Boing Boing 

Wired News (and Adrian Lamo) report alleged Wikileaks "Collateral Murder" video leaker

Wired News senior editor (and former hacker) Kevin Poulsen and reporter Kim Zetter have unveiled the identity of an Army intelligence analyst arrested over charges that he provided Wikileaks with the "Collateral Murder" video. Snip from the extensive Wired News item:
Brad-Manning-in-uniform.jpg SPC Bradley Manning [ at left ], 22, of Potomac, Maryland, was stationed at Forward Operating Base Hammer, 40 miles east of Baghdad, where he was arrested nearly two weeks ago by the Army's Criminal Investigation Division. A family member says he's being held in custody in Kuwait, and has not been formally charged.

Manning was turned in late last month by a former computer hacker with whom he spoke online. In the course of their chats, Manning took credit for leaking a headline-making video of a helicopter attack that Wikileaks posted online in April. The video showed a deadly 2007 U.S. helicopter air strike in Baghdad that claimed the lives of several innocent civilians.

That "former hacker," now said to be a US government informer, is Adrian Lamo (seen in this photo with Poulsen). You may remember Lamo's name from the big legal case surrounding his break-ins to computer networks at The New York Times, Microsoft, Yahoo!, and MCI WorldCom. He cut a deal with the Feds in 2004 to avoid prison time. He was recently institutionalized with Asperger's (as reported by Poulsen, for Wired), and has previously been accused of stalking a former girlfriend. Mr. Lamo is said to identify himself now as an "award-winning journalist."

The Wired story hit late Sunday. Today, the Defense Department confirmed Manning's arrest and detention in Kuwait over claims he "leaked classified information." Again, from Wired News:

"United States Division-Center is currently conducting a joint investigation" says the statement, which notes that Manning is deployed with 2nd Brigade 10th Mountain Division in Baghdad. "The results of the investigation will be released upon completion of the investigation."
Wikileaks apparently didn't respond to Wired News requests for comment before the story ran, but they did reply publicly to the story on Twitter...

Read the rest

Space Invader war photography

735761258399315.jpg For his latest project, British art director Adam Richardson used Photoshop to superimpose Space Invader characters onto pics he took in Afghanistan and Iraq. Adam Richardson main page via NotCot

Portrait of the blogger as a young D&D addict

Here's a mid-1980s CBC News scare-story about Dungeons and Dragons driving kids to suicide featuring (at 2:49 onwards) me and my classmates (the video is dated 1985, but I'm pretty sure this couldn't have been later than my graduation from Junior High in 1984). Ignoring the crazy-ass fearmongering, it's incredibly nostalgic to see all those kids I grew up with, playing with their minis and rolling their dice.

Dungeons & Dragons D&D Canadian Doc 1985 Part #2 (Thanks, Tim!)

TSA bans snowglobes. TSA, meet Archimedes.

The TSA says you can't carry a snow-globe onto a plane, even if it fits in your freedom baggie, because they can't measure how much liquid it contains, and therefore it must contain more than three oz of potential explosive, um, water.

TSA, meet Archimedes. He lived over 2,000 years ago and figured out how to calculate the volume of a object by measuring its displacement. If you actually believe that 3 oz is a magical high-danger threshold, please consider adding a delightful, hallucinatory element of science to your pseudoscience by putting an Archimedes tank at the checkpoint. It would be a lovely counterpoint to your other scientific tests, such as the ducking stool and the spirit-rattles.


"Snow globes are not permitted to be carried through security checkpoints," said Transportation Security Administration spokesman Dwayne Baird.

The reason is that the globes contain liquids, and TSA rules say that only liquids, gels or aerosols in containers of three ounces or less are allowed through security in carry-on bags...

"I would think they would just say 'no,' because they can't really determine how many ounces are in there," Baird said.

Snow globes? TSA will likely just say 'no' (via MeFi)

XKCD v airport security

In today's XKCD strip, "Bag Check," Randall explores the limits of reason in dealing with airport security.

