The Edge of I-Hacked

via HackZine.com.

This site began with a 2008 crowbox experiment, which turned nature’s pests into practical players in society by autonomously training crows to conduct mutually beneficial behaviours with humans.

I did the initial experiment in 2008 in an attempt to teach crows how to live more purposefully for man, so that man would not annihilate the species.

At the time, I taught some captive crows, remotely, through basic operant conditioning, to feed coins into a vending machine so they could get peanuts. The idea is that a group of wild crows would teach other crows, including their offspring, to find the coins and put them into the vending machine to get peanuts. For this experiment, I received coverage all over the globe – from the New York Times, TED.com, Gizmodo and even Oprah covered the experiment!

But now – it’s your turn. The crowbox experiment is open source and this site exists to let the whole world know how to make a crow machine and then share the results.

Download the files, post some questions in the forums, add a page or three to the wiki. The open source crowbox experiment is still in beta, but together we can build it into something great.

Read about how the crowbox works, and see the story of how this whole thing began (below)!

via Gadget Lab from Wired.com.

“There are zillions of people around the world doing this,” says Altman, referring to the swell of interest in do-it-yourself projects and hacking. “It’s a worldwide community.”

At the center of this community are hacker spaces like Noisebridge, where like-minded geeks gather to work on personal projects, learn from each other and hang out in a nerd-friendly atmosphere. Like artist collectives in the ’60s and ’70s, hacker spaces are springing up all over.

There are now 96 known active hacker spaces worldwide, with 29 in the United States, according to Hackerspaces.org. Another 27 U.S. spaces are in the planning or building stage.

Located in rented studios, lofts or semi-commercial spaces, hacker spaces tend to be loosely organized, governed by consensus, and infused with an almost utopian spirit of cooperation and sharing.

“It’s almost a Fight Club for nerds,” says Nick Bilton of his hacker space, NYC Resistor in Brooklyn, New York. Bilton is an editor in The New York Times R&D lab and a board member of NYC Resistor. Bilton says NYC Resistor has attracted “a pretty wide variety of people, but definitely all geeks. Not Dungeons & Dragons–type geeks, but more professional, working-type geeks.”

via The Security Catalyst.

Ernest Hemingway wrote a story in six words when he was challenged to do so:

“For sale: baby shoes, never worn.”

Six powerful words that tell a much deeper story than a simple number count would imply.

Over the past few months National Public Radio has run a series of stories about Smith Magazines Not Quite What I Was Planning: Six-Word Memoirs By Famous and Obscure Writers and Six Word Memoirs on Love and Heartbreak. The first piece ran in January and is available at this link: http://www.npr.org/templates/story/story.php?storyId=18768430. The second ran just before Valentines Day and is available here: http://www.npr.org/templates/story/story.php?storyId=100510986. What was also interesting was that NPR also issued a challenge to their audience to write their own six word stories which is available here: http://www.npr.org/blogs/bryantpark/2008/01/whats_your_sixword_memoir.html.

These two stories and the challenge offered by Smith inspired me to create a few six word stories about security:

Windows Antivirus should always be running.

Don’t forget to update your computer.

Likes to click every e-mail link!

Dan, don’t break the Internet, again.

Once infected, don’t trust your computer.

Computer infected, don’t trust husband’s surfing.

Damn it, Dan, quit breaking DNS.

So, dear reader, now that I have written a few, I’d like to challenge you. Write your own six word stories for security.

Requirements:

Six words exactly

Tells a story about security.

Original works.

Suggestions:

Make the stories personal

Let it flow

Please either post them here or send them to sixwords@genesyswave.com. I am going to compile the ones that I receive as a presentation and possibly go the same way as Smith Magazine and create a book out of them. I will attribute all works to their original author’s, if you want to be anonymous please let me know.

So, get out there and get to writing – really short stories.

fromValleywag

Microsoft announcement tomorrow: No more Seinfeld ads!
Microsoft flacks are desperately dialing reporters to spin them about “phase two” of the ad campaign — a phase, due to be announced tomorrow, which will drop the aging comic altogether. Microsoft’s version of the story: Redmond had always planned to drop Seinfeld. The awkward reality: The ads only reminded us how out of touch with consumers Microsoft is — and that Bill Gates’s company has millions of dollars to waste on hiring a has-been funnyman to keep him company.

Ok, say what you will about the ads: Sure they were

1. About nothing
2. Weird
3. Didn’t sell anything?

But what they did was create buzz.. There are only a HANDFUL of commercials that as I am forwarding through my DVR that I will stop and watch. Previously, only the Apple ads, however lately these new Microsoft Ads finally got this distinction as well.

What these ads did, was get people talking about Microsoft again, I mean think about it — for some reason it is **NEWS** that a company is now longer going to be making an AD. That means the ADs were WORKING.

Oh, for those who follow me on twitter, I do not LOVE VISTA. (But Mojave kicks ass)

Well, I am finally home semi-caught up on sleep so I figured I would post a quick wrap-up of DefCon16.

