security, privacy, linux, books, & more! | LandoftheFree(ish)

Masked hoodie sweatshirts stir debate in UK

A range of hoodies which covers the face is sparking fears they could be used for criminal activity.

With designs like skeletons, or Hannibal, referring to the cannibal villain in the movie “Silence of the Lambs”, the masks are meant to stir up a reaction. The masked hoodies range in price from 30 to 600 British pounds (60 to 1200 USD).

Cindy Martin reports.

Watch the video…

A hard drive just saved my life!

I’m still kinda messed up in the head about it so bear with me.
I was delivering some computers to a small shop in the ghetto of Colorado Springs. I happen to be carrying a box of hard drives.
all of a sudden I hear “BLAP BLAP BLAP BLAP BLAP”
I hear some whizzing and suddenly, it feels like I got pushed hard!
I hit the ground, took me about 3 seconds to realize I was hit, but I couldn’t see any bleeding.
that’s when I saw the hole in the box. I went inside the shop and looked at the drives.

Read the rest of this entry »

Encrypted Laptop Poses Legal Dilemma

BURLINGTON, Vt. (AP) â€” When Sebastien Boucher stopped at the U.S.-Canadian border, agents who inspected his laptop said they found files containing child pornography.But when they tried to examine the images after his arrest, authorities were stymied by a password-protected encryption program.

Now Boucher is caught in a cyber-age quandary: The government wants him to give up the password, but doing so could violate his Fifth Amendment right against self-incrimination by revealing the contents of the files.

Experts say the case could have broad computer privacy implications for people who cross borders with computers, PDAs and other devices that are subject to inspection.

“It’s a very, very interesting and novel question, and the courts have never really dealt with it,” said Lee Tien, an attorney with the Electronic Frontier Foundation, a San Francisco-based group focused on civil liberties in the digital world.

For now, the law’s on Boucher’s side: A federal magistrate here has ruled that forcing Boucher to surrender the password would be unconstitutional.

Read the rest of this entry »

Virtualization in Linux: A Review of Four Software Choices

This week Canonical, the company behind Ubuntu Linux, announced a partnership with Parallels, maker of the Virtualization products Parallels Workstation and Parallels Desktop for Mac. Consequently, the Parallels Workstation virtualization software is now available to download and install in Ubuntu Linux, completely supported by Canonical, and done entirely through the Add/Remove programs interface. This makes four different virtualization programs — three of which are installable via the package repositories — that run on Ubuntu Linux.

Virtualization is the technique of running a “guest” operating system inside an already-running OS; for example, Windows inside Linux, or visa-versa. This article compares four virtualization products available for Ubuntu Linux: the free, open source x86 emulator Qemu; the closed-but-free versions of VirtualBox and VMware-Server, and the commercial Parallels Workstation.

RIAA wants filtering on the end-user level (aka your PC)

Jesus these goons don’t know when to quit. If they could make you install a brain filter that prevented you from hearing pirated music I’m sure they would.

At a Washington, DC, tech conference last week, RIAA boss Cary Sherman suggested that Internet filtering was a super idea but that he saw no reason to mandate it. Turns out that was only part of the story, though; Sherman’s a sharp guy, and he’s fully aware that filtering will prompt an encryption arms race that is going to be impossible to win… unless usersÂ somehow install the filtering software on their home PCs or equipment.

Last night, Public Knowledge posted a video clip from the conference that drew attention to Sherman’s other remarks on the topic of filtering, and what he has to say is downright amazing: due to the encryption problem, filters may need to be put on end users’ PCs.

The issue of encryption “would have to be faced,”Â Sherman admitted after talking about the wonders of filtering. “One could have a filter on the end user’s computer that would actually eliminate any benefit from encryption because if you want to hear [the music], you would need to decrypt it, and at that point the filter would work.”

Wouldn’t this “encryption arms race” that is “impossible to win” be done in “software” by “users,” making filtering connection hardware useless as the data is already encrypted?

Unless they want to block all encrypted data, because after all, you have nothing to hide if you aren’t doing anything wrong.Â Ugh.

Source

HOWTO: Defeat Sealed PDFs, A DRM Nightmare

Have you ever heard of a “sealed” PDF? I don’t mean password-protected or branded with your name (as some eBook sellers do). This is a different beast. Let me introduce a company called SealedMedia. Their business is protecting electronic documents (PDFs), a form of Digital Rights Management (DRM) which has always been a topic of ongoing debate. One of their most notable clients: Harvard Business School Press.

The Problem:

I had to write a paper on case #698-004, entitled “We’ve Got Rhythm! Medtronic Corp.’s Cardiac Pacemaker Business,” which is a great case by the way. Unfortunately, my experience purchasing and reading the case was not.

