Slashdot Mirror

The presentation is on Cryptome.com

The presentation is on Cryptome.com

I read the presentation. (here).

Lynn shows how to do a remote exploit on Cisco's firmware. This is impressive because the router runs software that attempts to detect inconsistencies. It will reset itself and start up afresh. The big deal is that Lynn shows how an exploit can fix things up and avoid those measures. Basically, his technique is like a ninja, that breaks into a building through a window, but then immediately reassembles the window before the security guard making his rounds can notice that the window got destroyed. That's it!

There's no indication Lynn stole ANYTHING from Cisco, or broke any law.

Lynn apparently "reverse engineered" the OS in order to do this. That's usually fine; it is his right to do that.

Considering this, I'm pretty pissed that Cisco's spokeswoman, Mojdan Khalili, said that Lynn broke the law (without saying what law it was). I think that could be libel (or slander -- I'm not a lawyer) -- in any case, Mojdan Khalili, working for Cisco, just ruined this guys rep, and sicced the FBI on his ass.

Perhaps if you write her, she will get Cisco to ask the FBI to lay off the good researcher (ask her to have Cisco "take it all back"). From yesterday, here's her contact info:

978-936-1297 mkhalili@cisco.com

Also, some total jerk looked up her address and posted it (here). I think that's totally inappropriate; if you show up on her doorstep and bother her, I hope she calls the FBI on you, you freak!

I was able to get the one from http://cryptome.org/lynn-cisco.zip with wget, but it took about 10 min.

http://cryptome.org/lynn-cisco.zip times out. The host appears to be in the USA, so I'm not sure if tis is the Wired/Slashdot/flash-mob effect or the FBI effect, it could be either one.

lynn-cisco.pdf appears to be up for the moment.

I found this linked on Nick84's site (http://www.rootsecure.net/): http://www.infowarrior.org/users/rforno/lynn-cisco .pdf If I'm correct, it's the slides that were taken off of the hand out cd. Another link from a Wired article: http://cryptome.org/lynn-cisco.zip

What's wrong with the PC BIOS anyway? ... On a more sinister note, there's no mention in TFA of DRM and the idea of "trusted" computing.

According to the Overview page, Microsoft's listed as the only OS maker. First, why isn't Apple among the lineup? Novell? Red Hat Linux? Perhaps it's because they're not part of the real circle of friends...

Enter Microsoft's Trusted Computer Platform. According to the TCPA FAQ, the companies belonging to the alliance are: "Microsoft, Intel, IBM, HP and AMD". And let's take a look here...yep, they're all there. But what are they really planning?

According to the specifications page, nothing's listed as far as features that are to be included (" The UEFI specification is in development"). But currently, since there is no mention as to the true intent of this new technology, and right now the BIOS isn't broken, why reinvent the wheel? Load times are now less than three seconds, which is a tremendous step from BIOS beginnings. New equipment continues to be supported through new BIOS updates. So what do these companies need that the current BIOS can't give them?

Enter DRM. According to Microsoft's Patent on their DRM-supported OS, Microsoft has a few issues with the current BIOS...This AEGIS model requires a tamper-resistant BIOS that has hard-wired into it the signature of the following stage. This scheme has the very considerable advantage that it works well with current microprocessors and the current PC architecture, but has three drawbacks.

1) First, the set of trusted operating systems or trusted publishers must be wired into the BIOS.

2) Second, if the content is valuable enough (for instance, e-cash or Hollywood videos), users will find a way of replacing the BIOS with one that permits an insecure boot.

3) Third, when obtaining data from a network server, the client has no way of proving to the remote server that it is indeed running a trusted system.

So, Microsoft admits that there are flaws that prevent them from using the BIOS in their Trusted Computing platform. But create a new way of booting a computer, protect the technical details from public view, and put the power of the DMCA behind it, and you have a nice foundation into the DRM frontier.

Hey, not fair, I saw them first...

Anyway, there is also statewatch, privacy international and liberty.. Also plenty of ideas (dmca, biometric rfid passports, airline passenger data selling/sharing, listening in to internet traffic with warrants and listening in to radio traffic without (UKusa)) have roots in the USA, so the EFF and ACLU should be doing their part already. Not that the brits need help thinking up stuff like this, but still.

