Slashdot Mirror

bfire writes to tell us that marketing firm uSocial has decided to apply a new monetization scheme to the Twitter service by providing packages of followers for purchase. "According to the firm, a single Twitter follower could be worth $0.10 a month. It is selling followers in various packages, starting at 1,000 for $87, which is delivered in seven days, and going all the way up to 100,000 followers at a cost of $3,479, delivered over a year." This is just the latest in a number of different exploits and problems of the Twitter universe as individuals try to subvert a popular tool into a self-serving device.

JMcCloy writes "Kevin Poulsen, senior editor at Wired News, asks readers 'Is internet voting safe?' and has a poll at the end of the article. So far, 32% responding actually think that internet voting is worth it, risks and all. It is scary how easily people can be persuaded to trust a system that is so vulnerable." The system described, used in Arizona in last year's election process, isn't just checking a box and clicking a button, but Poulsen lays out some scenarios by which it could be subverted.

Like them or not, achievements have become a staple of modern gaming, giving players goals to strive for and a measuring stick with which they can compare themselves to random strangers on the internet. Eurogamer discusses why they've become so popular, and takes a look at some of the most entertaining examples. Quoting: "... we mock Achievement points because they spell out in large numbers what is so pathetic about video games. But we also celebrate them, because, when used in funny, creative or interesting ways, they also spell out what is so compelling and wonderful about video games. Because for every Achievement in which you have to do nothing more than play through a tutorial there's another that subverts convention, rewarding you for skipping it instead. For every fetch quest that has you collecting dogtags for the millionth time, there's another that makes you fight the baddy with your arms tied behind your back. And for every Achievement you earn in jest for pressing the start button, there's another that only rewards the single best player in the world."

david_adams writes "All the recent talk about various polls and elections being pranked or hijacked, serious and silly alike, prompted me to write an article about the technical realities behind online polling, and the political fallout of ever becoming subject to online voting for serious elections. Even if we were to be able to limit voting to legitimate, legal voters, the realities of social networking and the rise of Internet-based movements would dramatically alter the political landscape if online voting were to become commonplace."

An anonymous reader sends in a story at Wired about the increasingly popular methods criminals are using to bypass PIN encryption and rack up millions of dollars in fraudulent withdrawals. Quoting: "According to the payment-card industry ... standards for credit card transaction security, [PINs] are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API. 'Essentially, the thief tricks the HSM into providing the encryption key,' says Sartin. 'This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.'"

Anonymusing writes "In spoken Chinese, 'grass-mud horse' sounds virtually identical to an obscenity (hint: it begins with "mother-") — and as a cartoon character, it has become an amazing phenomenon. Meant as a subversive attack on censors, the alpaca-like mythical creature has led to a cuddly stuffed animal — selling over 180,000 in a few weeks — and a wildly popular YouTube video with children's voices singing words that are either completely benign or incredibly offensive, depending on how you listen." Update: 03/13 09:29 GMT by T : Since this story was set up, the originally linked video seems to have been pulled. Searching YouTube reveals that there are some alternatives available, at least for now.

TechDirt notes the publication of the New Jersey voting machine study, the attempted suppression of which we have been discussing for a while now. The paper that the Princeton and Lehigh University researchers are releasing, as permitted by the Court, is "the same as the Court's redacted version, but with a few introductory paragraphs about the court case, Gusciora v. Corzine." What's new is the release of a 90-minute evidentiary video — the researchers have asked the court for permission to release a shorter version that hits the high points, as the high-res video is about 1 GB in size. See TechDirt's article for the report's executive summary listing eight ways the AVC Advantage 9.00 voting machine can be subverted.

Paul Ellis writes "Mozilla's Asa Dotzler has said 'It's really hard for me to believe that either [Microsoft or Adobe] have the free and open Web at heart when they're actively subverting it with closed technologies like Flash and Silverlight.' But are they really subverting it? Where is the line between serving the consumer and subverting the Web? This blog post makes the case that the W3C's glacial process should share in the blame for the growth of proprietary technologies."

shaunco writes "Sometime around midnight on February 26th (at least for the SoCal users), TimeWarner's RoadRunner service started intercepting failed DNS requests, redirecting them to RoadRunner's own search and advertising platform. To see if this has been enabled in your area, try visiting {some random string}.com in your Web browser. This feature subverts user preferences set within browsers, which allow the user to select which search engine receives their typos and invalid domains. RoadRunner users can disable this function — or they can just use OpenDNS. Here is an example RoadRunner results page.