The HBSP Online Store allows visitors to purchase cases individually, in PDF format, well actually SPDF format. The .spdf extension indicates the document has been “sealed” by SealedMedia, and consequently Adobe Reader cannot properly render it without the SealedMedia plug-in and a valid license.

When you purchase the case, you receive a license with a login name and password. When launching Adobe Reader, you must authenticate to the license server to view the document:

Read the rest of this entry »

Windows installer for Amarok 2 tech preview 1 available

Today is a great day for all the people waiting for the first bits and pieces of Amarok 2 on Windows. Amarok developer shakes worked hard to get it ready for you. Enjoy! Please be aware that it is only a tech preview with a lot of known problems. From the amarok.kde.org posting:

I’ve had the killer combination of being both sick and busy lately, so I haven’t got much done on Amarok recently.

However I do have one announcement that might make a few people happy: the windows installer of KDE now has packages of the Amarok 2 tech preview available.

You can download it by grabbing the installer and following the instructions over at the KDE techbase. It should be pretty self explainatory, just run the installer, select a mirror, and download the amarok package: all the dependencies should be automatically downloaded and installed for you.

Read the rest of this entry »

TrueCrypt 5.0 now supports OSX

Since so many Mac users are also child porn enthusiasts, I thought you might like to know that the newest version of TrueCrypt came out last night and they support OS X now.

Now my trendy Mac friends can stop having to mess around with their USB keychain, mirroring their passwords and bill pay confirmations from a Mac sparseimage to a TrueCrypt vault and back again.

If you’ve never heard of TrueCrypt, it’s basically a paranoid’s wet dream, open-source encryption app where you can do needlessly complicated things like hide an undetectable real vault inside a dummy vault so the NSA can’t get your Flickr password. It provides two levels of plausible deniability, in case an adversary forces the password out of you… and now it’s cross platform. Yay!

Truecrypt

Unlinker: An Extremely Helpful Firefox Add-On

Some of you might already be using Unlinker since I have posted about it several times before. A lot of you have asked, what does it do? Hopefully this brief post will help you see the usefulness of this relatively simple but powerful Firefox Extension…

Suppose you are on a forum, blog, Apache index page, or any other page full of links to photos. You want to view and possibly save all of the pics. What do you do? Well, you could use my BASH script if you’re using *nix… but if you’re like most of my friends/family, that’s not an option. Do you really want to click on each image link one-by-one, when you just want to view/save them all easily? There’s got to be an easier way. Well, now there is. See the simple example below.

Click the images for a larger view.

Exhibit A:

Here’s a typical forum post where Mr. McForumMember didn’t put the proper image tags around the image links in his post.

Exhibit B:

Right Click > Convert in page

Exhibit C:

Instantly, the “linked” images are now “unlinked” and appear adjacent to their respective URLs.

The best part about Unlinker is: it’s NOT a resource hog. It weighs in at just 43 kilobytes and still feels as powerful as similar Firefox Add-ons that are bloated with too many features you would seldom use. Feel free to play around with Unlinker and try out it’s MANY other features. We will go into more detail about these at a later date.

Get Unlinker

Your Bank Account Is Never Really Closed At Bank Of America

From the Consumerist: “Did you know a “closed” checking account is never really closed? Today I walked to the local BofA for the third time to close a checking account that every month seems to magically re-open with a $5.95 account fee. What the manager told me was quite shocking.”

While checks that come in for a closed account will “bounce,” any electronic credit or debit will automatically reopen the account. So that one bill-pay with the electric co-op you forgot to change? Yep, that’ll reopen your account. That one direct deposit of the two cents of interest you earn on a CD? Yep, reopened. Or in my case, the $5.95 account fee that the first two people who “closed” my account forgot to turn off – yep, reopens the account. “All we’re doing is honoring the electronic debit agreement you signed with other merchants,” he told me. “So,” I said, “ten years from now if someone I had an agreement with previously decides they want to try and electronically deduct $200 from my account – that would reopen it.” “Yes,” says he. Seems like the transactions should just “bounce” and I should have to fix whatever problem it creates. I hate this idea of the bank trying to “help me.” At least this month the guy waived the $6 fee. Last month they made me pay it to close the account and I was in too big of a hurry to put up more than a 2 minute fight. I live in Charlotte – maybe I should pay Mr. Lewis a visit and ask him why he thinks this is good for consumers.

Read the rest of this entry »

Choosing a Name for Your Computer

Here’s a FAQ on how to name your computer from 1990. Follow the link at the bottom to read all the “tips.”

Avoid alternate spellings.

Once we called a machine “czek”. In discussion, people
continually thought we were talking about a machine called
“check”. Indeed, “czek” isn’t even a word (although “Czech”
is).

Purposely incorrect (but cute) spellings also tend to annoy a
large subset of people. Also, people who have learned English
as a second language often question their own knowledge upon
seeing a word that they know but spelled differently. (“I
guess I’ve always been spelling “funxion” incorrectly. How
embarrassing!”)

