Another “Skype”? – Gizmo Project

September 27, 2005

do you use Gizmo? or do you have the experience to use it ever?

according to Scott Granneman, at his article at, Gizmo seems a skype-killer, a real alternative to skype, just like what Yahoo comments.

how about your view point and experience? share with me, with us?


Age of Empires III will release at 10/18

September 27, 2005

Age of Empires III will release at Oct.18. See Age of Empires 3

Age 3 has gone gold and is on target for release 10/18 as previously announced. The gold version was release candidate #5 (RC5) and build 3,236 in the history of the game’s development. It was officially submitted by Producer David Rippy around 5 PM on Thursday, September 22 (one day ahead of schedule) after consultation with our Redmond Test Lead Fred Norton, and the Age 3 leads here in Dallas.


Security management deeply involved into enterprise infrastructure management (cont’)

September 27, 2005

Cont’ to Security management deeply involved into enterprise infrastructure managementNetwork SLA

See the above diagram which is excerpted from At least in China, the billing policy of telco companies often choose a coarse-grained top-price, such as 120RMB(about 14$) per month. Under such a price, the bandwidth users can do anything they like, e.g downloading sea-volume vedio files with BT, eMule, and etc. According to many statistics, traffic from such P2P-based file sharing eats-up about more than 70 percent of the total bandwidth of MANs, and might be even more at night.

So for a bandwidth access service provider, in order to increase its ARPU and better the network efficiency, it must find ways to categarize their traffic, such as non-P2P and P2P, and bill differently.

In other side, the traffic categarization helps defense the Denial of Service (DoS) attack to its network infrastructure.

Security SNR of A SIM System

September 27, 2005

Cont’ to Security SNR

What’s the Security SNR of a Security Information Managment(SIM) system or process?


我 们知道,信噪比是信号量强度与噪声强度之比。那么什么是安全信号量强度,什么是安全噪声强度呢? 信号与噪声取决于该事件是否对安全管理员有用,有用即信号,无用即噪声。但是没有绝对的有用,也没有绝对的无用。绝对意义上来说,任何一个安全事件或IT 事件都有一定的含义。所以,这里我们提出一个概念,即相对于安全管理员的注意力(精力)和安全管理的资源来说,管理员有条件分派注意力(精力)去有效处理 的事件就是信号,无法引起管理员注意的事件是噪声。

参照上次的贴图,安全信息管理系统(SIM) 的作用就是将海量安全事件从一样的形态(管理员无法区分并注意任意个)区分开来,将其中的某一些的特定属性升高,以通知管理员该事件的特殊性。这样的事件的数量应该以安全管理员和安全管理小组能够有效处理为限度。


Search for my blog through Google

September 27, 2005

It’s a surprise and exciting morning for me to see this blog’s link appearing at the google search output pages. When you seach the following key words at google, you will find my blog’s link at the top positions:

telecom, security, p2p, SNR, and etc.

But, currently we can not search out my blog through Baidu. 😦

All in all, welcome more friends come to my blog and leave me your comments. Let’s share and grow together.

A good article on IM/P2P security

September 27, 2005

By accident, I found a good article on PC Magzine

Divulging company secrets is only one of the serious threats posed by IM and P2P applications. Both provide new entry points to your network for intrusions, data theft, denial-of-service attacks, viruses, and worms. In fact, security vendor Symantec reported in one of its biannual Internet Security Threat Reports that the number of attacks over IM and P2P systems quadrupled from January to June 2003. Both applications are adept at bypassing firewalls using port-scanning and tunneling techniques. And none of the popular IM clients offers strong authentication or encryption, so they are vulnerable to account hijacking and eavesdropping for valuable or damaging company information divulged by unwitting employees.

Then there are the bandwidth issues. Since each P2P node is acting as both a client and a server, your precious network bandwidth may be devoured not only by your internal P2P and IM users but also by P2P users all over the planet downloading songs from your users’ shared directories.

And don’t forget the legal issues. The Recording Industry Association of America (RIAA) has repeatedly warned Fortune 1000 companies that they could be liable for employees that break copyright laws by using their networks to download, store, or distribute music or movies illegally. In fact, the RIAA sued one Arizona-based software company in 2002, resulting in a settlement of $1 million. Companies that don’t prevent downloading of pornographic material risk hostile-workplace lawsuits and negative publicity.