Extremely dissatisfied: 29.6%
Your score shows that you are extremely unhappy with your current life. Have you been through a tough time recently, such as the death of a loved one or a divorce? If so, this could explain your unhappiness. Otherwise, you might want to reassess your priorities in life. Are you being too harsh on yourself, always striving for maximum success yet often thinking that you're never good enough?
Yes, reaching life goals is important, but to be truly happy, you need to be at peace with yourself. It's important to set realistic goals: An office worker who is saving up to get a new TV will be more satisfied than a millionaire who wants to own a private jet, simply because the object of desire is achievable in the former case.
If you're not contented with your life, you'll never be happy. Try to have a more positive outlook on life, spend more time with your loved ones. It may also help to see a counsellor, a psychologist or a member of the clergy.
Happiness Quiz
Tuesday, August 31, 2010
Friday, August 27, 2010
Anybody wants to go North Korea jiak hong
http://universaltravel.com.sg/NorthKorea_10DaysNorthKorea.php
We cannot live without Google.
Killer interview question: Could you work as a developer if Google was banned in this bank?
26 August 2010
eFinancialCareers Singapore
A hiring manager asked a candidate this question during an interview for a C#/.NET developer role in a large international bank in Asia.
The question in full
Would you be able to work, code and deliver if I tell you that Google is banned in this organisation?
What the hiring manager thinks are the best and worst answers
Best: “No”
Worst: Saying “yes” and then not being able to answer the most basic object-oriented programming concepts.
Did the manager give the candidate the job?
I actually hired the candidate who answered no; that's for being truthful, and secondly he was pretty solid.
Source
26 August 2010
eFinancialCareers Singapore
A hiring manager asked a candidate this question during an interview for a C#/.NET developer role in a large international bank in Asia.
The question in full
Would you be able to work, code and deliver if I tell you that Google is banned in this organisation?
What the hiring manager thinks are the best and worst answers
Best: “No”
Worst: Saying “yes” and then not being able to answer the most basic object-oriented programming concepts.
Did the manager give the candidate the job?
I actually hired the candidate who answered no; that's for being truthful, and secondly he was pretty solid.
Source
Wednesday, August 25, 2010
Tasty Mee Siam, only second to my mum's cooking.
Today was invited to join lunch with the sales team. Previously i told them my favorite food is mee siam and hard to find elsewhere. They had frequently visited a place for mee siam and wanted my review LOL.
The place is called The Royals Cafe near Siglap centre. As the place was rather small, the place is already packed. Inside you can see cakes and ice-cream on display. Other than that they also sell ala carte items like sandwiches, salads, nasi lemak, chicken chop ... , but i am here for the mee siam.
I ordered the mee siam set meal which costs $8.80, consisting of mee siam + coffee/tea/soft drinks and a cake valued below $2.20.
Impression of the mee siam, served in a big bowl with prawns? Now i know why this humble dish costs $4.90 alone. The sourness and spiciness of the gravy is just right. Also the gravy is abit thick with peanuts, elsewhere they don't put peanuts. The only disappointment was the tau gey put inside was not cooked or blanch slightly. I prefer the tau gey to cook longer so its doesn't has that raw taste.
Rating: 4.5/5. If the tau gey is less raw, it would score more.
Lastly was dessert, the American Carrot Cake, this is not your local chai tow kuay. The texture is different from normal cakes, less soft. Every mouthful, you can taste the slices of carrots and nuts, quite a funny yet nice taste. My colleague bought a cake back.
Hope to comeback more for the Mee Siam. Sorry dear readers no pictures.
Thanks Leslie, Siew Cheong, Andy and Thao for the recommendations.
The Royals Cafe
Upper East Coast Rd
19, Crescendo Bldg.
(beside Jalan Tua Kong)
Tel: 6445-6457
Open daily from 7.30am to 11 pm
The place is called The Royals Cafe near Siglap centre. As the place was rather small, the place is already packed. Inside you can see cakes and ice-cream on display. Other than that they also sell ala carte items like sandwiches, salads, nasi lemak, chicken chop ... , but i am here for the mee siam.
I ordered the mee siam set meal which costs $8.80, consisting of mee siam + coffee/tea/soft drinks and a cake valued below $2.20.
