The Tor Network is Flawed

The 27th Chaos Communication Congress (27C3) has found a rather important flaw in the Tor anonymity network. The Tor (short for The Onion Router) has long been a faithful companion of whistleblowers, hackers and other people for whom anonymity on their network is of prime importance. In its simplest form the Tor network consists of a large number of volunteer nodes that know only the location of the next node in a large routing queue. The data is encrypted from your computer and sent to the first node, from which it is sent to the next in the queue and eventually to the server you want to information from, and then the data is sent back in a similar fashion. Thus, if someone is trying to spy on your web browsing habits, they will essentially be sent for a toss as they will never know where the data is exactly being sent to.

Tor

However, security researchers at the 27C3 have shown that, with a carefully executed attack, the surfer’s browsing habits can be revealed. If the attacker is on the same local network (such as the same Wi-Fi network or ISP regime) then they can coax out the path of the Tor routing process and can eventually find out the main server that the surfer is accessing.

The process requires a bit of preparation and has a sequence of steps attached to it:-

  1. The attacker will have to know a series of sites that the target is known to visit, either through network logs gained before the target used Tor, or by other surveillance means.
  2. Next, the attacker will run Tor on their own system for the potential sites, seeing how Tor routes the net and developing a fingerprint-like profile for the target’s Tor routing.
  3. When the target next goes online, the attacker can use the packet streams captured on the local network (thus it is imperative that the attacker be on the same network) and associate the data streams with the fingerprint using a pattern matching technology (akin to Bioinformatics applications).

Dominik Herrmann, a PhD student at Regensburg said that this pattern matching would only provide 55 to 60% chances of a correct guess which is not enough as a legal evidence, but enough for privacy paranoid people to be edgy.

Solving this issue might be a little difficult for the Tor project, but only time will tell how much they can solve.

[via Ars Technica]

Nintendo 3DS May Harm Children’s Eyes

The Nintendo 3DS is the next iteration of the popular Nintendo DS series of handheld gaming devices. What sets the 3DS apart from its competitors (basically the Sony PSP and the Apple iPod Touch) is that one of its two screens (hence the name DSmeaning Dual Screen) is a stereoscopic 3D display whose depth can be changed at will from flat 2D to full 3D, without the need for any clunky glasses. Previewers were struck at just how amazing the screen was in real life, and that you’d need to use it to feel the 3D effect as it is lost in cameras.

nintendo3ds

However, Nintendo’s Japanese website has issued a warning about their (normally) child-friendly device saying that the 3D mode should not be used by children below six years of age as the view has potential impact on the growth of children’s eyes. Stereoscopic 3D on the 3DS works by (mostly) sending the images at angle to each other to each eye. This means that when your brain reads these two images there’s a parallax barrier created between the eyes, creating a 3 dimensional effect. This effect may confuse developing eyes and thus the overarching warning was issued by Nintendo.

However, I cannot help but agree with Business Insider in that Nintendo is basically sticking up a DO NOT BUY THIS FOR YOUR KIDsign for parents on their newest model. Nevertheless, more light will come to this matter once the product is actually released to the English speaking countries.

The Sony PlayStation 3 Finally Hacked

The Chaos Communication Congress is an international hacker conference organized every year by the Chaos Computer Club of Germany. Every year, hacker teams and security analysts discuss the latest vulnerabilities, exploits and security enhancements for a variety of devices and networks. The 27th Congress, (27C3) dubbed We Come in Peacehas been going on in full flow and has attracted the best minds in the field of computer security.

One of the biggest announcements came today from the hacker group fail 0verflowwho, in effect, have completely taken control of the unhackable(until a few months ago) Sony PlayStation 3.   While many alternatives exist to hack the PS3, the hackers at the conference dropped a bomb on Sony by showing how botched up the security detail on the PS3 actually is and how anyone can exploit this vulnerability with ease.

The Specifics: Apparently the randomnumber used to create every private key on the system is actually a constant number on all retail PS3s. In coding, random numbers are usually seededfor the random number generation algorith, i.e. the origin of any random value can be anything from the current time and date to the position of the mouse pointer in the X and Y coordinate system. Thus, it is well nigh impossible to calculate any randomly generated number simply because of its chaotic origin. However the (rather hippy) fail 0verflow hacker showed that, through complex math, the private key can be calculated from the static number.

What this means: The most promising consequence is dongle-less jailbreaking, similar to the PSP’s homebrew enabling software, as a coding exploit can utilize this piece of information and give the use complete control of the console.

What the future holds: Fail 0verflow have said that their primary goal is to make all PS3s run Linux. While the legacy (80GB) PS3s had this functionality, it was since withdrawn by Sony. Fail 0verflow have said that their project in no way involves piracy. Nevertheless, it is very likely that their exploit will be used for pirating games eventually. Since this breach of security is huge and so intricately lined with the innards of the PS3 firmware, it will be difficult for Sony to patch this up.

The three video presentations by fail 0verflow are embedded below.

[via PSGroove]

Ninja moves from the sword’s point of view

I tried making the title better than URLesque’s, and as you can see, I failed miserably. Let’s face it, nothing introduces the video below better than Guy puts camera at the end of sword, takes awesome video. That title is full of #win.

