Now on Android: Get the TED app, localized in 20 languages

Seeing faces in the clouds, thanks to facial recognition software

Samsung Announces Mass Production of the World’s Highest Capacity Hard Drive for Mainstream Laptops

Samsung Electronics Co., Ltd., a worldwide leader in digital consumer electronics and information technology, announced the mass production of the world’s highest capacity hard drive for laptops – the new Spinpoint M6, and mass production of one of the world’s fastest laptop hard drives – the new Spinpoint MP2. The Spinpoint M6 features a stunning 500GB capacity and the MP2 has a 250GB capacity operating at a 7,200rpm rotation. Both hard drives are currently shipping. The Spinpoint M6 has a $299 MSRP and the MP2 has a $199 MSRP.

“The Spinpoint M6 is ideal for notebook power users who require vast amounts of storage space for their data, video and music files,” said Hubbert Smith, Director of Storage, Samsung Semiconductor. “The MP2 has speed, features and capacity similar to a 3.5″ hard drive and is perfect for users who require a smaller form factor with advanced data storage needs.”

Size Matters: The 500GB Spinpoint M6 Hard Drive

The Spinpoint M6 fits the industry’s standard 9.5mm height dimension and is armed with a massive 500GB capacity consisting of three 167GB platters, notebook PC manufacturers can integrate the Spinpoint M6 into the tens of millions of notebook PCs that ship every quarter as well as slim form factor PCs and high density mobile applications.

Mainstream notebook PCs can now support capacity of up to one terabyte by employing two Samsung Spinpoint M6 drives. For premium notebook PCs, the Spinpoint M6 meets the Microsoft fast-boot design requirements and supports ramp load and unload of up to 600,000 times.

The Spinpoint M6 500GB hard drive features a 5400rpm spindle speed, a 8MB cache, and 3.0Gbps SATA interface with a Free-Fall-Sensor available as an optional feature. Perpendicular Magnetic Recording technology enables the 500GB drive to store 160,000 digital images, 125 hours of DVD movies, or 60 hours of high definition video images. The drive also features Samsung’s Flying-on-Demand head technology that improves recording stability over changing temperature ranges.

The Need for Speed: Spinpoint M2P Hard Drive

The Spinpoint MP2 is a 250GB 2.5″ hard drive consisting of two 125GB disks. Operating at a 7200rpm rotation speed, the MP2 is ideal for high performance, desktop replacement notebook PCs, and entry-level enterprise applications such as workstations and RAID or blade servers.

In step with the surging growth of multimedia content and the demand for smaller form factor devices, 2.5″ drives meet the stringent environmental demands of notebook PCs and slim form factor desktop PCs. The high performance characteristic of Samsung’s MP2 expands the scope of applications for 2.5″ drives to entry-level enterprise applications.

The Spinpoint MP2 features 7200rpm speed rotation, SATA II 3.0Gbps interface and Native Command Queuing functions for advanced performance. Samsung’s proprietary SilentSeek™ and NoiseGuard™ technologies are incorporated in the drive to offer ultra quiet operation. An optional Free Fall Sensor is also available for data protection in case of any unexpected external impact. The Spinpoint MP2 drive has a 16MB buffer memory and is available in 80GB to 250GB capacities.

World’s fastest Internet connection ‘used to dry laundry’

Last summer a 75-year-old woman from Karlstad became the envy of internet users worldwide.

