punk2176 writes "Hacker and security researcher Alejandro Caceres (developer of the PunkSPIDER project) and 3D UI developer Teal Rogers unveiled a new free and open source tool at DEF CON 21 that could change the way that users view the web and its vulnerabilities. The project is a visualization system that combines the principles of offensive security, 3D data visualization, and 'big data' to allow users to understand the complex interconnections between websites. Using a highly distributed HBase back-end and a Hadoop-based vulnerability scanner and web crawler the project is meant to improve the average user's understanding of the unseen and potentially vulnerable underbelly of web applications that they own or use. The makers are calling this new method of visualization web 3.0. A free demo can be found here, where users can play with and navigate an early version of the tool via a web interface. More details can be found here and interested users can opt-in to the mailing list and eventually the closed beta here."
mikejuk writes "Is it possible that we have been wasting our time typing programs. Could voice recognition, with a little help from an invented spoken language, be the solution we didn't know we needed? About two years ago Tavis Rudd, developed a bad case of RSI caused by typing lots of code using Emacs. It was so severe that he couldn't code. As he puts it: 'Desperate, I tried voice recognition'. The Dragon Naturally Speaking system used by Rudd supported standard language quite well, but it wasn't adapted to program editing commands. The solution was to use a Python speech extension, DragonFly, to program custom commands. OK, so far so good, but ... the commands weren't quite what you might have expected. Instead of English words for commands he used short vocalizations — you have to hear it to believe it. Now programming sounds like a conversation with R2D2. The advantage is that it is faster and the recognition is easier — it also sounds very cool and very techie. it is claimed that the system is faster than typing. So much so that it is still in use after the RSI cleared up."
rjmarvin writes "Two developers were able to successfully reverse-engineer Dropbox to intercept SSL traffic, bypass two-factor authentication and create open-source clients. They presented their paper, 'Looking inside the (Drop) box' (PDF) at USENIX 2013, explaining step-by-step how they were able to succeed where others failed in reverse-engineering a heavily obfuscated application written in Python. They also claimed the generic techniques they used could be applied to reverse-engineer other Frozen python applications: OpenStack, NASA, and a host of Google apps, just to name a few..."
Given that we now know that the National Security Agency (NSA) has the ability to compromise some, if not all of VPN, SSL, and TLS forms of data transmission hardening, it’s worth considering the various vectors of technical and legal data-gathering that high-level adversaries in America and Britain (and likely other countries, at least in the “Five Eyes” group of anglophone allies) are likely using in parallel to go after a given target. So far, the possibilities include:
- A company volunteers to help (and gets paid for it)
- Spies copy the traffic directly off the fiber
- A company complies under legal duress
- Spies infiltrate a company
- Spies coerce upstream companies to weaken crypto in their products/install backdoors
- Spies brute force the crypto
- Spies compromise a digital certificate
- Spies hack a target computer directly, stealing keys and/or data, sabotage.
Let’s take these one at a time.
Making and breaking encryption is one of the main roles of a signals intelligence agency. That the National Security Agency (NSA) engages in such activities is not surprising. Aspects of this work aren't even secret: NSA involvement in the development of some cryptographic standards was legally mandated and openly acknowledged.
Aurich Lawson / HBO
This week, as revelations about the extent of National Security Agency (NSA) spying continued to unfold, Ryan Gallagher brought us an article about the types of hardware that agencies outside of the NSA use to gather information from mobile devices. These agencies, which include local law enforcement as well as federal groups like the FBI and the DEA, use highly specialized equipment to gain information about a target. Still, the details about that hardware is largely kept secret from the public. Gallagher summed up what the public knows (and brought to light a few lesser-known facts) in his article, Meet the machines that steal your phone’s data.
The intro for yesterday's video interview with Don Marti started out by saying, "Don Marti," says Wikipedia, "is a writer and advocate for free and open source software, writing for LinuxWorld and Linux Today." As we noted, Don has moved on since that description was written. In today's interview he starts by talking about some things venture capitalist Mary Meeker of Kleiner Perkins has said, notably that people only spend 6% of their media-intake time with print, but advertisers spend 23% of their budgets on print ads. To find out why this is, you might want to read a piece Don wrote titled Targeted Advertising Considered Harmful. Or you can just watch today's video -- and if you didn't catch Part One of our video conversation yesterday, you might want to check it out before watching Part 2.
Charlie Stross really, really hates Microsoft Word. So much so that he's written a 1600-word essay laying out the case for Word as a great destroyer of creativity, an agent of anticompetitive economic destruction, and an enemy of all that's decent and right in the world. It's actually a pretty convincing argument.
This text was originally posted on my personal blog.
A while ago I stumbled upon a talk submission form for an event called The Developers' Conference. It's a gathering of people who want to learn a little bit more about topics like architecture, digital marketing, Arduino and others. Sure enough, games were going to be discussed there too.
The event was close to at least four universities that have game courses, so I thought many young faces would show up. Right after I saw the submission form, I started thinking what I could tell those people that want to be a part of the game developing scene here in Brazil. It didn't take long before I realized I wanted to share with them the things I messed up on the past two years and maybe help them be more aware of some of the tricks you can fall for when you are too eager or too optimistic to do something.
When my talk got accepted I wanted to validate my arguments with other people's own experience. That was something I didn't have time to do and this post is an attempt to fix that. What this post is not, however, is a receipt to follow blindly. Feel free to disagree with me and bring your ideas to the table.
Here's what I've come up with:
The Saturn had a plethora of original Sega titles such as the epoch defining Panzer Dragoon. This PS2 version includes the original Saturn game along with an updated hi-res version along with some bonus extras of artwork and cut sequences in the Pandoras Box - which as the name suggests requires opening. The stirring orchestral score sounds splendid on the PS2 and gameplay is just a refreshing as the Dragoon swoops through beautifully textured valleys, skirting the ravine edge. Whilst gameplay is on the rails the 360 degree firing range makes it feel unrestricted as you fly against hordes of critters to drop them from the sky. The controls remain faithful with the ability to scan around checking for sneaky assailants. Jaw dropping visuals and a story whose threads gently wrap around you before you realise you are cocooned in it. Saturn veterans will lap this up and hopefully the uninitiated will see whats got everyone in a flap.