Paul Moreno, an Ecuadoran blogger, discovered a flaw in the country's national online identity database, which he demonstrated by hijacking the identity of President Rafael Correa. He was briefly arrested, but was released after a vociferous Twitter campaign that prompted action from the president, who personally ordered Moreno's release. Moreno triumphantly announced his victory on Twitter.
Citing a Wired story on password security, Moreno set out on Nov. 26 to demonstrate a security flaw in DatoSeguro with an attention-getting proof of concept scheme: accessing President Correa’s account. He began by doxing the president, and once equipped with Correa’s date of birth and a national identification number — obtained via online searches — he had two of the three pieces of information he needed. The third was a set of two numbers from an identity card, which he simply guessed. With that, he had access to Correa’s account.
“Out of curiosity, I noticed one time that the fingertip digits in the IDS are all very similar,” he wrote on his blog. “There’s a V or an E or an A followed by various numbers: V23444 – E5444 and so on…combinations that are very simplistic, apparently. The system asked me for the third and fourth numbers of the fingertip digits. With the first combination, I got the numbers right and my account was created. After verifying the email the system sends, I had access to all Rafael Vicente Correa Delgado’s so-called secure data. It took me about half an hour, maybe less.”
Blogger Jailed After Password-Hacking Ecuador’s President [Wired/Mat Honan]
Amsterdam's Bibliotheca Philosophica Hermetica (AKA "The Ritman Library) houses more ths 25,000 occult texts, covering "Hermetics, Rosicrucians, Theosophy, alchemy, mysticism, Gnosis and Western Esotericism, Sufism, Kabbalah, Anthroposophy, Catharism, Freemasonry, Manichaeism, Judaica, the Grail, Esotericism, and comparative religion."
The queue area at the Haunted Mansion at Disneyland features a row of changing portraits wherein paintings everyday scenes are revealed as sinister and haunted (originally the effect was done with crossfading slide-projectors; now it's done with an amazing, crisp electroluminiscent effect).
This is my last day at my desk until Labor Day: tomorrow, we're driving to Burning Man to get our annual dirtrave fix! If you're heading to the playa, here's three places and times you can find me:
There’s no shortage of stories about the benefits of cannabidiol, that benign (and non-psychoactive) cousin of THC. Some have been using it for years to deal with pain, stress, and sleeplessness. And the more people use it, the more discussion there is about how to use it. While there’s no shortage of quality edibles on […]
Are we done with capsule coffee makers yet? Sure, they’re easy. But they are not so easy on the environment, and it’s debatable whether they actually make a better cup. Luckily, there’s never been a better time to switch back to the good old reliable drip method – especially when drip coffeemakers have quietly been […]
If there’s one thing that stayed consistent through the last decade or so of tech industry turmoil, it’s the love affair between techies and Linux. There’s just a ton you can do with the OS, and its open-source format means you can customize your rig from the ground up. Apparently not content with that level […]