Bag Check

AES explained by stick figures


If you've always wondered how AES -- the Advanced Encryption Standard, the gold-standard for crypto -- works, and if you enjoy explanations in stick-figure cartoon form, you are in luck, for Moserware's "A Stick Figure Guide to the Advanced Encryption Standard (AES)" is funny, lucid and fascinating.

Moserware: A Stick Figure Guide to the Advanced Encryption Standard (AES) (via Links)

Gadgets used in Garrido property investigation: "ground-penetrating radar," magnetometers

Hunt_at_Garrido_House_in_SEPT330x219.jpg
Authorities are using an assortment of technologies to analyze the contents of property belonging to Phillip Garrido, the accused rapist/kidnapper whose alleged abduction and abuse of Jaycee Dugard is the subject of previous Boing Boing posts. Bone fragments have been found on the patch of land in Antioch where he, his wife, and his victims lived. Along with cadaver dogs, authorities are using "ground-penetrating radar" and forensic archeology tools including magnetometers, in hopes of finding (or ruling out the possibility of) remains of other girls who disappeared around Dugard's age. Here's the website of Bill Silva, an archaeologist assisting in the case. He reported finding an "anomaly in the soil that will require further investigation." Does anyone know more about the specific devices used for this sort of operation? I am interested to know more about the technology involved. Contrary to CSI, none of this is particularly glamorous or fast-paced work.

(PHOTO: Lance Iverson / SF Chronicle. Investigators pore through the back yard of the house next to Phillip Craig and Nancy Garrido.)

Street vendor selling ID cards, Thailand: random road snapshot

baht.jpg

BB pal Sean Bonner is traveling in Thailand, and spotted this street hawker selling fake identification cards. "Check it," he emails, "For the low price of 3,000 baht I could have bought a California Drivers License!" I dig the assortment of press passes. Pick me up one, Sean, but make sure mine also has the bald white dude's photo on it, just like the one belonging to "Miss Heather Roberts," below (click to enlarge). Flickr image link.

Picture 28.jpg

9/11 hoax fools all of Germany

Jesse Brown, a BoingBoing guest-blogger, is the host of TVO's Search Engine podcast.

Here's what DPA, Germany's national news wire reported this past September 11th 10th:

A terrorist attack occurred in the city of Bluewater, California. The suicide bombers were German rappers, the "Berlin Boys".

A half hour later DPA issued a correction: there had been no bombing. The "Berlin Boys" are not a rap group. The city of Bluewater does not exist.

It was all an elaborate publicity stunt to promote the satirical German film Short Cut to Hollywood. Filmmaker Jan Henrik Stahlberg and his team fooled their entire nation by creating fake websites and videos:

Here's the fake city of Bluewater (link).

Here's the fake local Bluewater news station, KVPK (link).

And here are the "Berlin Boys" with their club hit "Hass":

Wired has a detailed report (link).

More on court ruling against Ashcroft and "preventative detention" under Bush administration

Last week, I blogged about a federal appeals court decision which could make former Attorney General John Ashcroft personally liable for decisions leading to the detention of a US citizen as a material witness after 9/11.

John Schwartz at the New York Times has filed a more thorough report than the AP item I blogged. His piece includes details about the Kansas-born man who filed the lawsuit, with representation from the ACLU. Snip:

witness_190.jpg
The lawsuit was brought in 2005 by Abdullah al-Kidd, who was born Lavoni T. Kidd in Kansas and converted to Islam in college. He was arrested in 2003 at Dulles Airport as he prepared to fly to Saudi Arabia for graduate work in Islamic studies, and was held for weeks under a law that allows the indefinite detention of material witnesses to a crime. After his detention, he was ordered to stay with his in-laws in Las Vegas; his travel was restricted over the next year.

Mr. Kidd, who was not called as a witness in the case in which he was detained and was never charged with a crime, sued Mr. Ashcroft and other officials in 2005, challenging his detention as unconstitutional and saying it cost him his marriage and his job. His lawyers argued that he was held as part of a secret Bush administration policy to use the material witness statute as a tool to detain and interrogate people when there was insufficient evidence to charge them with a crime.

