Got Google Apps? Got AWS? Want to not have to worry about long-lasting AWS credentials stored on disk? Google Apps SAML Single Sign On (SSO) capability has been available for federated identity into AWS via the console for some time now, but bringing that to the command-line has been ... problematic. Google doesn't provide a nice SAML endpoint, they hide it behind all sorts of browsery-specific gubbins. This tool lets you make use of Google's SAML Identity Provider to authenticate yourself to AWS, so you now have the same experience on the command line. [more inside]
An update on what we've been up to at The Media Show, including an interview with the head of punk label Kill Rock Stars and arguing with a puppet version of Richard Stallman. [more inside]
At 31C3 I presented Thunderstrike (1 hour video), an proof of concept exploit against an EFI security vulnerability that allows an attacker to write possibly malicious code in the boot ROM of MacBooks via the Thunderbolt port. The bootkit can be easily installed by an evil-maid or border-crossing agent given a few minutes alone with the laptop, regardless of firmware passwords or disk encryption, and can survive reinstallation of OSX as well as hard drive replacements. Once installed, it can hide from attempts to detect it, prevent software attempts to remove it and spread virally across air-gaps by infecting additional Thunderbolt devices. [more inside]
Using the same password for multiple email, e-commerce and social networking websites is risky, but the majority of web users still do it. This tool allows you to generate unique passwords for a bunch of popular websites in one step. [more inside]
LulzSec has released thousands upon thousands of hacked email logins. EmailAmbush places an "ambush" email message in your inbox which contains tempting-looking links and images which, if followed or opened, send a text message immediately to your cell phone. With your inbox acting as a skeleton key to all your other online accounts, knowing if you've been hacked is a critically important first step in preventing the compromise of ALL your online accounts.
WHAT IS TOR: A poster for the Electronic Frontier Foundation by Molly Crabapple and myself explains what the TOR network of anonymous nodes does, why it's important, and what you can do to help, via the medium of cartoon raccoons in waistcoats.
Just launched a new photo blog about TSA patdowns. Seeing ordinary people treated like criminals is sad, disturbing, and -- surprisingly -- sometimes funny. If you are outraged by patdowns, please share this link via Twitter, Facebook, etc.
The TSA Choice is an activist site against the deployment of whole-body scanners and the TSA's new "enhanced patdown" procedures. We've created a map and word cloud to show what choices people are making in the security line at airports across the U.S. -- the naked pictures, or the thorough fondling by a gloved stranger? Please share your experience, too!
Many people don't know. The good thing is, there's parts of the process which are really easy to explain through visual metaphors. So we did, by constructing a giant mechanical spider marionette. Enjoy.