The contest, in its third year, was held at the Las Cruces International Airport in New Mexico over the weekend. On Saturday, Mesquite, Texas-based Armadillo Aerospace successfully won Level One of the challenge, which requires a rocket to take off from a launch area, ascend to an altitude of 150 feet, hover for 90 seconds, then touch down safely at a landing pad 150 feet away. The team then had to repeat the flight in reverse within two and a half hours.

Armadillo Aerospace, a team led by Doom video game creator John Carmack, has won $350,000 in prize money in a contest to improve lunar flight.

To win Level Two, teams have to double the hover time and land on a simulated lunar surface dotted with craters and boulders. Armadillo attempted to pass that feat on Sunday, but wasn’t able to pull it off. So $1.65 million worth of prize money is still on the table for teams to claim.

(Credit:
Video: X Prize Foundation; Screenshot: Jennifer Guevin/CNET News)

Here’s video of Day Two’s activity, in which John Carmack explains what went wrong with their Level Two attempt.

Armadillo Aerospace's Pixel lifts off on Day One of the Northrop Grumman Lunar Lander Challenge on October 25.

The Northrop Grumman Lunar Lander Challenge is a $2 million contest that challenges teams to build a lunar vehicle and then simulate a 90- to 180-second moon flight and landing. The event is hosted by the X Prize Foundation and sponsored by NASA. And the end goal is to open the door for developing a fleet of lunar ferries that could carry people and payloads between lunar orbit and the moon’s surface.

There are nine teams registered for the competition. Armadillo has been the most successful team so far. In 2006, a landing gear malfunction kept it from winning Level One. Last year, it missed the time limit by 7 seconds.

A new type of Internet-based attack is spreading in which Flash-based ads seize control of a Web surfer’s clipboard and paste in a link to a malicious site in the hopes that it will be spread from there into e-mails, blogs, and instant messages.

Chris Thornton, who created the “ClipMate” clipboard extender for Windows, gave an interesting description of the situation on his Clipboard Extender Dot Com blog:

“Someone wrote a little piece of Adobe Flash code to copy text to the clipboard. Then they put it in a loop, to do it once a second. Then they put it in an innocent-looking flash-based banner ad, with their harmful URL as the payload. Then they signed up for some advertising networks, and submitted their bad ad, presumably paying considerable $$$ to get it featured on sites that you and I visit regularly, such as MSNBC and Digg. And when someone has this ad loaded, they can copy all they want, but everything they paste will be just that URL. So if you are writing an e-mail to Aunt Millie, telling her to look at your eBay auction located at (paste), or to download Picasa to organize her photos - download here (paste), she’s going to get the virus when she visits the bad site.”

The ads have been spotted on MSNBC.com, Newsweek.com, and Digg.com, and victims have reported on numerous forums and blogs that they appear to be fake alerts that a virus has been detected on the computer and offer to clean it up, according to antivirus vendor Sophos.

The malicious link, which includes “xp-vista-update” in the URL, is copied into the clipboard and can not be over-written by copying new text to the clipboard. Users must reboot the computer to remove the link, The Register reports.

Download today’s podcast

A few weeks ago, the Dutch High Tech Crime Unit identified and arrested a 19-year-old Dutch man who allegedly was operating a botnet known as Shadow. This botnet, unlike more recent examples, used IRC, meaning its traffic was easier to trace than the Web-based command and control traffic used today by most new botnets. Shadow would infect users via Windows Live Messenger or MSN Messenger.

This week CNET’s Robert Vamosi spoke by phone with Roel Schouwenberg, senior antivirus researcher at Kaspersky, who happens to be based in the Netherlands, about the Shadow botnet.

What’s unusual here is that the crime unit then asked Kaspersky Lab to provide the identified victims, people who had unknowingly allowed their computers to become compromised, with instructions on how to neutralize the malware on their systems. While antivirus companies and law enforcement work together all the time, rarely has law enforcement been concerned about cleaning up a victim’s machine.

Microsoft will gain more by enabling more people to use MSN than it will by squeezing quarters out of startups. Connecting its IM service with Yahoo!’s was a step in the right direction. This attempt to extort money from startups is 10 steps in the wrong direction.

However, if a company wants to force its users to abandon 73% of their friends (assuming it’s roughly a three-way race between AIM (53 million active users), MSN (27 million active users), and Yahoo! (22 million active users), then they can use MSN for free! Wow! Dave Rosenberg calls this “bizarre and stupid.” I think he’s being overly generous.

