I always hit arstechnica.com, slashdot.org, techdirt.com, and wired.com for security news. I like wired and arstechnica, they have obscure topics covered. Digg has a bit here and there but, its more about social networking.

Security is a fun place for the grey hats.

In reply to this comment by curiousity:
ahh... I didn't realize you meant it as a joke.

No problem, its cool to talk about these things.

Have you looked at the way that ZRTP (VoIP protocol by Phil Zimmermann) handles Man in the Middle attacks? Seems like it would be effective.

Of course, most of this is new to me. I'm working my way into the field. Getting down basic knowledge and skills while trying to get familiar with the security community.

Thanks for your response!

In reply to this comment by NordlichReiter:
All software is victim of Obfuscation in network security, and in cryptography it is better to obfuscate the passphrase. AES Encryption works, thats been proven its a government standard. However no encryption is safe from Man in the Middle. No software that you distribute is safe from reverse engineering.

Security through obscurity is a joke, ( i meant it as a joke). Once the application has made it to the testing phase it can be broken. As for as the Encryption you have to have the pass phrase to decrypt it. A 20 character pass phrase may take a while to brute force. Even though you know how the program works you still have to know the pass phrase, considering the hash is in someone else's memory.

In reply to this comment by curiousity:
I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.

ahh... I didn't realize you meant it as a joke.

Have you looked at the way that ZRTP (VoIP protocol by Phil Zimmermann) handles Man in the Middle attacks? Seems like it would be effective.

Of course, most of this is new to me. I'm working my way into the field. Getting down basic knowledge and skills while trying to get familiar with the security community.

Thanks for your response!

In reply to this comment by NordlichReiter:
All software is victim of Obfuscation in network security, and in cryptography it is better to obfuscate the passphrase. AES Encryption works, thats been proven its a government standard. However no encryption is safe from Man in the Middle. No software that you distribute is safe from reverse engineering.

Security through obscurity is a joke, ( i meant it as a joke). Once the application has made it to the testing phase it can be broken. As for as the Encryption you have to have the pass phrase to decrypt it. A 20 character pass phrase may take a while to brute force. Even though you know how the program works you still have to know the pass phrase, considering the hash is in someone else's memory.

In reply to this comment by curiousity:
I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.

All software is victim of Obfuscation in network security, and in cryptography it is better to obfuscate the passphrase. AES Encryption works, thats been proven its a government standard. However no encryption is safe from Man in the Middle. No software that you distribute is safe from reverse engineering.

Security through obscurity is a joke, ( i meant it as a joke). Once the application has made it to the testing phase it can be broken. As for as the Encryption you have to have the pass phrase to decrypt it. A 20 character pass phrase may take a while to brute force. Even though you know how the program works you still have to know the pass phrase, considering the hash is in someone else's memory.

In reply to this comment by curiousity:
I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.

I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.

Yes, the U.S. has suffered the consequences of a silent coup, which we may be seeing disassembling somewhat. For us to even know about it is to suggest the coup's relative failure, but I wouldn't go so far as to say it's failed. We shall see how the Republicans are in this next election and perhaps then, we can see if the country has been reclaimed as a constitutional democratic republic.

From the Gizmo Garden website:

"Carlos was a college kinetic sculpture project. I was interested in the concept of automating aspects of society that were considered not so "glamorous". Robotics are often used in environments which are considered dangerous to humans. Deep sea exploration, nuclear cleanup and volcanism are some of the "higher profile" adverse environments which robots are used. My question was, "What about other dangerous or hazardous areas?". For example, homeless people live in extremely dangerous environments. Shouldn't there be automated equipment used by this strata of society? So, for this project I chose to implement an automated walking, homeless shopping cart. I imagine now, to carry this project to completion I should have given the controls to someone who was actually living on the streets near the university. There was a large homeless population near the campus, and there would have been plenty of opportunity. Unfortunately, I had to disassemble the project for parts before this happened."

Are you sure you didn't mean semantics instead of syntax? Okay, that was a dig. The truth is I wasn't angry at you - there's no reason to be angry on a silly blog page. Sorry if it sounded like an attack - it probably was to some degree, so I apologize.

You're right, it was irreducible complexity I was thinking of. Richard Dawkins explains irreducible complexity in his book The God Delusion as a creationist way of disassembling biological adaptation based on a "jackpot or nothing" fallacy. Either a wing flies or not. Either an eye sees or not. All or nothing. In other words (and to continue to paraphrase Dawkins) it's like a large bank combination. If a burglar spins that tumbler, there is a chance he could luckily and randomly hit the correct combination, though the odds are stacked against him greatly. That's the jackpot or nothing fallacy that creationists term irreducible complexity. They claim evolutionist's explain biological adaptation as randomly spinning the combination lock and coming up with the winning combination for every species.