We should turn this into a sport - lets see how many secret agents can be outted via the internet. I went to Cryptome and found this article, that indicates that Cheri Leberknight, Eunjoo Ann Kensinger, Dave Robertson, Miguel Fabregas, Valerie Plame, John Spahn, and Rebecca Wolfson can be added to the spook list!

We should turn this into a sport - lets see how many secret agents can be outted via the internet. I went to Cryptome and found this article, that indicates that Cheri Leberknight, Eunjoo Ann Kensinger, Dave Robertson, Miguel Fabregas, Valerie Plame, John Spahn, and Rebecca Wolfson can be added to the spook list!

My favorite one is at Cryptome. You can just search Google for Iraq body count and variations thereof to get a bunch of other places tracking the dead.

I have a question (for anyone): Is it still a fact that Bush has failed to attend a single service person's funeral?

> Didn't stop the US form comming in and rolling their military and taking over.

Uh.. not sure if you're watching the news but the mighty US army is currently getting their asses kicked by a bunch of kids!
http://cryptome.org/mil-dead-iqw.htm

There used to be uncensored images at cryptome.org up until at least april 2005, but even those are gone now. Interestingly, on the main cryptome page it says:
Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those.
Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served; any order served will be published here -- or elsewhere if gagged by order.
I guess they got their court order, along with a gag order, and enough intimidation that they didn't even post it elsewhere.

There used to be uncensored images at cryptome.org up until at least april 2005, but even those are gone now. Interestingly, on the main cryptome page it says:
Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance -- open, secret and classified documents -- but not limited to those.
Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served; any order served will be published here -- or elsewhere if gagged by order.
I guess they got their court order, along with a gag order, and enough intimidation that they didn't even post it elsewhere.

Tampering with the evidence:
http://cryptome.org/bkz/buhriz-kill01.htm

I recall reading about a case a while back in which the police obtained evidence without a warrant by taking it from someone's trash, and the court ruled that as non-infringing. Some reporters retaliated by raiding the trash of some high-profile public servants associated with the area, and reporting on it. Sauce for the goose... gotta love it.

http://cryptome.org/bkz/buhriz-kill01.htm

In the US however, merely posting details about a circumvention method (w/few exceptions, such as a scholarly discussion, as in this conversation) is in violation of the DMCA.

See UNIVERSAL CITY STUDIOS, INC. v. SHAWN C. REIMERDES, et al. (ie, the DeCSS case, where 2600 magazine was told they couldn't even link to DeCSS.)

W

That clinches it. The MOLP from the sixties is still around spying on people!

start using fingerprint scans, the only way someone can steal your finger print is by lifting it from something you've touched

Which is quite easy.

But you don't even need to do that - some scanners can be fooled into accepting the latent print you leave on it. D'oh!

An authentication token that when used leaves behind all the information you need to construct a conterfeit - this is not something I want to rely on.

Biometrics is a fundamentally flawed scheme. A biometric is just a token that you can't replace (a scar on your finger? too bad), repudiate if stolen (I can lift your prints but you can't change them without pain), or use to separate priviledges (difficult to use a different thumbprint at the bank, at the library, and to open your car, unless you have interesting anatomy).

As for passwords, yeah, I've gotten to the point of having to write them down. I used to use only a few passwords - my login and root password, one common for low security sites, one shared one for a few sites I cared more about, and my on-line banking. But as sites put various non-sensical restrictions on password selection ("your password must contain two digits", "your password must not use any non-alphanumeric characters", etcetera), I've had to start writing them down.

"Something you are" reduces to "something you have". "Something you know", as you have to remember more and more things to deal with dozens of systems, reduces to "something you have" (that piece of paper with all the password written on it). It's all about the authentication tokens.

Hmmm... I guess someone needs to go to your library, tell them that they are you - they can even print a fake barcode on any old library card since barcode techology is open and freely available to anyone and everyone.

