I've always been surprised by the lack of people using GPG, PGP or even S/MIME. Perhaps now that the Sixth Circuit US Court of Appeals has stated that e-mail is not protected under the Forth Amendment of the Constitution and that "users have no expectation of privacy," people may think again.

I bought a "refurbished" mini-HD from Geeks.com. I was curious whether by "refurbished" they meant it was factory refurbished, in which case the drive should have been clean, or just "used and returned to us," in which case there were probably a lot of deleted files still on the drive. I decided before trying autopsy/sleuth, I'd try magicrescue. I found about 840MB of data -- mostly mathematical graphs and such and some other files that support my theory that the previous owner was quite the nerd.

I'm in Kuwait at the moment and the camp where I am has pre-paid wireless hotspots that use MAC filtering to block unauthenticated users and redirect them to a login page. After, successful authentication the MAC is white listed. It's pretty weak security that can be bypassed by:

1. Running Kismet or Airsnort to capture some packets
2. Running Wireshark to find traffic other than people getting stuck at a login page (i.e., authenticated users)
3. Changing the MAC of your NIC to that of an authenticated user
4. Connecting happily

I started working on easy-to-follow, baby-step approach tutorials on how to use encryption on Windows. My motivation is to teach my wife how to install and use GnuPG and eventually OTR and TrueCrypt. So far, I've completed the GnuPG How-To. Hopefully someone else is able to find it useful.

People think I'm paranoid because I refuse to store passwords in Firefox. Then vulnerabilities come along that make me smirk.

A 75 year old woman has a 40Gbps broadband connection. I envy her. Greatly.

Although, the idea of an anyone who is not computer/network security minded having a connection with that much bandwidth scares me. Who needs a bot net when all you need to do is pwn granny with the 40Gbps link?

Slashdot recently featured a CNN Money article about using the brain to control computers, beaming data directly into the mind and instant thought transfer. All of which raises major security and privacy concerns.

The Gaim project has been Pidgin for a month now. I still dislike the name. I really wish they'd have named it something cooler like PIMP (you know, Portable Instant Messaging Package); after all, they used to refer to it as "The Penguin Pimpin' IM Clone That's Good For the Soul."

TrueCrypt unfortunately doesn't exist in my usual repositories. Building it in Fedora requires having the kernel sources installed and a one-line edit to the build script to properly set the path of the kernel sources. Once built, TrueCrypt works fine on Fedora.

I decided to write on how to secure a Windows install with a few freely available programs: Eraser, TrueCrypt and Core Force.