Combine centralized and "multi-factor"? Build more PCs with smart card readers?
I'd like to see google offer some form of multifactor on their openid provider. A keyring token generator, or maybe a smartphone app?
Here's someone who has already done it..
http://waxy.org/2008/09/audio_transcription_with_mechanical_turk/
Split up the audio into 5 min pieces.
Set up a template on Amazon Turk for'workers' to grab the 5 min mp3 files, and pay them $2 for each file translated.
More info in the comments. http://www.audiobookcutter.com/ is capable of chopping up the file at the silences for you.
Could be "call back" spam, i.e. I look at my phone and see "missed call from 555-1234". I swear I didn't hear that ring, but I call the number back anyways - and I get a recorded message selling some crap. So I generally google / don't call numbers I don't recognise now. If someone has something important to tell me they'll leave a message.
I'm surprised a nasty worm hasn't propagated via torrent client exploits. Get a list of IPs from a tracker AND the client/version they are using. Not only that: all the users would've opened the port on their router..
X-files has gone off TV?
...requests to BitTorrent trackers can also use CoralCDN, as these are simply HTTP GETs with a client's relevant information encoded in the tracker URL's query string, e.g., http://denis.stalker.h3q.com.6969.nyud.net/announce?info_hash=(hash)&peer_id=(name)&port=52864&uploaded=231374848&downloaded=2227372596&left=0&corrupt=0&key=E0591124&numwant=200&compact=1&no_peer_id=1. Notice that the HTTP request includes a peer's unique name (a long random string) and a port number, but notably does not include an IP address for that client. It's an optional parameter in the specification that many BitTorrent clients don't include. (In fact, even if the request includes this IP parameter, some trackers ignore it.) Instead, the tracker records the network-level IP address from where the HTTP request originated (the other end of the TCP connection), together with the supplied port, as the peer's network address.
In this case CoralCDN was effectively acting as a proxy - the IP address wasn't being falsified. Although these guys did appear to have some luck with falsified IP addresses: Why My Printer Received a DMCA Takedown Notice.
Two more strikes and Google gets their internet connection cut? Oh, no!
whoops: (i was in the process of RTFA)
[09:04] First i was curious to how far something like this would actually spread, i think what most people were unaware of is the fact it IS a worm and every phone that got infected with it was spreading it (I initially only infected 3 phones when I woke up i checked google and found out a fair few people were hit with it)
I get the impression it doesn't. Just connects SSH, and sends some commands to change your desktop.
No self propagation = not really a worm.
what usually happens:
* you request a cert common-name=serverbox.mydomain.com from a Certificate Authority (CA)
* CA determines you are authorized to make this request on behalf of mydomain.com
* serverbox.mydomain.com serves down the signed cert, your browser makes sure website == common-name == serverbox.mydomain.com
what these clever guys discovered:
* you can request a cert common-name=paypal.com\0.mydomain.com
* CA determines you are authorized to make this request on behalf of mydomain.com
* man-in-the-middle sits in between you and paypal.com, serves down this cert, victim's browser makes sure website == common-name == paypal.com (whoops!)
* victim sees paypal.com in their browser with that reassuring padlock
How does the company paying commission make money off this? Redirecting your browser to their spammy search engine, pop up ads?
In the USA? I googled around for this and found this article: http://www.rietta.com/blog/2009/08/authentication-without-encryption-for.html
The FCC regulations for amateur radio, part 97, rule that encryption cannot be used to obscure the meaning of communications.
Have the firmware for the baseband & the OS all readily available and modifiable and use only off the shelf commodity components, no questionable 'black box' transceiver IC's
So how open is the Openmoko hardware? The best reference I could find was wikipedia's entry: http://en.wikipedia.org/wiki/Openmoko#Openmoko_hardware
Openmoko hardware aspires to the term open source hardware although in various areas the availability of cell phone components and law requirements prevent full conformance to this term.
This does exist as a browser plugin for Google Calendar: http://www.ibm.com/developerworks/web/library/wa-googlecal/
Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?