Don’t know if this will work in Europe, but in the US, a starter gun is considered a weapon. You simply declare you are carrying a weapon at baggage check in, they issue a little label you sign and they stick on the bag, and the bag doesn’t get rifled or checked, because the TSA most definitely doesn’t want to lose weaponry in the airline system.
Pack a Gun to Protect Valuables from Airline Theft or Loss – Security – Lifehacker.
It turns out that administering low-intensity shockwaves to the penis can help men with blood flow problems get over their difficulties getting a hard on. Viagra and Cialis help, but they need to keep taking the pills every time. This is a more permanent solution, because the shocks encourage the growth of new blood vessels from existing ones. It’s still a preliminary study, but it’s looking promising.
Shocking Treatment Helps Erectile Dysfunction | LiveScience.
Turns out that there is malware out there that downloads kiddie porn to your PC without you knowing – until the police pay you a friendly visit. Fortunately the download rate is something like 40 sites per minute, which is humanly impossible, but try explaining that away!
AP IMPACT: Framed for child porn — by a PC virus by AP: Yahoo! Tech.
the way radio signals vary in a wireless network can reveal the movement of people behind closed doors. Joey Wilson and Neal Patwari have developed a technique called variance-based radio tomographic imaging which processes the signals to reveal signs of movement. They’ve even tested the idea with a 34-node wireless network using the IEEE 802.15.4 wireless protocol
via Technology Review: Blogs: arXiv blog: Wireless network modded to see through walls.
We should all know by now that the fingerprint biometric is a bad one: not only can you duplicate it fairly easily using just gummy bears, or increase the risk of having your finger cut off for you, they also give too many false negatives; some people will never be able to use fingerprint scanners.
The problem here is that because they have to automate the fingerprinting process, you get a lower level of accuracy in the scans. No two prints by the same finger are ever exactly the same. This is corrected for by error correction codes, which adds information to the prints to allow the computer to correct for these disparities. If you can get to these codes, you can find out information about the original fingerprint and the amount of data loss that is expected. So searching through the error correction code database allows you to find a fingerprint that is similar to yours and has a large correction. This means you can become this other person fairly easily.
Vingerafdrukparanoia is terecht (opinie) | Webwereld.
Because we all know how safe centralised government databases are, the Dutch are now preparing to store all fingerprints the get. At first this will happen per region and later all the databases will be linked and centralised.
Dutch privacy organisations have protested at the EU, but they have declined the protest as the European courts feel other avenues had not been exhausted.
Europa wijst protest vingerafdrukdatabase af – UPDATE | Webwereld.
The odds of a coin coming down heads or tails are not 50/50: they’re actually 51/49!
A great precis of an article explaining why, and how to leverage it.
The Coin Flip: A Fundamentally Unfair Proposition? – Coding the Wheel.
If you get breathalised, make sure the cop isn’t covering the exit port for the air when you blow, or the purported alcohol consumption will go up!
Even though they keep supporting Internet Explorer 6, they’re not going to support XP?
Microsoft had stated the reason for continuing support for IE6 was that it came with Windows XP and so they had to keep supporting it. Now it turns out that they’re not supporting XP either. Not exactly their road map, but oh well.
XP is thus fully broken, with a security hole in the TCP/IP implementation.
You’re doing well, MS – it took you long enough to fix the hole for Vista et al as well!
Microsoft: No TCP/IP patches for you, XP.
Using SQL injection and the recent IIS faults, a grey hat hacker called Unu from Romania has hacked 4 large banks and a UK government website. He’s on a roll, and MS has no fix for their IIS holes…
Hacker ‘Unu’ valt Europese banken aan | Webwereld.
She left it in her handbag on the bus.
Now the article doesn’t mention if the data was encrypted, but considering that absolutely nothing in the UK Government is (because they quite surprisingly can’t do what millions of other people can – for free), it’s safe bets that it wasn’t.
Of course, Jacqui Smith still thinks centralised databases are the dogs bollocks. Trust the government with your private data – what could go wrong?!
Now, let’s make a database with all the children in the UK in it! And a centralised ID scheme with all your biometric data in it! I’m sure whoever the government gives that to will love it.
Not only does the UK seem to have an uncanny way of losing their huge centralised databases unencrypted, they also have a hand in losing the physical cards the data is supposed to go on. Which means that it won’t be a problem to fake ID’s in the UK, no matter what biometrics and clever IT jiggery they put on them: not only do you have access to the original database data, you also have no need to forge anything as you have the physical backup as well!
Daily Express | UK News :: ID card staff lose security passes
Table 1. Some Security-Enhancing Packages in Debian 3.1
Package Name Description aide, fam, tripwire, osiris File/system integrity checkers. bastille Excellent, comprehensive and interactive (yet scriptable) hardening utility. bochs Bochs virtual x86 PC. bozohttpd, dhttpd, thttpd Minimally featured, secure Web server daemons. chrootuid, jailer, jailtool, makejail Utilities for using and creating chroot jails. clamav General-purpose virus scanner. cracklib2, cracklib-runtime Library and utilities to prevent users from choosing easily guessed passwords. filtergen, fireflier, firestarter, ferm, fwbuilder, guarddog, mason, shorewall Tools for generating and managing local firewall policies. flawfinder, pscan, rats Scripts that parse source code for security vulnerabilities. freeradius, freeradius-ldap, etc. Free radius server, useful for WLANs running WPA. frox, ftp-proxy FTP proxies. gnupg, gnupg2, gpa, gnupg-agent GNU Privacy Guard (gpg), a versatile and ubiquitous e-mail- and file-encryption utility. harden, harden-clients, harden-servers, etc. Actually an empty package containing only scripts that install and un-install other packages so as to improve system security. ipsec-tools, pipsecd, openswan, openswan-modules-source Tools for building IPSec-based virtual private networks. libapache-mod-chroot, libapache2-mod-chroot Apache module to run httpd chrooted without requiring a populated chroot jail. libapache-mod-security, libapache2-mod-security Proxies user input and server output for Apache. oftpd, twoftpd, vsftpd Minimally featured, secure FTP server daemons. privoxy Privacy-enhancing Web proxy. psad Port-scan attack detector. pyca, tinyca Certificate authority managers. selinux-utils, libselinux1 Utilities and shared libraries for SELinux. slat Analyzes information flow in SELinux policies. slapd OpenLDAP server daemon. squidguard Adds access controls and other security functions to the popular Squid Web proxy. squidview, srg Log analyzers for Squid. syslog-ng Next-generation syslog daemon with many more features than standard syslogd. trustees Extends file/directory permissions to allow different permissions for different (multiple) groups on asingle object. uml-utilities User-mode Linux virtual machine engine for Linux guests. In addition to the local security-enhancing packages in Table 1, Debian includes many tools for analyzingthe security of other systems and networks. Table 2 lists some notable ones.
Table 2. Security Audit Tools in Debian 3.1
Package Name Description dsniff, ettercap Packet sniffers for switched environments. ethereal, tcpdump Excellent packet sniffers. fping Flood ping (multiple-target ping). idswakeup Attack simulator for testing intrusion detection systems (IDSes). john John the Ripper, a password-cracking tool (legitimately used for identifying weak passwords). kismet Wireless LAN sniffer that supports many wireless cards. nessus, nessusd, nessus-plugins Nessus general-purpose security scanner. nmap Undisputed king of port scanners. snort Outstanding packet sniffer, packet logger and intrusion detection system.
Vista is upsetting everyone, with rumours that you can’t turn off the starting sound or have access to the kernel etc. but now it’s getting quite serious.
First, Patchguard has been compormised by Authentium prompting a backlash from Redmond stating that companies have no business even trying to compromise the kernel protection because it makes things unsafe for the Vista customer. Like private individuals aren’t going to try? And succeed?
Now the new EULA has become a draconian affair, royally screwing the customer – 2 of the 6 versions are not allowed to be installed on a virtualised environment and the Ultimate version is not allowed to play DRM protected content on a virtualised environment. Besides that you will only be allowed to install Vista on 2 PCs (ie transfer it to one new PC) and after that you can throw the licence key to Vista away and buy another one.
There’s a page dedicated to hijacking your mobile phone via Bluetooth. Appropriately enough, it’s called BluejackQ.
Linkie:
http://www.bluejackq.com/index.shtml
LAND attack:
Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition.
Which is funny. The last time the LAND attack was seen was about 8 years ago. It’s a trivial remote DoS and you’d think that even basic QA would check for something like this.
Securityfocus has the Bugtraq posting:
http://www.securityfocus.com/archive/1/392354/2005-03-02/2005-03-08/0
No patch out yet, joy!