By now you may be saying to yourself, “This is all very
silly…people who have to know how to spell a name will learn
it and that’s that.” While it is true that some people will
learn the spelling, it will eventually cause problems
somewhere.

For example, one day a machine named “pythagoris” (sic) went
awry and began sending a tremendous number of messages to the
site administrator’s computer. The administrator, who wasn’t a
very good speller to begin with, had never seen this machine
before (someone else had set it up and named it), but he had to
deal with it since it was clogging up the network as well as
bogging down his own machine which was logging all the errors.
Needless to say, he had to look it up every time he needed to
spell “pythagoris”. (He suspected there was an abbreviation,
but he would have had to log into yet another computer (the
local nameserver) to find out and the network was too jammed to
waste time doing that.)

Link

Diebold voting machine key copied from pic on Diebold site

In another stunning blow to the security and integrity of Diebold’s electronic voting machines, someone has made a copy of the key which opens ALL Diebold e-voting machines from a picture on the company’s own website. The working keys were confirmed by Princeton scientists, the same people who discovered that a simple virus hack on the Diebold machines could steal an election. Absolutely incredible and another example of how Diebold’s e-voting machines pose a great threat to the electoral process.

Source

What Websites are Hosted at this IP?

Using the “Reverse IP Domain Check,” you can see all of the other sites hosted on the same web server as a particular domain name. Try it.

Linky Linky

Pidgin “now playing” Plugins (updates status message to song being played)

These are plugins for Pidgin (the IM client formerly known as Gaim) that update the status message to show the currently playing track, retrieving it from your music player. Here’s what I’ve found so far, in what I think is no particular order…

Read the rest of this entry »

HOWTO: Setup Encrypted Partitions in Linux

To start out we need free space on a drive that isnâ€™t partitioned, or enough patience to resize an existing one. Just about everything here needs root privileges, since weâ€™re working with filesystems. It would be easiest to start a root terminal with su -, then enter your password.First, we install the tools to get the encrypted partition going: [apt-get/yum] install cryptsetup hashalot gparted

Next, we use gparted to create a 20GB partition at the end of my disk. Itâ€™s a dead simple drag nâ€™ drop application similar in function to Partition Magic or other GUI partition editorsâ€¦ hopefully you donâ€™t need instructions. Make sure to record the name of the new partition! Everything here that says /dev/sda2 is going to change based on your hardware and partitioning scheme.

After that completes (which can take some time if any resizing or moving of an existing partition happens), we need to set a password.
cryptsetup --verbose --verify-passphrase luksFormat /dev/sda2

This command will create a device called /dev/mapper/sda2 and give us access to the encrypted volume after verifying the password:
cryptsetup luksOpen /dev/sda2 sda2

By now weâ€™re knee deep in waist-high water. Iâ€™m not quite sure what that meansâ€¦ I just made it up. Say it out loudâ€¦ rolls off the tongue. Sorryâ€¦ where was I? Ah right. Iâ€™ll try to explain where weâ€™re at right now, for my benefit as well as yours.

Read the rest of this entry »

Bash Batch Image Processing Script

Actually, it’s just a simple (well, somewhat simple) set of bash functions all put together in one script with a menu (of sorts) to help you work on batches (entire directories) of images, all at once. I do some web design, and I like to take digital pictures, and have thousands of them. While uploading images to some fancy photo gallery software is fine for a few images, I wanted to harness the power of Linux and Imagemagick to create something that could be run from a command line on images on a server that didn’t use X, and that could run very fast and without interaction if I wanted it to, or that could accept user input.

Why bash? Well, because I like bash, and am still learning how to use it, and it seemed like a good idea at the time. So, while I know of other projects that do this, I don’t know of any that use bash. I could be wrong, there very well could be a bash script that does all this already, but it’s good practical experience anyway. I’ve seen some that use perl, some that use c and some that use python, but never anything very large using bash. Bash comes installed with almost every major Linux system, so there wouldn’t be the need for php, perl, python, or even the use of a compiler to run it. Just about the only needed application is Imagemagick. Talk about simple

Read the rest of this entry »

What can be done after ARP poisoning?

To protect yourself from security threats, you have to at least know what security threats that happens and how it could harmful to you. In what network environment, you are susceptible to hackerâ€™s attack, spoof, phishers. You have to understand what attacks they can performs, what tools they have used and experience the same tools and techniques that are used against you.

ARP (Address Resolution Protocol)
ARP is a network protocol that use to queries MAC address of an IP, so that data packets can be send across the network through data link layer.

We usually Identify a host through IP, that is under network layer of OSI, but the actual communication between hardware devices (in this case, network adapter) are identify by MAC address. IP is susceptible to change, but MAC address are usually unique (this is actually not the case, so many network cards with no-license are selling everywhere).

