Friday, August 31, 2007

Welcome to the ASCII Art Videos

I added a new page to my site, which is dedicated to show videos that are about or related to text art and the subject that surrounds it, including the BBS scene, the demoscene and of course SAC, Superior Art Creations.

Visit the new ASCII Art Videos Section at RoySAC.com/videos/.

The section launched with 10 videos.

The first one is "The Art of Textmode" - Text Art History, a presentation at the Assembly 2004 Demo party in Helsinki, Finland by Christian Wirth aka RaD Man. I referred to that video earlier already in a blog post of mine from February and decided to put it somewhere on the site where it can be found more easily.

The second one is a short video by Creature of Hell/SAC - The Movie from 2001, showing off some of his pixel art skills.

The main part of the section is made up by the six videos, which represent the complete content of Jason Scott's 3 DVD long documentary titled "BBS - The Documentary". No, it's not an illegal copy of the DVD's. Jason put them up himself on Google Video, because he released the documentary under the creative commons licensing model to make its content easier accessible. Jason does of course appreciate support for his cause(s), which are surrounding the subject of BBS and actually were the triggers for him to create the documentary in the first place. You can support him via buying the real DVDs, pressed, not burned, with nice wrapping and paper box for example. You can get it via his website here or from Amazon.com, if you prefer them for any reasons.



Then I also put up two good examples of ASCIImation, which means animated ASCII or ASCII animation. The examples show two songs by more or less famous musicians who used ASCIImation for their music videos.

More videos will be added over time, especially videos of the old SACtros and cracktros the group did for others and which can not be started and watched on modern PCs without emulation of the old MS DOS operating system.

Btw. I extended the SAC section of RoySAC.com a little bit as well. I added more content and also found two music-disks that were released by SAC members when I was not part of the group anymore. I found them by accident and put them up on my site of course. :)

Cheers!
Carsten aka Roy/SAC

Tuesday, August 28, 2007

Political Systems For Dummies

Original title: Political Systems Explained for Farmers Dummies.

The fundamental principles of the different types of political and social systems explained via a simple example using two cows. You heard right, COWS. If you know what a cow is and are aware of the fact that the produce more than just steaks for your dinner, such as milk, you are good to go and should have no problem to understand it.



I came across this on the internet and wanted share it with you. It's hilarious. If any political system is missing, feel free to add your own "Two Cows Definition" of it as a comment below. Thanks.

FEUDALISM
You have two cows. Your lord takes some of the milk.

PURE SOCIALISM
You have two cows. The government takes them and puts them in a barn with everyone else's cows. You have to take care of all of the cows. The government gives you as much milk as you need.

BUREAUCRATIC SOCIALISM
You have two cows. The government takes them and put them in a barn with everyone else's cows. They are cared for by ex-chicken farmers. You have to take care of the chickens the government took from the chicken farmers. The government gives you as much milk and eggs as the regulations say you need.

FASCISM
You have two cows. The government takes both, hires you to take care of them and sells you the milk.

PURE COMMUNISM
You have two cows. Your neighbors help you take care of them, and you all share the milk.

RUSSIAN COMMUNISM
You have two cows. You have to take care of them, but the government takes all the milk.

CAMBODIAN COMMUNISM
You have two cows. The government takes both of them and shoots you.

LIBERTARIAN/ANARCHO-CAPITALISM
You have two cows. You sell one and buy a bull.

... and as a bonus some explanations of some of the basic social principles explained, using our beloved two cows as illustration.

DICTATORSHIP
You have two cows. The government takes both and drafts you.

PURE DEMOCRACY
You have two cows. Your neighbors decide who gets the milk.

REPRESENTATIVE DEMOCRACY
You have two cows. Your neighbors pick someone to tell you who gets the milk.

BUREAUCRACY
You have two cows. At first the government regulates what you can feed them and when you can milk them. Then it pays you not to milk them. Then it takes both, shoots one, milks the other and pours the milk down the drain. Then it requires you to fill out forms accounting for the missing cows.