With her blistering 40 gigabits per second (40GB/Sec) connection, Sigbritt Löthberg had the world’s fastest internet connection – many thousands of times faster than the average residential link and the first time ever that a home user had experienced such a high speed.
So, after nine months with the ability to download a full high definition DVD in just two seconds or access 1,500 high definition HDTV channels simultaneously, how has Sigbritt’s life changed?
Not much, according to Hafsteinn Jonsson, who is heading up the fibre network operation for Karlstad Stadsnät.
"She mostly used it to dry her laundry," he told The Local.
"It was a big bit of gear and it got pretty warm."
Sigbritt’s son, Swedish internet legend Peter Löthberg, was behind the project, which was intended to demonstrate how a low price, high capacity fibre line could be built over long distances. Löthberg has now taken the equipment up to Luleå, in the north of Sweden, for further testing.
"The project was a huge success," said Hafsteinn Jonsson, who explained that his department now measures its history in terms of ‘Before Sigbritt and After Sigbritt’.
"Apart from the death of Ingmar Bergman, this was the biggest story to come out of Sweden in 2007. We used to get all these detailed questions about what we’re working on – now we just mention Sigbritt and everybody understands."
The secret behind the ultra-fast connection is a new modulation technique which allows data to be transferred directly between two routers up to 2,000 kilometres apart, with no intermediary transponders.
According to Karlstad Stadsnät the distance is, in theory, unlimited – there is no data loss as long as the fibre is in place.
Sigbritt may have been denied her world-beating internet link but she still has an admirable 10 gigabits per second connection. And there may be another surprise in store for her.
"We’re considering giving her a 100 gigabits per second connection in the summer," said Hafsteinn Jonsson.
"Then she’ll be able to dry all her neighbours’ laundry too."

Cyberkhan

Voice Over WLANS: The Complete Guide

Voice Over WLANS: The Complete Guide

Michael F. Finneran “Voice Over WLANS: The Complete Guide”

Newnes (November 29, 2007) | ISBN: 075068299X | 400 pages | PDF | 3,2 Mb

Wireless local area networks (WLANs) have traditionally been used to transport only data, but are now being used to carry voice traffic as well as provided new combined voice and data services. Voice over WLANs also offers more flexibility than wired networks (changes to a WLAN dont require changes to installed wiring) and greater capacity than wired networks. This book provides a solid overview of voice over WLANs/VoIP (voice over internet protocol) technology, including voice coding, packet loss, delay and jitter, and echo control. It shows how to combine both WLAN and VoIP technology to create effective voice over WLAN systems.

* Gives complete details on integrating voice and data services on WLANs, including wide area networks
* Explores quality of service (QoS) and security issues
* Step-by-step descriptions of how to plan and implement voice over WLAN networks

Download

Rapidshare

FileFactory

Mobility, Data Mining and Privacy: Geographic Knowledge Discovery

Mobility, Data Mining and Privacy: Geographic Knowledge Discovery

Fosca Giannotti , Dino Pedreschi, “Mobility, Data Mining and Privacy: Geographic Knowledge Discovery”

Springer; 1 edition (January 1, 2008) | ISBN: 3540751769 | 410 pages | PDF | 3,4 Mb

The technologies of mobile communications and ubiquitous computing pervade our society, and wireless networks sense the movement of people and vehicles, generating large volumes of mobility data. This is a scenario of great opportunities and risks: on one side, mining this data can produce useful knowledge, supporting sustainable mobility and intelligent transportation systems; on the other side, individual privacy is at risk, as the mobility data contain sensitive personal information. A new multidisciplinary research area is emerging at this crossroads of mobility, data mining, and privacy.

This book assesses this research frontier from a computer science perspective, investigating the various scientific and technological issues, open problems, and roadmap. The editors manage a research project called GeoPKDD, Geographic Privacy-Aware Knowledge Discovery and Delivery, funded by the EU Commission and involving 40 researchers from 7 countries, and this book tightly integrates and relates their findings in 13 chapters covering all related subjects, including the concepts of movement data and knowledge discovery from movement data; privacy-aware geographic knowledge discovery; wireless network and next-generation mobile technologies; trajectory data models, systems and warehouses; privacy and security aspects of technologies and related regulations; querying, mining and reasoning on spatiotemporal data; and visual analytics methods for movement data.

This book will benefit researchers and practitioners in the related areas of computer science, geography, social science, statistics, law, telecommunications and transportation engineering.

