I’ve noticed that marketing departments of some information security companies like to throw around the limitations of Turing’s problem to sell their consulting services. I agree that a human brain must always be involved during security assessments (a fool with a tool is still a fool), so much so that I consider assessment tools to only be a first-pass sweep for vulnerabilities during any security assessment.

It is impossible to build a house using ONLY a hammer. But it sure helps to have one, along with all the other necessary tools.

Illogical Arguments in the Name of Alan Turing

MIT professor and Web star Walter Lewin swings from pendulums and faces down wrecking balls to show students the zany beauty of science.

Walter Lewin is not merely dangling at the bottom of a 15-foot pendulum. He is swinging high and wide, his rapt audience of 300 counting off each cycle.
At 71, he's likely missed his window for a shot at Cirque du Soleil, but the Netherlands-born MIT physics professor seems happy with his own high wire act -- revealing to students, in the most unorthodox ways, the beauty of science.

MIT professor Walter Lewin's elaborate physics demonstrations are a hit in the classroom and online.His pendulum ride comes at the end of a lecture on Hooke's Law, in which he proves the pendulum's period, or time that it takes to complete one cycle, is not affected by the mass at the bottom -- in this case, his own body.
He will also, on other occasions, suck helium and continue his lecture sounding like a Dutch Daffy Duck to highlight the differences in the speed of sound in certain gases. He'll shoot across the classroom stage astride a bicycle mounted with fire extinguishers to demonstrate a rocket's change in momentum.
"It took me a decade to come to the realization," says Lewin at his MIT office, "that really what counts is not what you cover, but what counts

That guy rules.

High Wire Act

* Sometimes, people get drunk and drive, or get drunk and abuse others. Therefore, we should outlaw all alcohol (rather than just outlaw drunk driving and assault).

* Sometimes, the media libels people and destroys their reputations. Therefore, we should outlaw all freedom of the press (rather than just proscribe libel).

* Sometimes, children get a hold of cigarettes or pornography. Therefore, we should outlaw all smoking and pornography (rather than just outlaw the act of selling cigarettes or porn to minors).

* Sometimes, men rape women or molest minors. Therefore, we should outlaw all sex (rather than just outlaw rape and child molestation).

* Sometimes, people use drugs (prescription or recreational), get addicted and then steal or act violently. Therefore, we should outlaw all drugs (rather than just outlaw theft and violence).

* Sometimes, people force women against their will to work as prostitutes. Therefore, we should outlaw all prostitution (rather than just outlaw forced prostitution and human trafficking).

Misadventures in logical reasoning

Prism makes it possible to launch web sites from the desktop and load them into a simple browser window without all of the extra features and functionality of a regular browser. This is advantageous for users because it allows them to run those sites in a separate process from their regular Firefox browser and interact with the content without any unnecessary distractions. Prism also allows web application content to be customized in some ways to make it more conducive to desktop use.

Good for helping to prevent your Gmail account from being CSRF'ed.

Hands on: Mozilla's new Prism brings web sites to the desktop

Health concerns over the Red Bull energy drink were fuelled yesterday after Europe's highest court upheld a French ban on the product.

The fizzy drink has been linked to several deaths and some experts have criticized its high levels of caffeine and other stimulants.

Red Bull is Britain's best-selling energy drink, with 213 million cans consumed last year. It has been dubbed the 'clubbers' drink', and is often mixed with vodka. The popular adverts claiming that Red Bull 'gives you wings', have led to the brand being described as 'the Porsche of soft drinks'.

Red bull + Vodka = the most self destructive drink evah!

French ban on Red Bull (drink) upheld by European Court

Volkswagen will unveil a diesel-electric hybrid version of their Golf hatchback (known as the Rabbit in North-America) at the Geneva Motor Show. The information that has filtered out so far is promising: Fuel economy of 83.1 mpg imperial, 69.9 mpg US. Only 89 grams of carbon dioxide per kilometer (for comparison, the Toyota Prius hybrid emits 104 g/km).

Take that Toyota!

Volkswagen to Introduce 70 mpg Diesel-Electric Hybrid Golf

Here is the story: A couple of days ago I was interested in putting together some research on client-side vulnerabilities found within Adobe AIR applications. The material was supposed to go into my Black Hat talk, which is happening on 27-28 March, btw. I’ve heard that Pownce’s IM client uses Adobe AIR, so I thought that this could be a perfect example I can make use of. Although, there are some very obvious vulnerabilities within the client, which I’ve tested offline btw, I noticed that parts of the requests delivered from the server does not seem to be sanitized at all. After further investigation, I noticed that my personal profile is vulnerable to attack known as Persistent Cross-site Scripting, which is the most serious type of all Cross-site Scripting attacks.

The Cross-Site Scripting condition occurs within a very obscure place and it is restricted to 16 characters. Because of the space restrictions, I was able only inject things like alert(1) and this was pretty much it. Obviously, this is not enough for even an alert(1) command, so other methods for execution were needed in order to make the vector successfully exploitable.

pdp shows us a cool XSS fragmentation attack.

The Pownce Worm (Yet Another Potential AJAX Worm)

Developers are working to create experimental open-source operating systems with modular microkernels using the C# programming language. The SharpOS and Cosmos projects both announced their first major milestone releases last month, demonstrating the technical viability of the concept.

Glad to see some work on a C# OS beyond Singularity. Also good to see some interesting goals beyond research.

Developers create open-source OS kernels using .NET tools

This software helps you add a little more security to your desktop. It does so by detecting one of your bluetooth devices, most likely your mobile phone, and keeping track of its distance. If you move away from your computer and the distance is above a certain level (no measurement in meters is possible) for a given time, it automatically locks your desktop (or starts any other shell command you want).

Once away your computer awaits its master back - if you are nearer than a given level for a set time your computer unlocks magically without any interaction (or starts any other shell command you want).

Don't ever get baggy pantsed again.

BlueProximity - Bluetooth device distance detection and automatic locking tool

MIT OpenCourseWare

OCW is a free publication of course materials
used at MIT.

* Get lecture notes, problem sets, labs
and more.
* Watch lecture videos and demonstrations.
* Study a wide variety of subjects.

I'd like to see other universities open up their curriculum. If only to share with other professors and help standardize education.

Free Online MIT Course Materials | MIT OpenCourseWare