Category: Interesting Reads

The risk of information leakage and the Slingbox Pro

Security is hard. Sometimes, you secure the information well enough that it is infeasible to determine what the encrypted information is, and you feel like you’ve done well. Normally, that would be enough. However, sometimes you have some clever folks come along and look at the characteristics that aren’t subject to encryption to figure out what the secured data is. Basically, an attack on the secondary information in the stream. So what, exactly, does this mean? Well, in this particular instance, I found the security and privacy analysis on gadgets extremely interesting. These researchers were able to determine with extremely high accuracy what movies were being streamed from a Slingbox Pro based on the variation in amount of data sent. They couldn’t tell what the data was, but could still count the number of bits and compare that information to known characteristics of the unencrypted streams from movies to guess what was being passed.

The Slingbox Pro is not the only target of their investigations, but it is the most interesting to me. They also find privacy issues with the Nike+iPod Sport Kit and security issues with Microsoft’s Zune social relationships.

We analyze three new consumer electronic gadgets in order to gauge the privacy and security trends in mass-market UbiComp devices. Our study of the Slingbox Pro uncovers a new information leakage vector for encrypted streaming multimedia. By exploiting properties of variable bitrate encoding schemes, we show that a passive adversary can determine with high probability the movie that a user is watching via her Slingbox, even when the Slingbox uses encryption. We experimentally evaluated our method against a database of over 100 hours of network traces for 26 distinct movies.

Despite an opportunity to provide significantly more location privacy than existing devices, like RFIDs, we find that an attacker can trivially exploit the Nike+iPod Sport Kit’s design to track users; we demonstrate this with a GoogleMaps-based distributed surveillance system. We also uncover security issues with the way Microsoft Zunes manage their social relationships.

Continue reading “The risk of information leakage and the Slingbox Pro”

OpenOffice.org tips and tricks site

Here goes one of my infrequent discussions on using legally free software. I’m not fond of the escalating price of software, especially considering how often new features are unnecessary for anything but to drive the ongoing need for more powerful hardware. And while I do know all the means of acquiring software illegally, I do use legal copies of software. Whenever possible, I download and instally legally free software, whether public domain, open source, freeware, ad-supported (although rarely) or any other means of legitimately free distribution. I do pay and use some applications, such as Nero and X to DVD, if I can’t find a free alternative that I like, but luckily, there are few needs for commercial software in my daily computing time outside of my games.

One of the applications my wife uses frequently is Microsoft Office. I don’t want the bloat from that on my system, but occasionally she works on my computer and needs access to some type of Office product. I’ve worked around this by installing OpenOffice.org (often referred to as OO.o) and Abiword for her to use. Unfortunately, I’m not very strong with OO.o, and sometimes Abiword doesn’t have all the features she needs. So, what to do? Why, I think I’ll buy a book and also read the author’s blog to learn how to better use OO.o. That should be a nice distraction from my other current reading – Beginning GIMP.

You can buy the book from the author for $30 via paypal, or head to Amazon and get it for $59.99. I have no idea why the price difference, but I’ve ordered my copy from the author.

So to reiterate – if you are tired of the cost of commercial software, consider many of the excellent free alternatives (and feel free to contact me for help finding tools for your tasks – I love tracking down stuff online). If you are in the market for office productivity software, consider OpenOffice.org, and read this hints and tips site to learn it (and consider buying the book).

[tags]Random free software commentary, Learn OpenOffice.org, OpenOffice.org tips and tricks[/tags]

Terrorism database

Right up front, I’ll point out that this could be very useful in political discussions about the current state of American. However, until I’ve had time to view more of the data and get an idea of what’s in there, I’ll avoid any actual discussion of political implications. That out of the way, now is a good time to read up on the global terrorism database put together with funding from the Department of Homeland Security.

The majority of terrorist attacks result in no fatalities, with just 1 percent of such attacks causing the deaths of 25 or more people.

And terror incidents began rising some in 1998, and that level remained relatively constant through 2004.

These and other myth-busting facts about global terrorism are now available on a new online database open to the public.

The database itself is accessible through a University of Maryland web site.