Download

 RapidShare

FileFactory

Hacking Internet Cameras

Do you have an internet camera? Do you broadcast it to be publicly access by the world?, How do you know it is publicly access by others or not?. I do have a webcam. After watching the movie clips by FOX News.

http://www.youtube.com/watch?v=FONb6SfJpSI

I started to grab my webcam manual and see whether there is any function to allow it to be access through a Web Browser. Ha, lucky it was a cheap one, that’s why, is not rich in function. Sometimes is good to have cheap thing.

After watching the clips, my hands feel a bit itching to test it out how to hack internet camera. Seem like the fox news clip is showing us how to hack instead of stopping such behavior.

After pausing and replay the video a few times. I spotted some technique use in the clips. It’s using a Google advanced search operator “inurl”.

I spotted “inurl:/view/index.shtml” and “inurl:/DCS900/Aview.html”. So, I just make a quick search through Google and as a conclusion, most sites are password locked or those if you can view which is eventually ready to be publicly view and Google just can’t find “inurl:/DCS900/Aview.html”. Ermm…maybe Google has taken out the search for “inurl:/DCS900/Aview.html”. Guess I miss the fun. For your information DCS 900 is a DLink network camera, most people just bought it and broadcast it without changing the administrator default password, therefore it can be easily access and being index by Google.

 

I guess that just for DLINK DCS900, how about other brand? I didn’t really check it up, however if you think you are at risk. Just do some Google search operator using inurl.

Here’s 2 to try… You’ll be busy for hours on end….

Google Search Example 1:

Google Search Example 2:

(Copyright by: Millionringgithomepage.com & FOX News)

Cracking Wi-Fi security

Interview WEP is dead – and here’s the proof.

Cracking the Wi-Fi security protocol WEP is a probability game. The number of packets required to successfully decrypt the key depends on various factors, luck included.
 
When WEP was compromised in 2001, the attack needed more than five million packets to succeed. During the summer of 2004, a hacker named KoreK published a new WEP attack (called chopper) that reduced by an order of magnitude the number of packets requested, letting people crack keys with hundreds of thousands of packets, instead of millions.

Last month, three researchers, Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann developed a faster attack (based on a cryptanalysis of RC4 by Andreas Klein), that works with ARP packets and just needs 85,000 packets to crack the key with a 95 per cent probablity. This means getting the key in less than two minutes.

Here’s an interview with the three researchers. All three are studying at Darmstadt University of Technology, Germany. Tews, 24, is a Bachelor student; Pyshkin, 27, and Weinman, 29, are PhD students in Professor Johannes Buchmann’s research group.

How did you develop the attack?

Ralf-Philipp Weinmann: Andrei, Erik, and I share a room. We’ve basically seen Andreas Klein’s RC4 attack in late 2005 when he presented a talk here in Darmstadt at local workshop (Kryptotag).

We didn’t realise the potential of the attack until early 2007 when I realised that apparently nobody outside of Germany was aware of the attack since the preprint was only available in German until then. Erik and I then bounced ideas back and forth about the applicability of the attack against WEP and quickly realised that it was more than an order of magnitude faster than any previous key recovery attack. Erik wrote some code, Andrei improved it.

Simultaneously, we became aware that an improved version of Andreas Klein’s paper had been submitted to the Workshop on Coding and Cryptography, this time in English. First attempts against a demo network showed that the code indeed did work as expected on our side. We began writing the paper and put it on the IACR ePrint server. Simultaneously, Erik released the code for people to verify our results.
What type of speedup does your attack provide over previous attacks?

Erik Tews: The old attack needed between 500,000 to 2 million packets to “work usually”. We (Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann) showed that our attack has a success probability of 50 per cent with 40,000 packets and success probability of 95 per cent with 85,000 packets. So perhaps the speedup is a factor of 15 or so in the number of packets required.

