26c3 HERE BE DRAGONS TICKETS SOLD OUT

Tickets are sold out in Berlin security conference 26c3, i was lucky to even get in here, but they showed some mercy for me because i travelled from so far away to come here...
This whole place is just so cool…

Gotta go roam around the place now....

cr3sc0

Fitting Prosthetic Limbs, via a Computer

THE best fit for a prosthetic leg depends in part on the small adjustments in alignment that help amputees walk comfortably.
Traditionally, these refinements have been done by a skilled clinician who talks with patients, observes their gait and makes incremental changes to the prosthesis over several visits, looking for the sweet spot where the alignment is optimal, says Andrew L. Steele, who fits amputees for prostheses in Waterloo, Iowa.

“I use a little bit of eye and a little bit of gut” to get the alignment right, he said. “It’s a highly subjective process.”

But Mr. Steele, who is himself an amputee — he lost his left leg below the knee in a farm accident when he was 12 — now has a new alignment tool.

He is trying a computer-based device that provides quantitative information to support his subjective assessment. The device attaches to the prosthetic limb and wirelessly beams information on the twisting of the limb as the patient walks, along with other data, to his computer for analysis.

Mr. Steele has been trying the system, called Compas — short for Computerized Prosthesis Alignment System — not only on his patients, but also on himself. A software program that is part of the system interprets data collected as a patient walks; it then suggests adjustments. Mr. Steele then uses a wrench to change the angle of the prosthesis.

“It’s good to have the background readings from the computer,” he said. “It gives me another tool to narrow down what is causing a problem.”

The new technology may be especially timely, given the large number of returning military veterans who need prostheses.

Compas, a product of Orthocare Innovations of Oklahoma City, was developed in part with financing from the National Center for Medical Rehabilitation Research of the National Institutes of Health in Bethesda, Md.

Louis A. Quatrano, who administers financing for the center, said the device, along with others in development, might provide an alternative for some patients who must now travel to specialized, often distant, gait labs. Instead, they could be tested in the office of a local clinician.

“It might also help with consistency in treatment,” Mr. Quatrano said, when a patient moves from one clinician or prosthetist to another.

Dr. Alberto Esquenazi, director of the gait and motion analysis laboratory at MossRehab in Elkins Park, Pa., says the Compas is part of a new generation of tools that provide objective alignment assessments.

“It is an innovative approach, a real departure from what has been done in the past,” he said.

Dr. Esquenazi and colleagues are also developing a portable alignment system for prosthetists to use in their offices.

Doug McCormack, the chief executive of Orthocare, notes that the Compas has two parts: a $1,500 metal plate installed near the socket of the prosthesis worn by the patient and a $6,500 diagnostic module the prosthetist attaches to the plate during office visits. The module collects and transmits alignment data to the computer as the patient walks.

Doug Bourgoyne has been trying the Compas system for the last few months at the Raymond G. Murphy V.A. Medical Center in Albuquerque, where he is clinical supervisor of the orthotics and prosthetics laboratory. The metal plate looks like a standard metal plate used within a prosthesis, he said, “but it is smarter.”

The plate has silicon strain gauges to measure forces going through the prosthesis, said David Boone, the chief technology officer at Orthocare, and electronics to convert the information to digital form and memory so measurements can be stored.

The diagnostic module that is attached to the plate in the prosthesis during office visits contains a laser to project a line on the floor as the patient walks, and a gyroscope that measures the rotation of the limb, Dr. Boone said. Each module can be used with multiple patients.

Mr. Bourgoyne bought three modules. They are not meant to replace the expertise that he has developed in doing alignments by eye, he said, “but they can augment it by providing numbers.”

DR. QUATRANO cautioned that the Compas would have limitations. “Every individual walks a bit differently,” he said, and has a different injury. “Research will demonstrate where it is most appropriately used.”

Treva Monteith, a registered nurse in Yukon, Okla., has been wearing a Compas plate in her prosthesis since March. The system has saved a lot of time and effort, she said. In an earlier series of fittings, she said, “I had to go in for visits, then go home and walk, then call up, and say, ‘This isn’t right,’ and return for more visits.”

But the Compas alignment process went more smoothly, she said. “I’m very pleased,” she added. “This is a lot quicker.”

Google Loses in French Copyright Case

A French court ruled on Friday that Google infringed copyrights by digitizing books and putting extracts online without authorization, dealing a setback to its embattled book project.
The court in Paris ruled against Google after a publishing group, La Martinière, backed by publishers and authors, argued that the industry was being exploited by Google’s Book Search program, which was started in 2005.

The court ordered Google to pay over 300,000 euros, or $430,000, in damages and interest and to stop digital reproduction of the material. The company was also ordered to pay 10,000 euros a day in fines until it removed extracts of some French books from its online database.

Google said it believed that it had complied with French copyright law and that it planned to appeal the decision.

“We believe that displaying a limited number of short extracts from books complies with copyright legislation both in France and the U.S. — and improves access to books,” said Philippe Colombet, who is responsible for Google’s books partnership in France.

Mr. Colombet said he did not know whether the company would immediately remove the excerpts or pay the fine; Google’s lawyers were still examining the ruling. He also said there would be no impact on Google’s settlement with publishers and authors in the United States, an agreement that would allow the company the right to digitize, catalog and sell millions of books online that are under copyright protection.

La Martinière, based in Paris, first filed the suit in 2006 claiming damages against its publishing houses: Editions du Seuil of France, Delachaux & Niestlé of Switzerland and Harry N. Abrams of the United States.

Those publishers, supported by the French Publishers’ Association and an authors’ group, had argued that scanning books was an act of reproduction that Google should pay for. They had demanded that Google be fined millions of euros.

They accused Google of letting users browse the content without paying for it, and of reaping revenue from advertisers but not adequately compensating the creators and original publishers of the works.

Yann Colin, a lawyer for La Martinière, expressed his satisfaction with the result and said his client hoped that the level of the fine would be increased.

The court, he said, had been “a bit rapid” in its assessment of damages, given that the three publishing houses claim that about 10,000 of their works were infringed.

Google has so far scanned 10 million books through partnerships with libraries in its project to put the world’s literature online. Over half of the books are in languages other than English.

Those include books under copyright, of which only extracts can be previewed free. In these cases, Google directs users to sites where they can buy books or libraries where they can borrow them. Other books are in the public domain and can be read and downloaded free.

The project has proved especially controversial in France. Here, politicians including President Nicolas Sarkozy have pushed for a broader public digitization program, apparently wary of offering Google the chance to capitalize on the country’s cultural heritage.

Mr. Sarkozy pledged nearly 750 million euros earlier this month toward the computer scanning of French literary works, audiovisual archives and historical documents, an announcement that underscored his government’s desire to maintain control over France’s cultural heritage in an era of digitization.

The settlement in the United States outlined a plan to create a database of in-print and out-of-print works. It includes measures to find and compensate authors but covers only books published in North America, Britain and Australia, and any books registered with the United States Copyright Office.

easy like sunday evening

Hello yall…

It is sunday evening and my daugther has gone to sleep and the wife is making her hair in the bedroom, finally i have some time for my self and my tech toys. I've got this cool new MacBookPro 17" as work computer and im thinking that what games should i install on it??? or should i do it at all???