Continue reading “Terrorism database”

Microsoft security engineer shows simple wireless network break-in tools

I love security. I really need to get a good job back in the computer security industry. If I could track down a decent job in security, I’d get to play with cool software like the wireless security breaking tools demonstrated by Microsoft’s Marcus Murray (more information on this session on Murray’s blog).

ORLANDO – During an updated version of one of the more popular sessions at TechEd each year, senior security engineer and Microsoft MVP Marcus Murray did attendees a major service by demonstrating that hacking into a network is not really an art, and in some ways, not even much of a science.

His “Why I Can Hack Your Network in a Day” session is actually something of a misnomer, as many of the tools he uses (including one written by SysInternals guru-turned-Microsoft fellow Mark Russinovich) can enable individuals to work their way to revealing the passwords of domain administrators in closer to 15 minutes.

Of course, this is just a case of technology allowing transfer of skill – one security expert figures out the vulnerability, encases it in a point-and-click tool, and shares with the world. But it is still interesting to see what is going on in the back-and-forth of improved security/improved breaking of security fight. As always, security experts will look at the exploited vulnerabilities, come up with ways to reduce or eliminate them, improve protocols, and release equipment with the improved protocols. This will be followed by the break-in experts analyzing the new protocols, looking for direct and secondary/side-channel attacks, determining weaknesses, exploiting those weaknesses, and releasing simple tools that allow less skilled attackers break the security. Around and around it goes, until the eventual heat death of the universe or until we all start communicating via telepathy (which will probably get hacked somehow, in which case evolution will create better telepaths, and so on).

[tags]Microsoft security engineer demonstrates wireless hacking tools[/tags]

Talk time at the democratic debate

The Chris Dodd Presidential campaign web site has an interesting chart of candidate talk times at the latest Democratic debate.

dem-debate-talkchart.png

I’m not really surprised by who has the most talk time, but I do plan on learning a little more about the candidates with the least talk time since I know so little about them right now. (via Victoria Kos)

[tags]Democratic candidates’ talk times at debate[/tags]

More work by the Bush administration to protect Americans


The Bush administration said Tuesday it will fight to keep meatpackers from testing all their animals for mad cow disease.

The Agriculture Department tests fewer than 1 percent of slaughtered cows for the disease, which can be fatal to humans who eat tainted beef. A beef producer in the western state of Kansas, Creekstone Farms Premium Beef, wants to test all of its cows.

Thank goodness we’ve got government leaders who will allow the industry self-regulation they’ve long called suggested is best for us. Or, and this is just a theory I and other folks have (and hey, we might all just be deluded conspiracy theorists, so consider that before believing this suggestion), it might be government protecting big business to the detriment of citizens and small business alike.

A federal judge ruled in March that such tests must be allowed. The ruling was to take effect June 1, but the Agriculture Department said Tuesday it would appeal – effectively delaying the testing until the court challenge plays out.

. . .

The Agriculture Department argued that widespread testing could lead to a false positive that would harm the meat industry. U.S. District Judge James Robertson noted that Creekstone sought to use the same test the government relies on and said the government didn’t have the authority to restrict it.

I’m not saying I buy the Agriculture Department argument, but felt it should be pointed out for those that do believe it.

[tags]Bush administration opposed to comprehensive mad cow testing[/tags]

The Ubuntu ebook – free for your enjoyment

Have you thought about moving to Linux? Are you unsure what Linux distribution to try, or where to get help if you do attempt it? Well, the Open Source Project has Marcel Gagné’s Moving to Ubuntu Linux ebook available for free. It’s a hefty tome, hitting almost 500 pages, and some folks don’t like Gagné’s writing. I like reading his Linux Journal columns every month, and his personal web site is interesting to me, but you should check them out to see if you can handle him.

ubuntu_ebook.jpgDiscover Ubuntu, Today’s Hottest Linux

Everyone’s talking about Ubuntuit’s not just 100% free, it’s the most useful, practical desktop Linux ever! Now, Linux expert Marcel Gagné reveals Ubuntu’s amazing power and helps you migrate from Windows faster than you ever thought possible.

Moving to Ubuntu Linux will teach you how to do virtually anything with Ubuntuwrite documents, create spreadsheets, surf the Web, use email, listen to music, watch movies, and play games.

