Slashdot Mirror

If we're working on making a touch screen phone more accessible to the sightless, why not ditch the screen entirely and replace it with a tactile display capable of adapting to the needs of the user? This would make it possible to still have your email or even text messages right at your fingertips - literally!

Here's a prototype that I'm sure could be improved upon and made portable given the right amount of funding.

http://www.nist.gov/public_affairs/factsheet/visualdisplay.htm

Several points about this:
-DES was never algorithmically broken--it was just designed with too small a key size. 3DES effectively doubles the key size to something reasonable. MD5, however, is actually broken--it has algorithmic weaknesses that can be exploited. Thus, it's not an analogous case.
-We know a lot more about hash functions now than was known when MD5 was designed. From new attacks (e.g. multicollisions) to new design techniques (e.g. HAIFA), there's a lot more knowledge for cryptographers to use.
-As a corollary to the above, any new algorithm, even your 3MD5, would require application support. If we're going to ask people to code that up, why not get something entirely new?
-Finally, practical considerations. NIST wants something flexible for SHA-3, and there are various requirements that are not met by the above proposal. (Digest size from 224 to 512 bits, for example.) There are additional implementation considerations that make your proposal worse than MD5 itself--notably, the requirement that the bytes be read three times in various orders. Just about every practical hash function proposal (including all the major existing ones, and all the SHA-3 candidates I've looked at) is computable "online"--that is, it can be computed in a single pass reading through the message. It doesn't require multiple passes or even keeping the entire message in memory at once.

In short: NIST is looking for something better than SHA-2 (and definitely better than SHA-1). 3DES was a good idea because DES itself was still good, but in this case it's better to start fresh than throw a random patch on an old-and-broken algorithm.

Read the Federal Register notice to get an idea of what NIST wants out of this. It's a lot broader than "a patch on MD5."

I've been using scimark for years to evaluate system performance with java.

Try it yourself.

Linux has outperformed windows (on average) for years, and OSX as well until recently. (java 1.4 performance on OSX was dismal)

http://web.nvd.nist.gov/view/vuln/detail;jsessionid=0c8c144eb41e20dbd593d3e592c0?execution=e1s1

The Links browser? Stallman knows what's up! What do you guys think, Lynx or Links? I prefer Links, just seems easier to use to me. Lynx actually did have a vulnerability disclosed in October, http://web.nvd.nist.gov/view/vuln/detail;jsessionid=031729623a47404f1389622ff35a?execution=e1s1. That damn Lynx has just gotten too mainstream to be safe these days!

Under the Common Criteria (CC), people with financial ties create the product. They (or another sponsor who wants the product evaluated) pay an independent lab (CCTL) to evaluate it. Labs are certified by NIAP, a partnership of NIST and the NSA Information Assurance directorate. (The NSA has two main parts, the other is Signals Intelligence.) The independent lab evaluation is overseen by a Validation team employed by the government, who reviews the process and results of every evaluation, including all vendor evidence, before it is certified. The Validators also oversee the labs for proper execution of the CC. Once it passes all these reviews successfully it is certified.

Certifications are tiered by Evaluation Assurance Levels (EALs), from 1 to 7. Generally, the higher the EAL, the greater confidence there is in the vendor claims. This is NOT the same as being more secure!

The way to use these certified products is to select a product family (say firewalls), and review at a minimum two documents: The Security Target (ST) and Validation Report (VR). The ST is written by the vendor or sponsor, and basically contains the security claims they're making for the product, and how they expect the product to be used. The Validation Report describes how those claims were evaluated, and what notable things the Validation team observed during the evaluation. After reading both of these documents (usually not more than 100 pages - pretty short for 1-2 years of work) you can determine if the product can be used in its certified configuration in your environment.

Check out some interesting operating systems, like Windows XP, Mac OS X, or one of the Linux's.

It's certainly not perfect, but it's better than what we had.

I'm sorry if I take a test that gives Windows and Linux the same security rating not very seriously.

