topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Saturday April 4, 2020, 4:46 am
  • Proudly celebrating 15 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Renegade [ switch to compact view ]

Pages: prev1 2 3 4 [5] 6 7 8 9 10 ... 41next
101
Android security mystery – ‘fake’ cellphone towers found in U.S.

http://www.welivesec.../android-security-2/

Seventeen mysterious cellphone towers have been found in America which look like ordinary towers, and can only be identified by a heavily customized handset built for Android security – but have a much more malicious purpose, according to Popular Science.

The fake ‘towers’ – computers which wirelessly attack cellphones via the “baseband” chips built to allow them to communicate with their networks, can eavesdrop and even install spyware, ESD claims. They are a known technology - but the surprise is that they are in active use.

The towers were found by users of the CryptoPhone 500, one of several ultra-secure handsets that have come to market in the last couple of years, after an executive noticed his handset was “leaking” data regularly.

Its American manufacturer boasts that the handset has a “hardened” version of Android which removes 468 vulnerabilities from the OS.

Uh, yeah. Ok. More at the link.

102
Developer's Corner / /r/ShittyProgramming
« on: August 30, 2014, 09:12 AM »
http://www.reddit.co.../r/ShittyProgramming

I think a few people here will get a few laughs. :)

e.g. http://www.reddit.co.../18_arguments_later/

Code: C [Select]
  1. void part3( __global struct triangle *triangles,__global uint *tri_num, __global float4 *c_pos, __global float4 *c_rot, __global uint* depth_buffer, __read_only image2d_t id_buffer,
  2.        __read_only image3d_t array, __write_only image2d_t screen, __global uint *nums, __global uint *sizes, __global struct obj_g_descriptor* gobj, __global uint * gnum,
  3.        __global uint *lnum, __global struct light *lights, __global uint* light_depth_buffer, __global uint * to_clear, __global uint* fragment_id_buffer, __global float4* cutdown_tris)
I'd like to thank firstly myself for being an amazing programmer, and secondly OpenCL for being literally hitler


More good stuff there as well. :)

103
I suppose this is no surprise to anyone, but CGP Grey has another short film that some may find entertaining:



Kiss your job good-bye?


104
Living Room / Youtube stepping up video size again?
« on: August 28, 2014, 11:28 PM »
Has anyone noticed that Youtube has stepped up the size of the videos again?

Now everything seems simply massive.

105
The AI question! Such fun and speculation!

http://www.dailymail...engineer-claims.html

Robots could murder us out of KINDNESS unless they are taught the value of human life, engineer claims

  • The warning was made by Amsterdam-based engineer, Nell Watson
  • Speaking at a conference in Sweden, she said robots could decide that the greatest compassion to humans as a race is to get rid of everyone
  • Ms Watson said computer chips could soon have the same level of brain power as a bumblebee – allowing them to analyse social situations
  • 'Machines are going to be aware of the environments around them and, to a small extent, they're going to be aware of themselves,' she said
  • Her comments follow tweets by Tesla-founder, Elon Musk, earlier this month who said AI could be more dangerous than nuclear weapons

Future generations could be exterminated by Terminator-style robots unless machines are taught the value of human life.

This is the stark warning made by Amsterdam-based engineer Nell Watson, who believes droids could kill humans out of both malice and kindness.

Teaching machines to be kind is not enough, she says, as robots could decide that the greatest compassion to humans as a race is to get rid of everyone to end suffering.

'The most important work of our lifetime is to ensure that machines are capable of understanding human value,' she said at the recent 'Conference by Media Evolution' in Sweden.

'It is those values that will ensure machines don't end up killing us out of kindness.'

...

Professor Hawking said dismissing the film as science fiction could be the ‘worst mistake in history’.

More at the link.

Issac Asimov anyone? ;)


106
Here's an interesting app:

http://newyork.cbslo...ids-to-return-calls/

Frustrated Mom Creates ‘Ignore No More’ App To Get Teen Kids To Return Calls

Parents in the Tri-State and around the world can relate: Trying to reach your teen by phone, only to get ignored.

One frustrated mom decided to do something about it.

As CBS 2’s Alice Gainer reports, Sharon Standifird, was livid the day she called and texted her teenagers and they didn’t respond.

Once she knew they were safe but ignoring her calls, she got an idea, Gainer reported.

“We need to develop an app that just shuts their phone completely down and they can’t even use it,” Standifird said. “And I started — literally just started researching how to develop an app.”

So after months of design and working with developers, “Ignore No more” was born.

With one tap, a list of only parent-selected contacts come up. The child can call, get the password and unlock the phone.