  • Install Ubuntu fast, with easy, step-by-step instructions
  • Take control, with the GNOME desktop environment and Nautilus file manager
  • Browse the Internet using Firefox, the powerful browser that’s quickly replacing Microsoft Internet Explorer
  • Find and install all the software you’ll ever need, with Ubuntu’s powerful Synaptic package manager
  • Send email, track contacts, create calendars, and manage all your personal information with Evolution
  • Organize digital photos, rip music, burn and play CDs, watch movies, create graphics, and more
  • Discover the world of Linux games, and learn how to run Windows games on your Ubuntu PC
  • Set up an efficient, convenient network for your home or small business
  • Customize your desktop so it’s perfectly comfortable and totally efficient


So get over there and start reading. See if this is something you could take on. Consider the benefit of freeing yourself from paying Microsoft for new software every year or every time you want to upgrade. You’ll find that most things you do now can be done just as easily under Linux, and you only have to find one handy geek or one good book to figure out how to handle any of the (probably infrequent) problems you might have with Linux.

That said, however, don’t move to Linux just to move to Linux. I love Linux, but recognize that it just isn’t for everyone. Read a little of the book to get a feel for it and see if you might be interested though.

[tags]Free Ubuntu ebook, Moving to Linux free ebook[/tags]

PLoS ONE open access online science journal

Catching up on my Tingilinde reading this evening, I found a recent article there linking over to PLoS ONE. I had never heard of this site, but the article sounded interesting so I followed the link. That article, Ionizing Radiation Changes the Electronic Properties of Melanin and Enhances the Growth of Melanized Fungi, is way beyond my means of comprehension. However, the site byline, “A new way of communicating peer-reviewed science and medicine”, intrigued me. I spent a little time searching around the site to see just what PLoS ONE is. If you look at the site, you can find that it is an open access science journal, and it offers peer reviewed scientific studies for your online consumption.

PLoS ONE (eISSN-1932-6203) is an international, peer-reviewed, open-access, online publication. PLoS ONE welcomes reports on primary research from any scientific discipline. PLoS ONE is published by the Public Library of Science (PLoS), a nonprofit organization. PLoS ONE’s start-up phase is supported by a grant from the Open Society Institute.

. . .

All works published in PLoS journals are open access, licensed under the Creative Commons Attribution License. Everything is immediately available online without cost to anyone, anywhere-to read, download, redistribute, include in databases, and otherwise use-subject only to the condition that the original authorship is properly attributed. Copyright is retained by the author.

From what little I’ve poked around, it appears that the site is offering credible scientific information via what I call the Cory Doctorow method of riches through free content. Yes, it is a method that I realize others have also done. It just works in my mind to tie the practice to someone whose work I’ve consumed heavily.

If you are at all interested in what is going on in the scientific world, PLoS ONE is a good site to add to your sites-worth-visiting list. Just expect to find lots of works that are over your head (sample below). OF course, many of you may be much brighter than I am, so you might not find that to be the case, but I certainly couldn’t grok much of what I saw there. It was, regardless, quite fascinating.

PLoS-ONE_clip.jpg


Oh, and that PLoS thing? Well, that stands for the Public Library of Science. Just in case you wondered (I did, and found it while poking around the site). And if you are looking for more science sites worth visiting, just let me know and I’ll add some of the other places I’ve found to be worth the time investment.

[tags]Public Library of Science online journal, Science sites worth visiting[/tags]

For all those that complain of high gas prices

Soooooo, right here’s the problem.

Like many holiday travelers, Ron Evenhaim isn’t going to let rising gasoline prices curtail his plans for a weekend getaway.

Evenhaim rented a 40-foot diesel RV to take his family of five on the 300-mile round trip from his home in suburban Los Angeles to Lake Isabella in the Tehachapi Mountains.

. . .

An AP-Ipsos poll showed that nearly half the country says gas prices are causing a “serious hardship,” but fewer people than last year are reducing their driving, trimming other expenses or curtailing vacation plans due to higher energy costs.

“Ummmm, yeah. That thar gas pricing shore is hurtin’ us. We can’t not hardly afford tuh keep takin’ both cars tuh th’ bingo game every Thursday…”

Maybe – just maybe – people need to consider cutting back on how much driving they do? I know it’s a wacky idea, but it just might help. Seems like gas prices hurting the pocketbook might lead to some changes in driving practices. But not in America.

