Forgot your password?
typodupeerror

Comment: Re:Unencrypted = Stupid (Score 1) 645

by nick13245 (#35953854) Attached to: 77 Million Accounts Stolen From Playstation Network
I'm sure they were encrypted. AES-256 is a symmetric encryption algorithm. The key has to be stored somewhere, many times in the same database the credit card numbers are being stored. How else would the credit card numbers get stored to the database in the first place? If they got system level access (which from what they are saying, it sounds like they did...), I'm sure they have encryption keys as well.

Comment: Re:passwords? (Score 1) 645

by nick13245 (#35953764) Attached to: 77 Million Accounts Stolen From Playstation Network
If they don't store them plaintext, they still have to store a hash (MD5, SHA2, etc...). If they know the hash algorithm (which I'm sure they do if they got DB access), they could easily run a brute force attack on the hashes that will crack any weak passwords (which I'm sure many are). Even password hashes on Linux systems can be cracked if the passwords are weak and the attacker has time. See http://www.openwall.com/john/.
Earth

GPS Receiver Noise Can Be Used To Detect Snow Depth 51

Posted by timothy
from the for-the-journal-of-sensors-and-transducers dept.
cremeglace writes "Scientists at the University of Colorado at Boulder have found a use for GPS besides finding restaurants or the occasional road-that-doesn't-exist: it can be used to measure snow depth. The new technique, which takes advantage of distortions of the GPS signal after it reflects off the snowpack, may potentially improve weather forecasts by allowing meteorologists to track snowfall patterns. ScienceNOW has the story, which one geophysicist describes as 'a classical case of one person's noise becoming another person's signal.'"

Comment: Re:Scary that they sold the disk at all (Score 1) 369

by nick13245 (#27860571) Attached to: Unclean Military Hard Drives Sold On eBay

i'd use "dd if=/dev/urandom of=/dev/sda" Urandom is slower but better..

If you have access to dd, you probably have access to shred. It makes several passes using different patterns (25 by default), and has the option of zeroing the drive on the last pass. I believe it meets DOD standards. I'm not sure how effective it is with slack space, which often holds recoverable data even after running utilities that are supposed to wipe data off drives, but dd wouldn't be any better.

Shred works on a filesystem level to delete individual files on the drive. Worse than that, it only works on a subset of filesystems (primarily Linux and Unix based).

You want something that wipes *everything* from the drive, no matter what the filesystem is. dd, or dcfldd (which is what I prefer to use) does a sector by sector copy of data from a source to a destination. So the following command:

dd if=/dev/urandom of=/dev/sda

Will effectively fill the hard drive with random data making and data recovery impossible.

Security

+ - What to Do When Your Security is Breached

Submitted by ancientribe
ancientribe (666) writes "When you've got a full-blown security breach on your hands, what do you do? If you've been smart, you'll already have a computer security incident response team — and a plan — in place. But many companies are too resource-strapped to have a full-blown, fully-tested incident response strategy. Here are some tips on what to do — and what not to do.

http://www.darkreading.com/document.asp?doc_id=120 172&WT.svl=news1_2"
Announcements

+ - Houdini Murdered?

Submitted by nick13245
nick13245 (681899) writes "According to forbes.com , Harry Houdini's body is being exhumed because it has been rumored that he was poisoned. According to the article "... the likeliest suspects were members of a group known as the Spiritualists. The magician devoted large portions of his stage show to exposing the group's fraudulent seances.""
The Internet

+ - Legal problems for Wikipedia

Submitted by
ToiletDuck
ToiletDuck writes "The Wikimedia Foundation has been named in a lawsuit filed by literary agent Barbara Bauer, apparently over her less-than-complimentary Wikipedia biography (mirror). The lawsuit comes in the wake of the resignation of Brad Patrick, Wikimedia's General Counsel and Executive Director. When questioned about Wikipedia's liability in an interview with GC South last year, Patrick stated 'Our belief is that since every post is attributed to an individual, is time-stamped and is retained in the database, the foundation itself is not publishing that content. We view individual editors as responsible and have prominently displayed on every edit page that individuals are responsible for their own contributions. We take the position that we are a service provider and are protected under section 230 [of the Communications Decency Act].' Should Wikipedia be liable for defamatory information added by its volunteer editors?"
XBox (Games)