Therefore, in order to communicate to a host with only IP known, we need to broadcast the ARP request to the networks, and the one with that specified IP will response back. Let say:

Host A wants to talk to Host B, will broadcast ARP request with Host A MAC address, Host A IP address and also Host B IP address. When host B receives the ARP request, it will response back itâ€™s MAC address to Host A.

While receiving the ARP response, Host A will map the Host IP and MAC to ARP cache table. Lets try to command to experience the process of ARP.

Read the rest of this entry »

Write an Online Bulk Image Downloader Using BASH

So my girlfriend tells me that I need to download several large image files from a photographer’s website. I manage her online portfolio/website so I’m used to these types of requests… but this time I was going to find a better way to “leech them all.” So anyway, she IM’s me the URL for her most recent shoot…

I was greeted by a nice default Apache index page (and the Photog spelled her name wrong, ugh).

How am i going to grab about 70, five or seven megabyte, image files?

I could click each one and then save it or I could use the Unlinker Firefox Add-On to convert all the links to images. The latter would load all 350MB of photos on the one page. Most certainly my FX-55 single core processor and 1gb of DDR RAM wouldn’t appreciate that very much.

Being the huge open source fan that I am I decided to write a Bash script to accomplish this without hogging up all my computer’s resources. If you manage to know the first image filename and the last image filename in a particular folder, you can download them using seq command with a Bash do loop. Let’s say the first image and the last image’s name is in this format:

http://photographer.com/jenn_thomas/full_size/JT_0019.jpg

http://photographer.com/jenn_thomas/full_size/JT_1214.jpg

we can assume the images between them should be 0020, 0021, 0022, and so on, until 1214. Therefore a simple Bash script will looks like this:

#!/bin/bash for i in `seq -f"%04g" 19 1214` do wget -c "http://photographer.com/jenn_thomas/full_size/JT_$i.jpg" done

Seq allows you to define printf-like formating by specified with -f”%04g” is actually tells seq I got four digits, fill the blank digits with 0, and the range is from 19 to 1214. After that, use wget to download them. That’s how I got JT_0353.jpg at the top of this post. Pretty simple isn’t it?

You can run Bash scripts under a windows platform too if you have Cygwin installed. But bare in mind, not all images are download-able with this technique. Certain site pad the image’s filename with some random characters, that prevent downloads by this simple script.

UPDATE: A reader suggested using Curl as an alternative:

curl -o JT_01_#1 http://photographer.com/jenn_thomas/full_size/JT_[0019-1214].jpg

Link to Jenn’s Website

No-Fly list circumvented by using middle name

A government program set up to remove innocent people from terrorism no-fly and watch lists has been ineffective and riddled with problems, travelers and congressional leaders say.

The Department of Homeland Security’s Traveler Redress Inquiry Program, or TRIP, was started almost a year ago to clear people routinely subjected to extra airport-security screening and even detention simply because their names were confused with those on the government’s voluminous terrorism watch lists. The lists now contain more than 700,000 records and include many names as common as John Thompson and James Wilson.

But travelers say TRIP has done little to ease their security hassles. They complain that government officials have been unresponsive and offer little information even when they do answer inquiries. And travelers who have been told they have been placed on a “cleared” list find themselves still subjected to added security procedures, unable to pre-print boarding passes for airline flights or use kiosks at airports, for example. Then, after waiting in line to check in, they find themselves trapped in a Catch-22 of long waits while supervisors probe their identity and status on the “cleared” list — just to avoid the delay of being selected for additional screening at checkpoints.

All blue-eyed humans have common ancestor

New research shows that people with blue eyes have a single, common ancestor. A team at the University of Copenhagen have tracked down a genetic mutation which took place 6-10,000 years ago and is the cause of the eye colour of all blue-eyed humans alive on the planet today.

â€œOriginally, we all had brown eyesâ€, said Professor Eiberg from the Department of Cellular and Molecular Medicine. â€œBut a genetic mutation affecting the OCA2 gene in our chromosomes resulted in the creation of a â€œswitchâ€, which literally â€œturned offâ€ the ability to produce brown eyesâ€. The OCA2 gene codes for the so-called P protein, which is involved in the production of melanin, the pigment that gives colour to our hair, eyes and skin. The â€œswitchâ€, which is located in the gene adjacent to OCA2 does not, however, turn off the gene entirely, but rather limits its action to reducing the production of melanin in the iris â€“ effectively â€œdilutingâ€ brown eyes to blue. The switchâ€™s effect on OCA2 is very specific therefore. If the OCA2 gene had been completely destroyed or turned off, human beings would be without melanin in their hair, eyes or skin colour â€“ a condition known as albinism.

Read the rest of this entry »