Gadgetopia

Bill Gates’ Open Letter to Hobbyists in Homebrew Club: If you ever wondered why Microsoft is so hung up on DRM, here’s a clue. Back in 1976, a young (just 20) Bill Gates wrote this letter to the legendary Homebrew Computer Club complaining that Altair BASIC was being rampantly pirated.

The feedback we have gotten from the hundreds of people who say they are using BASIC has all been positive. Two surprising things are apparent, however, 1) Most of these “users” never bought BASIC (less than 10% of all Altair owners have bought BASIC), and 2) The amount of royalties we have received from sales to hobbyists makes the time spent on Altair BASIC worth less than $2 an hour.

Why is this? As the majority of hobbyists must be aware, most of you steal your software.

And, towards the end:

Most directly, the thing you do is theft.

Via Jeff Atwood who has a longer post about the problem of piracy and how it’s never going to change.

The Facebook Virus Spreads - No Social Network is Safe: A good explanation of what Koobface was doing on Facebook, and a discussion about the new breeding ground for viruses: social networks. Here’s why:

What’s frightening about the spread of this Trojan is not the worm itself - it’s really nothing new in terms of malware - but the way its being spread. Over the years people have learned to be suspicious of unknown links and attachments in their emails, so the virus writers turned to hit us where we’re more vulnerable: on our social networks. Here, many people still have a feeling of comfort and security. They don’t always have their guard up.

Firefox Pirates Take Over Amazon: Piracy is the mother of invention.

An add-on for the Firefox browser called ‘Pirates of the Amazon’ makes it possible to shop at the Amazon store but leave without paying a dime. Instead, on Amazon product pages the add-on integrates links to ‘free’ copies on The Pirate Bay.

Secret Geek A-Team Hacks Back, Defends Worldwide Web: Great little story about the Kaminsky DNS hack. It really helps you understand the gravity of what happened, and what could of happened. Without being too dramatic, the entire integrity of the Internet was at stake. Everything could have come down.

Kaminsky froze. This was far more serious than anything he could have imagined. It was the ultimate hack. He was looking at an error coded into the heart of the Internet’s infrastructure. This was not a security hole in Windows or a software bug in a Cisco router. This would allow him to reassign any Web address, reroute anyone’s email, take over banking sites, or simply scramble the entire global system. The question was: Should he try it?

RAM raiders: inside secrets of the cyber hackers: Here’s a great story about white-hat hackers testing the defenses of Symbolic Motors in the San Diego area. It’s a blast to read, and part of a larger article at the London Times.

He tells me about one of his cases involving Symbolic Motors in La Jolla, California. Symbolic, which supplies Ferraris, Lotuses, Aston Martins and Bentleys to the stars, is arguably the most lucrative dealership in the States. It wanted to find out just how good its multi-million dollar security system was, so Pyr0 and his friends Ryan Jones and Chris Nickerson, who call themselves ethical hackers, went to work.

“First we did a bit of dumpster-diving, looking in their trash, to find out who their computer company was,” says the spiky-haired Pyr0. “Then I paid a visit, posing as one of their technicians and got access to the company’s servers. I secretly installed a wireless network behind a desk while I was there, which allowed Ryan, who was in a car outside, to begin hacking into their computer system remotely.” While Jones was downloading Symbolic’s files — details of sales, prices, film-star customers and so on — Pyr0 was wandering around the building taking pictures. There was no alarm security above the ground-floor showroom and the roof skylights were not alarmed. In the showroom, he worked out the blind spots in an array of motion sensors.

Meanwhile, Nickerson, dressed to kill and posing as a potential customer, was taking pictures with a camera disguised as a Zippo lighter. He stuck a tiny wireless camera on to the back of a Bentley advertising display aimed at the keypad that switched the alarm system on and off. Outside in the car, Jones zoomed in on his computer and captured the code when a member of staff punched it in.

That night, they broke in through the unalarmed skylights, exploited the motion sensors’ blind spots, crawled to the alarm keypad and switched off the system. They opened the showroom doors, drove out a Lotus and returned it, parking it the wrong way round.

It gets better — there’s a video series of the whole thing out on truTV. A little dramatic, but it plays like a spy movie. Four parts, each about 10 minutes. It’s interesting to see how “traditional” computer hacking gets combined with social engineering and straight breaking and entering.

Aussie exposes online poker rip-off: Write online poker software, leave a backdoor…profit!

[…] Michael Josem […] analysed detailed hand history data from Absolute Poker and UltimateBet and uncovered that certain player accounts won money at a rate too fast to be legitimate.

His findings led to an internal investigation by the parent company that owns both sites. It found rogue employees had defrauded players over three years via a security hole that allowed the cheats to see other player’s secret (or hole) cards.