I also found out last week that our university is been hit by some script-kiddy and some bullshit virus, the "cracker" calls himself "Promish" the fun part is that the virus is basically total bullshit virus. I actually think that i know who the so called "cracker" is, the only question is that should i burn the "cracker's" ass.

Lately i've been thinking a lot of opening my own website where i could make some money. Do you guys have any ideas of what kind of website would be profitable???

tomorrow is back to work… and 2 exams on next week also, Cisco CCNA 2 written exam and C++ exam also… hopefully it will go well, really don't have that much energy or motivation to make more exams…

Cr3sc0

Hak5’s Darren on Discovery: Hackers Versus Cyber Criminals

Want to watch HULU on your mac in europe??? then check out this video

Want to watch HULU on your mac in europe??? then check out this video

Hulu.com in Europe - For Mac Users from Kurt von Moos on Vimeo.

RFID passport identity theft made simple

You’re confident your RFID passport is safe in its signal-blocking wallet as you pass through immigration. What you don’t know is that the man behind you is recording the data sent by your passport’s RFID chip as it is scanned.
Your name, nationality, gender, birthday, birthplace and a nicely digitized photo is in his hands. With that info he can photoshop up a passport, get a copy of your Social Security card and with that get credit cards and bank accounts in your name.
Rewarding individual enterprise
Thanks to bureaucratic confidence in RFID technology this is a real threat. An article in the Communications of the Association for Computing Machinery goes into the details:

For successful data retrieval the perpetrator’s antenna must catch two different interactions: the forward channel, which is the signal being sent from the RFID reader to the RFID token; and the backward channel, which is the data being sent back from the RFID token to the RFID reader. . . .
. . . the perpetrator would need only an antenna and an amplifier to boost the signal capture, a radio-frequency mixer and filter, and a computer to store the data. The amplifier itself would not even need to be that powerful, since it would need to boost the signal over only a short distance of three to five meters. . . . These RFID “sniffers” can then be plugged into a laptop via a USB port.

They’ve got your data, now what?
The weak 52-bit key encryption is easily broken. Then just counterfeit the passport, get a social security card and start shopping!
As the article notes, forging a passport can be expensive. It might be easier just to steal it.
The Storage Bits take
The RFIDiocy keeps getting worse. The Feds were pwnd at DefCon earlier this year.
But these are just the risks we know about today. What new technologies will appear in the next 15 years to make both eavesdropping and forgery easier?
The RFID passport is a technological sitting duck for bad guys of all kinds - criminals and terrorists - courtesy of the US State Department.
As I noted in previous post:

The time to end this nonsense is now. There are perfectly usable non-RF storage technologies - like 3D barcodes - that can safely store data in hard to crack, hard to hack formats.

We can do better. And we must.

Metalab 's open support letter regarding the recent hackerspace raid

On November 28th, the police conducted a raid on a suspected illegal nightclub in Malmö. The official reason for the operation was that they suspected the club, which arranged a punk concert that evening, to sell alcoholic beverages without permission. And the police did indeed find and seize some beer, wine, and booze there, as well as a few other personal belongings that are not too surprising at a punk concert (firecrackers, pepper spray, etc.) Details can be found in the police's official press release.
So far, so unexciting.
What the press release fails to mention is that the police also raided the premises of another organisation that had nothing to do with the nightclub, other than being located in the same building: the hackerspace Forskningsavdelningen.
Forskningsavdelningen is a hackerspace - a place for people with in an interest in technology to share knowledge and work together. What does this organisation, located on a different floor, have to do with a suspected illegal club organised by a different organisation? Not much, it would seem.
Okay, so maybe it was bad luck that they were raided. Less than perfect intelligence on behalf of the police. Embarrassing, but no big deal.
Except that the police actually confiscated six computers, a WiFi router, and other valuable technical equipment from Forskningsavdelningen - and now want to raise charges of "preparation for Grand Theft" and "IT intrusion".
The grounds for the charge of preparation for Grand Theft is that the equipment in the hackerspace included two key copying machines and a collection of lock picking tools. According to the police, this indicates that a burglary was planned. Similarly, the presence of a "special antenna to receive wireless signals over long distance" is used to justify the suspicion of IT intrusion.
All of these tools are perfectly legal to own and operate - unless of course they are actually used for illegal purposes. A knife can be used to cut a steak or to stab somebody. If I own a knife, does that indicate that I am planning an assault?
Owning an antenna - even a "special", modified antenna - does not indicate an intention to commit a crime. It indicates an interest in wireless transmission, and may in fact be the first prototype of tomorrow's technology.
What about lock picking? Same thing. Lock picking is a sport practised by official clubs all over Europe. In addition to the edification of their members, these clubs provide a valuable service to the public by demonstrating the security flaws in common locks. Participation in this sport is no more a preparation for burglary than sport shooting is a preparation for murder.
We are deeply concerned by this disregard of the most basic legal right - the presumption of innocence. We are worried by the fact that the open, critical study of technology is used as grounds for accusing innocent people.
As members of the Metalab, a hackerspace in Vienna, Austria, we express our solidarity with our friends in Sweden. We join them in demanding the return of all seized equipment and we sincerely hope that this whole affair will turn out to be a misunderstanding rather than an intentional interference with the rights of innocent citizens.
To restore the principle of legal certainty and avoid similar mistakes in the future, we strongly recommend a full investigation of the raid (its reasons and actual execution) as well as the legal grounds (or lack thereof) of raising charges based on the possession of legal equipment.

About the Metalab:

The Metalab is a hackerspace in Vienna, and as such a sister project of Forskningsavdelningen. Our organisation is privately financed by its members, as well as publicly subsidised and has been host to widely recognised talks, conferences, workshops, and social events. Moreover, the Metalab has given birth to various commercial, civic, philanthropic, and social ventures. These sorts of advances can only grow in certain environments - and hackerspaces, like the Metalab, strive to provide such an environment. An environment that may seem odd or ominous to outsiders. An environment that usually harbourstechnology that's not a common sight in just any home or office. But after all, this is the whole point of a hackerspace - to collectively extend the individuals' possibilities.
Hackerspaces enrich their region's cultural and technological scene. They are places of information, discussion, experimentation and openness. They are the real world manifestations of a new paradigm, originated in the free, border-less and undiscriminating nature of the internet and its communications structures. Hackerspaces are places where freedom of opinion meets creativity and spawns inspiration. They're the birth-place of start-up firms that employ cutting edge technology, of altruistic community projects and of art in new media.

