2600 NEWS: NEW 2600 RSS FEED OTH/OTW SHOW DELIVERY

NEW 2600 RSS FEED OTH/OTW SHOW DELIVERY

Posted 3 Dec 2004 06:20:50 UTC

2600.com is now making available an RSS feed for our readers’ convenience. It contains the headlines for articles posted to our website, and in addition can be used to automate downloading of our radio programs Off the Hook and Off the Wall.

RSS stands for Really Simple Syndication. It allows news headlines and other sorts of information to be published in a standard XML format which can then be read by different software programs. The most popular use of RSS is a piece of software called an “aggregator”, which collects news from a number of websites and then displays it to you in a simple form. A number of such aggregators are available for various computer platforms. Other uses of RSS have included screensavers, SMS notification, and web based RSS portals, so have a look at it, and surprise us with a something new as well.

Our RSS feed can be found here:
http://www.2600.com/rss.xml

In addition to 2600 news, each week we post streaming and archived versions of both “Off the Hook” and “Off the Wall” radio shows. To this end, our feed supports an RSS feature called “enclosures.” Many RSS aggregators can now automatically download the shows each week and even automatically transfer the MP3 files to your portable music player.

To have the shows delivered to your computer and/or portable music player, download one of the applications from ipodder.org, install, and configure to use the 2600 RSS feed. Each week, as we publish the audio shows, the shows will automatically be downloaded to your computer or portable music device.

If you just use a RSS aggregator without enclosure support, the MP3 links to the show will be available along with 2600.com news, but the MP3 files will not be automatically downloaded.

If you have any questions about getting the audio on your music device or computer, send us an email.

(Via Dave)

Popularity: 2% [?]

Anti-Spyware Test (Guide)

Overview

As the the threat of “spyware” and “adware” has escalated over the past few years, the number of “anti-spyware” scanners available on the Net has grown equally fast. At present there are over 100 anti-spyware scanners available for download — some for free, some for pay. Spyware and adware are themselves complex enough to prove bewildering to most average users, however. So confusing in fact is the threat of spyware and adware that users often have trouble distinguishing effective anti-spyware scanners from less effective ones. Although a number of “tests” of anti-spyware scanners have been reported on the Net, many if not most of those tests are of limited value because the design, methodology, and execution of the tests is not fully and publicly documented, leaving even experienced users and experts to wonder just how meaningful those tests really are. Still worse, some of those “tests” are touted by webmasters who are affiliates for the companies whose products were “tested.”

The tests documented on these pages are intended to partially remedy these several problems with our knowledge of anti-spyware scanners and how well they perform. At present, there are three groups of tests documented here.

Users looking for a short list of recommendations for anti-spyware products can find such a list HERE. For a more comprehensive list of anti-spyware products, see HERE. And if your PC is already overrun with spyware or adware, see my tips for what to do HERE.

Via Slashdot.

Popularity: 3% [?]

Another great article by Bruce, carefully thought out and presented in a nice clear manner.

Schneier on Security: The Problem with Electronic Voting Machines

The Problem with Electronic Voting Machines

In the aftermath of the U.S.’s 2004 election, electronic voting machines are again in the news. Computerized machines lost votes, subtracted votes instead of adding them, and doubled votes. Because many of these machines have no paper audit trails, a large number of votes will never be counted. And while it is unlikely that deliberate voting-machine fraud changed the result of the presidential election, the Internet is buzzing with rumors and allegations of fraud in a number of different jurisdictions and races. It is still too early to tell if any of these problems affected any individual elections. Over the next several weeks we’ll see whether any of the information crystallizes into something significant.

The U.S has been here before. After 2000, voting machine problems made international headlines. The government appropriated money to fix the problems nationwide. Unfortunately, electronic voting machines — although presented as the solution — have largely made the problem worse. This doesn’t mean that these machines should be abandoned, but they need to be designed to increase both their accuracy, and peoples’ trust in their accuracy. This is difficult, but not impossible.

Before I can discuss electronic voting machines, I need to explain why voting is so difficult. Basically, a voting system has four required characteristics:

1. Accuracy. The goal of any voting system is to establish the intent of each individual voter, and translate those intents into a final tally. To the extent that a voting system fails to do this, it is undesirable. This characteristic also includes security: It should be impossible to change someone else’s vote, ballot stuff, destroy votes, or otherwise affect the accuracy of the final tally.

2. Anonymity. Secret ballots are fundamental to democracy, and voting systems must be designed to facilitate voter anonymity.

3. Scalability. Voting systems need to be able to handle very large elections. One hundred million people vote for president in the United States. About 372 million people voted in India’s June elections, and over 115 million in Brazil’s October elections. The complexity of an election is another issue. Unlike many countries where the national election is a single vote for a person or a party, a United States voter is faced with dozens of individual election: national, local, and everything in between.

4. Speed. Voting systems should produce results quickly. This is particularly important in the United States, where people expect to learn the results of the day’s election before bedtime. It’s less important in other countries, where people don’t mind waiting days — or even weeks — before the winner is announced.

Popularity: 1% [?]

I really wish that this point had been made more often, because it is totally true.

William S. Lind On War Archive

Our nightly bombing of Fallujah illustrates another important point about 4GW: to call it “terrorism” is a misnomer. In fact, terrorism is merely a technique, and we use it too when we think it will benefit us. In Madam Albright’s boutique war on Serbia, when the bombing campaign against the Serbian Army in Kosovo failed, we resorted to terror bombing of civilian targets in Serbia proper. Now, we are using terror bombing on Fallujah.

