Beret

If The Beatles came on the show we would have said, ‘We’ll take those three - Paul McCartney, John Lennon and George Harrison - but probably lose the drummer.’

In which Simon Cowell demonstrates (once again) how terribly useless reality tv is at choosing good talent.

Coalescing in an online chat room, members of the group, known as Pranknet, use the telephone to carry out cruel and outrageous hoaxes, which they broadcast live around-the-clock on the Internet. Masquerading as hotel employees, emergency service workers, and representatives of fire alarm companies, “Dex” and his cohorts have successfully prodded unwitting victims to destroy hotel rooms and lobbies, set off sprinkler systems, activate fire alarms, and damage assorted fast food restaurants.

But while Pranknet’s hoaxes have caused millions of dollars in damages, it is the group’s efforts to degrade and frighten targets that makes it even more odious. For example, a bizarre July 20 prank ended with a hotel worker actually sipping from a urine sample provided by a guest at a Homewood Suites in Kentucky. Additionally, at least twice this year, fast food workers—fearing that they would suffer burns after being doused by chemicals from a fire suppression system—stripped off their clothes on the sidewalk outside their respective restaurants.

It’s a good thing this article isn’t alarmist terribly alarmist or filled with personal attacks. Is this what passes as reporting now?

ps: I love their use of dehumanizing language such as “creature” and “subspecies.”

(via azspot)

Tony Flick - Hacking the Smart Grid

Recent penetration tests have shown that proper security mechanisms are not currently built into components of the smart grid … an attacker could exploit these vulnerabilities to turn off electricity to hundreds of thousands of homes.

They discuss design flaws of private tracker announces (passkeys and client side trust) and extensively detail the weaknesses the of BitTorrent’s encryption scheme. (RC4, improper use of static strings, unnecessary hashing, etc.)

In the end it fails to even provide the simple obfuscation against throttling it was designed to do.

So what is the solution to all of these problems? MSE [BT encryption] should never have been built! Let me be very clear, MSE was built by people who don’t fully understand the cryptographic systems they are using. MSE is wasteful of resources and does not provide the type of protection that the authors desired. In fact, the solution to traffic shaping and keeping your data a secret existed long before BitTorrent. The answer is SSL, which is now called TLS. TLS is both efficient and effective, two things that MSE is not.

ps: I’ve only read one Black hat paper yet and skimmed 2. But I already feel less secure. (BH09 media archives)

The hackers criticized Mitnick and Kaminsky for using insecure blogging and hosting services to publish their sites, that allowed the hackers to gain easy access to their data.

We hacked Dan’s assets first through finding bugs and writing 0day, and then through abusing him giving away passwords and his silly password scheme. Check out just some of his passes: fuck.hackers, 0hn0z (root account on his mail box), fuck.omg, fuck.vps, ohhai

Five character root password? Niiiiiiice.

From .mysql_history:

SET PASSWORD FOR ‘root’@’localhost’ = PASSWORD(’fuck.mysql’);

See the pattern?

It’s nice to know my paswords are more creative than that of expensive security experts.

(via thedaytheytriedtokillme)

Feel your eyes burn! (via Dr. McNinja)

Russell Weiner, CEO of Rock Star, is the son of Michael Weiner, known better as extreme right-wing radio talkshow host Michael Savage. Savage expresses extreme viewpoints filled with anti-immigrant, gaybashing, intolerant, hate-filled sentiments. He has applauded the abuse at Abu Ghraib prison in Iraq, opposed aid for tsunami victims, and called for the dropping of nuclear weapons on an an Arab country, any Arab country. He was fired from a brief stint at MSNBC after telling a gay caller to “get AIDS and die”. He runs a group called The Paul Revere Society, which among other things, calls for the imprisonment of anti-war activists for sedition.

(via CAKE)

In Linux, the X server is traditionally run with root privileges (via the setuid-bit mechanism); this has been historically required because the X server talked directly to the graphics hardware. The root user has unlimited permissions in Linux … The X server is a large chunk of code, quite a bit of it dating from 20 years back, that is constantly communicating with less privileged applications. Running the X server with unlimited permissions is a security risk; with this, any security hole in the X server immediately gives an attacker full system access.

X running as root isn’t a security hole, it’s an inherently bad idea but not one that instantly turns your system into swiss cheese. Huzzah for alarmist headlines.

That said, userspace X is a very positive step. (trolled by nosmo)

ps: moblinzone needs to un-404 their full article links

It’s wonderful to see all the young children and babies taking part.