Larry Hosken: New: Tag: capabilities

If you lost count of the recent NSA citizen-snooping outrages but figure there are enough to justify nudging your legislators, The Day We Fight Back is a web site to guide you through that.

Permalink
& Comments

Book Report: Exploding the Phone

There are plenty of little articles about phreaking floating around; this book does a good job of pulling lots of little bits together into a flow of history. Along the way, I learned some things. E.g., there wasn't just one famous blind teenaged phone phreak; there were a few (Engressia, Acker, Teresi, Fettgather…).
Back in the day radio stations used to have listening lines, telephone numbers you could call to hear what was being broadcast by the radio station. They were used mostly by advertising agencies to check that radio stations were broadcasting the ads that their clients had purchased.
That was neat: that problem is still around these days, though you're more likely to confirm your ad's playing over the internet than over the phone.

Joybubbles (then known as Joe Engressia) had a presidential speech for a phone phreak club that tech writers or other educational folks can take as a motto: "knowledge shared is knowledge expanded."

You learn a bit about the frustration of telephone company security folks: the uncomfortable switch between cracking down on hardened criminals and investigating folks who are breaking into your systems out of curiosity. Nowadays, most telephone companies and ISPs seem over-eager to cooperate with government spying; you get to see the history of that. There weren't any laws preventing folks from getting past phone system security and thus avoid being billed for calls. While investigating such, the phone company would listen in on calls and figure out that there were listening to, say, a bookie. So they could get the bookie to stop making calls by siccing the police on them, but had to hide the fact that they were eavesdropping on calls.

Permalink
& Comments

Book Report: Liars and Outliers It's a book about security. It's a book about how to think your way through security problems. Not just thinking about where to throw up barriers—also about how to think up policies that won't ...

Permalink & Comments

Book Report: Broken Ballots A few people want to steal elections. A few billion people want fair elections. How do you make an election un-stealable? It's not easy. Elections do't run themselves; we need election officials. Fol...

Permalink & Comments

Book Report: The Tangled Web The Tangled Web talks about why web programming is doomed to be insecure for a long time to come. Nothing works quite right: networks, name servers, OSs, browsers, web servers, headers, cookies, form...

Permalink & Comments

Link: Cosmo, the Hacker "God" Who Fell to Earth This article about an identy thief is pretty amazing. Perhaps 25% of its amazing-ness comes from the story itself: how on earth does a 15-year old kid get so good at navigating bureaucracy that he ca...

Permalink & Comments

Book Report: Digital Forensics with Open Source Tools It's a book about how to look over a hard drive and find out "what happened here?" This is a useful skill for computer security—you might want to figure out how a virus or hacker took over a ma...

Permalink & Comments

Book Report: The Art of Intrusion It's a book of hacker anecdotes. "Kevin Mitnick" is the author name on the cover, but these are stories from other hackers. They're good stories. They're not all true stories; some of them have par...

Permalink & Comments

Book Report: Zero Day Happy USA Buy Nothing Day 2011, aka #OCCUPYXMAS. To celebrate, here's a report on a book I'm glad I checked out from the library: Zero Day. Maybe it's not quite accurate to say "I'm glad I checked o...

Permalink & Comments

Book Report: Fatal System Error It's a book about the era of botnets. It doesn't go into the technical stuff, but comes at the story from the point of view of law-enforcement folks investigating things the old-fashioned way: talkin...

Permalink & Comments

Book Report: Kingpin This book was a tough read, but not for the usual reasons. It's a biography of l33t Hax0r Max Vision. It's good, it makes sense, the facts hold together (better than you can hope for in most technica...

Permalink & Comments

Book Report: Underground I've read a few books about l33t hax0rz; so far, Underground is my favorite. It has short bios of young hackers in the 90s. There were a bunch of networks; there was an Ur-internet rising up above t...

Permalink & Comments

Puzzle Hunts are Everywhere, even Meridian High School in Idaho Tonight I played in a puzzle event. The puzzles were pretty cool! They were designed by Mike Selinker, Thomas Snyder, Tyler Hinman... and maybe others? Eric Harshbarger designed the prizes; he's a ...

Permalink & Comments

Set apartment wifi to password "openopen". Put password in the SSID so neighbors can still use it. Hackers can still snoop, but they'll have to work harder. ...

Permalink & Comments

Book Report: Nmap Network Scanning I just got back from a 9-day tour of various western USA places as the Grand Tetons, Yellowstone, Kodachrome, and Zion National Park. Along the way, I busted my travel laptop, so I haven't been upda...

Permalink & Comments

Book Report: Tetraktys I read this novel because it was recommended via a computer security discussion group at work. That doesn't sound like a good way to make decisions, does it? Oh, Amazon.com recommendations, why do I ...

Permalink & Comments

Book Report: Wiring up the Big Brother Machine Google stopped censoring in China; as a result, more Google search results are censored. The Chinese people can find less stuff now. Why? Because of the "Great Firewall". The Chinese government c...

Permalink & Comments

Link: California Secretary of State on Voting Systems I'm doing taxes today. In my California tax booklet, there's a form asking me if I'm registered to vote. That's great. We citizens are supposed to get angry about taxation without representation. ...

Permalink & Comments

chris451's comment on Caja [Edited to add: If you have questions or concerns about Caja, the Google Caja Discuss group is a good place to ask them.] Since I switched blogging software, people who think they're commenting on m...

Permalink & Comments

Book Report: Between Silk and Cyanide It's the autobiography of the codemaster of the SOE an English spy organization during WWII. Wait! Dont' run away! It's not just math and cryptography and war. There's good stuff in here, too. Th...

Permalink & Comments

OpenID, OAuth, Learning by Gossip Last weekend, I did some programming. Well, not much programming. Mostly I did research preparatory to programming. Well, not exactly research. It was more un-research. I started out learning ho...

Permalink & Comments

Book Report: Security Engineering This book is humongous! It's a survey of security computer engineering. It doesn't go into depth on any one topic, but it's got plenty of breadth. In areas where I already knew something, this boo...

Permalink & Comments

Link: AllMyData I occasionally backed up my files. But it was always ad-hoc: zip up an archive of some files, upload it to my web server. Done by hand when I got around to it (not often). Then there was the time ...

Permalink & Comments

Link: Caja's HTML sanitizer for Javascript [Edited to add: If you have questions or concerns about Caja, the Google Caja Discuss group is a good place to ask them.] When you write a program that's supposed to be secure, you have to plan on ...

Permalink & Comments

Link: Some thoughts on security after ten years of qmail 1.0 This guy Hans Boehm came and gave a talk at work today about upcoming C++ support for threads. That's support built into the language. It sounds like sometime in the next few years, we will have at...

Permalink & Comments

Link: Lectures on Authorization Based Access Control If you're a programmer, you might be interested in watching some lectures about Authorization Based Access Control. Some folks from an HP research lab lectured at the GooglePlex about better & e...

Permalink & Comments

Updates:

Tags