Thursday, July 30, 2009
Sunday, July 26, 2009
Sunday, July 19, 2009
This is an old topic, but a good one. On June 1, 2009 it became mandatory for Americans entering the US to present identity documents that are embedded with radio frequency identification tags, or RFID chips. This means Passports. So why is this a problem?
"Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he'd bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car.
It took him 20 minutes to strike hacker's gold.
Zipping past Fisherman's Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians' electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he'd "skimmed" the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet."
The AP written article on Fox News is not talking about anything new. Security researchers were talking about this problem when it was first announced that the US government was going to start embedding RFID chips in passports. In fact RFID security has become enough of a hot topic that one FLL (First Lego League) Referee I talked to last year was planning on specializing in the subject after school.
So I don't have a passport, no problem, right? Wrong. Wal-Mart loves RFID chips to the point that they where talking about fining suppliers not using them on pallets in Sams club distribution centers. But this is at the supplier level, still no worries right? Wrong again. Several companies are looking at ways to use RFID tags on the consumer level.
Think about this scenario. You walk into a grocery or department store. You walk around picking up the things that you need and want, depositing them into your cart. When you are done, you simply head to the door and walk through a small doorway on your way out. Much like the sensors you see now to detect shoplifters. As you push your cart through, all the RFID tags are scanned and totaled, so as you pass through the doorway sensors a printer hands you a receipt to give to the cashier or even automatically charges a predetermined credit card that is linked to a pin you punched in, or better yet tied to the RFID chip you carry on your person or on your cell phone. That way the store no longer has to pay a cashier, and check out is quick and easy. The funny part is that these types of scenarios have been tested. Beside finding a way to disable the RFID tags once you have left the store so people can't scan your house to find out what you have the other major push back from consumers was that they had to bag there own stuff.
So what is the best way to protect your self from RFID chips besides a tinfoil wallet? Wired has a suggestion, but use at your own risk and watch your fingers.
To end this rant I give you a cheesy, but informative video off YouTube. Enjoy.
Wednesday, July 15, 2009
Sunday, July 12, 2009
Thursday, July 9, 2009
Wednesday, July 8, 2009
"South Korean authorities began to notice the Internet disruption Tuesday evening. By Wednesday, Korea Communication Commission official Lee Myung-su said the attack program had spread far and wide.
He says 18,000 personal computers have been infected by a malicious code.
At least 11 South Korean government sites have been either greatly slowed or made unavailable, including the sites for the presidential Blue House, the Defense Ministry, and the lawmaking National Assembly. Several major South Korean banks and the leading Internet portal, Naver, were also affected.
U.S. sites have also been affected, including the Treasury Department, Secret Service, and Federal Trade Commission. The Web site of Voice of America news has been unavailable in South Korea for two days."
And if you are asking why attack South Korea;
"South Korea is one of the most wired nations in the world. Major governmental agencies like the Ministry of Defense find themselves under attack by hackers thousands of times on any given day. Parliamentary hearings on this particular round of attacks are scheduled for Thursday."
Tuesday, July 7, 2009
"Nations develop defense capabilities and weapon systems based on threat perception. While it is extremely difficult to predict future war, it is something each country must take seriously. You don’t spend all of your military budget on coastal defense if estimates show it is more likely you will engage in land warfare. If military decision-makers predict that future combat will center around non-contact war, using drones, cyber attacks and space-based weaponry, you focus your energy and resources on those areas.
China has openly announced that they are moving toward an “informationized” force and it is one of their top priorities. While we do not have to agree with their rational, it is imperative that we understand it."
The Dark Visitor goes on to talk about the original post on tech.qq.com (in Chinese). It is a good article if you like this kind of thing.
SO who is thinking about this stuff? The FAA is, Congress is, and a lot of businesses are too. Google it and you will see more. So what is the government doing about it? They are creating USCYBERCOM. "...Secretary Gates ordered the creation of U.S. Cyber Command, a subordinate unified command under U.S. Strategic Command."
So this shows Government is thinking about it, what about Commercial? Some companies think about this stuff. I know TJ MAXX does, now. I also know lots that are still catching up.
So what about you? How do you protect your data? Do you have your passwords saved in a document anyone can open on your computer? Do you have an updated anti-virus? Do you patch your system on a regular basis? Do you backup your files to a separate drive?
Physical attacks will remain the primary way to fight a war for a long time and will be the only way to win the battle. But the Cyber attack may win the next war.
Monday, July 6, 2009
Sunday, July 5, 2009
When I was consulting and driving to DC, VA and the far reaches of MD every day it is amazing what I saw on the road. I wanted to record this stuff. I needed a relatively cheap way of recording to a digital chip, by battery or 12V, a small screen to position my camera and be able to use a small pin hole camera that would not be in my way. I looked at my options. I found a small PDVR (Personal Digital Video Recorder) that fit the budget, gave me the best resolution for the price and would meet my requirements. The SVAT CV1002DVR Handheld DVR With 2.5" LCD Screen and Color Pinhole Camera fit the needs, and I got it when it was on sale off Amazon.com. (See link to Amazon below for specs on the DVR.)