macduffman writes "Kevin Martin, Chairman of the FCC, has fired a volley in the war against media moguls ... or is it in the war against freedom of the press? An article in the Editor and Publisher describes the plan to ban cross-ownership in the same market (i.e., owning a newspaper and a broadcast station in the same city). Several waivers exist for some current ownerships, but would not be passed on to new owners. The plan calls for public comment beginning in mid-November, and the FCC would vote on it a month later." This follows an unpopular 2003 decision by the FCC that was eventually invalidated by the courts. At issue is the speed at which this complex decision is being carried out: "Media consolidation opponents said Wednesday that the chairman may be moving too fast. Sen. Byron Dorgan, D-N.D., said that one month for the public to consider the rule is not enough time. 'If that's his intention, it's going to subvert the public interest,' he said. 'The FCC needs to learn a lesson here from what happened previously.'" Update: 10/19 17:58 GMT by Z :Rewritten for clarity.

40by40 writes "A Web application security specialist has figured out a way to launch man-in-the-middle attacks against a computer with a fully patched Google Desktop installed. With knowledge of the Google Desktop security model (a combination of one-time tokens, iFrames and JavaScript), hacker Robert Hansen figured out a way to sit between a target launching a Google search query and manipulate the search results to take control of other programs on the desktop. From the article: 'This should drive home the point that deep integration between the desktop and the web is not a good idea, without tremendous thought put into the security model. As Google's site is unencrypted, and they place their content that can run executables on their site, it can be subverted by an attacker," Hansen warns. Hansen's advisory comes just days after a Chris Soghoian's exposé of a similar man-in-the-middle attack scenario against a remote vulnerability in the upgrade mechanism used by a number of commercial Firefox extensions.'"

stuckinarut writes "Peer to peer file sharing network popularity is at an all time high, with hundreds of thousands of computers connected to a single P2P network at a given time. These networks are increasingly being used to trick PCs into attacking other machines, experts say. In fact, some reports indicate that peer-to-peer may actually exceed web traffic. Computer scientists have previously shown how P2P networks can be subverted so that several connected PCs gang up to attack a single machine, flooding it with enough traffic to make it crash. This can work even if the target is not part of the P2P network itself. Now, security experts are warning that P2P networks are increasingly being used to do just this. "Until January of this year we had never seen a peer-to-peer network subverted and used for an attack," says Darren Rennick of internet security company Prolexic in an advisory released recently. "We now see them constantly being subverted.""

Anonymous Chinese Coward writes "MySpace has launched in China, the world's most populous nation, but this definitely is NOT the MySpace you're used to. Members are told to click a button to report any 'misconduct' by other users. MySpace's definition of 'misconduct' includes actions such as 'endangering national security, leaking state secrets, subverting the government, undermining national unity, spreading rumors or disturbing the social order' — according to the site's terms and conditions. In China these are all crimes which carry a hefty prison sentence. Any attempt to post content containing phrases that the Chinese government doesn't like, such as 'Taiwanese independence', the banned 'FaLun' religious movement or the Dalai Lama, produces the following message. 'Sorry, the article you want to publish may contain inappropriate content. Please delete the unsuitable content, and then try reposting it. Thank you.'"

Khyber writes in with a story from Montana, where residents of Missoula County voted in a referendum intended to advise county law-enforcement types to treat marijuana offenses as low-profile. The referendum would not have changed any laws, but was advisory only. After voters approved it, county commissioners overturned it by a 2-to-1 vote. They were swayed by the argument of the county attorney, who had a "gut feeling" that Missoula's electorate had misinterpreted the ballot language. The move has resulted in a flood of disaffection among voters, especially young voters. "Is there even a point to voting any more if the will of the people can so easily be subverted by two people?" one voter posted on a comment blog.

87C751 writes "Security lists are abuzz about a presentation from the 23C3 conference, which details a fundamental design flaw in Javascript. The technique, called Prototype Hijacking, allows an attacker to redefine any feature of Javascript. The paper is called 'Subverting AJAX' (pdf), and outlines a possible Web Worm that lives in the very fabric of Web 2.0 and could kill the Web as we know it."