Defcon16 had a really good schedule this year, and as such I attended some great talks, and some that sounded good that ended up no-so-great. But hey that is pretty much how it always goes. The talks that specifically stick out in my mind are Satan is on my friends list, Sniffing Cable Modems, Shifting the Focus of WiFi Security, Malware Detection through Network Flow Analysis, and Next Generation Collaborative Reversing with IdaPro & CollabReate. If you presented and you didnt make this list dont get all butt-hurt about it — I probably either chose wrong and didn’t go to yours, or was simply too hung over to make it. (or it sucked )

Speaking of hung-over, I always find the most fulfilling side-effect of Defcon to be the social networking. It was wild hanging out & catching up with old friends and meeting a ton of new ones. Whether it was drinking Chimay in the VIP lounge at Body English, bar tending at someone else’s party, watching as my Driftnet wall move from sports and news to strictly PORN during the live podcast at 9:15PM, to watching the most spirited game of “Elevator Roulette” grow from 3 players to 20 after “the incident”, it was awesome partying with everyone like we have known each other for ages.

Speaking of the Podcaster’s Meetup, I got to give it up to Mubix for putting that together. It was cool hanging out with the guys from Network Security Podcast, Sploitcast, Securibit, Pauldotcom and Security Justice. If you happen to catch the podcast, the reason I wasn’t immediately available was because of the very indepth discussion on ozone oxygen replacement I was having with “Platinum”. If you met him you know what I mean — if not just go with it. Oh, also got to shout out to Jur1st for stepping up and talking about HackerSpaces & specifically the CCCKC. If you are in KC and read this kind of blog, you really need to get involved.

The I-Hacked party went OFF! It was a great success, I really got to give it up to the DJ’s: Great Scott!, Paul Vegasbreaks, & XMS you guys made the party! Also got to give a huge shout-out to Graffiti Research Lab for releasing your “L.A.S.E.R.” software! I think everyone who hit our party enjoyed tagging the CTF wall with their own graffiti. If the guy from GRL reads this send me an email (hevnsnt (a) i-hacked dotcom, got something for you.

Not going to give any shout-outs, cause I would hate to miss someone — but for those that hung out with me during DC16, I hope you had as much fun as I did. Oh, and I love my lanyard. (shout! )

Lets end this with some of my favorite quotes from DC16:
“I think someone picked the f**king locks and escaped onto the roof.”
“There were f**king midgets!!!!!!!”
“I need ten VIP passes”
“I’m oldskool ok, I’ve been here since defcon2….call russ”
“mayday naydyallay” (buahhahaha really everything @viperpu twitter’d)
“that sausage ain’t kosher” (wasnt there for that one, but damn thats funny)
and everyone’s favorite: “That was a dick move, but I need WAAAATER”

(more…)

from PodcastersMeetup.com

Well, this year marks the first annual DEFCON Podcaster’s Meetup, and we will be doing it in STYLE. For those of you who made it out to the second annual Podcaster’s Meetup at ShmooCon, we ran into some hitches like sound, but as we grow, so do the problems. Let me start off by telling you some sweet news. We are nailing down time in a SkyBox So we will have plenty of room, piece and quite for recording, and a nice view over the con, plus NO WALKING TO THE PARTY. We will have it right there in the box

To Podcasters,
I need to know as soon as possible how many already are set to go, those intending on getting set up and those who can’t make it. Also, if the idea of getting in free pushes you over the ‘going’ edge, we may be able to work that as well. Also, on that note, please forward this, like a Microshaft chain letter to any other podcasters that may be going, give them my email address so we can start a dialog and work out any kinks in their plans.

To Potential Sponsors,
I have included you in this email because I want you to understand the possibilities of this event. It will be at DEFCON 16. The most well known security / hacker conference. If you want to send fliers, stickers, drinks, money, or prizes, we can work out the details. We will be recording and broadcasting a live show from DEFCON which usually brings in 100 local and up to 500 remote viewers. It is then rebroadcast on which ever podcasters or vidcasters distribution that wants to and that could range from 10,000 to 1 million potential viewers.

As information is updated and confirmations come in, I will be updating the collaboration site: http://www.podcastersmeetup.com/ . Feel free to post or forward this information on to who every you like.

If you would like an account in order to broadcast your presence at the event, please signup and I will upgrade your user level.

For those who may not know: DEFCON 16: August 8-10, 2008

Thank you for your time, and I look forward to hearing from you,
Rob Fuller, a.k.a. Mubix

I-Hacked will be the host for the Podcaster’s meetup, and will be throwing a party later that night.. Any and all are invited. Those I-hacked readers that find us might get something special.

Hate to break it to you guys — pinkthreat is officially off the market.
Conversely –
Hate to break it to you ladies — Subo is as well.

Congats to the Happy couple, PinkThreat & Subo got married on 6/7/8 (chose an easy date to remember). I wish you both the best of luck, you two are perfect for each other. Have “fun” on your honeymoon!

For those going to Defcon16 — make sure to congratulate them.

from InformationWeek

The CIA on Friday admitted that cyberattacks have caused at least one power outage affecting multiple cities outside the United States.