Panel Rules Against Ashcroft in Detention Case (NYT)

Nuclear transport trucks in US look surprisingly like regular old trucks

Over at Wired's Danger Room blog, news that an environmental nonprofit has obtained photos of the Department of Energy's "specially designed trucks" used to transport nuclear material around the United States. They pretty much look like any other transport truck, which is a little creepy, considering what they contain while they're rollin' down the highway. Just this week, a similar vehicle carrying missiles overturned -- so, safety concerns are in the air right now. Snip:
BlueTruck1.jpg
"The trucks carrying nuclear weapons and dangerous materials such as plutonium pass through cities and neighborhoods all the time and the public should be aware of what they look like," says Tom Clements of the Friends of the Earth group based in Columbia, South Carolina, which obtained the photos through a Freedom of Information Act request. "Release of these photos will help inform the public about secretive shipments of dangerous nuclear material that are taking place in plain view."
Here's the original news on the Friends of the Earth website.

Gary McKinnon: Wanted, Dead or Alive (Guest opinion/Oxblood Ruffin)

Gary-&-Janis-2.jpg

Above: Gary McKinnon and his mother, Janis Sharp. Below, a guest opinion post by Oxblood Ruffin, a writer and human rights activist based in Munich, Germany.

Gary McKinnon is a Scottish technical expert, or as he is referred to by US federal prosecutors, the perpetrator of "the greatest military hack of all time." This claim is "total fucking bullshit", a phrase common amongst information security professionals.

Although Mr. McKinnon has high name-recognition factor in the United Kingdom he is virtually unknown to the American public. He is a mentally challenged hacker who waltzed through ninety-seven US military Web sites before being caught. Mr. McKinnon was looking for evidence of UFOs. He has Asperger Syndrome, a form of autism. It doesn't make him Rain Man but it does create a different perceptual framework.

Gary McKinnon was arrested in the UK in November 2002 after a thirteen month hacking spree into US military networks. He was eventually caught because he used his own email address to download a program called RemotelyAnywhere. Before the bust McKinnon had been under surveillance by Britain's High Tech Crime Unit. But then he did that, dare I say, retarded thing.

Gary McKinnon left his email address plus a number of taunting messages such as, "Your security is crap" on US military servers. Personally, I think the messages were on the polite side. America's military network security is the cyber equivalent of Swiss cheese. My granny could have pulled off McKinnon's hacks and she was well in the grave before they even transpired. Because remember, if you wanted to intrude into US military sites in 2001 all you had to do was key in: user = guest; password = hello.

And so Gary McKinnon was arrested by the High Tech Crime Unit in Britain. He detailed everything and confessed without an attorney being present. Now bear in mind, this is a guy who has Asperger and didn't fully comprehend the consequences of what he had done. Yet his confession was signed-off on, and the process began.

Read the rest

Did Google Street View spot rapist/kidnapper Garrido?

#9: Garrido's van?

A followup on this earlier BB post about the wacko blog and gadget hallucinations of kidnapper/rapist (now also a murder suspect) Phillip Garrido.

Weighing in on that post, an astute BB commenter noticed that if you do a Google Maps search for 1554 Walnut Avenue, Antioch, CA -- the address of the Antioch home where Garrido detained Jaycee Dugard (and her children, fathered by rape) -- you can see an overhead view of all the tents, tarps and sheds that Garrido's parole officer(s) and local police were too incompetent to bother checking, despite the fact that the guy was a convicted rapist. The overhead view in Google Maps has since been widely reported and blogged, so that's old news 4 days later.

But not this. Check out what another commenter noticed. When you're at that address in Google Maps, switch over to Street View mode. You'll see something chilling. Right in the 1554 Walnut Avenue driveway, you see a beat-up van with a rusty, trashed exterior, and what looks like a man behind the steering wheel. Follow the van.