Don't be a pussy this guy sounds legit.

There are other agencies, such as NIST, that may help. They offer checklists and guides for configuring specific systems:
http://checklists.nist.gov/ncp.cfm

Other US Agencies also are concerned with security.
SECURE REMOTE COMPUTING
SECURITY TECHNICAL IMPLEMENTATION GUIDE
http://iase.disa.mil/stigs/stig/src-stig-v1r2.pdf

NIST SP800-114 provides a great guideline for teleworkers and remote access. Definitely a must read for providing a resource to your employees. http://csrc.nist.gov/publications/nistpubs/800-114/SP800-114.pdf

You sir, are grossly misinformed, serpent is about twice as secure as rijindael with the same bit rate.

please read this:
http://csrc.nist.gov/archive/aes/round2/comments/20000515-bschneier.pdf

If you look at the seminal works in computer security you will see that a lot of the most significant early ones were reports for the Electronic Systems Division of the Air Force Systems Command.

I don't know how much damage has been done to either or both of USAF and NSA by incompetent and technically illiterate managers and politicians since those days but a spy agency with expertise in cryptographic algorithms is not what you need in overall charge of the thinking about systems security. An organisation where systems must be usable by people overloaded with work in a high stress environment is more appropriate than one whose mission is to spy on foreigners and die rather than give up any information.

I would cite SELinux as an example in support of my argument. It is fine in theory but so hard to use in practice that the usual advice is to disable it if you want to get any work done. This fits the spy agency thinking that it is better for the system to be inoperable than for there to be any possibility of information leakage. That is totally unacceptable to anyone who needs to get a job done.

Having had my little rant, maybe I should read the article...

If you have the genome sequence and know the markers that are likely to be tested, e.g. the FBI's CODIS Core STR Loci:

http://www.cstl.nist.gov/strbase/fbicore.htm

then you could potentially engineer a fake sample (covering just the forensically targeted regions) using only existing technology...

Ummm, WWVB has a "DST" bit. My WWVB-based clocks set DST correctly, even when Congress screws with it.

http://tf.nist.gov/stations/wwvbtimecode.htm

Have you ever seen this? http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1673

So you never saw this? http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1

Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

In other words: any idiot on your network can gain admin access to any attached Windows-based system with file-sharing enabled. I'm really glad that they're releasing an emergency patch for this, because that's a pretty fucking crazy description of an exploit, especially since it affects all versions of their last 10 years of operating systems.

...EVERYTHING in the universe is radioactive to some degree. Except for iron.

To be radioactive you have to have nuclei. 96% of the Universe is Dark Matter and Dark Energy that does not contain any nuclei. Of the remaining 4% the vast majority is in stable isotopes of hydrogen and helium and so is not radioactive. Additionally there are radioactive isotopes of iron. Iron-56 may be the most stable atomic nucleus but there are many other isotopes of iron some of which are radioactive.

For your own educational review...

http://physics.nist.gov/cuu/Units/binary.html

and yes, they refer to usage with Bytes (B) not just bits (b)...

I suspect that they'll just spec FIPS 140-2 certification for the crypto app.

Unless they can compel blizzard to provide the full source to the program, they cant prove which files are or are not part of the program's resources.

Ah, one of the few benefits of proprietary software lockdown.

Obviously you've never heard of File Advisor nor of the National Software Reference Library They may not have it today, but check back tomorrow.

GiB is a made-up term.
No programmer/engineer/nerd worth their salt (bandwidth?) uses it.

Yeah, those programmers/engineers/nerds at NIST and IEC need more salt. Possibly pepper too.

http://physics.nist.gov/cuu/Units/binary.html
http://www.iec.ch/

No programmer/engineer/nerd worth his salt worries about wimpy concepts like ambiguity!

