| |
|
Topic: Technology |
12:16 pm EST, Nov 11, 2008 |
This SWIPE tool allows you to crack a 2D barcode. Ever noticed the barcode on the backside of your license? Ever wondered what information it stores or why it is even there? Use our online application or the stand-alone program and put an end to the mystery! It is your data, so shouldn't you have a look? Learn more about the 2D barcode and your driver's license.
The SWIPE Toolkit |
|
Skype: A Practical Security Analysis by Bert Hayes. (PDF) |
|
|
Topic: Technology |
2:22 am EST, Nov 11, 2008 |
"Skype is communications software that allows users to communicate with each other in real time using VOIP (Voice Over IP), video chat, or more traditional text chat. It is unique among other IM (Instant essaging) applications in that Skype runs over a decentralized P2P (Peer to Peer) network rather than routing all communications packets through a central server. Skype is designed to work out of the box on modern networks, and has no problems working behind a NAT (Network Address Translation) device or other firewalls. Because of its decentralized architecture, Skype makes extensive use of strong encryption, making casual eavesdropping or impersonation all but impossible. Many network and systems administrators take a dim view of Skype because historical use has shown that it can be a bandwidth hog. Other administrators fear that Skype's inherent ability to traverse firewalls is a security risk. And some administrators feel the combination of Skype's encryption and its binary only, closed-source nature make it a black box, or complete unknown that has no place being on a well-maintained network. While these are all valid concerns, they should be considered in the context of local network policies and weighed against the benefits that Skype can provide. In many cases running Skype in a well-managed environment can mitigate these risks. The purpose of this paper is to suggest best practices and recommendations when running Skype. Although Skype is available for myriad different hardware platforms, this document will focus on the Mac, Windows, and Linux environments. Unfortunately, many of the management features available to systems administrators are available only for Skype running on Windows." Introduction / Bert Hayes. Skype: A Practical Security Analysis GSEC Gold Certification Author: Bert Hayes, bhayes@infosec.utexas.edu Adviser: Dominicus Adriyanto Accepted: October 9 2008
Good read... Skype: A Practical Security Analysis by Bert Hayes. (PDF) |
|
Mechanical Dry Erase Board |
|
|
Topic: Technology |
12:11 am EST, Nov 11, 2008 |
Rob Douglas from Vanderbilt University gives us a step by step walkthrough of his mechanical dry-erase whiteboard project, much akin to a larger scale, computer driven, Etch-a-Sketch. The site contains the step-by-step process of construction, a list of all components used as well as suggestions for improvements, and the source code (written in C#). Check out his project for a good usage example for the Phidget High Current Motor Controller, InterfaceKit and Analog Joystick sensor, and Servo Controller.
Mechanical Dry Erase Board |
|
Apple rejects update to CastCatcher iPhone app |
|
|
Topic: Technology |
11:18 pm EST, Nov 10, 2008 |
The fourth time was definitely not the charm for the developers behind the CastCatcher streaming radio application for the iPhone. Apple rejected CastCatcher 1.3 from the App Store on Monday, according to Return7 developer Amro Mousa. The reason? "CastCatcher Internet Radio cannot be posted to the App Store because it is transferring excessive volumes of data over the cellular network, which as outlined in the iPhone SDK Agreement section 3.3.15, is prohibited." If that's Apple's policy regarding streaming radio applications, Mousa is a little puzzled, because he has already released three versions of CastCatcher with no problems since it was first released to the App Store in September. And there are several other streaming radio applications on the App Store, such as the one developed by CBS subsidiary and CNET corporate sibling Last.fm, that also operate over the cellular network using the same amount of bandwidth as CastCatcher, according to Mousa. Mousa says he's trying to get an answer out of Apple, and I'll update this post if and when he updates the company blog or responds to an e-mail inquiry. CastCatcher 1.2 is still available on the App Store as of this writing, so perhaps there is something specific to the latest update that triggered the bandwidth concerns, although Amro said in the comments on his blog that he left the bit transfer rates unchanged on the new version. The CastCatcher incident has to once again bring up questions about how Apple is handling App Store rejections. Earlier this year Apple killed an application called Podcaster that let users download podcasts over-the-air directly to their iPhones without using iTunes--a feature Apple did not offer at the time but reportedly plans to offer with the OS X 2.2 update. Should we soon expect to see an iPhone version of the streaming radio channels offered on iTunes? UPDATED 5:15pm - Mousa responded to an e-mail asking for further details, quoted in part below. At any rate, some of my thoughts on why this might have happened are (purely speculation): 1) Their review process might have been outsourced and some decision tree is being taken too literally 2) An honest mistake 3) They're adding support for streaming audio in iPhone 2.3 or thereabouts I honestly have no idea why this has happened. There were no changes to the streaming code since 1.2 (really nothing significant outside of metadata parsing since 1.0). Bandwidth used depends entirely on the stream provided by the user (i.e. 128kbps streams require that much bandwidth). For the record, it's not been a terribly long time since Apple rejected the app -- roughly a week and in the past they've been helpful. Lately, not so much though. Mousa wanted to point out that he holds no grudge against Apple, but is frustrated that he is unable to deliver the bug fixes and feature upgrades that his users requested.