+ - Ubuntu running on the Xbox 360

Submitted by
Anonymous Coward
Anonymous Coward writes "Cpasjuste has managed to get Ubuntu (comunity developed Linux-based operating system) running on the Xbox 360. It contains all the standard applications such as a WEB BROWSER, spreadsheet software, instant messaging software and more. To get it running King Kong is required as well as the vulnerable kernels. Read more about it here at: http://forums.maxconsole.net/showthread.php?p=4670 13#post467013 The news stub can be found here: http://www.maxconsole.net/?mode=news&newsid=15411"
The Internet

+ - Karl Rove uses unauthorized email server

Submitted by
JenniefromtheShire
JenniefromtheShire writes "http://www.dailykos.com/storyonly/2007/3/24/172031 /681

From citizen92 at dailykos.com:

Karl Rove and GWB43.com — Huge National Security Threat?
by citizen92 [Subscribe]

Sat Mar 24, 2007 at 02:36:13 PM PDT

Over the past few days, there have been many great diaries about the recent discovery of the gwb43.com e-mail system. A story in the National Journal (only available by subcription) yesterday added an additional nugget — that Karl Rove does 95% of his e-mailing over that server. Nice. And end run around the Presidential Records Act. And a political move to hide what could be incriminating records.

What has not yet been mentioned, however, is the likely huge national security breach that might have resulted from Karl's cavalier practices.

Bear with me.

citizen92's diary :: ::
The White House is a huge target for electronic espionage by friendly and hostile foreign powers. For those of you who may have visited Washington, this may be evident when you stroll by the various embassies scattered around the city — with their unusual sculptures of antennas and wires on their roofs. The Russians have a compound just three blocks north of the White House.

The US Government spends undisclosed amounts on countermeasures to protect its critical information and its secure networks. And it has the experts to make sure that those countermeasures are working.

But, as usual, the government is focused on the foes outside — not the foes within. Government, meet Karl Rove's OpSec (operational security) program.

As you read, I would have to guess (but I have absolutely no knowlegde if this is true or not) that foreign intelligence services have already paid thorough visits to the various servers that are operated by the RNC down in Chattanooga. You know, GWB43.com. RNCHQ.COM. Bobcorker.com. Why? Well, it's been made pretty clear that Karl Rove conducts business through those domains. 95% of his business. And so do other senior White House staff. If you were a foreign spy, wouldn't you be interested? And might it be a possibility, that MAYBE the RNC servers aren't quite as secure as the government servers? MAYBE?

If I were an Information Security Officer for the White House, my system would be "flashing red." Don't forget that Karl Rove is a Deputy Chief of Staff (the number 3 position) at the White House. He likely see's PDB's and other classified information. And for him to be able to do 95% of his work from the RNC account, he would have to get some of this information flowing from the White House network. Heck, maybe he forwards his eop.gov e-mail to the RNC account.

Point being, this could represent a HUGE SECURITY BREACH. I hope that the RNC servers have been seized by someone in US Government (NSA, CIA or otherwise) to find out exactly what has happened here. And I really hope that political muscle hasn't blocked that.

There is a lot more riding on this than just Karl Rove's political future....

****UPDATE****

Commenter kck suggested that I also point out a few more relevant details.

The "private email addresses" that Rove and some unidentified quantity of White House and possibly other government officials tracks back to a company called Smartech based in Chatanooga, TN. There are some interesting observations about Smartech at Cannonfire's blog, specifically that the gwb43.com domain shares a mailserver with other domains, including:

bcorker.com
bobcorkerforsenate.com
consultmhi.com
georgewbush.com
gop.com
gop.net
gop.org
gopcontact.com
gopemail.com
gopteamleader.com
govtechsolutions.com
newt.org
ohiogop.org
republicanvictoryteam.com
republicanvictoryteam.net
republicanvictoryteam.org
rga.org
rnc.org
rnchq.org
socialsecurityblueprint.com
speakergingrich.com
speakergingrich.net
technomania.com
thehuntercompanies.com
thirdwave2.com
thirdwave2.net
winningwomen.com
wrcb.com
wrcb.net
Cannonfire also observes that the Ohio 2004 election results were tallied on systems maintained by Smartech. Curious yet?

****SUNDAY UPDATE****

Commenter Rosaura makes an excellent observation on the root of the criminality of this whole outside e-mail system.