So then I set it up in my car. The reason I wanted a pin hole camera is because I had seen more expensive mount kits that you can buy and they slide over the rear view mirror. It was a good place for the camera, out of the way and hard to see, as seen below from the outside view;
The way I attached the pinhole camera was self-sticking Velcro to the back of the rear view mirror and a small piece of Velcro on the back of the camera. I found that the heat in the car tends to release the Velcro from the back of the camera so I secured it with a small rubber band. The cable supplies power to the camera and video back to the PDVR.
I was able to wedge the cables along the top and side of the windshield so they are out of the way and down the door jamb to under the passenger side console. The best place to get power was inside my main console where I have a 12V power plug. I had an old power converter to go from the 12V to a standard 110V to power the camera. Below is what my center console looks like now.
Now we align the camera by attaching the PDVR. Once I tell it to start to record the LCD turns off after a few minutes to save battery. The battery lasts about 2 1/2 hours so I also purchased a 4GB CF (compact flash) card to record the same amount of time. The PDVR then sits nicely in a cup holder once it is on and running. It requires no attention as I drive.
Of course as Murphy's Law goes I have not been able to capture that many dramatic things. You can search the Blog for car and vid for the few past posts. When I don't have it, or forget to charge the battery things happen, like ice storms and car wreaks, but most days when I have it running it only records the usual nightmare of Baltimore-Washington DC traffic. Here is a Sample at 4X speed.
Saturday, July 4, 2009
"Gov. Sarah Palin announced Friday that she will step down as Alaska's chief executive by the end of the month. She will not seek election to a second gubernatorial term in 2010.
Alaska Gov. Sarah Palin announces she's stepping down this month.
As the 2008 Republican vice presidential nominee, Palin had been considered one of the front-runners for the GOP nomination in 2012.
"People who know me know that besides faith and family, nothing's more important to me than our beloved Alaska," Palin said in an announcement from her home in Wasilla. "Serving her people is the greatest honor I could imagine."
Palin was elected governor in 2006. She was chosen as Arizona Sen. John McCain's vice presidential running mate last year."
UPDATE 07062009: Another take on this. http://www.slate.com/id/2222230/
Friday, July 3, 2009
"If you put 65 million people in a locked room, they're going to find all the exits pretty quickly, and maybe make a few of their own. In the case of Iran's crippled-but-still-connected Internet, that means finding a continuous supply of proxy servers that allow continued access to unfiltered international web content like Twitter, Gmail, and the BBC.
A proxy server is a simple bit of software that you run on your computer. It effectively lets you share your computer with anonymous strangers as a "repeater" for content that they aren't allowed to fetch themselves. For example, an Iranian web browser might be manually configured to use your computer (identified by an IP address and a port number) as a Web proxy. When your anonymous friend reads twitter.com, or posts a tweet, the request goes via your computer, instead of to Twitter's web server directly. Except for a little delay, and the fact that your friend gets to see what the uncensored Internet looks like from New York or London or São Paolo instead of Tabriz or Qom, surfing through a proxy is pretty much like surfing without one.
As you might imagine, open web proxies are valuable commodities in places where it's forbidden, possibly dangerous, to surf the Internet. Iran's opposition movement has been vigorously trading lists of open proxies over the past week. And as you might further imagine, the Iranian government censors have worked overtime to identify these proxies and add them to the daily blacklists.As an experiment, we geolocated a list of about 2,000 web proxies (unique IP addresses and port numbers) that were shared on Twitter and other web sites over the course of the last week, to see if we could discern patterns in the places that are hosting them. Most of these are no longer reachable from inside Iran, of course, precisely because they were made public. The following map shows the distribution of those proxies worldwide."
"...Here's a geographic visualization of the proxies, drawn in Google Earth. In the first one, we've drawn Iran in green..."
I love this stuff. The level of technical knowledge along with the understanding of the world politics is great. Read the rest of the article.
Wednesday, July 1, 2009
"To get an idea of just how badly this might mess things up, one need only look at the wording for "Transition Tool ... which was shown to the press during the conference call ... The tool's heading invites users to update their privacy settings, which is fair enough given that they're getting totally reworked. But it also says "While updating your new settings, make it easier for friends to connect with you by making a few fields visible to Everyone. Please note that Everyone means everyone on the Internet." That may be intended as a suggestion, but it sure sounds like more of a command. And you can be sure that the millions of Facebook users who have no idea what the implications are of sharing their personal data with Google and the world will be happy to tick off those "Everyone" radio buttons. "
Just goes back to what I ranted about before, never assume privacy on the Internet.
"Food appears frequently in Japanese comics, but what exactly is it that the characters are eating? Introducing The Manga Cookbook, an illustrated step-by-step guide to preparing simple Japanese dishes using ingredients found in every Western kitchen. Learn to identify and make the same things you see in all your favorite manga: authentic onigiri (rice balls), yakitori (skewered chicken), oshinko (pickled vegetables), udon (Japanese noodles), okonomiyaki (Japanese-style pizza) and many others! Includes sections on how to assemble bento boxed lunches and properly use chopsticks."
Now if I could learn to enjoy Japanese food we would be all set.