Impression of the mee siam, served in a big bowl with prawns? Now i know why this humble dish costs $4.90 alone. The sourness and spiciness of the gravy is just right. Also the gravy is abit thick with peanuts, elsewhere they don't put peanuts. The only disappointment was the tau gey put inside was not cooked or blanch slightly. I prefer the tau gey to cook longer so its doesn't has that raw taste.
Rating: 4.5/5. If the tau gey is less raw, it would score more.
Lastly was dessert, the American Carrot Cake, this is not your local chai tow kuay. The texture is different from normal cakes, less soft. Every mouthful, you can taste the slices of carrots and nuts, quite a funny yet nice taste. My colleague bought a cake back.
Hope to comeback more for the Mee Siam. Sorry dear readers no pictures.
Thanks Leslie, Siew Cheong, Andy and Thao for the recommendations.
The Royals Cafe
Upper East Coast Rd
19, Crescendo Bldg.
(beside Jalan Tua Kong)
Tel: 6445-6457
Open daily from 7.30am to 11 pm
Nice read
A healthy metabolism will keep you in shape and raise your energy levels, both of which are essential to smart money management. By staying healthy, you'll save money on health care costs while maintaining your ability to earn a living. Your metabolism - more specifically, your metabolic rate - is how quickly your body is burning calories. So if you're trying to lose weight, raising your metabolic rate means you'll see results faster.
You don't need fancy diets or expensive gym memberships to raise your metabolic rate. Here are 17 simple things you can do today to jumpstart your body.
[In Pictures: 8 Painless Ways to Save Money.]
1. Fidget. Tap your foot, twirl a pen, chew sugar-free gum while at your desk. Fidgeting uses energy, and while you won't be shedding inches instantly, the mini-aerobics on a daily basis adds up - highly fidgety people may burn up to 500 calories more in a day.
Not done, why not say typing on the keyboard?
2. Stay properly hydrated. Studies have shown that when we are dehydrated, our systems slow down. That includes our metabolism. Aim for at least 8 cups of water a day. An easy way to keep track is to get a 32-oz (4 cups) water bottle, and drink two full bottles a day. If water is too boring for you, there are several natural ways to make water more flavorful.
Office very cold, drinking more water means going toilet often.
3. Avoid diet soda. Water is king when it comes to hydration, but many people find it boring and look for alternatives like diet soda. But just because it has 0 calories doesn't mean it's as good as water. The problem is that the chemical sweeteners used in diet sodas can increase food and fat cravings, which can make sticking to a structured diet and seeing results much harder.
Done
4. Drink cold drinks. Research subjects' metabolisms increased by a third in the 30-40 minutes after drinking a glass of water. The metabolic rate increase is due to your body warming up the liquid.
I read somewhere its bad drinking cold water after a meal especially if the dishes are oily.
5. Spice up your meals. Spicy foods speed up the metabolic process by 20 percent or more for up to half an hour after eating them. Adding a dash of red pepper flakes to stews, pasta sauces, and other dishes is an easy way to turn up the heat and increase the burn.
My mum don't cook Indian or Mexican dishes.
6. Eat a balanced diet that includes "negative calorie" foods. Complex carbohydrates like whole grains, fruits, and vegetables fill you up and take effort for the body to break down. Some vegetables (like celery) and other complex carbohydrates (like high fiber foods) even require more calories to break them down than they contain, making them "negative calorie" foods.
Done
7. Eat more protein. Studies have shown that the body uses twice the energy to break down foods containing protein as it does food that has a high carbohydrate or fat content. (See also: 10 Things to Do With Bargain Beef.)
Will try.
8. Eat fish to store less fat. Eating salmon, tuna, and other fish lowers the levels of leptin in your body. Leptin tells your body how to store calories, and high levels of it trigger fat storage. Eat more fish, lower your leptin levels, and your metabolism triggers your body to store less fat.
If only i am living in Japan and Norway than every meal is Salmon and Sashimi !!!
9. Eat enough calories over the course of the day. Crash diets don't work. If you take in fewer calories than your basal metabolic rate (NYSE: BMR - News) - that is, the amount of calories your body needs when you're completely inactive - then your metabolism will slow down as your body goes into survival mode. So make sure you eat enough to keep your metabolism from stalling.