Read the rest

Lawless Surveillance, Warrantless Rationales (a critique of Obama continuation of Bush policies)

Over at The American Constitution Society for Law and Policy website, Electronic Frontier Foundation Legal Director Cindy Cohn writes about the so-called Presidential Surveillance Program, the "still-shadowy set of programs that spy on Americans in America without any probable cause or warrant." The EFF, as regular BB readers know, has fought this program for several years now -- in 2006, it filed suit against AT&T for providing the NSA with direct access to its database of communications records. Snip from Cohn's essay:
domesticsyping.jpg
While the details are unknown, credible evidence indicates that billions of everyday communications of ordinary Americans are swept up by government computers and run through a process that includes both data-mining and review of content, to try to figure out whether any of us were involved in illegal or terrorist-related activity. That means that even the most personal and private of our electronic communications - between doctors and patients, between husbands and wives, or between children and parents - are subject to review by computer algorithms programmed by government bureaucrats or by the bureaucrats themselves.

It's a bizarre turn of events, these unwarranted general searches. Our country was founded on the rejection of "general warrants" - pieces of paper that gave the Executive (then the King) unchecked power to search colonial Americans without cause. The Fourth Amendment was adopted in part to stop these "hated writs" and to make sure that searches of the papers of Americans required a probable cause showing to a court. The warrantless surveillance program returns us to the policies of King George III only with a digital boost. It subjects a huge number our daily digital papers to threshold surveillance, then adding subsequent, more intrusive warrantless surveillance if faceless government computers and bureaucrats determine that our communications or communications patterns merit further scrutiny.

Both Yoo and Hayden draw from a similar bag of tricks to defend the surveillance programs, including claims that there was a "gap" between our domestic surveillance and our foreign intelligence surveillance.

Lawless Surveillance, Warrantless Rationales (via Rebecca McKinnon)

A kinder, gentler rendition under Obama

This week, we learned that the Obama administration will continue the Bush administration's practice of relocating war-on-terror detainees to other countries for offshore imprisonment and interrogation, with promises that their treatment will now be more closely monitored to ensure that they are not tortured. Human rights advocates condemn the decision as an extension of a program that creates conditions in which abuse is likely to flourish with impunity. U.S. Says Rendition to Continue, but With More Oversight (NYT).

The news came on the same day the ACLU released documents obtained under a Freedom of Information Act request which detail acts of torture committed against detainees held by the United States, domestically and in overseas "black sites."

In related news, the ACLU is protesting an agreement between the US and Britain which may lead to hacker Gary McKinnon being extradited to the US, after he penetrated the defenses of poorly secured US Government computers. According to reports, McKinnon suffers from Asperger's Syndrome, and has testified that he was searching for evidence of extra-terrestrials and UFO activity.

US Senate cyber security bill sparks debate, "internet takeover" fears

Picture 15.jpg

drudge-siren.gif
Well, this little viral number didn't take long to become the stuff of screaming Drudge sirens. So, over at CNET, Declan McCullagh wrote about an update to a cybersecurity bill that first circulated this spring. In his interpretation of the bill (which I haven't read in entirety, full disclosure), Declan says the bill gives the White House new power to unplug private-sector computers from the Internet in the case of national emergency. Snip:
[Critics of the earlier bill are] not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft of S.773 (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.

The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

Bill would give president emergency control of Internet (CNET).

Commenting on this article, ZDNET's Sam Diaz argues that the White House is not equipped to hold the keys (where are these magical keys, btw?). "The argument that the government is ill-equipped and shouldn't be trusted with the such far-reaching power is no joke."

At the Atlantic, Mark Armbinder counters that Skepticism [is] Warranted -- But Nuance Needed.

A few things to keep in mind. One: the president already has the authority to shut down parts of the Internet in emergencies.

Read the rest

REAL ID reincarnated with a new name: "PASS ID"

Snip from a news item posted to the EFF's Deep Links blog by Richard Esguerra:
In February, opponents of REAL ID were given a bit of hope when Homeland Security Secretary Janet Napolitano said that she wanted to repeal the REAL ID Act, the federal government's failed plan to impose a national identification card through state driver's licenses. But what has taken place since is no return to sanity, as political machi nations have produced a cosmetic makeover called "PASS ID" that has revived the push for a national identification card.