…

The point here is not merely that in using terrorism ourselves, we are doing something bad. The point is that, by using the word “terrorism” as a synonym for anything our enemies do, while defining anything we do as legitimate acts of war, we undermine ourselves at the moral level – which, again, is the decisive level in Fourth Generation war.

I don’t necessarily agree with everything Mr. Lind says in his On War pieces, but this certainly rings true for me.

Popularity: 1% [?]

Using spam to bypass code verification. Very clever! Also using word obfuscation techniques, I’m not certain if it is specifically on purpose or they really don’t know how to spell. Probably to defeat spam filters, I’m thinking.

D‮rae‬ Y‮oha‬o! M‮ebme‬r,

We m‮su‬t c‮kceh‬ t‮tah‬ yo‮ru‬ Y‮ooha‬! ID was r‮retsige‬ed by re‮la‬ p‮poe‬le. So, to h‮le‬p Ya‮oh‬o! pre‮nev‬t aut‮etamo‬d
registrat‮oi‬ns, pl‮esae‬ c‮cil‬k on t‮sih‬ l‮kni‬ and co‮telpm‬e c‮edo‬ v‮noitacifire‬ p‮cor‬ess:

http://sg.rd.yahoo.com/*%68%74t%50%3a%2f%2F%77ww%09%2e%67OOg%6cE.%43%6f%4d%2f%75%72l%3fq=%68%74%74p:%2f%2F%77%77%77.%47O%4F%67%4ce
%2E%63O%6D%2f%75r%6c%3fq=h%74%74%70%3A/%2f%57w%77%09%2e%67O%6F%09%47%09%6c%09e.C%09%4f%4D/%75r%6c%3Fq=%48%74T%70%3A/%2Fomr4yejgkf.%2%3509d%%30%39a%%30%39%2e%%%3309%%309r%25%309U%25%309?

Th‮kna‬ yo

Popularity: 1% [?]

In today’s article, Bruce posits that the reason that the U.S. government wants RFID tags in passports is precisely because they want to be able to surveil from a distance. I’m pretty sure this would mostly just make it a little easier, but his point is that not only could the government see who you are from a distance but so could anyone else with a RFID reader. Bwaaahahhhhhaaaa scary!!!!

Schneier on Security: Does Big Brother Want to Watch?

October 04, 2004
Does Big Brother Want to Watch?

Since the terrorist attacks of 2001, the Bush administration–specifically, the Department of Homeland Security–has wanted the world to agree on a standard for machine-readable passports. Countries whose citizens currently do not have visa requirements to enter the United States will have to issue passports that conform to the standard or risk losing their nonvisa status.

Popularity: 1% [?]

Schneier on Security

A weblog covering security and security technology.

Bruce is ALWAYS a good read. Thanks to BoingBoing for the pointer that he now has a blog.

Popularity: 1% [?]

AntiExploit - find bad stuff on your server

About AntiExploit

AntiExploit is the first ON-ACCESS exploit-scanner for Linux and FreeBSD. Aexpl can help you to identify local intruders or users who want to harm your or other systems with well known tools.

aexpl uses the dazuko kernel-modul and md5sums (signatures are planed) to identify bad files when they are created or used by listenning to the kernel file systemcalls. So you can immediately interact with the file and fileowner.

AntiExploit was successfully tested under FreeBSD 4.10-RC2, FreeBSD 5.2.1-REL, Debian Woody with Kernel 2.6.6 and Debian Testing with Kernel 2.4.25, SlackWare 9.1 with kernel 2.4.22.

1.3 Beta 4 is a Release Candidate, do not use it on production systems, your machine can hang under certain cercumstances!!! But please test it!

Download

The latest version is 1.3 Beta 4 (Beta release)

Found this on Freshmeat, definitely will look into giving it a try maybe.

Popularity: 1% [?]

Kryptonite Evolution 2000 U- Lock hacked by a Bic pen - Engadget - www.engadget.com

Kryptonite Evolution 2000 U- Lock hacked by a Bic pen

Posted Sep 14, 2004, 5:04 PM ET by Phillip Torrone
Related entries: Misc. Gadgets

lock vs pen

Much to our surprise, we were able to hack our Kryptonite Evolution 2000 U- Lock with a ballpoint pen. This $50 lock is supposed to be one of the best for %u201Ctoughest bicycle security in moderate to high crime areas%u201D%u2014unless the thief happens to have a Bic pen. We used to use these to lock up our bicycles, but we%u2019re switching to something else ASAP. (Oh, and just to be trite, the pen is mightier than the lock.)

Well, isn’t this a wonderful little bit of news. You know all those cylindrical locks like they have on Kryptonite U locks, vending machines, Kensington computer cable locks? Apparently they are all easily picked using a Bic® pen. …DOH.

Popularity: 1% [?]

Paj’s Home: Cryptography: JavaScript MD5

The MD4, MD5 and SHA-1 algorithms are secure hash functions. They take a string input, and produce a fixed size number - 128 bits for MD4 and MD5; 160 bits for SHA-1. This number is a hash of the input - a small change in the input results in a substantial change in the output. The functions are thought to be secure, in the sense that it would require an enormous amount of computing power to find a string which hashes to a chosen value. In others words, there’s no way to decrypt a secure hash. The uses of secure hashes include digital signatures and challenge hash authentication.

Nothing like a little Javascript MD5 hashing, eh?

Popularity: 1% [?]