Recent Entries in Hacking

Geez. Dudes. Remember that Tor isn't an end-to-end encryption system.

Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise

Under Tor's architecture, administrators at the entry point can identify the user's IP address, but can't read the content of the user's correspondence or know its final destination. Each node in the network thereafter only knows the node from which it received the traffic, and it peels off a layer of encryption to reveal the next node to which it must forward the connection. (Tor stands for "The Onion Router.")

But Tor has a known weakness: The last node through which traffic passes in the network has to decrypt the communication before delivering it to its final destination. Someone operating that node can see the communication passing through this server.

The Tor website includes a diagram showing that the last leg of traffic is not encrypted, and also warns users that "the guy running the exit node can read the bytes that come in and out of there." But Egerstad says that most users appear to have missed or ignored this information.

Also cool.

* Ten Free Services To Send Self-Destructing Emails Which Expire/Disappear Automatically After Specified Time Interval *by* Tech[dot]Blog

Whatis defines Self-destructing email as an electronic mail that vanishes or becomes unreadable after a certain length of time or upon the request of the sender. They also help prevent printing, copying, forwarding, and saving of the email sent and auto expire after a predefined interval.

An embarassing email sent years ago might come to haunt you today just when you thought it must have been deleted permanently. Self Destructing emails delete the original message once it has been read by the recipient. While they are not completely fool proof, for example, someone can take a photo of the message with the camera, the record on the Internet does not remain.

Actually, a good list. Some things I hadn't thought of.

How to access blocked websites - Top 10 - WebStuffScan - Scanning the Web for the good stuff!

6. Use a public Proxy server - There are many free proxy servers out in the Web. Note that in order to use these you have to change internet connection settings in Internet Explorer or whatever browser you use. This is one such list.

Scan This Guy's E-Passport and Watch Your System Crash

A German security researcher who demonstrated last year that he could clone the computer chip in an electronic passport has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them.

Lukas Grunwald, an RFID expert who has served as an e-passport consultant to the German parliament, says the security flaws allow someone to seize and clone the fingerprint image stored on the biometric e-passport, and to create a specially coded chip that attacks e-passport readers that attempt to scan it.

This is just another good example of how unsafe we are post-911.

My Encounter with the TSA

So what lesson did I learn today? I knew from the Mooninites Scare of 2007 that D sized batteries were considered by security personnel to be dangerous items. However, there were no blinking Christmas lights connected to these batteries, just a glued circuit board. I was all eager to draw out a schematic and explain to someone how a switching regulator works, but these people wouldn't have understood it.

They wouldn't have grasped that the spare battery for my laptop was far more dangerous than the iPod charger. A dead short of the MintyBoost! would produce a little heat (maybe 4 watts total), a dead short of the laptop battery would likely cause an explosion of the battery.... and I had two of them fully charged.

Well, it's about time. Where do I sign up?

Michael Geist - CRTC Releases Do-Not-Call Registry Rules

Some of the key points in the just-released rules:
  • Canadians will be able to register their number by phone, fax, or online (up to three numbers on the Web)
  • there will be a 31 day grace period for organizations to implement a do-not-call request
  • the CRTC rejected a request from the financial services industry to include a new exception for personal referrals
  • all exempted organizations (political parties, pollsters, newspapers, charities, businesses with prior relationship) will be required to maintain their own do-not-call registries
  • there will be no cost to register phone numbers on the registry. The registry will instead be funded by requiring telemarketers to pay a subscription fee to ensure they have a "clean" list
  • Canadians can register on their own or select someone to add their number on their behalf
  • there will be a renewal requirement every three years for registered numbers
  • organizations can still contact a number registered on the do-not-call list if the person has provided their express consent to do so
  • telemarketers will be prohibited from sharing the do-not-call list with others
  • Canadians must file complaints within 14 days
  • there are no penalties on Canadians for making a false complaint about a do-not-call registry violation
  • the CRTC will make violations public
  • the phone companies have been ordered to raise public awareness about how Canadians can register their numbers on the do-not-call registry

Telus has ordered YouTube to take down some fair-use news reports that are critical of its union negotiations.

Here's a link to a CTV news report about Telus. Maybe they should be suing CTV for initially broadcasting it.

Michael Geist - Is Telus Overreaching With YouTube Copyright Claims?

A blog reader points to a site listing more than a dozen videos posted on YouTube that Telus has demanded be removed due to copyright concerns. While there are several videos that may indeed be subject to Telus copyright, many others appear to merely involve union videos that surely do not contain Telus copyrighted content. For example, the site notes a news report for which Telus claimed copyright ownership with YouTube. If this is a case of overreaching, it is particularly unfortunate given that Telus has been a vocal opponent of the very notice-and-takedown system that it now uses, having argued that the U.S. system leads to a "voluminous level of automated, illegitimate and time-wasting claims."