[tags]On high gas prices, Americans hurting from high gas prices but not cutting back on driving[/tags]

Democrats failing in legislative role

Over at Daily Kos, there is a good post from late last week on how Democrats are failing in their duties as the legislative branch by not forcing President Bush, via the Iraq war funding bill, to start some actual end-of-war planning in the near future.

There are too many suspects to pin this rap directly on any particular one of them, but there has been no shortage of Democrats who have apparently had great difficulty in finding any other way of framing the Iraq appropriations situation than as a choice between funding or “abandoning” the troops. Specifically, that by not allowing the president to essentially write the legislation himself, Democrats were somehow not living up to the responsibilities of governance.

. . .

But what this says is that today we let Congressional Republicans write our country’s Iraq funding policy. Think about how amazing that is for a moment. This president has already reduced Congress to a cipher. Under Republicans, it became little more than a Politburo, approving only legislation that garnered the support of a majority of its then-majority, and even then suffering to see that legislation negated by signing statements. And now, after the American people stripped the Congressional Republicans of what little power this president permitted them to have, they still are ultimately the authors of the enabling legislation that pretties up Bush’s fiat.

. . .

Consider that the main point of contention — indeed the only point of contention — between what Congress has already passed and what Bush will accept has nothing but nothing but nothing to do with the funding. It’s definitionally impossible for that to be the case, because every version of the supplemental either house has passed has had more funding in it than the president requested. What Bush and his apologists object to is accountability accompanying that funding.

President Bush got the same bill back except for the accountability requirements. The commentary following the article is also interesting. Some point out the failings of Pelosi and crew. Some point out how misleading the story is. Some think the article doesn’t cover deeply enough the failings the Democratic congress have had thus far. It is one story that I think any interested in politics can appreciate.

[tags]Daily Kos on the war-bill failings of the Democrats[/tags]

Olbermann explains how our government has failed us

All around, our government has failed us on its handling of the Iraq war according to Keith Olbermann. Of course, many will dismiss him as a left-wing nut spouting nonsense. Given Gallup polling that shows roughly 60% of Americans want a deadline set for withdrawal from Iraq, it’s hard to legitimately dismiss this rant as not representative of a large and growing portion of the American public’s beliefs. And while I’ve supported President Bush’s troop surge plan (although I’ve called it insufficient in scope), I’m losing faith in the situation, too. To me, Olbermann’s rant hits dead-on the reality of how Democrats have failed us on our involvement with Iraq by backing down on the troop withdrawal requirement in funding continued war efforts.

A Special Comment about the Democrats’ deal with President Bush to continue financing this unspeakable war in Iraq-and to do so on his terms:

This is, in fact, a comment about… betrayal.

Few men or women elected in our history-whether executive or legislative, state or national-have been sent into office with a mandate more obvious, nor instructions more clear:

Get us out of Iraq.

Yet after six months of preparation and execution-half a year gathering the strands of public support; translating into action, the collective will of the nearly 70 percent of Americans who reject this War of Lies, the Democrats have managed only this:

  • The Democratic leadership has surrendered to a president-if not the worst president, then easily the most selfish, in our history-who happily blackmails his own people, and uses his own military personnel as hostages to his asinine demand, that the Democrats “give the troops their money”;
  • The Democratic leadership has agreed to finance the deaths of Americans in a war that has only reduced the security of Americans;
  • The Democratic leadership has given Mr. Bush all that he wanted, with the only caveat being, not merely meaningless symbolism about benchmarks for the Iraqi government, but optional meaningless symbolism about benchmarks for the Iraqi government.
  • The Democratic leadership has, in sum, claimed a compromise with the Administration, in which the only things truly compromised, are the trust of the voters, the ethics of the Democrats, and the lives of our brave, and doomed, friends, and family, in Iraq.

You, the men and women elected with the simplest of directions-Stop The War-have traded your strength, your bargaining position, and the uniform support of those who elected you… for a handful of magic beans.

