I’ve often tried to use MS Word tables and do computations with the values in the tables. Example:

Suppose, the following conditions hold true:
c1 = a1xb1
c2 = a2xb2
a3 = a1 + a2
b3 = b1 + b2
c3 = c2 + c2

Click on the c1 cell, click on the “Layout” button, click on “Formula” button, in the Formula field, enter the following:
=PRODUCT(a1:b1)
Similarly, for c2 use =PRODUCT(a2:b2).
For a3,b3,c3 use =SUM(ABOVE)

Yesterday, while searching for Web Services on the Internet I came across an old, popular web service called “Amazon’s mechanical turk” based on the mechanical turk trick from old magic days.
The gist is, you (“The requestor”) put in a HIT (Human Interaction Task) in amazon’s lingo so that some one on the Internet can solve it for you (“the worker”). Most of what I saw on the website seemed like random tasks being used by researchers, online yellowpages-like directories, marketing, classification of goods, etc.
What might also be an interesting application, and I’m sure it’s probably being used for is, captcha-solving for spammers.
Also, the Amazon Mechanical Turk terms of service don’t help and say the following (verbatim):
Amazon Mechanical Turk provides a venue for third-party Requesters and third-party Providers to enter into and complete transactions. Amazon Mechanical Turk and its Affiliates are not involved in the transactions between Requesters and Providers. As a result, we have no control over the quality, safety or legality of the Services, the ability of Providers to provide the Services to Requesters’ satisfaction, or the ability of Requesters to pay for Services. We are not responsible for the actions of any Requester or Provider. We do not conduct any screening or other verification with respect to Requesters or Providers, nor do we provide any recommendations. As a Requester or a Provider, you use the Site at your own risk.

Given this, and the rates prevalent (about a penny or so per task), I think spammers might have a free-run on this service. Of course, amazon has a conveniently available web service available at http://mechanicalturk.amazonaws.com/AWSMechanicalTurk/AWSMechanicalTurkRequester.wsdl.
Now, the key question is, suppose a spammer uses this service, who’s to blame…I wouldn’t imagine the solvers know what the intent of the act is, amazon (possibly) can’t be liable because the ToS is required to be accepted before use, and since the requestor is somewhere on the Internet, he/she possibly can’t be traced.
Of course, I’m not saying that Mechanical Turk is all bad, but like all walks of life there’s a positive or a negative use to everything.
As someone once said: “Every tool is a weapon if you hold it right”!

Dell had this program called Dell Vista Express Upgrade as a part of which once you pay for your XP Pro you become eligible for a Vista upgrade. The interesting thing was it was an introductory offer and they would ship the DVDs upon Vista’s release if we activated the upgrade. I did activate the upgrade but I did not receive my DVDs until a few days but when I eventually did it was a “Dell Vista Upgrade Assistant DVD”. What was even more interesting was that this DVD was not even an installation DVD (with no warnings on it that it was not the OS installation itself which I assumed all along). It was just a DVD because Dell likes sending DVDs to users! So I contacted Dell about the OS when I couldn’t boot up the OS and they said that no wonder…this is not the OS. So I asked them where’s the OS and the customer care went “you should have it”! Now if they didn’t ship it and I didn’t receive it (although I paid Dell for it), who should have it! They tell me Microsoft has it. It just seems illogical that the person who I pay for the software would not be the one to ship it out to me. The Dell Resolution specialist called today and said there’s nothing he could do. They have my money, they didn’t ship out the DVD…and so be it! Do what you can! That’s just the worst ever case of customer care I’ve ever seen!

I have been a subscriber to this magazine’s electronic edition since the past year. However, they’ve only sent me one copy of the magazine till date. The cost of the yearly subscription was $79 or something which makes it an extremely expensive magazine…1 issue for $79…that’s ridiculous!
All my efforts to contact monika.drygulska@hakin9.org or marta.ogonek@hakin9.org have been futile! I would like to discourage anyone who pays for this.
Has anyone else experienced this kind of sloppy service with Hakin9?
Update 06/23/2009:
Hakin9 finally contacted me, after I emailed them (again) based on Chris John Riley’s suggestion. They provided me with the missing issues. Better late than never Hakin9! Thanks!

This week I got the CREA certification to add to my list of CISSP, CEPT, Visa QSA. This certification required a good practical and conceptual knowledge of reverse engineering. The certification requires a good working knowledge of components such as IA-32 assembly language, malware reversing, expert level knowledge of IDA Pro, OllyDbg, HiEW, Dumpbin etc., PE File header, repairing packed and compacted binaries, using system level reversing etc. The exam was good and tested on the concepts of the reverse engineer.

I finally got the Certified Expert Penetration Tester (CEPT) with a good score on the practical. There were two parts to the certification : an objective multiple choice written test and a practical. To qualify one needs 70% on the written and 70% on the practical portion of the test.
The written test was not too challenging if you follow the material taught at the InfoSec Institute’s Advanced Ethical Hacking course, however, the practical made up on the lack of challenge. The practical involved writing an unpublished stack overflow exploit for a real-world commercial software of IACRB’s choosing, a format string exploit for a custom application and writing a patch for windows binary to subvert registration mechanism on the binary. One could write the exploit in the form of a python script (that I chose), a shell script , a perl script or a binary written in a language of our choosing. The solution could be quite flexible when it came to the choice of language for writing the exploits.
Personally speaking, this was a great learning experience for me and I plan to continue learning in the interesting field of vulnerability development!