Conspiracy Theory Warning! A fun video to help pass the time during the snowfall. I had no idea how far back the Bush family stretches. Come to your own conclusions.
The issue is that our SSN was neither designed to be a private number nor something for other organizations to use to identify someone. It’s unfortunate how it’s now used for that and that basically with it, you can take over almost anyone’s accounts. Bruce Schneier talks about using a SSN as ID in his book “Beyond Fear”. I don’t have it on me right now, but the real point was that it was never designed to be used as a form of authentication. Currently, it is used as a form of authentication (proving you are who you say you are), but knowing a single 9-digit number that never changes is hardly proof of your identity. As has been made obvious, somebody merely needs your name and SSN and they can claim to be you. Also, since the SSN isn’t designed to be changed (and is often used as a unique identifier in places where it would be difficult or impossible to change), it is extremely difficult to recover from it being misappropriated. It’s being used to serve the same purpose as a password, and yet it’s neither secret nor changeable.
A truly good authenticator needs to give no more information than it is given. For example, a challenge-response mechanism never divulges any secret, but it does confirm that you know the secret (though it requires the other party know it too). There also needs to be some way to verify the validity of an authenticator. It’s easy to create a counterfeit driver’s license (ask anybody under legal drinking age) and it’s trivial to create a counterfeit SSN card. There needs to be a way that anybody can verify that your authenticator is real and has been properly assigned to you.
The worst part though is using a SSN as an identifier, instead of a student number, health plan number, or other such identifier. Identification is one job, authentication is another. By combining the two, the authentication is lost and only the identification remains. As others have said, when everybody uses a SSN as identification (and authentication), the only thing you need to get a hold of is a person’s SSN to take over their life.
Below is a great article from Time Magazine about a Verizon customer that wants to open an account without giving the Telco their personal information.
Look, which has already won major kudos on the film festival circuit and will be in theaters this Friday, is sure to be a thought provoking and controversial film. It purports to be made entirely out of surveillance footage shot without the knowledge the people involved.
According to the film’s director Adam Rifkin, 37 states say it’s legal to out video cameras in public dressing rooms. Rifkin seeks to provoke audiences to ask themselves, “Who is watching this footage and who is keeping it safe from public distribution? Who has access to it and for how long? What safeguards exist to make sure highlights of your ass are not making it onto the most viewed list on YouTube?” Check out the trailer to your right for more.
“Who is watching this footage and who is keeping it safe from public distribution? Who has access to it and for how long? What safeguards exist to make sure highlights of YOUR ass are not making it onto the most viewed list on YouTube?”
Windows and Linux command-line utility PWGen generates random, meaningless passwords but uses letter and number combinations that can be pronounced and memorized. Simply typing “pwgen” and hitting Enter will shoot back a screen full of passwords to choose from, helping to prevent shoulder-surfing sneaks, but you can easily hone down and customize the results with a few command-line switches. Those seeking to store and generate more random passwords should check out suites like KeePass, but for low-security applications like websites, PWGen can quickly serve up some helpful nonsense. PWGen is a free download available in many Linux repositories and as a Windows installation at the link below.
German and Chinese researchers have just released a study that explores the world of Chinese commercial cybercrime. The researchers set up virtual PCs running Internet Explorer, then visited nearly 15,000 Chinese websites, deliberately infecting their virtual systems with whatever crapware happened to be running on the system. Then they carefully analyzed the infections as they unfurled and encrappified the virtual instances of Windows, and used the results to reverse-engineer the way that the malware economy runs.
The Virus Writers take care of implementing Web-based and conventional Trojans, and use evasion methods to create covert Trojans, and then they sell the malware and evasion service,” the paper says. “Website Masters/Crackers betray their customers or crack unsafe websites, and sell the visitor traffic of their own or harvested web sites. Envelope Stealers construct a Web-based Trojan network by hosting the bought Web-based and conventional Trojans on compromised computers, and redirect the web site visitors to their Web-based Trojans. When the Web-based Trojan network is ready, the victims who visit the malicious web sites will be redirected to and exploited by the Web-based Trojans, and infected with further conventional Trojans. These Trojans then steal envelopes and virtual assets from the victim’s machine.”
Here’s a brilliant rube goldberg security camera made out of a camera phone, some homebrew circuits and solenoid relays. When the phone is called, it activates the relays, which tap out the “take picture/send picture” sequence on the phone-keypad, which then takes the pic and sends it off. Added bonus: this thing actually looks sinister. If I were god-emperor of the world, all CCTVs would look this alarming, so every time you were in their scrutiny, you’d get that atavistic taste of being surveilled.