So, what happened? Exactly what the title says. At Swordfish 2010, the Historical Martial Arts conference that takes place in Gothernberg, Sweden, a few people had a wacky idea of duct taping a GoPro Hero wearable sports camera at the end of the sword. They taped it well enough that even with fast moves, the camera does not budge from its place. While the Swordfish event itself is a serious and well known affair, the people who put the camera on the sword added fun to the seriousness of the conference.

As a result, the people around the sword seem to be revolving and spinning around the camera (while it remains stationary). Three people try out the sword-cam, each with different speeds. It’s almost like a level advancement, as each user figures out that the camera is not going to budge and notches up the speed.

But let’s all agree on one thing: the video is awesomeness unparalleled, thanks to YouTube user ryrlen.

“My Blackberry Isn’t Working” and Other Literal Puns

BBC has a pretty decent comedy show called The One Ronniestarring the wizened eighty year old comedian Ronnie Colbert. While the comedian does feel a little guilty doing this show without his late partner Ronnie Barker (part of the The Two Ronnies while he was still alive), he is quite the riot as an old comic and manages to keep up with latest happenings to elicit that odd smirk or the riotous guffaw.

One of his latest sketches features him talking with an elderly grocer and general vegetable shop owner about how his blackberry was not working. Yes, he takes out the organic fruit, a blackberry, and asks the shopkeeper if there was anything he could do to fix it. The shopkeeper immediately asks him whether it ran out of juice! Hilarious puns and comedy that we’ve all grown accustomed to watching on the Beeb.

It is actually quite heartening to watch a comedy by elderly gentlemen stay in touch with the latest technology. While the sketch starts out with a blackberry, it goes into the territory of Apples and Eggs-boxes soon enough, giving you, the viewer, plenty of time to take in the jokes and laugh before proceeding to the next!

Watch My Blackberry Isn’t Workingon YouTube.

The Xperia X10 Mini Pro’s Successor Leaked!

I don’t know what is with Sony/Sony-Ericsson. Almost all of their new products get leaked weeks before their official update, and for the most part, there is no fun in their official updates (which are tediously written and rather slow).

X10minileak1

However, the folks over at Sony Ericsson have been up to promising things with their PlayStation Phone (the Xperia Play) up and coming with some rather nice features. The smaller cousin of the X10, the X10 Mini (and Mini Pro) packs quite a tight punch with its tiny screen and processor and is quite a popular phone. Thus, SE decided that it just needs to notch up the processor, run it off Gingerbread (Android OS 2.3), add some wicked fast graphics chips and let it run amok with Neocore and Quadrant to see just how fast a tiny computer can be.

X10minileak2

It is extremely fast (if the leaked photographs are to be believed) with a Neocore framerate of 42.5fps and a Quadrant score of 1,533. The original leaker on the SE.it168.com forums says that it sports a 3-inch (320×480) multi-touch display, a 1GHz CPU and an Adeno 205 GPU. The pictures seem legit as the unofficial X10 blog rightly points out that the overall hardware layout seems similar to the previously previewed ANZU with regard to the button layout.

X10minileak3

Is that excessively exciting? You bet! I personally use an X10 Mini Pro since I’m averse to large-screened phones (I have to take extra care of them) and really like a QWERTY solution. If this phone has a QWERTY slide-out keyboard, I know what my next phone will be the mini version of the PlayStation Phone!

Source: Unofficial X10 Blog.

Learn to make your First PHP WordPress Plugin in 10 Minutes

WordPress is fantastic. Take out word for it. Even Techie Buzz runs on WordPress! One of the reasons why this blogging platform is so famous is due to its vast and vibrant community that creates, shares and modifies plugins.

grey-m

Plugins are tiny (or large) pieces of code that extend your site to do a lot of things. According to WordPress itself, Plugins can extend WordPress to do almost anything you can imagine, from sending your new posts to Twitter automat[t]ically to having HTML5 MP3 players with a minimal interface.

Now, Jay Harley, the founder of Heaven Interactive and an avid web programmer has put up a very short primer on making your own WordPress plugin in PHP within ten minutes. This Graphical User Interface (GUI) plugin works off your WordPress Admin Dashboard.

The tutorial assumes that you have a solid grasp of PHP and some experience with WordPress. It also builds up on concepts introduced by a few WordPress plugin-authoring books such as WordPress Plugin Development (Beginner’s Guide)

While the tutorial is not as fleshed out as a real introductory class on plugin development, it sets the stage for further development by you, the developer. If you have always wanted to write your own WordPress plugin, this is that ignition that you have always wanted!

Start making your own PHP WordPress plugin in ten minutes.

Sixty Symbols Educates You Through the Power of YouTube

The good folks at the University of Nottingham have put together sixty videos on a variety of topics, aiming to educate you (the young learner with a rapt internet-induced attention deficit), on some of the most mind boggling facts and facets of our science.