The TSA makes another stupid move

When the TSA make mistakes this egregious it really isn’t all that hard to pick on them.
The latest is that their Screening Management Standard Operating Procedure is published on the internet.  I actually like that.  I don’t think that security through obscurity is a good idea.  Of course the document is marked SSI and includes this footnote on every page:


SENSITIVE SECURITY INFORMATION 
WARNING: THIS RECORD CONTAINS SENSITIVE SECURITY INFORMATION THAT IS CONTROLLED UNDER 49 CFR PARTS 15 AND 1520. NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A “NEED TO KNOW,” AS DEFINED IN 49 CFR PARTS 15 AND 1520, EXCEPT WITH THE WRITTEN PERMISSION OF THE ADMINISTRATOR OF THE TRANSPORTATION SECURITY ADMINISTRATION OR THE SECRETARY OF TRANSPORTATION. UNAUTHORIZED RELEASE MAY RESULT IN CIVIL PENALTIES OR OTHER ACTION. FOR U.S. GOVERNMENT AGENCIES, PUBLIC DISCLOSURE GOVERNED BY 5 U.S.C. 552 AND 49 CFR PARTS 15 AND 1520.

So the decision to publish it on the Internet is probably a questionable one.  On top of that, however, is where the real idiocy shines.  They chose to publish a redacted version of the document, hiding all the super-important stuff from the public.  But they apparently don’t understand how redaction works in the electronic document world.  See, rather than actually removing the offending text from the document they just drew a black box on top of it.  Turns out that PDF documents don’t really care about the black box like that and the actual content of the document is still in the file.

Yup, their crack legal staff managed to screw this one up pretty badly.  Want to know which twelve passports will instantly get you shunted over for secondary screening, simply by showing them to the ID-checking agent?  Check out Section 2A-2 (C) (1) (b) (iv).  Want to know the procedure for CIA-escorted passengers to be processed through the checkpoint?  That’s in the document, too.  Details on the calibration process of the metal detectors is in there.  So is the procedure for screening foreign dignitaries.

It is pretty pathetic that the folks supposedly responsible for administering this “security” program cannot even be bothered to do the simplest parts of their job correctly.  Then again, passing through the checkpoint every time I fly it is pretty clear that they do a lot of things incorrectly.  Just chalk this one up to more of the same idiocy.  More done badly.

Want to read it for yourself?  Grab a copy here.  Who knows how long they’ll keep it online.

Once you’ve downloaded the PDF you’ll see the black boxes.  Simply highlight the text (start above and drag down to below the redaction area) so that you’re selecting all of the stuff in the “redacted” area.  Copy the selection and paste it into the word processing client of your choice.

Nokia to halve smartphone offerings in 2010

Nokia, the world's largest mobile phone maker, has announced it will be cutting its smartphone offering in half next year, despite losing market share to rivals RIM and Apple.

"We see ... really fierce competition certainly in the high end, but we also see it in the mid to low end of smartphones increasing," said Jo Harlow, chief of Nokia's smartphone unit, via Reuters. "We will defend our position, but we believe we also have tools to play offense as well as defense."

Part of that "defense" will be to push smartphone prices lower while at the same time increasing margins. Recent figures showed that Nokia had lost smartphone market share for the most recent quarter, from 41 percent to 35 percent.

"Reducing the number of smartphone models makes a lot of sense ... but Nokia has to be very careful in finding the right balance: its large product portfolio has been one of its strong competitive advantages in the past," concludes Bernstein analyst Pierre Ferragu.

Woman arrested for taping minutes of 'Twilight' film with camera

A 22-year old woman was arrested in Chicago this week for recording three minutes of the newest "Twilight" film with a digital camera at the movie theater, and spent two days in jail.

Additionally, Samantha Tumpach now faces up to three years in jail after being charged with count of criminal use of a motion picture exhibition.

However, Tumpach says that she wasn't filming the movie and was instead taping parts of her sister's birthday party, which was in part at the movie theater. Although the movie is in the background in clips, there are longer clips of family and friends singing happy birthday to Tumpach's sister at the theater.

“It was a big thing over nothing,” Tumpach added of her arrest. “We were just messing around. Everyone is so surprised it got this far.”

After being nabbed by an employee, managers called the police which checked the camera and found about three minutes of footage.

“It was never my intention to record the movie,” concluded Tumpach.

Apple acquires Lala

Apple has confirmed that it will be purchasing music streaming service Lala although financial details have not been released as of yet.

Lala had been struggling and the CEO recently announced that prospects of turning a profit in the near future were slim to none. Lala has an 8 million deep song library and allows users to stream unlimited for 10 cents a track or purchase the track for $0.79.

The new purchase will allow for Apple to add full-length streaming to iTunes instead of the current 30-second clips and could even lead to a streaming radio service for the platform.

Lala and similar service iLike currently partner with Google to allow for quick discovery of music via the search engine.

Apple has $31.1 billion in cash and likely could purchase Lala for under $500 million.

Macs retake reliability ranking top spot

Apple reclaimed the top spot in the computer-reliability ranking of Rescuecom, a Syracuse, N.Y.-based technical support franchise, as netbook maker Asus' rating plummeted, Rescuecom's CEO said Saturday.

Apple's Macs, which led all rivals in Rescuecom's rankings during 2007 and 2008, ceded first place to PCs sold by Asustek Computer (better known as Asus) in the first half of 2009, falling as low as third in the first quarter, behind both Asus and Lenovo.

But Apple recaptured the top ranking for the third quarter with a reliability score of 374. Behind Apple were Lenovo and Asus with 320 and 166, respectively, followed by Toshiba and Hewlett-Packard in fourth and fifth place.

Rescuecom produces its scores by comparing the percentage of support calls represented by each vendor with each computer maker's U.S. market share. The greater the difference between the two, the higher the score. For example, although Apple's U.S. market share was 9% -- according to research firm IDC, whose data Rescuecom used to calculate its ratings -- Macs accounted for just 2.4% of the calls to Rescuecom. According to Rescuecom's reasoning, the higher scores indicate more reliable hardware and better support from the computer makers.

Apple's third-quarter rating was actually 5% lower than the 394 Rescuecom gave the company's computers for 2009's second quarter.

But Asus' decline was the big story. The Asian computer maker, which led Rescuecom's rankings for the first six months of the year, has seen its reliability rating plunge from a first-quarter high of 972 to 166 in the third quarter.

Asus' nose-dive was hardly a surprise, said David Milman, Rescuecom's CEO. "This is what we were waiting for on Asus, whether or not their reliability score would be maintained," said Milman in an e-mail. "Now that many of the netbooks by Asus have been out for a while, there is obviously a higher need for service."

Last March, when Asus first jumped to the top spot on Rescuecom's list, company president Josh Kaplan said Asus' ranking should be taken with a grain of salt, since it was based on a huge bump in sales during the last few months of 2008, when Asus' netbook sales took off. That, in turn, meant that Asus machines had been in users' hands for just several months, which could translate into fewer support calls.

"It will be interesting to see in the coming quarters if Asus will start coming down to the level of the other vendors, or can sustain it," Kaplan said at the time.

Apparently, it couldn't sustain its record rating, which in the first quarter Rescuecom measured as 972, nearly six times higher than its score in the third quarter. Asus' second-quarter rating was 416.

Toshiba's and HP's scores also fell from the second quarter, although less dramatically than Asus. Toshiba's reliability score was 165 in the third quarter, down 24%, while HP's third-quarter score of 134 was off 6% from the previous quarter.

My Favorite Hackers The short list for which aspiring hackers strive.

