June 20th, 2014 by Michael Sauers

The beauty of hackers, says cybersecurity expert Keren Elazari, is that they force us to evolve and improve. Yes, some hackers are bad guys, but many are working to fight government corruption and advocate for our rights. By exposing vulnerabilities, they push the Internet to become stronger and healthier, wielding their power to create a better world.

Published on Jun 10, 2014

Posted in Internet, video Tagged with: , ,

November 13th, 2013 by Michael Sauers

Adobe logoThe folks at LastPass have a simple way to search the database of hacked passwords (and password hints) released by the recent Adobe hack. Please check, and change accordingly. (Mine was and I did.)

Posted in Internet Tagged with: , , , ,

August 30th, 2013 by Michael Sauers

A film about the world’s largest hacking convention and its 20th year running. Filmed over the summer of 2012 and containing hundreds of hours of interviews, parties, presentations and spectacle. Over 280 hours of footage was recorded in support of the documentary, and five separate camera crews were in action.

Directed by Jason Scott with camerawork by Eddie Codel, Alex Buie, Drew Wallner, Rick Dakan, Steve Fish, Kyle Way and Rachel Lovinger.
Produced by Jeff Moss and Russ Rogers.

(This was a bit too racy at times to post on the office blog, so I’m posting it here instead.)

Posted in Tech, video Tagged with: , ,

June 10th, 2013 by Michael Sauers

If you have ever felt overwhelmed by the ubiquity of McDonald’s, this stat may make your day: There are more public libraries (about 17,000) in America than outposts of the burger mega-chain (about 14,000). The same is true of Starbucks (about 11,000 coffee shops nationally).

“There’s always that joke that there’s a Starbucks on every corner,” says Justin Grimes, a statistician with the Institute of Museum and Library Services in Washington. “But when you really think about it, there’s a public library wherever you go, whether it’s in New York City or some place in rural Montana. Very few communities are not touched by a public library.”

In fact, libraries serve 96.4 percent of the U.S. population, a reach any fast-food franchise can only dream of. On a map, that vast geography looks like this:

Library Map

Grimes built that map this past weekend during the National Day of Civic Hacking, using the agency’s database of public libraries. Each of those dots refers to an individual branch library (and a few bookmobiles), out of a total of 9,000 public library systems.

Read the full article and view the interactive maps @ TheAtlanticCities.com. (Thanks dad!)

Posted in Libraries Tagged with: , , , ,

April 9th, 2011 by Michael Sauers

067/365 nook colorBack on March 7th I received the nook color that I’d purchased from Barnes & Noble via eBay. Why eBay? Well, there was this $50-off coupon and it was from Barnes & Noble’s eBay account so the total price was a mere $200. Considering I had no intention of keeping it as just an eReader this was finally a deal on such a device I couldn’t pass up.

Knowing that I had several co-workers that wanted to see how the nook color worked, I charged it overnight and brought it into the office the next morning for a little show & tell. We played the video that demonstrated its features and I registered the device using my B&N.com account. Overall everyone seemed impressed with its functionality as an eReader. Once the show & tell was over, it was off to the fun stuff.

First I updated firmware to version 1.1.0. This was important so as to make sure I had the latest version of the nook software and the underlying android operating. I then proceeded the root the nook using Auto-Nooter. This involved downloading an .iso file and writing it to a microSD card making the card bootable. I then inserted the card into the nook and booted up. Within just a minute or two my nook was rooted and I started installing apps.

068/365 Rooted nook colorSo, what do I now actually have as a result of this process. First, I still have all of the built-in nook color software. So, if you have any experience with an un-rooted standard nook color, mine works just the same. However, due to my having rooted the nook I now also have full access to the Android Market and can install pretty much any app I want, including the ebook apps from most other vendors. (I could have gone on to completely install a different version of Android but I stopped here so as to keep the built in nook functionality of the device.)

Overall I’ve been completely happy with the nook color as an android tablet. Suddenly, my Droid feels really small, especially when playing games like Angry Birds. But there are some issues:

There are some built-in “downsides” such as the fact that it’s WiFi only, there’s no camera , and it’s an earlier version of Android. Which one is not completely clear but it’s definitely not Gingerbread and probably not Froyo. (Best guess is that it’s Eclair.)

Stock photo, not my nookProbably due to the fact that it’s an older version of Android there are certain apps that just won’t work. Those that I’ve found are the Borders & Kobo reader apps (a well known issue), the Remember the Milk won’t sync (though I sort of solved with ToDo Today but that only shows today’s and overdue tasks), SplashID, my password storage program won’t sync with my desktop computer and the remote access app PhoneMyPC won’t connect to my desktop. These aren’t insurmountable problems. In each case, these apps work on my phone and the chances of me having my nook but not my phone are pretty much nill

There’s also a particular quirk that took me a while to solve. Android pretty much assumes that your device will have a few hardware buttons, mainly back and home. Trouble is, the nook only has one button “n” and that always takes you to the nook eReader home screen. This generally isn’t a problem by every once in a while with certain apps (such as viewing a photo via Dropbox) you end up in an alley where the only way out (a hardware back button) doesn’t exist. It turns out that part of the rooting process installs the SoftKeys app which, when run, adds an on-screen button that gives you on-screen hardware-eqsue buttons. Unfortuantely there’s no way that I know of to get SoftKeys to run at boot but I don’t need it all that often. When I do I just head back home, run SoftKeys, then get myself back to the app that has me stuck.

logoSo, how is is the nook color as an eReader? Well, I must say that I’m impressed. The backlit LCD screen is sized around a trade paperback and looks generally butter than eInk in my experience. The screen does have a glare and it’s a bit heavier than I’d like but it gets the job done. I can easily sideload non B&N content via direct drag & drop in the desktop OS or via Calibre yet sometimes sideloaded covers aren’t displayed. The only other annoyances are that there’s no social sharing unless it’s a B&N purchased book and samples downloaded from B&N are only removable via the B&N site. Again, just minor annoyances to me.