Use a gummy finger

http://cryptome.org/fbi-cryptome.htm

http://cryptome.org/
Mirrors :
http://cryptome.quintessenz.org/mirror/
http://www.infosecwest.com/cryptome/

UPDATED CRYPTOME DVD/CDs
Cryptome offers its archives on a single DVD or 4-CDs.
Donate $25 (yes, only $25) for a DVD or 4 CDs --state preference -- of the Cryptome archives of 25,000 files from June 1996 to February 2005 (~2.4 GB). Click Paypal, use E-gold or mail to John Young, 251 West 89th Street, New York, NY 10024. (E-gold users: send mail address to jya [at] pipeline.com.). Archives include all files of cryptome.org, cryptome2.org, jya.com, cartome.org and eyeball-series.org.

Governments around the world have always managed to get away with creating and testing exciting new ways of killing people (http://cryptome.org/bio-attack.htm
http://cryptome.org/bio-attack.htm) so I really think you're missing the point with this microphone paranoia!

Governments around the world have always managed to get away with creating and testing exciting new ways of killing people (http://cryptome.org/bio-attack.htm
http://cryptome.org/bio-attack.htm) so I really think you're missing the point with this microphone paranoia!

What discusion of fingerprints would be complete without http://cryptome.org/gummy.htm . So live detection systems probably wouldn't work so well.

Hashes are supposed to be hard to break, but I'm not certain these are hashed (though it would be how I would do it). And hashes might be hard to break, but well they do eventually break. And with a relatively limited source data set they might break pretty fast. (I mean according to this http://www.biocentricsolutions.com/faq.html they take 15 data points through a bit of math, (at least this company) I mean that could be precomputable given enough time and effort. Or at the very least reducible (I mean they must have a margin of error allowance so what if you have to try five different ones).)

And honestly, I am thinking that if fingerprints become too popular, well gloves will be back in fashion ;).

I think the big deal here is that you basically are trusting this company which you have no idea of what they are doing, I mean maybe they are leaving debug on, and taking pictures of every persons fingerprint. But there is no way you can control what they do with your authentication token. I mean basically biometrics is like using the same password everywhere, except you can't change it if a site gets cracked. Unless and until live detection systems work, it really sucks.

Interesting post. I follow the logic, but here's my beef with what you've stated.

The problem is that though Free Software has become much more mainstream, that mainstreaming has been led by the Open Source banner, because they are open to economic argumentation.

I may be wrong, but Stallman isn't against making money. He's against losing freedom. The point of open source, to me anyway, is that you can make a business model around it without locking up the source code. Open source code should lead to shared ideas, common formats, and configurable software (meaning you can modify it for you without waiting for the owner to decide your needs are worth developing for). Freedom comes in lots of forms, like travelling the U.S. without having to show papers. Yes bus, train and airline companies can all make money off of your travel. Hopefully you get the idea.

Here are some google sightseeing sites- mine first, of course!

perljam.net/notes/interesting-google-satellite-map s/

http://www.paulrademacher.com/housing/
www.shreddies.org/gmaps/
cryptome.org/usndc-eyeball.htm
del.icio.us/knodi/google_maps
www.returnofdesign.com/feature.php?article=12
gmaps.nicj.net/

-ted

Flashing your pinky is definitely more convenient than spelling your name or getting a card out of your wallet. But that's identification, not authentication.

And are you certain that nobody can pick up your hair from the pavement, clone it in their kitchen, then spray it at a crime scene ?

In related news, hand-transplant surgeons, fearing that their profession might become illegal under the proposed biometric ID plan, are protesting worldwide.

I agree.

Consenting adults should not be legally prohibited from engaging in any activity or speech they want, whatsoever, the only exception being to protect some overriding societal interest.

Unfortunately this principle isn't explicitly stated in the US Constitution, so instead an implicit right to privacy has been used in its place.

Why do we need limitations surveillance and the collection of information? I don't mind if I have to withstand peer pressure in order to act, think, and speak as I like, within the law -- so long as others can only express disapproval through their own free speech.

It is a good thing if the government, private organizations, and the public are all aware of what one another are doing, but only react to that information in ways allowed by the law.

COINTELPRO-like efforts by federal agents to infiltrate and disrupt private groups would be ineffective if the public could rapidly become aware of such activity and organize against it. This is a current concern, because the DOD is poised to resume the domestic spying program it gave up in the 60's: http://cryptome.org/dod-homespy.htm

Laws restricing surveillance make it more difficult to expose activity that is potentially threatening and may require legislative attention. For example, are religious groups and secret socities infilitrating our corporations and public institutions? Here is a web site raising such concerns about activities of the Unification Church (aka "moonies"): http://iapprovethismessiah.com/2005/01/moon-funnel s-250000-to-bush.html. There are similar concerns about activities of Scientologists, other religious groups, and possible secret socities.

