I believe there is a good case to be made that having lots of cameras in the hands of citizens makes us more, rather than less, safe. Here's how bad it has gotten: Not long ago, an Amtrak representative did an interview with local TV station Fox 5 in Washington, D.C.'s Union Station to explain that you don't need a permit to take pictures there--only to be approached by a security guard who ordered them to stop filming without a permit.

Legally, it's pretty much always okay to take photos in a public place as long as you're not physically interfering with traffic or police operations. As Bert Krages, an attorney who specializes in photography-related legal problems and wrote Legal Handbook for Photographers, says, "The general rule is that if something is in a public place, you're entitled to photograph it." What's more, though national-security laws are often invoked when quashing photographers, Krages explains that "the Patriot Act does not restrict photography; neither does the Homeland Security Act." But this doesn't stop people from interfering with photographers, even in settings that don't seem much like national-security zones.

A freelance photographer who was taking pictures of a BP refinery in Texas was detained by a BP security official, local police and a man claiming to be with the Department of Homeland Security, according to nonprofit news org ProPublica. The photographer was working on a story about multiple large toxic releases at the BP refinery which happened just before the big Gulf oil blowout. From NBC News:

The photographer, Lance Rosenfield, said he was confronted by the officials shortly after arriving in Texas City, Texas, to work on a story that is part of an ongoing collaboration between PBS and ProPublica.

Rosenfield was released after officials looked through the pictures he had taken and took down his date of birth, Social Security number and other personal information, the photographer said. The information was turned over to the BP security guard who said this was standard procedure, ProPublica quoted Rosenfield as saying.

Rosenfield, a Texas-based freelance photographer, said he was followed by a BP employee after taking a picture on a public road near the refinery, and then cornered by two police cars at a gas station. The officials told Rosenfield they had the right to look at the pictures taken near the refinery and if he did not comply he would be "taken in," the photographer said according to ProPublica. Photographer detained by police, BP employee near refinery (NBC Field Notes)

Image: The BP refinery in Texas City, one of the largest in the country, is nearly two square miles. (Lance Rosenfield)

The U.S. Military's new "Cyber Command" logo contains a hidden code. Noah Shachtman at Wired News says, "Help us crack it!"

Related reading today: Bruce Schneier says "The Threat of Cyberwar Has Been Grossly Exaggerated."

Manual Hard Drive Destroyer

Government specifications require that in an emergency situation a hard drive needs to be destroyed so that a person or persons can not spin the drive. This must be done quickly and reliably. The MHDD meets this requirement. It takes less than 15 seconds to destroy each hard drive. All one needs to do is to insert the proper drive height adaptor (if applicable) into the slot and crank the handle 8 rotations. The internal workings of the unit press down on the drive, bending it approximately 90 degrees. The MHDD then pushes the destroyed hard drive out for easy disposal.

• Link (via UNEASYsilence)

The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password “Fgpyyih804423″ in 160 seconds. Most people would consider that password fairly secure. The Microsoft password strength checker rates it “strong”. The Geekwisdom password strength meter rates it “mediocre”.

Why is Ophcrack so fast? Because it uses Rainbow Tables. No, not the kind of rainbows I have as my desktop background.

• Link

Secure Login provides you with a number of Security enhancements and helps protecting you from phishing:

Disabling the prefilling of login forms prevents malicious JavaScript code to automatically steal your login data.
This is due to the fact that no login data is inserted in form fields before the user clicks on the login button or logs in using the keyboard shortcut.
To make sure you login to the right website, the second level domain of the login url is compared to the second level domain of the current page.
If they do not match a dialog prompt is displayed before login.

Secure Login provides you with an optional setting to protect you from all JavaScript code during login.
This can prevent cross-site scripting (XSS) attacks without having to deactivate JavaScript completely.
If you enable this option, your login data will never be inserted in any form fields nor will the login form be submitted.
Instead your credentials will be sent to the login page using internal Firefox methods.
Not all login forms will work this way, e.g. not those using JavaScript routines. Therefore, you can add such websites to an exception list.

• Link (via Lifehacker)

Back in 1985, Wim Van Eck proved it was possible to tune into the radio emissions produced by electromagentic coils in a CRT display and then reconstruct the image. The practice became known as Van Eck Phreaking, and NATO spent a fortune making its systems invulnerable to it. It was a major part of Neal Stephenson’s novel Cryptonomicon.

CRTs are now well on the way to being history. But Kuhn has shown that eavesdropping is possible on flat panel displays too. It works slightly differently. With a flat panel display the aim is to tune into the radio emissions produced by the cables sending a signal to the monitor. The on-screen image is fed through the cable one pixel at a time. Because they come through in order you just have to stack them up. And Kuhn has worked out how to decode the colour of each pixel from its particular wave form.

