ENTRIES TAGGED "security"
Responding to Chinese Hacks, Quantified Self Gadget, Maker's Amazing Life, and Syrian Rebel DIY Hackery
- Administration Strategy on Mitigating the Theft of US Trade Secrets (Whitehouse, PDF) — the Chinese attacks on Facebook, NYT, and other large organisations are provoking policy responses. WSJ covers it nicely. What is this starting? (via Alex Howard)
- BodyMedia FitLink — can use this to gather caloric expenditure and sleep restfulness. (via Jonathan Brewer)
- Bend Not Break — she had an amazing life but this caught my eye in the Make review: In China, she told me, making and craftsmanship are highly revered, and under Mao, factory jobs were prized. Her experience working in Mao’s factories planted a seed in her mind that sprouted when she sought to create her own company. Rather than launch another internet-based business as was the rage at the time, she wanted to connect software to the physical world. (via Makezine)
- DIY Weapons of the Syrian Rebels (The Atlantic) — if WWII France had had X-Box controllers, they’d have been releasing remote controlled homebrew deathmobiles too.
Underground Economy, Continuous Integration, Chinese Cyber-Espionage, Prosthesis From The Future
- Using Silk Road — exploring the transactions, probability of being busted, and more. Had me at the heading Silk Road as Cyphernomicon’s black markets. Estimates of risk of participating in the underground economy.
- Travis CI — a hosted continuous integration service for the open source community. It is integrated with GitHub.
- Chinese Cyber-Espionage Unit (PDF) — exposé of one of China’s Cyber Espionage Units. (via Reddit /r/netsec)
- $250 Arduino-Powered Hand Made by a Teen — the third version of his robotic hand. The hand is primarily made with 3D printing, with the exception of motors, gears, and other hardware. The control system is activated by flexing a pre-chosen muscle, such as curling your toes, then the movement is chosen and controlled by a series of eyeblinks and an EEG headset to measure brainwaves. The most remarkable part is that the hand costs a mere $250.
Malware Industrial Complex, Indies Needed, TV Analytics, and HTTP Benchmarking
- Welcome to the Malware-Industrial Complex (MIT) — brilliant phrase, sound analysis.
- Stupid Stupid xBox — The hardcore/soft-tv transition and any lead they feel they have is simply not defensible by licensing other industries’ generic video or music content because those industries will gladly sell and license the same content to all other players. A single custom studio of 150 employees also can not generate enough content to defensibly satisfy 76M+ customers. Only with quality primary software content from thousands of independent developers can you defend the brand and the product. Only by making the user experience simple, quick, and seamless can you defend the brand and the product. Never seen a better put statement of why an ecosystem of indies is essential.
- Data Feedback Loops for TV (Salon) — Netflix’s data indicated that the same subscribers who loved the original BBC production also gobbled down movies starring Kevin Spacey or directed by David Fincher. Therefore, concluded Netflix executives, a remake of the BBC drama with Spacey and Fincher attached was a no-brainer, to the point that the company committed $100 million for two 13-episode seasons.
- wrk — a modern HTTP benchmarking tool capable of generating significant load when run on a single multi-core CPU. It combines a multithreaded design with scalable event notification systems such as epoll and kqueue.
Open Regulations, Inside PACER, Hacking Memory, and Pirating Buildings
- CA Assembly Bill No. 292 — This bill would provide that the full text of the California Code of Regulations shall bear an open access creative commons attribution license, allowing any individual, at no cost, to use, distribute, and create derivative works based on the material for either commercial or noncommercial purposes. (via BoingBoing)
- The Inside Story of PACER (Ars Technica) — PACER has become a cash cow for the judicial branch, generating $100 million in profits the court has plowed into non-PACER IT projects. (via BoingBoing)
- Manipulating Memory for Fun and Profit (PDF) — It is a common belief that RAM loses its content as soon as the power is down. This is wrong, RAM is not immediately erased. It may take up to several minutes in a standard environment, even if the RAM is removed from the computer. And it may last much longer if you cool the DRAM chips. With a simple dusty spraying at -50°C, your RAM data can survive more that 10 minutes. If you cool the chips at -196°C with liquid nitrogen, data are held for several hours without any power.
- Pirating Buildings (Spiegel) — putting the “property” back in Intellectual Property.
