This a copy of the posted pdf. I have only added line breaks to attempt to make it readable as a non-pdf doc. I also deleted a few footnotes on page 1 or 2. [slashdotfiltercruf] The error messages I have encountered while trying to post the document include but are not limited to " Your comment has too few characters per line (currently 39.4)", "No discussion or comments found for this request. To create your own discussion, please use journals." (happened when I tried to post the whole article), and simply blank pagees when I tried posting most but not all of the article.[endofslashdotfiltercruf]
The Battle Against Phishing: Dynamic Security Skins Rachna Dhamija, University of California, Berkeley, rachna@sims.berkeley.edu J.D. Tygar, University of California, Berkeley, tygar@cs.berkeley.edu
ABSTRACT Phishing is a model problem for illustrating usability concerns of privacy and security because both system designers and attackers battle using user interfaces to guide (or misguide) users.
We propose a new scheme, Dynamic Security Skins, that allows a remote web server to prove its identity in a way that is easy for a human user to verify and hard for an attacker to spoof. We describe the design of an extension to the Mozilla Firefox browser that implements this scheme.
We present two novel interaction techniques to prevent spoofing. First, our browser extension provides a trusted window in the browser dedicated to username and password entry. We use a photographic image to create a trusted path between the user and this window to prevent spoofing of the window and of the text entry fields.
Second, our scheme allows the remote server to generate a unique abstract image for each user and each transaction. This image creates a "skin" that automatically customizes the browser window or the user interface elements in the content of a remote web page. Our extension allows the user's browser to independently compute the image that it expects to receive from the server. To authenticate content from the server, the user can visually verify that the images match.
We contrast our work with existing anti-phishing proposals. In contrast to other proposals, our scheme places a very low burden on the user in terms of effort, memory and time. To authenticate himself, the user has to recognize only one image and remember one low entropy password, no matter how many servers he wishes to interact with. To authenticate content from an authenticated server, the user only needs to perform one visual matching operation to compare two images. Furthermore, it places a high burden of effort on an attacker to spoof customized security indicators.
1. INTRODUCTION Phishing is a model problem for usability concerns in privacy and security because both system designers and attackers battle in the user interface space. Careful analysis of the phishing problem promises to shed light on a wide range of security usability problems.
In this paper, we examine the case of users authenticating web sites in the context of phishing attacks. In a phishing attack, the attacker spoofs a website (e.g., a financial services website). The attacker draws a victim to the rogue website, sometimes by embedding a link in email and encouraging the user to click on the link. The rogue website usually looks exactly like a known website, sharing logos and images, but the rogue website serves only to capture the user's personal information. Many phishing attacks seek to gain credit card information, account numbers, usernames and passwords that enable the attacker to perpetrate fraud and identity theft.
Data suggest that some phishing attacks have convinced up to 5% of their recipients to provide sensitive information to spoofed websites [1]. About two million users gave information to spoofed websites resulting in direct losses of $1.2 billion for U.S. ba
BTW, I always add a stray character at the beginning of my passwords when I write them down so even if someone gets the paper I wrote them down on they won't know my password.
I have no idea why more people have not posted similar ideas. For years I have written down many of the numerous passwords that I have. But I also "encrypt" my passwords as I write then down. The "encryption" method can be as simple as the parent suggests or using rot1 or rot25, adding/subtracting X from each number in the password, or including "known to you" bogus letters ("I hereby state that I shall never use the letters E and R in my real passwords") and use these to seed your passwords.
There are many simple ways to "write your passwords down" without actually putting them on the paper. Use anagrams and pass phrases. Write the answers down where the passwords are the questions or the reverse.
Be creative. Chances are if someone finds your magic list and thinks "Hey, these are his/her passwords! I 0wn3 them!" that once they try 1 or 2 of them as written and they fail they will discard the list as being old or garbage.
These magazines also have Lego Mindstorms articles in them quite often.
Server has advertising for several companies carrying various kits. In my opinion the kits would be the way to go...even if you can only purchase a few and run you class in groups. As one poster mentioned, the problem with building from the ground up is that you spend most of your time building the hardware and very little of your time programming and running.
Once you have the class going with kits then add some simple "build from scratch" projects like BEAM robotics. Even with these various PIC or ATOM kits will come in handy.
Disclaimer: I am not associated with the Servo or Nuts&Volts but I am a long time satified customer (Servo: since its first issue two years ago or so; Nuts&Volts: several years since when another electronics magazine died and switched the remainder of my subscription to N&V).
There's this thing called Google Search Help also. If the reader follows your link they will get a page of search results containing little or nothing that the author is asking for. A few of the links are little more then collections of links and advertising. Others contain nothing useful if you want to *learn* ASL.
Really, it is not that we object to sarcasim around here (we seem to thrive on it) but at least make it useful sarcasim.
[Hmmm, this story reminds me I wanted to learn ASL also, that way I might understand what all those other drivers are trying to sign to me on the way home.]
Perfectly correct. As you and several others pointed out, English seems to be an easy language to get started in. But any language is difficult to master.
Yep, my brain said "ought" my fingers said "aught".
What is interesting though is some of the movements to reform or change English. Recently I heard an interview on CBC radio about two different groups looking to "clean up" English. One had the approach to turn it into a more phonic (sp?) based language (the written would sound like the spoken) and the other group argued that this would remove the cultural history from the language. Their approach was to maintain the written language tied to its roots but to remove a number of the ambiguities.