But, imagine if it was more as a "you're getting warmer, you're getting colder" type of process. Imagine that burglar (here we go with Dakwins again) spinning the tumbler and as he gets closer to the correct number bits of money fall out. The burglar would easily be able to hone in on the right combination in no time. Your explanation could be that God gave that burglar the nudge, or in this case, the bits of money. I think it has more to do with what you conceded earlier by saying "selected by advantage to the organism". The bits of money falling from the combination lock, in this analogy, would be triggers the species would find advantageous to the survival of its species.

I do believe genes mutate randomly and that there's no intelligence behind biological adaptation from a genetic perspective. So, here I agree with you. I think it's arguing semantics (not syntax to say I was wrong in pointing out evolution as not being random, because I was speaking about creationists' deploying the "jackpot or nothing" argument, not that genes mutate with an intelligence or not. My point was it's not random like the combination lock, and I think you know that's what I meant, right?

I do know (or I believe I know) species pick mates based on what's best for survival. If a species lives in an extremely frigid environment, they would probably be more attracted to a furrier mate than one with less fur. Though, if that same species were in a tropical environment, the opposite would probably be true. Still, through this selection process, it is clear to me biological adaptation is not random but instead a very calculated process. The wing didn't appear overnight by chance (randomly), it was carefully selected, most likely.

And, I'm both atheist and agnostic. I tend to believe there is absolutely no personal god or no intelligent creator, and I'd say I'm about as close to believing that as any human is possible of knowing anything. I remain agnostic only because I cannot absolutely disprove the presence of a Abrahamic God anymore than I can disprove there's a tea cup orbiting the Sun right now. But, I'll save you that tangent.

I'm not quite sure what to make of your theist/atheist knowledge philosophy just yet. I think I'll need more of an explanation to understand exactly what you mean by that. That was the part in particular that sounds like doublespeak, but I don't think I can say that without sounding offensive, so I'll wait to hear more of an explanation from you, if you would offer one. Anyhow, I really enjoyed reading your rant, Doc_M. I like a nice dose of cold philosophy every now and again.

Wow. Four shots from 200 yards = 182.88 m and he didn't hit the target at all? What a n00b. I haven't tried an M16 but the AK can definitely be more accurate than that. And it is ridiculously easy and fast to disassemble and reassemble as well. I think the best times of dis- and reassembling the gun were well under 20 sec. in my platoon. Not blindfolded, heh!

The point about the AK losing basically all accuracy after the first shot while bursting is absolutely true though. But does it really matter because your first shot hits...?
Seriously, one should only use the burst mode in close combat. At distance it's just a waste of bullets.

I'm still curious, can you really shoot 3-shot bursts with the M16 and still be accurate over distance. What is the longest range a good shooter can reliably hit a target with an M16. With an AK you can't expect to hit too accurately after 300 meters...

Anyone who says you need an entire handbook to disassemble an M16, or that the M16 is too complicated and time consuming to clean, has never taken one apart... or at the very least has never been shown how to do it. My time in the Canadian Military was spent as a Vehicle Tech, and we qualified on the C7 (identical to the US M16) only once per year. Even with such limited experience with the weapon I can recall being timed in the 1.5 - 2 minute range.

I will say this though...the close up of the guy pulling the trigger on the AK showed exactly why he couldn't hit a target from 200m.

oh, come on - 200 yards and he missed the whole target? it's not the gun, buddy - you suck! In my experience AK-47 can be as accurate as any other gun, whether it's 7.62mm caliber or standard NATO 5.56mm.
I usualy got great groupings on targets up to 300m range (say in a 20cm circle) and my rifle was pretty much fucked up (old Yugoslavian army stock that they left lying around after the war). If you know your gun well, you can't possibly miss the whole target even at twice that range - that's single shot action of course, not automatic (AK's accuracy goes waaay down in automatic mode, like in the standard bullshit you see in any guerilla war footage on TV, a guy loosely stretching out his gun, some assholes even one handed, and bursting the whole clip...). Short controlled bursts of 3-4 shots is still useful in most combat situations (that usualy happen inside 300 yards range) if you know what you're doing (not like the guy in the video).
And as for durability and reliability - you can't compare it to any other gun in the world. The things i've done with my AK... M16 would probably rust in a week. Not to mention what a bitch it is to put it back together once you open it up - I haven't fired any guns since the army, but if you give me an AK now, I can disassemble it and put it back together in under 30 seconds (blindfolded if you like) That shit can save your life in combat. I never held M16 but i tested the Singapore replica of M16 called SAR-80. It almost identical. I didn't like it much. Plus we got just a couple of those SAR-80s just after the war (while still under arms embargo) and SAR-80 has aluminum clips casings meant for one-time use only. But since our army didn't have enough equipment at the time, we used same clips daily. Of course they got bent with use so when we were out in the field our clips would start falling out imagine something like that happening to you in a war zone