Seriously, though, the GB versus GiB issue makes me cringe every time I think of it. I'm a tech writer, and I ought to be all Usage Nazi about making sure people stick with the SI meaning of "Giga" and insist that the use the IEEE conventions when referring to powers of two. But arguing with engineers about this is just not a productive use of my time. So I always say "GB", and spell it out if there's any ambiguity. And there's usually not: nobody makes DIMMs that hold 4 x 10^9 bytes. I can safely assume that when I refer to a 4GB DIMM, people know I mean 4 x 2^30.

And remember, sticking with SI and IEEE conventions is no guarantee that you'll not be misunderstood. If I rely on SI conventions in a context where people are expecting nerdy powers of 2, I'll probably be misunderstood. The only solution is to spell it out.

Perhaps you'd like to tell us whether a GB is base 2 or base 10 then.

It's a disambiguation, and no programmer/engineer/nerd worth their salt argues for less specific information for the sole reason of being socially favorable.

Indeed - See http://physics.nist.gov/cuu/Units/binary.html

And who will oversee the overseers? And how can the agencies be independent when they are being "overseen"?

you cannot totally rely on any single agency for anything. That's why you have indepenedent groups do indepenedent tests. Except, if they are all "overseen" by the same overseer, they are not independent. In fact, there is in effect only one agency.

That's why we have agencies like NIST, ASTM, SAE, UL, and others. They are independent, monitored by government agencies, and composed of a wide variety of groups so that they can't be easily subverted by any one group. It is these groups that certify laboratories and test procedures and ensure that testing is done in a rigorous and scientific fashion. Yes, you can't have 100% certainty that an agency is completely immune to influence but you can take reasonable steps to safeguard against it.

Oh and by the way, where did I say anything about a single agency or oversight group? The best would be several independent evaluations and oversights. Again, it's up to the consumer to judge the proper level of validation to which they feel comfortable about a product. To some people all it takes is a smiling face in a TV commercial, to others it will be many years of intense scrutiny. Personally, I tend toward the latter.

From a link in TFA:

"Although the bots are a few tens of micrometers to a few hundred micrometers long, they are considered âoenanoscaleâ because their masses range from a few nanograms to a few hundred nanograms."

That's funny. Your objection makes me realize how arbitrary the label "nano" is. Our base units (meter, second, kilogram) are all entirely manmade and chosen for historical reasons that could just as easily have led to different base units. It's an accident of history that we're now working at length scales one-billionth of the base chosen 130 years ago. And it's entirely coincidence if we happen to be also working at one-billionth of our time and mass units.

Maybe we should just arbitrarily agree that "nano" means "based on meter, second, kilogram base units" and nothing magical happens in the nano range that doesn't happen in the micro and pico ranges.

That's funny. Your objection makes me realize how arbitrary the label "nano" is. Our base units (meter, second, kilogram) are all entirely manmade and chosen for historical reasons that could just as easily have led to different base units. It's an accident of history that we're now working at length scales one-billionth of the base chosen 130 years ago. And it's entirely coincidence if we happen to be also working at one-billionth of our time and mass units.

Maybe we should just arbitrarily agree that "nano" means "based on meter, second, kilogram base units" and nothing magical happens in the nano range that doesn't happen in the micro and pico ranges.

From the article the playing field is 30 x 30 mm. From the image with the article, the playing field is 1.5 x 2.5 mm. From the NIST PR, " These abilities are tested in three events: a two-millimeter dash in which each nanobot seeks the best time for a goal-to-goal sprint across the playing field; a slalom drill where the path between goals is blocked by "defenders" (polymer posts) and a ball handling drill that requires robots to âoedribbleâ as many âoenanoballsâ (microdisks with the diameter of a human hair) as possible into the goal within a 3-minute period."

A "2 mm sprint" indicates that the picture is correct, and the text in the article is messed up.