“Bradley needs to call me because I’m the person that has the unlock password,” Standifird said.

“It takes away texting, it takes away the gaming, it takes away calling their friends. The child will always be able to call 911,” said Standifird.

“So much for my daughter saying she didn’t get my text,” a woman named Deborah from Hoboken, N.J. told CBSNewYork.com. She added she loves the idea and is going to download the app.

CBSNewYork Facebook fan Teresa said she “loves it.” Antonio commented on Facebook that he would use the app, “especially since I’m the one paying the phone bills.”

So far, it seems the app has been a success. Standifird says her son responds to her texts and calls more quickly than he used to.

Her son Bradley, however, likes the idea, but not for himself. “Um, well I thought it was a good idea, but for other people, not me.”

“Ignore No More” is available only for Android phones on Google Play.

Heh. Clever. :)

107
Living Room / Do you use a Portrait mode monitor?
« on: August 14, 2014, 11:03 AM »
I have 2 monitors that pivot to portrait mode and a third that is landscape only. I keep 1 monitor in portrait mode, and it's my main monitor for most of what I do. My only complaint is that it is sometimes a bit thin for some sites, but most are fine on it, and I can read a huge amount very quickly and easily.

Anyone else use portrait mode?

108
It's 1982 and a British band releases one of the heaviest albums produced to date.

The album starts with a short, heavy instrumental and then picks up the pace with an ominous foreshadowing...

Up here in space
I'm looking down on you

My laser's trace
Everything you do

You think you've private lives
Think nothing of the kind
There is no true escape
I'm watching all the time

...

Always in focus
You can't feel my stare
I zoom into you
You don't know I'm there



Well, apparently zoom levels are about ready to include your face. From orbit.

http://motherboard.v...your-face-from-space

Google's Satellites Could Soon See Your Face from Space

Google will soon have an unprecedented ability to spy on you from space. Theoretically, at least. How?

Two months ago, after much lobbying by the biggest satellite company in North America, DigitalGlobe, the US government relaxed restrictions to allow for commercially available satellite imagery up to 25 cm resolution—twice as detailed as the previous limit of 50 cm.

Now, the first commercial satellite set to capture these high-res images, DigitalGlobe's Worldview-3, will launch this Wednesday. Six months after that, private businesses willing to fork over the money will be able to get their hands on hyper-detailed photos and videos of the globe.

That, of course, includes Google.

Google—along with Microsoft, NASA, and numerous US federal agencies such as National Geospatial-Intelligence Agency, which played a pivotal role in the seizure of Osama Bin Laden—is a regular DigitalGlobe customer. It signed a multiyear imagery contract with the colossus satellite company in February to use satellite imagery for apps like Google Earth, Maps, and Street View.

...

The satellite behemoth is now making a push to relax the rules even further, down to 10 cm resolution, about the height of an iPhone 4.

DigitalGlobe currently has five birds in the sky, and one, GeoEye-1, has the ability to capture images at 41 centimeters. The company lobbied hard to loosen restrictions to 25 centimeters so that it could compete with foreign firms that will be blasting their own satellites into orbit soon...


But, the really good quote from the article... the one that will have you in rolling on the floor laughing...

Google, for its part, claims it will use satellite image and video capabilities for the greater good.

More at the link.

It's pretty cool tech, but...


109
Embrace your infant overlords! :P

http://www.dailymail...ike-human-brain.html

  • TrueNorth is being hailed as the world’s first neurosynaptic computer chip because it can figure things out on its own
  • Modern processors have 1.4 bn transistors and consume up to 140 watts but the IBM chip contains 5.4 bn transistors and uses just 70 milliwatts
  • Richard Doherty, the research director of tech research firm Envisioneering Group, hailed IBM's chip as a ‘really big deal’

IBM has developed a computer chip which it says will function like a human brain in a giant step forward for artificial intelligence.

TrueNorth is being hailed as the world’s first neurosynaptic computer chip because it can figure things out on its own.

The chip also has one million ‘neurons’ and could cram the same power as a super computer into a circuit the size of a postage stamp.

IBM's TrueNorth processor could enable a wide variety of applications based on the human brain's computing power. For instance, it could help assist vision-impaired people to navigate through an environment

Experts said that it was as big an advance as the advent of supercomputers in the 1980.

Horst Simon, deputy director of the Lawrence Berkeley National Laboratory, told the New York Times: ‘It is a remarkable achievement in terms of scalability and low power consumption’.

Modern processors have some 1.4 billion transistors and consume up to 140 watts but the IBM chip contains 5.4 billion transistors and uses just 70 milliwatts of power, meaning it is incredibly efficient.

