I create a video for TiltMobility.com that explains and shows how to flash a ROM to your AT&T Tilt, check it out.

IMPORTANT! Flashing your ROM is a potentially dangerous activity and I take NO responsibility for you messing up your device or anything else.

Please read this post on TiltMobility for important information about the video prior to flashing your ROM.

Heading back to college tomorrow.  Updates will be a little more sparse for a time but will pick back up again soon.

I’m currently working on a few projects, including Arduino stuff.  I’ll keep you all posted for further information

Some of you probably read about the vulnerability in Vista that doesn’t just take advantage of any new exploit but rather Vista’s fundamental architecture all together.

Well the way this systematic attack is approached is via an arbitrary browser exploit.  But what if browser exploits were cut off from the main machine?

Meet ZoneAlarm’s new security tool that’s been a bit long in coming in my opinion.  It’s called ForceField (and with good reason).

What the product does is put your browser inside of a virtual environment that’s totally cut off from the underlying OS.  It also cuts off the OS from the browser (helping negate the effects of keystroke loggers and such).

Now earlier they were giving away free CD keys for ForceField and I registered for a copy (1 year subscription).  It doesn’t have Vista 64-bit support unfortunately but it is on my laptop (32-bit Windows XP) and I’d say that it runs rather well.  My laptop is a machine that’s gaining a little age (although it’s far from old) and typically has some trouble running Firefox 3.0 with all my normal extensions.  However even running virtually, it still runs rather fast (negligible performance decreases).

So aside from negating this proposed attack, it can also protect against a wide variety of other problems, and it’s existence (albeit probably inevitable) is certainly welcome.  It will certainly be nice to be even less concerned about visited websites leaving cookies, ads containing exploits, and the like.

Well apparently the new e-passports that were supposedly so good have already been hacked, furthermore with minimal equipment and within an hour.

Kind of ignorant to think about something as simple as that as secure.

The Public Key Directory sounds like a decent way to make it more secure.

Personally my idea is that every e-passport needs more hardware.  Hardware that stores data, preferably in a rotating array like RSA SecurIDs, and would better yet have another mechanism which would never transmit the internal rotating IDs but rather would transmit a hashed ID, which would furthermore be salted with an ID that is unique to the scanning station, so every single scanning station would have a unique salt ID, or better yet a group of salt IDs that change depending on several factors, that would be added to the internal ID upon hashing and would produce the more secure resultant ID.

With how cheap FlashROM is now, it’d be great if they had an updatable internal mechanism for rotating keys for your personal ID (such as updating internal IDs whenever you renew your passport), as well as keeping an internal database of the salt IDs for all the stations so the salt ID wouldn’t have to be transmitted anywhere near as often, thus reducing risk of an attack on the hashing algorithm.

Also, since all of this hardware is going into these things, might as well build in an authentication mechanism so the e-passport doesn’t arbitrarily send out IDs where a differential attack may be observed, similar to how WEP was cracked.

But like I said, this would require a lot more hardware.  However, RFIDs are not really a good idea for important information.  Security, especially like this, needs to be taken seriously in this day and age and even if it’s not "cost effective", then don’t bother giving out a far less secure system that can endanger the privacy and identities of people.

Hackers, despite what you may have heard, have ethics, but apparently a couple of giddy Frenchies though they would be "1337" and sniff a few packets on a line designated as secure at hacker convention Black Hat 2008.  Turns out monitoring traffic when parties involved are not informed is a felony.  What a surprise.  Furthermore surprising is that FBI agents attend Black Hat (I’m being sarcastic, it’s not surprising).

Lest we all forget the NBC "shock" reporter…

Explanation:
Reporters are welcomed at hacker conventions like Black Hat and Defcon, but they are also required to declare themselves as reporters and wear a press badge.  This woman was hiding a camera in her purse and recording the events.  Unsurprisingly she was caught very early in the con.  She was attempting to do a shock piece for NBC Dateline on hackers and federal agents.  Unfortunately, aside from the usual fun of "spot the fed" (where the people try and point out who they think are federal agents in good fun but no real seriousness), this woman would have revealed the identities of many agents and otherwise.  Hence it’s a big deal.

Ok so Adaptive Path’s Aurora concept is very cool

But even so with this cool concept, I can’t help but keep thinking back to Windows Live Search for Windows Mobile.  Windows Mobile is a platform people have really been neglecting and it’s really a highly advanced, and easy to use, mobile OS, which I happen to greatly prefer to the iPhone OS.  More after the break.

Read more

So just 3 more days until the LHC goes online this Thursday (the initial beams get injected on Thursday, the first collisions aren’t scheduled but for another 2-3 months or so).  Currently the whole thing is being frozen to 1.9 Kelvins using liquid Argon.  Can you say really cold?

Anyways the idea is that they’ll be able to recreate the big bang, but (hopefully) on a much smaller scale.  The internet is having a field day because the thing is so powerful it can create micro-black holes as well as other space-time anomalies, and the natural assumption is that we’re all going to die.  This suspicion of impending doom is further exaggerated by CERN (the orchestrating body) publishing reports stating that they "beyond reasonable doubt, heavy-ion experiments at RHIC will not endanger our planet"[src] (Murphy’s Law….) as well as the facility looking like the Black Mesa Research Facility from Half-Life.  More after the break.

Read more

I was on Google Maps earlier and you now have two options for making a trip, by car (the default, the way we’ve always known Google Maps) and now via walking.

Gas in Oklahoma is going down thankfully, but it’s still over $3/gallon, and is gas really that high now that we have to force people to start walking?

Nanci Pelosi and other liberals need to realize that this gas problem can’t be solved by trying to force new technologies that don’t exist yet down people’s throats.  For example, hydrogen?  Yeah it’s refined from methane and currently emits more pollution in the refining process than do petroleum powered vehicles across the board.  Hybrids?  Sure great idea but expensive and the batteries are having issues both on public health/safety and environment empact from what I hear.  Ethanol, sure another great idea, but currently refined from corn and driving prices of corn sky high.  More after the break

Read more