Tags for this video have been changed from 'Steven, Colbert, Show, Remix, challenge' to 'Steven, Colbert, Show, Remix, challenge, Lawrence, Lessig, Creative, Commons, Copyright' - edited by Trancecoach

I always hit arstechnica.com, slashdot.org, techdirt.com, and wired.com for security news. I like wired and arstechnica, they have obscure topics covered. Digg has a bit here and there but, its more about social networking.

Security is a fun place for the grey hats.

In reply to this comment by curiousity:
ahh... I didn't realize you meant it as a joke.

No problem, its cool to talk about these things.

Have you looked at the way that ZRTP (VoIP protocol by Phil Zimmermann) handles Man in the Middle attacks? Seems like it would be effective.

Of course, most of this is new to me. I'm working my way into the field. Getting down basic knowledge and skills while trying to get familiar with the security community.

Thanks for your response!

In reply to this comment by NordlichReiter:
All software is victim of Obfuscation in network security, and in cryptography it is better to obfuscate the passphrase. AES Encryption works, thats been proven its a government standard. However no encryption is safe from Man in the Middle. No software that you distribute is safe from reverse engineering.

Security through obscurity is a joke, ( i meant it as a joke). Once the application has made it to the testing phase it can be broken. As for as the Encryption you have to have the pass phrase to decrypt it. A 20 character pass phrase may take a while to brute force. Even though you know how the program works you still have to know the pass phrase, considering the hash is in someone else's memory.

In reply to this comment by curiousity:
I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.

ahh... I didn't realize you meant it as a joke.

Have you looked at the way that ZRTP (VoIP protocol by Phil Zimmermann) handles Man in the Middle attacks? Seems like it would be effective.

Of course, most of this is new to me. I'm working my way into the field. Getting down basic knowledge and skills while trying to get familiar with the security community.

Thanks for your response!

In reply to this comment by NordlichReiter:
All software is victim of Obfuscation in network security, and in cryptography it is better to obfuscate the passphrase. AES Encryption works, thats been proven its a government standard. However no encryption is safe from Man in the Middle. No software that you distribute is safe from reverse engineering.

Security through obscurity is a joke, ( i meant it as a joke). Once the application has made it to the testing phase it can be broken. As for as the Encryption you have to have the pass phrase to decrypt it. A 20 character pass phrase may take a while to brute force. Even though you know how the program works you still have to know the pass phrase, considering the hash is in someone else's memory.

In reply to this comment by curiousity:
I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.

All software is victim of Obfuscation in network security, and in cryptography it is better to obfuscate the passphrase. AES Encryption works, thats been proven its a government standard. However no encryption is safe from Man in the Middle. No software that you distribute is safe from reverse engineering.

Security through obscurity is a joke, ( i meant it as a joke). Once the application has made it to the testing phase it can be broken. As for as the Encryption you have to have the pass phrase to decrypt it. A 20 character pass phrase may take a while to brute force. Even though you know how the program works you still have to know the pass phrase, considering the hash is in someone else's memory.

In reply to this comment by curiousity:
I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.

I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.

http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.

In fact, maybe it's time for NO copyrighted stuff on youtube and on the sift, maybe it's time for only independent clips.

No TV stuff, no Holywood movie clips, just independent media under the creative commons licence.

Independent news, films, comedy, animation, games.

Let them keep their copyrighted ad-riddled dumbed-down crap for cable TV and watch them slowly die.

Tags for this video have been changed from 'nazi, science fiction, comedy' to 'nazi, science fiction, comedy, alternate history, creative commons, wreckamovie' - edited by kronosposeidon

>> ^xxovercastxx:
*cinema *dark *obscure *scifi
suggested tags: alternate history, creative commons, wreckamovie

*cinema *dark *obscure *scifi

I'm here to help.

*cinema *dark *obscure *scifi

suggested tags: alternate history, creative commons, wreckamovie

If only CC clips were CC (creative commons) licenced..

I'm glad there was a MySpace altnerative because this was a good documentary to have here. Plus, it's free and legal! Hurray for Creative Commons!

Doc_M: 500-600mph estimate is based on min/max from NIST report, and backed up by the book "Debunking 9/11 Myths."