The reference to my 3 year old was mostly humour but with the point that there are many words in English where what seems to be the logical extension is not. Your point about the Latin is well taken.
Thanks for the information...I learned a bit about other languages.
I am sure that no language out there is perfect (or even close) but I do have fun poking at my own.
English is the most unpure language and suprisingly the most popular language because of its ease.
In what way can the term ease be used to describe anything about English? Let us see:
in grammer? Well there are probably several dozen grammer nazis reading this post that can atest that there is nothing easy about the English grammer. In fact several of the grammer nazis will correct what the last grammer nazi did wrong.
in spelling? Certainly English is easy to spell so long as you remember that there are no rules except that there are exceptions to every rule.
maybe it is intuitive? Certainly, after all you have minimum, maximum, and then... middlemum (my 3 year old came up with that one when trying to explain the average of something to us).
in speech? Based on the number of lawyers we have around and the lengths of even the smallest legal document needed to clearly expain a common sense topic I see no way of descibing English speech as easy (not to use or understand).
I could go on with my argument on how badly English is screwed up and aught to be scrapped completely but many others have proven my point through some creative writing:
We polish the Polish furniture. He could lead if he would get the lead out. A farm can produce produce. The dump was so full it had to refuse refuse. The soldier decided to desert in the desert. The present is a good time to present the present. At the Army base, a bass was painted on the head of a bass drum. The dove dove into the bushes. I did not object to the object. The insurance for the invalid was invalid. The bandage was wound around the wound. There was a row among the oarsmen about how to row. They were too close to the door to close it. The buck does funny things when the does are present. They sent a sewer down to stitch the tear in the sewer line. To help with planting, the farmer taught his sow to sow. The wind was too strong to wind the sail. After a number of Novocain injections, my jaw got number. I shed a tear when I saw the tear in my clothes. I had to subject the subject to a series of tests. How can I intimate this to my most intimate friend? I spent last evening evening out a pile of dirt.
The English Lesson We'll begin with box, and the plural is boxes, But the plural of ox is oxen, not oxes. Then one fowl is goose, but two are called geese, Yet the plural of moose should never be meese. You may find a lone mouse or a whole lot of mice, But the plural of house is houses, not hice. If the plural of man is always called men, Why shouldn't the plural of pan be pen? The cow in the plural may be cows or kine, But the plural of vow is vows, not vine. And I speak of a foot, and you show me your feet, But I give a boot... would a pair be beet? If one is a tooth, and a whole set is teeth, Why shouldn't the plural of booth be beeth? If the singular is this, and the plural is these, Why shouldn't the plural of kiss be kese? Then one may be that, and three be those, Yet the plural of hat would never be hose. We speak of a brother, and also of brethren, But though we say mother, we never say methren. The masculine pronouns are he, his and him, But imagine the feminine she, shis, and shim. So our English, I think you will agree, Is the trickiest language you ever did see.
I take it you already know of tough, and bough and cough and dough? Others may stumble, but not you on hiccough, through, slough and though. Well done! And now you wish, perhaps To learn of less familiar traps? Beware of heard, a dreadful word That looks like beard and sounds like bird. And dead; it's said like bed, not bead! For goodness sake, don't call it deed! Watch out for meat and great and threat, (They rhyme with suite and straight an
Shielding will make a difference in your video and line-level audio interconnects.
Now regarding the "monster" cables (I use the term "monster" as generic for any extremely high priced hyped up piece of wire):
I have a brother-inlaw who is (what I call) a self proclaimed audiophile. I have an electronics/computer background. Needless to say we are always debating the whole cable vs audio/video quality and what you can hear/see issue. He is definitely of the opinion that he can hear and see differences in ways that remind s me of a mystic expounding the benefits of feng shui in laying out your cubicle.
Now, looking at the physics, electronics, and biology (human ear) of the subject I can't bring myself to commit to believing any of the bias and anecdotal evidence that I read on the subject. Most articles (and even most comments in this story) that say "yes - believe me - there is a difference" have a lot of "I" quotes in them and not a lot of "non bias" or "double blind" or "third party" quotes in them.
What I would really like to see are some true, repeatable, double-blind tests on the subject of cables and interconnects. Perhaps mediated by James Randi. But certainly not conducted just by a cable maker, or an audio industry mag, or an electronics mag.
If anyone can point me to more then 1 truly non-bias tests I would appreciate it because in the number of years I have looked I have not found any credible ones.
The parent gave what I was going to suggest but I will take it a step further:
The PC power supply will give you the wattage/current you need to operate most if not all your DC devices. You will need to wire the power supply so that it will stay on without being hooked up to a motherboard. For ATX p/s' here is an article on how to do it.
That will give you +/- 5 VDC and +/- 12 VDC. To get the 9 VDC used by many devices you need to add some circuitry. Basically you want to use a voltage regulator to reduce the +12 VDC to 9 VDC. This can be done with as few as 1 part but adding a few more for safety is recommended. Here is a quick primer on the LM78XX series voltage regulators (your looking for a 7809, like this)
.
Regardless of what some posters say this does not have to be a big ugly noisy box. You will need some sort of case with ventilation for the ATX p/s and additional circuit. The fan in the ATX p/s should be enough to cool both the ATX p/s and the additional voltage regulators. If you use a bypass transistor to increase the current output of your voltage regulator or if you run the voltage regulator close to the max current you should attach them to a heat sink.
Also, from places like Digikey (or Jayco in AU) you can by barrel connectors (like the wallwarts have) to hook up so that you can plug/unplug your low voltage cables from your spiffy new box.
