Join “My SHC Community” on Sears.com, and the company will install some pretty impressive spyware on your computer:
It seems obvious that privacy is going to be a major point of contention in the near-term future. It’s only going to get hotter as major online services compile huge amounts of data about us, as Open Data advocates push for that data to be freed up for reuse and as more cluster[fudge] incidents like the Facebook Beacon and the AOL search data release hit the public consciousness.
The story in the news this week is about Sears getting caught installing ComScore tracking spyware surreptitiously on customer’s computers. Who knows what it will be next week? Who knows what lurks in the shadows, set to make the news in the coming year or not at all?
I like this photograph because it illustrates how the easiest way to break system security is often to circumvent it rather than defeat it (as is the case with most software vulnerabilities related to insecure coding practices).
Top 10 Secure Coding Practices:
CNN had two different pie charts up at the same time during the Iowa caucuses.
Hereâ€™s the pie chart they put up for the Democrats.
Notice how CNN went out of its way to squeeze Bill Richardsonâ€™s two percent piece into the pie?
Now, look at the Republican pie chart.
Notice the giant void between McCain and Huckabee on the chart? At this point, Ron Paul had 10 percent of the vote. Why isnâ€™t he listed when Bill Richardsonâ€™s two percent makes the Democratic pie? This wouldnâ€™t be so obvious if it hadnâ€™t been preceded by months and months of CNN shunning Ron Paul.
Ugh… Thatâ€™s some poor (READ: biased) journalism.
The Touchmods team have released version 1.0 of SIP-VoIP for the iPod Touch. This hack will allow the Touch to make phone calls over its WiFi connection. Although named version 1.0, it is most certainly still a beta, and will take some special magic on your part to get things going.
Nothing was sacred â€“ not cars, not truckers, not even the stock exchange. Hackers are creative folk, for sure. But some researchers are more imaginative and crafty than others. We’re talking the kind of guys who aren’t content with finding the next bug in Windows or a Cisco router. Instead, they go after the everyday things we take for granted even more than our PCs — our cars, our wireless connections, and (gulp) the electronic financial trading systems that record our stock purchases and other online transactions.
Not that there’s anything wrong with a new Windows or Vista flaw. But you can’t help but secretly admire the ingenuity and persistence it takes to hack something that we hadn’t thought of as hackable — or that maybe that we just didn’t want to think was. These are the kinds of hacks that pierce the mainsteam consciousness: Your mom’s eyes may glaze over when you warn her about the risk of her PC becoming a bot, but you can bet you’ll have her full attention when you show how a hacker could redirect her brand-new car navigation system to a deserted dead end street far from her intended destination.
First of all, whatâ€™s a hash?
A hash is the output of a one-way, reproducible function for creating a small fingerprint from a chunk of data. For example, when the popular hash function MD5 is given the word â€œcatâ€, it produces the following output every time:
If â€œcatâ€ is changed to â€œcatsâ€ the resulting hash is completely different:
No matter how much data the hash function is given, the fingerprint stays the same size. No matter how small the change to the data, the fingerprint will be totally different.
A simple tool called md5sum is used for working with hashes in Linux. It allows hashes to be created and compared using the MD5 hash function. md5sum comes installed by default in Ubuntu and virtually every other Linux distribution. (Itâ€™s part of the GNU core utilities.)
Sometimes linux hosting users need to change the permissions on a folder to use upload scripts or other applications that need this permissions.
With chmod 777 their folder gain the rights: writing / reading and execute for everyone. Malicious hackers like these kind of folders.
How can you protect that folders?
You can turn PHP off on that folder and disable php / html / perl files.
How can it be done?
Create this .htaccess in the folder:
php_flag engine off
<Files ~ “\.(php*|s?p?html|cgi|pl)$”>
deny from all
Thats it, you just increased the security level on this folders.
Correction: The authors of the Netflix de-anonymization study contacted me to point out that they originally published a draft of their results a mere two weeks after Netflix released its dataset. Netflix has known about their study for over a year.
