Basically, it fires a bolt of lightning. It can be tuned to blow up explosives, possibly to stop vehicles and certainly to buzz people. The strike can be made to feel as gentle as "broom bristles" or cranked up to deliver a paralyzing jolt that "takes a few minutes to wear off."

Bitar, who is of Arab descent, believes StunStrike would be particularly intimidating in the Middle East because, he contends, people there are especially afraid of lightning.

At present, StunStrike is a 20-foot tower that can zap things up to 28 feet away. The next step is to shrink it so it could be wielded by troops and used in civilian locales like airplane cabins or building entrances.

Sweeeeeeeeeeeeeeeeeet!

Real life Red Alert Tesla Coil?

A post on BroadBand reports by Eric Howes is reporting that a number of Claria programs are set to a default action of “Ignore” in Microsoft Antispyware.

What this means is that while Microsoft Antispyware will still find Claria adware, in most cases, it will have a recommended action of “Ignore” (versus “Quarantine” or “Remove”). I'm not talking cookies, I'm talking the actual adware programs.

How "Soylent Green" is this shit?

-Microsoft makes a technology (ActiveX) with a bad/user-confusing security model which fosters spyware/adware installations.

-Microsoft makes a rather crappy web browser, whose crufty 1997 era security concepts allows said technology to easily and unsuspectingly be installed in the first place

-Microsoft then creates software to find and remove the very adware their products allows to exist! They graciously make this product free (for now?).

-Microsoft is in serious talk to *BUY* one of the companies that makes money off *INFECTING* people with said technology.

-Microsoft modifies its spyware/adware detection tool so that tool by default *IGNORES* the spyware/adware product of the very company it wants to buy.

Microsoft/Claria Shenanigans

URLParser is a Java class to parse out the different fields of a URL. The parser included in Java's URL class is painfully bad. Not only does it not allow access to all the different URL fields, but does not return the proper information for getPath() or getFile()!
URLParser allows access to the following fields:

* Protocol
* Username
* Password
* Hostname
* Port number
* Path
* Filename
* Query String
* Fragment

Here is a screen shot showing the differences between Java's parser and mine.

Most Significat Bit Labs :: URLParser

Having spent a good 1/2 hour reading this, I am not convinced we need it. The basic idea is we need a single place to put domain names for all these VoIP and other communications devices.

I'm more interested in allocation of address space to these devices instead of domain names. These devices *must* have globally unique addresses. CIDR, NAT and other technologies that have slowed the consumption of IPv4 address won't help you here.

.tel sTLD RFP Application

RFC 1738, 1808, 2396... FUCK!

The wording about what are valid or reserved characters in various parts of the URL contradicts itself multiple times across RFCs.

Do you have any idea how complex the grammar is to parse a URL?

[proto]:[maybe //][user]:[maybe pass but only if user is there][@ and remember empty user,pass is different than no user pass][host]:[maybe port who the hell knows]/[path which can have all sorts of fucked up characters]/[file, or maybe they are just screwing with you]?[doesn't have to have anything even with a ?, regardless these can be completely different reserved characters than those reserved in the path!]#[maybe nothing, maybe something]

That man is a sadist! From RFC1738:

For resiliency, programs interpreting URLs should treat upper case letters as equivalent to lower case in scheme names (e.g., allow "HTTP" as well as "http").

Yep, schemes are case insensitive, so are hostnames. Then he throws a curveball, because path names are case sensitive (because, as TBL reasons some schemes translate that to a file heirarchy). query strings? Well hell, those can be case insensitive. Can be? WTF is can be? Who would ever want to code an application with case sensitive searches hmmmmmm?

Of course, it never says that # isn't a valid path character. But it is!

I've got a state machine with 6 states, and that just gets me to the path!

[grinds teeth].... happythoughtshappythoughtshappythoughts

AES-Crypt

aes-crypt is a Java program to encrypt files using the AES algorithm with 128 bit keys. These keys are created by taking the MD5 hash of a word or phrase. It is part of a larger toolkit that will be released soon.

aes-crypt requires Java Runtime Enviroment (JRE) 1.5 or greater to be installed. You may download the JRE from Sun's website.

aes-crypt is released under the BSD License. See LICENSE for more details.

Fun Java project that I spun out of a Toolkit I'll be releasing at Phreaknic 9.

Most Significat Bit Labs :: AES-Crypt

Sun Ultra 3 Mobile Workstations deliver all the performance and functionality of a Sun Blade workstation in a mobile form factor.

Key Features

* 64-Bit UltraSPARC Processors.
* Solaris Operating Environment.
* 802.11b wireless networking.
* 15-inch and 17-inch TFT LCD displays.

Specifications

* Processor : 550 MHz or 650 MHz UltraSPARC IIi processor or 1.28 GHz UltraSPARC IIIi processor
* Main Memory : Up to 2 GB DRAM, error correction SDRAM
* Internal disk : 80 GB IDE or 73 GB UltraSCSI internal disk storage

Holy Christ! The battery life must blow!

Sun Laptops

Secunia Research has discovered a vulnerability in various browsers, which can be exploited by malicious web sites to spoof dialog boxes.

The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site.

Here is a full summary of the attack:

-Standard Anchor tag in some original page has http://www.victim.com in HREF attribute. Clicking on it opens link as normal, in tab, new window, whatever.

-Anchor tag also has an ONCLICK attribute, that runs some javascript when clicked

-Javascript opens a very small attackwindow off the completely off the screen (varies with browsers).

-The page opened in attack can be located anywhere on the Internet. It has a reference to original (which called it) gives original focus, thereby hiding attack from user's view.

-attack uses timer to wait some specified value. Duringthis time http://www.victim.com finishes loading into normal. attack then opens a dialog box.

-If the user hasn't gone crazy switching windows, tabs, etc. normal should be the top most window, with a dialog box from
attack floating on it. attack is hidden off screen or under everything.

-Any info user enters into this dialog can be processed by attack, since it spawned the box!

Acidus' Assessment: Cool, but not dangerous. You are very limited in Javascript about the types of dialog boxes you can open for the user. None of them even remotely look like an authenication box, and only one input field can be on a dialog. To get a username password you would have to pop 2 windows sequentially. Very suspect.

Exploitable Dialog Vulnerablity? Not really!

The Anatomy of a Large-Scale Hypertextual Web Search Engine
Sergey Brin and Lawrence Page
{sergey, page}@cs.stanford.edu
Computer Science Department, Stanford University, Stanford, CA 94305
Abstract

In this paper, we present Google, a prototype of a large-scale search engine which makes heavy use of the structure present in hypertext.

Brin and Page's original paper about Google while grad students at Stanford. Good reference for understanding how spiders/crawlers index, how you can search massive amounts of data efficently, etc.

The Anatomy of a Large-Scale Hypertextual Web Search Engine

Some bad shit on the Connector today. Luckily Georgia Navigator (best, traffic reports, ever) now has RSS feeds about traffic incidents.

Georgia Traffic as RSS Feed