Overall this is a great first project to try so hop to it. Just make sure to post all the pictures and description of your project so we can/. your server.:-)
The above is not intended as a step by step howto instruction. It is intended as a starting point to research the correct way to construct your project. Tread carefully. You can also find lots of electronics sites that probably have the circuits you want and you can post to sci.electronics for help.
From reading the comments so far a few questions come to mind:
Inside or outside the house? your post indicates outside; much harder.
While your friend is at home or away for a period of time? If away, what is a reasonable time?
You mention 'friend' so I will assume this is to be a harmless fun prank like the 'foiled' incident was. You want it funny and still have a friend in the end...right?
Quality or Quantity? The foil was definitely quality for the length of time he had. Popcorn on the outside of the house would have to resort to quantity and therefore take shortcuts on the overall effect (more on that below).
Ok now the suggestions:
if you are bound on the popcorn here are a few shortcuts (I have used some of these in a previous 'incident'. If you are going for the exterior:
Stay away from loose popcorn...weather can ruin yours and the neighborhoods day.
Consider quantity over quality. If your doing this while your friend is inside you just need to make it appear to be covered in popcorn. Build prefab containers of popcorn that will be pressed up against every window and door. When he looks out he sees popcorn. Some of the popcorn could even be permanetly adhered to the container (perhaps the ones placed over the windows that don't open). Others you would want to place the 5 sided box against the opening (lets say a door) and then pour the popcorn in from the top (even then I would have a layer of popcorn attached to the inside of the box for looks. The boxes could be as deep or shallow as you want depending on how much effort you want to put in. I would suggest a minimum of 12 inches (30 cm) for good lookes and effect.
Provide an emergency way out! Make the containers easy to bash through or even put a marked "red door" on the back.
If you are going for interior:
The container idea still works for rooms. If the door swings out (into a hall) of a bedroom, attach a container (vapour barrior plastic and tuck tape to the frame works well) to the inside of the frame and fill it to the top from the inside of the bedroom. Exit via window and start on next room. For a better effect add a container on the window also that is hinged at the top so that it falls into place as you exit. Looks good from the outside also.
Plastic vapour barrier works well to decrease the effective depth of large areas. Drape the plastic over furniture and tape it up to reduce the volume of rooms. Leave critical paths at their full depth. fill the rest with popcorn. Will still take a lot but less then the whole house at the same depth.
You can even save a lot (quantity over quality again; quantity being: cover a lot of ground quickly) popcorn and time by using the container suggestions and plastic bag suggestion above for all doors and windows but on the inside. Think of the look on his face when he opens his front door and gets covered by an mound of popcorn. You will have to use the vapour barrier "bag" on the front door and make it about 6 feet deep to get enough of an avalanche effect without exposing the shortcut easily.
Ok that covers the popcorn. One other idea that came to me while reading the other comments... If your friend is going out of town for a few days (not to many as rain will ruin this one) convert his house into a gingerbread house. Prefab out of cardboard sides, doors, window frames, candy canes, candies, etc. You can get large pieced of cardboard from appliance shops for free usually. When your friend is out of town, attach your prefabricated panels to the outside of his house. Don't forget the eaves, etc. Just look a some good gingerbread house pictures for ideas. Attaching can be done with wire, stapels, clips that fit under vinyl siding (if the house has it), etc. Just don't get caught by rain or heavy wind.
Last I checked our local phone company (Sasktel or slacktel like some call it) still charges a monthly fee for tone dial instead of pulse dial. I believe it is now "built in" to the basic charge but that charge was more for a tone line then a pulse line.
The funny part is a friend who is an engineer at the local telco tells me that to support pulse lines actually costs them more then tone lines. You would think, that being the case that it would be a cheaper rate for tone dial.
Part of this is history: I can remember when tone dialing first came in. You had to subscribe to it for an extra per month cost.
On but off topic: I picked up a couple of rotary phones recently for an intercome system for my kids playhouse. It is real easy to hook them up as an intercom and not even bad to get them to generate a ring (have not done the ring part yet but have seen the articles on the net). Besides the kids say the rotary part has a "coolness factor".
Yes, paint the outside (south is best) but what about the inside where all those incadescent (sp?) bulbs are burning. Any room that has infra-red sources in them (hey you're one of those are ya, ya little energy producer you) would be a good target (counting on you can get various colors to appease the better half). You would save on energy cost by recouping some of the energy used in hour house.
Just and idea, may not be a good one, may be something to run out and patent!
I have been given the task to locate a UML and a C# plugin for Eclipse. Yes plugins are easy to find (I can Google too, so don't start). But finding a free and good plugin is a different story. For that matter just finding out the pros and cons of any plugin seams rather difficult.
In my case the plugins I want would be (ideally) free but most importantly widely used and hopefully the better ones. I need to install them in Computer Science labs so I prefer a OS solution and one that the students will most likely encounter in the field.
Suggestions of plugins, or the best place to find decent plugins are welcome:-)
perhaps the same way that making laws prohibiting the sale of certain items like tobacco and alcohol helps parents raise kids.
Ok, Ok, after reading that half of you pounded on your keyboard, yelled obcenenties and started writing the greatest flame ever seen... but keep the mouse away from that Submit button for just a moment.
There is no doubt that any legislation like this (be it for R rated movies, cigarettes, alcohol, games, etc.) will *not* work all the time. We all know that if someone is determined enough (and sometimes it doesn't take much effort) you can find/aquire just about anything you want on the streets. But I suggest that total compliance (although it may be a dream) is not the point of these laws. No law enforcement official in there right mind will tell you that any law has been 100% complied with.
