Firesheep: Promoting privacy in a scary way

Often, software hackers are the activists that push software giants towards updating vulnerable applications. In todays example, [Eric Butler] is pushing Facebook, Twitter, Flickr, and more all at the same time. By creating a user script-kiddie friendly extension for Firefox, he has allowed just about anyone to sniff unsecured connections on public Wi-Fi access points and log into these unprotected accounts.

Right now the extension is available for Windows and Mac, with a Linux port coming soon. Temporarily, the best way for a user to avoid getting taken advantage of would be to not use these social networking sites on a public connection, or to implement a secure proxy for these connections that would keep your data safe. Hopefully these websites will have a quick rebuttal that allows for security without workarounds. With all of the bad press they are recieving, they certainly have incentive to.

Are there any software or security buffs out there? We would love to see someone port this to an iPhone or Android app that could check and log open Wi-Fi points. We’ll leave the foot work to the experts out there, but do be sure to give us a heads up if anyone manages to make it happen, okay?

BAMF2010: CMT 380X Blackbird

Okay, we lied, we totally want one of these too. The CMT 380X Blackbird is one wicked hybrid car!

Looking like it just rolled off the set of the next Batman film, the Blackbird is the brainchild of Electronic Arts Chief Creative Director [Richard Hilleman]. Starting from a kit car base — the Factory Five Racing GTM chassis — [Hilleman] created a unique 230 horsepower drive train combining a 30 kilowatt diesel turbine and 24 KWh lithium polymer battery pack.

As a purely plug-in electric car, the Blackbird has a range of 85 miles. In hybrid mode, range is extended to 500 miles. The car can accelerate from 0 to 60 in about 7 seconds. Come decelerating, the car makes use of regenerative braking.

It’s strictly a one-off for the time being, but several companies have approached [Hilleman] about possibly commercializing the design. A couple more choice pics follow the break…

[Read more...]

MythNetVision to cure borked MythTV hacks

Another group of developers has stepped up to the plate in the never-ending attempt to integrate online streaming video with MythTV. The new plugin is called MythNetVision and aims to bring streaming and downloading video functionality both easily and legally. That means without violating the terms of service of the providing website.

We’ve seen so many attempts that fell short it’s easy to be skeptical about the chances of this plugin actually working. Plugins like MythStream and MythVodka worked only temporarily before breaking and never seemed to provide a reliable option. Many people have tried adding Boxee, Hulu Desktop, or XBMC integration by launching these separate packages via the MythTV UI but that’s far from a clean solution.

It looks like MythNetVision is taking a slightly different approach. Although not yet available, the designers have built the plugin in two parts. The frontend is a fully skinnable user interface that parses RSS feeds to provide the hooks needed to browse, search, and view video. Depending on the content, a browser may be spawned to play the video, it may be played within MythTV’s normal player, or a separate download thread can be launch with video following after the appropriate buffer level is reached. The RSS feeds come either directly from the provider, such as the Revision3 feeds, or a scraper can be written to provide custom RSS feeds from sites that don’t have them.

We’ve seen a glimpse of the progress and we’re optimistic that we’ll see a reliable plugin. Early adoption and user script contribution are the best way to help ensure this so keep an eye out for the public release of this package.

IBM sees influx in zero-day exploits


IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Follow

Get every new post delivered to your Inbox.

Join 93,968 other followers