In other words, we live in a very very strange universe filled with squiggly diagrams and improbability that approaches Douglas Adams’ metaphorical science fiction escapades. Everything from Schrödinger’s Cat, infinity, vuvuzelas, quantum tunneling and Feynman’s squiggly diagrams have been put up in a mysterious-looking site.

sixtysymbols

Each video has an assortment of nerdy scientists explaining each phenomenon in the most non-confusing way possible (which is a paradox in itself, because trust me nothing is crazier than quantum physics. Nothing). The scientists, however, have done quite a marvelous job at explaining these concepts fairly well, and the project page itself is quite friendly:-

Ever been confused by all the letters and squiggles used by scientists?

Hopefully this site will unravel some of those mysteries.

Sixty Symbols is a collection of videos about physics and astronomy presented by experts from The University of Nottingham.

They aren’t lessons or lectures – and this site has never tried to be an online reference book.

The films are just fun chats with men and women who love their subject and know a lot about it!

Head over to SixtySymbols to get your science fix for the day! (via ReadWriteWeb)

How to: Get a Homebrew Enabler on your PSPGo (or PSP 3000 with Firmware 6.20)

So you got that Sony PlayStation Portable as a Christmas present, but aren’t all that interested in using it like normal gamers? You want to play homebrew games games that were designed by independent developers such as Troubles of Middle Earth and Cave Story? Most of you PSP 3000 and PSPGo owners must know that most Homebrew Enablers (HEN) do not work on your system if your firmware is higher than v5.50. So, those of you on higher firmware such as v6.20 or so did not have any option to play homebrew games.

hbl_logo_tiny

I’m here to tell you that there is a way to do that on your PSP 3000 or PSPGo. But before that, a short history lesson.

However, along came a Mr. Wololo, who along with others, creating the Half Byte Loader (HBL) that allowed users with the PSP 3000 (and eventually the PSPGo) with firmware 6.20 to play homebrew games and applications via a hacked Patapon 2 save game (a save exploit). While this was a great advancement for the PSP 3000 homebrew scene it was still not a complete enabler. It was a tedious process to run a homebrew game. You had to launch the Patapon 2 Demo, then load an exploited save file and then choose a homebrew. If, by chance you chose the wrong homebrew game, you had to go through this entire process again.

Then came a Frenchman called Total_Noob (TN). He figured out a kernel exploit (an exploit that allows you to run unsigned code directly via the XMB) that could be activated via the Half Byte Loader. In plain terms, this means that you would have to enable the exploit once via the Patapon 2 save game and until you completely shut down your PSP, you could directly launch homebrew via the normal user interface.

In effect, TN had made a HEN, now known as TN HEN.

hen620

This is what we are interested in, aren’t we?

Wololo testing the TN HEN on his PSP Go

Now that the short history lesson is done with, the beefy how-to part comes in.

Things you will need:

A PSP or PSP Go with Official Firmware 6.20 (or less).
An unpatched Patapon 2 Demo
Wololo’s crafted save for Patapon 2, HBL and TN’s HEN (the link contains all three in one archive)
Some homebrew games to play.

Things you will have to do:

1. Download the Patapon 2 Demo and place it in the PSP/GAME folder of your PSP’s memory stick. (Also make sure some other homebrew games are also in this PSP/GAME folder)

2. Unpack the HBL+HEN archive to your memory stick’s root. (Make sure all the files and folders are merged properly).

3. Run the Patapon 2 Demo from your PSP.

4. Select the HEN 6.20 save file (you will know which one it is by its logo)

5. Press the right shoulder button twice. The screen will go black and some code will start executing. Wait for it to finish. It will automatically return to the XMB interface.

6. Now run any homebrew game you want directly from the XMB.

Congratulations! You now have a homebrew enabled PSP 3000/Go!

Do leave a few comments if this method does not work for you!

Minecraft “notches” it up with Beta

It’s been indie gaming’s very own rags-to-riches to story (well, approximately at least). When Markus Alexej Perrson, better known as Notch, started work on Minecraft back in May 2009, he had no idea that it’d grow so huge before release that he’d have his own company before the Beta release. The blocky (literally) sandbox game is what I have phrased to a friend as lego for grown-ups. Assuming, of course, that these fine folks are still kids at heart.

However, lego for grown-upsisn’t an accurate descriptor of the game at all, I must confess. But then again, if punching trees for wood, making rollercoasters, USS Enterprises and giant statues of dragons, constructing 8-bit CPUs and portals to the netherworld and, of course,   riding pigs on saddles isn’t up on your list of things to do in a game I’m afraid you’re wasting your time here. Minecraft has been infinitely discussed and the number of videos of it on YouTube exceed Quake’s.

Nevertheless, we aren’t here to read about the game, we are here to know what’s new in the game, aren’t we?

Well, actually according to Notch, there’s nothing major planned for Beta. It’s still going to be the same old game as the latest alpha version. However, a few game changes have been planned and implemented, such as these:-

* Working server-side inventory! (the biggest part of the update)
* Made SMP servers save chunks way less often in most cases.
* Moving too far away from a container, or having it blow up, closes the inventory screen
* Fixed /kill
* Introduced leaf decay again. It acts differently from before
* You can now throw eggs

Oh, and the price has gone up from 9.95 Euro to 14.95 Euro. Also, say bye bye to free expansions from today.