More about your new masters at the link! :P

110
Living Room / Blackhat thread
« on: August 10, 2014, 09:08 AM »
There's a lot of very cool stuff out there with a huge amount of educational value in the blackhat arena. I figure that it might be good to have 1 thread for it.

I posted Chris Piaget's RFID hacking presentation a while back in another thread, but let's start with another:

Black Hat USA 2013 - Hiding @ Depth - Exploring, Subverting and Breaking NAND Flash memory



Layman's Summary:

You can create bad blocks then store data there (NAND memory). Bad blocks are ignored, so you are effectively invisible.

Utterly. Terrifying.

At one point he says, "which I'm not making public." Yeah... uh, we already got the point.

It's a great presentation, and well worth a watch for anyone interested in mobile security.

Linux and Android devs will find this interesting. He also makes reference to the panic_write() call, which is really wild. I had no idea that existed.

111
Living Room / New "censorship" technique on Youtube
« on: August 08, 2014, 07:13 AM »
It seems Youtube has come up with a way to circumvent complete censorship at the hands of the MAFIAA, and instead reach a compromise.

I came across a video with it. Here's a screenshot:

Contains mildly graphic material
Screenshot - 2014_08_08 , 10_07_07 PM.png


The Youtube message:

This video previously contained a copyrighted audio track. Due to a claim by a copyright holder, the audio track has been muted.

I've not seen that before, and assume it's relatively new.

I suppose this is a step in the right direction.

112
This is interesting for the whole IP/copyright blabbering.

http://myfox8.com/20...-owns-the-copyright/

Wikimedia has denied a photographer’s request to remove a “monkey selfie” photo because the monkey pressed the shutter button making the photo ineligible for copyright, according to the Telegraph.

Nature photographer David Slater was in Indonesia in 2011 when a crested black macaque stole his camera and took hundreds of photos, including the famous selfie that was featured in publications across the world.

Many of the photos were blurry shots of the jungle floor, but among the throwaways were the selfie that gave Slater worldwide attention.



More at the link.

I'm tempted to type some bad puns...

113
Living Room / My first 408...
« on: August 05, 2014, 12:10 PM »
Everyone knows 404, and everyone has seen a few 403s, but a 408? Request timeout?

I've never actually seen that error until today.  :o

https://en.wikipedia...of_HTTP_status_codes

Check out the 451 error. Glad I've not seen any of those. Hope I never will.

114
Living Room / Extracting audio from visual information
« on: August 04, 2014, 10:53 PM »
This is pretty cool, but also a bit scary given the current world we live in.

http://newsoffice.mi...from-vibrations-0804

Researchers at MIT, Microsoft, and Adobe have developed an algorithm that can reconstruct an audio signal by analyzing minute vibrations of objects depicted in video. In one set of experiments, they were able to recover intelligible speech from the vibrations of a potato-chip bag photographed from 15 feet away through soundproof glass.

In other experiments, they extracted useful audio signals from videos of aluminum foil, the surface of a glass of water, and even the leaves of a potted plant. The researchers will present their findings in a paper at this year’s Siggraph, the premier computer graphics conference.

“When sound hits an object, it causes the object to vibrate,” says Abe Davis, a graduate student in electrical engineering and computer science at MIT and first author on the new paper. “The motion of this vibration creates a very subtle visual signal that’s usually invisible to the naked eye. People didn’t realize that this information was there.”

More at the link.

Here's a vid of it:



It reminds me of when I first heard about laser audio surveillance about 20 years ago.


115
Looks like communications are about to be decentralised.  :Thmbsup:

https://torrentfreak...-chat-client-140730/

Encrypted Internet traffic surged worldwide after the Snowden revelations, with several developers releasing new tools to enable people to better protect their privacy.

Today BitTorrent Inc. contributes with the release of BitTorrent Bleep, a communication tool that allows people to exchange information without the need for any central servers. Combined with state of the art end-to-end encryption, the company sees Bleep as the ideal tool to evade government snooping.

Bleep’s main advantage over some other encrypted messaging applications is the absence of central servers. This means that there are no logs stored, all metadata goes through other peers in the network.

“Many messaging apps are advertising privacy and security by offering end-to-end encryption for messages. But when it comes to handling metadata, they are still leaving their users exposed,” BitTorrent’s Farid Fadaie explains.

“We reimagined how modern messaging should work. Our platform enables us to offer features in Bleep that are unique and meaningfully different from what is currently available.”

More at the link.



http://blog.bittorre...vite-only-pre-alpha/

BitTorrent’s Chat Client Unveiled: BitTorrent Bleep Now in Invite Only Pre-Alpha

Speak Freely – It’s Person to Person.

