A Little Ludwig Goes A Long Way

Recommended by Adrian for video cam equipment — Supercircuits

• Brett on Stuff » Distilleries of Scotland. A reason to hike Scotland
• WOW — stronger authentication than your bank. What does that say about the world.
• Running DC thru the house. An idea whose time has come again?
• Indie games DB. Often way better than mainstream games
• Guided Bullets. Why not.
• Thingiverse. Kind of an open source design site.
• Denhaus — awesome pet furniture
• Nitrogen-infused golf clubs. Golfers will buy anything.
• Dutch 5 Euro coin. Awesome, wish I could order. Not the first time I have been blocked from ordering a euro product, wish I could sign up for a forwarding PO box in Europe.
• Mini Magnetosphere. Maybe we all need one of these

NIC exploits via Hack the Planet — “I’ve seen one example use this to establish a zero-footprint rootkit i.e. one which leaves no trace on disk.” — egad.

• The Big Picture | Cognitive Biases: A Short List — great list of the ways we screw up decisions
• marca’s view on the best scifi of the decade
• Larry’s recommended security blogs
• EDSBS’s top 5 legends of football parenting, or, how to give your child a lifetime of therapy.
• super slim wallet designs
• 10 reasons I need to upgrade to MT4

We had a credit card stolen a while back and I was just on the phone with the bank clearing up one last transaction. The vendor, Steam, was claiming that the charge was valid. It took me about 2 minutes to convince the card issuer that the charge was not valid by simple reverse DNS of the IP addresses captured by Steam. Account signup happened at a location served by Adelphia (I have never been an Adelphia customer), and subsequent accesses all took place via two different Russian ISPs.

What surprises me is that neither Steam nor the card issuer (a huge national card issuer) was able to figure this out. It seems very automatable. And seems like card issuers could easily cut down on online fraud by looking at IP addresses — for myself, 99.99% of my transactions come from my work or home machines with fairly stable IP address histories, at least at the subdomain level.  Not foolproof of course, and I do occasionally do transactions from other locations, but it seems like another good piece of info to consider when assessing the validity of a particular transaction.

The Insider: BioPassword to hackers — crack this account — will be interesting to see how much traffic this generates.

Good analysis on used hard drive content. Cross-drive analysis is fascinating. A good reminder — physically destroy your hard disks when you are done with them.

Related posts: Philips amBX, Rootkit safety

Advice for friends and family:

• If you have autorun turned on, turn it off, now.
• Never open any link sent to you by anyone on IM. Unless you know what you are doing.