That was evidenced by the 409 people who clicked on an ad that offers infection for those with virus-free PCs. The ad, run by a person who identifies himself as security professional Didier Stevens, reads like this:

Drive-By Download
Is your PC virus-free?
Get it infected here!

Stevens, who says he works for Contraste Europe, a branch of the IT consultancy The Contraste Group, has been running his Google Adwords campaign for six months now and has received 409 hits. Stevens has done similar research in the past, such as finding out how easy it is to land on a drive-by download site when doing a Google search.

Hundreds Click on 'Click Here to Get Infected' Ad

I am a sucker for interesting mods.

We built this system because with all the oil cooled projects out there, no one built a system that looked good and functioned well! After seeing all the other projects, we had a lot of ideas of how we could do it better and more easily. Many projects used vegetable oil, which would go rancid after a short time. The mineral oil does not have this problem, and is completely clear. We also wanted to use an appropriate enclosure -- the Toms Hardware system used a clear acrylic case, and they had to painstakingly seal each rear connector to keep the oil from leaking.

Dun Dun Duh... Crime of the century

Proposed Crime of the Century: Attempted Copyright Infringement

A bill authored by Attorney General Alberto Gonzales that would stiffen criminal penalties in copyright cases has sparked a furor, but if history is any indication it may face a tough haul in Congress.

Before the Intellectual Property Protection Act of 2007 can even go to Congress, it will need to be sponsored by a member of the House or Senate. The Justice Department has yet to find a sponsor, although it's hoping that a meeting with Hill staffers will flush one out. And while the DOJ claims to have bipartisan support for its bill, a similar measure introduced last year failed to make it to a vote.

"We're still reviewing the bill, but based on our initial review, we have some concerns," said Corynne McSherry, a staff attorney with the Electronic Frontier Foundation. "One of our biggest concerns is that it criminalizes attempted copyright infringement."

McSherry said this is unprecedented in copyright law, and noted that the bill is ambiguous: "Itâ..s not totally clear what would count as attempting copyright infringement."

Government employees in Ontario can no longer access Facebook, the popular social networking website, on their computers.

To the chagrin of some of the thousands of workers -- including Liberal aides, backbenchers and cabinet ministers -- the 21-million member site is now blocked by the provincial ban.

As of Tuesday, when workers tried to access the site, they were greeted with the same "access denied" message that pops up if someone tries to access a pornography site, according to the Toronto Star.

Facebook is the latest website to be banned by the province, joining YouTube, online poker gambling websites and hardcore sex sites, Government Services Minister Gerry Phillips told the Star. | Ont. government employees blocked from Facebook

Last night, underwent a user rebellion. Digg removed many posts -- and terminated the accounts of some of its users -- for posting a 16-digit hexadecimal number that is used to lock up HD-DVD movies. The number -- a "processing key" -- was discovered by Doom9 message-board poster muslix64, who was frustrated by his inability to play his lawfully purchased HD-DVD movies because of failure in the anti-copying system.

The AACS Licensing Authority, which controls the anti-copying technology underlying HD-DVD, sent out hundreds of legal threats to sites that had posted the key, including Digg. It appears that Digg took a pro-active stance and began to seek out new examples of the key and delete them immediately, instead of waiting for notice from the AACS-LA. It's likely that their lawyers advised them to take this course of action, since the penalties for posting "circumvention devices" can be stiff.

At 9PM last night, Kevin Rose, Digg's founder, posted about this on the Digg blog, and said that he would no longer take material down, even though it could very well cost him the site. It's a brave stance, and it seems to have quieted the Digg users' protests.

Boing Boing: Digg users revolt over AACS key

Did you know that you could get into really big trouble if you post the code beginning with 09 F9 11 02 on your website ? It is very likely that a takedown notice will be send to the owner of the website as soon as the RIAA, the AACS or some of their lawyers find your website. You might be wondering why they are making such a big deal about this code that continues to be 9D 74 E3 5B D8 41 56 C5 which only some users might identify as the code to rule them all.. aka the processing key that unlocks the content of every HD-DVD available up to this point.

09 F9 11 02 T-Shirt | gHacks tech news

Net neutrality advocates regularly point to traffic shaping as a concern since they fear that Rogers could limit bandwidth to competing content or services. In response to the packet shaping approach, many file sharing applications now employ encryption to make it difficult to detect the contents of data packets. This has led to a technical "cat and mouse" game, with Rogers now one of the only ISPs in the world to simply degrade encrypted traffic.

This raises many issues but I would like to focus on just two in this posting. First, not only is BitTorrent legal in Canada, but a growing percentage of the file swapping on BitTorrent clients is authorized. This includes a substantial amount of open source software development, independent films, and other large files. By reducing the bandwidth available for this application, Rogers is impairing the ability for Canadian artists to distribute their work and hampering the development of open source software in Canada. Moreover, this could lead to a situation where Rogers' own content is unfairly advantaged over competing content.

