. Check out this thread in the TechIMO forums for more details.

Also, I am curious to hear what you guys and gals have to say about the different next-generation gaming consoles. Feel free to also mention which one you are looking forward to the most and why. Your comments may even be featured in a future installment of Mike's Corner! Feel free to send me an email or private message anytime.

Author
Thread Post A Reply 
ted61
Member

Registered: 1/2003
Posts: 74

Reality is not very nice.

I guess my Zone Alarm is not all it is cracked up to be.

Rating: 5/5 
ted61 is offline 6-13-2005 10:37pm
Click Here to See the Profile for ted61 Click here to Send a Private Message Visit ted61 homepage! Find more posts by ted61 Add ted61 to your buddy list Edit/Delete Message
osprey4
Ultimate Member

Registered: 9/2001
Location: South Jersey
Posts: 8736

Six feet tall

Well done, Mike. Rating: 5/5 
osprey4 is offline 6-24-2005 1:05pm
Click Here to See the Profile for osprey4 Click here to Send a Private Message Visit osprey4 homepage! Find more posts by osprey4 Add osprey4 to your buddy list Edit/Delete Message
PresterJohn
the *Voice* in your Head

Registered: 11/2001
Location: NY
Posts: 4520

not impressed by that sample chapter 5.

much of it reads like an excerpt from a hardware bible and while the information is interesting, much of it has little relevance to the chapter title. basically, it just filler material to bump up the page count (to make the book appear "fuller" than it might ordinarily).

also, the section under Food For Thought where he talks about the possiblity of observing hard disk drive LED's combined with induced i/o activities as a way for a hacker to get information about your system is an *incredible* stretch of the imagination and totally absurd.

after reading that, i question anyone who would buy this book, sight unseen w/o actually checking it out in person in a bookstore.

PresterJohn is offline 7-5-2005 9:55am
Click Here to See the Profile for PresterJohn Click here to Send a Private Message Visit PresterJohn homepage! Find more posts by PresterJohn Add PresterJohn to your buddy list Edit/Delete Message
Mickwish
Swine flu stopper

Registered: 11/2001
Location: BrisVegas, Australia
Posts: 11238

PJ, my bro is in the IT security business, and he tells me governnments physically secure their PC's from prying eyes because LED sequences CAN be used to gain info about a systems activities, when coupled with other scans and stuff. He even said the screen emmissions can be picked up by scanners and decoded, so they shield monitors to prevent this.

Not your average hacker activity, more corporate and international spy stuff, but it's real.

Interesting interview, Mike, thanks for sharing.

Cheers Mick

 Rating: 4/5 
Mickwish is offline 1-2-2006 1:57am
Click Here to See the Profile for Mickwish Click here to Send a Private Message Visit Mickwish homepage! Find more posts by Mickwish Add Mickwish to your buddy list Edit/Delete Message

 
Contact Us | Privacy Policy | Terms of Use    Copyright 2009 All Enthusiast, Inc. All Rights Reserved