Where these laws help in parenting is assisting parents in teaching their children what is good and bad for them (I will purposefully stay away from the terms 'right' and 'wrong' here) as well as aim the child down a path to the "good life". Take alcohol for an example. Typically the laws prohibit (at least in Canada and the US) the sale of alcohol to minors (ages vary). If alcohol was freely available to persons of all ages think how difficult it would be to teach your kids responsibility with alcohol. Again... I stress freely availalble including in vending machines in schools, etc...like pop currently is. Certain products seem to require a certain level of maturity before true responsible use is taken on and demonstrated. The age for alcohol seems to be close to 20. Below that it proves difficult to get a person (let alone a young child) to "drink responsibly".
The idea here is that it is very difficult as a parent to assist your children in making good choices for their own well being. It is far more difficult if the environment around your kids is suffused with a product or activity that you deem to having a negative impact on your childs healthy (mental and physical) growth.
Don't get me wrong here. I am a parent (ages 4 to 12) and am not a "bible thumping luddite" or what ever other stereo type label you want to apply indicating that I believe *all* the horror stories the media tells us about raising kids. In fact when I started down the parenting road I put little to no weight in the stories of TV, TV violence, etc., and the affects on childrens personalities and was considerably more libral (and perhaps idealistic). Then I started watching and dealing with my first child growing up. Based on the hurdles we (he, his mother, and I) have had to overcome in dealing with his challenges I have somewhat changed my mind. I now do limit how much TV, computer games, etc. that my kids have access to. I do limit the amount of violence that my kids are exposed to in games and activities.
Do I think this is necessary for all kids....no. Every kid is an individual and requires his or her own boundries. I still believe in giving my children every opportunity to try new things and to show me what they are capable of. At the same time, I insist that they show the appropriate level of responsibility as the situation demands. If they show that they can handle it I let them fly with it, if not I put on limitations.
Back on the subject... laws like this help me show my children what are the better choices. With respect to games, right now I have to deal with the fact that a large number of the kids at school (including those younger then my two oldest; let say down to grade 3) either own, or have access to, and regularly play the "latest" FPS and other combat related games. It seems that the suggested "teen" or "mature" ratings on these games mean little to the parents of some of my kids friends (if they even know what games their kids are playing). This makes it very hard for me to justify telling my kids that these games are not suitable for them at their age and that they are not allowed to play them.
great story... but don't forget the credits!
the above story was taken from webskulker or rec.humor and possibly other places.
Yes be creative and pass the funnies along but please give credit where credit is due.
Exact dup of Metafilter post
on
Lego Logic Gates
·
· Score: 0, Flamebait
Perhaps when a submitter copies a story word for word from another site they should credit the other site.
If nothing else perhaps the the submission page should contain a "source" field. It may be too much to ask the editors to catch this sort of thing (seems they can't even eliminate dups from their own site; sigh) but a quick look at the more popular geek sites (automated or otherwise) might be in order.
You may want to look at http://spywarewarrior.com/asw-test-guide.htm (see previous slashdot article. This not only gives a review of various anti-spyware programs but outlines the testing methodology that they used, lists the sites they went to in order to get infected, lists the critical "finger prints" of the infections, and also describes the setup they used.
Yes, we run Red Hat Linux on many of the servers both over at the CLS and here on the rest of campus. Our Computer Science dept. also runs Mandrake Linux in many of the undergrad labs.
We currently license Mandrake so that all students on campus may download the distros from us. We also license MSDN for our Computer Science students.
Incidently, CLS/UofS also runs Win2k3, various distros of Linux, Solaris, etc., etc. It is not so much of a case of OS religious wars as it is of using the right tool for the right job. The "right tool" is defined by the requirments of the project (which of course includes licensing costs as well as tech req.).
bottom line: there is nothing wonderful and new to see here. These are not OS war propaganda materials your looking for. Just real IT people solving real IT problems using all available tools. Please move on.
Here is what I could grab from the site before it fully succommed:
http://www.hamar.sk/sphere/
Overview:
The SphereXP is a 3D desktop replacement for Microsoft Windows XP. Taking the known concept of three-dimensional desktops to its own level. It offers a new way to organize objects on the desktop such a icons and applications. Check the videos and screenshots to get the idea.
The project was under "heavy" construction, but now it is open for testing. Everybody is free to try it out. Every response (sphere@hamar.sk) is appreciated.
Please keep in mind that project is more of a vision. Due to the limitations of Windows I'm not able to do everything as I would like to. I know it is still not very usable, but I'll try to make it work as I can. I hope when there's time for it, this theory will have a satisfying implementation.
http://www.hamar.sk/sphere/info.htm
PROJECT INFO
IN THE BEGINNING THERE WAS THE COMMAND LINE....
The interaction human-computer has gone a long way since the invention of personal computers. In the beginning there was only a simple command-line interface (CLI), which was not a very intuitive interface. The only widely used device that you could use to interact with the computer was the keyboard. People needed a lot of skills to operate computers. New ways have been opened with the evolution of hardware and software. Inventions such as mouse or graphical user interface (GUI) changed the way we interact with the computer and allowed massive spread of computers. Working with the computer got easier, faster and more effective. The two-dimensional graphical user system is now established as the preferred interface for most users. It can be found in any of the major operating systems like Microsoft Windows, Mac OS and the X Window System. There has been made only a little progress since its invention. Declining hardware prices and increasing hardware capabilities allow us to make the next step and make interfaces more intuitive and more effective.