Michael Geist - The Unintended Consequences of Rogers' Packet Shaping

The U.S. accounted for 31 percent of malicious activity originating from computer networks, while 10 percent came from China and 7 percent from Germany, Symantec said in its Internet Security Threat Report.

The company also found that 51 percent of all known servers used by attackers to buy or sell stolen personal information, such as credit card or bank account numbers, are located in the U.S.

U.S.-based credit cards, with accompanying verification numbers, were found to be selling for $1 to $6 each on these servers. But a more thorough roundup of personal-identification data--including a person's birthdate and banking, credit card and government-issued identification numbers--fetched $14 to $18, the report noted.

Report: U.S. most prolific source of online attacks | Tech News on ZDNet

  "We Haven't Sued Anyone"

As for CRIA's Graham Henderson, he said that they haven't sued anyone. That surely comes as news to the 29 alleged file sharers who were sued in 2004 as well as to federal court judges who ruled in the case. Perhaps what Henderson meant to say is that the Canadian music lobby group hasn't sued anyone successfully.

Michael Geist - "We Haven't Sued Anyone"

A Texas judge has dismissed a lawsuit against MySpace that had blamed the popular Web site for not establishing enough safeguards to protect underage users.

The family of an underage girl -- referred to as "Julie Doe" in the lawsuit -- had sued MySpace last year after she lied about her age and was sexually assaulted by a man she met on MySpace.

But U.S. District Judge Sam Sparks ruled Wednesday that MySpace, like other online forums, should not be held responsible for what happened. "If anyone had a duty to protect Julie Doe, it was her parents, not MySpace," he wrote.

MySpace suit dismissed by judge in Texas / Family said site didn't protect underage users

The bill, dubbed the Safety Act by sponsor Lamar Smith, a republican congressman from Texas, would impose fines and a prison term of one year on ISPs which failed to keep full records. (emphasis mine)
This is a terrifying development and it must be stopped before it gains any significant momentum. Background, Action items and contact information below the fold.

Under the guise of reducing child pornography, the SAFETY (Stopping Adults Facilitating the Exploitation of Today's Youth Act) Act is currently the gravest threat to digital privacy rights on the Internet. Given the increasing tendency of people, especially young people, to use the Internet as a primary means of communications, this measure would effect nearly all Americans in ways we are only beginning to understand. Also, given the fact that the Act requires all Internet Service Providers to record the web surfing activity of all Internet users, this amounts to the warrantless wiretapping of the entire Internet.

Amazingly, although the bill was introduced and referred to the House Judiciary Committee on Tuesday Feb. 6, it has been virtually ignored by both the corporate media and major blogs alike. By combining such draconian legislation with several child pornography measures, Smith is trying to pull a fast one on the Judiciary Committee and on the democratically controlled Congress as a whole.

Action: Congress wants to monitor all Emails, IMs, Etc. | The Agonist

Stipulate that Jim Moore holds all rights in his video, and Viacom none. And stipulate further that Jim Moore is far from alone. One presumes that Viacomâ..s argument is that they did not issue these misrepresentative notices â..knowingly.â. I wonder how many home videos have to have been caught up â.. and taken down â.. in this sweep before one could say that it was â..knowingâ. on the part of Viacom? Combine that with the mash-ups that may include some of Viacomâ..s material, but where a fair use analysis will vindicate the alleged infringer. Could a human being have looked at each of these 100,000 videos? Might a court say: â..You ought to have known that if you crank these notices out automatically and not checking each one, you must know thereâ..s some non-infringing material in thereâ.?

John Palfrey - Blog Archive - How Many Jim Moores Are Out There? Viacomâ..s Cease and Desist Letters â.¦ for Home Videos?

About Me

About the Blogger

I suppose if you've been reading my site for any length of time, you're probably curious to know who I am, and why I think people will read my blog. Online, I'm known as Zuckervati, mostly because it's easy...
» More ...

Mailing List Signup

What? There's a mailing list?

Sign up for the Mailing List

Follow Me on Twitter

Recent Entries

Tag Cloud

politik / film / video / skeptic / cewl / techno / humour / haxors / nosh / can-con / gaming / religion / weird / sex / funny / eco / music / stupid / photos / cocktails / George Bush / blogosphere / flickr / travel / evolution / politics / creationism / creationist / mobile / awful / photography / Star Wars / awesome / geek / bartending / coffee / drinking / mixology / alcohol / liquor / bartender / cocktail recipe / cats / food / Savoy Cocktail Book / science / Lovecraft / books / parody / Cthulhu / articles / TV / pets / John McCain / Movable Type / promos / cartoons / sci-fi / Canada / Radio Zuckervati / cool / Roger Ebert / system / atheism / comics / reviews / technology / writing / zombies / anime / anonymous / MMO / Star Trek / television / Alinea / animation / Batman / Futurama / Halloween / horror

Twitter Stream

D H McKee's bookshelf: to-read

Sunset and Sawdust
tagged: to-read
The Thicket
tagged: to-read
tagged: to-read