Don't understand
10. Don't skip breakfast. Eating breakfast is a signal to your metabolism that it's time to start working. Skipping breakfast for the sake of eating less throughout the day is counter-productive; not only does it keep your body in rest mode, but it also makes you hungrier throughout the day.
Doing now and its valid!
11. Eat consistently throughout the day. Eating introduces food into your system, which puts your metabolism to work converting that food to energy it can use. So constant snacking keeps your metabolism elevated throughout the day.
... Hmmms must try
12. Plan ahead for meals and snacks. Eating smaller meals more frequently has the added benefit of keeping your energy level from spiking up or down, which helps you avoid hunger, stay more active, and avoid stress. Have a food plan for the whole day, so you're not tempted by the vending machine in the afternoon and have the energy to exercise after work.
Eat also must plan so troublesome. I just eat whats on the table.
13. Kick your workouts up a notch. When you're walking, wear a weight vest, or bring dumbbells and do curls along the way. Use fitness bands and other resistance gear to get your body to burn more energy in the same amount of time. Need to stay organized? Check out these 8 fitness and diet smart phone apps.
14. Focus on muscle at the gym. Building muscle will help you burn more calories even when you're not moving. While cardio exercise helps to burn fat, muscle building speeds up your metabolic rate for up to 2 hours after every 20-minute session. Better still: every pound of muscle in the body burns 35 calories per day rather than the 2 calories burned by a pound of fat.
15. Perk yourself up with some caffeine. Whether it's a cup of coffee in the morning or a cup of tea in the afternoon, a little bit of caffeine increases your metabolism in the short term. Just be aware that milk and sweeteners add calories, which can counter the metabolic benefits. Also beware of having too much caffeine, which may lead to energy crashes or fitful sleep. (See also: Cheapest Ways to Get Your Caffeine Fix.)
Don't drink coffee.
16. Dodge stress. Stress raises cortisol levels; cortisol is a hormone that can make you hungrier and slow down your metabolism.
Unavoidable when we are working.
17. Never underestimate the value of a good night's sleep. Like stress, though, lack of sleep can elevate levels of cortisol. If the risk of slowing your metabolism down isn't enough to motivate you to try for 8 hours of sleep, how about this -- when you sleep, your body produces a hormone that increases your metabolic rate.
Trying to get min 8hs of sleep.
Source: http://sg.finance.yahoo.com/news/17-Cheap-Ways-to-Jumpstart-usnews-651306142.html?x=0
You don't need fancy diets or expensive gym memberships to raise your metabolic rate. Here are 17 simple things you can do today to jumpstart your body.
[In Pictures: 8 Painless Ways to Save Money.]
1. Fidget. Tap your foot, twirl a pen, chew sugar-free gum while at your desk. Fidgeting uses energy, and while you won't be shedding inches instantly, the mini-aerobics on a daily basis adds up - highly fidgety people may burn up to 500 calories more in a day.
Not done, why not say typing on the keyboard?
2. Stay properly hydrated. Studies have shown that when we are dehydrated, our systems slow down. That includes our metabolism. Aim for at least 8 cups of water a day. An easy way to keep track is to get a 32-oz (4 cups) water bottle, and drink two full bottles a day. If water is too boring for you, there are several natural ways to make water more flavorful.
Office very cold, drinking more water means going toilet often.
3. Avoid diet soda. Water is king when it comes to hydration, but many people find it boring and look for alternatives like diet soda. But just because it has 0 calories doesn't mean it's as good as water. The problem is that the chemical sweeteners used in diet sodas can increase food and fat cravings, which can make sticking to a structured diet and seeing results much harder.
Done
4. Drink cold drinks. Research subjects' metabolisms increased by a third in the 30-40 minutes after drinking a glass of water. The metabolic rate increase is due to your body warming up the liquid.
I read somewhere its bad drinking cold water after a meal especially if the dishes are oily.
5. Spice up your meals. Spicy foods speed up the metabolic process by 20 percent or more for up to half an hour after eating them. Adding a dash of red pepper flakes to stews, pasta sauces, and other dishes is an easy way to turn up the heat and increase the burn.
My mum don't cook Indian or Mexican dishes.
6. Eat a balanced diet that includes "negative calorie" foods. Complex carbohydrates like whole grains, fruits, and vegetables fill you up and take effort for the body to break down. Some vegetables (like celery) and other complex carbohydrates (like high fiber foods) even require more calories to break them down than they contain, making them "negative calorie" foods.