The BitTorrent Bleep Pre-Alpha will be available on Windows desktop to start. Easy to use, Bleep offers freedom to communicate over text and voice, person to person.

Hoping for early access to BitTorrent’s first serverless chat client? We have good news. Today, we will begin letting testers try out the Pre-Alpha. We are also unveiling its name: BitTorrent Bleep.

Why Bleep, you might ask? Well, basically, we never see your messages or metadata. As far as we’re concerned, anything you say is “bleep” to us.

And with the susceptibility of communications platforms to snooping and hacking, reminders of which seems to surface every week, we realized that we were uniquely qualified to build a better platform and application.

More at that link.

In other news, the NSA has redesignated the name of its largest surveillance division "Whack-A-Mole". :P 8)

116
DC Gamer Club / "Crawl" release date delayed - awesome blog post!
« on: August 01, 2014, 06:36 AM »
This is a laugh & a half:

http://www.powerhoof.com/release/

They did up a GIF to explain the situation:



 :Thmbsup:

117
I've seen people posting code snippets, so here's one...

I was looking around for a way to increment a file name, and didn't come across anything that really worked all that well except for 1 that kind of worked. I've bolstered it up a bit & made it more robust.

Problem:

You want to quickly save file.ext, but not overwrite an existing file with that name. Obviously you want to add an increment for the file name: 1, 2, 3, etc. So you end up with something like this in a folder:

file.ext
file (1).ext
file (2).ext
etc.

Snippet:

This is a bit sloppy in a few places, but it's good enough.

NOTE: This comes out of writing some transcoding software, so the signature there is to allow passing in a file name along with a new file name extension, which is a bit sloppy for general purposes. Basically, you can change the file extension by passing in a different "ext" parameter.

If you don't want a new file extension, simply pass in an empty string for "ext".

Code: C# [Select]
  1. /// <summary>
  2. /// A function to add an incremented number at the end of a file name if a file already exists.
  3. /// </summary>
  4. /// <param name="file">The file. This should be the complete path.</param>
  5. /// <param name="ext">This can be empty.</param>
  6. /// <returns>An incremented file name. </returns>
  7. private string AppendFileNumberIfExists(string file, string ext)
  8. {
  9.         // This had a VB tidbit that helped to get this started.
  10.         // http://www.codeproject.com/Questions/212217/increment-filename-if-file-exists-using-csharp
  11.  
  12.         // If the file exists, then do stuff. Otherwise, we just return the original file name.
  13.         if (File.Exists(file)) {
  14.                 string folderPath = Path.GetDirectoryName(file); // The path to the file. No sense in dealing with this unecessarily.
  15.                 string fileName = Path.GetFileNameWithoutExtension(file); // The file name with no extension.
  16.                 string extension = string.Empty; // The file extension.
  17.                 // This lets us pass in an empty string for the file extension if required. i.e. It just makes this function a bit more versatile.
  18.                 if (ext == string.Empty) {
  19.                         extension = Path.GetExtension(file);
  20.                 }
  21.                 else {
  22.                         extension = ext;
  23.                 }
  24.  
  25.                 // at this point, find out if the fileName ends in a number, then get that number.
  26.                 int fileNumber = 0; // This stores the number as a number for us.
  27.                 // need a regex here - \(([0-9]+)\)$
  28.                 Regex r = new Regex(@"\(([0-9]+)\)$"); // This matches the pattern we are using, i.e. ~(#).ext
  29.                 Match m = r.Match(fileName); // We pass in the file name with no extension.
  30.                 string addSpace = " "; // We'll add a space when we don't have our pattern in order to pad the pattern.
  31.                 if (m.Success) {
  32.                         addSpace = string.Empty; // We have the pattern, so we don't add a space - it has already been added.
  33.                         string s = m.Groups[1].Captures[0].Value; // This is the single capture that we are looking for. Stored as a string.
  34.                         // set fileNumber to the new number.
  35.                         fileNumber = int.Parse(s); // Convert the number to an int.
  36.                         // remove the numbering from the string as we're constructing it again below.
  37.                         fileName = fileName.Replace("(" + s + ")", "");
  38.                 }                
  39.                
  40.                 // Start looping.
  41.                 do
  42.                 {
  43.                         fileNumber += 1; // Increment the file number that we have above.
  44.                         file = Path.Combine(folderPath, // Combine it all.
  45.                                                 String.Format("{0}{3}({1}){2}", // The pattern to combine.
  46.                                                                           fileName,         // The file name with no extension.
  47.                                                                           fileNumber,       // The file number.
  48.                                                                           extension,        // The file extension.
  49.                                                                           addSpace));       // A space if needed to pad the initial ~(#).ext pattern.
  50.                         }
  51.                 while (File.Exists(file)); // As long as the file name exists, keep looping.
  52.         }
  53.         return file;
  54. }

Just one of those typical jobs that nobody should have to bother doing again.