Macki writes "As previously mentioned, the Broadcast Flag is back before congress. There are 20 law makers currently supporting the bill. The insane thing about it is the fact that no one supports the bill except a handful of entertainment companies. Probably not even the employees of the entertainment companies. It's bad enough they want to break our televisions, but the way that they are subverting democracy is just astounding. Danny O'Brien at the EFF has done a spectacular job deconstructingthe MPAA/RIAA's efforts to ramrod this through, and more importantly, the motivations of the members of congress who are helping them."

nazarijo (Jose Nazario) writes "A group of people out there, let's call them 'elite hacker d00ds,' are able to skillfully craft Windows rootkits that evade almost any known detection system. Some people want to know how this is done, be they aspiring elite hackers, security professionals who have to try and find these rootkits, or just interested parties. If you're one of them, Grog Hoglund and James Butler's new book, Rootkits: Subverting the Windows Kernel is for you. It's focused like a laser on how to defeat detection at various levels in the Windows OS once you're in." Read on for the rest of Nazario's review. Rootkits: Subverting the Windows Kernel author Grog Hoglund and James Butler pages 352 publisher Addison-Wesley Longman rating 9 reviewer Jose Nazario ISBN 0321294319 summary A highly technical tour of how to develop and detect Windows rootkits

Some may wonder if Hoglund and Butler are being irresponsible by writing a book that shows you how to bypass detection. If you look closely, however, you'll see that all of the methods they outline are detectable by current rootkit revealing mechanisms. And they also show you how to detect many new rootkits in the process. I consider this book to be a responsible contribution to the community, professionals and amateurs alike, in the finest tradition full disclosure.

The book is organized into three major sections, even if it's note explicitly marked as such. The first section serves as an introduction to the topic and some of the high level concepts you'll need to know about Windows, control mechanisms, and where you can introduce your code. The second part is a highly technical tour of the techniques used to hook your rootkit in and hide it, And the third section is really one chapter covering detection of rootkits.

The first few chapters, which serve to introduce the topic, get technical right away. Chapter 2, for example, shows you some basic mechanisms for hooking in your rootkit. If you're getting lost at this point, you'll want to probably augment your reading with a Win32 internals book. The resources listed by the authors, though, are great. By this point you can also see that the writing is clear and the examples contribute perfectly to the topic. Hardware hooking basics are covered in chapter 3, which should give you some indication of the book's pace (quick!).

By the time you get to chapter 4 and discussing how to hook into both userland and the kernel, you're getting at some very valuable material. Although the book focuses on kernel hooking, a brief description of userland hooking is provided. Chapter 5 covers runtime patching, a black art that's not well known. This is almost worth the full price of admission, but the material gets even better.

In chapters 6-9 you get into some serious deep voodoo and dark arts. In these chapters you'll learn the basics of direct kernel object manipulation, layered device drivers (which can save you a lot of work), hardware manipulation, and network handling. All of these are techniques used by rootkit authors to varying degrees and effect, so you should become familiar with them. The code examples are clear and functional, and you'll learn enough to write a basic rootkit in only about 150 pages. Simple keyboard sniffers and covert channels are described in the code examples. Useful stuff.

I can't say I found many errors or nits in the book. There's some problems at times getting the code formatting just right, and what appear to be a few stray characters here and there, but nothing too obvious to me. Then again, I'm not a Windows kernel programmer, so I don't feel qualified to comment on the correctness of the code.

In the finest tradition of using a blog and dynamic website to assist your readers, the authors have set up rootkit.com, which nicely supplements their book. Most of the resources they mention in the book are available here, as well as a great array of contributors and evolving techniques. Without the book the site is still useful, but together they're a great combination. Too many books lose their value once you read them, and some books stay with you because you're having difficulty understanding the authors. Rootkits will stay near you while you develop your skills because it's a lot of material in a small space, and although it's very clearly written, there is a deep amount of material to digest. You'll be working with this one for a while.

My only major wish for this book is for it to have covered detection more significantly. One chapter covers how to detect rootkits, and although you may be able to look for some specific telltale signs of rootkits depending on how they were introduced, a more complete coverage of this approach would have made the book even more worthwhile.

Rootkits is an invaluable contribution in the wider understanding of advanced attack and hacker techniques. Previously, much of this material was known to only a handful of people, and assembling your own knowledge base was difficult. Hoglund and Butler write clearly, use great code examples, and deliver an excellent book on a high technical and specialized topic. If you're interested in learning how to write your own rootkit or detect someone else's rootkit on your system, you should definitely start with this book.

You can purchase Rootkits: Subverting the Windows Kernel from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Ensign Stinky writes "The NYTimes has a story, with some spooky-cool pictures, about software to extract exactly what image a person is seeing with their eyes, just from the reflection on their cornea. You can see even a wider image than the subject and tell what they're specifically focusing on. It's too bad the coolest tech is immediately subverted for evil. The possible applications listed include 'surveillance cameras that spot suspicious behavior.' Remind anyone of that scene in the movie 'Wild Wild West' where they extract the last thing the dead guy saw?"

