Sequoia, Diebold... what's the difference? None of them are doing their job right.

This is your Sequoia touch-screen voting machine with Pac-Man hacked onto it without disturbing any of the "tamper-evident" seals supposedly meant to protect it from hackers…

Apparently, they put tamper seals on the ports and plugins, but NOT the case itself. Therefore, the university was able to just dismantle the machine and connect on the inside instead. Pathetic attempt Sequoia, just pathetic.

Source

For anyone who's participated in forums, online games, or any other system where you can communicate with random strangers, you've probably encountered people who make you angry. Some are just people who you don't get along with legitimately, and some are "trolls"; people who toy with others for their amusement.

What makes people trolls is generally the anonymous nature of the Internet. Sadly, this is often a perceived anonymity only. Just yesterday, I found a post I didn't agree with and wanted to comment on it. Since the author had locked comments, I did a little web research and found her real name, school, e-mail address, and other sites she posted to. I was only looking for some means to contact her, but the information was fully filled out on these sites with no protection at all.

Imagine her shock to find out how easily she was found (and to be honest she called me quite a few names at first though we did have a good conversation after that).

Sadly, most people don't realize how difficult it is to be truly anonymous. The only things keeping you safe in many cases is that you've never given anyone enough reason to look you up. And now we get to the real story.

Online games can be tense and frustrating. For example, the first time I played an online competitive game, I was completely crushed in seconds and insulted repeatedly for my efforts. I chose to stick with offline gaming but others weather the storm and build their skills to the point they can keep up and even be good enough to win.

However, there are just going to be times that someone is better than you. That's frustrating enough, but when they're rude and insulting, it can be maddening. And for context, understand that the people who are the rudest are often younger males who believe they don't have to "pull any punches" since they don't have to face the consequences of their actions (an idea that was excellently portrayed in Disney's Pinocchio).

My point is, this kid was being an ass with abandon. What was his opponent going to do? Hunt him down and hurt him? Turns out the answer was yes.

And believe it or not, there's a lot of support for the attacker online. The sad fact is that there are still consequences for what we do, even if we're online. Similar to the adive every parent must give to their children of how posts last forever, we must also teach our kids not to draw undue agression. After all, how do you know whether the person you're "Teabagging" has the ability and desire to come after you in person?

So yesterday, we learned that OnStar tracks you even if you're not a customer and today, we learn that Facebook will track and monitor your web usage without your knowledge or permission… even if you're not logged in.

The social network is quietly retracting a cookie that continued to report your Facebook user ID even after you "logged out" of the site. But it's not sorry about five other cookies that persist after you sign off. What, you didn't think Facebook would ever let you actually for real seriously 100 percent sign out, did you?

Remember, you're not Facebook's customer, you're cattle. These kinds of issues will never stop so if you aren't using special software to counter Facebook's nastier sides, you're at a disadvantage.

As if we didn't see this coming

So all that time I spent warning people about OnStar seems to have been completely justified.

OnStar was recently admonished by several senators for its plan to spy on people (even non-customers).

OnStar is apparently hoping to create a new revenue stream by collecting data about the movements of OnStar-equipped cars. Obviously, this data set will be more comprehensive—and, therefore, more lucrative—if it includes data from former OnStar subscribers as well as current ones. In an announcement e-mailed to subscribers earlier this month, the company said that, starting December 1, it would continue collecting data from subscribers even after they cancel their service. OnStar also said it reserved the right to sell aggregated and anonymized data to third parties.

Whoever somehow assumed that a big company with the capability of knowing where you are at all times wouldn't abuse that power was pretty short-sighted. Sorry.

Searching...(source)

You can't use rights you don't know about or don't understand. The Electronic Frontier Foundation has posted a summary of your 4th amendment rights to deny the government permission to search you or your belongings (digital or otherwise).

It's good to know what you can and can't do since you should know that even when you've done nothing wrong, you may still get yourself into a lot of trouble if you are careless with your privacy.

If you're with Citibank, then YOU'RE WITH STUPID!