Farhad2000:
You want to talk about a weapon and it's inferiority because of it's age? The AK-47 was designed in 1947 - and it hasn't changed a bit. The AK-74 is a completely different weapon with an entirely different round (@ 5.45mm whereas the AK-47 has a 7.62mm round). Just because something is old does not make it outdated. Yes, there are better weapons being developed, like the new Heckler and Koch, but for now, we have the M16A4, which is a fine weapon.

Look at the Browning M2 .50 cal. Machine gun: It has been in service since 1921, and is a hell of a weapon, still going strong today.

Yes, the M16A1 might have done poorly in Vietnam, but our troops were still using the M14 then, so the introduction to a new weapon meant little time in training, and it might have jammed more than the M14 with equivalent cleaning, so that might have skewed reports of reliability.

Fiver2: Soldiers prefer a weapon that can actually hits the target, hence the M16. Don't tell me what soldiers want. So long as you maintain your weapon, the M16 is reliable. I know mine was.

Abducted: I'm not really sure where you were going with that.

Arsenault185: Take better care of it next time. Also, we used to have contests in the squadbays to see who could disassemble and reassemble an M16 the fastest - while blindfolded. It never really look longer than a minute and a half.

Weapons should be graded on their effectiveness on the battlefield, not some pre set standardized tests. Looking at both the AK-47 and M-16 on a firing range, one could claim the M-16 is better but its far more reliable to cull from several conflicts where both weapons were used, to reach a conclusion, the most significant would be Vietnam.

As a precison, futuristic, tech reliant rifle the M-16 almost failed in Vietnam, early versions shipped with ammunition that fired dirty in the chamber leading to catastrophic dirt jams, initially they were shipped with no cleaning kits as well, its sensitive mecahnism could easily jam in harsh enviroments, early models also weighted so little that firing control and usage as a close combat blunt weapon was lost.

The AK-47 thrived, its firing power, reliablity, simple training methodology meant that troops spent little time training and cleaning with their weapons and more time shooting at an enemy. In close range a butt smack from an AK-47 can down a person. There is an entire handbook on just how to disassemble the M-16, you can teach a 6 year old how to clean, arm and fire the AK-47 in about 30 minutes.

The AK-47 is built for urban combat and close range engagement, while the M-16 is built as a long range high accuracy stand off weapon. You can run a guerilla war on the AK-47, while the M-16 is reliant on highly trained troops with the weapon system and supplies to keep the weapon functioning. There are still reports on newer M-16A2s failing to fire or jamming in the sandy dunes of Iraq.

The US Army Ordance is really skwed in my preception, there is high concentration on high tech bullshit (robots? network centric warfare?) while still using a weapon design from the late 50s, the M-16A2 and M4 are simple modifications on the M-16 frame, both are standard US infantry weapons and haven't really progressed to a more simpler and more reliable weapon platforms even though alternatives are field tested every goddamn year. The AK on the other hand is progressinng as a weapon design, currently I believe its ireation is the AK-74.

Basically if I had to fight tommorrow, I would go for the AK-47 over the M-16.

I've done all of those things and then some (well, except break the DMCA because that wasn't around then, but I did copy some tapes). I remember as a kid I went with my dad to my aunt's house so he could fix something. I borrowed a few of his tools and disassembled her exercise bike when he wasn't looking. Even though I got in trouble, I think he was proud of me.

Oh, when the game works, it's fucking amazing. Not just the graphics, but everything. The nano-suit adds a whole other dimension to gaming.
Also, I didn't call tech support for answers. I knew they wouldn't be able to give me any. I just called them because 1)I wanted to let them know that their game is FUCKED UP and 2)I wanted someone to yell at.
Like Animals said, I love messing with hardware. Even if it's just disassembling my computer just to clean the dust out, I get just as much enjoyment as the day I got the parts in the mail and put it all together.
Tomorrow I will be calling back and I plan on going up the chain of supervisors until I get to the V.P of EA games demanding a refund or a free copy of COD.