As a self-proclaimed hacker, who means you no harm, I stand on the shoulders of giants. The following people have set the standard for hacking and have given all of us newbies something to the strive for. These are some of the Great Ones, the ones we admire, emulate. These are my favs.

1. Kevin Mitnick

The Man. The Myth. The Legend. This guy was the top hacker in the world for a good part of the late 70s and early 80s. He was one of the first, and in his time, gave the pre-silicon valley tech bigwigs a good shakedown. He broke into systems owned by Sun Microsystems, IBM, DEC, Motorola, and even managed (allegedly) to wiretap FBI conversations. He did time for it, but now works as a security consultant. Though most hackers today consider his technical knowledge to be archaic, he has one of the sharpest minds in social engineering even today.

WATCH VIDEO: Darren Kitchen, hacker and host of tech show Hak5, says why hacking isn't the same thing as cyber crime.

2. Fyodor

Fyodor, aka Gordon Lyon, gave us hackers one of our greatest tools. NMAP. NMAP is a powerful piece of software that lets us analyze the topography of any given network. With a quick nmap session, we can tell what Operating System is running on a given machine or set of machines, we can tell what services are running on the network, and we can tell what IP Addresses are active or inactive within any given network, among an infinite number of other functions. NMAP is indispensible and hackers would be virtually shooting in the dark without it. Today, Fyodor is responsible for overseeing the Honeynet Project, a distributed computing project that uses false open access points in a network (honeypots), to gather data regarding intrusion attempts on networks all over the world.

3. Michal Zalewski

Michal is currently in the employ of Google as a security researcher, but has been active in the hacker community since the early 90s as someone known for finding vulnerabilities where no one else could. His knowledge of web browser security is unparalleled.

4. Eric Corley

Eric founded the H.O.P.E. hacker conference as well as 2600: The Hacker Quarterly, a quarterly magazine about hacker culture. He's been an active member in the community since the 80s.

5. Solar Designer

Solar, aka Alexander Peslyak, is a Russian hacker responsible for the Openwall GNU/Linux project. Openwall is a Security-hardened Linux distribution meant for servers. In addition to his responsibilities with Openwall, he has been responsible for some of the most influential exploits within the Open Source community.

6. Robin Wood

Robin may be new to the scene, but he's definitely been talked about. You might remember me mentioning man-in-the-middle attacks and a piece of firmware called Jasager? Well, that's his baby. He wrote it and designed it. The man is a genius with anything wireless. Jasager's popularity though, is owed largely to the next name on the list.

7. Darren Kitchen

Darren is the host of Hak5, a web show dedicated to information security and generally making electronic devices do things they weren't intended to do. The show is hosted by Darren, Shannon Morse (aka Snubs) and Matt Lestock. Darren is to our community what Flava Flav was to Public Enemy, only, with more talent and without the myriad drug addictions. He always has his ear to the ground and always knows what's going on in the scene.

The prestigious Wall Street Journal expose passwords in plaintext CEO members

Business News & Financial News – The Wall Street Journal is the place to Traffic Rank 88 in U.S., by Alexa.
“WSJ online coverage of breaking news and current headlines from the U.S. and around the world. Top stories, photos, videos, detailed analysis” …and a big SQL Injection. A secured bad parameter allows access to databases on the server.
In the first picture we can see MySQL server version, available databases, as well as a very serious mistake. Not only is the website vulnerable to SQL injection but it also allows load_file to be executed making it very dangerous because with a little patience, the writable directory can be found and injection of malicious code we get command line access with Which we can do virtualy anything we want with the website: Upload phpshells, redirects, infection PAGES WITH TROJAN DROPPERS, even deface the whole website.

In the second picture we see a more serious problem. One of the users (ffi2009uk) is % the host and NOTHING in the password. This means that from any IP we can connect to MySQL server on his account without any password. Unbelievable !!!

In the next picture we have personal data, address, phone number of the members of the press.

The penultimate picture we can see how CEO members passwords are stored in clear text !!! The list of members whose password has been exposed is diverse, starting from presidents and executives of corporations to the senators.

We are not surprised nor that even the Admin password, the chief account is stored in clear text !!!

Organisations still failing on IT innovations

IT innovation is becoming more central to organisations' growth plans, but many projects are still missing their targets, according to new research released today by global consultancy AT Kearney.
The study found that, although 84 per cent of C-level executives believe that innovative IT projects are key to a successful business strategy, they think that investment in these projects misses target levels by more than 75 per cent.
Farhan Mirza, principal at AT Kearney, argued that IT leaders need to free up extra money for IT innovation by outsourcing operational tasks, and giving more responsibility to end users for the day-to-day running of their systems.
"Everyone talks about innovation, but money is not being put aside for these projects because it gets used on operational fire-fighting," he said.
"IT departments need to pull back and think about automating and outsourcing more. The budget you're releasing will then allow you to do the interesting work everyone in IT really wants to do."
The AT Kearney study highlighted six areas crucial to successful IT innovation, including balancing IT leadership with business partnerships, integrating products and services with back-office IT and collaborating better with customers, employers and suppliers.
The firm also advised IT leaders to place IT initiatives and investment targets under a single umbrella to give innovation the investment it needs.

Finnish Emissions Dropped Below Kyoto Level in '08

And now for some good news: Finland's greenhouse gas emissions in 2008 dropped by 10 percent compared with the year before, reports Statistics Finland. That exceeds its Kyoto Protocol 'assigned amount' commitment by 1.2 percent.

Last year marked the beginning of the official five-year commitment period for industrialized countries that signed the pact, including most of Europe as well as North America and Japan.
By far Finland's biggest producer of greenhouse gases is the energy sector, which accounts for three-quarters of emissions. Its greenhouse gas output fell by 13 percent last year compared to 2007. The largest drop within this sector was the energy industry itself, which posted a dramatic 21 percent reduction. Emissions from energy production within the industrial and construction sectors were down by six percent.
Gasses produced by the Finnish energy sector fluctuate significantly from year to year, impacted by consumption and availability of hydroelectric power -- both of which are in turn affected by the weather -- as well as the level of electricity imports.
In Finland, agriculture and forestry act as a net sink, i.e. removals from atmosphere exceed emissions. Their ability to absorb carbon rose by 15 percent. The key factor in this was tree growth, as logging dropped significantly from the previous year.
The waste sector cut its emissions by seven percent. Compared with 1990, the benchmark year for the Kyoto treaty, it has slashed its greenhouse gas output by 45 percent. The most effective tool for doing this has been capturing landfill gases such as methane, which are being used to generate heating in some Finnish towns.
Transport emissions declined for the first time this century, edging down by four percent.
On the flipside, emissions from industrial processes grew by five percent.

Female Pastors often Harassed by Parishioners

Over half of the female pastors in the capital region say they have been recipients of offensive sexual advances, according to a survey by the Finnish Evangelical Lutheran Church’s news website, Pod.fi.

About one-fifth of the female pastors in Helsinki, Espoo and Vantaa responded to the survey in November.

The most common type of harassment was inappropriate conversations. However, some congregates have shown up unwanted at a female pastor's home, according to Marina Tolonen, the industrial safety officer of Parish Union of Helsinki.

She says this type of harassment is particularly distressing because pastors cannot fire their parishioners.