A core part in creating any new environment is to provide a metaphor for intergrating visual elements into a recognizable and copmprehensive framework. The name of the application is "The Sphere". This name encapsulates the main idea behind the project. I'm not trying to simulate reality. The main inspiration comes from the way we recognize reality. My design is based on the human perception of the world.
THE CONCEPT
The Sphere is theory of an 3D workspace. The SphereXP is an example of the theory. The environment is user-centered. It is represented by a sphere. The user is exactly in the middle of it. All objects are situated around the user. He can easily turn around and manipulate with the objects. All the objects that users are used to having on their regular desktop are now integrated in a three-dimensional environment. . There are icons and applications. They can be move around according to some rules. You can bring them closer to the view port or send them back.
THE APP
Too much freedom of movement may cause disorientation. Therefore I chose to apply strict rules for moving in the environment. The user cannot go outside the designated area - the sphere. I call this type of navigation spherical. The view port is always facing apart from the sphere center. Once the user sets the distance from the center, the view port can be only rotated around it. This makes the navigation easier and prevents the user to get to an angle where he cannot see anything. A simple tool is used to ensure effective navigation and to prevent the user to get lost. It is a minimized version of the sphere situated in the right bottom corner. It provides an overview of where the view port is pointing and where all the objects are.
Limited control of the layout
The only thing that the user is allowed to change is the background image. This ensures that this environment will have the same functionality and layout on every com
to making cars more safe for all concerned. In fact the exact opposite is true. We have made cars so "safe" that the drivers feel perfectly comfortable driving in unsafe ways (speeding, tailgating, etc.). Instead we need to make drivers more aware of the possible consequences of their risky actions.
A simple guaranteed to work solution:
remove all seatbelts, air bags, and other restraints.
remove all electronic warnings and interventions.
remove crush bumpers and other types of impact force reduction mechanisms.
Install one 12 inch long sharpened steel spike dead center of the steering wheel pointed directly at the drivers chest.
Not only would this reduce traffic related accidents, auto insurance, etc. it would have the handy side effect of removing stupid people from the gene pool!
Merlin
Note: I overheard the spike idea on a radio comedy show or at least it was similar.
Slashdot Mirror
This a copy of the posted pdf. I have only added line breaks to attempt to make it readable as a non-pdf doc. I also deleted a few footnotes on page 1 or 2. [slashdotfiltercruf] The error messages I have encountered while trying to post the document include but are not limited to " Your comment has too few characters per line (currently 39.4)", "No discussion or comments found for this request. To create your own discussion, please use journals." (happened when I tried to post the whole article), and simply blank pagees when I tried posting most but not all of the article.[endofslashdotfiltercruf]
The Battle Against Phishing: Dynamic Security Skins
Rachna Dhamija, University of California, Berkeley, rachna@sims.berkeley.edu
J.D. Tygar, University of California, Berkeley, tygar@cs.berkeley.edu
ABSTRACT
Phishing is a model problem for illustrating usability concerns
of privacy and security because both system designers and
attackers battle using user interfaces to guide (or misguide)
users.
We propose a new scheme, Dynamic Security Skins, that allows
a remote web server to prove its identity in a way that is easy
for a human user to verify and hard for an attacker to spoof. We
describe the design of an extension to the Mozilla Firefox
browser that implements this scheme.
We present two novel interaction techniques to prevent
spoofing. First, our browser extension provides a trusted
window in the browser dedicated to username and password
entry. We use a photographic image to create a trusted path
between the user and this window to prevent spoofing of the
window and of the text entry fields.
Second, our scheme allows the remote server to generate a
unique abstract image for each user and each transaction. This
image creates a "skin" that automatically customizes the
browser window or the user interface elements in the content of
a remote web page. Our extension allows the user's browser to
independently compute the image that it expects to receive
from the server. To authenticate content from the server, the
user can visually verify that the images match.
We contrast our work with existing anti-phishing proposals. In
contrast to other proposals, our scheme places a very low
burden on the user in terms of effort, memory and time. To
authenticate himself, the user has to recognize only one image
and remember one low entropy password, no matter how many
servers he wishes to interact with. To authenticate content from
an authenticated server, the user only needs to perform one
visual matching operation to compare two images. Furthermore,
it places a high burden of effort on an attacker to spoof
customized security indicators.
1. INTRODUCTION
Phishing is a model problem for usability concerns in privacy
and security because both system designers and attackers battle
in the user interface space. Careful analysis of the phishing
problem promises to shed light on a wide range of security
usability problems.
In this paper, we examine the case of users authenticating web
sites in the context of phishing attacks. In a phishing attack,
the attacker spoofs a website (e.g., a financial services website).
The attacker draws a victim to the rogue website, sometimes by
embedding a link in email and encouraging the user to click on
the link. The rogue website usually looks exactly like a known
website, sharing logos and images, but the rogue website serves
only to capture the user's personal information. Many
phishing attacks seek to gain credit card information, account
numbers, usernames and passwords that enable the attacker to
perpetrate fraud and identity theft.