If the company wants to offer other IM services (from Yahoo, Google or AOL, say), Messenger must get top billing. And if the startup wants to offer any other IM service, it must pay Microsoft 25 cents a user per year for a site license.

Its excuse for this amazingly bad policy? That the agreements it’s seeking to impose “merely represent what Microsoft wants–not what it will ultimately get in each instance.” Wow! What a soothing response. “When we told the villagers that we planned to rape and pillage, that’s just what we wanted to do. We figured we could make do with simply pillaging.

Here’s the “deal”:

You’ve got to hand it to Microsoft. The company knows how to go against the grain. Just at the moment that the rest of the planet has discovered that there is huge value in opening up, Microsoft has been stalking the web, demanding payment from startups that want to allow users to import their MSN contact lists to other web services, as Fortune notes.

Data is the future of lock-in, but some companies like Google are attempting to preserve user choice by signing up to data portability agreements. Not so Microsoft, which doesn’t seem to have learned much from its antitrust trial besides how to evade detection.

commentary

The Ballot Blog page on SequoiaVote.com had contained information from Sequoia regarding the Super Tuesday New Jersey election, but as of Thursday afternoon the blog site was available only on and off.

The defacement and subsequent takedown occurred Thursday morning on the company’s Ballot Blog page. Sequoia is one of a handful of electronic voting companies used in the United States. It has in recent days come under fire for apparent discrepancies in voter tallies in last month’s New Jersey primary election.

On the resurrected Ballot Blog site on Thursday, Sequoia Voting Systems announced that it had initiated its own external review of the New Jersey voting systems. The external review, the company said, would be conducted by independent parties including Kwaidan Consulting of Houston, Texas; an Election Assistance Commission (EAC)-accredited Voting System Test Lab (VSTL)–Wyle Laboratories of Huntsville, Ala., and possibly another VSTL; and an academic institution.

Dear Professors Felten and Appel:

As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property.

Part of the Sequoia Voting Systems Web site was defaced and subsequently taken down on Thursday, according to a report in InfoWorld. As CNET prepared this blog, the entire Sequoia Voting System site was frequently inaccessible.

Last week an independent group representing New Jersey county clerks asked Princeton University computer science professor Ed Felten to investigate the discrepancies in the New Jersey vote tallies. Felten and his team have examined Sequoia and other voting systems in the past. Most recently, Felten’s team of graduate students helped the California Secretary of State Debra Bowen conduct a survey of her state’s electronic voting systems. One of those graduate students, J. Alex Halderman, recently gave a talk at Shmoocon 4 suggesting that with improvements, electronic voting systems could work well in a future election.

Very truly yours,
Edwin Smith
VP, Compliance/Quality/Certification
Sequoia Voting Systems

Last Friday, Sequoia systems contacted Felten and threatened legal action if he or his students conducted an investigation of a working New Jersey voting machine. On Monday, Felten posted the e-mail on his blog . It reads:

Fact: The National Security Agency (NSA) has data-mined the call records of millions of Americans. These records were handed over to the spying agency without a court order or warrant.
Fact: Calling your Aunt Susan in Australia? The NSA is listening. No warrant? No problem. What about for international calls made to a lawyer, doctor or priest? No warrant necessary there either.
Fact: Mobile phones transmit extremely accurate location information back to the wireless carriers. The FBI, DEA and other federal law enforcement agencies routinely get access to this location data without demonstrating “probable cause,” which is typically required before a judge will issue a warrant. Fact: Most mobile providers claim that they do not save copies of text messages sent to phones and pagers for extended periods of time. However, up until the point that the messages are deleted, the companies will happily turn them over to the police without a warrant, requiring only that the prosecutors claim that the records are “relevant and material” to an investigation.
If you are arrested by the police, in addition to searching your body, they are also permitted to search through your mobile phone and look through anything that they can find. Got an
iPhone? They may be able to browse through hundreds of emails from your gmail account using the device, all without the pesky requirement that they first get a warrant.

Skype’s security is good enough, it seems, to stump the police and intelligence agencies in Germany. They’ve had to resort to paying 2500 euros per victim suspect to install malware that secretly records the audio as its recorded and played on the user’s PC during a Skype call.