Tonight I stumbled across the collection of Abramoff emails connected with the Indian Gaming hoo-haw, and sure enough, Susan Ralston was using SusanRalston@gwb, sralston@georgewbush.com, sralston@aol.com, and sRalston@rnchq.org.

It's not as if these crooks didn't know it was wrong. Have a look at Rosaura">this email exchange at pages 113 and 118:

From: Abramoff, Jack (Dir-DC-Gov)[/o=GTLAW/ou=WDC/cn=Recipients/cn=abra moffj] on behalf of Abramoff, Jack (Dir-DC-Gov)
Sent: Friday, February 07, 2003 10:25 AM
To: Ring, Kevin (Shld-DC-Gov)
Subject: RE: email on jena

Dammit. It was sent to Susan on her mc pager and was not supposed to go into the WH system.

— Original Message —
From: Ring, Kevin (Shld-DC-Gov)
Sent: Friday, February 07, 2003 10:26 AM
To: Abramoff, Jack (Dir-DC-Gov)
Subject email on jena

Your email to Susan was forwarded to Ruben Barrales and on to Jen Farley, who read it to me last night. I don't know what to think about this, but she said is better not to put this stuff in writing in their email system because it might actually limit what they can do to help us, especially since there could be lawsuits, etc. Who knows? Just letting you know what she said, Anyway, I had called her to talk about Jena. She has not heard from anyone on the other side of this issue.

— Original Message —
From: abramoff
Sent: Thursday, February 06, 2003 4:24 PM
To: Susan Ralston
Subject: Louisiana

I don't want to bother you guys with a meeting request, so I was hoping you could pass on to Karl that Interior is about to approve a gaming compact and land in trust for a tribe which is an anathema to .....
Two things we learn here.

1/Abramoff was aware of the need to lob e-mails outside of the White House e-mail system. And Abramoff is a crook.

2/Jennifer Farley, the was aware of the need to send e-mails outside of the system, and she told Abramoff co-conspirator Kevin Ring as such.

Farley was not the Director of Intergovernmental Affairs. Nor was she the Deputy Director. Nor was she the Assistant Director. She was the Deputy Assistant Director. That's a low level staff position. A $35,000 year job.

Point being, if low-level staffer Jennifer Farley knew about the e-mail couching, then there had to be a policy mandating these procedures at the White House. And policies are set from the top."
Robotics

+ - Synthetic Snail Slime for Climbing Robots

Submitted by Frumious Wombat
Frumious Wombat (845680) writes "A team of engineers have set a small robot climbing walls in order to compare how natural and artificial snail slimes work. Co-worker Randy Ewoldt, of MIT, said: "An important result is that snail mucus per se is not required for robots to climb walls. We can make our own adhesive locomotion material with commercial products (instead) of harvesting slime from a snail farm." The real article is here for the technically (or gastropodically) inclined.

I, for one, welcome our ubiquitious, wall-climbing, robot overlords."
Graphics

+ - The math of Graphics

Submitted by Anonymous Coward
An anonymous reader writes "A lot of confusion arises when people attempt to do 3d graphics programming without the proper mathematical background in basic linear algebra. Christopher Evensen recently gave a talk covering covering the important fundamentals. The math is also accompanied by a real world programming example. The talk doesn't have anything ground breaking in it, but the format its presented in clearly shows how to apply the math to real world problems."
Privacy

Widespread Spying Preceded '04 GOP Convention 471

Posted by kdawson
from the protest-as-terrorism dept.
Frosty Piss alerts us to a story in the New York Times reporting on details that are emerging of a far-flung spying operation lasting up to a year leading up to the 2004 Republican National Convention. The New York Police Department mounted a spy campaign reaching well beyond the state of New York. For at least a year before the convention, teams of undercover New York police officers traveled to cities across the US, Canada, and Europe to conduct covert observations of people who planned to protest at the convention. Across the country undercover officers attended meetings of political groups, posing as sympathizers or fellow activists. In at least some cases, intelligence on what appeared to be lawful activity was shared with other police departments. Outlines of the pre-convention operations are emerging from records in federal lawsuits brought over mass arrests during the convention.

"Those who will be able to conquer software will be able to conquer the world." -- Tadahiro Sekimoto, president, NEC Corp.

Working...