Peter Wayner writes: "When jury duty called, I was lucky enough to have a copy of Larry Lessig's new book, Free Culture: How Big Media Uses Technology and the Law to Lock Down Culture and Control Creativity, to take along. The Mitchell Courthouse in Baltimore is one of the most beautiful and ambitious marble allegories for how the law can be elegant, ornate, and permanently imposing. It was the perfect place to read a new book devoted to stopping the old guard media czars from using law to keep the couch potatoes down." Read on for the rest of Wayner's review of the book -- which is released today in hardcover, but also available for free online. Free Culture: How Big Media Uses Technology and the Law to Lock Down Culture and Control Creativity author Lawrence Lessig pages 388 publisher Penguin rating 9 reviewer Peter Wayner ISBN 0375505784 summary Lessig takes a serious but accessible look at how law has been subverted by Big Media and proposes workable steps for taking it back.

Lessig is now famous for a number of reasons, including his two previous books, Code and Other Laws of Cyberspace and The Future of Ideas : The Fate of the Commons in a Connected World. In the first, he was one of the first to affirm what many Slashdot readers know almost instinctively: whomever writes the code determines how the world works. Making the right decisions about power and control when designing a computer system is just as important as writing laws for the future. In the second, he writes of the importance of a vast cultural commons which acts as the wellspring for our expression and the grounding plate for our souls.

His new book is his most casual and most accessible. His prose is improving as he drops the footnote-heavy habit of legal writing and adopts a bloggier style driven by anecdotes and personal revelation. And what anecdotes he has -- Lessig's years on the barricades have given a surprisingly large collection of tales that will make any artist or citizen cringe. Time and time again, the powerful warlords of the entertainment conglomerates have banded together to try to stomp out the sharing and cooperation emerging from the Internet. After years of amassing a strangehold on the world's culture, the conglomerates aren't letting this cheap, fast and out-of-control technology sweep it all away.

My favorite anecdote, if one could be said to stand out, comes from a film maker documenting an opera company. When the camera caught a snippet of the stagehands watching the Simpsons with the sound turned down, the director wanted to add a four-second clip to the movie. Matt Groening said "Yes." The lawyers said it was clearly fair use. But Fox's executives responded with the kind of obscenity that doesn't upset the FCC: pay us $10,000. The clip didn't make the film because the director couldn't afford to go head-to-head with the Fox legal department.

This is just one of a number of stories of how interesting, invigorating content and innovation was strangled at birth by old guard. The anecdotes are, I think, an effort to atone for his loss in the Eldred case and reargue it. He presented the Supreme Court with a very logical and legal reading of why it was wrong for Congress to continue extending the length of a copyright monopoly and the court didn't buy it. A friend of his said that this tack was wrong because the court wanted to feel the depths of the injustice. The justices didn't want laws and footnotes, they wanted something human. Lessig blames his loss on not taking this advice. (As an aside, Lessig's personal description of taking a case to the Supreme Court is a good way to understand just how human the game can be.)

This time around, he piles the examples on top of more examples to show just how the conglomerates can hurt the artist and culture in general. After this case failed, Lessig tried another compromise that exposed the true goals of the copyright czars. Lessig describes his efforts to recreate a copyright registration system. If someone wanted to keep a copyright in force after 50 years, Lessig suggested getting them to pay a $1 fee. This would help everyone keep the copyright straight and make it simpler for everyone to understand just who has what rights to an art work. Any art work that goes unregistered flops into the public domain. Anyone who's tried to clear rights to a project will see this as a step in the right direction. The copyright industry, however, rejected this structure in a way that Lessig suggests illustrates how much this is about power and control, not creativity and expression.

Lessig has other tricks up his sleeve. If he can't convince the U.S. government to change the law, he can appeal to the artists themselves who have the ultimate control. He started his Creative Commons project several years ago and now artists can use several boilerplate licenses that reserve some of the rights while releasing others.

This new book itself is also available for free (PDF) under the license, a tactic that has worked well for Cory Doctorow and myself in the past. When I released Free for All under the license several years after the book was published, I watched the asking price on Amazon's used book market rise more than 40%. It wasn't a big jump, but it was still a bit counterintuitive. The freely available text encouraged people to buy the more readable printed version. I think Lessig will see the same effect. The sales driven by the people who read the electronic version will be greater than the sales lost to the people who just read the downloaded copy.