Throughout this report, it should be recognized that while the physical damage and failure mechanisms observed were reported in their present condition, in most cases it was difficult or impossible to conclude which extreme loading event may have led to the damage. In other words, the damage may have been a result of the aircraft impact, the subsequent fires, the ensuing collapse of the buildings, or the subsequent handling related to the recovery efforts. It should also be recognized that in many cases it was difficult or impossible to conclude when fire exposure occurred, that is, whether the fire exposure transpired prior to collapse or during the time period that the piece was in the debris pile at the WTC site (for some samples, possibly up to 4 months). (NIST NCSTAR 1-3C, WTC Investigation, p. 2)

(Disclaimer: my brother works for NIST, in this department, although he did not participate in this investigation)

2. gets his hands on the keyfob - more like sitting near you at a restaurant/bus/train/airpl

No, really, hands. You don't transmit the private key over wireless, of course, just do challenge-response.

And if the folks building this thing do their jobs right, it won't be possible to clone even then without (1) expensive equipment and people able to defeat the tamperproofing, and (2) destroying the device being inspected.

That's just regular tamperproofing: Put it in an enclosure constructed such that its contents are destroyed on any attempt to open it.

I'm not saying that it's an easy problem, necessarily... but there are plenty of folks who've done it, and there are standards which folks claiming to have implemented such a thing can be tested against. See FIPS 140-1.

...just like everywhere but the US metric is the standard.

I don't know which countries have not standardised on the metric system, but certainly the USA is not among them.

In fact, the USA was one of the very early adopters and is one of the original signatories to the original metric treaty! Since then the united states inch has officially been defined to be 2.54 cm.

Which proves the original poster's point: there's a difference between a legal, international standard and customary usage.

FWIW I did my engineering education in the USA; we did physics in cgs, engineering (flight) dynamics in mks and mech E / manufacturing etc in mils, inches, foot-pounds etc. Nobody particularly cared (and note that cgs isn't SI). This was mid 1980s MIT and things may have changed over the past 20 years. Personally I do not approve of the use of the metric system (neither the size of the units nor the decimal divisor) despite living for years quite close to the Kilogramme in France.

Oh yeah, here's a NIST link that explains some of this.

It's 303 K or 303 kelvins, though, not degrees Kelvin.

Oops. Here's the link: http://wtc.nist.gov/media/comments2008.html

I did the sum in reply. I think your response is more satisfying; at least I got a smile out of it instead of...oh, horror at people's ability to quote technical from a basis of complete ignorance.
As it happens, a lot of this sort of stuff is answered quite gently in the NIST's FAQ
But that would require reading

This report comes from NIST, an agency of the Commerce Department run by James Turner, who came from the Energy Department and has never been confirmed as a full Director. The Commerce Department, and NIST, is an Executive Branch agency overseen by Cabinet member Carlos Gutierrez, who of course is appointed by Bush.

more whitewashing, make sure you never watch the actual footage of that building coming down either, looks pretty symmetrical to me

Sorry to feed the troll, but just for the record: the claim about asymmetry refers to the layout of the floor beams, which is asymmetric around some beams due to the trapeziodal shape of the building.

In particular, why would it happen at nearly free-fall speed, as if every column in the structure failed simultaneously? That's the thing that gets me. I would expect a much slower, more incremental collapse. Guess I have to go read TFR.

Actually, NIST puts the collapse time at 40% slower than free-fall. The reason it seemed so sudden and quick is because we've only ever had video of one side of the building when it finally fell.

Check out the videos on this page: http://www.nist.gov/public_affairs/releases/wtc_videos/wtc_videos.html

About 23,000 gal. of diesel fuel was stored in the bldg, mainly on the bottom floors but some as high as the 7th. "Several months after the WTC 7 collapse, a contractor recovered" the fuel from the tanks and, "unaccounted fuel totaled... somewhere between 0 and 2,000 gallons..." And "The worst-case scenarios associated with fires being fed by ruptured fuel lines-or from fuel stored in day tanks on the lower floors-could not have been sustained long enough, could not have generated sufficient heat to weaken critical interior columns, and/or would have produced large amounts of visible smoke from the lower floors, which were not observed."
http://www.nist.gov/public_affairs/factsheet/wtc_qa_082108.html

Anyway, steel bends in fires, that's why it has to be insulated and why steel bldg's must have sprinkler systems. I doubt the fire dept. was able to respond effectively in time.