PURE ANARCHY
You have two cows. Either you sell the milk at a fair price or your neighbors try to take the cows and kill you.

SURREALISM
You have two giraffes. The government requires you to take harmonica lessons.


Surprisingly simple, isn't it. I wasted hours of lessons of social science in school to learn something that would have taken only a few minutes to explain, without the risk of falling asleep by listening to the monotone voice of my boring social sciences teacher.

Here is the video version of it that I created :)

Cheers!
Carsten aka Roy/SAC

Friday, August 17, 2007

Kooza Video, Le Reve Update and More Cirque Du Soleil

I discovered an extended 30 minutes press conference for the new Cirque Du Soleil show "Kooza", which started touring in 2007.

It includes presentations of some of the acts from the show. Some of the artists need obviously still some training, because some errors were made. I am sure that they are now pretty much flawless. After almost every day one or two shows for the last 4 months, should they be able to perform their routines in their sleeps.

The juggler (biggest part) was doing his routine flawless, and boy, what a routine. I saw him before (not the same performance) on Cirque Du Soleil Solstrom DVDs and noticed how good he was, but he topped that performance and then some.

Next to the intro part are also two additional parts (next to the juggler) in the video. They are performed by the Cirque Du Soleil "House Troupe" and are the acts they perform are called "Charivari" and include acrobatics, human pyramids and rebounds from three miniature trampolines.

However, the video will give you a pretty good idea of what the final show does actually look like. Got your tickets? I got mine for November in San Francisco.

Here is the Video.



Backup URL to video

Update on My Favorite Show: Le Reve

I watched "Le Reve" a second time, last month, when I was in Las Vegas again. I got the premium VIP package, with champaigne, strawberries and video monitor that showed some of the underwater action or shots from the top straight down.

I noticed a bunch of changes to the show, since I saw it over a year ago in April, 2006 and I am not sure, if I like them.

The show was this time not as impressive as when I watched it for the first time and became a hardcore Cirque Du Soleil fan and started watching as much of their shows as I could.

I also have to say that I don't think that the VIP package is the best deal in the house. I was sitting at the very top row and most of the action was actually happening beneith rather than in front or above me. I know why they put the VIP seats up there. That made it easier for the servants to refill your champaigne glass and ask you, if everything is fine.

However, I think that the seats further down, right after the "splash zone", where you get wet, are the best seats. I guess I will have to watch the show once more and this time really go for the lower seats. I was sitting more towards the top rows when I watched it the first time, although it was not as high as this time.

I will revise my top Cirque Du Soleil show list for now and change it to:
  1. "KA"
  2. The Beatles "Love"
  3. "O"
  4. "Varekai"
  5. "Le Reve" (unofficial CDS show)
You might noticed "Love" on the number 2. spot. Yeah, I watched it also when I was in Vegas last month. It's a great show and from the overall style much similar to "Le Reve", rather than "classic" Cirque style. The question is: Who copied who? Dragone, the creator of "Le Reve", from the creator of "Love" or vice versa? mmh...

Great show! Must see (after you watched "KA").

Anyway, I still love the music from "Le Reve" the most. Music does a lot to the overall impression of a show. I guess a Cirque fan who also loves the Beatles will be in heaven, if he watches the show at the MGM Mirrage.

Cheers!
Carsten aka Roy/SAC

Sunday, August 12, 2007

Why Worry Today, If Your Bank Account Gets Hacked Tomorrow

My post from a week ago, about the major flaws in the new online banking security systems that banks around the country deployed recently, did not get any attention. The flaw was explained in detail and demonstrated (by actually hacking a bank account) at the Defcon 15 hacker conference in Las Vegas. One person dugg it at Digg.com and that was it. End of story, nobody seems to be interested. Well, it only affects pretty much everybody, at least everybody who uses online banking.

Meanwhile did also other blogs that are specialized in application and system security write about the story. DarkReading.com was one of the most known publications who published the story "New Bank Practices Make Hacking Easier" a couple days after I published mine.

