martes, 29 de abril de 2014

Do you trust US-CERT?


 I noticed one article on Reuters that saying "U.S., UK advise avoiding Internet Explorer until bug fixed" by Jim Finkle on April 28.



This article states:

"The Department of Homeland Security's U.S. Computer Emergency Readiness Team said in an advisory released on Monday that the vulnerability in versions 6 to 11 of Internet Explorer could lead to "the complete compromise" of an affected system."

So I checked it source on the "U.S. Computer Emergency Readiness Team" and find it that is was similar to what the article was talking about: 

"Microsoft Internet Explorer Use-After-Free Vulnerability Being Actively Exploited
Original release date: April 28, 2014


US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.


US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official
update is available.


For more details, please see VU#222929
This product is provided subject to this Notification and this Privacy & Use policy."

Source: U.S. Computer Emergency Readiness Team first release at Google Cache

The address "was" and "is" "http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being"



But today (April 29) I noticed that the "U.S. Computer Emergency Readiness Team" changed the page of the source making a different kind of statement with the same date (April 28) and without reference to the original one.

"Microsoft Internet Explorer Use-After-Free Vulnerability Guidance
Original release date: April 28, 2014


US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer. This vulnerability affects IE versions 6 through 11 and could allow unauthorized remote code execution.


US-CERT recommends that users and administrators review Microsoft Security Advisory 2963983 for mitigation actions and workarounds. Those who cannot follow Microsoft's recommendations, such as Windows XP users, may consider employing an alternate browser.


For more details, please see VU#222929.


This product is provided subject to this Notification and this Privacy & Use policy."

Source: Actual "U.S. Computer Emergency Readiness Team"
  
Just check the Google Cache against the actual article
UPDATE:  OOPS... the Google cache got updated. I only have the PDF I print from that page
 

What is the problem with this?

The problem is something we call "trust". The U.S. Computer Emergency Readiness Team can make mistakes, but they should not change their website like nothing happened, they should state that it had been a change of mind or that more research showed up different results.

It is possible that the US-CERT was over reacting saying "complete compromise" or "where possible and consider employing an alternative web browser". But to don't hurt their reputation they should write an update to that statement or page saying something like "After checking more documentation about this bug we can update this statement by saying... bla bla bla.", instead of trying to wipe in silence their mistakes.  (if it is a mistake).
  
Can the US-CERT be trusted?

 

jueves, 24 de abril de 2014

Nintendo Wii U and Nintendo 3DS. Some thoughts, some whishes.

Last Update: 2014-06-10



This is the things that I will like to be able to do with a Wii U and a Nintendo 3DS. Some may be called "too much fiction", but what the hell... this is my blog.

Here I list here in disorder the problems, issues and whishlist for this products. 

Wii U is Missing:

  • How do you what Videos and Photos that are stored in the SD Card? It is not as easy as it was on the Wii.
    Alternative: Using Plex

Nintendo 3DS and Wii U Integration

  • Use the Nintendo 3DS like a Wii U controller. 
  • Video Conference between Wii U and Nintendo 3DS by using the same "Wii U Chat"
  • Merge the Wii U friend contacts with 3DS contacts. 
    • 3DS still uses "number codes" and Wii U uses the Nintendo account name.
  • Having the 3DS "Notepad" application on Wii U will be a nice thing too.  
  • Unify more of the hardware of Wii U and 3DS (like adapter and other accessories).  
  • Imagine if you can see the up screen of the Nintendo 3DS on you TV, via de Wii U.

Strange Requests

  • Turn the Wii U in some kind of Chromecast.
    • Allow to select content from Android/iOS and send it for play to the Wii U.
    • or Allow to  select the content from Nintendo 3DS and send it for play to the Wii U. 
  • Nintendo should start developing iOS and Android application to complement the Wii U and 3DS experience.
    •  The $20 "Wii U Fit Meter" can be turned into a more powerfull application that runs in smartphones and that can be upgraded with more functionality.

Nintendo needs to change a little bit  his mind.

I remember that sometime ago Nintendo told that their focus is only video game and that that's why they never released a DVD player for the Wii. (plus they save some money on patents).

But that has to change. People wants to do as much as possible with the devices. Photo and video cameras sales dropped down to be replaced by a smartphone (ok, the Pro Cameras are still there).  The Internet change a lot of things like how games are being sold and acquire (ex: steam).  Indy game developers found alternative ways to distribute their games and new players showed up.

Nintendo is still based in secrecy and a close environment for game development. This has to change, they can keep all the secrecy on their development lab, but once the product a released to the public it need to adopted fast and to have as much of developers and games as possible.

The Nintendo Hardware needs to do as much as possible to complete with the rest of the home media entertainment. 

Nice to Have 1: A unified charger for Wii U Gamepad and Nintendo 3DS. 

I also noticed that the Wii U GamePad and Nintendo 3DS had different adapters with different plus (and different amperance)
Nintendo 3DS Adapter
Wii U Gamepad Adapter

So, the Wii U Gamepad cradle can not be compatible with the 3DS. (and also do not fit.. do not try that at home).

But what if with some engineering magic  the Wii U Gamepad and Nintendo 3DS can get a little resigned to be more compatible. It will show a more cohesive strategy inside Nintendo about their different products working together. 

Sure, it is not charging.. it does not work, but it will be a"nice to have"
Or what about going farther and unifying the cradle/charger for the Wii U Pro Controller, Wii Remote Plus, Nintendo 3DS and Wii Pro Controller? That will be too sick right? But it was in part already done by " Wii U Quad Dock Revolution Charger". 



Nice to Have 2: A common plaform for RFID toys (Amiibo).

I really liked that the "Amiibo" strategy for Nintendo will be open to all Nintendo Developers, and that the development done with "Amiibo" can be easily re-used on similar things on other platforms.



Otherwise we will have a device like the "Wii Speak" that never really took off. 

Nice to Have 3: The Return of the Wii Speak and the Ubisoft Motion Tracking camera. 

Maybe all Nintendo disagreed with me, but I think there is something interesting on having a "living room camera" connected to your console. Xbox has it (Kinect) and Playstation has it (PS Eye?).

I think that it is time for a return of this idea to the Wii U.


That takes me to "Nice to Have 4: The redesign of the Wii Sensor Bar.

Nice to Have 4: The redesign of the Wii Sensor Bar.

The Wii Sensor bar is so basic... or at least looks so basic, that it can be a good idea to redesign it and add more functionality about it.

Possible something like:
  • Including the Wii Speak functions
  • Including a Ubisoft Tracking Motion feature

viernes, 4 de abril de 2014

Metodología de Inducción.


Insisto en que "Persígnate y lánzate al ruedo" no es una metodología de entrenamiento e inducción para el personal nuevo. 

Sin embargo es la más usada. A la izquierda esta el cuadro ilustrativo de como iniciar en esta metodología.