Data suggest that some phishing attacks have convinced up to
5% of their recipients to provide sensitive information to
spoofed websites [1]. About two million users gave
information to spoofed websites resulting in direct losses of
$1.2 billion for U.S. ba
I have no idea why more people have not posted similar ideas. For years I have written down many of the numerous passwords that I have. But I also "encrypt" my passwords as I write then down. The "encryption" method can be as simple as the parent suggests or using rot1 or rot25, adding/subtracting X from each number in the password, or including "known to you" bogus letters ("I hereby state that I shall never use the letters E and R in my real passwords") and use these to seed your passwords.
There are many simple ways to "write your passwords down" without actually putting them on the paper. Use anagrams and pass phrases. Write the answers down where the passwords are the questions or the reverse.
Be creative. Chances are if someone finds your magic list and thinks "Hey, these are his/her passwords! I 0wn3 them!" that once they try 1 or 2 of them as written and they fail they will discard the list as being old or garbage.
Merlin.
http://www.servomagazine.com/ - mainly robotics
and their sister (parent?) magazine:
http://www.nutsvolts.com/ - mainly electronics but covers robotic stuff quite often.
These magazines also have Lego Mindstorms articles in them quite often.
Server has advertising for several companies carrying various kits. In my opinion the kits would be the way to go...even if you can only purchase a few and run you class in groups. As one poster mentioned, the problem with building from the ground up is that you spend most of your time building the hardware and very little of your time programming and running.
Once you have the class going with kits then add some simple "build from scratch" projects like BEAM robotics. Even with these various PIC or ATOM kits will come in handy.
Disclaimer: I am not associated with the Servo or Nuts&Volts but I am a long time satified customer (Servo: since its first issue two years ago or so; Nuts&Volts: several years since when another electronics magazine died and switched the remainder of my subscription to N&V).
Merlin.
Now pay attention class, using a simple Google search you can find usefull items that the author can use, like: http://www.42explore.com/signlang.htm and http://babel.uoregon.edu/yamada/guides/asl.html.
</sarcasim>
Really, it is not that we object to sarcasim around here (we seem to thrive on it) but at least make it useful sarcasim.
[Hmmm, this story reminds me I wanted to learn ASL also, that way I might understand what all those other drivers are trying to sign to me on the way home.]
Merlin.
Yep, my brain said "ought" my fingers said "aught".
What is interesting though is some of the movements to reform or change English. Recently I heard an interview on CBC radio about two different groups looking to "clean up" English. One had the approach to turn it into a more phonic (sp?) based language (the written would sound like the spoken) and the other group argued that this would remove the cultural history from the language. Their approach was to maintain the written language tied to its roots but to remove a number of the ambiguities.
Merlin.
sigh.
The reference to my 3 year old was mostly humour but with the point that there are many words in English where what seems to be the logical extension is not. Your point about the Latin is well taken.
Thanks for the information...I learned a bit about other languages.
I am sure that no language out there is perfect (or even close) but I do have fun poking at my own.
Merlin.
01010111011010000110000101110100001000000110100101 11001100100000011011010110111101110011011101000010 00000110011001110101011011100110111001111001001000 00011000010110001001101111011101010111010000100000 01110100011010000110100101110011001000000110100101 11001100100000011011100110111101110111001000000110 10000110000101101100011001100010000001101111011001 10001000000111010001101000011001010010000001100010 01101001011011100110000101110010011110010010000001 10001101101111011011100111011001100101011100100111 00110110100101101111011011100010000001110011011010 01011101000110010101110011001000000010100001101001 01101110011000110110110001110101011001000110100101 10111001100111001000000111010001101000011001010010 00000111010001101111011100000010000001110010011000 01011011100110101101100101011001000010000001100111 01101111011011110110011101101100011001010010000001 11001001100101011100110111010101101100011101000010 10010010000001101001011100110010000000101111001011 10001001110110010101100100001011100010000000100000 01010111011001010010000001100001011100100110010100 10000001100111011001010110010101101011011100110010 00000110000101110010011001010010000001110111011001 010010000001101110011011110111010000100001
--
for some reason "preview" didn't help catch my spelling/grammar mistakes this time?
In what way can the term ease be used to describe anything about English? Let us see:
I could go on with my argument on how badly English is screwed up and aught to be scrapped completely but many others have proven my point through some creative writing:
Shielding will make a difference in your video and line-level audio interconnects.
Now regarding the "monster" cables (I use the term "monster" as generic for any extremely high priced hyped up piece of wire):
I have a brother-inlaw who is (what I call) a self proclaimed audiophile. I have an electronics/computer background. Needless to say we are always debating the whole cable vs audio/video quality and what you can hear/see issue. He is definitely of the opinion that he can hear and see differences in ways that remind s me of a mystic expounding the benefits of feng shui in laying out your cubicle.
Now, looking at the physics, electronics, and biology (human ear) of the subject I can't bring myself to commit to believing any of the bias and anecdotal evidence that I read on the subject. Most articles (and even most comments in this story) that say "yes - believe me - there is a difference" have a lot of "I" quotes in them and not a lot of "non bias" or "double blind" or "third party" quotes in them.
What I would really like to see are some true, repeatable, double-blind tests on the subject of cables and interconnects. Perhaps mediated by James Randi. But certainly not conducted just by a cable maker, or an audio industry mag, or an electronics mag.
If anyone can point me to more then 1 truly non-bias tests I would appreciate it because in the number of years I have looked I have not found any credible ones.
Merlin.
The PC power supply will give you the wattage/current you need to operate most if not all your DC devices. You will need to wire the power supply so that it will stay on without being hooked up to a motherboard. For ATX p/s' here is an article on how to do it.