Their story died at Digg.com, just as mine, but at least did some more bloggers pick up their story. Here are a few other bloggers who picked it up:

Here is a picture of Brendan O'Connor, who presented the issue at the conference, which makes it easy to understand, why some people might not give him the attention he deserves.

It is funny how things work sometimes. On the one hand are people going berserk and crazy about some "big privacy issues" that are bullshit. I just mention Google and the other search engines regarding their updates to their privacy policies.

I guess it has to hurt a bunch of people first, some accounts hacked and life's and businesses ruined that people wake up and ask "WTF is going on here?". The cries will be loud and painful to listen to. People will ask "Did nobody knew about this?" .. Of course did somebody knew about this, but you were not listen, you dumba...!

"Schadenfreude" is not a good thing in this matter, but a bit cynicism does not hurt either.

Quick Update: Here is the 47 pages presentation by Brendan O'Connor from DefCon 15 in PDF format (only 230KB in size), titled "Greater Than One - Defeating 'strong' authentication in web applications". pdf dc-15-oconnor.pdf

The presentation document goes into much more details than I was in my previous blog post. It also illustrates the issues nicely. Check it out.


Carsten aka Roy/SAC

Sunday, August 05, 2007

New Online Banking Security Process Opens More Security Holes Than it Closes

I just got back from DefCon 15 at the Rivera Hotel and Casino in Las Vegas. I will post about the other events at another time, because what I saw this late afternoon at the conference is more important. It is ironic that this session was one of the last one, when many guys already left the conference and were on their way home.

I saw at the conference, where a guy who is (maybe) legal drinking age showed a room full of hundreds of people (it became surprisingly crowded while his presentation progressed) “how cool” the new security add-ons to the online banking login and authentication process are. Additions that are enforced by governmental regulations with the intention to make online banking more secure.

The session was going well beyond the "time limit" for it (1 1/2 hours instead of 50 minutes) and the organizers shut it down eventually and the whole thing moved into a overcrowded Q&A room where the discussion and presentation was continued by the speaker for another 45 minutes, which was pretty cool of him, but you could tell, that he wanted to get this info out there.

Yes, the session was about online banking, the new and "more secure" online banking.

You might noticed that pretty much every bank changed their authentication forms and procedures over the last few months. Those changes, caused by the new government regulations are basically aiding hackers to break into your online account.

  • Did you notice steps like picking "your" personal image (from a number of choices provided by the bank), that the bank will show you in the future as a proof to you, that it is really us, your bank, and not a hacker doing a phishing attempt to get to your personal information"?

  • Did you see the security questions that are derived from your public records, very similar as if you try to access your credit report? Questions like, "Which of the following X things are true?" and then showing you things like previously owned car makes or home loan amounts, where one of them is matching yours?

Yes, those are the new security measurements that were ADDED to the existing online banking software, actually boiler plated in front of the existing software, almost in all cases provided by a different 3rd party vendor, because it was cheaper to add that kind of "patch" to the process to meet government regulations than it would have been to add it to the existing banking software itself, fully integrated.

What struck me the most is how bad it actually is. The new "enhancements" did not enhance the security of the old processes at all. They have the same flaws, but worse, they increased the attack surface for a malicious hacker and made it in fact easier for him to get the information he wants and even more as a bonus.

If I spent a few days with it, I would probably able to hack my bank myself. Its that bad and I am not a hacker (I am a geek and know a lot of stuff, but that does not make me a hacker and/or security expert for something like Online Banking).

I am sure that over the coming weeks and months stuff will surface in the news. People complaining or incidents about hacked accounts. Too much people saw this, not the detailed instructions how to break into the online banking software via a step by step guide, but he showed the way the updated systems work, or better, not work.

He would have broken the law and go to jail, if he would have hacked somebody else's bank account in front of hundreds of witnesses. He hacked his own bank account instead and provided proof that he is not doing anything extremely hard or attacked the system in a way to alter its behaviour.

