Short version:

An easy and secure way for anonymous internet usage:

1. Install and start Virtualbox (at least version 4).
2. Download two VM images: Tor gateway and Tor workstation
3. Import the images (in Virtualbox File->Import Appliance)

To start using the internet anonymously you just have to start both VMs Tor gateway VM and Tor workstation VM. As soon as they they finished booting, you can use the anonymous internet access through the Tor workstation. If you want to stop using the internet anonymously, just power down both VMs.

Long version:

The goal of this article is to provide a solution to use the internet anonymously in an easy and secure way. Anonymous as in no one but you must be able to tell that you are communication with a certain receiver (like browsing a website: No one must know that you are surfing that certain website). A way to use the internet anonymously is to use an internet connection that can not be tracked down to your person and a computer that has no information stored about you. Which means quite an effort every single time you want to use the internet anonymously. For an internet connection that can not be tracked down to your person, software like Tor has been developed to accomplish this also over a non-anonymous internet connection. Checking if the computer has no information stored about you, can not be handled by the Tor software and must be handled by the user! Currently there is one major problem if you want to use the internet anonymously: You really do have to understand the functioning of computer networks and the Tor software to a degree that is far away from being trivial – otherwise you might probably use the software in an insecure way. Let me give you some examples:

1. Install the Tor client to your Operating System and configure your browser to use the local TOR client through SOCKS-proxy functionality of Tor (or use extensions like Torbutton for Firefox to do that for you). While this is quite easy to accomplish, it has a major security drawback: If you use your everyday browser it has a lot of information stored about you and your browsing history and behavior which it might leak. Even if you use some other browser, you must turn of all plugins like Java or Flash and disable Javascript (or use a proxy like Privoxy to do that for you) so they can not leak information like which sites you visited or in which network or city you are, … But this breaks lots of websites nowadays. While this approach might be easy it is usable for browsers only and far from being “secure”.
2. If you use the tsocks/torify approach which allows non SOCKS aware applications (e.g telnet, ssh, ftp etc) to use SOCKS without any modification, you can use most applications. But they might still leak information about the local system themselves. Besides there is the risk of just forgetting to type the “torify” in front of the command that should be executed. Which is definitely not what one wants to happen. So this approach is neither “easy” nor “secure”.
3. The VM approach I already wrote about in an article earlier, puts the software you are using on the internet into an virtual machine (VM) which reduces the risk to leak information about you and the information within the VM. The drawback is that you have to configure a redirection with a packet filter or firewall on your host system and that you have to set up and configure a VM to use as an anonymous workstation. So this approach is still far from being “easy”.

Which is why I want to discuss a new approach that is at least as secure as the last one above (#3) but additionally should be quite easy to use:

1. Install and start Virtualbox (at least version 4).
2. Download two VM images: Tor gateway and Tor workstation
3. Import the images (in Virtualbox File->Import Appliance)

To start using the internet anonymously you just have to start both VMs Tor gateway VM and Tor workstation VM. As soon as they finished booting, you can use the anonymous internet access through the Tor workstation. If you want to stop using the internet anonymously, just power down both VMs. The task of routing traffic through the Tor network has been moved to the Tor gateway VM. So you do not have to modify your local system any more then installing Virtualbox and importing both VMs. You do have a preconfigured Tor workstation ready to use that boots within a minute and you can be sure to anonymously use the internet. The Tor gateway runs OpenWRT Linux using just about 8Mb of disk space and 32Mb of RAM. It boots in less then 3 seconds and transparently routes all traffic generated within the Tor gateway itself and every traffic coming on the virtual internal interface “tor” through the Tor network. You do not need to do anything but start when you want to use Tor and stop the VM when you finished. The Tor workstation runs Micro Core Linux using about 120Mb of disk space and 192Mb of RAM. It boots in less then a minute and has some browsers (Firefox, Chromium and Opera) and a terminal installed. It only stores information within a session. So if you shut it down and boot it again it does not have any information about the previous session. Of course you are not forced to use the Tor workstation. You can use any other VM (Linux, Windows, AmigaOS, just any TCP/IP capable Operating System). Just configure the network settings of the VM (in Virtualbox Settings->Network->Adapter attached to internal network “tor”). Please report, if you encounter any unwanted behavior or find any problems! Also do so if you have got any suggestions to improve the VMs or this approach as a whole. Side note: The content of the communication between you (Tor workstation VM) and any receiver (e.g. a website) is necessarily only encrypted within the Tor network. So if you open an unencrypted connection to any receiver the Tor exit node which in fact opens the connection to the receiver is able to see the content of the connection. So do not send any sensible information like passwords over unencrypted connections!

