A team from Princeton University has developed ways to break disk encryption, including Bitlocker, Truecrypt, Apple encryption, and Linux encryption, if the computer is in sleep mode or sitting at a password prompt, or even if it’s just been turned off.
Morning Edition, February 21, 2008 Â· Stanford University says it will no longer charge tuition to undergraduates whose parents earn less than $100,000 a year. For students whose parents make less than $60,000, the university will also waive room and board costs.
SAN FRANCISCO, California (AP) – Google Inc. will begin storing the medical records of a few thousand people as it tests a long-awaited health service that’s likely to raise more concerns about the volume of sensitive information entrusted to the Internet search leader.
The pilot project to be announced Thursday will involve 1,500 to 10,000 patients at the Cleveland Clinic who volunteered to an electronic transfer of their personal health records so they can be retrieved through Google’s new service, which won’t be open to the general public.
Each health profile, including information about prescriptions, allergies and medical histories, will be protected by a password that’s also required to use other Google services such as e-mail and personalized search tools.
Google views its expansion into health records management as a logical extension because its search engine already processes millions of requests from people trying to find more information about an injury, illness or recommended treatment.
But the health venture also will provide more fodder for privacy watchdogs who believe Google already knows too much about the interests and habits of its users as its computers log their search requests and store their e-mail discussions.
Prodded by the criticism, Google last year introduced a new system that purges people’s search records after 18 months. In a show of its privacy commitment, Google also successfully rebuffed the U.S. Justice Department’s demand to examine millions of its users’ search requests in a court battle two years ago.
The Mountain View, California-based company hasn’t specified a timetable for unveiling the health service, which has been the source of much speculation for the past two years. Marissa Mayer, the Google executive overseeing the health project, has previously said the service would debut in 2008.
These days, data is mobile. Every day, sensitive corporate data leaves a companyâ€™s headquarters on a flash drive or an employeeâ€™s laptop. Regardless of where it is going, mobile data can be an I.T. departmentâ€™s worst nightmare.
In fact, the 2006 â€œCSI/FBI Computer Crime and Security Survey,â€ a joint effort by the San Francisco office of the FBI and the Computer Security Institute, named laptop theft as the third-largest source of financial loss in the computer security domain. This survey reports the results of 426 companies. While most security threats documented by the study decreased, losses from laptop theft have increased since 2005. â€œData protection (e.g., data classification, identification and encryption) and application software (e.g., Web application VoIP vulnerability security)â€ were cited as the â€œmost critical computer security issues in next two yearsâ€ by 73 respondents.
One of the most important computer security issues today is laptop theft. The data on a stolen laptop may be far more valuable than the device itself. For example, a stolen UC Berkeley laptop contained sensitive data about nearly 100,000 alumni. A stolen Department of Veteranâ€™s Affairs latop yielded information from up to 26.5 million veterans. There are many examples of high-profile laptop theft, and these incidents are often very costly for companies. The cost, however, isnâ€™t related to the hardware replacement, but to the loss of confidential information and customer security.
What if the owner could state that the data has not been compromised? What if the only loss resulting from a stolen laptop was purely material? This would certainly alleviate some of the risks behind mobile data. Disk encryption is one way to help solve this problem. Since the Fedoraâ„¢ Project was announced in 2003, many disk encryption technologies have been added to the Fedora platform.
When I needed to make a USB key (aka. USB pen drive, USB memory stick, whatever) bootable under Linux I found there was a number of pages on the Internet that listed the steps needed. Some of these pages required you to do some steps from DOS and/or used the syslinux command.
I did not want to boot DOS in order to get the job done. I wanted to do everything from Linux. I tried the procedures which made use of the syslinux command but I didn’t get consistent results. Sometimes my USB key was bootable and sometimes it wasn’t.
I felt there had to be a better way to do this that used the same commands one would normally use to make a standard hard drive bootable. After a bit of experimentation and testing, I came up with the procedure which follows.
The information below provides an overview of the steps you need to follow in order to create a bootable ext2 based file system partition on a USB key. It is not an exact command by command set of instructions. You are expected to have some familiarity with Linux and the commands that will be used.
This is old news but still deserves a mention. In case you haven’t been a student in awhile TurnItIn is a service for educational institutions. They make it compulsive for students to allow their paper to be submitted to Turnitin or receive a failing grade of 0.
The service, a profit entity, operates by archiving student papers to detect plagiarism and since students aren’t compensated, some feel it’s a copyright/privacy violation.
Got it through MSDN… the real release, not the beta. Everything to do with file transfer has improved substantially… Copy, delete, move.. large, small files.. all smooth now. C’mon Microsoft.. you can do it!
People will post just about anything on social networking sites. And the information can be used against them. Suddenly, those saucy pictures and intimate confessions on social networking sites can be taken down and used in evidence against you in ways never dreamed of.
In the judicial backwater of a New Jersey federal court, a case is being heard that nominally affects two families but should also make millions of Britons think twice about something they do every day: put highly personal information on Facebook, MySpace or Bebo.