Also, the engines are not "solid titanium" - most of the engine's components are an aluminum/titanium alloy, which further decreases the density of the titanium(which is why "the engines...could not have gone through (more than - your edit) a central column or two" - they would have been quite shredded after going through the steel OUTER columns first - the fan blades themselves would have already ejected from the engine[as they are designed to do], and all that would have been left, after the collision with the outer columns, would have been scraps of the casing, fuel system, and the internal rotor/cooling system).

This is actually one subject I have more extensive knowledge about, even, as I did quite a lot of work on GE's GEnx series of engines. Even though they are most certainly NOT the same series present on the planes that crashed into the WTC buildings, well, look at it this way: using solid titanium increases both the weight and the cost of the engines(just for starters - if you'd like, I can list multitudes of reasons that engine manufacturers do NOT use "solid titanium").

Call it a "wild guess" if you want - if you're interested, it's actually quite easy to test what I'm saying here using simple, proven, Newtonian Physics. Check the comments section of theo47's profile for a good creative commons book on that. Take a look, specifically, at the section on "Force and Motion."

Oh, and p.s. - I have spent 40-60 hours per week for the past couple of years "thinking about" and "calculating it." If you want to debunk me, please do so - Newtonian physics is most certainly NOT difficult in any sense of the term, and heck - you'll be able to prove just how much "guessing" I have done.

Again, I repeat - more fun stuff to keep us talking...

??? "Underlying belief systems" CAN'T "override" physics, as physics is comprised of a set of mathematical equations that describe the PHYSICAL world.(You don't agree with what I propose, you write up a whitepaper describing your opposing thesis, USING PHYSICAL LAW, and debate me with MATH - not a blind excuse. That's all I'm asking for here - PROVE me wrong USING the EQUATIONS THAT DESCRIBE THE PHYSICAL WORLD, oh mighty self-proclaimed "atheist" that for some reason has faith in TV and Movies enough to promote all of the mainstream concepts without question.)

You're really making no sense, Theo - why don't you try to run the equations yourself? Why won't you even make an attempt? Are you just not capable of high school physics?

You have an excuse for everything.

(p.s. - I don't advocate any "belief system" - and especially NOT "intelligent design" - however I am VERY honest about being an atheist, because I'm not going to hide it. Your excuses have no basis.)




In reply to your comment:
“There are Ph.D.'s who are advocates for intelligent design, too - and their underlying belief systems override their better judgment, just like with you.


In reply to your comment:
“Some life - arguing/voting down others about subjects you don't know anything about.

If I'm a science "amateur," who do you consider to be professionals? Please note - I am a physicist.

My challenge stands. Newtonian physics is 10th grade level physics at best. If it'd take too much of your glorious "life" in order to complete my challenge, then maybe you should go back to high school.

As for your challenge, here is where I spend 75% of my time: http://xxx.lanl.gov



In reply to your comment:
“Sorry, dude - I try to have a life.
Here's a challenge for you:
Read something other than crap on 9/11 conspiracy websites from science amateurs like yourself.

In reply to your comment:
“Here's a challenge for you: Prove that the WTC COULD have collapsed using Newtonian physics and provide your dissertation.

Here is a very good Creative Commons book on Newtonian physics. Use this or any other book on Newtonian physics you know, and tell me how the towers could have collapsed in the time they did. Use any video or written documentation you choose as a record of the time those towers took to fall.
””””

There are Ph.D.'s who are advocates for intelligent design, too - and their underlying belief systems override their better judgment, just like with you.


In reply to your comment:
“Some life - arguing/voting down others about subjects you don't know anything about.

If I'm a science "amateur," who do you consider to be professionals? Please note - I am a physicist.

My challenge stands. Newtonian physics is 10th grade level physics at best. If it'd take too much of your glorious "life" in order to complete my challenge, then maybe you should go back to high school.

As for your challenge, here is where I spend 75% of my time: http://xxx.lanl.gov



In reply to your comment:
“Sorry, dude - I try to have a life.
Here's a challenge for you:
Read something other than crap on 9/11 conspiracy websites from science amateurs like yourself.

In reply to your comment:
“Here's a challenge for you: Prove that the WTC COULD have collapsed using Newtonian physics and provide your dissertation.

Here is a very good Creative Commons book on Newtonian physics. Use this or any other book on Newtonian physics you know, and tell me how the towers could have collapsed in the time they did. Use any video or written documentation you choose as a record of the time those towers took to fall.
”””