Also while the Chinese have to do with basic reverse engineering (which these companies have to to for themselfs), the US goverment does much of the industrial dirty tricks(chapter 10.7) for US coorporations.

I think some people just really miss the cold war...

Well, you got your friendly relationship when soon after the first inauguration the lawsuit against Microsoft was settled rather than pursued. But right now you have what happens when tax cuts are given without accompanying service cuts: some services eventually have to be cut. And funding research is not seen by short-sighted individuals (like those who want to privatize social security) as a threat to industry. Someone without much schooling might think cutting government-funded research is actually beneficial to industry. Since the industry can always do it by itself. Yeah, yeah. That's the ticket. Let's see those stem cells grow. Some others might point out that the United States' lead in the industry surrounding the Internet is a direct result of government funded research. But that wouldn't fit very well with the agenda of someone else who needs some quick funding cuts to help soften the damage being done by earlier irresponsible tax cuts. Or, to keep the $160 Billion dollar Iraq War of aggression from appearing to be the scam it is.

Cost of War ($)

Cost of War (lives)

Note: the above two links are U.S.-centric.

Why do you fear a woman in power? Bush's bankruptcy of the Federal government and sale of the debt to foreign countries is highly irresponsible. Bush refuses to cut government programs to go along with his tax "cuts" (they aren't cuts when the tax will have to be taken later). It is wonderful the billions Bush has spent on invading Iraq. Billions of U.S. taxpayers dollars spent with no return (well, some return). Bush is doing a bang-up job of showing just how fiscally responsible Republicans are.

Vietnam.

You're getting a good kicking in Iraq too. Sit down and shut up, fatso.

Fingerprints offer almost 0 security, unless you wipe down the sensor after every use.

For more info see: http://cryptome.org/gummy.htm

The comments on this story are the most misled, ignorant, and tinfoil-hatted I've ever seen here. Take the time to RTFA, as well as the link I posted, and do everyone a favor. You all might even learn something.

The are many examples, such as this, which show there is no difference.

There are lots of ways to distribute software. And sometimes a very good reason to do so.

An off-the-shelf laptop with an external firewire drive is all that's needed here. With A5/2, it sure seems like you can get a real-time view of the traffic, while A5/1 makes you wait a couple of minutes, not because of some intensive CPU task, but just to have enough packets to derive the key (this is pretty similar to the current WiFi cracking fad, in spirit)

The lack of evidence of any such thing happening may be because of the lack of legitimate reasons for having a gsm cracking sourceforge project, since unlike WiFi, you can't really claim you'd need it to secure your own GSM setup. It doesn't mean such toolkits don't exist.

The paper below was written a year and a half ago.. In the internet world, companies that knowingly leave their customer's private information exposed by not fixing known security holes tend to get in trouble. Aren't you curious to know if modern GSM phones are still vulnerable to this?

"Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communications," by Elad Barkan, Eli Biham, Nathan Keller

Abstract. In this paper we present a very practical cipher-text only cryptanalysis of GSM encrypted communications, and various active attacks on the GSM protocols. These attacks can even break into GSM networks that use "unbreakable" ciphers. We describe a ciphertext-only attack on A5/2 that requires a few dozen milliseconds of encrypted off-the-air cellular conversation and finds the correct key in less than a second on a personal computer. We then extend this attack to a (more complex) ciphertext-only attack on A5/1. We describe new attacks on the protocols of networks that use A5/1, A5/3, or even GPRS. These attacks are based on security flaws of the GSM protocols, and work whenever the mobile phone supports A5/2. We emphasize that these attacks are on the protocols, and are thus applicable whenever the cellular phone supports a weak cipher, for instance they are also applicable using the cryptanalysis of A5/1. Unlike previous attacks on GSM that require unrealistic information, like long known plaintext periods, our attacks are very practical and do not require any knowledge of the content of the conversation. These attacks allow attackers to tap conversations and decrypt them either in real-time, or at any later time. We also show active attacks, such as call hijacking, altering data messages and call theft.

a) US citizen
b) Known permanent resident alien
c) Unincorporated association substantially composed of US citizens or resident aliens
d) Corporation is it is incorporated in the US and non directed or controlled by a foreign government.