Apple rejects update to CastCatcher iPhone app |
|
Once thought safe, WPA Wi-Fi encryption is cracked |
|
|
Topic: Technology |
11:15 pm EST, Nov 10, 2008 |
Security researchers say they've developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks. The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router. To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference's organizer. They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack Security experts had known that TKIP could be cracked using what's known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data. The work of Tews and Beck does not involve a dictionary attack, however. To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a "mathematical breakthrough," that lets them crack WPA much more quickly than any previous attempt, Ruiu said. Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck's Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added. WPA is widely used on today's Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s. Soon after the development of WEP, however, hackers found a way to break its encryption and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period. A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA. "Everybody has been saying, 'Go to WPA because WEP is broken,'" Ruiu said. "This is a break in WPA." If WPA is significantly compromised, it would be a big blow for enterprise customers who have been increasingly adopting it, said Sri Sundaralingam, vice president of product management with wireless network security vendor AirTight Networks. Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said. Ruiu expects a lot more WPA research to follow this work. "Its just the starting point," he said. "Erik and Martin have just opened the box on a whole new hacker playground."
Once thought safe, WPA Wi-Fi encryption is cracked |
|
Report warns iPod earphones may deactivate pacemakers |
|
|
Topic: Health and Wellness |
11:14 pm EST, Nov 10, 2008 |
Heart patients wearing pacemakers and implanted defibrillators should avoid putting iPods or other media players in their breast pockets as the magnets in the headphones can deactivate the devices, according to a Medical Device Safety report. The study, led by Dr William Maisel of the Medical Device Safety Institute at Boston's Beth Israel Medical Center, found that earphones could interfere with pacemakers when placed within 1.2in of the devices. The Medical Device Safety Institute reported its findings to the American Hearth Association last week, and said strong magnets inside the headphones caused problems for one in four patients, and particularly those with a defibrillator. The researchers said the magnets could prevent electrical impulses being sent from the device to the heart, possibly leading to palpitations or arrhythmia. "The main message here is: it's fine for patients to use their headphones normally, meaning they can listen to music and keep the headphones in their ears," said Dr Maisel "But what they should not do is put the headphones near their device." Eight models of headphones were tested with 60 patents with defibrillators and pacemakers. Researchers stressed that MP3 players themselves posed no threat to pacemakers and defibrillators.
Report warns iPod earphones may deactivate pacemakers |
|
Ugly election incidents show lingering U.S. racism |
|
|
Topic: Society |
2:34 am EDT, Oct 23, 2008 |
Two weeks before an election that could install the first black U.S. president, scattered ugly incidents have reflected a deep residue of racism among some segments of white America. A cardboard likeness of Barack Obama was found strung from fishing wire at a university, the Democratic presidential nominee's face was depicted on mock food stamps, the body of a black bear was left at another university with Obama posters attached to it. Though the incidents are sporadic and apparently isolated, they stirred up memories of the violent racial past of a country where segregation and lynchings only ended within the last 50 years. And some feared that Obama could be a target for people who reject him on racial grounds alone. The Illinois senator leads Republican rival John McCain in polls ahead of the November 4 election and has a big following in many sections of Americans, from liberals to conservatives, black and white, poor and wealthy. "Many whites feel they are losing their country right before their eyes," said Mark Potok, who directs the Southern Poverty Law Center that monitors hate groups. "What we are seeing at this moment is the beginning of a real backlash." Obama campaign strategist David Axelrod said the incidents were disappointing but he said there were fewer than some had predicted. "We've always acknowledged that race is not something that's been eradicated from our politics," said Axelrod. "But we've never felt that it would be an insuperable barrier and I don't think that it will be." The latest incident occurred on Monday when the body of bear cub was found on the campus of Western Carolina University in North Carolina. Obama campaign signs were placed around the dead animal's head. School officials said it was a prank. Earlier a cardboard likeness of Obama was strung up with fishing wire from a tree at a university in Oregon and an Ohio man hung a figure bearing an Obama sign from a tree in his yard. The man told local media he didn't want to see an African-American running the country. ANGRY INDIVIDUALS Potok said the displays of racism did not appear orchestrated as part of a campaign of racial intimidation, but were rather the acts of angry individuals. Their voices are often heard in radio call-back shows or letters to editors. Many Americans "see the rise of minority rights, gay rights, women's rights as a threat to the world they grew up in and that their parents grew up in. They see huge demographic changes," he said. "They see jobs disappearing to other countries, and now they see a man who is African American and who will very likely become president of the United States. For some of those people that symbolizes the end of the world as they know it." He estimated there were as many as 800 white supremacy or nationalist groups in the United States, with at least 100,000 as "an inner core" of membership and many more on the fringes... [ Read More (0.2k in body) ] Ugly election incidents show lingering U.S. racism
|
|
World’s Largest Retailer Now Accepts PayPal |
|
|
Topic: Miscellaneous |
12:02 pm EDT, Oct 17, 2008 |
Hi, I’m Mary Anne Gillespie, vice president of sales for PayPal’s merchant services division. I’m thrilled to report that just in time for the holiday season, walmart.com, the online division of the world’s largest retailer, is now accepting PayPal.