The good news is that the markets and the consumers are already heeding Lessig's advice because they instinctively disdain a monopoly. The power of the old networks is rapidly disappearing and the increasing concentration among the old guard is as much an illustration of the last ditch effort by the executives to cash out by taking large bonuses from the transactions. Some worry about the concentration of power in the radio world by companies like Clear Channel. But who listens to radio for music any longer? One Clear Channel station near my house plays traffic reports every 10 minutes during the day because their audience is dominated by people trapped on aptly named "parkways". The station may play as few as three songs an hour between 6:30am and 9am. The rest of the time, they yak about movies or the weather and their influence upon music continues to drop.

There are surprisingly good alternatives developing to take over the space. Lessig does an excellent job describing how the Internet radio stations were mugged with unfair regulations, but it's important to remember that they continue to exist because they offer something better than endless traffic reports. Furthermore, competition is coming from strange places. Starbucks is just one such company selling commercial- free mix tapes that are, for almost all intents and purposes, just a plastic disk version of a cool DJ. More and more radio-like venues are appearing.

There are other reasons why the concentration is backfiring. Lessig does a good job explaining how the television networks are squeezing out competition from independent producers. He describes how Norman Lear was only able to bring us "All in the Family" because he was free to take his work from ABC to CBS. That freedom disappeared after Congress repealed the laws forbidding the networks from owning stakes in the shows they broadcast. Now, if you want to get on CBS, it helps to sell a part of your show to CBS or, even better, just sell the whole thing.

But is this strategy really working for the networks? Their ratings continue to plummet. There's a reason why there are so many drug commercials for arthritis remedies on network air. That generation is the last one who watches network television almost instinctively. Lessig likes to complain about the "soviet" nature of these networks. It's a wonderful word that reads on many levels. The more they squeeze out competition and aggregate power in the committees, the more they lose the fluid competition that lets cream rise to the top.

So, who really cares if CBS isn't available on the Dish network? There are hundreds of other channels offering good fare. It was a different story in the 1970's when there were only three networks and CBS offered shows like "All in the Family" and "Mary Tyler Moore". Then, they controlled the heart of our popular culture. Today, the network ratings are so low on Saturday night that all of the networks are looking for a way to stop broadcasting on that day. Aside from the NCAA basketball tournament, I've lived without CBS for years without missing a thing. (Even then, I get most sports news from the websites.) The DVD player is a very, very powerful and destructive technology. When you can buy 50 movies for $30, who even needs CBS, the Dish network or HBO?

All of these idea swirled through my mind as I read Lessig's book and waited during jury duty. Are things getting worse or better? Are the 40+ million plus fileswapping pirates winning, or are the draconian laws crushing our creativity like a jackboot? I spent my time thinking of this balance while waiting for the judge and the attorneys to sift through 150 people to find the right 12 folks to render a fair and impartial verdict. On one hand, it was remarkable that society was being so careful before imprisoning someone for attempted murder. On the other, it was clear that the effort can't be sustained for the 40 million+ file sharing pirates who are thumbing their nose at the law.

Lessig understands this. One of his most persuasive arguments is that the current law becomes more marginalized as it becomes increasingly less fair. Prohibition of alcohol corroded the law and now the increasing prohibition of fair use is eroding respect for copyright.You only need to travel a few blocks from the Mitchell court house to end up in dangerous regions of Baltimore where the marble and the pomp can't do much to protect you. Lessig, the lawyer, knows the law can only work when it is fair and equitable. This new book is a strong and passionate argument for how we can restore some sanity to the system and restore our faith in copyright law. Some people think that Lessig is trying to "smash" the copyright system, but I think he's just trying to restore its ability to function.

Peter Wayner is the author of Free for All , a book on the open source movement and Policing Online Games, a book on how to build the Mitchell courthouse in cyberspace. You can purchase Free Culture: How Big Media Uses Technology and the Law to Lock Down Culture and Control Creativity from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. mpawlo points out you can get the book free and gratis via Bittorrent.

linuxbaby writes "Rolling Stone has an excellent feature on Justin Frankel, the creator of Winamp, Gnutella, Shoutcast, Waste, and other projects. The article calls him 'the world's most dangerous geek', and after years of being muzzled by AOL for igniting the pirate nation, Frankel is breaking his silence." The article ends by asking: "In many ways, Frankel's future encapsulates the debate over the future of the Internet itself. Does it become just a distribution system for corporate product or more of a way to subvert that corporate control?"