The idea is to replace your fingers with the relays and your brain with a microcontroller. Depending on how complex your phone is, i.e. number of different keys to press in order to send a picture, choose your microcontroller accordingly.
My setup uses four outputs (four different keys on the phone) and one input on the microcontroller. It allows me to send a SMS text message (or call) to my hacked phone and it then cycles through the code, clicking its way through the menus, taking photos and returning them to me.
The vulnerability, called the Apple QuickTime RTSP Response Header Stack-Based Buffer Overflow Vulnerability, was first disclosed on Nov. 23rd and still remains unpatched. The vulnerability can be exploited through Internet Explorer, Firefox, Opera, and Safari and effects both Windows and Mac users.
First observed on Saturday, the attacks appear to be aimed at Windows users, but Mac OS users could also be at risk since the QuickTime vulnerability in question affects both operating systems, the alert said. That vulnerability, called the Apple QuickTime RTSP Response Header Stack-Based Buffer Overflow Vulnerability, was first disclosed on Nov. 23 and remains unpatched by Apple.
Researchers have shown that the QuickTime vulnerability affects a range of operating systems, including Windows XP, Windows Vista, MacOS X 10.4, and the recently released MacOS X 10.5, also called Leopard. The vulnerability can be exploited through Internet Explorer, Firefox, Opera, and Safari.
There are two types of attacks underway, Symantec said. In the first, victims’ computers are being redirected from an adult Web site, Ourvoyeur.net, to another Web site that infects the computer with an application called loader.exe, which can be saved to the computer as metasploit.exe, asasa.exe, or syst.exe. Once installed on a computer this application downloads another binary file, which Symantec identified as Hacktool.Rootkit, a set of tools that can be used to break into a system.
Hope this helps anyone out who is confused on where their politician stands.
Hillary: Bring the troops home starting within 60 days of being elected.
Obama: Begin withdrawing our troops engaged in combat operations at a pace of one or two brigades every month, to be completed by the end of next year.
Edwards: Supports the immediate withdrawal of 40,000-50,000 troops from Iraq and the complete withdrawal of all combat troops from Iraq within nine to ten months.
Giuliani: No time-table on troop withdrawal
Romney: Send MORE troops to Iraq, increase redeployment.
Huckabee: Stay in Iraq.
Paul: Pull out of Iraq immediately
Upset teen, JedineKazama, explains to the world what hackers are all about:
On Monday, Sunbelt Software’s security blog revealed that thousands of malware redirects were showing up in search engine results. Network bots designed to post relevant keywords and spam links in various online forms (think forum posts or blog comments) helped attackers claim high-ranking search engine positions for various obscure and seemingly innocuous search terms. According to Sunbelt, two of the thousands of terms were “infinity” and “hospice.” Yeah, that’s cool. Search for hospice information for a sick friend or family member, potentially get your system infected with nasty malware.
On Tuesday, Sunbelt revealed more information about the ill-effects clicking on these fake links could have on a vulnerable system (as a reminder – ALWAYS keep your browser and Internet security tools up to date). Best case scenario – you might end up with one of those annoying toolbars and pop-up ads for fake security software. Worst case? Your computer could be used to generate false-clicks for the attacker’s pay-per click programs (so they infect your system so that you can make them money), or worse still, that bot could load other malware/worms/trojans onto the unprotected system. Further investigation also revealed that these SEO-poisoning attacks were targeted at Google, although other search engines may have also been victim to the attacks.
People probably don’t realize, just how often and in how many ways that total strangers are snooping in their lives. Whether the snooping means are video cameras, cell phones or through the Internet there are thousands of businesses, people and governments all up our personal business and lives.
Every time a person fills out a contest entry, sweepstakes form, survey application or joins an online community, then chances are the personal information that is used to complete these things are sold, rented or shared with second and third parties without our knowledge.
Most reputable companies or websites will have a privacy statement that explains clearly how they will use the personal information that they collect from their members or customers. Not all websites or companies are reputable, so it is extremely wise to read their privacy statements before handing over any revealing or personal information about you to strangers.
Q: Who is king of internet marketing?