CPU-Time of our attack is about three seconds on a consumer laptop. I think the CPU-Time of the original attack was longer, but could vary very much.

We found out that a rate of about 764 data packets per second can be reached using ARP injection. So to make it a little bit easier for the reader we can say that 60 seconds are enough to collect 40,000 packets and crack the key with a 50 per cent success rate. If the rate of packets is lower, then we need longer.

How does your attack work?

Erik Tews: Step 1: Find the enemy (this is the test-network you created in your lab, to verify our results). You can use kismet or airodump to find it.

Step 2: Generate some traffic. To generate some traffic, use aireplay-ng in ARP injection mode. Aireplay will listen to the network until it has found an encrypted ARP packet. By reinjecting this packet again and again, you will generate a lot of traffic, and you will know that most of the traffic was ARP-traffic. For an ARP-Packet, you know the first 16 Bytes of the clertext and so the first 16 bytes of the cipherstream.

Step 3: Write this traffic to disk using airodump-ng or so. This will create a tcpdump-like capture file with the traffic.

Step 4: Launch our algorithm. You need the aircrack-ptw (by the way, aircrack-ptw has been integrated in the 0.9-dev version of aircrack-ng, which is currently in svn, but not released).

From a theoretical point of view, our algorithm is based on the following ideas. Andreas Klein, a German researcher, showed that there is a correlation in RC4 between Keybytes 1 to i-1, the keystream and the keybyte i. If the keybytes 1 to i-1 and the keystream are known, it is possible to guess the next unknown keybyte with a probability of about 1.36/256 which is a little bit higher than 1/256. We were able to show that it is also possible to guess the sum of keybytes i to i+k with a probability of more thatn 1.24/256.

In a WEP environment, the first three bytes of a packet key are always known and are called IV. Our tool tries to guess the sum of the next 1, 2, 3, … to 13 keybytes for every packet. If enough packets have been captured, the most guessed value for a sum is usually the right one. If not, the correct value is most times one of the most guessed ones.

Aircrack-ptw try to find the key, using this idea described above. If you have about 40,000 to 85,000 packets, your success probability is somewhere between 50 per cent and 95 per cent.

What can affect the speed of your attack?

Erik Tews: There are some keys we call strong keys. A key is a strong key if it has at least one strong keybyte. A strong keybyte is a keybyte which fulfills a special equation or condition. (Equation (10) in section 6.2 in our paper)

If a key has just 1-3 or perhaps 1-4 of these strong keybytes, our attack will still work, but perhaps take some more packets. The probability that a randomly chosen key has more strong keybytes is below one per cent.

Even if a key has the maximum of 12 strong keybytes, our attack can be modified so that it will still work, just need some more cpu-time or packets. This is currently not implemented in our tool, but we know how to fix that and we are going to implement it soon. With our modification, we will perhaps need three to five minutes with an optimal packet rate for a key with 12 strong bytes (this is a guess, hasn’t been exactly tested yet).

What about the keys with a bigger size than 104 bit?

Erik Tews: There are some vendors which implemented a 232/256 bit WEP. I think these keysizes are very uncommon. Currently, only 40/64 and 104/128 bit keys have been implemented.

There are currently some other attacks, which allow us to recover more than the first 16 bytes of the keystream. Combining our attack with these attacks would even allow us to break WEP512. This has not yet been implemented, but could be added in future.

How does your attack performance scale with increasing WEP key size?

Erik Tews: We did only benchmark the 104 bit version of WEP. If just a 40 bit key is used, we know the attack is faster, but we didn’t do exact benchmarks. Perhaps it can be done in 30 seconds if the packet rate is high.

Do 256 bits stop you from using just ARP packets to succeed?

Erik Tews: For an ARP-Response, the first 16 bytes are constant. What follows are IP and MAC-Adresses. These values are not globally fixed, but if the same request is sent again and again, these values will be always the same because the response is the same again and again.