118
Living Room / Russia offers over $100,000 to de-anonymize Tor
« on: July 25, 2014, 07:49 PM »
Looks like there's a bounty on Tor. Yay.  :-\

http://www.dailydot....-research-break-tor/

The never-ending race to break Tor just got a little more competition.

The Russian federal government is now offering roughly $111,000 (or 3.9 million roubles) to researchers who explore ways to de-anonymize and learn technical details about all Tor users. The Russian Ministry of Internal Affairs (MIA) is accepting proposals until August at their Moscow office.

The MIA specifically calls for research to “study the possibility of obtaining technical information about users and users equipment on the Tor anonymous network,” according to a translated version of the proposal. Only Russian nationals are allowed to win the contract "in order to ensure the country's defense and security."

Tor, which was originally invented at the U.S. Navy and receives millions of dollars in funding from the U.S. government every year, is in the crosshairs of governments around the globe due to its ability to allow user to access the Internet anonymously. Even the U.S. government, the chief underwriter of the project, spends significant resources targeting users and trying to break the program’s anonymity as revealed by National Security Agency documents leaked by Edward Snowden last year.

The American-funded anonymity network has become extremely popular in Russia over the last three months, hitting a peak of over 200,000 concurrent users in June.

The Russian surge in Tor usage is seen as a reaction to the slow tide of both digital and offline oppression in the country. In April, Russian President Vladimir Putin called the Internet “a special CIA project” in the midst of new laws being passed that clamped down on citizens' freedoms.

“The reason for a surge in TOR-usage in Russia is quite obvious and has to do with the unfathomable repressive turn the Russian regime has taken since starting off the conflict with Ukraine,” Russian scholar Vilhem Konnander told the Daily Dot via email.

More at the link.


119
An interesting story about a film maker putting his work up for pirates...

http://torrentfreak....ates-deliver-140724/

DIRECTOR WANTS HIS FILM ON THE PIRATE BAY, PIRATES DELIVER…

A few days ago a Dutch movie director asked people to upload a copy of one of his older films onto The Pirate Bay. The filmmaker had become fed up with the fact that copyright issues made his work completely unavailable through legal channels. To his surprise, pirates were quick to deliver.

suzyDutch movie director Martin Koolhoven sent out an unusual request on Twitter a few days ago.

While many filmmakers fear The Pirate Bay, Koolhoven asked his followers to upload a copy of his 1999 film “Suzy Q” to the site.

“Can someone just upload Suzy Q to The Pirate Bay?” Koolhoven asked.

The director doesn’t own all copyrights to the movie himself, but grew frustrated by the fact that his film is not available through legal channels.

The TV-film, which also features the film debut of Game of Thrones actress Carice Van Houten, was paid for with public money but after the music rights expired nobody was able to see it anymore.

The main problem is with the film’s music, which includes tracks from popular artists such as The Rolling Stones and Jimi Hendrix. This prevented the film from being released in movie theaters and on DVD, and the TV-network also chose not to extend the licenses for the TV rights.

Since the music was no longer licensed it couldn’t be shown anymore, not even on the websites of the public broadcasters.

“To me, it felt like the movie had died,” Koolhoven tells TorrentFreak.

Hoping to bring it back to life, Koolhoven tweeted his upload request, and it didn’t take long before the pirates delivered. Within a few hours the first copy of the film was uploaded, and several more were added in the days that followed.

“I had no idea the media would pick it up the way they did. That generated more media attention. At first I hesitated because I didn’t want to become the poster boy for the download-movement. All I wanted was for people to be able to see my film,” Koolhoven says.

Unfortunately the first upload of the movie that appeared on The Pirate Bay was in very bad quality. So the director decided to go all the way and upload a better version to YouTube himself.

“I figured it would probably be thrown off after a few days, due to the music rights issue, but at least people could see a half decent version instead of watching the horrible copy that was available on The Pirate Bay,” Koolhoven tells us.

Interestingly, YouTube didn’t remove the film but asked the director whether he had the right to use the songs. Since this is not the case the money made through the advertisements on YouTube will go to the proper rightsholders.

“We’re a few days later now and the movie is still on YouTube. And people have started to put higher quality torrents of Suzy Q on Pirate Bay. Even 720p can be found, I’ve heard,” Koolhoven notes.

While the director is not the exclusive rightsholder, he does see himself as the moral owner of the title. Also, he isn’t shying away from encouraging others to download and share the film.