Now the owners of the sites have filed a $US75 million claim against the makers of the software that powers them, claiming they were unaware of the security holes when they purchased the sites in 2006, MSNBC reported this month.

Man’s ‘pants’ password is changed: While this is funny, the important takeaway is that Lloyds apparently stores customer passwords in clear text, which is scary.

A man who chose “Lloyds is pants” as his telephone banking password said he found it had been changed by a member of staff to “no it’s not”.

Reports: Laptop infected with virus on space station: And this is why you don’t use Bonzi Buddy as your auto-pilot.

A laptop on the International Space Station is infected with a virus, according to SpaceRef, a website that covers the space program.

NASA confirmed the report to Wired. A spokesman describes the virus — SpaceRef says it’s W32.Gammima.AG — as a “nuisance” that won’t infect mission-critical computers.

Cyberspace Barrage Preceded Russian Invasion of Georgia: Apparently the actual war in Georgia was preceded by an online war against their network infrastructure.

[…] the Web site of the Georgian president, Mikheil Saakashvili, had been rendered inoperable for 24 hours by multiple D.D.O.S. attacks. The researchers said the command and control server that directed the attack, which was based in the United States, had come online several weeks before it began the assault.

Perhaps this is why the Georgian Ministry of Foreign Affairs started blogging from Blogspot sometime yesterday.

San Francisco’s Mayor Gets Back Keys to the Network: The rogue sysadmin from San Francisco got a meeting with the mayor and finally turned over the passwords to the network.

On Monday afternoon, he handed the passwords over to Mayor Newsom, who was “the only person he felt he could trust,” […]

Childs’ attorney has asked the judge to reduce Childs US$5 million bail bond, describing her client as a man who felt himself surrounded by incompetents and supervised by a manager who he felt was undermining his work.

BlueProximity - GNOME Bluetooth device distance detection and automatic locking tool :-): What a great idea. Of course, I keep my cell phone on my desk or in my coat pocket half the time, so I’m still screwed.

This software helps you add a little more security to your desktop. It does so by detecting one of your bluetooth devices, most likely your mobile phone, and keeping track of its distance. If you move away from your computer and the distance is above a certain level (no measurement in meters is possible) for a given time, it automatically locks your desktop (or starts any other shell command you want).

Once, sure. Twice, Maybe. Three? Four!?!: A good roll-up of news and theories about all the Internet cable cutting going on lately, full of good links.

On a related note, Iran has recently announced plans to move to trade oil with the Euro rather than the US dollar, which will cause further devaluing of the greenback. Saddam Hussein was in the process of doing the same before the US invasion, a decision reversed by the occupying force.

Some are interpreting this as signs of an “info war” […]

There’s also a Wikipedia page.

Scam Czars: What’s Russian for ‘Hacker’?: An interesting article that attempts to explain why so many hackers come from Russia.

Russia has long had a strong system of math and science education, and until the relatively recent upturn in the economy, the multitudes of whiz kids who graduated from its schools often had poor job prospects.

At the same time, they were entering a society that for decades had built up a deep skepticism about the virtues of following the rules. Under Communism, the thicket of strictures that governed almost every aspect of life was considered so inane that only fools were thought to abide by them.

[…] One result was that corruption was rampant in Soviet times, and has endured, if not gotten worse.

Official: International hackers going after U.S. networks: 140 of 194 is…72% of the world, trying to hack our government. Nice.

About 140 foreign intelligence organizations are trying to hack into the computer networks of the U.S. government and U.S. companies, a top counterintelligence official said.

The nation’s electronic systems are too easy to hack, and the number of world-class hackers is “multiplying at bewildering speed,” he said at a symposium on cyber security Friday.

That, he said, has transformed the nature of counterintelligence: “If you can exfiltrate massive amounts of information electronically from the comfort of your own office on another continent, why incur the expense and risk of running a traditional espionage operation?”

Matrix Sequel Has Hacker Cred: An old article, but one I’d missed up until now: apparently “The Matrix Reloaded” contains the rarest of cinematic rarities — an accurate hack attempt.

An Nmap port scan is a common prelude to an intrusion attempt — a way of casing the joint, to find out if any vulnerable service are running.

That’s exactly how the fictional Trinity uses it. In a sequence that flashes on screen for a few scant seconds, the green phosphor text of Trinity’s computer clearly shows Nmap being run against the IP address 10.2.2.2, and finding an open port number 22, correctly identified as the SSH service used to log into computers remotely.

“I was definitely pretty excited when I saw it,” says “Fyodor,” the 25-year-old author of Nmap. “I think compared to previous movies that had any kind of hacking content, you could generally assume it’s going to be some kind of stupid 3D graphics show.”

Here’s an image of the scene.