”You can’t really ban them from coming to church events. Of course, security can be amplified in situations. For instance, guards in civilian clothes could be there ready to help if need be,” Tolonen told YLE.

The Church Council says it is aware of the problem. Other church workers as well have experienced harassment, says Pekka Huokuna, a council member.

”Church employees work in very different types of situations. Quite often they are working with people who have all kinds of problems,” he says.

Huokuna says workers should confide in others about their experiences. He adds that older workers may have had similar experiences and could offer help.

Setting limits

Pastor Eeva-Liisa Hurmerinta of the Kallio Parish in Helsinki has worked as a pastor for 20 years. She says she’s been harassed just a few times.

She adds that if a parishioner wants to talk about sex, pastors must set up boundaries.

”I could imagine that a young pastor in a new area would be embarrassed by these types of parishioners. With experience, one learns how to handle these types of situations and how to direct the conversation,” she says.

Progress Reported in Airport Dispute; More Flights Cancelled

The Finnish Aviation Union and the staff services company Barona reported progress on Thursday evening in the dispute over luggage handling at Helsinki-Vantaa Airport. However, Finnair is expected to cancel as many as 13 flights on Friday as the two sides continue to bargain.

On Thursday, the two sides said that nearly all of their disagreements had been ironed out. The remaining disagreement was over a dismissal clause in the contracts of employees who were suddenly transferred from Finnair to Barona on Monday. The latter insists they will be guaranteed the same rights and benefits as when they worked for Finnair. However employees are sceptical, fearing for their job security.
Meanwhile the backlog of unprocessed baggage at the airport has risen to around 10,000 pieces.
Since late Wednesday, some have been moved to a warehouse two kilometres from Finnair's Terminal 2. From there, they are to be delivered individually to their owners. Finnair estimates that it will take several days after the walkout ends before the suitcases are all returned.
Operations at Terminal 1 are reported to be normal. This terminal is used by Blue1, SAS, Lufthansa and other airlines.
The national air carrier -- which insists it is not a party to the dispute -- has been losing nearly five million euros a day due to cancelled flights and other problems.
As the walkout by baggage handlers continued into its fourth day on Thursday, the financially-strapped Finnair axed more than 20 flights, for a total of at least 80 this week.
Airport Walkout Day Four; 20 Flights Cancelled Thursday

Finnish prison cells violate human rights…

Recently appointed parliamentary ombudsman Petri Jääskeläinen says prisons cells without toilet facilities are shameful. Jääskeläinen, who starts his new job on January 1st, had harsh words about Finnish prisons.

Finnish prisons have some 400 dry cells, or cells without toilet facilities. Prisoners are forced to use a bucket to relieve themselves. Correctional facilities in Kuopio, Mikkeli, Konnunsuo, Hämeenlinna and Helsinki have dry cells. The Hämeenlinna women’s prison alone has 84 dry cells.
Violation of human rights
Jääskeläinen says prison cells without toile facilities are a violation of human rights.
”The European Court of Human Rights considers dry cells to be humiliating. It is especially deplorable when several prisoners share the same cell. They are forced to relieve themselves in front of one another,” he says.
Several other parliamentary ombudsmen and international monitoring bodies have criticised Finland’s prisons for years.
”Abolishing these types of cells would be in accordance with the international human rights standard for the treatment of prisoners. Finland must finally address this matter,” he says.
Compensation for suffering?
Because the issue of toilets is a question of human rights, prisoners could be paid some sort of compensation.
“We already compensate for some offences. For each day spent in prison without just cause, a prisoner is paid 100 euros,” he says.
”If the government would have to pay prisoners compensation of say 50 euros per night spent in a dry cell, I think that those types of cells would disappear quite quickly.”

Tiger Woods says he let family down…

Like a tricky downhill putt, the Tiger Woods story keeps rolling along, gaining momentum with each new turn.

The latest developments emerged Wednesday with an US Weekly report that linked him to yet another alleged mistress and the release of a voice mail that Woods allegedly left on her phone.

The megastar golfer -- known for zealously guarding his privacy -- posted a lengthy statement on his website, apologizing to fans for his "transgressions" and asking that he be allowed to deal with the situation "behind closed doors."

As the media frenzy surrounding him approaches the end of its first full week, a new question arises: When does it all end?

Or, as some media experts and ethicists are asking, when should it end?

"I think that people are starting to understand this is probably a decent guy and he's having trouble in his marriage," said David Rosen, an author and culture critic. "And it isn't anybody's business."

As a news story, Woods represents the perfect storm, an immensely successful athlete with a pretty blond wife who built himself into a marketing juggernaut, becoming the spokesman for cars, razors and clothing.

Then his squeaky-clean image bumped up against a tabloid story about an extramarital affair followed by an incident in which, leaving his home late at night, he ran his car over a fire hydrant and smashed into a neighbor's tree.

Woods has always controlled his image, deciding when and where to face reporters, rarely granting one-on-one interviews. Toward that end, he withdrew from a tournament he was supposed to host in Thousand Oaks this week.

But he has entered new territory, the world of 24-hour cable and Internet blogs that have been churning out speculation about indiscretions and an argument with his wife, allegations that have found their way into more traditional media.

As Thomas Cooper, a professor of media ethics at Emerson College in Boston, put it: "It does tend to be smotherage rather than coverage."

The latest report, from US Weekly, alleges that Woods conducted a 31-month affair with a Los Angeles cocktail waitress named Jaimee Grubbs. The voicemail was made available on the magazine's website.

"Hey, it's, uh, it's Tiger," a man's voice says. "I need you to do me a huge favor."

The caller says that his wife went through his phone. He asks Grubbs to switch to a generic answering message that lists only her number.

While the statement Woods posted does not address any specific allegations, it begins: "I have let my family down and I regret those transgressions with all of my heart. I have not been true to my values and the behavior my family deserves. I am not without faults and I am far short of perfect."

Woods goes on to lament the "tabloid scrutiny" he and his family have suffered and reiterates that his wife, Elin Nordegren, had nothing to do with injuries he suffered the night of the accident.

With some experts saying Woods has damaged his marketability by refusing to answer questions publicly, the golfer adds: "Personal sins should not require press releases and problems within a family shouldn't have to mean public confessions."

The expectation that celebrities should openly atone for private behavior dates at least to the Puritans, said Rosen, the author of "Sex Scandal America." He calls it "the ritual of public shaming."

Originally, this practice intended -- rightly or wrongly -- to preserve social convention, but Rosen believes any such trappings have fallen away.

"Now we're at the tail end of the morality tale," he said. "We're just watching it as entertainment. There's no moral grab."


Cooper, the media ethicist, does not buy into the argument that Woods has an obligation to face the media because he has previously used it to amass great personal wealth as a pitchman.

"The real story here is pretty small -- someone had an accident and there may have been dysfunctional behavior in a relationship," he said, adding: "That's not much of a case to build for invading someone's privacy."

But the story has caught fire, experts said, for at least two reasons.

There are more forms of media -- including bloggers -- to disseminate information more quickly. This rapid-fire environment has created new expectations.

