Heading back to college tomorrow.  Updates will be a little more sparse for a time but will pick back up again soon.

I’m currently working on a few projects, including Arduino stuff.  I’ll keep you all posted for further information

Some of you probably read about the vulnerability in Vista that doesn’t just take advantage of any new exploit but rather Vista’s fundamental architecture all together.

Well the way this systematic attack is approached is via an arbitrary browser exploit.  But what if browser exploits were cut off from the main machine?

Meet ZoneAlarm’s new security tool that’s been a bit long in coming in my opinion.  It’s called ForceField (and with good reason).

What the product does is put your browser inside of a virtual environment that’s totally cut off from the underlying OS.  It also cuts off the OS from the browser (helping negate the effects of keystroke loggers and such).

Now earlier they were giving away free CD keys for ForceField and I registered for a copy (1 year subscription).  It doesn’t have Vista 64-bit support unfortunately but it is on my laptop (32-bit Windows XP) and I’d say that it runs rather well.  My laptop is a machine that’s gaining a little age (although it’s far from old) and typically has some trouble running Firefox 3.0 with all my normal extensions.  However even running virtually, it still runs rather fast (negligible performance decreases).

So aside from negating this proposed attack, it can also protect against a wide variety of other problems, and it’s existence (albeit probably inevitable) is certainly welcome.  It will certainly be nice to be even less concerned about visited websites leaving cookies, ads containing exploits, and the like.

Well apparently the new e-passports that were supposedly so good have already been hacked, furthermore with minimal equipment and within an hour.

Kind of ignorant to think about something as simple as that as secure.

The Public Key Directory sounds like a decent way to make it more secure.

Personally my idea is that every e-passport needs more hardware.  Hardware that stores data, preferably in a rotating array like RSA SecurIDs, and would better yet have another mechanism which would never transmit the internal rotating IDs but rather would transmit a hashed ID, which would furthermore be salted with an ID that is unique to the scanning station, so every single scanning station would have a unique salt ID, or better yet a group of salt IDs that change depending on several factors, that would be added to the internal ID upon hashing and would produce the more secure resultant ID.

With how cheap FlashROM is now, it’d be great if they had an updatable internal mechanism for rotating keys for your personal ID (such as updating internal IDs whenever you renew your passport), as well as keeping an internal database of the salt IDs for all the stations so the salt ID wouldn’t have to be transmitted anywhere near as often, thus reducing risk of an attack on the hashing algorithm.

Also, since all of this hardware is going into these things, might as well build in an authentication mechanism so the e-passport doesn’t arbitrarily send out IDs where a differential attack may be observed, similar to how WEP was cracked.

But like I said, this would require a lot more hardware.  However, RFIDs are not really a good idea for important information.  Security, especially like this, needs to be taken seriously in this day and age and even if it’s not "cost effective", then don’t bother giving out a far less secure system that can endanger the privacy and identities of people.

Hackers, despite what you may have heard, have ethics, but apparently a couple of giddy Frenchies though they would be "1337" and sniff a few packets on a line designated as secure at hacker convention Black Hat 2008.  Turns out monitoring traffic when parties involved are not informed is a felony.  What a surprise.  Furthermore surprising is that FBI agents attend Black Hat (I’m being sarcastic, it’s not surprising).

Lest we all forget the NBC "shock" reporter…

Explanation:
Reporters are welcomed at hacker conventions like Black Hat and Defcon, but they are also required to declare themselves as reporters and wear a press badge.  This woman was hiding a camera in her purse and recording the events.  Unsurprisingly she was caught very early in the con.  She was attempting to do a shock piece for NBC Dateline on hackers and federal agents.  Unfortunately, aside from the usual fun of "spot the fed" (where the people try and point out who they think are federal agents in good fun but no real seriousness), this woman would have revealed the identities of many agents and otherwise.  Hence it’s a big deal.