SCADA 0-Day, Complexity Course, ToS Tracking, and Custom Manufacturing Prostheses
- Tridium Niagara (Wired) — A critical vulnerability discovered in an industrial control system used widely by the military, hospitals and others would allow attackers to remotely control electronic door locks, lighting systems, elevators, electricity and boiler systems, video surveillance cameras, alarms and other critical building facilities, say two security researchers. cf the SANS SCADA conference.
- Santa Fe Institute Course: Introduction to Complexity — 11 week course on understanding complex systems: dynamics, chaos, fractals, information theory, self-organization, agent-based modeling, and networks. (via BoingBoing)
- Terms of Service Changes — a site that tracks changes to terms of service. (via Andy Baio)
- 3D Printing a Replacement Hand for a 5 Year Old Boy (Ars Technica) — the designs are on Thingiverse. For more, see their blog.
Web Tooltips, Free Good Security Book, Netflix Economics, and Firewire Hackery
- toolbar — tooltips in jQuery, cf hint.css which is tooltips in CSS.
- Security Engineering — 2ed now available online for free. (via /r/netsec)
- Economics of Netflix’s $100M New Show (The Atlantic) — Up until now, Netflix’s strategy has involved paying content makers and distributors, like Disney and Epix, for streaming rights to their movies and TV shows. It turns out, however, the company is overpaying on a lot of those deals. [...] [T]hese deals cost Netflix billions.
- Inception — a FireWire physical memory manipulation and hacking tool exploiting IEEE 1394 SBP-2 DMA. The tool can unlock (any password accepted) and escalate privileges to Administrator/root on almost* any powered on machine you have physical access to. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces. (via BoingBoing)
Enlightened Tinkering, In-Browser Tor Proxy, Dark Patterns, and Subjective Data
- Hands on Learning (HuffPo) — Unfortunately, engaged and enlightened tinkering is disappearing from contemporary American childhood. (via BoingBoing)
- Dark Patterns (Slideshare) — User interfaces to trick people. (via Beta Knowledge)
- Bill Gates is Naive: Data Are Not Objective (Math Babe) — examples at the end of biased models/data should be on the wall of everyone analyzing data. (via Karl Fisch)
Icon Font Fun, Rails Security, Indie Economics, and GitHub MITMed in China
- Icon Fonts are Awesome — yes, yes they are. (via Fog Creek)
- What the Rails Security Issue Means for Your Startup — excellent, clear, emphatic advice on how and why security matters and what it looks like when you take it seriously.
- The Indiepocalypse (Andy Baio) — We’re at the beginning of an indiepocalypse — a global shift in how culture is made, from a traditional publisher model to independently produced and distributed works.
- China, GitHub, and MITM — No browser would prevent the authorities from using their ultimate tool though: certificates signed by the China Internet Network Information Center. CNNIC is controlled by the government through the Ministry of Industry and Information Technology. They are recognized by all major browsers as a trusted Certificate Authority. If they sign a fake certificate used in a man-in-the-middle attack, no browser will warn of any usual activity. The discussion of how GitHub (or any site) could be MITM’d is fascinating, as is the pros and cons for a national security agency to coopt the certificate-signing NIC.
Data Jurisdiction, TimBL Frowns, Google Transparency, and Secure Tools
- FISA Amendment Hits Non-Citizens — FISAAA essentially makes it lawful for the US to conduct purely political surveillance on foreigners’ data accessible in US Cloud providers. [...] [A] US judiciary subcommittee on FISAAA in 2008 stated that the Fourth Amendment has no relevance to non-US persons. Americans, think about how you’d feel keeping your email, CRM, accounts, and presentations on Russian or Chinese servers given the trust you have in those regimes. That’s how the rest of the world feels about American-provided services. Which jurisdiction isn’t constantly into invasive snooping, yet still has great bandwidth?
- Tim Berners-Lee Opposes Government Snooping — “The whole thing seems to me fraught with massive dangers and I don’t think it’s a good idea,” he said in reply to a question about the Australian government’s data retention plan.
- Google’s Approach to Government Requests for Information (Google Blog) — they’ve raised the dialogue about civil liberties by being so open about the requests for information they receive. Telcos and banks still regard these requests as a dirty secret that can’t be talked about, whereas Google gets headlines in NPR and CBS for it.
- Open Internet Tools Project — supports and incubates a collection of free and open source projects that enable anonymous, secure, reliable, and unrestricted communication on the Internet. Its goal is to enable people to talk directly to each other without being censored, surveilled or restricted.