"We, the consumers, have an insatiable appetite for stories like this," said Martin Kaplan, director of the Norman Lear Center at the USC Annenberg School for Communications. "We're hard-wired for wanting to follow a drama that involves sex and great talent and what looks like secret goings-on."

But the same forces that ignite the story might also cause it to burn out quickly, said L. Lin Wood, an Atlanta attorney who has counseled high-profile clients including the accuser in the civil portion of the Kobe Bryant sexual assault case.

Barring any new allegations, Wood sees coverage of the Woods story dying down in a few weeks, perhaps flaring briefly the next time Woods appears in public, then fading away. The attorney disagrees with marketers who say Woods needs to face reporters.

"To me, it would be undignified for someone like Tiger Woods," he said. "And if you start to feed the media frenzy, it's just going to get bigger and probably last longer."

At the Sherwood Country Club, where Woods was supposed to be playing in the Chevron World Challenge this week, fans supported his handling of the situation.

But a fellow pro golfer, Steve Stricker, wrestled with the issue.

"I'm on that line, I'm on that fence whether that's even our business or not," Stricker said. "Everybody likes to get into these celebrities' personal lives and it's all fascinating and everything but, deep down, what does it really matter?"

Policeman on Trial in Connection with College Massacre

A policeman who many believe could have prevented the college massacre in Kauhajoki last year goes on trial for negligent dereliction of duty.

The trial begins Thursday. The families of the people killed are seeking convictions in their civil suit for more serious crimes. They say the officer is guilty of dereliction of duty and ten counts of aggravated manslaughter.

The police officer says he is not guilty of the charges against him.
In addition, the families are demanding damages from the government to the tune of 860,000 euros.
"Obviously money can't replace a human life. This is symbolic compensation, which is reasonable given the indescribable suffering these people have had to go through," says the families' legal advisor Lasse Vuola.
The government says it is not culpable for the damages, because the tragedy was so completely unpredictable

The Tragic events of Kauhajoki
The officer visited the killer Matti Saari's home, after police were alerted to You Tube videos where Saari had filmed himself shooting a firearm and making general threats. The officer did not take the weapon away, as he felt no crime had been committed and the guns were perfectly legal.
The next day, Saari entered the Kauhajoki Vocational College and ran through the school shooting. He killed nine students and one teacher before turning the gun on himself.

Kauhajoki Factbox

- 19.09.2009: Accused's supervisor orders Saari's weapon to be confiscated.
- 20.09.2009: Officer interviews Saari over internet videos but does not confiscate gun.
- 21.09.2009: Saari opens fire at the college, killing ten and then himself.
- The Kauhajoki Vocational College is for youth over 16 years of age, and teaches institutional cooking, nursing, travel and hospitality.
- In 2005, the school had 150 students and 23 teachers.

NATO wants finland to send more troops to Afganistan…

NATO wants Finland to send more forces to Afghanistan. The Foreign Ministry says that NATO Secretary-General Anders Fogh Rasmussen sent Finland a letter last week requesting that it consider sending more operative forces and trainers.

US President Barack Obama announced on Tuesday that another 30,000 US troops would be deployed in Afghanistan. He also asked European countries to send between 5,000 and 10,000 soldiers to the country.
Finland’s political leaders are to discuss the request in the near future. Foreign Minister Alexander Stubb suggested on Wednesday that Finland might be able to send about 15 more trainers. He added that there is a problem with recruitment, saying, "It's hard to get people to go there."
Finnish Expert: Capability Exists
A Finnish military expert interviewed by YLE TV's breakfast show on Wednesday says that Finland would be capable of sending forces to Afghanistan for tasks including helping those in difficulty and training local security forces.
Jarno Limnéll, who teaches strategy at the National Defence University, said that Finland has the capability, if the political leaders decide to send more forces there.
“The new strategy clearly aims at emphasizing the importance of civilian crisis management, and this might be an area in which the Finnish contribution in Afghanistan could be increased,” Limnéll says.
There are now about 120 Finnish peacekeepers at a joint Finnish-Swedish base at Mazar-i-Sharif in northern Afghanistan.

Bags pile up as Helsinki airport walkout continues…

Thousands of pieces of luggage are piling up at Helsinki-Vantaa Airport as a walkout by baggage handlers is set to continue into Thursday.

The Finnish Aviation Union (IAU) has demanded that Finnair postpone the sale of baggage handling operations to an outsourcing company; Finnair says the deal is already done.
Finnair on Tuesday rejected a proposal by the IAU aimed at settling a dispute that led to a walkout by workers at Helsinki-Vantaa Airport and the cancellation of 23 flights on Tuesday and 14 on Monday. Following the rejection of the union proposal, workers said they would stay off the job until at least noon on Wednesday. However the walkout appears likely to continue until Thursday at least.
The airline cancelled about 40 flights -- mostly domestic -- on Wednesday. It is trying to operate all long-haul foreign flights. Some European flights were cancelled, as well as one to Shanghai. Some 6,000 passengers have been affected.
The union organized the walkout to protest the sale of the baggage handling unit to Barona Handling, which was completed on Monday. The walkout was supposed to end at 10 a.m. Tuesday. Customer service personnel returned to work, but baggage handlers and loaders stayed away.
An estimated 6,000 -7,000 pieces of luggage were piled up at the airport as of Wednesday evening. About 1,000 of these are to be delivered to customers in the Helsinki area, and the rest abroad. Baggage handling is being done by management staff, who estimate that it will take until early next week to deliver all the baggage.
Finnair insists it is no longer a party to the labour dispute, because as of Monday, the striking employees now work for Barona.
The company also says the walkout is illegal and irresponsible.
Union proposal rejected as power play
The IAU proposed that Finnair postpone the transfer of operations to Barona and negotiate a buy-back. If Finnair had agreed, union members would have returned to work. At least 500 airport workers said they would not return until noon Wednesday at the earliest.
But Finnair says the demand is impossible, and the union knows it.
"The IAU is using this kind of blackmail to force the two sides in the sale to capitulate. This shows pretty well how little the IAU cares for Finnair customers and the rules of the labour market," seethes Finnair's CFO and Deputy CEO, Lasse Heinonen.
The union will now start negotiations on the situation directly with Barona.
"For the sake of the customers and Finnair, I hope they can quickly come to an agreement," adds Heinonen.

Baggage handling at Helsinki-Vantaa Airport has been badly delayed by the walkout. The latest industrial dispute comes less than two weeks after a two-day strike by pilots at the majority state-owned carrier.

Nokia Sees Return to Growth, Analysts Sceptical

Nokia predicts that the global mobile phone market will grow by 10 percent next year after falling some seven percent this year. But analysts say the firm must do more to compete with its rivals.