Ok so Adaptive Path’s Aurora concept is very cool

But even so with this cool concept, I can’t help but keep thinking back to Windows Live Search for Windows Mobile.  Windows Mobile is a platform people have really been neglecting and it’s really a highly advanced, and easy to use, mobile OS, which I happen to greatly prefer to the iPhone OS.  More after the break.

Read more

So just 3 more days until the LHC goes online this Thursday (the initial beams get injected on Thursday, the first collisions aren’t scheduled but for another 2-3 months or so).  Currently the whole thing is being frozen to 1.9 Kelvins using liquid Argon.  Can you say really cold?

Anyways the idea is that they’ll be able to recreate the big bang, but (hopefully) on a much smaller scale.  The internet is having a field day because the thing is so powerful it can create micro-black holes as well as other space-time anomalies, and the natural assumption is that we’re all going to die.  This suspicion of impending doom is further exaggerated by CERN (the orchestrating body) publishing reports stating that they "beyond reasonable doubt, heavy-ion experiments at RHIC will not endanger our planet"[src] (Murphy’s Law….) as well as the facility looking like the Black Mesa Research Facility from Half-Life.  More after the break.

Read more

I was on Google Maps earlier and you now have two options for making a trip, by car (the default, the way we’ve always known Google Maps) and now via walking.

Gas in Oklahoma is going down thankfully, but it’s still over $3/gallon, and is gas really that high now that we have to force people to start walking?

Nanci Pelosi and other liberals need to realize that this gas problem can’t be solved by trying to force new technologies that don’t exist yet down people’s throats.  For example, hydrogen?  Yeah it’s refined from methane and currently emits more pollution in the refining process than do petroleum powered vehicles across the board.  Hybrids?  Sure great idea but expensive and the batteries are having issues both on public health/safety and environment empact from what I hear.  Ethanol, sure another great idea, but currently refined from corn and driving prices of corn sky high.  More after the break

Read more

I took a short trip down Nokia lane today in pondering purchasing an N95.  As some of you who have read my About page, I already have an AT&T Tilt (HTC TyTN II) which is a very powerful device that I’m very happy with.

However, something with the UNIX-ness of Symbian made me want to try it out again but, after closer inspection, I remember why, after literally countless hours of studying and deciding, I chose the Tilt.

The big reason was the QWERTY keyboard.  I hate button mashing and lacking a hardware keyboard, I turn to my Tilt.

I also noticed that the Nokia uses a lesser chipset as well.  Only 332Mhz (for the primary processor at least, I couldn’t find details about the secondary processor) as opposed to the Tilt’s 400Mhz dual core processor (one 400Mhz primary ARM11 processor and a secondary ARM9 processor running slower to process radio interactions and such).  Correct me if I’m wrong though.

Another thing I noticed was it’s significantly smaller battery, 950mAH versus the Tilt’s 1350mAH.  Maybe the N95 has better power management than the energy sucking Ford-F450-of-chipsets that is the Qualcomm MSM7200 that the Tilt uses, but it seems as if it would have bad battery life as there really aren’t any 3G chipsets with a good track record.

Don’t get me wrong though, I respect the N95 and pretty much any Nokia smartphone to an infinite degree more than an Apple iPhone, I also find the Nokia fanboys much easier to get along with.  The N95 also has a couple of ups over the Tilt, namely the 5mp digital camera complete with Carl Zeiss optics, and more camera related features.  However it seems as if this (the camera), and possibly media (but the Tilt does a great job with media as well), seem to be the only areas where the N95 stands out above the Tilt.

Either way though, the N95 is an impressive device, but the Tilt is just that much more loaded with features.

So really I get quite annoyed with Mac-Addicts.  I have a great example why too.  Read this Gizmodo article.  Then check out this comment.  Pay particular attention to this part.

p.s. You are banned.

Wow, banning them for having an opinion.  Their comments really weren’t even that bad.  They were at the very least semi-respectful.  Their comments are after the break.

Read more