Chimpanzee Hackers

Diebold claimed their
audit log “can't be altered by any human.” Baxter is a chimpanzee, not
a human, but alter the audit log he did, using a real Cobb County vote
file and the GEMS central tabulator program from Diebold Election

My nomination for most idiotic quote: Scripps-Howard reporter, who said
(in seriousness) “but — elections officials would know if a chimpanzee
got into the voting machine room.”

Funny stuff from the guys at Black Box Voting.  It's funnier cause I used to live in Cobb County.


Too damn cute

High quality 100% cotton onesies. Each is equipped with a touch
sensitive scroll wheel; responsive to your every nudge, tickle and
Only $15.95. Available in 3 sizes: 6, 12, and 18 months.

Also avaliable in Nano black on  Too bad my little girl is too old for this.  I think I might make my own for her this Holloween.

Crack your XP – RockXP

RockXP allows you to retrieve and change your XP product key that you
used when you installed Windows XP. This can come very handy if you
need to reinstall but have misplaced or lost the CD cover with the
serial sticker. In addition, the program also lets you save the product
activation to a file, enables you to recover usernames and passwords
contained in the Windows Secure Storage, recover your Microsoft Windows
Products keys and have password generator.  Use it:

–  To retrieve and change your XP Key
–  To retrieve all Microsoft Products keys
–  To save your XP activation file
–  To retrieve your lost XP system passwords
–  To retrieve your lost RAS (Remote Access Settings) passwords
–  And to generate new passwords

Useful little tool from  (scroll down to the bottom).  This little gem was featured on TechTV on G4 (web article or divx download).

Tax breaks for cybersecurity firms?

Congress may offer tax breaks to companies that adopt good
cybersecurity standards, the chairman of a House of Representatives
subcommittee said Tuesday.

Lungren said the U.S. House of Representatives cybersecurity
subcommittee, which he chairs, is working on crafting an “overall view
of ways we can work with the private sector” to develop cybersecurity
tools, including the possibility of creating an incentive-based system.

Lawmakers also plan to address liability concerns, he said, as they
want to allow companies to take some risks in coming up with new
cybersecurity tools without having to worry about being sued if they
fall short.

Read the full article on C|Net  This would be very interesting if it came to light.

JiWire Releases Firefox Wi-Fi Toolbar

JiWire released a free Firefox toolbar that promotes their SpotLock VPN
service, but also provides a large variety of useful information,
including network status and signal strength as well as the security of
Web sites (it notes when SSL is active for a given page). It’s a
hotspot finder using JiWire’s directory, and the “i” (info) button
shows you a large amount of information about your adapter and the
access point to which you’re connected.

The toolbar is for Windows Firefox only for now, but JiWire promises versions for Mac Firefox and Safari and Windows IE.

Download the JiWire Firefox Toolbar.  Found on Wi-Fi Net News.  Should
be a nice tool since I travel a good bit.  Now if I could just
find a tool to help me find FREE Wi-Fi!  Now I look for the
closest Panera Bread, Atlanta Bread Company, Barnes and Nobles… they
seem to have free Wi-Fi.  I usually have about 30 minutes to kill
and it's not worth $6-10 bucks to check my email.

LM password cracking refinement

Password cracking/auditing tools like John or LC4 are able to crack in
a very short time the majority of the passwords, given these are
relatively simple. Those tools deal with all the hashes, no matter the
OS, in the same way. So if the Windows hashes are treated in their
specificity, it is possible to get better results, profiting by the
Windows authentication algorithm. This is possible with Lepton's Crack
appropriately implemented.

Original Lepton's Crack home page is at A local copy of the original project is here, and here is a copy of the original README.
I added some features to Lcrack: LM cracking, password prefix/suffix,
native Win32 project and executable, and maybe more in the future. You
can find the latest release of my project at

Great article
for anyone who does penetration tests or authors security
policies.  You may need to rethink password requirements.  I
have always suggested passphrases to replace passwords.

Testing and Evaluation of Virus Detectors for Handheld Devices

By pinpointing weaknesses in the current antivirus software,
improvements can be made to properly protect these devices from a
future tidal wave of viruses. This research tests four currently
available antivirus solutions for handheld devices. Ten tests were
administered; nine involved the modification of source code of a known
virus for handheld devices. The test results produced an overall false
negative rate of 42.5%. This high rate shows that current solutions
find it difficult to identify modified versions of a virus. The virus
is left unidentified and capable of spreading, infecting and causing

Get the full PDF here.  Apparently, the paper's authors, Jose Andre
, Peter J. Clarke, and Yi Deng, are going to appear in the proceedings of the Workshop on Software Security
Assurance Tools, Techniques, and Metrics.
November 7-8 2005 at Long Beach, California co-located with the 20th 1EEE/ACM International
Conference on Automated Software Engineering.  I am going ping the the guys at F-Secure to see if they've seen it yet.