Kilo Seven

Posted in the highly recommended Risks Digest : This may have been discussed before, but with the recent spate of DNS cache poisoning attacks and fake WiFi hotspot proliferation I believe it has new relevance. I was actually rather shocked to find that U.S. Bank , Chase and Bank of America all still *force* users to enter their login and password on an insecure page. This exposes account holders to a great risk of their credentials being stolen. The login forms on their genuine home pages are submitted to a secure site, as they claim. The problem is that you need security *before* you enter your data. If DNS, a router or a proxy server anywhere along the path to their server were compromised, the login page could be substituted for one that submits to another site or injected with JavaScript that sends info elsewhere, asynchronously, before it goes to the real destination. Without an SSL certificate chain there is no way to verify that the insecure page with the form came from a trus

Calculate the readability of your web log and see how you stack up. I'm getting a 9.8, which is OK for the tech site, but I have to lower it some for the Clackamas community weblog .

Courtesy Tom's Hardware/Tom's Networking .

If the corner drugstore don't have the book on IPv6 or whatever you're looking for, well, buying on-line's popular. However, if you go to Powell's and shop them against Amazon , you'll find Powell's is more spendy, even though Powell's is Amazon's largest warehouseing & fulfillment partner . This leads one to ponder if further discounts are to be had by looking further. My favorite tactic has been to go to Froogle and type in the ISBN of the book, and then sort from low to high. Other good sources of prices include ABE Books , Bookpool , Books-A-Million , EveryBookstore and Fatbrain . I'm sure I'm forgetting at least one other good source. Now, isbn.nu and Booksprice are offering comparison shopping of multiple bookseller locations. Kewl. Update: A well-read friend adds his recommendation of the AddALL service. Kewler. Update #2: ThriftBooks , an Amazon reseller, now comes out with their own website, focusing on books at extremely

If you use RealPlayer, make sure to get the security patches which solve a 'very critical' security problem. And, if you have not been able to run it because you use Linux, never fear: Helix is an open source player which uses the same engine. There's a version for Symbian smartphones, too.

Spyware (sometimes called malware ) is software loaded secretly or sneakily into your system through your Internet web browser. Visit a site on the net (especially if you use Internet Explorer) that uses ActiveX or other 'improvements', or download a program and install it, and you can find yourself with thousands of new Registry entries and new programs you didn't know were coming, monitoring your Internet use, searching through your personal data and sending that private data off to other sites who can use it for fraud or abusing your credit. No, I'm not kidding . Firefox and Opera are more immune to this abuse, but they don't stop everything. Yahoo adds Anti-Spy to their toolbar (but which does other things to your system). Anti-Spyware tools reviewed: 1 2 3 4 And, my favorite freeware tool, Spybot Search and Destroy

From the Your Tax Dollars At Work Department : Here's a demo of the FBI, using commonly available and openly documented hardware & software to crack WEP 128-bit security in three minutes . Yes, three minutes. What I tell you three times is true: WEP is not security. WEP is not security. WEP is not security. Get WPA security now.

If your ride is not adequately pimped-out now, you could do what this bloke did and add a computer into your dashboard (although the choice of computer Stateside might be a wee bit different...)

Yes, the Corps is getting blimps, to use as radio relays in Iraq. The blimps, called the Marine Airborne Re-Transmission Systems (MARTS), will receive signals through a fiber-optic tether. Then, the airships will transmit messages up to 100 miles away, via UHF and VHF frequencies. Troops on the ground, as well as pilots in the air, will be able to communicate through the blimps. One airship, first tested in February, is being deployed to Iraq right now (exactly where, the Corps won't say). A second is being readied. The Marines are scrounging up $14 million to buy four more. It may sound like a lot, but it's cheaper than building radio towers -- and having Marines protect those towers. A MARTS blimp "can run for two weeks before it would need refueling, and can remain afloat in winds up to 50 mph," according to DD. With a combination kevlar/mylar skin, the aerostat can even "handle small arms fire... function[ing] with a 4-inch diameter hole." And we thought

Google's new free service for PDA phones is another winner. Just enter http://mobile.google.com/local into your phone's browser, and you'll quickly see a mobile-friendly home page which asks for your location, and remembers if for subsequent requests (until you change it). Maps, directions, store locations, even click-through dialing;this thing is slick, and a nice step up from their SMS-based text-only locator. Text-only from Google? Well, you send an SMS to 46645 {which is GOOGL on a dialpad} and then the name of the store, to get the address and phone numbers back in very short order. Both are good demos of what a PDA phone can do for you, and will help win the hearts and minds of folks who want 'just a phone.'

Here's a plan to use an iPod or generic MP3 player as a personal jumper cable to make recovery easy from an otherwise fatal Registry or other software-based error. Since you can continue to use the media player for its original purpose, as well as use if for recovery, this is much better than my previous recovery method, the Koppix disc . Of course, USB memory has already exceeded the capacity of the CD-Rs I used to make Knoppix and other recovery discs... and one software house has already started marketing a system which copies Outlook and other important documents to a USB memory drive .

Friends, you're smarter than the average bear, else you wouldn't be here. You're hams, and other techies, so you've evinced the willingness to use your brains and to study. Please, give me, and your future, a few minutes, and read this text, then visit the sites linked, for it's becoming clear a key element of the scientific basis for a Global Warming problem is rapidly falling apart: This discussion, BTW, was excerpted from Dr. Jerry Pournelle's blog : One of the pillars of the case for man-made global warming is a graph nicknamed the hockey stick. It's a reconstruction of temperatures over the past 1,000 years based on records captured in tree rings, corals and other markers. The stick's shaft shows temperatures oscillating slightly over the ages. Then comes the blade: The mercury swings sharply upward in the 20th century. The eye-catching image has had a big impact. Since it was published four years ago in a United Nations report, hundreds of environm

No wireless network based on WEP provides protection against replay attacks. With the right freeware and inexpensive wireless card, you can take any captured packet and reinject it back onto the network .... creating a back door through the 'security' of WEP. Conclusion: Convert to WPA security now .

How about a phone system, about the size of a laptop, with multiple lines, voice mail, et al, serving an entire office? No only is it practical, but the Open Source software for it is free, using Asterisk on OpenWRT . There's another Open Source project, SIPatH , which complements the Asterisk software which is already finding wide acceptance and will turn a WiFi router with a Broadcom chipset, like the popular Linksys WRT54G into such a phone system. Here are a few more notes on Asterisk: Installing Asterisk @ Home Configuring Asterisk@Home For BroadVoice And, on Linux computers even smaller than the Linksys and other Broadcom-chipset routers: Gumstix computers Alternative single-board Linux computers