• Ricardo Ruiz, Huiman Kang, François A. Detcheverry, Elizabeth Dobisz, Dan S. Kercher, Thomas R. Albrecht, Juan J. de Pablo, and Paul F. Nealey "Density Multiplication and Improved Lithography by Directed Block Copolymer Assembly", Science 15 August 2008: 936-939, DOI: 10.1126/science.1157626
• Ion Bita, Joel K. W. Yang, Yeon Sik Jung, Caroline A. Ross, Edwin L. Thomas, and Karl K. Berggren "Graphoepitaxy of Self-Assembled Block Copolymers on Two-Dimensional Periodic Patterned Templates" Science 15 August 2008: 939-943. DOI: 10.1126/science.1159352

Block copolymers are polymers (long-chain molecules that make up, for example, plastics) that are designed in such a way that they spontaneously form well-defined nano-patterns when allowed to equilibrate. So for instance a block-copolymer cast as a coating might spontaneously form nano-sized cylinders inside it (where the 'cylinder' and 'matrix' are formed of two different components... the two 'blocks'). Depending on what kind of copolymer you synthesize, you can form nano-cylinders, nano-sheets, nano-spheres, and other shapes (check out this, and this for some examples of the morphologies one can obtain).

One of the problems with block-copolymers, however, is that although they form very well-defined shapes (of exceedingly small and regular size), that's useless if you can't put those nano-objects where you need them. That's where this new work in "Templated Self-Assembly" comes into play. Basically you create a conventional, big pattern using the tried-and-tested techniques used to make microchips (optical lithography, e-beam lithography, etc.). Then you use that as a template for the block-copolymer. It fills in the gaps in the big pattern with its much smaller-scale nano-objects... which are now placed at well-defined positions because of the larger-scale template. So basically you get "density multiplication" of whatever pattern you're able to make.

So if you can use normal lithography to make a pattern of 100 nm, the block-copolymer can fill in the gaps and give you a pattern with sizes of 20 nm. Also, this "self-assembly" process has a way of "healing" over defects, basically giving you a very well-defined pattern even if your original template wasn't perfect.

The patterns in question can be "chemical templates" (basically stripes of different chemicals on a surface), or "topographical templates" (physical channels), which is what the two above-mentioned papers deal with, respectively. (Other kinds of directed-assembly, like surface treatments, electric fields, or thermal fields, are also possible.)

The research is coming along very nicely, and Hitachi seems pretty serious about it. There's no guarantee that this will end up in real technology someday, but I'd say this is looking more and more viable as the research pours in.

(Disclosure: My research covers similar topics, and I've worked with some of the above-mentioned people on occasion.)

Read about bose-einstein condensates and how they can hold light wave forms for long periods.

This site may be of some help.

How about you read some. And try to give us scientific references, as that pop culture you threw at me I've read already, and was not at all impressed, though sometimes Maddox is funnier than others, and sometimes his Conservative-Colbertism is on the money. That article however is not one of them, in my opinion. I like his reviews of children's art, however. Top rate.

Now go and read, and debate this on scientific points, or STFU.

http://wtc.nist.gov/media/JonesWTC911SciMethod.pdf

It's probably less likely with postgres

You mean like the UTF-8 \'-escaping vulnerability?. That one was a pretty big deal for anyone with an international database, since

• UTF-8 is the most common character encoding for "universal" usage
• PHP is one of the most common languages for web applications, and the default escaping mechanism is \'.

The best part is that you don't even have to write crap code to get hit by that... "Moderately shady" is bad enough to be vulnerable.

You can try applying to NIST. Although it is not a corporation, it is an excellent research institution with an excellent guest researcher. It is mostly geared towards graduate student, but having five year degree from Europe is enough to get in. Speaking from my own experience, a stint at NIST will help you a lot in your future career.