Done
7. Eat more protein. Studies have shown that the body uses twice the energy to break down foods containing protein as it does food that has a high carbohydrate or fat content. (See also: 10 Things to Do With Bargain Beef.)
Will try.
8. Eat fish to store less fat. Eating salmon, tuna, and other fish lowers the levels of leptin in your body. Leptin tells your body how to store calories, and high levels of it trigger fat storage. Eat more fish, lower your leptin levels, and your metabolism triggers your body to store less fat.
If only i am living in Japan and Norway than every meal is Salmon and Sashimi !!!
9. Eat enough calories over the course of the day. Crash diets don't work. If you take in fewer calories than your basal metabolic rate (NYSE: BMR - News) - that is, the amount of calories your body needs when you're completely inactive - then your metabolism will slow down as your body goes into survival mode. So make sure you eat enough to keep your metabolism from stalling.
Don't understand
10. Don't skip breakfast. Eating breakfast is a signal to your metabolism that it's time to start working. Skipping breakfast for the sake of eating less throughout the day is counter-productive; not only does it keep your body in rest mode, but it also makes you hungrier throughout the day.
Doing now and its valid!
11. Eat consistently throughout the day. Eating introduces food into your system, which puts your metabolism to work converting that food to energy it can use. So constant snacking keeps your metabolism elevated throughout the day.
... Hmmms must try
12. Plan ahead for meals and snacks. Eating smaller meals more frequently has the added benefit of keeping your energy level from spiking up or down, which helps you avoid hunger, stay more active, and avoid stress. Have a food plan for the whole day, so you're not tempted by the vending machine in the afternoon and have the energy to exercise after work.
Eat also must plan so troublesome. I just eat whats on the table.
13. Kick your workouts up a notch. When you're walking, wear a weight vest, or bring dumbbells and do curls along the way. Use fitness bands and other resistance gear to get your body to burn more energy in the same amount of time. Need to stay organized? Check out these 8 fitness and diet smart phone apps.
14. Focus on muscle at the gym. Building muscle will help you burn more calories even when you're not moving. While cardio exercise helps to burn fat, muscle building speeds up your metabolic rate for up to 2 hours after every 20-minute session. Better still: every pound of muscle in the body burns 35 calories per day rather than the 2 calories burned by a pound of fat.
15. Perk yourself up with some caffeine. Whether it's a cup of coffee in the morning or a cup of tea in the afternoon, a little bit of caffeine increases your metabolism in the short term. Just be aware that milk and sweeteners add calories, which can counter the metabolic benefits. Also beware of having too much caffeine, which may lead to energy crashes or fitful sleep. (See also: Cheapest Ways to Get Your Caffeine Fix.)
Don't drink coffee.
16. Dodge stress. Stress raises cortisol levels; cortisol is a hormone that can make you hungrier and slow down your metabolism.
Unavoidable when we are working.
17. Never underestimate the value of a good night's sleep. Like stress, though, lack of sleep can elevate levels of cortisol. If the risk of slowing your metabolism down isn't enough to motivate you to try for 8 hours of sleep, how about this -- when you sleep, your body produces a hormone that increases your metabolic rate.
Trying to get min 8hs of sleep.
Source: http://sg.finance.yahoo.com/news/17-Cheap-Ways-to-Jumpstart-usnews-651306142.html?x=0
Friday, August 06, 2010
Art of ordering lunch
Visit the stall near the end of lunch/dinner time.
Sure, some of the dishes may be sold out, but there will also be plenty of other dishes still available. Since the stall owner can't keep the dishes until the next lunch/dinner time, it is in his interest to give away larger portions so that he won't need to deal with leftovers later.
Get your guy colleague to order for you.
This only applies to girls. Stall owners tend to give a smaller portion to girls compared to guys. However, they charge the same price for both. So it is more value for money for a guy to place the order on behalf of the girl so as to receive a larger portion.
Ask for 'more rice' instead of 'add rice'.
Most stall owners will interpret 'more rice' as a larger scoop of rice which will result in more rice. This is generally free. However, 'add rice' entails adding a second scoop of rice to the first, and this generally cost additional money.
Make sure the stall owner has space to serve.