World’s Largest Retailer Now Accepts PayPal |
|
YouTube to McCain: You Made Your DMCA Bed, Lie in It! |
|
|
Topic: Technology |
11:12 am EDT, Oct 16, 2008 |
YouTube on Tuesday rebuffed a request from John McCain s presidential campaign to examine fair-use issues more carefully before yanking campaign videos in response to DMCA takedown notices. Lawyers and judges constantly disagree about what does and does not constitute fair-use, YouTube s general counsel Zahavah Levine wrote in a letter Tuesday. No number of lawyers could possibly determine with a reasonable level of certainty whether all the videos for which we receive disputed takedown notices qualify as fair-use. We hope that as a content uploader, you have gained a sense of some of the challenges we face everyday in operating YouTube, she added. Mccainyoutubead The McCain campaign on Monday fired off a letter to YouTube complaining that the company had acted too quickly to take down McCain s videos in response to copyright infringement notices. McCain campaign general counsel Trevor Potter argued that several of the removed ads, which had used excerpts of television footage, fall under the four-factor doctrine of fair-use, and shouldn t have been removed. But citing the DMCA, a controversial copyright law that McCain voted to approve a decade ago, Levine pointed out that YouTube risks being sued itself if it doesn t respond PROMPTly to takedown notices. If … service providers do not remove the content to such notice, they do so at their own risk because they lose their safe harbor, she wrote. Further, Levine argued, the fair-use analysis is complicated, and the creators of the videos are better equipped to perform it. The uploader can then issue a DMCA counter-notice if they believe they re on solid legal ground, and YouTube will restore the video. YouTube does not possess the requisite information about the content in user-uploaded videos to make a determination as to whether a particular takedown notice includes a valid claim of infringement, Levine wrote. The claimant and the uploader, not YouTube, hold all of the relevant information in this regard, including the source of any content used, the ownership rights to the content, and any licensing arrangements in place between the parties. The real problem here is individuals and entities that abuse the DMCA takedown process, she added. We look forward to working with Senator or President McCain on ways to combat abuse of the DMCA takedown process on YouTube, including by way of example, strengthening the fair-use doctrine, so that intermediaries like us can rely on this important doctrine with a measure of business certainty.
YouTube to McCain: You Made Your DMCA Bed, Lie in It! |
|
Cybercrime Supersite DarkMarket Was FBI Sting, Documents Confirm..... |
|
|
Topic: Technology |
11:10 am EDT, Oct 16, 2008 |
The NCFTA is a non-profit information sharing alliance funded by financial firms, internet companies and the federal government. It s also home to a seven-agent FBI headquarters unit called the Cyber Initiative and Resource Fusion Unit, which evidently ran the DarkMarket sting. The FBI didn t return a phone call Monday. Like earlier crime sites, DarkMarket allowed buyers and sellers of stolen identities and credit card data to meet and do business in an entrepreneurial, peer-reviewed environment. Products for sale ran the gamut from specialized hardware, to electronic banking logins collected from phishing attacks, stolen personal data needed to assume a consumer s identity full infos and credit card magstripe swipes dumps , which are used to produce counterfeit cards. Vendors were encouraged to submit their goods for review before offering them for sale. The unearthed DOCUMENTs, seen by Threat Level, show the FBI sting had begun by November, 2006. An FBI memo sent to the German national police regarding a forum member in that country boasts, Currently, the FBI has been successful in penetrating the inner family of the carding forum, DarkMarket. A March 2007 e-mail from Mularski s FBI address to his German counterpart puts it bluntly. Master Splynter is me. The DOCUMENTs indicate the FBI used DarkMarket to build intelligence briefs on its members, complete with their internet IP addresses and details of their activities on the site. In at least some cases, the bureau matched the information with transaction records provided by the electronic currency service E-Gold. Last month, Master Splyntr -- now identified as Mularski -- announced he was shuttering the site as of October 4th, citing unwanted attention garnered by a fellow administrator, known as Cha0. From his home in Turkey, Cha0 had aggressively marketed a high-quality ATM skimmer and PIN pad that fraudsters could covertly affix to certain models of cash machines, capturing consumers account numbers and secret codes. But he began drawing heat this year after reportedly kidnapping and torturing a police informant. He was arrested in Turkey last month, where police identified him as one Cagatay Evyapan.
Cybercrime Supersite DarkMarket Was FBI Sting, Documents Confirm..... |
|