The PASS ID Act (S. 1261) seeks to make many of the same ineffectual, dangerous changes the REAL ID Act attempted to impose. Fundamentally, PASS ID operates on the same flawed premise of REAL ID -- that requiring various "identity documents" (and storing that information in databases for later access) will magically make state drivers' licenses more legitimate, which will in turn improve national security.

PASS ID: REAL ID Reanimated (EFF Deep Links)

Some helpful background on REAL ID in the Wikipedia subject entry.

Profiteering torture teachers modeled US techniques after those of Chinese Communists

mitchelljess.jpg
In today's New York Times, an article about psychologists Bruce Jessen (L) and Jim Mitchell (R) -- two military retirees with no Al Qaeda expertise, foreign language skills, or experience in conducting interrogations. Their lack of experience didn't stop them from pawning themselves off as top architects of America's "war on terror." They sold their psychological credentials and familiarity with the brutal tactics used decades ago by Chinese Communists to the CIA, which in turn paid them millions of dollars as contractors.

The NYT story details how Mitchell and Jessen directed the torture and interrogation of Abu Zubaydah, who was at the time described as "Al Qaeda's No. 3."

In late July 2002, Dr. Jessen joined [Dr. Mitchell] in Thailand. On Aug. 1, the Justice Department completed a formal legal opinion authorizing the SERE methods, and the psychologists turned up the pressure. Over about two weeks, Mr. Zubaydah was confined in a box, slammed into the wall and waterboarded 83 times.

The brutal treatment stopped only after Dr. Mitchell and Dr. Jessen themselves decided that Mr. Zubaydah had no more information to give up. Higher-ups from headquarters arrived and watched one more waterboarding before agreeing that the treatment could stop, according to a Justice Department legal opinion.

The torture biz worked out pretty well for these guys. Million dollar homes, $1,000-2,000 per person per day from the CIA, even spinoff startups -- one bizarrely named "Wizard Shop." As one person familiar with their pay arrangements told Vanity Fair in 2007, "Taxpayers [were] paying at least half a million dollars a year for these two knuckleheads to do voodoo." More from today's NYT story:
Dr. Mitchell could keep working outside the C.I.A. as well. At the Ritz-Carlton in Maui in October 2003, he was featured at a high-priced seminar for corporations on how to behave if kidnapped. He created new companies, called Wizard Shop, later renamed Mind Science, and What If. His first company, Knowledge Works, was certified by the American Psychological Association in 2004 as a sponsor of continuing professional education. (A.P.A. dropped the certification last year.)
2 U.S. Architects of Harsh Tactics in 9/11's Wake (Scott Shane / NYT)

Related research: "Educing Information,"a 2006 report by top interrogation experts that examined which methods work in interrogations. The report effectively debunks Mitchell and Jessen's credentials and torture techniques. PDF of report, and FAS.org post about the document.

Related news items:
* Waterboarding, Interrogations: The CIA's $1,000 a Day Specialists (ABC News)
* Rorschach and Awe (Vanity Fair)
* The CIA's torture teachers (Salon)
* Senate probe focuses on Spokane men (Spokesman Review / WA)
* The Story of Mitchell Jessen & Associates: How a Team of Psychologists in Spokane, WA, Helped Develop the CIA's Torture Techniques (Democracy Now)

(Images courtesy ABC News)

Is this spot on Google Earth a clandestine Burmese nuke facility?

The oppressive regime that controls Burma/Myanmar is in the news this week after yesterday's sentencing of Nobel Peace Prize laureate Aung San Suu Kui over bogus "internal security" crimes. This related item: amateur online spooks using Google Earth have noticed an unexplained formation in the Burmese jungle which some believe may be linked to the state's clandestine nuclear program. Upshot: it's probably not, but that leaves wide room for other possibilities. Please post your most colorful conspiracy theories in the comments.
burmanuke.jpg
The main facility, which measures 82 by 84 metres, can been seen on satellite images published on both Google Earth and Google Maps Earth is showing a mysterious building in Burma's jungle that some commentators think may be linked to activity by Burma's regime to develop their own nuclear weapons like North Korea.