In essence, he believes that all movies should be available online, as long as it’s commercially viable. It shouldn’t hurt movie theater attendance either, as that remains the main source of income for most films and the best viewing experience.

“I know not everybody cares about that, but I do. The cinema is the best place to see movies. If you haven’t seen ‘Once Upon a Time in the West’ on the big screen, you just haven’t seen it,” Koolhoven says.

In the case of Suzy Q, however, people are free to grab a pirated copy.

“Everyone can go to The Pirate Bay and grab a copy. People are actually not supposed to, but they have my permission to download Susy Q,” Koolhoven said in an interview with Geenstijl.

“If other people download the movie and help with seeding then the download time will be even more reasonable,” Koolhoven adds.

120
I debated putting this in this thread: Interview With "The Dread Pirate Roberts" of The Silk Road, but figured that the issue deserves its own title and thread.

Issue: Can a web site owner be put in prison for something that somebody else posts on the web site owner's site?

Here's an interview with Ross Ulbricht's mother, Lyn Ulbricht.



At the beginning, Alex talks about related issues he's personally encountered (6:00~6:20 contains a tl;dr). Interview starts at about 6:20:

http://youtu.be/W7xkjcTKVfI?t=6m

tl;dr - This fight is about the transfer of intent, e.g. I post something potentially illegal on your site, then you get charged for it. Good discussion there though, and worth a listen.

The interview is very good. Lyn gets to talk a lot about the trial and what is going on. She talks about the underlying issues and some of what they are doing with the lawyers.

Here's the site to free Ross:

http://freeross.org/

Roger Ver has helped the effort incredibly:

https://twitter.com/...s/485478065959493632

I posted about that here:

https://www.donation....msg359101#msg359101

Here's an example of a list of URLs that are illegal in Germany. (I've broken the URL so that it doesn't link.)

http : // web . archive . org / web / 20140707204711 / https : // bpjmleak . neocities . org /

Here's a brief quote from that page (no URLs - only commentary - much is highly technical):

In spoiler because it's a bit long - cut to avoid any URLs
Found German secret Internet censorship list as hashes and recovered >99% of the URLs.
tl;dr: Germany has a censorship federal agency called BPjM which maintains a secret list of about 3000 URLs. To keep the list secret it is distributed in the form of md5 or sha1 hashes as the "BPJM-Modul". They think this is safe. This leak explains in detail that it is in fact very easy to extract the hashed censorship list from home routers or child protection software and calculate the cleartext entries. It provides a first analysis of the sometimes absurd entries on such a governmental Internet censorship list.
Introduction to the BPjM

The Federal Department for Media Harmful to Young Persons (German: "Bundesprüfstelle für jugendgefährdende Medien" or BPjM) is an upper-level German federal agency subordinate to the Federal Ministry of Family Affairs, Senior Citizens, Women and Youth. It is responsible for examining media works allegedly harmful to young people and entering these onto an official list – a process known as Indizierung (indexing) in German. The decision to index a work has a variety of legal implications. [...] Germany is the only western democracy with an organization like the BPjM. The rationales for earlier decisions to add works to the index are, in retrospect, incomprehensible reactions to moral panics.
Quote by Wikipedia
The censorship list ("index") is split into various sublists:
Sublist A: Works that are harmful to young people
Sublist B: Works whose distribution is prohibited under the Strafgesetzbuch (German Criminal Code) (in the opinion of the BPjM)
Sublist E: Entries prior to April 1, 2003
Sublist C: All indexed virtual works harmful to young people whose distribution is prohibited under Article 4 of the Jugendmedienschutz-Staatsvertrag
Sublist D: All indexed virtual works, which potentially have content whose distribution is prohibited under the Strafgesetzbuch.
The sublists A, B and E contain about 3000 movies, 400 games, 900 printed works and 400 audio recordings. That sublists are quarterly published in the magazine "BPjM-aktuell" which can be read in any major library in Germany.

The sublists C and D were as well published in BPjS-aktuell (now BPjM-aktuell) up to edition 2003-01.
Since then the list of indexed virtual media is considered secret. As of July 2014 it contains more than 3000 URLs.

In order to make use of a secret censoring list the BPjM offers the "BPjM-Modul", which is a list of cryptographic hashes representing the censored URLs. The list is distributed about once per month to more than 27 companies who offer child protection software or DSL/Cable routers (for example AVM FRITZ!Box Router, Draytek Vigor Router, Telekom Kinderschutz Software, Salfeld Kindersicherung and Cybits JusProg and Surfsitter). This companies usually implement the blocklist as opt-in – users have to enable it by choice to filter the websites. Additionally, the major search engines like Google, Bing or Yahoo agreed to filter their results in Germany based on the list. They can download the (cleartext) list from a server of the FSM (Freiwillige Selbstkontrolle Multimedia-Diensteanbieter e. V.). In comparison to the opt-in approach by the router manufacturers the search engines filter all results served to German users, it is not possible to opt-out.

