UM, yeah, this is an autonomous robot that goes around cracking wifi passwords. Once it cracks a password it triangulates the person who is transmitting it, drives up to you, and shows you your password on a big LCD screen. Promptly you begin to kick it. Thats why these guys need to talk to the people at battlebots.

ToorCon Pics: Hackerbot

] A computer security expert who contributed to a paper
] deeply critical of Microsoft has been dismissed by his employer,
] a consulting company that works closely with the software giant.

[Politech] Dan Geer loses CTO job at AtStake after criticizing Microsoft

] Whenever someone thinks that they can replace SSL/SSH
] with something much better that they designed this morning
] over coffee, their computer speakers should generate some
] sort of penis-shaped sound wave and plunge it repeatedly
] into their skulls until they achieve enlightenment.

Problems with popular open source VPN tools

] Using this very web site, you can very easily send Lover Spy
] as an e-greeting card.
]
] The e-card looks just like a normal e-greeting card sent
] via e-mail. When opened, it will display a graphic
] of your choice, whether it be romantic flowers, a funny
] e-joke, or kittens.
]
] But silently, this e-card will secretly install our
] award-winning spy software on their PC !
]
] Immediately, an exact copy of all their e-mails, Hotmail,
] Yahoo, AOL, Outlook, Excite, all their actual Passwords (not
] just what they type), and passwords typed into the web
] browser, everything they Type in all programs,
] all their Chat Conversations on-line, every Web Site they
] visit, and much more, is forwarded to your
] e-mail address

U: Every few weeks I get an email from someone
who is looking for this software, found this link via a Google
search, and wants to know if I know where to find it.

A few thoughts:

1. As far as I know, you are getting this link instead of the original
company because the original company is gone.

2. Given the illegal nature of this company's product (delivering
software via an ecard without the consent of the user is illegal),
and the illegal way that they marketed it (on URLS that
are misspellings of trademarks like Google), I would be surprised
if it actually worked as advertised (why sell what you claim to be
selling when everything else is illegal anyway?).

3. In any event, given the nature of this business, and the amount
of press coverage this product received, it is almost certain
that these folks were the subject of legal action from multiple
sources, both civil and criminal.

4. If you are interested in using such a product you might want to
consider whether the course of action that your are pursuing is
really going to be the best way to get the things that you ultimately
seek in life.

Lover Spy Software - Send someone a key logging ecard...

] DIEBOLD ALERT
]
] All files yanked by webhost at request of Diebold,
] Inc.
] A copy of the email is below. I received this 28 hours
] after the now-vanished files went live.
] While I am not a legal professional in any way, I firmly
] believe that these files, while copyrighted, carry
] credible evidence of illegal vote-accessing activity
] and thus are not covered under the DCMA due to the "dirty
] hands" defense, which disallows an entity seeking
] damages in cases involving illegal activities
] connected to that which is being protected.

Diebold sueing away the truth...

] A wealthy businessman helping the Ohio Republican Party
] try to win the state in 2004 for President Bush also is
] the head of a company competing for a state contract to
] sell voting machines.
]
] Walden O'Dell, chief executive of Diebold Inc., told
] Republicans in an Aug. 14 fund-raising letter that he is
] ``committed to helping Ohio deliver its electoral votes
] to the president next year.''

Watch the bouncing ball here. The mainstream press has widely discredited the security analysis of the Diebold's machines because the person that performed it is on the board at a competing company. On the other hand, there is hardly a peep about this. There are 9 links on google news from 6 outlets, 4 small local news stations, and two leftist journals.

Want undeniable proof of press culpability, compare a google news search for "Walden O'Dell" with "Avi Rubin votehere" Not all of the Avi Rubin stories are critical, but we're talking about 63 to 9 here. Furthermore, consider the impact that the blaster worm stories have had on the American mindset. We may not say "this kid created the blaster worm" but we build that association in your head anyway.

The AJC: "Furor over the report was partly defused when the lead researcher acknowledged this week that he failed to disclose that he had stock options in VoteHere, a company that competes with Diebold in the voting-software market, and was a member of VoteHere's technical advisory board."