The world's biggest mobile phone maker cautioned that its own market share, currently at some 37 percent, would be "flat" next year. It added that it expects the value of its market share to be up "slightly."
Nokia executives made the comments during the company's Capital Markets Day, held in Espoo on Wednesday. The event attracted some 250 analysts and investors from around the world.
In October, Nokia reported its first loss in a decade amid rising competition in the smartphone market from the iPhone and the Blackberry, as well as problems with its Nokia Siemens Networks joint venture.
"We're waiting for more power from Nokia smartphones; for a product that can compete equally with more expensive phones," Martti Larjo, chief analyst at Nordea, told YLE. "We'd like to see Nokia produce something like an iPhone copy," he added.
Industry observers say Nokia's outdated Symbian operating system, which drives its smartphones, is one of the reasons why many consumers choose Apple's iPhone or RIM's Blackberry, which are easier to use.
Michael Schröder, chief analyst at the FIM investment bank, said, "The operating system for Nokia's smartphones is irreparably outdated. Nokia's competitors have come out with ones that offer better user experiences...Nokia will still face a few more difficult quarters."
CEO Olli-Pekka Kallasvuo promised that Nokia will release "a new version of Symbian" in 2010. "Smartphone growth will be significantly higher," he said, adding: "I believe Nokia is in better shape than our competitors. I mean that our challenges are clear, but so is our direction."
Nokia's share price edged down by about one percent on the Helsinki Stock Exchange following the announcements.

WHAT TO STUDY NEXT???

I have been thinking a lot of that what i am going to study after this. I thought that i wanted to study Information Security in Luleå Technical University because it was available as online studies also, but now a friend of mine that is studying that and she told me that there's basically no hands-on work there. I mean WTF, how can any university train IT security consultants that does not have any idea of the technical issues in Information Security.
I really need to start thinking of some other schools to attend after this BC, perhaps if my wife agrees will all move to Stockholm or Göteborg. I want to study something that has a real meaning in the future, like computer science or similar.

Whyyyy does this also have to suck so badly???


Cr3sc0

Gary McKinnon

Gary McKinnon is the 43 year old man waiting to find out if he is to be extradited to the US on charges of hacking into military computers in the USA. On Friday, the next chapter in the story will open, or close, as we find out the results of a judicial review into his extradition to the US to face trial.
Mr McKinnon admits hacking into 97 US government computers, including those of Nasa and the Pentagon, during 2001 and 2002.
The judicial review focuses on whether Mr McKinnon should have been allowed to face trial in the UK and whether the decision to extradite him should have been reconsidered in light of a diagnosis of Asperger's Syndrome last year.
If found guilty, McKinnon could be facing a 70 year prison sentence.
It is said that his autism spectrum disorder will lead to him suffering acutely if removed from his own country, friends and family. Further, McKinnon and his supporters say he is not a malicious cyber criminal and that his hacking is a symptom of his neuro untypical behaviour and obsessions. One US prosecutor accused him of committing "the biggest military computer hack of all time" and it is felt that the US government is likely to be hard on him in order to deter others.
Mr McKinnon recently told BBC 5 Live's Victoria Derbyshire that he was on a "moral crusade" to prove US intelligence had found an alien craft run on clean fuel.
A user called Knellerman posted the folllowing on Victoria's blog during the show:

How Asperger's works. My son has it. One day at end of school he pulled out a fence post and ran across the field. The head saw this and called it vandalism.
I asked him what he thought he was doing. He said he had spotted some dog poo and wanted to move it so younger children would not fall into it.
The head's heart melted. Welcome to Asperger's: Right motive, wrong action.
Gary was looking for UFOs, not hacking into military secrets. My son's behaviour was impulsive but that impulsive behavior can become obbsessive, as in Gary's case. What do I know? I was diagnosed with AS at the age of 50.

Video: BBC's Huw Edwards interviews Gary McKinnon - 30 July 2008
Interview with Gary who explains his motives. He talks to the BBC's Spencer Kelly about and antigravity and other technologies that are being hidden from us and which he was hoping to uncover. Also discussed is the lack of security in the US department of defence and details of his hacking exploits across two years

Swedish Cops raids HACKERSPACE and confiscates a lot of stuff… There is something seriously wrong with the swedes again…

At 20.45 on Saturday the 28th of November the police raided the social centre Utkanten in Malmö, where the hackerspace Forskningsavdelningen is housed. Twenty officers in full riot gear and ski masks broke into the space through the entrance and a backdoor, using crowbars. Shortly thereafter twenty to thirty more showed up, mostly dressed as civilians and some of them IT technicians from Länskriminalen (county police), who are suspected to be interested in the hackerspace. They stayed in the building for about six hours.

The official reason for the raid was to do a “pub check” because of the suspicion that there was illegal selling of alcohol going on. The allegedly illegal club activity was a punk concert, with about 40 guests at the time of the raid. After the raid the cops evacuated the building, searched through it and confiscated a lot of stuff. The police was indiscriminate as to whose effects were removed, taking a lot of equipment from Forskningsavdelningen and peoples personal computers, even though the hackerspace was unaffiliated with the group arranging the concert downstairs.

At the time of the raid there were about five people at Forskningsavdelningen. All of us were searched and photographed. Those who criticized the harrasment were threatened to be taken to the station for “drug tests”. Overall the police seemed hostile.

What did they take?

We have gone through our stuff and made a list of what is definitely missing, but since the cops havent given us a list of what they’ve taken we might have missed some stuff.

• 3 laptops

• 1 media computer, refurbished

• 2 office computers, refurbished

• 1 gaming computer, 6500 SEK

• 1 digital camera, Canon Powershot

• 1 external 2.5″ hard drive

• 2 key cutters
  

• lock-picking practice locks (cut-away)

• 1 network router (Linksys WRT-54G)

• 1 wlan dishes antenna

• 1 pocket calculator (casio)

• 5 bottles of rum (Bacardi)

• blank keys, to a value of 200 SEK (not more?)

• material for building metal lockpicks

• metal files

• 1 backpack

Swedes are starting to spy us all…

FRA law

Description how the Swedish Defence Radio Authority (FRA, Swedish Försvarets radioanstalt) collects and processes communication.

The FRA law (FRA-lagen in Swedish) is a Swedish legislative package that authorizes the state to warrantlessly wiretap all telephone and Internet traffic that crosses Sweden's borders. It was passed by the Parliament of Sweden on June 18, 2008, by a vote of 143 to 138 (with one delegate abstaining and 67 delegates not present) and took effect on January 1, 2009.
In more detail, "FRA-law" is the common name for a new law as well as several modifications to existing laws, formally called Government proposal 2006/07:63 – Changes to defence intelligence activities 2006/07:63 –. It was introduced as anti-terrorism legislation, and gives the government agency Swedish National Defence Radio Establishment (FRA, Swedish Försvarets radioanstalt) the right to conduct signals intelligence on - to intercept - all internet exchange points that exchange traffic that crosses Swedish borders, though experts argue that it is impossible to differentiate between international traffic and traffic between Swedes.
News reports from Sweden's state broadcast network and other sources report that FRA have in fact been conducting eavesdropping on Swedish citizens for a decade. According to the Swedish National Defence Radio Establishment's Director-General, Ingvar Åkesson, they destroy the data collected after eighteen months, but they confirm that they have, in fact, been collecting information not just on foreigners but also on Swedes as the presence of Swedish search terms used on the data would indicate.

Protests and criticism

Protest against the law in Stockholm.