Over the past year, there have been a number of high-profile incidents in which sensitive user data was accidentally revealed to the Internet at large. As a result, I believe that high-tech companies will never again share anonymized data on their users with academic researchers, at least not without requiring contracts and nondisclosure agreements. For the users and privacy advocates, this is probably a good thing. However, for researchers, the scientific community, and Internet users who want cool new technologies, this is almost certainly a change for the worse.
In 2006, Netflix released over 100 million movie ratings made by 500,000 subscribers to their online DVD rental service. The company then offered $1 million to anyone who could improve the company’s system of DVD recommendation. In order to protect its customers’ privacy, Netflix anonymized the data set by removing any personal details.
Researchers announced this week that they were able to de-anonymize the data, by comparing the Netflix data against publicly available ratings on the Internet Movie Database (IMDB). Whoops.
For Internet privacy geeks, this Netflix incident is just another version of an all-too-familiar tale: A well-meaning company releases a large data set of user data, which it has scrubbed to remove any identifying information. Armed with this data set, researchers are able to trace backwards, and match names to the profiles and their online behavior.
Installing libxine-extracodecs will get you the most wide-spread codecs installed, but not all of them. MPlayer, a movie player program for Linux, has support for a big bunch of video and audio formats. Installing them in Linux ( Ubuntu / Fedora / SUSE ) should be as easy as sudo yum (or aptitude) install w32codecs but for some reason it says â€œNo candidate version found for w32codecs.â€ So hereâ€™s 2 methods on how to install them manually:
- Go to the MPlayer Download Page. Scroll down to the Binary Codec Packages section. From the table, select the download link corresponding to your architecture (x86 in my case) and the mirror closest to you. Click on the link to download the codec bundle.
- Unpack the essential-XXXXXXXX.tar.bz2 file you have downloaded and copy the contents to /usr/lib/win32/ (You may need to create the directory first)
$ wget http://www1.mplayerhq.hu/MPlayer/releases/codecs/all-20071007.tar.bz2
$ tar -jxf all-20071007.tar.bz2
$ sudo mkdir -p /usr/local/lib/codecs
$ sudo cp all-20071007/* /usr/local/lib/codecs
$ sudo ln -sf /usr/local/lib/codecs /usr/lib/codecs
$ sudo ln -sf /usr/local/lib/codecs /usr/local/lib/win32
$ sudo ln -sf /usr/local/lib/codecs /usr/lib/win32
$ rm -rf all-20071007
Now MPlayer can play about anything on Earth, as long as it’s not DRM’ed.
Warning: You should proceed with caution using this Howto, if you do not know what you are doing you could damage your relationship with Friend 2.0 or totally break it. Also, using this Howto extensively with multiple Friend 2.0â€™s may damage Life 4.5, and end up as a sorrow lonely geek.
Before attempting to convert Friend to Linux, there are some major tweaks you need to do. If you already done these tweaks and living by them then good for you, if not then doing this is a MUST:
WARNING: Do NOT calculate Pi in binary. It is conjectured that this number is normal, meaning that it contains ALL finite bit strings. If you compute it, you will be guilty of: 1. Copyright infringement (of all books, all short stories, all newspapers, all magazines, all web sites, all music, all movies, and all software, including the complete Windows source code)
2. Trademark infringement
3. Possession of child pornography
4. Espionage (unauthorized possession of top secret information)
5. Possession of DVD-cracking software
6. Possession of threats to the President
7. Possession of everyone’s SSN, everyone’s credit card numbers, everyone’s PIN numbers, everyone’s unlisted phone numbers, and everyone’s passwords
8. Defaming Islam. Not technically illegal, but you’ll have to go into hiding along with Salman Rushdie.
9. Defaming Scientology. Which IS illegal — just ask Keith Henson.Also, your computer will contain all of the nastiest known computer viruses. In fact, all of the nastiest possible computer viruses. Some of the files on my PC are intensely personal, and I for one don’t want you snooping through a copy of them.
You might get away with computing just a few digits, but why risk it? There’s no telling how far into Pi you can go without finding the secret documents about the JFK assassination, a photograph of your neighbor’s six year old daughter doing the nasty with the family dog, or a complete copy of the not-yet-released Star wars movie. So just don’t do it.