From ABC: Diebold officials said they were "shocked and disappointed" by Rubin's admissions.

"Diebold Election Systems has consistently questioned the conclusions drawn by the Johns Hopkins-issued report," the company said in a statement. "It is now clear, by Mr. Rubin's own admission, that questions of bias must be considered."

Diebold appears to have conflict

] What happened specifically is now -- it's against
] the law to start counting the votes before the polls have
] closed. But this file is date and time stamped at 3:31 in
] the afternoon on election day, and somehow all 57
] precincts managed to call home add them themselves up in
] the middle of the day. Not only once but three times. If
] you have no electronic communications between the polling
] places and the main office, how does that happen? Because
] what would you literally have to do is you would have to
] shut down the polling place in 57 places at once and get
] in a car and drive this card into the county office.
] That's not going to happen.

The voting machines have modems. (Or at least, it appears that way...)

The leader of the movement against electronic voting machines says she has a smoking gun.

Jeremy wrote:
] If you are unable to actually solve your problems, you can at
] least generate a lot of paperwork to document those failures
] for posterity.

I tend to agree. These problems are not the result of negligence. They are the result of complexity. Clearly the standards for handling all of this stuff are not "stable" enough to warrant the kind of controls that are possible in the automotive industry. These rules would create barrriers to entry for small companies (which is why Microsoft likes them), but would do little to improve the situation (this code is already subject to review).

Security is a systemic problem and it requires a systemic solution. The original White House plan emboddied the right kind of approach and I don't think we should change course in a reactionary way. I still haven't seen the stuff in the WhiteHouse strategy come down the pipe ::

1. Government systems should be audited and subject to stringent standards.
2. Essential non-goverment systems should also be subject to standards. The existing HIPPA regulations are not an unreasonable starting point.
3. There ought to be clearing houses for information about vulnerabilities and good administrative practices.
4. Network service providers should be required to implement certain basic restrictions, such as anti-spoofing filters on the network's edge. We ought to offer tax subsidies and liability shelters to ISPs that "keep there house clean" in terms of scanning their customer's networks, running IDS systems, and moving "owned" customer machines off of the internet until they can be repaired.
5. This stuff ought to trickle down all the way to the home user. Home computer users ought to get messages from Tom Ridge telling them to keep their patches up to date. Your personal internet security status impacts all of us.

Implicit in all of this mostly educational effort ought to be the message that computer security, much like preventing forest fires, is everybody's job. You ought to think about it.

We need to train people to think about how their computers expose them to the network. What services are they offering? Should they implement NBT for file sharing, or something like WebDAV? Furthermore, we need to train people to feel personal ownership of the computer security problem and be responsible about it.

This is not a silver bullet, but it would certainly have been possible for the 500,000 machines that got infected with blaster to have patched their systems beforehand. How hard is it to click that Windows Update button when it flashes? Solid efforts to train people to do this will pay off in less costly incidents.

RE: Digital Vandalism Spurs a Call for Oversight

] NEW YORK/LONDON (Reuters) - Washington authorities are
] investigating a teenager suspected of making a copycat
] variant of the devastating Blaster Internet worm and his
] arrest is pending, law enforcement sources said on
] Friday.

I've edited this post about 1000 times trying to get the facts straight here.

The FBI's big news is that they caught some kid who renamed msblast.exe to an "anatomical reference" and rereleased it, infecting 7,000 computers...

There are various people calling for the FBI to nail this kid's ass to the wall. It pisses me off. This kid did not write the worm caused so much trouble, he released a simple variant. He is not a real threat, as far as I've been able to tell. Those 7000 machines would have gotten the other variant anyway.

Burning him at the stake accomplishes only one thing; it sends a clear message to the real worm authors that they can do these things and someone else will take the fall for them.

Slap this kid on the wrist and go find the real criminals.

This afternoon's idiotic FBI adventure.

This case documents a real world use of stegonography and digital cash which allowed a blackmailer to anonymously collect payment for his victim.

[IP] blackmail / real world stego use