http://gkovacs.xvm.mit.edu/google-gears/gears-win32-opt-0.5.25.0.xpi

http://gkovacs.xvm.mit.edu/google-gears/gears-linux-0.5.25.0.xpi

http://gkovacs.xvm.mit.edu/google-gears/gears-linux-x86_64-0.5.25.0.xpi

via Issue 749 – gears – Gears 0.4.20.0 not compatable with Firefox 3.1 Beta 1 – Google Code.

Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2¹¹⁹, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle.

In an e-mail, the authors wrote:

We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2¹¹⁹ to about 2^110.5 data and time.

via Schneier on Security: New Attack on AES.

In April, site founders and owners Gottfrid Svartholm Warg, Peter Sunde, Fredrik Neij and Carl Lundstrom were convicted of being accessories to copyright infringement. The prime movers in the case against them were movie studios, with music labels chiming in. Warner Bros., MGM, Columbia Pictures, Fox, Sony BMG, Universal and EMI all wanted damages.

The idea now is to work with those same studios and record labels to create a legit business. Global Gaming Factor isn’t naive enough to think that users accustomed to getting everything for free are going to be enamored of the new business model, so they’ve cooked up a scheme to pay them back. “To compete with free file sharing, you have to beat it,” said GGF CEO Hans Pandeya. “What’s better than zero? Well, that’s paying somebody $1.” Not that he discloses much to the Times about where that money is going to come from; the suggestion is that the money won’t be paid out directly, but into an in-house account and used towards purchases of media downloads on the new Pirate Bay. From here, that looks and sounds like an ambitious, unsustainable plan.

via The Pirate Bay Raises The White Flag, Goes Legit | /Film.

Juniper Networks, a provider of network devices and security services, said it delayed the talk by its employee Barnaby Jack at the request of the ATM vendor. The talk promised to “explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM,” according to a description of the talk pulled from the Black Hat website in the past 24 hours.

via Researcher barred for demoing ATM security vuln • The Register.

via CSRF And Ignoring Basic/Digest Auth ha.ckers.org web application security lab.

Most of you have a shit ISP that overcharges you for unreliable service and can’t do shit about it because that company either has a micromonopoly in your region or because they are considered the “least worst” of your “options”. What you may not realize is that the same shit company is also making serious bank off those stupid 404-jacking pages they send you half the time instead of the local site’s. They sell these huge data streams of their customers 404′d requests to domain squatting types so that you’re guaranteed to get an MFA when you type in http://www.yxhoo.com/ or the like.

Anyhoo… my ISP’s awesome dev dept conveniently forgot to ensure the opt out feature worked prior to launch. And for the record, I’d be perfectly happy with the ads and personal information leaks if they would charge less or at least provide me with the level of service I pay for.

Now, will someone tell me why ebay is still buying ads for everything? I thought they filtered out “Nukes” and other nefarious keywords long ago.

Now to the good stuff. It’s really an easy process, and this is just one of many ways you can do it:

Download and install Piwik to a folder outside your publicly accessible space.

Create symbolic links to each of your domains folders:

cd domain1/
ln -s ../piwik/ track
cd ../domain2/
ln -s ../piwik/ track
cd ../domain3/
ln -s ../piwik/ track

etc…

Add meta nofollow tags to the templates:

<meta NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW" />

plugins/Login/templates
plugins/CoreHome/templates

And add it to piwik/robots.txt if you want:

#Disallow everything
User-agent: *
Disallow: /
Disallow: /*
Disallow: */*
Disallow: *.*
Disallow: *
Disallow: .

Next you can log in to your Piwik install from any of your domains like this:
http://domain1.com/track/

Then you can add your site and it will create tracking code for the domain your are logged in from.

You can manage and view your data for any domain from any other domain since its a single installation.