You can try applying to NIST. Although it is not a corporation, it is an excellent research institution with an excellent guest researcher. It is mostly geared towards graduate student, but having five year degree from Europe is enough to get in. Speaking from my own experience, a stint at NIST will help you a lot in your future career.

Read & Learn, And Legalize Marijuana

Since the article is often pulled from websites, the first article you should read and burn into your mind is this, Google for the title and archive a copy for yourself:

"A break-in to end all break-ins"
"In 1971, stolen FBI files exposed the government's domestic spying program"

It's an amazing story, and in 2008, how much has this expanded into every corner of our lives? The majority of Americans are brainwashed sheep consumers with a limp wet noodle for a brain, thrashing around with their Wii and Paris Hilton media like a fat dinoasaur in a tar pit. Stay informed, we have no privacy, encryption is good but useless with acoustic monitoring, reflections in the eye and objects in your environment, etc.! If it's electronic, there's always a loophole. You shine brighter with each electronic device you use, in many ways. Don't trust Hushmail or any web based mail service to keep anything of yours secure or to provide any reasonable degree of security. Secure your computer room and rig your computer to shut down if you use encryption like Truecrypt or other when your environment is entered by someone other than you or those you permit and trust (you shouldn't trust anyone, everyone has a price)

Compromising Reflections or How to Read LCD Monitors Around the Corner
http://www.infsec.cs.uni-sb.de/~unruh/publications/reflections.pdf [uni-sb.de]

And more:

http://www.eff.org/wp/detecting-packet-injection
http://en.wikipedia.org/wiki/Anonymous_remailer
http://cryptome.org/tempest-law.htm
http://seclab.uiuc.edu/pubs/LeMayT06.pdf
http://www-users.cs.umn.edu/~dfrankow/files/lam-etrics2006-security.pdf
http://cryptome.org/nsa-vaneck.htm
http://www.alobbs.com/macchanger
http://lifehacker.com/software/ssh/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy-237227.php
http://www.nononsenseselfdefense.com/five_stages.html
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
http://csrc.nist.gov/itsec/guidance_WinXP_Home.html
http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf
http://all.net/books/document/harvard.html
http://www-128.ibm.com/developerworks/library/l-keyc.html
http://www-128.ibm.com/developerworks/library/l-keyc2/
http://www-128.ibm.com/developerworks/library/l-keyc3/
http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
http://www.cs.washington.edu/education/courses/csep590/06wi/
http://www.wiley.com/legacy/compbooks/mcnamara/links.html
http://lifeha

Read & Learn, And Legalize Marijuana

Since the article is often pulled from websites, the first article you should read and burn into your mind is this, Google for the title and archive a copy for yourself:

"A break-in to end all break-ins"
"In 1971, stolen FBI files exposed the government's domestic spying program"

It's an amazing story, and in 2008, how much has this expanded into every corner of our lives? The majority of Americans are brainwashed sheep consumers with a limp wet noodle for a brain, thrashing around with their Wii and Paris Hilton media like a fat dinoasaur in a tar pit. Stay informed, we have no privacy, encryption is good but useless with acoustic monitoring, reflections in the eye and objects in your environment, etc.! If it's electronic, there's always a loophole. You shine brighter with each electronic device you use, in many ways. Don't trust Hushmail or any web based mail service to keep anything of yours secure or to provide any reasonable degree of security. Secure your computer room and rig your computer to shut down if you use encryption like Truecrypt or other when your environment is entered by someone other than you or those you permit and trust (you shouldn't trust anyone, everyone has a price)

Compromising Reflections or How to Read LCD Monitors Around the Corner
http://www.infsec.cs.uni-sb.de/~unruh/publications/reflections.pdf [uni-sb.de]