As to battery life, it’s been lasting me a good two-three days under moderate use.

Ultimately, I think it’s the best Android tablet out there without spending at least double the price. And this even this article from WSJ.com agrees with me: ROI: The $200 Tablet Computer.

If there’s something else you’d like to know that I missed, feel free to leave a comment and I’ll do my best to answer your questions.

Posted in 1 Tagged with: , ,

April 25th, 2008 by Michael Sauers

Dr. Thomas J. Holt, University of North Carolina, Charlotte

  • digital crime markets
    • problem is increasing
    • also becoming more complex
  • criminological research
    • little research has been done
    • few studies have explored malware and hacker community in their own words
  • online resources
    • blogs
    • forums
    • this study focuses on Russia & China
    • not using their real handles
  • data & methods
    • qualitative analysis
    • identify 2 via snowball samples
    • qualitative analyses of open source materials online
    • linguists involved
  • RUSH
    • malware writer and hacker in Moscow
    • skilled individual
    • possible emotional problems
  • RUN
    • close associate of RUSH
    • skilled hacker
    • CS major at a Moscow university
    • may have minor health issues
    • loves his cat
  • Black Hat Gang
    • both RUSH and RUN belong
    • no stated political or financial agenda
    • provide a justification for their activities
    • rush & ru seem to have dif levels of productivity
    • have worked together
    • Chinese national in Jinzhou
    • does not specify his motives but gives Chinese perspective
    • actions are somewhat contrary to his words
    • young student but doesn’t enjoy school
    • likes girls & posts comments about love & relationships
    • associate of SAINT
    • difficult to gage his skill level
    • may be a script kiddie
    • is a student
    • may also have emotional issues though no specific reasons given
  • Hack Crew
    • SNAKE & SAINT are members
    • covert security technology group
    • criteria for membership
    • roles listed for members
      • SNAKE is a cracker
      • SAINT is a hacker/cracker
    • not clear how skilled group is as a whole
  • Discussion
    • all extremely interested in tech
    • variation in skill levels
    • justify what they do as education
    • some evidence of depression & substance abuse
    • variation in information provided
    • public & private resources needed to get mroe info
    • further research needed

Tagged with: ,

April 25th, 2008 by Michael Sauers

Jamison Scheeres, Air Force Institute of Technology

  • what is social engineering
    • techniques to manipulate people
    • also shoulder surfing
    • also dumpster diving
    • trick someone into doing something
  • huge threat in today’s environment
  • red teams say SE is 100% effective
  • current defensive techniques are not effective
  • research
    • successful SEs are not caught
    • classification issues
    • ethical issues in deceiving subjects
  • psychological triggers
    • authority
    • reciprocation
    • strong affect (phishing)
    • overloading (buffer overflow for humans)
    • deceptive relationships
    • integrity/consistency
  • principles of persuasion
    • authority
    • consistency
    • liking
    • reciprocity
    • scarcity
    • social proof
  • resistance to persuasion
    • inoculation theory
    • self-efficacy
    • forewarning
  • “dispelling the illusion of invulnerability” (2002, Sagarin)
  • methodology
    • compared psych triggers to principles of persuasion
    • determine relationship between illegitimate persuasion & social engineering
  • military vulnerable to authority due to strict hierarchy of authority
  • conclusions
    • strong relationship between principles and triggers
    • illegitimate persuasion = social engineering
    • been trying to install resistance in the wrong way
    • solution is to demo to the individual they are personally vulnerable
    • security people must social engineer their people
  • future research
    • develope measurement
    • compare/validate various means of resistance training

Tagged with: ,

September 10th, 2007 by Michael Sauers

Jeff Atwood over at Coding Horror has posted about something called Rainbow Tables. Now, I don’t want to turn this blog into a discussion of encryption so let me boil it down for you.

Windows passwords are stored in an encrypted format known as “hashes”. When you enter your password, Windows encrypts it for you and compares it to the stored hashed version. If it matches, you’re let in. If it doesn’t you’re not. There’s no way to decrypt the hashed version of your password in any reasonable amount of time, if at all, and is therefore considered a secure method of storage.

The problem now is that you can get a database of pre-hashed content. Known as rainbow tables, these are basically a table with just two columns, first column, a word (or other combination of letters) and in the second, the matching hash. Now, if you have a hash, you can look it up in the table and see what the original password is. In other words, it’s not decrypting the hash, its hashing all possible passwords in advance.

This is such a simple hack. So, why is it coming to light now. Well, the problem is large-scale portable storage. In the past, tables such as these were considered to big to bring to the computer you’re trying to hack. But these days, a 1GB flash drive would allow you to carry a rainbow table that covered all conceivable passwords between one an 14 characters in length, containing just English letters. Here’s Jeff’s chart showing example storage requirements:

Rainbow Table storage requirements

If you’re suddenly not worried about a Rainbow Table measuring 64BG I’ve got a 500GB portable USB hard drive I’d like to show you.

Here’s the bottom line, in Jeff’s example, the password “Fgpyyih804423” (one that’s probably a hell of a lot stronger than any password you use) was broken in just 160 seconds using a rainbow table.

Tagged with: , , ,

May 9th, 2007 by Michael Sauers

Dude takes the SAT and answers every question incorrectly, on purpose. What a way to hack the system.

Tagged with: