Wednesday, August 9th, 2006


This is some news from the U.K., which seems to be approaching fascism at an even greater rate than the States.  Of course, most everything bad in the U.K. eventually comes over to the U.S.A. as well.

Anyway, just read the article here.

I, too, was accosted for climbing a tree in my own yard as a child.  By homeowner’s association types.  I guess nowadays they’d call the police and use the patriot act to treat me like a terrorist.  That’s just dandy.

OpenVotingFoundation.org reports on the “Worst Ever Security Flaw Found In Diebold TS Voting Machines”. Read about it HERE. The article contains some pictures too. A discussion on SlashDot making some relevant points can be found HERE.

delme-diebold.jpg

Basically, all you need to do is flip a switch to boot from an external flash drive! How would you feel about depositing your paycheck into an ATM machine that can be booted to an external flash drive? I, for one, would not put my money into a machine that could be compromised.

(more…)

copied from slashdot.org: 

“The champion of ‘truthiness’ couldn’t resist making fun of a website where facts, it seems, are endlessly malleable. But after making fun of Wikipedia on Monday night’s “Colbert Report,” Colbert learned some hard truths about Wikipedia’s strength in resisting vandalism. Here’s how the segment started: ‘Colbert logs on to the Wikipedia article about his show to find out whether he usually refers to Oregon as “California’s Canada or Washington’s Mexico.” Upon learning that he has referred to Oregon as both, he demonstrates how easy it is to disregard both references and put in a completely new one (Oregon is Idaho’s Portugal), declaring it “the opinion I’ve always held, you can look it up.”‘ Colbert then called on users to go to the site and falsify the entry on elephants. But Wikipedia’s volunteer administrators were among those watching Colbert, and they responded swiftly to correct the entry, block further mischievous editing, and ban user StephenColbert from the website.”

photo by qousqous @ FlickRphoto by pfly @ FlickR

What the hell do grapefruit have to do with grapes? 

I just read an interesting article about “JitterBugs”, which was posted HERE.

It basically said that keyboards can be manufactured in such a way as to add an imperceptible delay to each keystroke.  The delay is used as a way to modulate an undetected signal into a user’s TCP/IP traffic.  In other words, your typing can cause your information to be silently sent to a 3rd party (NSA? Russian hackers? Nigerian scammers? Your parents? Your boss?).

Using encryption would not matter, as the information is encoded in the timing of the packets, not in the content.   Encryption only encrypts the content. No current firewalls / anti-virus / anti-spyware / intrusion detection software can detect this.  But anyone watching the TCP/IP packets at any point between the user and their destination can sniff the signal, de-modulate the delay, and retrieve secretly coded information.

Of course, it only transmits 1 bit per keypress.  So to send a hidden character, the user would have to use at least 7 or 8 keypresses.  And it only works if you are in a situation where each keystroke sends a TCP/IP packet.  This is basically: Telnet, RemoteDesktop, VNC.

It could be worse.  But it’s not good either.  And it may be a factor in the government deciding not to use Lenovo (formerly IBM PC, before being bought by China) PCs for classified information.  I think it’s damn smart that our government not run their I.T. with hardware made in China!

But anyway, introducing your own random delays to the keystrokes could be used to combat this; however the researches said there is some tolerance for this — it wont always work.  Other solutions proposed include “hooking 40 USB keyboards up to your computer and using a different keyboard to type each letter”.  I think if all keyboards were JitterBugged, that might not actually help.

The original academic paper is HERE.

The fear is that keyboard manufacturers will be required by the government to insert this technology into keyboards without telling the populace. 

This threat is very real; the government is already getting involved with router manufacturers, to get them to implement wiretapping “backdoors” into all routers (couldn’t find the article, but read about it on Slashdot).  Don’t worry though — there are open source routers in the works.

Soon, everything you own may be used to spy on you.  With the NSA & George Bush’s track record, this deeply disturbs me.  Save your broken keyboards.  You might need spare parts in the future to construct an “anonymous keyboard”. . .

It’s a sick sad world.