The NSA is not allowed to collect on any of those entities; see Executive Order 12333 and USSID 18. Of course, there are exceptions, which keep getting broader and more numerous. But if you're a US citizen, you can be reasonably sure that the NSA is not collecting on you.

Yes, its all paranoia and delusions and none of this is really happening. Software and information are not having an exponentially increasing role in human civilization and noone is really trying to take control of it. Just as noone is patenting new DNA strains and then suing people on whose fields they spread. We can all go back to sleep. You sure did.

I'd suggest the War On Drugs at the very least, and more likely an international banking conspiracy of some kind, or perhaps something involving plagues and/or famine.

I find it curious that you suggest the kinds of pursuits which are the favourite of those who promote "intellectual property". Last time I looked it was MPAA/RIAA who were conducting "War on piracy" and it was poeple like me who were against it. I guess you probably call all those who used to point out non-existence of WMDs in Iraq prior to the war "paranoid people obsessed with famines and plagues" too.

Your biometric information is not secret. The police or your parents might have a copy of your fingerprints, for example. It's theoretically difficult to duplicate biometric data, but certainly not impossible: Cryptome has a copy of the research paper where researchers used $20 worth of common kitchen items to successfully fool every commercial fingerprint reader on the market.

Assuming forgery is tougher than that, the problem really is in the "interface" -- at some point the information stops being "biometric" and has been converted by circuitry into digital data. Digital data, of course, can be sniffed, copied, and modified. That's the real weak point of the biometric systems. If you can replace real biometric data with spoofed data, the computer systems downstream aren't going to know the difference.

The mysterious death of Kenneth Trentadue

The body of Kenneth Trentadue lay in a coffin in an Orange County, Calif., funeral home. His family had been told by the U.S. Bureau of Prisons earlier that week that the man hanged himself with a bed sheet on Aug. 21, 1995, while in federal custody at the Federal Transfer Center (FTC) in Oklahoma City. But Trentadue's family members who viewed his corpse-his wife, mother and sister-doubted the story. ...

the prison had gone to the trouble of putting Kenneth in a suit and applying makeup to his face-departing from the no-frills way the BOP typically releases dead inmates to their families-but had not bothered to mask his slashed throat.

Then the women noticed Kenneth's wrists and knuckles were black and swollen, strange injuries for a hanging.

Trentadue's sister, Donna Sweeney, clutched a camera she had brought with her. Taking a deep breath, she directed an attendant to strip Kenneth's body and scrub the heavy makeup from his face.

What the women saw shocked and disgusted them. Kenneth's head bore three massive wounds, two of which had ruptured the flesh to expose the skull. Below his left arm were fingerprint marks suggesting he had been propped up and held by someone else. Patches of skin had been ripped from his back. Bruises and welts lined the entire body, from his eyelids to the soles of his feet. [cont.]

I wouldn't be surprised if Homeland Security Operations Morning Briefs that we leaked are also part of their inclination to avoid digital record keeping (and comprehensive FOIA searches)

These reports show an interesting view of the domestic intelligence gathering being done at the DHS.

... what happened to the America I used to know?

Funny, you would think that since less and less work goes into FOIA requests, simple if you only have to write letters to deny access, there would be plenty of time to do thorough searches for the few that are still granted. But then again FBI digital document projects arent inspirational unless you are a contracter ofcourse.

For those who want to know what kind of requests this is about, lists of FOIA request are subject the the freedom of information act and are avaiable here. Its funny to see the "all little green men info" requests right next to legitimate historical research inquaries. (or should that be other historical research ;-) )

To stay up to date on what data is kept secret there is always secrecy news run by the federation of american scientist. You can join their fight to open up overall budget totals of the inteligence agencies.... during the cold war! Its always the paranoid lunies that want an open goverment. Its like these people think they know better what they are talking about then the politicians...

There is good news as well, cryptome.org demonstrates that classification policy is often that, policy(weekly DHS memo`s) ;-) And this will only get better when more and more information gets digital.