In many mixed vege stalls, there are usually two or more people serving dishes as the same time. When you are ordering, make sure to order dishes that are near the person serving you so that he won't have to stretch over his co-worker to reach your dish. If he is stretching to reach your dish, he probably won't give you more than usual serving since it is that much of a hassle.
Order the meat first.
This is to create a good impression with the stall owner. By ordering the meat first, your are signaling to the stall owner that you will not be ordering the cheapest items on the menu. This puts the owner in a better mood, so he may give you a larger serving.
Order 1 dish at a time and wait until he finished serving.
Point to your first dish, then wait until the stall owner finish serving it before pointing to the next dish. Do not rush him. Often, the stall owner needs time to gauge the portion of food to serve. If you give him sufficient time, it is likely that he will give you a larger than standard portion. Hurrying him results in less than standard portions.
Pause in between ordering dishes.
Pretend to ponder in between dishes. This gives more time for the stall owner to serve your previous dish which likely will result in a larger portion. When he is finished and noticed that you are still pondering overyour next order, he may feel bored and add a few more slices of your previous dish while waiting for you to make your next choice.
Order the same dish twice.
Use this technique very sparingly. After order a dish, pretend to look distracted and point to the same dish again. The stall owner will likely tell you that he has already served that dish. However, occasionally, he may instinctively go through the motion of serving the dish again and make your portion slightly larger, all for the same price.
Order dishes that are about to run out.
It takes practice to estimate, but it is worth picking dishes that are left with about 1.5 to 2 portions. Chances are, that if there is only about 1.5 to 2 portions of the dish left, the stall owner will think 'what-the-heck' and just give you everything. The good is that you get extra servings, the bad is that sauces right at the bottom of the tray are very salty.
Order vege dishes that contain meat sauces.
Some vege dishes have some meat in it to bring out the additional flavour. But it is sold at the price of vege becos the meat is usually in small amounts and only present in the sauce. Tofu dishes are an example of such. By ordering such dishes, you are getting some serving of meat for the price of vege. Nice.
Do not order meat dishes that contain vegetables.
These dishes count as meat but is usual half served with vegetables. It is very not worthwhile, do not order it. An example is the stir fried venison with leek. Go for fully meat dishes instead.
Ask for curry sauce.
Many a time, when you ask for curry sauce, some other ingredients in the curry sauce will find its way onto your rice, such as small pieces of chicken or potato. Cabbage curry sauce will probably bring you some cabbages and longbeans. And it's free.
Ask for meat sauces.
As mentioned earlier, some sauces are cooked with minced meat. It is near impossible to separate the mince meat from the sauce. So if you ask for meat sauces, you will definitely receive some serving of meat with it. And it's free.
Become a regular customer.
Talk to the stall owner on occasions. With good rapport, the stall owner will recognize you as a regular customer and will naturally give you extra servings the next time you visit.
Source http://www.facebook.com/note.php?note_id=410500001830&id=711507292
Sure, some of the dishes may be sold out, but there will also be plenty of other dishes still available. Since the stall owner can't keep the dishes until the next lunch/dinner time, it is in his interest to give away larger portions so that he won't need to deal with leftovers later.
Get your guy colleague to order for you.
This only applies to girls. Stall owners tend to give a smaller portion to girls compared to guys. However, they charge the same price for both. So it is more value for money for a guy to place the order on behalf of the girl so as to receive a larger portion.
Ask for 'more rice' instead of 'add rice'.
Most stall owners will interpret 'more rice' as a larger scoop of rice which will result in more rice. This is generally free. However, 'add rice' entails adding a second scoop of rice to the first, and this generally cost additional money.
Make sure the stall owner has space to serve.
In many mixed vege stalls, there are usually two or more people serving dishes as the same time. When you are ordering, make sure to order dishes that are near the person serving you so that he won't have to stretch over his co-worker to reach your dish. If he is stretching to reach your dish, he probably won't give you more than usual serving since it is that much of a hassle.
Order the meat first.
This is to create a good impression with the stall owner. By ordering the meat first, your are signaling to the stall owner that you will not be ordering the cheapest items on the menu. This puts the owner in a better mood, so he may give you a larger serving.
Order 1 dish at a time and wait until he finished serving.