Yes, yes, I know, do no evil. In the meantime, Google is slowly building one heck of a user profile database. They’ve got your email, they’ve got your documents, they most likely know your physical address and your phone number. Now they can even triangulate your approximate location in real time via your cell phone. They have the potential to eventually know more about you than you know about yourself but not to worry, they’ll never mis-use any of this information they’re collecting.
The following websites are extremely useful to help stop big brother from snooping into your personal business and private lives.
Think that’s a silly question? Think again. A woman’s choice of operating system (OS) can reveal a lot to the inquisitive man. And with women as famously cryptic as they are, let’s face it: it’d be dumb to turn a blind eye to anything that offers a peek into their innermost thoughts. So let’s analyze what a woman’s choice of Windows, Mac OSX, or Linux really means!
“If Samy Kamkar plays his cards right, he may be allowed to visit MySpace again in just a few months. For the time being, however, he’s not even allowed to touch a computer, following a January 2007 guilty plea for creating what many consider to be the first Web 2.0 worm: the Samy worm.
Samy’s worm wasn’t malicious, but it did force News Corp.’s MySpace social-networking site to shut down in late 2005 after forcing more than 1 million users to declare Samy a “hero” on their profile pages.
Last week, Samy, who is now 21, made his first public appearance since his conviction, attending the OWASP App Sec 2007 conference, hosted by eBay, in San Jose, California. He was treated like a celebrity at the show, but there were some complications. Under the terms of his plea agreement, he can only use computers for work, so he was forced to show slides that he’d dictated to a friend on a computer that was operated by a conference staffer.
It’s not easy being a computer geek cut off from computers, but if Samy remains a model parolee, he could be allowed to use computers again in a couple of months. He talked to IDG News Service about what life has been like since his arrest and what he plans to do as soon as he’s online again.”
Excuse the “Myspace Victim” photo above. I’ve said this on every single “virus/wom writer busted” article, and I’ll continue to do so — a worm or virus that doesn’t actually do any real damage should translate into an instant job offer, NOT a conviction… well in a perfect world. In case you were interested in viewing the XSS code, you can find it, and it’s explanation here.
Samy is my hero.
“What do around 16,000 Google employees stare at in the morning when theyâ€™ve arrived at the office? They might be looking at Moma, the name for the Google intranet. The meaning of the name of â€œMomaâ€ is a mystery even to some of the employees working on it, we heard, but Momaâ€™s mission is prominently displayed on its footer: â€œOrganize Googleâ€™s information and make it accessible and useful to Googlers.â€ A â€œGoogler,â€ as you may know, is what Google employees call themselves (they have other nicknames for specific roles; a noogler is a new Google employee, a gaygler is a gay one, a xoogler is an ex-one, and so on).”
Excellent article/guide to using SSH tunnels to bypass using third pary VPN software. I agree with them on all points. SSH FTW.
In a recent Red Hat Magazine article, Paul Frields gave some examples of how SSH port forwarding can be used to remotely gain access to resources, or ports, from a remote location. This article will show a pragmatic implementation of SSH port forwarding by demonstrating how to use configuration files and conditional statements to create permanent, yet dynamic, SSH configurations for your home, office, and any virtual machines you may have on your systems.
Attention Microsoft/Apple, this is why everyone loves Google.
Just released tonight: Even without GPS, it gets your location automatically via cell phone towers.
Working like a charm on my Treo. Is there anything Google can’t do?
Press “0″ and look for the blue dot: or
If you have a GPS-enabled device, this blue dot corresponds to your GPS location. At times, or if you do not have a GPS-enabled phone, you might see the blue dot surrounded by a light blue circle (as shown on the right) to indicate uncertainty about your location.
Why the uncertainty? The My Location feature takes information broadcast from mobile towers near you to approximate your current location on the map – it’s not GPS, but it comes pretty close (approximately 1000m close, on average). We’re still in beta, but we’re excited to launch this feature and are constantly working to improve our coverage and accuracy.
The My Location feature is available for most web-enabled mobile phones, including Java, BlackBerry, Windows Mobile, and Nokia/Symbian devices.
I’ve been searching for an iTunes Coverflow clone in flash, because one of my client asked me to use something like that for a new project. I finally found something decent… Take a look the following link: http://www.quietlyscheming.com/blog/components/tutorial-displayshelf-component/
Now the above opensource product is built for flex2, so it doesn’t suit our project. Then I found this. It’s pure .fla file, and XML to write data. I think this is the best sample to recreate Coverflow in flash.