Anyway, this is an ongoing battle and since shrub and gang are past half time, have pissed of everyone who has to keep these secrets, demonstrated just how powerfull a political tool classification policy is and the 911 rapport was pro-openness things can only get better from here right?

Funny, you would think that since less and less work goes into FOIA requests, simple if you only have to write letters to deny access, there would be plenty of time to do thorough searches for the few that are still granted. But then again FBI digital document projects arent inspirational unless you are a contracter ofcourse.

For those who want to know what kind of requests this is about, lists of FOIA request are subject the the freedom of information act and are avaiable here. Its funny to see the "all little green men info" requests right next to legitimate historical research inquaries. (or should that be other historical research ;-) )

To stay up to date on what data is kept secret there is always secrecy news run by the federation of american scientist. You can join their fight to open up overall budget totals of the inteligence agencies.... during the cold war! Its always the paranoid lunies that want an open goverment. Its like these people think they know better what they are talking about then the politicians...

There is good news as well, cryptome.org demonstrates that classification policy is often that, policy(weekly DHS memo`s) ;-) And this will only get better when more and more information gets digital.

Anyway, this is an ongoing battle and since shrub and gang are past half time, have pissed of everyone who has to keep these secrets, demonstrated just how powerfull a political tool classification policy is and the 911 rapport was pro-openness things can only get better from here right?

Actually, all of the quantum principles quantum computing is based on are actually experimentally proven. Indeed, quantum computers have been built, except that they are currently restricted to a few qubits. A factorization of 15 with Shor's algorithm has already succeeded.

An unsolved problem, however, is how to build larger quantum computers. Maybe it's impossible in practice to get more than a few individually controllable qubits sufficiently protected from the environment. But that's quite a different statement than the one you made.

Well, probably you just tried to troll anyway.

It's not a myth. Or is it that you can't bring yourself to question your worldview that perhaps the US government isn't as benevolent as you'd hoped? As it stands today, the US is unable to support itself with domestic oil alone. That means that in order to support its war machine, it needs foreign oil and gas to keep functioning. Do you think it's coincidence that Pakistan enjoys impunity over its KNOWN nuclear black market while Iran is vilified for even ATTEMPTING to gain nuclear know how?

Wake up and realise you no longer live in a nation built on free and fair values, but rather on global hegemony designed to ensure its supply of resources to maintain living standards at present levels at the expense of everyone else. Democracy and freedom don't factor into the equation. They are merely platitudes to keep the populace uneducated. Why not read a few other sites for a different viewpoint:

Counterpunch

Truthout

Information Clearing House

Cryptome

EFF founder John Gilmore has been fighting these so-called rules for some time now. Check out Gilmore vs Ashcroft regarding these rules.

Wired magazing wrote:

A recent lawsuit filed by Electronic Frontier Foundation founder John Gilmore against U.S. Attorney General John Ashcroft, United Airlines and several others challenges the requirement that airline flyers present government-issued identification in order to travel within the United States.

As it turns out, there may be no such law on the books. Instead, carefully worded rules and statements allow airlines to make it seem that way. Under current federal regulations, they're only required to ask for ID, not to make it a condition of travel.

"It creates the illusion of security without any real security," longtime civil libertarian Gilmore said of the ID requirement, which he deliberately flouted at San Francisco and Oakland, California, airports on July 4 in order to establish the case.

I should also have included some relevant links to Internet based news sources bookmarked in Safari:

Slashdot of course.
CNN of course.
NYTimes for the writing and quality of reporting.
BBC for the big mainstream non American news perspective.
Kevin Sites for on the ground reporting in Iraq.
Dan Gillmor for news grassroots news.
CBS for financial info.
CNET for tech news.
Global Security for political defense news.
Google for a good news accumulator.
Cryptome because John manages to pull some pretty damned interesting articles out.
NPR of course. Don't forget to donate.
Reuters because they have the news.
Washington Post for beltway news.
Wall St. Journal for more financial news.
NPR Marketplace for more financial news.
CBS for mainstream US news.
Technocrat for real science oriented geek news, like Slashdot only with less noise.
Oh, yeah and
Macsurfer for a Macintosh community oriented news accumulator.