Point to your first dish, then wait until the stall owner finish serving it before pointing to the next dish. Do not rush him. Often, the stall owner needs time to gauge the portion of food to serve. If you give him sufficient time, it is likely that he will give you a larger than standard portion. Hurrying him results in less than standard portions.
Pause in between ordering dishes.
Pretend to ponder in between dishes. This gives more time for the stall owner to serve your previous dish which likely will result in a larger portion. When he is finished and noticed that you are still pondering overyour next order, he may feel bored and add a few more slices of your previous dish while waiting for you to make your next choice.
Order the same dish twice.
Use this technique very sparingly. After order a dish, pretend to look distracted and point to the same dish again. The stall owner will likely tell you that he has already served that dish. However, occasionally, he may instinctively go through the motion of serving the dish again and make your portion slightly larger, all for the same price.
Order dishes that are about to run out.
It takes practice to estimate, but it is worth picking dishes that are left with about 1.5 to 2 portions. Chances are, that if there is only about 1.5 to 2 portions of the dish left, the stall owner will think 'what-the-heck' and just give you everything. The good is that you get extra servings, the bad is that sauces right at the bottom of the tray are very salty.
Order vege dishes that contain meat sauces.
Some vege dishes have some meat in it to bring out the additional flavour. But it is sold at the price of vege becos the meat is usually in small amounts and only present in the sauce. Tofu dishes are an example of such. By ordering such dishes, you are getting some serving of meat for the price of vege. Nice.
Do not order meat dishes that contain vegetables.
These dishes count as meat but is usual half served with vegetables. It is very not worthwhile, do not order it. An example is the stir fried venison with leek. Go for fully meat dishes instead.
Ask for curry sauce.
Many a time, when you ask for curry sauce, some other ingredients in the curry sauce will find its way onto your rice, such as small pieces of chicken or potato. Cabbage curry sauce will probably bring you some cabbages and longbeans. And it's free.
Ask for meat sauces.
As mentioned earlier, some sauces are cooked with minced meat. It is near impossible to separate the mince meat from the sauce. So if you ask for meat sauces, you will definitely receive some serving of meat with it. And it's free.
Become a regular customer.
Talk to the stall owner on occasions. With good rapport, the stall owner will recognize you as a regular customer and will naturally give you extra servings the next time you visit.
Source http://www.facebook.com/note.php?note_id=410500001830&id=711507292
Thursday, August 05, 2010
Chinese Apple hacker
If tough love is the best way to fix the world's software, then Wu Shi may be one of the information security industry's unsung heroes.
Since 2007 the 35-year-old Shanghai-based researcher has found and reported more than 100 critical flaws in Web browsers like Internet Explorer, Safari and Chrome that could be used to hijack users' computers when they browse to an infected Web page. In the last year alone he's sold more than 50 of those flaws to vulnerability bounty projects like Zero Day Initiative and iDefense, organizations at Hewlett-Packard and VeriSign, respectively, that pay researchers for bug information and use the data in security products before passing it on to affected software vendors.
In Pictures: Red White And Blue In Red China
Hong Kong's 40 Richest
Best Business Apps For Android
Ten Socially Responsible Mobile Apps
Waterproofing Your Vacation
Those numbers represent more flaws reported to Zero Day Initiative and iDefense in a single year--and certainly more vulnerabilities in Web browsers--than practically any other researcher in the world. And more than half those flaws have been in Apple's Safari browser.
In one security update last month, for instance, Apple released 64 new patches for its iPhone operating system. Only six of those security problems had been identified by Apple's internal researchers. Twelve had been identified by researchers at Google. Fifteen had been identified by Wu.
"Perhaps Apple should hire Wu Shi to help them, since apparently he can find more than twice the bugs their whole security team can find," fellow security researcher Charlie Miller told Forbes at the time.
In instant messenger and e-mail conversations, Wu explains how he uses a method known as "fuzzing" to harvest those bugs. Fuzzing a browser involves entering a stream of tweaked files into the program to see which cause it to crash, and then analyzing those crash instances to see which would allow a hacker to insert code that would give him or her control of the browser.
Wu uses his own unique algorithm to generate those test files, and throws them at his own Apache Tomcat server, allowing him to test more samples at a higher frequency than the average researcher. Instead of merely switching single variables in a file, he says his method changes the entire sample, making as many changes as possible that still allow a browser to recognize the file as HTML. "My fuzzing framework focuses on the software's structure, not the details," Wu said.