Secure Voice over Internet Protocol (VOIP)

Both Microsoft
Windows Vista and Mac OS X include encrypted disk support out of the box. While I can’t speak to the Windows experience, I can say that encrypted disk support is a piece of cake on the Mac. As recent court cases have shown, this disk encryption can be a total roadblock for law enforcement, and can completely derail any attempted investigation or prosecution.

As fans of the HBO show The Wire will already know, mobile phone privacy and anonymity is something that there is a significant market need for. For now, psuedo-anonymity can potentially be achieved through the use of prepaid phones, but this provides no safety against a government agent with a wiretap order (or a spying agency willing to break the law).

In the old days, the spooks would have to rely on the so called ‘black bag job’ — a term to describe the act of breaking into a suspect’s house in order to install bugs and other listening equipment. The team doing it, at least in Hollywood movies, were, like ninjas, dressed in all black.

As large as the NSA is, it simply doesn’t have that level of resources. Thus, simply due to the man hours required, the NSA’s surveillance net was limited in scope.

Raising The Bar: The Black Bag Job

Secure Instant Messaging

The nice thing about the black bag job - is that it is labor intensive. Want to install bugs in the home of a suspected Soviet agent? That’ll take a team of five agents, plus around the clock surveillance for a few days beforehand. Using traditional techniques, spying on an additional 10,000 Americans would require an additional 50,000 NSA black-bag-job agents to install the bugs.

Unfortunately, out of the box, most internet based telephony services are horribly insecure. Use Vonage, Packet8, or one of the other popular VOIP services? Your calls are going over the wire in the clear. Using one of several open source hacking tools, it’s trivially easy for an attacker or nosey neighbor to snoop on your calls.

In addition to enabling the average Joe to regain a bit of his privacy, the rapid deployment of easy to use crypto will have a major impact on our society: The end of large scale surveillance.

Mobile phones

For now, we as consumers are left out in the cold. However, the rise of devices such as the iPhone and Google’s Android OS do give me some hope. If we get Skype on mobile phones (a not so unrealistic possibility), law enforcement is going to have a very very tough time. Furthermore, if we can replace SMS text messages with off-the-record encrypted IMs, users will finally get the privacy they deserve.

No amount of telecom company assistance will enable the Feds to passively snoop on an encrypted IM conversation. In order to have any chance at getting a copy of the messages, Uncle Sam will need to resort to a significantly more invasive (and riskier) surveillance techniques.

Just like Google, if the NSA wants to expand its surveillance abilities, it simply has to build another data center. Want real-time spying on the phone calls of 10 million more people? No problem — just buy another 10,000 computers, and set them up with NSA’s existing pattern recognition software

First, a few facts:

If you can get your pals to install it, go for Zfone, but for those you can’t, Skype is probably good enough.

With regard to the mainstream voice solutions, Skype is the clear exception to the rule. All Skype communications are encrypted (as long as you don’t live in China, where the government has forced the eBay owned software company to install some fairly suspect filters).

One word: Tor. If you’re not using it already, you need to be.

Anonymous Web Surfing

The deployment of easy to use cryptography for the average user will significantly upset the status quo. Large scale surveillance will no longer be possible, and the spooks will have to return to the days of the black bag job. Will they still be able to focus on high-profile terrorist targets? Sure. However, their days of spying on the average American, simply because it’s easy, could be over.

(Credit:
The Adium Dev Team)

While there are so many scary things being done by intelligence and law enforcement, hope is not far away. Easy to use privacy technologies are upon us, and with them, comes a radical shift in the balance of power. As this article will explain, the scalable techniques with which the NSA, FBI and other agencies can spy on innocent Americans may soon be made useless - forcing them to go back to the old school (and labor intensive) black bag job.

With all of the attention that the Foreign Intelligence Surveillance Act (FISA) update (and the administration’s vigorous attempts to immunize the criminals telcos), it seems like a good time to explore the issues surrounding surveillance and privacy in America today.

NSA: We're watching you….

While we can’t rely on Steve Jobs to bring this to us, there is a decent chance that Google’s Android system may end up having these features. It’s an open platform, right? So it’s just a matter of time until someone hacks it up, and releases it.

The big problem with the surveillance techniques currently used by the NSA, aside from the fact that they are creepy and illegal, is that they scale so well.