An American insurance company, in defending its refusal to pay out a claim, is seeking to call in evidence personal online postings, including the contents of any MySpace or Facebook pages the litigants may have, to see if their eating disorders might have “emotional causes”. And the case is far from a lone one. Suddenly, those saucy pictures and intimate confessions on social networking sites can be taken down and used in evidence against you in ways never dreamed of.
Damballa researchers share some techniques for getting a better picture of botnets — and targeted attacks
By Kelly Jackson Higgins
Senior Editor, Dark Reading
Is that malware found on your client machine the sign of a targeted attack or a routine bot-herding run? How do you know for sure?
Botnet hunters from Damballa are using some traditional network monitoring techniques to determine the size and scope of botnets — information that can even help distinguish between a direct attack or a random bot recruitment.
â€œWe are working on ways to better [calculate] the numbers of these botnets with some accuracy,â€ says Christopher Davis, director of threat analysis for Damballa. Davis and Damballa chief scientist and co-founder David Dagon will discuss their companyâ€™s botnet research techniques at Black Hat D.C. next week.
Damballa researchers basically reverse-engineer the malware code that arrives at one of their customerâ€™s client machines, and then study how it communicates with its command and control (C&C) server. Then, using a DNS cache-inspection technique, combined with tracking the C&C serverâ€™s IP packet identifier in TCP/IP, they can take more accurate counts of the number of bots, C&C servers, and the potential scope of a particular botnet.
Better get rid of those HD-DVDs soon.
HD DVD Format on Death Watch
Author: THOMAS K. ARNOLD and ERIK GRUENWEDEL
Posted: February 14, 2008
The format war has turned into a format death watch.
Toshiba is widely expected to pull the plug on its HD DVD format sometime in the coming weeks, reliable industry sources say, after a rash of retail defections that followed Warner Home Videoâ€™s stunning announcement in early January that it would only support the rival Blu-ray Disc format after May…
…Toshiba had been pitching its discounted HD DVD players toward the standard DVD crowd as well as high-def enthusiasts, noting in its ad message that the new players would make DVDs look a lot better as well. And as a last-ditch effort the company ran an ad during the Super Bowl â€” a 30-second spot that reportedly cost $2.7 million.
But in the end, sources say, the substantial loss Toshiba is incurring with each HD DVD player sold â€” a figure sources say could be as high as several hundred dollars â€” coupled with a series of high-profile retail defections, have driven the company to at last concede defeat.
â€œAn announcement is coming soon,â€ said one source close to the HD DVD camp. â€œIt would be a matter of weeks.â€
Feel free to use this to give to your Valentine. I did.
If you send an email to email@example.com with your .WAV attached, it will convert that .WAV to .MP3. Here’s some more.
send email to:
firstname.lastname@example.org – WAV to MP3
email@example.com – MP3 to WAV
firstname.lastname@example.org – Word, Excel, PowerPoint to PDF
email@example.com – PDF to Word, Rich Text Format
iPhone@pdfonline.com – Visio, Word (including the 2007/.docx kind) to PDF & supports multiple file attachments.
(Ignore the “iphone” in the address, as it works from any device or computer, but only supports files up to 1 MB in size. )
At first i was like “Oh shit, a bunch of crap is about to fall out” then i got close enough to realize that it was just a badass painting…
that’s a dog in the bottom left.
Just how rampant is piracy in PC casual gaming? In a startling installment of his regular Gamasutra column, Reflexive’s director of marketing Russell Carroll (Wik, Ricochet) reveals the 92% piracy rate for one of his company’s games, and what worked (and didn’t work) when they tried to fix it.
â€œIt looks like around 92% of the people playing the full version of [the pictured] Ricochet Infinity pirated it.â€ Itâ€™s moments like those that make people in the industry stop dead in their tracks. 92% is a huge number and though we were only measuring people who had gotten the game from Reflexive and gone online with it, it seemed improbable that those who acquired the game elsewhere or didnâ€™t go online were any more likely to have purchased it. As we sat and pondered the financial implications of such piracy, it was hard to get past the magnitude of the number itself: 92%.
In the casual games space, where the majority of the industry is tied to an internet-distributed product, piracy is a common problem. Search for any casual game through Google, add the word â€˜crackâ€™, and the search engine will help you find and illegally acquire every casual game you can imagine.
One way to fight the search-engine facilitated piracy is to work to remove the ever-expanding number of links to illegal copies, but in many cases improving the Digital Rights Management (DRM) system to be more secure can be more effective as it renders a large number of those links obsolete. This is tricky to be sure, because improving the security must be done without making the DRM so onerous that it keeps honest customers from purchasing games.
Reflexive, where I work, is in a peculiar position in this regard. Whereas most of the casual games industry licenses their DRM from a vendor, Reflexive has its own in-house DRM. Over the years it has undergone many improvements, including several changes made specifically to combat piracy.
With that background, my penchant for actual numbers, and a lot of help from Brian Fisher, Reflexiveâ€™s king of number crunching logic, letâ€™s tackle the question of the 92% piracy rate on Ricochet Infinity. Could we realistically assume that stopping piracy would have caused 12 times more sales?