And more:

http://www.eff.org/wp/detecting-packet-injection
http://en.wikipedia.org/wiki/Anonymous_remailer
http://cryptome.org/tempest-law.htm
http://seclab.uiuc.edu/pubs/LeMayT06.pdf
http://www-users.cs.umn.edu/~dfrankow/files/lam-etrics2006-security.pdf
http://cryptome.org/nsa-vaneck.htm
http://www.alobbs.com/macchanger
http://lifehacker.com/software/ssh/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy-237227.php
http://www.nononsenseselfdefense.com/five_stages.html
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
http://csrc.nist.gov/itsec/guidance_WinXP_Home.html
http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf
http://all.net/books/document/harvard.html
http://www-128.ibm.com/developerworks/library/l-keyc.html
http://www-128.ibm.com/developerworks/library/l-keyc2/
http://www-128.ibm.com/developerworks/library/l-keyc3/
http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
http://www.cs.washington.edu/education/courses/csep590/06wi/
http://www.wiley.com/legacy/compbooks/mcnamara/links.html
http://lifeha

Read & Learn, And Legalize Marijuana

Since the article is often pulled from websites, the first article you should read and burn into your mind is this, Google for the title and archive a copy for yourself:

"A break-in to end all break-ins"
"In 1971, stolen FBI files exposed the government's domestic spying program"

It's an amazing story, and in 2008, how much has this expanded into every corner of our lives? The majority of Americans are brainwashed sheep consumers with a limp wet noodle for a brain, thrashing around with their Wii and Paris Hilton media like a fat dinoasaur in a tar pit. Stay informed, we have no privacy, encryption is good but useless with acoustic monitoring, reflections in the eye and objects in your environment, etc.! If it's electronic, there's always a loophole. You shine brighter with each electronic device you use, in many ways. Don't trust Hushmail or any web based mail service to keep anything of yours secure or to provide any reasonable degree of security. Secure your computer room and rig your computer to shut down if you use encryption like Truecrypt or other when your environment is entered by someone other than you or those you permit and trust (you shouldn't trust anyone, everyone has a price)

Compromising Reflections or How to Read LCD Monitors Around the Corner
http://www.infsec.cs.uni-sb.de/~unruh/publications/reflections.pdf [uni-sb.de]

And more:

http://www.eff.org/wp/detecting-packet-injection
http://en.wikipedia.org/wiki/Anonymous_remailer
http://cryptome.org/tempest-law.htm
http://seclab.uiuc.edu/pubs/LeMayT06.pdf
http://www-users.cs.umn.edu/~dfrankow/files/lam-etrics2006-security.pdf
http://cryptome.org/nsa-vaneck.htm
http://www.alobbs.com/macchanger
http://lifehacker.com/software/ssh/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy-237227.php
http://www.nononsenseselfdefense.com/five_stages.html
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
http://csrc.nist.gov/itsec/guidance_WinXP_Home.html
http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf
http://all.net/books/document/harvard.html
http://www-128.ibm.com/developerworks/library/l-keyc.html
http://www-128.ibm.com/developerworks/library/l-keyc2/
http://www-128.ibm.com/developerworks/library/l-keyc3/
http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
http://www.cs.washington.edu/education/courses/csep590/06wi/
http://www.wiley.com/legacy/compbooks/mcnamara/links.html
http://lifeha

Since the article is often pulled from websites, the first article you should read and burn into your mind is this, Google for the title and archive a copy for yourself:

"A break-in to end all break-ins"
"In 1971, stolen FBI files exposed the government's domestic spying program"

It's an amazing story, and in 2008, how much has this expanded into every corner of our lives? The majority of Americans are brainwashed sheep consumers with a limp wet noodle for a brain, thrashing around with their Wii and Paris Hilton media like a fat dinoasaur in a tar pit. Stay informed, we have no privacy, encryption is good but useless with acoustic monitoring, reflections in the eye and objects in your environment, etc.! If it's electronic, there's always a loophole. You shine brighter with each electronic device you use, in many ways. Don't trust Hushmail or any web based mail service to keep anything of yours secure or to provide any reasonable degree of security. Secure your computer room and rig your computer to shut down if you use encryption like Truecrypt or other when your environment is entered by someone other than you or those you permit and trust (you shouldn't trust anyone, everyone has a price)