Wu doesn't perform deep analysis on the bugs he finds, says Aaron Portnoy, a research manager at ZDI who has examined his findings. But Portnoy says the Chinese researcher's full-file fuzzing catches bugs that other approaches can't. "These files have complex hierarchies of related items. Instead of changing one of those items, he can change how the relationship tree works," says Portnoy. "A lot of people fuzz data. He fuzzes relationships."
Wu says he came up with his bug-finding breakthrough after a series of career disappointments. As China's stock market bubble swelled in 2006, his job at a small IT firm began to feel like a sinking ship. "I fell deeper and deeper into despair," Wu said. "On my salary, I couldn't even feed myself."
He left the IT firm and launched a startup based on peer-to-peer file sharing technology. But when a big customer refused to pay for a major project it had commissioned, his partner took another job and the company collapsed.
Wu began assembling a security consultancy and experimenting with fuzzing ideas he'd first had as a student at Fudan University years before. He found several Microsoft security flaws and reported them to the company directly before a friend told him about "vulnerability buying" programs like ZDI. "From that time on, I became a full-time bug hunter," he says.
The hunt has been fruitful. ZDI has paid Wu at least $5,000 for each of the 50 bugs it's bought from him, and iDefense has on occasion paid more than $10,000 for a single flaw. Wu won't say just how much those rewards have added up to, though some simple math shows they go well beyond a quarter of a million dollars--a tidy sum in China. ZDI has also awarded Wu "platinum status," a title that comes with a $20,000 bonus and a free trip to the Black Hat security conference in Las Vegas.
The idea of hundreds of critical security bugs in the hands of a mainland Chinese researcher might worry some in the wake of several widespread cyber espionage networks recently linked to China. The very public hacking of Google, Juniper, Intel, Yahoo and several other companies by cyberspies seemingly based in the country, for instance, used a flaw in Internet Explorer that could have been found with techniques similar to Wu's.
But Wu says that he has sold bugs only to those that "don't do evil" and report the bugs directly to software vendors. For some Internet Explorer bugs, he says he's had offers of 10 times ZDI's bounty from black-market buyers. But moral questions aside, Wu wants none of the risks that come with criminal associations.
Even so, the sheer numbers of vulnerabilities that Wu has found may be troubling, particularly in Apple's software. Wu says that he focuses on Apple's flaws because it's clear that the company hasn't. (Apple did not immediately respond to a request for comment.)
While Microsoft has been busy hardening its software against a decade of attacks--Wu cites threats like the Code Red worm that spread to hundreds of thousands of computers in 2001 and defaced websites with the phrase "Hacked By Chinese!"--Apple has enjoyed complacent years of being ignored by cybercriminals.
But Wu says that lull can't last. The rise of targeted attacks, for instance, has meant that Apple's smaller market share can no longer shield the company from dealing with security issues. "The iPhone and Mac OS are much easier to attack than Windows 7," he says. "I think in the future there will be a lot of attacks on Apple's software."
In other words, Apple's turn to be "hacked by Chinese" may come soon enough. And not all of them will be as charitable as Wu Shi.
Source: http://sg.news.yahoo.com/forbes/20100720/ttc-what-this-chinese-hacker-could-teach-2aa1c1a.html
Since 2007 the 35-year-old Shanghai-based researcher has found and reported more than 100 critical flaws in Web browsers like Internet Explorer, Safari and Chrome that could be used to hijack users' computers when they browse to an infected Web page. In the last year alone he's sold more than 50 of those flaws to vulnerability bounty projects like Zero Day Initiative and iDefense, organizations at Hewlett-Packard and VeriSign, respectively, that pay researchers for bug information and use the data in security products before passing it on to affected software vendors.
In Pictures: Red White And Blue In Red China
Hong Kong's 40 Richest
Best Business Apps For Android
Ten Socially Responsible Mobile Apps
Waterproofing Your Vacation
Those numbers represent more flaws reported to Zero Day Initiative and iDefense in a single year--and certainly more vulnerabilities in Web browsers--than practically any other researcher in the world. And more than half those flaws have been in Apple's Safari browser.