In 2011, "porno lawyer" Marko Dörre requested access to the list in order to do his work. This was denied two years later in curt decision VG Köln, 2013-07-04 – 13 K 7107/11 stating publication of the list could harm public safety. The curt further justifies its decision by stating that there are agreements with the 27 companies which have access to the hashed blacklist in place to ensure the list stays secret. This methods could be considered safe as there is no unauthorized use of the module data known since its creation in 2005.

This leak proves that the BPjM-Modul is not a secure way to distribute a secret Internet censorship list. It is not difficult at all to extract the list from different sources and calculate the cleartext URLs of the hashes. It proves as well that secret Internet censorship lists are of bad quality, with many outdated and absurd entries harming legitimate businesses.
BPjM-Modul implementations



I wouldn't recommend visiting any of those URLs though. Actually, I would strongly recommend against it.

The URL may have been changed if the Wayback Machine buckles to censorship.

But, if you posted those URLs to a site, you might be endangering the site owner. Or, that's what the issue behind this case is.

Check out http://freeross.org/ for more information on the issue.

This matters.

121
Living Room / Moore's Law Dead by 2022, Expert Says
« on: July 24, 2014, 08:22 AM »
All good things must come to an end?

http://www.eetimes.c...t.asp?doc_id=1319330

Moore's Law -- the ability to pack twice as many transistors on the same sliver of silicon every two years -- will come to an end as soon as 2020 at the 7nm node, said a keynoter at the Hot Chips conference here.

While many have predicted the end of Moore's Law, few have done it so passionately or convincingly. The predictions are increasing as lithography advances stall and process technology approaches atomic limits.

"For planning horizons, I pick 2020 as the earliest date we could call it dead," said Robert Colwell, who seeks follow-on technologies as director of the microsystems group at the Defense Advanced Research Projects Agency. "You could talk me into 2022, but whether it will come at 7 or 5nm, it's a big deal," said the engineer who once managed a Pentium-class processor design at Intel.

Moore's Law was a rare exponential growth factor that over 30 years brought speed boosts from 1 MHz to 5 GHz, a 3,500-fold increase. By contrast, the best advances in clever architectures delivered about 50x increases over the same period, he said.

Exponentials always come to an end by the very nature of their unsustainably heady growth. Unfortunately, such rides are rare, Colwell said.

"I don't expect to see another 3,500x increase in electronics -- maybe 50x in the next 30 years," he said. Unfortunately, "I don't think the world's going to give us a lot of extra money for 10 percent [annual] benefit increases," he told an audience of processor designers.

Colwell poured cold water on blind faith that engineers will find another exponential growth curve to replace Moore's Law. "We will make a bunch of incremental tweaks, but you can't fix the loss of an exponential," he said.

DARPA tracks a list of as many as 30 possible alternatives to the CMOS technology that has been the workhorse of Moore's Law. "My personal take is there are two or three promising ones and they are not very promising," he said.

More at the link.

On the plus side, it might make it easier to buy ASICs for cryptocurrency mining in a few years. :)

122
Living Room / iiNET fights data retention down under
« on: July 23, 2014, 12:55 AM »
The iiNET ISP is fighting data retention laws in Australia:

http://blog.iinet.ne...ecting-your-privacy/

A few excerpts:

One of the features of the iiNet Copyright Trial was our strong stand against monitoring our customers. The Hollywood Studios believed we should data-match information provided by third parties who were monitoring our customers, and then send warning notices to alleged copyright infringers, all without lawful warrants – the High Court agreed with us.

In iiNet’s view, we should not be forced to collect, store or match personal information on behalf of third parties – our only obligation is to retain the information necessary to provide, maintain and bill for services. iiNet does not keep any web browsing history or download records, for example.

Last week the Attorney General, George Brandis said the government is now actively considering a data retention regime that could impact on anyone who uses the Internet in this country.

...

We don’t think this ‘police state’ approach is a good idea, so we’re fighting moves by the Australian Government to introduce legislation that would force us to collect and store your personal information.

...

Police say “If you have nothing to hide, then you shouldn’t be worried”. Personally I think that if you follow that dubious logic, we’d all be walking around naked. It’s not about being worried, or wanting to ‘hide’ anything. It’s about the right to decide what you keep private and what you allow to be shared. YOU should be the one to make that call, and that decision should stick until a warrant or something similar is issued to law enforcement agencies to seize your information.