The same warning applies to e, the square root of 2, Euler’s constant, Phi, the cosine of any non-zero algebraic number, and the vast majority of all other real numbers.
There’s a reason why these numbers are always computed and shown in decimal, after all.
That is actually kind of funny. But there is a gross assumption that pi is infinite and we can calculate it.
Who says Linux sucks for gaming? Here’s a great list of 25 3D games for Linux. Feel free to add more games and help another Linux users find those great time wasters you love.
To go through the doors of an airport is to enter a strange world where the laws of economics do not apply…
The airline ticket is a curious beast. Itâ€™s yours and yours alone, and unlike a ticket for a music or sports event, it canâ€™t be sold or even given away. You hand it to someone else and it turns to dust. You can rebook or get credit for a future flight through the airline, but unless youâ€™ve paid the top fare the exchange costs are hefty â€” typically about $100 per person.
“But to walk through the doors of a modern airport is to enter into a world of wonders, where normal rules and laws donâ€™t hold sway. And itâ€™s not just the laws of gravity that have been repealed here. Many economic laws donâ€™t apply, either: A four-day car rental is more than a seven-day rental. A one-way trip is more than a round trip. A 45-minute flight to a small airport in the next state costs more than flying clear across the country. Amazing and weird! Just those old roadside attractions touting freakish quirks of magnetism.
Then thereâ€™s the boarding pass I hold in my hand at the T.S.A. portcullis. This is where our power of make-believe needs to be strongest. We present our IDs and boarding passes to the pre-screener, who studies them for minor discrepancies with a gravity suggesting that our documents are the sole barrier keeping Islamo-Fascists out of the cockpit.
We all go along with it. Never mind that my â€œboarding passâ€ is something that I printed out from my computer the night before â€” in fact, the sort of thing easily ginned up by a moderately adept 12-year-old with Photoshop. (Last year a graduate student created an online boarding pass generator so that anyone could print out a fake boarding pass with a few clicks of a mouse. The site vanished after the creator was visited by unamused F.B.I. agents.)”
This is a brief video with Presidential hopeful, Ron Paul and Fox News Interviewer, Neil Cavuto. Mr. Cavuto thought he had Dr. Paul with a random question about racist campaign donations, but Dr. Paul saved all the momentum and delivered a swift kick in the ass. This made my day.
It’s funny how logic always makes people not using it look stupid: “Why should I give him the money back to spread evil when I can use it for good?” Seriously, how can you argue with that kind of logic?
Tom Oâ€™Keefe, an art director based in Boston, is suing American Express and Ogilvy & Mather for allegedly using his trademarked concept for the â€œMy Life My Cardâ€ campaign. According to the press release issued by Oâ€™Keefeâ€™s attorneys, the art director was pitching O&M for work on the campaign. For years, Oâ€™Keefe had used a portfolio, website and other collateral that involves a concept that is similar to the AmEx campaign. He didnâ€™t get the gig, but a year later â€œMy Life, MY Cardâ€ had become the ubiquitous tag line for the advertising campaign.
You be the judge. Similar concepts, but does this constitute trademark violation? A court will ultimately decide if the case has merit. But anyone who has done work in advertising knows that this happens all the time. High-powered agencies cast a wide net for talent, entertain numerous pitches, and all too often creative concepts that originate from outside the agency become part of the mix. And in some cases, end up as part of the campaign.
The problem for American Express is that CGM is an echo chamber and what would otherwise be less than a blip in the media landscape all of a sudden gets legs – blogs pick it up, readers â€œdiggâ€ it, discussions take off in forums. This layer of CGM now intercepts customers searching for â€œMy Life, My Cardâ€ in search engines. American Express continues to invest heavily in the campaign and they drive a significant amount of search traffic. For example, a consumer who sees the hilarious Wes Anderson ad on TV may type â€œmy life my cardâ€ in Google to find the YouTube clip and share it with friends. In the top ten search results, there are a number of articles about lawsuits filed against American Express for similar claims in the past. Now the brand experience becomes more than the Wes Anderson ad – now the dialog about the brand, the campaign, and the card involves the lawsuit.