By the way, the guys name is "Brendan O'Connor" and he works for an unnamed US finance company. He is not an unknown. He did break at last years DefCon the news about a security hole in Xerox printers, which caused quite some stir.

This time is the issue a much bigger and affecting much more people.
I will throw in some keywords and phrases that point to the problems. If you know a bit about computers, the internet and web development, you will get a pretty good idea what I am talking about.

  • New Security is ADD-ON on top of existing authentication layer

  • Finger Printing based on HTTP header content via client side Javascript (tip: "View Source", don't waste the time and write something yourself. Make it easier for you. If your bank uses Flash instead, download the flash and decompile it)

  • Security question will reappear if remained unanswered. Answers will change every time the question is asked (randomly). No limit how often the same question is being asked (until answered)

  • Personal image system. Same system used by majority of banks. Don't waste time on the images. Look at the alt tags. If you have an account, (don't) look at the nice image gallery where you can pick YOUR picture from. Look at the page where the image is shown to you. Ignore the image file name, that changes all the time and is not predictable, but look at the.. you know what to look at.

  • Be grateful for non-obscure error messages, sometimes is the time the system spends on thinking about how to tell you that you entered the wrong stuff the actual message.

  • If you write your own pages, don't forget to use the code you already got. Put a reference to the source in it and don't take the credits for yourself. Somebody spent a lot of time to write that code (for you) :)

Okay, that is enough. I hope you get the picture. I forgot to write the email of Brendan down. It was name.name@gmail.com. The "O'" part of his last name makes me unsure, if it was brendan.oconnor AT gmail DOT com or something different. You can find out through the DefCon.org organizers. Brendan said that he provides the code and everything to anybody who wants to see it.

One thing is for sure. That story does not make me sleep better at night, especially if you consider the fact that you are with almost 100% certainty not covered, if your account gets hacked and have to cover the losses yourself, opposite to the archaic method of using checks, where losses are covered by the bank, even if you lost your check book due to grave negligence. This is messed up!

Quick Update: Here is the 47 pages presentation by Brendan O'Connor from DefCon 15 in PDF format
(only 230KB in size), titled "Greater Than One - Defeating 'strong' authentication in web applications".
pdf dc-15-oconnor.pdf

And also see the video recording of the DefCon Session with Brendan O'Connor:



Backup link to the video T164 - Greater Than 1 - Defeating "Strong" Authentication in Web Applications at Google Video if you have problems with playing the embedded video.

Wednesday, August 01, 2007

Major Site Expansion and New SAC Section with Art Packs Page

I spent quite some time to update content at my RoySAC.com Website. I wrote a whole ASCII art primer article to give you an idea what I am talking about in general. It is for people who do know little or nothing about ASCII/ANSI art, the artscene and the warez scene it operated in.

The biggest addition is the new SAC section, which is dedicated solely to everything related to Superior Art Creations, the art group, which I founded in 1994.

You can find there SAC VGA logos created by SAC members for the group, as well as ANSI logos and ASCII logos, which were created for internal purposes of the group.

The largest addition overall was the new SAC art packs releases page. It shows all 34 SAC art packs, which were released betweeen December 1994 and December 2005, the packs File_ID.diz, download links to the pack files, links to the SAC.NFO files for detailed information about each pack and a brief description for every release.

The descriptions are more detailed than I had originally planned. Because of that, does the page act as SAC history page for now, until a better SAC history page is being created one day. There are some "holes" in it, but I hope to get the missing information and will then update the page accordingly.

I updated pretty much every page of the site, including the home page, the Roy/SAC art page, the shop, the downloads section, the links page and the gallery pages (ASCII Art, ANSI Art, Best Of and VGA Art). The Website navigation was overhauled and has now a much slicker look than before. Here is a partial screen shot of how the navigation of the site looks today.



I hope you will enjoy the "renovated" and massive expanded RoySAC.com site. Let me know what you think about it, negative feedback is as welcome as possitive.

Thank you and Cheers!

Carsten aka Roy/SAC