New issue (Vol 2 Number 1) of CodeBreaker's Journal has been released. An interesting publication for those interested in lower level programming.

CodeBreakers Journal

] SHA-1 has been broken. Not a reduced-round version. Not a
] simplified version. The real thing.

Oh Fuck.

Schneier on Security: SHA-1 Broken

] Angry parents, saying their children's privacy rights are
] being violated, have asked the board of the tiny Brittan
] School District to rescind a requirement that all
] students wear badges that monitor their whereabouts on
] campus using radio signals.

MemeStreams user Catonic asked me to post this because Memestreams is blocked at his office, which is, frankly, ironic. I'll bet he gets into his office with an RF-ID key card. Now, granted, I'm sure he doesn't have to swipe if before he enters the bathroom. This isn't the scariest kid tracking technology I've seen, but you'll see more of this.

The biggest problem with these technologies is when they remove control from the user and place it in the hands of the system operator. If these technologies are seen as a way for a person to communicate with other people about their location, as they see fit, then they'll be very powerful. If they are seen as a way for other people to track a person, whether or not that person wants to be tracked, they will fail miserably. The important element is leaving the user in control.

SUTTER COUNTY / Students kept under surveillance at school / Some parents angry over radio device

] This is the homepage of the Shape Contexts based approach
] to break Gimpy, the CAPTCHA test used at Yahoo! to screen
] out bots. Our method can successfully pass that test 92%
] of the time. See EZ-Gimpy in action at Yahoo! The
] approach we take uses general purpose algorithms that
] have been designed for generic object recognition. The
] same basic ideas have been applied to finding people in
] images, matching handwritten digits, and recognizing 3D
] objects.

Nice.

So, any technological effort to prevent bot attacks is going to be easy to defeat. This may actually push demand for a federated identity system for the internet. The people managing systems will be responsible for verifying that their users are real people. An easy way to do this is to require telephone authentication (the way GeoTrust does for their personal SSL certificates) and not offer more then 10 addresses per phone number.

There are also interesting questions here about reputation carrying over between communities. You might need to gain a large audience on, say, MemeStreams before you are allowed to join another community with a more controlled atmosphere...

Breaking a Visual CAPTCHA

noteworthy wrote:
] As your once and future agent will kindly tell you, 2005 will
] be remembered as the year that remembrance agents went
] mainstream.
]
] This essay by Steven Johnson appears in the Sunday NYT Book
] Review.

Linked here is a related post from his blog...

RE: Tool for Thought, by Steven Johnson

In the stupidest security move microsoft has made to date, they've decided that pirated copies of microsoft products should not recieve security patches.

What's next, 'How to write a worm', published by Microsoft Press?

[ This was inevitable. Its a good idea for their business and a bad idea for computer security on the whole. Its hard to argue that Microsoft has a moral obligation to patch stolen software, but on the other hand this is going to make a bad situation worse. ]

Microsoft: No Patches for Pirated Windows

This is an ad for the Macintosh around 1989.

k wrote:
] Kind of a neat blast from the past.
] Sometimes we forget that there was a time when "Copy" and "Paste"
] were brand new concepts.

Matt Groening Apple Ad

] The US military is planning to deploy robots armed with
] machine-guns to wage war against insurgents in Iraq.
]
] Eighteen of the 1m-high robots, equipped with cameras and
] operated by remote control, are going to Iraq this
] spring, the Associated Press reports.

] Mr Quinn says there are plans to replace the computer
] screen, joysticks and keypad in the remote-control unit
] with a Gameboy-style controller and virtual-reality
] goggles.

IMHO the word "Robot" should not be applied to tools that require a human operator. These are RC troops, not robot troops, and one wonders what has taken so long.

BBC NEWS | US plans to deploy 'robot troops' in Iraq

] Imagine a gun with no recoil, no sound, no heat, no
] gunpowder, no visible firing signature (muzzle flash),
] and no stoppages or jams of any kind. Now imagine that
] this gun could fire .308 caliber and .50 caliber metal
] projectiles accurately at up to 8,000 fps
] (feet-per-second), featured an infinitely
] variable/programmable cyclic rate-of-fire (as high as
] 120,000 rounds-per-minute), and were capable of laying
] down a 360-degree field of fire. What if you could mount
] this weapon on any military Humvee (HMMWV), any
] helicopter/gunship, any armored personnel carrier (APC),
] and any other vehicle for which the technology were
] applicable?

This is interesting although the author is a little confused about his physics. Its friction free! Whee!!!

Defense Review - World Exclusive Video! DREAD Weapon System: Devastating, Jam-Proof, and Silent.

] If you're a blogger (or a blog reader), you're painfully
] familiar with people who try to raise their own websites'
] search engine rankings by submitting linked blog comments
] like "Visit my discount pharmaceuticals site." This is
] called comment spam, we don't like it either, and we've
] been testing a new tag that blocks it.

I wonder if we should implement this in memestreams such that if you don't have a large audience this tag appears in your links. Thoughts?

Google Blog rel=nofollow