There is another attack called chopchop which should be able to find out what these unknown values are. On the other hand, these values could perhaps be guessed too.

Using such a technique, it should be possible to attack WEP256 too. This is currently not implemented in aircrack-ptw, but could be added easily.

Can’t it be stopped by filtering and/or rate limiting ARP packets?

Erik Tews: If you ratelimit ARP packets, it will just slow down the attack. We think the attack can be modified to work with other traffic than ARP. ARP was just the easiest method to implement and it works very well in a real world environment, because everybody uses ARP.

Can it work in a passive way?

Erik Tews: I will now go a little bit into detail. What we need to perform the attack are a lot of packets where we know the IV (this is transmitted in plaintext) and we need to know a certain part of the keystream. If you know the plaintext of the packet, you can get it by just xoring the plaintext with the ciphertext in the packet.

For an ARP request or response, the first 16 bytes of the plaintext are known, which gives you the first 16 bytes of the keystream.

If X = X[0] || … || X[k] is a keystream, and you are going to attack an i BYTE long WEP key, you should know the keystream from X[2] to X[i+1]. It is still sufficient if you’ve got a method to guess the keystream correct with a high probability, the attack still works if some keystreams were guessed incorrectly. So if somebody writes some code which guesses the plaintext/keystream of usual ip-traffic right, or guesses more parts of the keystream in most of the cases, it would work with longer keys or in a passive way.

Would using WEPplus be better?

Erik Tews: No. WEPplus was originally designed to defend against the so-called FMS attack, an attack on RC4 which was published in 2001. The FMS attack works a little bit differently to our attack. For FMS the IV needs to fulfill a special condition, which is for a 104 bit WEP environment: first byte must be 16 (decimal) and the second one must be 255 (decimal). The third byte doesn’t matter. This is sometimes called the “resolved property”.

WEPplus skips all IVs that match that condition. This makes the original FMS attack impossible. There are some modified versions of the FMS attack which even work if these IVs are skipped.

Our attack is different to the FMS attack. Or attack doesn’t care about this “resolved property”, so filtering out all these IVs shouldn’t change anything. This make WEPplus as attackable as normal WEP.
Your paper states that Linux avoids weak IV and doing so slows your success rate by less than five per cent.

Erik Tews: What we were trying to say was the following. In an old attack on WEP, some “weak IVs” where used. Our attack does not profit from these “weak IVs”, so skipping them won’t protect you.

There is almost no slowdown. If you look at the plot, both lines, the one with the randomly chosen IVs and the IVs chosen by the Linux generator, are nearly identical. Additionally, the Linux generator doesn’t choose IVs randomly and skips the weak IVs, it generates the IVs using a counter.

This results in minor differences, but there is nearly no slowdown if the Linux IV generator is used.

In all previous pages, we assumed that IVs are randomly chosen. We tried to show that this attack even works if IVs are not randomly chosen.

If we have hardware that can’t be upgraded to support WPA, what is the best way to configure it?

Erik Tews: We think that WEP is DEAD now, there isn’t much left to fix. If your hardware cannot speak WPA and you need wireless security, you should replace your hardare (which costs money) or alternatively configure any kind of VPN.
WPA still uses RC4.

Is there any type of attack that could take advantage of your speedup to successfully crack WPA?

Ralf-Philipp Weinmann: Before anybody jumps to conclusions: although TKIP is also based on RC4, keys change per packet (!) for this protocol. From my current understanding one would have to be able to efficiently guess a large part if not all of the per-packet keys with a high probability for multiple packets to invert the key hash and obtain the temporal key [there is work by Havard Raddum on this subject].

Furthermore, the Michael integrity protection, together with the strictly monotonous counter IV in the header, will successfully foil re-injection attacks. While WEP can be seen as an glaring example of how _not_ to design a crypto system, the design of TKIP is sound and was done by actual cryptographers. This doesn’t mean it’s infallible, but it’s a lot better.

