Morph3ous’s Weblog

Bravo Microsoft! The video embeded below shows how to change the password of the current user account that you are logged in under without entering the previous password. This kind of thing should not work. I will have to test to see if Vista is susceptible to this “hack”.

The operating system should always ask you for the old password before allowing you to change it. Hopefully this only works when logged in to an administrator account. In Unix the superuser can change other user’s passwords without knowledge of the old password. If logged in as any other account you can change only your own password after typing in your old password.
(more…)

MiamiHerald.com | 09/18/2006 | Securing sensitive data

Recently, The Miami Herald brought to light the threat of identity theft facing Floridians because of the prevalence and accessibility of personal information online Public records easy targets for ID thieves, Aug. 27.

This follows the announcement by the Transportation Department that two computers containing sensitive data — in one case, the personal information of more than 133,000 Floridians — have been stolen in the last several months.

BusinessWeek recently reported on the growing trend of using fog machines to deter criminals. Stores fill up with fog when the alarm is triggered making it much more difficult for the criminal to steal anything. I read this in the magazine and only found one reference to it online from which I have quoted below.
(more…)

Read below for a new technique that may help to eliminate MAC spoofing on wireless networks. It remains to be seen how much processing power this may need once the process is refined.
(more…)

Found this from:Hugg / The American Voting System: HACKED

Watch this video, and I think that you too will be convinced that we need to have a paper trail in our elections. Not even just a paper trail that is printed out at the end of the day at each polling station. We need to have each voting machine print our vote in front of our very own eyes. We then need to be able to confirm that the information is indeed correct, and then place it in a locked ballot box.

I remember the first time that I used one of those machines I remarked to one of my friends how I did not trust them. This is coming from someone who has been working in IT all my life. Now my friend knows that I was not just being paranoid!

CNET News.com has written an article about protecting yourself from search engines. The piece is a fluff piece; however, does have some useful tips. I recommend that you read it.

This comes after AOL released the search records of users to the public.

FAQ: Protecting yourself from search engines | CNET News.com:

AOLs publication of the search histories of more than 650,000 of its users should reinforce an important point: What you type in online may not be as private as you think.

Search engines place a multibillion-dollar infrastructure at the hands of any random user who stops by their Web site. The price you pay, however, is that the company may hold on to your search queries–which can provide a glimpse into your life–forever.

To offer some suggestions about preserving your privacy while using search engines, CNET News.com has prepared the following list of frequently asked questions.

JitterBugs could turn your keyboard against you:

JitterBug devices are conceptually similar to keystroke loggers, such as the one famously used by the FBI to gather evidence against bookmaker Nicodemo Scarfo Jr. Unlike keystroke loggers, which would have to be physically installed into a subject’s computer and then retrieved, a keyboard JitterBug only needs to be installed. The device itself sends the collected information through any interactive software application where there is a correlation between keyboard activity and network activity, such as instant messaging, SSH or remote desktop applications. The bug leaks the stolen data through short, virtually unnoticeable delays added every time the user presses a key.

Anytime the user surfs the web, sends an e-mail or instant messages someone, an implanted JitterBug could be timed to open a covert jitter channel to send stolen data. According to Shah, a JitterBug could not log and transmit every touch of the key due to limited storage space on the device, but it could be primed to record a keystroke with a particular trigger.

Techcrunch » Blog Archive » AOL Proudly Releases Massive Amounts of Private Data

The utter stupidity of this is staggering. AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the abilitiy to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box.

Update: AOL has taken the data down

Here is a particularly scary development. This video shows that taking existing keys and making a few slight alterations will allow you to open other people’s locks. The special key is called a bump key. Lock pickers do not particularly like the idea because it requires no skill.

I wonder how to get safer locks.

This article is a must-read if you want to keep abreast of Microsoft’s dark side. Ed Foster’s Gripelog || WGA and Activation Failures Don’t Faze Redmond describes the experience a business had trying to get their computers back up after Windows Genuine Advantage (WGA) improperly identified them as using unlicensed software.

(more…)