An encrypted conversation in Adium

As the debate over FISA and telco immunity has demonstrated, the telecom companies are willing to completely eviscerate consumer privacy in order to help law enforcement and the intelligence community. With the telcos getting handsomely paid for their participation in illegal surveillance programs, its clear that consumers cannot rely upon AT&T and Verizon to protect their privacy.

Consumers will need to take matters into their own hands - and luckily, secure communication technology is finally user-friendly enough to be usable by non-geeks.

I’ll now explore the technologies that will make that possible.

Thus, for most users, Skype is more than good enough - and a complete pain in the ass for law enforcement.

Encrypted Computer Data

(Credit:
National Security Agency)

These IM applications and the off-the-record encryption standard they use are protocol independent. That is, they work with AOL Instant Messenger, Google Talk, Yahoo IM, and others. By using one of these applications, your IM communications are encrypted, authenticated, and completely deniable.

I’ve written extensively about this form of secure communication before. Adium, one of the most popular instant messaging applications for the
Mac, ships with high-end encryption out of the box. Similarly, Pidgin, an IM application shipped with practically every Linux distribution, also includes support for the same encryption protocol that Adium uses. A port of Pidgin is also available for Windows users.

For those users not willing to trust their communications to a closed-source communications system, the gold standard really is Zfone, an encrypted VOIP solution made by famed cryptographer and cypherpunk Phil Zimmerman. While it’s easily the best tool out there, it unfortunately suffers from the network effect — that is, there really isn’t anyone using it right now…. and Skype has, in a few years, become the most widely deployed cryptographic application ever.

Unfortunately, due to computers, and the willing assistance of telecom companies - this is no longer a problem. Surveillance today scales very very easily, and it is almost trivial for the NSA to spy on an additional 100,000 Americans.

On Tuesday, Jose Nazario of Arbor Networks offered in a blog more information on the strength and duration of the attacks. “Compared to the May 2007 Estonian attacks, these are more intense but have lasted (so far) for less time. This could be due to a number of factors, including more sizable botnets with more bandwidth, better bandwidth at the victims, changes in our observations, or other factors.”

Initial information suggests that Internet attacks on Georgian Web sites over the last two weeks are the work of kids, according to one researcher, while another says the intensity of these attacks is short-lived when compared with attacks in Estonia last year.

Posting on CircleID, Evron wrote that there are botnet attacks against .ge Web sites, but the Internet infrastructure doesn’t appear to be directly attacked. “Not every fighting is warfare,” wrote Evron. “While Georgia is obviously under a DDoS attacks and it is political in nature, it doesn’t so far seem different than any other online aftermath by fans. Political tensions are always followed by online attacks by sympathizers.”

Nazario also said that there is evidence that the Georgians had responded by attacking a Russian newspaper Web site.

In an e-mail to CNET News, Gadi Evron, founder of the Zero Day Emergency Response Team, said that “although the impact on their Web sites is clear, I believe this may end up being just some kids who got overexcited, with Georgia being ill-prepared to say the least. ”

Indeed, the more successful this retail Linux PC experiment by Wal-Mart, the less likely it was to continue. Had the PCs sat on the shelves Microsoft would have been gleeful to let it continue.

Remember Microsoft’s COO, Kevin Turner? He’s a former Wal-Mart executive. Turner used to run Wal-Mart’s Sam’s Club business unit and before that was Microsoft’s chief information officer.

Oh, really?

Wal-Mart has ended its experiment with selling Linux-based computers in its stores, suggesting that “This really wasn’t what our customers were looking for.”

commentary

But maybe the decision was much more personal. There is a strong executive tie between Microsoft and Wal-Mart.

It may well be that Wal-Mart simply didn’t push enough units to make the grade. Many great products simply don’t sell for Wal-Mart, and it dumps them. But in this case, it could well be that Linux’s success paved the way for its downfall due to a too-cozy relationship between the world’s largest retailer and the world’s largest software vendor.

Even when Wal-Mart has made motions toward Linux and open source, Microsoft (no doubt inspired by Turner) has been there to help it see the light. It was likely Turner who pushed Wal-Mart to go on the record as adopting SUSE Linux for its Linux deployments because of patent protection. Wal-Mart never goes on the record for anything related to IT purchases. The fact that it did in this case says a lot about the exeuctive sleepovers that happen between the two companies.