That will give you +/- 5 VDC and +/- 12 VDC. To get the 9 VDC used by many devices you need to add some circuitry. Basically you want to use a voltage regulator to reduce the +12 VDC to 9 VDC. This can be done with as few as 1 part but adding a few more for safety is recommended. Here is a quick primer on the LM78XX series voltage regulators (your looking for a 7809, like this) .
Regardless of what some posters say this does not have to be a big ugly noisy box. You will need some sort of case with ventilation for the ATX p/s and additional circuit. The fan in the ATX p/s should be enough to cool both the ATX p/s and the additional voltage regulators. If you use a bypass transistor to increase the current output of your voltage regulator or if you run the voltage regulator close to the max current you should attach them to a heat sink.
Also, from places like Digikey (or Jayco in AU) you can by barrel connectors (like the wallwarts have) to hook up so that you can plug/unplug your low voltage cables from your spiffy new box.
Overall this is a great first project to try so hop to it. Just make sure to post all the pictures and description of your project so we can /. your server. :-)
The above is not intended as a step by step howto instruction. It is intended as a starting point to research the correct way to construct your project. Tread carefully. You can also find lots of electronics sites that probably have the circuits you want and you can post to sci.electronics for help.
Merlin.
Ok now the suggestions:
if you are bound on the popcorn here are a few shortcuts (I have used some of these in a previous 'incident'. If you are going for the exterior:
If you are going for interior:
Ok that covers the popcorn. One other idea that came to me while reading the other comments... If your friend is going out of town for a few days (not to many as rain will ruin this one) convert his house into a gingerbread house. Prefab out of cardboard sides, doors, window frames, candy canes, candies, etc. You can get large pieced of cardboard from appliance shops for free usually. When your friend is out of town, attach your prefabricated panels to the outside of his house. Don't forget the eaves, etc. Just look a some good gingerbread house pictures for ideas. Attaching can be done with wire, stapels, clips that fit under vinyl siding (if the house has it), etc. Just don't get caught by rain or heavy wind.
More 'teste
The funny part is a friend who is an engineer at the local telco tells me that to support pulse lines actually costs them more then tone lines. You would think, that being the case that it would be a cheaper rate for tone dial.
Part of this is history: I can remember when tone dialing first came in. You had to subscribe to it for an extra per month cost.
On but off topic: I picked up a couple of rotary phones recently for an intercome system for my kids playhouse. It is real easy to hook them up as an intercom and not even bad to get them to generate a ring (have not done the ring part yet but have seen the articles on the net). Besides the kids say the rotary part has a "coolness factor".
Here is the toilet running Linux.
and I can find nothing about it on /. (yes I tried several other searches).
[all this talk about toilets....]brb
GTI? Hmmm, linux version of GTA? Penguins included.
Yes, paint the outside (south is best) but what about the inside where all those incadescent (sp?) bulbs are burning. Any room that has infra-red sources in them (hey you're one of those are ya, ya little energy producer you) would be a good target (counting on you can get various colors to appease the better half). You would save on energy cost by recouping some of the energy used in hour house.
Just and idea, may not be a good one, may be something to run out and patent!
Merlin.
I have been given the task to locate a UML and a C# plugin for Eclipse. Yes plugins are easy to find (I can Google too, so don't start). But finding a free and good plugin is a different story. For that matter just finding out the pros and cons of any plugin seams rather difficult.
In my case the plugins I want would be (ideally) free but most importantly widely used and hopefully the better ones. I need to install them in Computer Science labs so I prefer a OS solution and one that the students will most likely encounter in the field.
Suggestions of plugins, or the best place to find decent plugins are welcome :-)
Merlin.
Ok, Ok, after reading that half of you pounded on your keyboard, yelled obcenenties and started writing the greatest flame ever seen... but keep the mouse away from that Submit button for just a moment.
There is no doubt that any legislation like this (be it for R rated movies, cigarettes, alcohol, games, etc.) will *not* work all the time. We all know that if someone is determined enough (and sometimes it doesn't take much effort) you can find/aquire just about anything you want on the streets. But I suggest that total compliance (although it may be a dream) is not the point of these laws. No law enforcement official in there right mind will tell you that any law has been 100% complied with.
Where these laws help in parenting is assisting parents in teaching their children what is good and bad for them (I will purposefully stay away from the terms 'right' and 'wrong' here) as well as aim the child down a path to the "good life". Take alcohol for an example. Typically the laws prohibit (at least in Canada and the US) the sale of alcohol to minors (ages vary). If alcohol was freely available to persons of all ages think how difficult it would be to teach your kids responsibility with alcohol. Again... I stress freely availalble including in vending machines in schools, etc...like pop currently is. Certain products seem to require a certain level of maturity before true responsible use is taken on and demonstrated. The age for alcohol seems to be close to 20. Below that it proves difficult to get a person (let alone a young child) to "drink responsibly".
The idea here is that it is very difficult as a parent to assist your children in making good choices for their own well being. It is far more difficult if the environment around your kids is suffused with a product or activity that you deem to having a negative impact on your childs healthy (mental and physical) growth.
Don't get me wrong here. I am a parent (ages 4 to 12) and am not a "bible thumping luddite" or what ever other stereo type label you want to apply indicating that I believe *all* the horror stories the media tells us about raising kids. In fact when I started down the parenting road I put little to no weight in the stories of TV, TV violence, etc., and the affects on childrens personalities and was considerably more libral (and perhaps idealistic). Then I started watching and dealing with my first child growing up. Based on the hurdles we (he, his mother, and I) have had to overcome in dealing with his challenges I have somewhat changed my mind. I now do limit how much TV, computer games, etc. that my kids have access to. I do limit the amount of violence that my kids are exposed to in games and activities.