It features a pitched, blue corrugated roof, which, at first glance, makes it look like an over-sized swimming pool. The large industrial complex is located in a rural area of central Burma, east of Mandalay near the town of Pin Oo Lwin.

That's the same zone in which defectors recently told two Australian researchers that the Burmese army had been building a nuclear research and engineering centre with support from North Korea and Russia.

Mysterious Burmese facility revealed on Google Earth (Sydney Morning Herald / Australia)

Twitpocalypse: "Open Source Twitter" proposed as antidote to Twitter's DDOS vulnerability

identica_home.jpg

Twitter and Facebook were paralyzed this past week by DDOS (distributed denial of service) attacks. As I understand it, those attacks are still ongoing. In this Wired Epicenter blog post by Eliot Van Buskirk, open source advocates propose that the only real solution to this vulnerability is to engage in another DDOS: "distributed delivery of service." As Bittorent is to filesharing, the thinking goes, so would an open microblogging network be to 140-character thought-blips.

“The total failure of Twitter during the DDoS attacks highlights the fact that, with Twitter, we're relying on a single service for mass communication of this type,” said open microblogging supporter and Ektron CTO Bill Cava. “Most everyone understands it's ridiculous to expect one service to provide email support to the world. The same is true for micro messaging. The reality is, it can’t and won’t continue this way for too much longer.”

The OpenMicroBlogging standard already exists -- it’s just that Twitter’s not playing along, possibly because it could lose market share if the open standard succeeds before it manages to monetize its service. One platform that adheres to the Open MicroBlogging (OMB) standard is Laconi.ca, an open-source Twitter-style network launched by Status.net on July 2 of last year (others include OpenMicroBlogger and Google’s Jaiku).

Laconi.ca, which seems to have gained more traction than the other two OMB platforms, forms the backbone of Identi.ca — an open-source Twitter clone with features Twitter lacks (image uploading, trackbacks, native video playback, OpenID) that lets you post updates to its own network as well as Twitter and Facebook. Status.net will soon add the ability to follow Twitter and Facebook feeds using the corresponding APIs, so users will soon be able to make Identi.ca their default short messaging communications hub -- even if those services won’t use the open standard.

Open Source 'Twitter' Could Fend Off the Next Twitpocalypse (wired.com Epicenter blog, thanks, Matt Katz)

Twitpocalypse: Best analysis yet of ongoing massive DDOS attacks

twitpocalypse.jpg

From Dueling Analogs webcomic, click here for large size (via Wayne's Friends List)

Pics from a beauty pageant in a Russian women's prison

prison_girls_11.jpg
In what appears to be a beauty pageant held at a prison in Russia, scores of women gather around a makeshift runway in the courtyard as their fellow inmates strut their stuff. I don't read Russian, but the photographs alone tell a great story.

prison_girls_01.jpg
prison_girls_02.jpg
More photos here [via Zaeega (Japanese)]

Pranknet's Skype "phone assaults" detailed, head bully in charge lives with his mommy

tt_photonew.jpg
The Smoking Gun today published the results of a seven-week investigative probe into Pranknet, an anonymous, web-organized group of meanies who pulled a bunch of particularly sadistic phone pranks on businesses and residents throughout the US.

A number of American television news networks have been breathlessly covering Pranknet's hijinks of late. These are the jerks who thought it was funny to call low-budget hotel rooms and convince occupants that they had to break open windows to escape imminent deadly gas leaks, or smash televisions to evade impending doom. As one Fark commenter put it, "I'm not sure who sucks more, the prank callers or the idiots that listen to them and destroy their hotel rooms."