I know a lot of you guys use ImgBurn. The new version was just released yesterday (the previous version, 184.108.40.206, was released 4/12/07). The change log is gigantic. Among it are the ability to create and burn audio CDs, HD-DVD discs, Blu-Ray discs, the usual insane list of bug fixes, language files for localization, and a ton more. The user interface has been improved, too. Go get it!
There is a new local root exploit found in linux kernels 2.6.17 to 220.127.116.11. Here’s a proof-of-concept, which basically works as a “passwordless su”.
I have tested the exploit on a few systems I manage, and it just plain works on a number of them. The distros I have around that are vulnerable are:
- Fedora 8
- CentOS 5/5.1 (and therefore presumably RHEL as well)
- Debian Etch
- Ubuntu 7.10
On one oddball Debian Etch system the exploit segfaulted, but to me that doesn’t rule out that the hole is still there. On older boxes (tested on a couple Debian Sarge systems), the kernel is too old to have the vulnerable vmsplice feature.
The hole is patched in 18.104.22.168, but compiling and installing that on a production system really isn’t a viable alternative.
I’d hate for this to turn into a flamewar on Linux security, or how dangerous a local root exploit really is. It’s there, it’s not the end of the world in any way, but it very much needs fixing. I am really interested in hearing if anyone has seen patched kernels for the main distros, or when they show up. Most of the vulnerable systems I have don’t have any users on them (other than people who have root access “the normal way”), but I currently have a couple of machines locked down (sshd stopped or normal users disabled). Both of those are Debian Etch, and those guys generally are quite snappy in providing security updates.
Even with strike over, Heroes seems grounded until next season.
February 11, 2008 – While the strike looks just about over, Heroes fans shouldn’t expect new episodes in the immediate future. The news filtering out seems to confirm that the NBC superhero hit won’t be back until this fall, despite writers almost certainly going back to work this week.
The reason for the delay seems centered around issues unique to Heroes from both a production and structural standpoint. Heroes creator Tim Kring told ew.com last week that he felt that they could probably only finish three more epsidoes of the series if they attempted to film more to air by the end of this TV season in May.
Heroes is formatted in large story arcs, the next of which is called “Villians.” Doing just three more episodes this season would mean either making that story much shorter than intended, or making the audience wait several months for the story to conclude in the fall. Says Kring to ew.com, “With a show like Heroes that’s so strongly serialized, and given what we wanted to accomplish with the new storyline, to come back with just three episodes could be creatively dangerous.”
In what can only be classified as yet another crushing blow to the embattled HD DVD camp, rent-by-mail giant Netflix has just announced its intention to only stock Blu-ray titles in the future. Netflix justified its decision by pointing out the fact that most Hollywood studios seem to be converging solely around the Sony-backed format — a fact that’s all too familiar to Toshiba and friends. With both Blockbuster and now the ‘Flix having eschewed HD DVD for BD, it’s gonna get harder and harder to even find a place to rent those former discs in the first place, let alone one that has a decent selection.
Update: It looks like all hope is not lost for HD DVD renters. Not only does Blockbuster Online still carry titles in the endangered format, but Netflix should continue offering a limited selection of discs until current stock is phased out around the end of the year.
Leopard finally gets its second patch, and boy does it fix a lot of stuff. The first patch hit back in November, with test builds of the second making it out a month later. Here’s a list of the major things the 10.5.2 patch fixes (including menubar transparency and Stacks).
â€¢ Airport connection reliability and stability
â€¢ Back to my Mac for third-party routers
â€¢ Dashboard widget performance improvement
â€¢ Stacks fix! List view, Folder view, and updated background for Grid Vid View
â€¢ Menubar transparency disabling
â€¢ Less translucent menus
â€¢ Several iCal recurring meetings supports, bug fixes overall
â€¢ iChat Bugfixes
â€¢ iSync support added for Samsung D600E and D900i phones
â€¢ Finder bugfixes
â€¢ Mail bugfixes
â€¢ AFP network volume hanging fixed
â€¢ RAW support improved
â€¢ Preview bugfixes
â€¢ Time Machine bugfixes (some external drives not being recognized)
Plus lots of various other fixes (we tried to cover only the hot ones here). Isn’t it funny that Vista has been out for a year and they are still working on a service pack. Apple has Leopard out since October, and they have had two service revisions. Go Apple.
Asus use to make a laptop called the s200, also known as the JVC MiniNote or Victor Interlink, which came with a 8.9 inch screen at 1024×600 resolution. Placing a JVC Mininote xp5230 side by side with an Asus eeePC: They’re practically the same size, and it was very surprising that Asus didn’t go with the 8.9″ screen originally, but I guess it all comes down to cost.
The main things I prefer on the JVC:
- of course the 8.9inch screen at 1024×600 resolution,
- the keyboard is a tiny bit bigger, which makes a hell of a difference when trying to touch type.
- I much prefer a trackpoint to a touchpad.
Things I don’t like about the JVC:
- it gets stupidly hot, to the point you can’t have it on your lap.
- this model has a lack of builtin WiFi, some of the higher models do have it though.
- the VGA out needs a breakout cable.
- this model takes stupidly small 144pin MicroDimms, that only allow memory expansion to 384MB.
but overall they’re very similar machines.
more photos after the jump…