Olbermann’s rant goes on far beyond what I have quoted above, and it is one of the best monologues on our government’s failures of late that I have seen. This story is one of my most highly recommended reads that I’ve ever taken the time to post.  The link includes a video to go with the transcript.
President Bush has decided to keep letting Americans die in Iraq, and rather than taking control and righting this executive abuse, our Congress has folded. I’m sure fear of losing votes motivated this for the Democrats, which is exactly why they deserve to lose our votes – we need purposeful leadership in our Federal government right now, and it is nowhere to be seen. The sad reality is, though, the current Republicans in office have mostly lost any right to our votes as well by supporting President Bush’s ongoing removal of freedoms in America, meaning we are left with few or no incumbents who deserve to remain in office.

I’m afraid the Democrats have just cost themselves the majority in the next election. The Republicans have spent six years supporting the Executive office in stripping away so much of what makes America great and a world leader, therefore proving they should not hold a majority. This means that I can already see the next election will absolutely suck for Congressional positions and for the President. There is no worthy leadership right now in the White House nor Congress. Our politicians have failed us far more than normal, and have done so for varying reasons – incapacity to see anything other than a moronic “Stay the course” farce, unwillingness to stand up to an abusive President, fear of losing personal and party power, lack of understanding of what constituency wants, and so on. I honestly pray that in the next year, some actual leadership emerges in either party and we start seeing a way to a more sane nation. And I thank Keith Olbermann for his rant that got me to open and make my own mini-rant.

[tags]Keith Olbermann calls out Democrats for failing America, Olbermann rant on Iraq war failures by Executive and Legislative branches[/tags]

Happy 300th, Carl

Happy 300th Carl Linnaeus! Of course, you have no idea who Carl Linnaeus is, but you are a Homo because of Carl – a Homo sapiens, that is.

wikipedia-CarlLinnaeus.jpgCarl Linnaeus, also known as Carl von Linné or Carolus Linnaeus, is often called the Father of Taxonomy. His system for naming, ranking, and classifying organisms is still in wide use today (with many changes). His ideas on classification have influenced generations of biologists during and after his own lifetime, even those opposed to the philosophical and theological roots of his work.

. . .

For Linnaeus, species of organisms were real entities, which could be grouped into higher categories called genera (singular, genus). By itself, this was nothing new; since Aristotle, biologists had used the word genus for a group of similar organisms, and then sought to define the differentio specifica — the specific difference of each type of organism. But opinion varied on how genera should be grouped. Naturalists of the day often used arbitrary criteria to group organisms, placing all domestic animals or all water animals together. Part of Linnaeus’ innovation was the grouping of genera into higher taxa that were also based on shared similarities. In Linnaeus’s original system, genera were grouped into orders, orders into classes, and classes into kingdoms. Thus the kingdom Animalia contained the class Vertebrata, which contained the order Primates, which contained the genus Homo with the species sapiens — humanity. Later biologists added additional ranks between these to express additional levels of similarity.

Before Linnaeus, species naming practices varied. Many biologists gave the species they described long, unwieldy Latin names, which could be altered at will; a scientist comparing two descriptions of species might not be able to tell which organisms were being referred to. For instance, the common wild briar rose was referred to by different botanists as Rosa sylvestris inodora seu canina and as Rosa sylvestris alba cum rubore, folio glabro. The need for a workable naming system was made even greater by the huge number of plants and animals that were being brought back to Europe from Asia, Africa, and the Americas. After experimenting with various alternatives, Linnaeus simplified naming immensely by designating one Latin name to indicate the genus, and one as a “shorthand” name for the species. The two names make up the binomial (“two names”) species name. For instance, in his two-volume work Species Plantarum (The Species of Plants), Linnaeus renamed the briar rose Rosa canina. This binomial system rapidly became the standard system for naming species. Zoological and most botanical taxonomic priority begin with Linnaeus: the oldest plant names accepted as valid today are those published in Species Plantarum, in 1753, while the oldest animal names are those in the tenth edition of Systema Naturae (1758), the first edition to use the binomial system consistently throughout. Although Linnaeus was not the first to use binomials, he was the first to use them consistently, and for this reason, Latin names that naturalists used before Linnaeus are not usually considered valid under the rules of nomenclature.

Now you know where the name comes from. So celebrate your taxonomy today.

[tags]Happy Birthday Carl Linnaeus, The origins of modern taxonomy[/tags]