According to NBC Local Media’s senior vice president, Brian Buchwald, the new sites will target a group of people NBC is calling “social capitalists” who are passionate about their city and want to “stay ahead of the curve and influence others in their peer groups.”

“These sites are a departure from what we’ve done in the past and the next step in our mission to provide truly relevant local content to consumers on the media platform of their choice,” said John Wallace, president of NBC Local Media. “Our goal was to create a new type of user experience that’s less an extension of our TV stations and more of an online destination for the latest local news, information, and entertainment. These sites are about putting consumers first and giving them the content they’re looking for from the best available sources.”

NBC’s new plan will eliminate the link between its TV stations and their respective Web sites and will target a city’s specific online community to help locals stay on top of the latest news and information in their area, regardless of the source. In fact, much of the content on the sites will be gathered from outside content providers or contributed by the audience itself through videos, blogs, and text.

The sites will roll out in four phases throughout the month. The first phase starts today in Chicago, followed by Los Angeles, San Diego, and San Francisco on October 16. NBC will add Dallas, Philadelphia, and Washington, D.C. to the group on October 20, and New York and Hartford, Conn., at the end of the month. Each new site will replace the existing NBC local station’s Web site and feature a new domain name. If successful, NBC may roll out the localized sites in other markets sometime in the future.

Writing about the ascent of the “alpha geek”–a contradiction in terms?–Brooks cobbles together a series of easy generalizations regularly tossed around as shorthand to explain more complex developments. Call it cliche as socio-economic analysis. To wit:

At last he didn’t peddle past the idea of the techno-elite as a tribe of bad-smelling, social losers with barely enough sense to wipe the snot off their faces. But Brooks’ assignment of a present-at-the-creation date for the “nerd ascendency” to Microsoft and the digital economy in the 1980s is subjective. He could just have easily moved the time line back to around the birth of Fairchild Semiconductor and the myriad successful tech companies later founded by its alumni.

And let’s not forget the likes of Hewlett-Packard and other sundry start-ups, which put Silicon Valley on the map. But that was long before the emergence of the era of 24/7 naval-gazing, so I suppose that doesn’t count as much today.

So, in a relatively short period of time, the social structure has flipped. For as it is written, the last shall be first and the geek shall inherit the earth.

(Credit:
http://www.pocketprotectors.com )

The news that being a geek is cool has apparently not permeated either junior high schools or the Republican Party. George Bush plays an interesting role in the tale of nerd ascent. With his professed disdain for intellectual things, he’s energized and alienated the entire geek cohort, and with it most college-educated Americans under 30. Newly militant, geeks are more coherent and active than they might otherwise be.

Um, sure David. On the basis of the most flimsy evidence, we’re expected to believe that a fundamental societal transformation is under way. I suppose that’s not as over the top as your Candyland declarations cheerleading our way into Iraq. But it’s as equally rooted in unreality.

Over the years, I’ve become inured to David Brooks’ predictable platitudes about politics and culture. He’s been wrong so often on the big story of our times–the war–that I automatically tune out his musings on contemporary culture. But after stewing all weekend about his most recent New York Times column, I’ve got to get this off my chest.

If anyone has the address of this “geek cohort,” please pass it along. Until then, I think that’s utter hogwash. I’ve watched several generations of college-educated Americans under 30 and beyond and, truth be told, there’s nothing in that history to suggest the current crop’s presumed group sensibility is going to last into middle age. And the only “newly militant geeks” I can point to usually surface when Twitter goes haywire during another of its prolonged brown-outs.

The future historians of the nerd ascendancy will likely note that the great empowerment phase began in the 1980s with the rise of Microsoft and the digital economy. Nerds began making large amounts of money and acquired economic credibility, the seedbed of social prestige. The information revolution produced a parade of highly confident nerd moguls–Bill Gates and Paul Allen, Larry Page, and Sergey Brin and so on.

The iPhone hordes! Hide the women and children before they get “i-mashed.” Hoo boy. Brooks must have received special dispensation from The New York Times copy desk because this is rhetorical overkill to the point of being ridiculous. If there’s a political darling among the nerd set these days, it’s probably Ron Paul (though Obama definitely has the coolness factor). But defining a generation by the popularity of a commercial product is a Madison Avenue cliche waiting to be born. Maybe the ghost of Lionel Trilling will get so worked up about the cacophony of the blogosphere it will soon haunt the ramparts of Columbia’s Morningside Heights.