TLS and SSH also use RC4 but aren’t affected by Klein’s attack either. Klein’s attack needs multiple key streams encrypted generated by “similar” keys. By similar I mean that keys share a common prefix or suffix. This, however, isn’t the case with these protocols. Both use a hash function (yes, they actually use two, MD5 and SHA1) to generate the session key under which the data is encrypted under. Again, to successfully attack these protocols, you’d need an attack on RC4 that recovered the key for single key stream.

Please note however that RC4 should not be used in future designs. RC4 is a weak algorithm. Distinguishers exist that allow any contiguous RC4 output stream to be distinguished from random [see Golic’s work]. Although these attacks are not practical, remember the old proverb: attacks only get better.

(Copyright by The Register)

Notepad++ 4.7

Notepad++ is a free source code editor (and Notepad replacement), which supports several programming languages, running under the MS Windows environment. It also gives the extra functionality to define a user’s own language for the syntax folding and syntax highlighting. You can print your source code in color. It allows a user to edit the different document in the same time, and even to edit the same document synchronizely in 2 different views. It supports full drag and drop.

The programming languages supported by Notepad++ are:

ASP, Ada, ASCII art, Assembly, AutoIt, BAT, C, C#, C++, Caml, CSS, doxygen, FORTRAN, HTML, Haskell, Java, JavaScript, KiXtart, Lisp, Lua, makefile, Matlab, Objective-C, Pascal, Perl, PHP, PostScript, Python, Ruby, Scheme, Unix Shell Script, Smalltalk, SQL, Tcl, TeX, Verilog, VHDL, VB/VBScript, XML

This project, based on the Scintilla edit component (a very powerful editor component), written in C++ with pure win32 api and STL (that ensures the higher execution speed and smaller size of the program), is under the GPL Licence.

Here are the features of Notepad++ :

• Syntax Highlighting and Syntax Folding

• WYSIWYG

• User Defined Syntax Highlighting

• Auto-completion

• Multi-Document

• Multi-View

• Regular Expression Search/Replace supported

• Full Drag ‘N’ Drop supported

• Dynamic position of Views

• File Status Auto-detection

• Zoom in and zoom out

• Multi-Language environment supported

• Bookmark

• Brace and Indent guideline Highlighting

• Macro recording and playback

Changes in version 4.7:

1. Make the “recovery system” for 3 mandatory xml files (config.xml, langs.xml and stylers.xml) to prevent the fail loading due to the corrupted files.

2. Extend plugin capacity – add the Scintilla external lexer capacity.

3. Add the ability to hide the tab bar with “-notabbar” flag in command line (ie. Notepad style).

4. Column selection is remembered now while switching among the files. As well this settings will be stored in the next session.

5. Add 2 Commends (beside Toggle Comment) Comment (Ctrl+K) and Uncomment (Ctrl+Shift+K).

6. Change “UTF8 without BOM” menu item behaviour.

7. Fix the hiding bug while launch time because of change of environment from duel monitors to mono monitor.

8. Remove vista UAC warning for GUP. Add “Update Notepad++” menu item.

9. Add NPPM_HIDETABBAR and NPPM_ISTABBARHIDE plugins messages.

10. Add NPPM_GETNPPVERSION message for plugin system.

11. Enhance the horizontal scroll feature.

12. Change Find in files behaviour : all the hidden directory won’t be searched (for example : .svn).

13. Add build date-time in about box.

14. Fix a bug where a file with 2 or more consecutive spaces gives problems with sessions and history.

15. Fixe the problem where opening a file when in save as dialog saves the wrong file.

Included plugins :

1. TexFX v0.24a

2. NppExec v0.2 RC2

3. Spell Checker v1.3.1

4. Quick text v0.02

5. Explorer plugin v1.6.1

6. Hex editor v0.84

7. Base64 encoder/decoder v1.2

8. FTP_synchronize v0.9.5.0

9. NppExport v0.2.5.0

Download