...

It is hard to measure exactly what this will all cost, but we expect that collecting and keeping every customer’s ‘metadata’ would require the construction of many new data centres, each storing petabytes (that’s 1 billion megabytes!) of information at a cost of tens or hundreds of millions of dollars. There is no suggestion that the government would pay these costs, so our customers will be expected to pick up these costs in the form of a new surveillance tax.

More at the link.

Anyone up for a bet?

In 10 years this will all be looked at with nostalgia as people debate whether or not the government has the right to chip everyone and monitor their movements... Because safety, terrorism, and think of the children!

123
This is darkly funny:

http://arstechnica.c...ties-before-the-nsa/

"You should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets, or monitor your communications," writes Google security researcher Chris Evans. To help make that a reality, Google has put together a new team of researchers whose sole purpose is to find security flaws in software—any software—that's used on the Internet.

Google employees have found and reported security flaws in the past, but only as a part-time effort. The new "Project Zero" team will be dedicated to hunting for the kind of exploitable flaws that could be used to spy on human rights activists or conduct industrial espionage. Aiming to disrupt targeted attacks, the team will look at any software that's depended on by a large number of people.

Project Zero will report bugs it finds only to the software vendor, and it will give those vendors 60 to 90 days to issue patches before public disclosure. This time frame may be reduced for bugs that appear to be actively exploited.

Sounds like they're trying to not be evil! :D

But Google racing against the NSA and GCHQ to find exploits? That's just hilarious!

I guess we should wish them good luck. And hope that they don't have any "accidents"...


124
I tripped across an interesting site about games. They publish some pretty interesting stuff, and some very thoughtful things.

http://extra-credits.net/

Here's one example:



And one about Cthulhu (and still thoughtful):



It's very much "meta" in that the underlying concepts are examined in a depth that you've probably never really seen before (applied to games), or have only seen superficially.

125
While this is a few months old, it's probably worth bringing to people's attention.

I somehow doubt this is unique to Samsung...  :'(

http://www.fsf.org/b...sung-galaxy-backdoor


Replicant developers find and close Samsung Galaxy backdoor

While working on Replicant, a fully free/libre version of Android, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system.

This is a guest post by Replicant developer Paul Kocialkowski. The Free Software Foundation supports Replicant through its Working Together for Free Software fund. Your donations to Replicant support this important work.

Today's phones come with two separate processors: one is a general-purpose applications processor that runs the main operating system, e.g. Android; the other, known as the modem, baseband, or radio, is in charge of communications with the mobile telephony network. This processor always runs a proprietary operating system, and these systems are known to have backdoors that make it possible to remotely convert the modem into a remote spying device. The spying can involve activating the device's microphone, but it could also use the precise GPS location of the device and access the camera, as well as the user data stored on the phone. Moreover, modems are connected most of the time to the operator's network, making the backdoors nearly always accessible.

It is possible to build a device that isolates the modem from the rest of the phone, so it can't mess with the main processor or access other components such as the camera or the GPS. Very few devices offer such guarantees. In most devices, for all we know, the modem may have total control over the applications processor and the system, but that's nothing new.

While working on Replicant, a fully free/libre version of Android, we discovered that the proprietary program running on the applications processor in charge of handling the communication protocol with the modem actually implements a backdoor that lets the modem perform remote file I/O operations on the file system. This program is shipped with the Samsung Galaxy devices and makes it possible for the modem to read, write, and delete files on the phone's storage. On several phone models, this program runs with sufficient rights to access and modify the user's personal data. A technical description of the issue, as well as the list of known affected devices is available at the Replicant wiki.

Provided that the modem runs proprietary software and can be remotely controlled, that backdoor provides remote access to the phone's data, even in the case where the modem is isolated and cannot access the storage directly. This is yet another example of what unacceptable behavior proprietary software permits! Our free replacement for that non-free program does not implement this backdoor. If the modem asks to read or write files, Replicant does not cooperate with it.

Replicant does not cooperate with backdoors, but if the modem can take control of the main processor and rewrite the software in the latter, there is no way for a main processor system such as Replicant to stop it. But at least we know we have closed one specific backdoor.

The FSF encourages all current Samsung Galaxy owners to appeal publicly to SamsungMobile for an explanation (they can also be emailed). Samsung should release this program as free software, without the backdoor, so that Replicant doesn't have to continue defusing the traps they have apparently left for their users.


Quoted in its entirety.

Pages: prev1 2 3 4 [5] 6 7 8 9 10 ... 41next