Do I think this is necessary for all kids....no. Every kid is an individual and requires his or her own boundries. I still believe in giving my children every opportunity to try new things and to show me what they are capable of. At the same time, I insist that they show the appropriate level of responsibility as the situation demands. If they show that they can handle it I let them fly with it, if not I put on limitations.
Back on the subject... laws like this help me show my children what are the better choices. With respect to games, right now I have to deal with the fact that a large number of the kids at school (including those younger then my two oldest; let say down to grade 3) either own, or have access to, and regularly play the "latest" FPS and other combat related games. It seems that the suggested "teen" or "mature" ratings on these games mean little to the parents of some of my kids friends (if they even know what games their kids are playing). This makes it very hard for me to justify telling my kids that these games are not suitable for them at their age and that they are not allowed to play them.
If a law was in place prohibiting
the above story was taken from webskulker or rec.humor and possibly other places.
Yes be creative and pass the funnies along but please give credit where credit is due.
If nothing else perhaps the the submission page should contain a "source" field. It may be too much to ask the editors to catch this sort of thing (seems they can't even eliminate dups from their own site; sigh) but a quick look at the more popular geek sites (automated or otherwise) might be in order.
Merlin.
Merlin.
We currently license Mandrake so that all students on campus may download the distros from us. We also license MSDN for our Computer Science students.
Incidently, CLS/UofS also runs Win2k3, various distros of Linux, Solaris, etc., etc. It is not so much of a case of OS religious wars as it is of using the right tool for the right job. The "right tool" is defined by the requirments of the project (which of course includes licensing costs as well as tech req.).
bottom line: there is nothing wonderful and new to see here. These are not OS war propaganda materials your looking for. Just real IT people solving real IT problems using all available tools. Please move on.
Merlin.
[control] OK all systems green, release the grizzly bear.
[tester] You want a piece of me? I'll show you what a real bear hug is!
[grizzly] {hmmm, another chewy toy...}
[tester] aaaaaaaeeeeeiiiiii!
[control] Oh my... quick turn the cameras off!!
[project leader] Someone phone HR and tell them not to cancel that job posting quite yet...sigh!
Merlin.
http://www.hamar.sk/sphere/
Overview: The SphereXP is a 3D desktop replacement for Microsoft Windows XP. Taking the known concept of three-dimensional desktops to its own level. It offers a new way to organize objects on the desktop such a icons and applications. Check the videos and screenshots to get the idea.
The project was under "heavy" construction, but now it is open for testing. Everybody is free to try it out. Every response (sphere@hamar.sk) is appreciated.
Please keep in mind that project is more of a vision. Due to the limitations of Windows I'm not able to do everything as I would like to. I know it is still not very usable, but I'll try to make it work as I can. I hope when there's time for it, this theory will have a satisfying implementation.
http://www.hamar.sk/sphere/info.htm
PROJECT INFO
IN THE BEGINNING THERE WAS THE COMMAND LINE....
The interaction human-computer has gone a long way since the invention of personal computers. In the beginning there was only a simple command-line interface (CLI), which was not a very intuitive interface. The only widely used device that you could use to interact with the computer was the keyboard. People needed a lot of skills to operate computers. New ways have been opened with the evolution of hardware and software. Inventions such as mouse or graphical user interface (GUI) changed the way we interact with the computer and allowed massive spread of computers. Working with the computer got easier, faster and more effective. The two-dimensional graphical user system is now established as the preferred interface for most users. It can be found in any of the major operating systems like Microsoft Windows, Mac OS and the X Window System. There has been made only a little progress since its invention. Declining hardware prices and increasing hardware capabilities allow us to make the next step and make interfaces more intuitive and more effective.
A core part in creating any new environment is to provide a metaphor for intergrating visual elements into a recognizable and copmprehensive framework. The name of the application is "The Sphere". This name encapsulates the main idea behind the project. I'm not trying to simulate reality. The main inspiration comes from the way we recognize reality. My design is based on the human perception of the world.
THE CONCEPT
The Sphere is theory of an 3D workspace. The SphereXP is an example of the theory. The environment is user-centered. It is represented by a sphere. The user is exactly in the middle of it. All objects are situated around the user. He can easily turn around and manipulate with the objects. All the objects that users are used to having on their regular desktop are now integrated in a three-dimensional environment. . There are icons and applications. They can be move around according to some rules. You can bring them closer to the view port or send them back.
THE APP
Too much freedom of movement may cause disorientation. Therefore I chose to apply strict rules for moving in the environment. The user cannot go outside the designated area - the sphere. I call this type of navigation spherical. The view port is always facing apart from the sphere center. Once the user sets the distance from the center, the view port can be only rotated around it. This makes the navigation easier and prevents the user to get to an angle where he cannot see anything. A simple tool is used to ensure effective navigation and to prevent the user to get lost. It is a minimized version of the sphere situated in the right bottom corner. It provides an overview of where the view port is pointing and where all the objects are.
Limited control of the layout
The only thing that the user is allowed to change is the background image. This ensures that this environment will have the same functionality and layout on every com
A simple guaranteed to work solution:
Not only would this reduce traffic related accidents, auto insurance, etc. it would have the handy side effect of removing stupid people from the gene pool!
Merlin
Note: I overheard the spike idea on a radio comedy show or at least it was similar.