In one security update last month, for instance, Apple released 64 new patches for its iPhone operating system. Only six of those security problems had been identified by Apple's internal researchers. Twelve had been identified by researchers at Google. Fifteen had been identified by Wu.
"Perhaps Apple should hire Wu Shi to help them, since apparently he can find more than twice the bugs their whole security team can find," fellow security researcher Charlie Miller told Forbes at the time.
In instant messenger and e-mail conversations, Wu explains how he uses a method known as "fuzzing" to harvest those bugs. Fuzzing a browser involves entering a stream of tweaked files into the program to see which cause it to crash, and then analyzing those crash instances to see which would allow a hacker to insert code that would give him or her control of the browser.
Wu uses his own unique algorithm to generate those test files, and throws them at his own Apache Tomcat server, allowing him to test more samples at a higher frequency than the average researcher. Instead of merely switching single variables in a file, he says his method changes the entire sample, making as many changes as possible that still allow a browser to recognize the file as HTML. "My fuzzing framework focuses on the software's structure, not the details," Wu said.
Wu doesn't perform deep analysis on the bugs he finds, says Aaron Portnoy, a research manager at ZDI who has examined his findings. But Portnoy says the Chinese researcher's full-file fuzzing catches bugs that other approaches can't. "These files have complex hierarchies of related items. Instead of changing one of those items, he can change how the relationship tree works," says Portnoy. "A lot of people fuzz data. He fuzzes relationships."
Wu says he came up with his bug-finding breakthrough after a series of career disappointments. As China's stock market bubble swelled in 2006, his job at a small IT firm began to feel like a sinking ship. "I fell deeper and deeper into despair," Wu said. "On my salary, I couldn't even feed myself."
He left the IT firm and launched a startup based on peer-to-peer file sharing technology. But when a big customer refused to pay for a major project it had commissioned, his partner took another job and the company collapsed.
Wu began assembling a security consultancy and experimenting with fuzzing ideas he'd first had as a student at Fudan University years before. He found several Microsoft security flaws and reported them to the company directly before a friend told him about "vulnerability buying" programs like ZDI. "From that time on, I became a full-time bug hunter," he says.
The hunt has been fruitful. ZDI has paid Wu at least $5,000 for each of the 50 bugs it's bought from him, and iDefense has on occasion paid more than $10,000 for a single flaw. Wu won't say just how much those rewards have added up to, though some simple math shows they go well beyond a quarter of a million dollars--a tidy sum in China. ZDI has also awarded Wu "platinum status," a title that comes with a $20,000 bonus and a free trip to the Black Hat security conference in Las Vegas.
The idea of hundreds of critical security bugs in the hands of a mainland Chinese researcher might worry some in the wake of several widespread cyber espionage networks recently linked to China. The very public hacking of Google, Juniper, Intel, Yahoo and several other companies by cyberspies seemingly based in the country, for instance, used a flaw in Internet Explorer that could have been found with techniques similar to Wu's.
But Wu says that he has sold bugs only to those that "don't do evil" and report the bugs directly to software vendors. For some Internet Explorer bugs, he says he's had offers of 10 times ZDI's bounty from black-market buyers. But moral questions aside, Wu wants none of the risks that come with criminal associations.
Even so, the sheer numbers of vulnerabilities that Wu has found may be troubling, particularly in Apple's software. Wu says that he focuses on Apple's flaws because it's clear that the company hasn't. (Apple did not immediately respond to a request for comment.)
While Microsoft has been busy hardening its software against a decade of attacks--Wu cites threats like the Code Red worm that spread to hundreds of thousands of computers in 2001 and defaced websites with the phrase "Hacked By Chinese!"--Apple has enjoyed complacent years of being ignored by cybercriminals.
But Wu says that lull can't last. The rise of targeted attacks, for instance, has meant that Apple's smaller market share can no longer shield the company from dealing with security issues. "The iPhone and Mac OS are much easier to attack than Windows 7," he says. "I think in the future there will be a lot of attacks on Apple's software."
In other words, Apple's turn to be "hacked by Chinese" may come soon enough. And not all of them will be as charitable as Wu Shi.
Source: http://sg.news.yahoo.com/forbes/20100720/ttc-what-this-chinese-hacker-could-teach-2aa1c1a.html
Subscribe to:
Posts (Atom)