Alan Paller, director of research at the SANS Institute, said that CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. The disclosure was made at a New Orleans security conference Friday attended by international government officials, engineers, and security managers from North American energy companies and utilities.

Paller said that Donahue presented him with a written statement that read, “We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet.”

Information about which foreign cities were affected by the outage and other information related to the attack was not mentioned and is unlikely to be forthcoming, said Paller.

A call to the CIA asking for further comment was not immediately returned.

Donahue said that the CIA had thoroughly weighed the pros and cons of making this information public, according to Paller.

The prospect of cyberattacks crippling multicity regions appears to have prompted the government to make this information public. The issue “went from ‘we should be concerned about to this’ to ‘this is something we should fix now,’ ” said Paller. “That’s why, I think, the government decided to disclose this.”

The delegates at the meeting were sharing data about cyberattacks on critical utilities and resources, and methods of attack mitigation. One topic of discussion was the new SCADA and Control Systems Survival Kit, a document of best practices for SCADA systems. SCADA stands for Supervisory Control And Data Acquisition and refers to devices that control critical infrastructure like power generators, traffic signals, and dams. The security of SCADA systems has been a concern among federal officials for years.

In San Francisco on Thursday, following a private screening of the new documentary The New Face Of Cybercrime, Howard Schmidt, a former Microsoft (NSDQ: MSFT) executive and government cybersecurity adviser, mentioned ongoing concerns about the vulnerabilities of SCADA systems and noted that 85% of the U.S. critical infrastructure is controlled by the private sector. “No one should be minimizing this issue,” he said.

Citing two Government Accountability Office reports on SCADA security, Paller said that people have been adding wireless and Windows to SCADA systems without really thinking about security. “They’re gotten radically unsafe,” he said.

from techcrunch.com

A pact between the French Government, French ISP’s and the local music and film industry will see French users who download material from P2P networks losing their internet access.

French internet users will face a three strikes and you’re out policy, according to the NY Times. Users will receive a warning for each illegal download before losing their service on the third infringement.

French president Nicolas Sarkozy endorsed the deal with rhetoric that is bound to win him an Honorary Life Membership of both the RIAA and MPAA: “We run the risk of witnessing a genuine destruction of culture…The Internet must not become a high-tech Far West, a lawless zone where outlaws can pillage works with abandon or, worse, trade in them in total impunity. And on whose backs? On artists’ backs.”

The Far West of where? Perhaps I’m mistaken in believing that the far East (ie China) is the global hotbed of Internet piracy…or did he mean the wild west? lost in translation perhaps.

An independent authority supervised by a judge will manage the scheme and decide if and when users should lose their internet access.

Not surprisingly the recording and music industry loves the move, with the head of the IFPI (the international recording industry body) John Kennedy telling the Times that “this is the single most important initiative to help win the war on online piracy that we have seen so far..President Sarkozy has shown leadership and vision. He has recognized the importance that the creative industries play in contemporary western economies.”

from arstechnica.com

Over the weekend, a small storm erupted over new legal language that Verizon Wireless is passing quietly on to its subscribers. It appears as though the cellular provider is changing its terms of service to give the company the right to share sensitive calling data with third parties.

At issue is so-called Customer Proprietary Network Information (CPNI) data. While CPNI data does not include explicit information identifying your name and address or your phone number, it does include data on the calls you make and receive, and the services that you may make use of. This includes information about the features of your phone and its capabilities. The data could easily be mined to see what kinds of businesses you call and how often.

Verizon Wireless has been contacting its customers via snail mail to inform them of their intent to share CPNI data with its “affiliates, agents and parent companies (including Vodafone) and their subsidiaries.” The company says that customers who do not want their CPNI data shared need to call 1-800-333-9956 to “opt-out.” Upon dialing the opt-out number, Verizon customers will be prompted for their phone number, billing ZIP code, and last four digits of their Social Security Numbers (in the case of businesses, their Employer ID numbers). Failure to opt-out will be interpreted by Verizon Wireless as “consent” to the company’s data-sharing practices.

Although the Federal Communications Commission has said that it is very concerned about the protection of CPNI data, and is exploring the possibility of strengthening its rules on the issue, Verizon’s opt-out notice appears to fulfill the Commission’s CPNI disclosure requirements.

The Skydeck company blog was the first to suggest that what Verizon wants to do here is use CPNI data to offer targeted advertising. For its part, Verizon Wireless only says that it hope to improve its “services,” but give no concrete examples of what such improvements would look like. Without a doubt, the notice given by the company is extremely vague. Skydeck has a scanned PDF copy available for your perusal.

Verizon Wireless may just be a first mover among other telcos. The race is on in the telecom industry to tap the well of advertising for mobile services, and this opt-out approach is guaranteed to give Verizon a lot of CPNI data to share, an undeniable treasure trove of information for marketers. We don’t envision Verizon selling this data to third parties, using it instead  to build its own analytic advertising system to capitalize on the targeting in-house. The company isn’t likely to broadcast such plans until they are very close to fruition, however.

We will update this story when we hear back from Verizon about this new policy. In the meantime, if you’re a VZW customer and don’t want your CPNI data shared, you know the number to call.