The law has met protests and opposition all across the Swedish political landscape, with even the youth organisations of the parties in the ruling government coalition being against it. Practically all major newspapers have spoken out against the law, along with lobbying organisations such as the Swedish Union of Journalists and the Swedish Bar Association. Telecom and internet companies such as Google, Bahnhof and TeliaSonera shun the law, and there is concern that the law may repel foreign investment in Sweden. The law may result in Sweden being tried by European Court of Human Rights. Protests and rallies are regularly held in the capital Stockholm and in other major cities. The Danish National Church have stated they are worried about the law, and a politician of the Danish Socialist People's Party wants the Danish government to send an official protest to Fredrik Reinfeldt, prime minister of Sweden. The Finnish government has already done so.
Also quite recently, a group of right-wing politicians banded together to work against the law.
On August 8, 2008 Swedish newspaper Aftonbladet reported that a recent poll suggests 51% of the Swedes are against the law, as compared to 47% in June 2008. It also claims that the trust in Sweden's prime minister, Fredrik Reinfeldt, might be in danger.

check out that N00b

hheheheh cool video

Finnish telecommunication companies like TeliaSonera, DNA and ELISA cuts hundreds of Internet connections…Bastards

Finnish telecommunications have started to cut their customers Internet connections because there is a threat that a worm has gained access to their computers… I mean WTF its everyone's personal responsibility that their computers security is up to date. I really wonder that what is behind all this shit for real… If you do not know how to secure your computer so maybe you should get a MAC or install Linux on your computer.

The only thing that telecommunication companies are responsible is to provide access to Internet, now they are just trying to take more power from the customer. The best part of all this is that for example TeliaSonera offers help from their help desk for the customer but it just that it costs 2€/min what a rip off... I believe that they will again raise the prices of the connection, like it does not cost enough yet (in some parts of this country it costs something like 70€ for 2Mbs)

My tip for all of you, REBEL AGAINST THEM, RAISE A LITTLE HELL IN THEIR OFFICE, THEY CAN DO MANY THINGS IN THE OFFICE ALSO EVEN IF THEY SAY THAT THEY CAN'T…

CR3SC0 

YouTube Music is…

Mario eating Shrooms…

Regular people

CCC 26C3 Here be dragons…

Just got approval from my employer to go to the annual CCC conference in Berlin Germany on 26th of december….. wuhuuu its going to be so cool 4 days with my own kind of people around me. I booked and payed the trip already….

maybe i need to take my BackTrack4 machine with me there or just run it from the mac…





Cr3sc0

A Simplified Astaro UTM now FREE to businesses

Disclaimer: I was given a demo license of the new free business product to break/review. No money has traded hands. This is my brutally honest opinion of the product.

I’ve played with a gambit of Astaro products, and personally I really hate UTMs, just like I do All-In-One Printer/Copier/Faxes. One thing breaks, they all do. However, Astaro’s .. before I go into my opinions of the product, or get on any soap box, here are the facts:

1. Astaro Security Gateway was free for home use already
* (works awesome for VM demos)
2. On November 16th 2009, Astaro Security Gateway “Essential Firewall Edition” is now FREE to any business that wants to run a copy.
* Essential Firewall Edition is basically a enterprise grade firewall w/ VPN and some reporting.

Why I like this product is not because it’s Astaro, but because it’s the bare essentials. It’s exactly what a small to mid size business needs for you to stop getting calls from your friend at 5 AM asking why the Linksys you put DD-WRT on to be slick is down.

There is no better gift you can give a business as an IT/Security guy, then the ability to see and log. Test it out, you’ll be amazed at what you see on your network.

Like I said initially, this is a brutally honest post, and I whole heartedly believe in FREE, and one tool for one job. However so far it’s been all fluff and daisies. In coming posts, I’ll show how it, and other free alternatives break, or stand up from an attack point of view.



On a site note, it works flawlessly with the iPhone ;-) – Use public wifi with no less fear, when all of your traffic is going through a VPN automagically. That’ll make the boss happy.

Password/wordlist

Brute force, even though it’s gotten so fast, is still a long way away from cracking long complex passwords. That’s were word lists come in handy. It’s usually the crackers first go-to solution, slam a word list against the hash, if that doesn’t work, try rainbow tables (if they happen to have the tables for that specific hash type), and then the full on brute force. Some would say those first two steps are reversed, and it really is the choice of the the person doing it and the word lists they have to work with.

Matt Weir and company created a cool tool that has the best of both worlds, Dictionary based Rainbow Tables with Dr-Crack, which you can find here:

http://reusablesec.googlepages.com/drcrack

But, back to the reason of this post, word lists. Where do you get them? Here are a couple of my favorite places in no particular order:

http://www.packetstormsecurity.org/Crackers/wordlists/
http://www.theargon.com/achilles/wordlists/
http://www.openwall.com/wordlists/
http://www.outpost9.com/files/WordLists.html

I like to keep 3 size word lists:
1. small and fast: usually based on the output of one of the tools i’m about to tell you about
2. medium: this is my custom list that I add passwords I find / crack and generally think are good to add. I’m pretty picky about what goes into this list
3. huge: any wordlist I come across gets added to this list, it gets sorted and uniqued and restored

Now the two tools that I like for the small list is are CeWL and wyd

CeWL – http://www.digininja.org/projects/cewl.php
Wyd – http://www.remote-exploit.org/codes_wyd.html

They have some very similar lists of features, your mileage may vary. But they basically parse files and web pages for words and generate password lists based on the words found.

Simplicity is Security

Per the best of the best in presenting, what breeds a good presentation slide deck? Simplicity

I want to pose a statement. “Simplicity is Security”. The reason I say this is that this day in age, at least in the US, ‘convenience’ is king. And we try to protect those conveniences with ’security’. Let me start over a bit, this train of thought all started when I started to explain the insecurities in WiMAX to my wife. We saw a WiMAX device that plugged straight into your computer. I told her this was bad because by connecting to this you have no barrier between you and the ‘bad guys’ other than possibly the Windows Firewall. Her answer surprised me. ‘So?’ is all she said.

Japan doesn’t use ‘Check Cards’ or even really credit cards for that matter. To get such a card you need to go through a book worth of paper work, so it’s just not ‘convenient’ for most people, so they don’t get them. So guess what? They don’t bank online, and they don’t buy stuff online. I racked my brain to figure out what possibly could be on her computer that a ‘bad guy’ would want. I couldn’t think of anything (maybe you can). The government relies on paper backups of anything electronic (so they hardly make electronic versions). Signatures are based on stamps that are difficult to copy. The worst a hacker could do on her computer is use it as a zombie, and even then, their ISPs detect and disconnect excessive use.

Where did we as “Security Professionals” go wrong? Was it the fat paychecks we wanted? Was it the fear of the ‘underground’? Reality seems to dictate that we will continue on this path from the analog to the digital, from paper and clerks to networks and AI. The question I want to ask you though is; Should we continue down the path of “MORE SECURITY” or should we deviate a bit for simpler, possibly non-technical practices?

In these last two posts you may assume that I favor the Japanese culture and way of life over a US one. You would be mistaken, I simply learn, take the best parts of what I learn, and try to apply them where I can. Learning from others triumphs and defeats, strengths and weaknesses is a basic human function that we a humanoids should embrace.