• Link (via Slashdot)

We are pleased to announce that TrueCrypt 4.3 has been released. Among the new features is full compatibility with 32-bit and 64-bit Windows Vista, support for devices and file systems that use a sector size other than 512 bytes (such as new hard drives, USB flash drives, DVD-RAM, MP3 players, etc.), auto-dismount when a host device (e.g., a USB flash drive) is inadvertently removed, and many more. In addition to new features, there are many significant improvements. Some portions of the TrueCrypt device driver have been completely redesigned and several bugs have been fixed. For a comprehensive list of changes, please see http://www.truecrypt.org/docs/?s=version-history

• Link

The most popular locking mechanism in the world utilizes the pin tumbler design, first developed 4000 years ago in Egypt and then rediscovered and perfected a century and a half ago by Linus Yale. There are billions of these locks in the world and they come in all sizes, configurations, and security ratings. Some are secure; most are not, and even some high security rated cylinders can be easily compromised. All that is required to open many times of pin tumbler cylinders — the kind of lock that probably keeps the bad guys out of your home — is a bump key and a tool for creating a bit of force. The bump key shown above opens an extremely popular five pin lock, and the plastic bumping tool is produced by Peterson manufacturing, although many others are now being offered for sale. With these two cheap implements, anyone — and I do mean anyone — can get into your home or business in a matter of seconds.

• The Lockdown: Locked, but not secure (Part I)
• The Lockdown: Locked, but not secure (Part 2)
• The Lockdown: Locked, but maybe secure (part 1)
• The Lockdown: Locked, but maybe secure (part 2)

Related:

• Locksport International Guide to Lock Picking
• The Document Which Used To Be Called The MIT Guide to Lock Picking

Red Lambda says that cGrid monitors “a large variety of different P2P clients, in addition to other avenues of file-sharing including Windows file sharing, FTP, IM, and others,” and that cGrid does not perform content inspection but instead focuses on the behavior of the protocols being monitored. But the company does not expand on how it differentiates between legitimate uses of those technologies and illegal ones, raising questions of its effectiveness in an academic setting where students may be using P2P and other services potentially flagged by the system for legitimate, academic reasons.

• Link (via Digg)

• Link (via Lifehacker)

• Link (via Digg)

From: Todd Shriber (nascar24_08530@yahoo.com)
To: lyger@attrition.org
Date: Wed, 9 Aug 2006 12:58:29 -0700 (PDT)
Subject: Question for you or other Attrition members

Lyger - I came across Attrition.org for the first
time. I enjoyed the site though I am not an expert
with computers. That brings me to my next point: I
need to urgently make contact with a hacker that would
be interested in doing a one-time job for me. The pay
would be good. I'm not sure what exactly the job would
entail with respect to computer jargon, but I can go
into rough detail upon making contact with a
candidate. Thanks for your help.

• Link (via Boing Boing)
• The entire email exchange is posted here on attrition.org.

Locksport International is proud to provide a simple, visual guide to lock picking. It is our hope that beginners will find this useful in learning the basic skills of picking pin tumbler locks.

• Link (via hack a day)

Everyone wants to be a badass. Whether you want to admit it or not, if you are a self respecting geek, you want to protect your sensitive information in a way so the CIA can’t even read it. You probably wouldn’t look, considering you live in your basement
and don’t have anything to hide besides that gigantic Mountain Dew Machine and the codes for free Whopper Sandwiches. So I’ve looked for you.

• Link (via Digg)

<Elch> You’re a real computer expert
<bitchchecker> shut up i hack you
<Elch> ok, i’m quiet, hope you don’t show us how good a hacker you are ^^
<bitchchecker> tell me your network number man then you’re dead
<Elch> Eh, it’s 129.0.0.1
<Elch> or maybe 127.0.0.1
<Elch> yes exactly that’s it: 127.0.0.1 I’m waiting for you great attack
<bitchchecker> in five minutes your hard drive is deleted
<Elch> Now I’m frightened

• Link (via Digg)

During 2005, bute force attacks on the ssh (secure shell) service became pretty popular. These attacks are based on a rather simple idea: use an automated program for trying, one after the other, many combinations of standard or frequently used account names and likewise frequently used password (e.g.: guest/guest).

Defence methods

There are a number of methods to defend against such brute force attacks. The following list is intended to give an overview of them, and briefly mention their respective advantages and disadvantages.

• Strong passwords
• RSA authentication
• Using ‘iptables’ to block the attack
• Using the sshd log to block attacks
• Using tcp_wrappers to block attacks

• Link (via a thread in the CLUG mailing list)

After about three days, we figured we had collected enough data. When I started to review our findings, I was amazed at the results. Of the 20 USB drives we planted, 15 were found by employees, and all had been plugged into company computers. The data we obtained helped us to compromise additional systems, and the best part of the whole scheme was its convenience. We never broke a sweat. Everything that needed to happen did, and in a way it was completely transparent to the users, the network, and credit union management.

• Link (via Slashdot)

Every original digital picture is overlaid by a weak noise-like pattern of pixel-to-pixel non-uniformity. Although these patterns are invisible to the human eye, the unique reference pattern or “fingerprint” of any camera can be electronically extracted by analyzing a number of images taken by a single camera. Fridrich’s lab analyzed 2,700 pictures taken by nine digital cameras and with 100 percent accuracy linked individual images with the camera that took them.

• Link (via MetaFilter)