When I teach, I explain how most of the breaches and problems you hear in the world aren't about clever hackers or sophisticated attackers, but instead about weak and pathetic security. This has just become my new go-to example.

Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else's account.

What that means is that if you were to look at the address in your bar at the top of the browser, it contains the name of the website you're on and (as is typical) a whole lot of other junk like this:

http://www.citibank.com/account.asp?were=dumbascrap&we=shouldhaveknownbetter

One of the values in the "lots of other junk" area told Citibank who's account to show. If you just entered any random number, the website would think you were the user with that ID and show you their page. Even when this kind of problem was new over a decade ago, it seemed pretty dumb for major websites to be this sloppy. To think that a site run by such a large (and rich) company would make this kind of mistake would be laughable if it weren't so contemptible.

Citi, TJX wants to thank you from the bottom of their hearts for finally doing something so stupid that we can forget about their horrible mistake (at least just a little).

Source

Photo shamelessly stolen from the source article

I've always thought that prisoners should be made to work to support themselves and others. Maybe the Chinese have hit on something with this:

"Prison bosses made more money forcing inmates to play games than they do forcing people to do manual labour," Liu told the Guardian. "There were 300 prisoners forced to play games. We worked 12-hour shifts in the camp. I heard them say they could earn 5,000-6,000rmb [£470-570] a day. We didn't see any of the money. The computers were never turned off."

The Guardian says that prisoners were beaten if they couldn't make their quota so maybe they're taking it too far, but the idea itself is still sound.

You're kidding, right?

So…

Wait.

What now?

A Yahoo article says that because women's cloths sizing is hard, they're going to nude scan them to figure out what they can wear. Seriously!?

Ms. Shaw, the entrepreneur, is chief executive of a company called MyBestFit that addresses the problem. It is setting up kiosks in malls to offer a free 20-second full-body scan — a lot like the airport, minus the pat-down alternative that T.S.A. agents offer.

Lauren VanBrackle, 20, a student in Philadelphia, tried MyBestFit when she was shopping last weekend.

“I can be anywhere from a 0 at Ann Taylor to a 6 at American Eagle,” she said. “It obviously makes it difficult to shop.” This time, the scanner suggested that at American Eagle, she should try a 4 in one style and a 6 in another. Ms. VanBrackle said she tried the jeans on and was impressed: “That machine, in a 30-second scan, it tells you what to do.”

That's cute. A strip search in the name of getting something to wear? So instead of wasting millions on this disrobing plan, why not standardize women's clothing and use inch measurements like men's clothes? How's that for an idea?

How long until someone hacks these poorly protected machines to record copies of all women scanned and the photos show up on the Internet? Will you put your teenage daughters in them?

This is so, so stupid, I can't believe it's actually true. I really hope this doesn't catch on because if it does, my faith in humanity will suffer yet again.

As anyone who reads much of my site knows, I'm not a fan of how RFID is being implemented. However, I'm not against the technology itself as it has many practical uses. For example, some hotels have begun putting washable RFID in the towels and bathrobes to keep people from stealing them.

Since the RFID towels have no privacy invading purpose at all and serve deter self-entitled punks who think it's ok to take hotel items, I will offer my tentative support for this. The main concern is feature creep meaning that depending how they implement this, they may also know which towels you used and when. I can't really see the hotels bothering to do so, but if they did, that would be crossing the line big time.

Source: http://intransit.blogs.nytimes.com/2011/04/11/gee-how-did-that-towel-end-up-in-my-suitcase/ (H/T to The Consumerist for the link)

Sony has been going crazy trying to keep clever users from unlocking the PS3 to run homebrew (like the Wii hack which I love!).

First of all, companies are trying everything they can, but in the end it won't amount to much. Consider that all it takes is one person anywhere in the world to figure out the encryption codes (not the real name, but it's simpler) who then shares it online (like in this hilarious example where a user tricked a Sony spokesperson into sharing a PS3 related code to his audience of thousands on Twitter!).

And yet companies get increasingly difficult and stupid about trying to protect their games which only makes things harder for the legitimate users (obligatory comic referencing this concept). All I can say is good luck Sony.