Compromising Reflections or How to Read LCD Monitors Around the Corner
http://www.infsec.cs.uni-sb.de/~unruh/publications/reflections.pdf

And more:

http://www.eff.org/wp/detecting-packet-injection
http://en.wikipedia.org/wiki/Anonymous_remailer
http://cryptome.org/tempest-law.htm
http://seclab.uiuc.edu/pubs/LeMayT06.pdf
http://www-users.cs.umn.edu/~dfrankow/files/lam-etrics2006-security.pdf
http://cryptome.org/nsa-vaneck.htm
http://lifehacker.com/software/ssh/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy-237227.php
http://www.nononsenseselfdefense.com/five_stages.html
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
http://csrc.nist.gov/itsec/guidance_WinXP_Home.html
http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf
http://all.net/books/document/harvard.html
http://www-128.ibm.com/developerworks/library/l-keyc.html
http://www-128.ibm.com/developerworks/library/l-keyc2/
http://www-128.ibm.com/developerworks/library/l-keyc3/
http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
http://www.cs.washington.edu/education/courses/csep590/06wi/
http://www.wiley.com/legacy/compbooks/mcnamara/links.html
http://lifehacker.com/software/home-server/geek-to-live--set-up-a-personal-home-ssh-server-205090.php

Since the article is often pulled from websites, the first article you should read and burn into your mind is this, Google for the title and archive a copy for yourself:

"A break-in to end all break-ins"
"In 1971, stolen FBI files exposed the government's domestic spying program"

It's an amazing story, and in 2008, how much has this expanded into every corner of our lives? The majority of Americans are brainwashed sheep consumers with a limp wet noodle for a brain, thrashing around with their Wii and Paris Hilton media like a fat dinoasaur in a tar pit. Stay informed, we have no privacy, encryption is good but useless with acoustic monitoring, reflections in the eye and objects in your environment, etc.! If it's electronic, there's always a loophole. You shine brighter with each electronic device you use, in many ways. Don't trust Hushmail or any web based mail service to keep anything of yours secure or to provide any reasonable degree of security. Secure your computer room and rig your computer to shut down if you use encryption like Truecrypt or other when your environment is entered by someone other than you or those you permit and trust (you shouldn't trust anyone, everyone has a price)

Compromising Reflections or How to Read LCD Monitors Around the Corner
http://www.infsec.cs.uni-sb.de/~unruh/publications/reflections.pdf

And more:

http://www.eff.org/wp/detecting-packet-injection
http://en.wikipedia.org/wiki/Anonymous_remailer
http://cryptome.org/tempest-law.htm
http://seclab.uiuc.edu/pubs/LeMayT06.pdf
http://www-users.cs.umn.edu/~dfrankow/files/lam-etrics2006-security.pdf
http://cryptome.org/nsa-vaneck.htm
http://lifehacker.com/software/ssh/geek-to-live--encrypt-your-web-browsing-session-with-an-ssh-socks-proxy-237227.php
http://www.nononsenseselfdefense.com/five_stages.html
http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
http://csrc.nist.gov/itsec/guidance_WinXP_Home.html
http://csrc.nist.gov/publications/nistpubs/800-84/SP800-84.pdf
http://all.net/books/document/harvard.html
http://www-128.ibm.com/developerworks/library/l-keyc.html
http://www-128.ibm.com/developerworks/library/l-keyc2/
http://www-128.ibm.com/developerworks/library/l-keyc3/
http://www.cl.cam.ac.uk/~mgk25/emsec/optical-faq.html
http://www.cs.washington.edu/education/courses/csep590/06wi/
http://www.wiley.com/legacy/compbooks/mcnamara/links.html
http://lifehacker.com/software/home-server/geek-to-live--set-up-a-personal-home-ssh-server-205090.php