Photo inset at left: 25-year old Tariq Malik, Pranknet's founding bully, pictured in a webcam still taken in his Windsor, Ontario bedroom. I think it's fair to debate whether or not calling Malik a "telephone terrorist" (as TSG does in the headline) is inflammatory and over the top, but I will say this: what he and his anonymous coward buds did was cruel, lame, and could have caused physical injury or loss of life, in addition to the substantial property damage reported.

You can hear a female victim panicking and crying on the recording below.

Malik and his fellow Pranknet anons refer to her as a "crazy bitch," then they whine about how many idle logins are in the chat room with only a few participating in the prank. Other recordings reflect the stronger sort of racist and homophobic language one might find in the dregs of chan. I hope Malik and the perps who helped him get the absolute maximum possible sentences, to be accompanied in prison by cellmates who lack a sense of humor.

But guess what? Like so many anonymous internet bullies, tough-guy Tariq "Dex" Malik lives with his mommy. Snip from TSG:

On July 22, a pair of TSG reporters approached "Dex"'s building at 1637 Assumption Street in Windsor, where he lives in the ground-floor 'B' apartment. Calling to his mother, who was standing near an open living room window, a reporter asked her to summon her son. The woman disappeared into "Dex"'s adjoining bedroom, where the pair could be heard whispering. Despite repeated requests to come out and speak with TSG, "Dex" hid with his mother in his bedroom, the windows of which were covered with plastic shopping bags, a towel, and one black trash bag.

As the sun set and his room darkened, "Dex" did not reach to turn on a light. The notorious Internet Tough Guy, who has gleefully used the telephone to cause all kinds of havoc, was now himself panicking. He had been found. And, as a result, was barricaded in Pranknet World Headquarters with his mom, while two reporters loitered outside his window and curious neighbors wondered what was up. That's when the online outlaw came up with a plan. Tariq Malik, the 25-year-old founder and leader of Pranknet, decided to call the police.

Telephone Terrorist: Outing An Online Outlaw (smokinggun.com)

"Smart Parking Meters" not as smart as the hackers who pwn them

smartmeters.jpg

A group of tinkerers and security researchers announced findings that prove it is possible to bypass the controls of "e-meter" parking meters -- which means it's possible to park for free where such meters are in use. The group announced their findings last week at the 2009 Black Hat Briefings in Las Vegas. Snip:

Throughout the United States, cities are deploying "smart" electronic fare collection infrastructures. In 2003, San Francisco launched a $35 million pilot program to replace approximately 23,000 mechanical parking meters with electronic units that boasted tamper resistance, payment via smart card, auditing capabilities, and an estimated $30 million annually in fare collection revenue. Other major cities, including Atlanta, Boston, Chicago, Los Angeles, New York, Philadelphia, Portland, and San Diego, have made similar moves. This presentation details our evaluation of electronic parking meters, including hardware disassembly, smart card protocol emulation, and silicon die analysis.
Slides and presentation: Smart Parking Meters: Grand Idea Studio.

News coverage: CBS, PC World, Venturebeat, internetnews, infoworld, CNET (thanks, Jake Appelbaum).

Vanish: self-destruct your own data

20090720_pid50974_aid50973_vanishlogo_w600.jpg

The Vanish project proposes to give web users control over the lifespan of the data they post online, or to cloud computing services. Vanish encrypts your data, and all of it, even cached or archived chunks, become "permanently unreadable" at a date of your choosing, without any action on the part of the service provider or end-user.

For example, using the Firefox Vanish plugin, a user can create an email, a Google Doc document, a Facebook message, or a blog comment -- specifying that the document or message should "vanish" in 8 hours. Before that 8-hour timeout expires, anyone who has access to the data can read it; however after that timer expires, nobody can read that web content -- not the user, not Google, not Facebook, not a hacker who breaks into the cloud service, and not even someone who obtains a warrant for that data. That data -- regardless of where stored or archived prior to the timeout -- simply self-destructs and becomes permanently unreadable.
Vanish: Self-Destructing Digital Data. See also this related University of Washington press release. Vanish authors: Roxana Geambasu, Yoshi Kohno, Amit Levy, Hank Levy.
(via Jake Appelbaum)