Information for developers

There is a git repository available for building the Tor gateway image from scratch. Feedback and patches are welcome.

Changelog

To use the fast gateway you need to change the internal network of workstation VM to “torfast”.

“Zender” did a lot of work and published information on how to bypass that errors. If you want the direct URL to the BIOS modifications contact me as Zender does not want the URL to be publicly available.

Using his BIOS modification and the instructions on thinkwiki I put together a BIOS update CDROM-ISO to upgrade the BIOS from an external USB-CDROM which I tested on my X60s but it should also work on X60. Two notes: If you already have the latest BIOS version, you have to downgrade the BIOS first and if you have a custom logo you have to remove that (and than apply it again).

More populistic I could say this is about finding out if it is possible to build a device which lets a human sleep and wake up again purposely.

Sounds interesting? Do not hesitate to read the thesis and/or leave a comment!

• A browser (Firefox) using a local HTTP proxy (Privoxy) which uses a local TOR client through SOCKS.
• tsocks/torify to make non-SOCKS-aware-applications work through TOR.
• A virtual machine (VM) where some applications are configured to use the local HTTP proxy and/or TOR client.

Each of these setups has different disadvantages and neither fits my requirements:

• In the browser approach I had to turn off all plugins (Java, Flash, ..) and Javascript so they can not leak information about the local system. Unfortunately this breaks many websites nowadays.
• The tsocks/torify approach works for most applications but they may leak information about the local system themselves. Anyway there is a small risk of just forgetting to type the “torify” in front of the command I want to execute which I really do not want to happen.
• The VM approach is like putting the two previous approaches into a VM. So the risk of leaking local information is reduced to the VM. Anyway I have to make applications running within the VM explicitely use the TOR network. Besides I want to take care that no other traffic but TOR is going out of the VM which means I have to set up a packet filter on the host.

One solution might be to transparently route a VM through the TOR network so that a VM does not need to be modified in any way. It is quite simple and should work on all OS although I just tried it on a Linux host. As already said, the VM can run any OS!

The host must to redirect all TCP packets to a transparent SOCKS proxy which itself forwards the packets to a TOR client. UDP packets with destination port 53 are redirected to a small script which puts the payload into a TCP packet and forwards it to a TOR client. This is necessary because TOR itself can only handle TCP packets. The host must drop all other packets coming from the VM.

How this works under a Linux host:

• Create an unprivileged user “torbob” that runs the VMs.
• Choose a virtualization software. I decided to go for qemu/kvm since I am already familiar with it. Using Virtualbox or VMware should also work.
• Install, configure and run a transparent SOCKS proxy. I use redsocks but there are also others around. Remember the port it is listening on (31337 in this case). Update: This is not necessary anymore, because Tor has an inbuilt SOCKS proxy since version 0.2.0.1-alpha. Just add “TransListenAddress 127.0.0.1″ and “TransPort 31337″ to your torrc.
• Configure and run the tor-dns-proxy.py script from dsocks which does the UDP->TCP packet DNS conversion and remember the port it is listening on (1253 in this case). Update: This is not necessary anymore, because Tor has this inbuilt since version 0.2.0.1-alpha. Just add ” DNSListenAddress 127.0.0.1″ and “DNSPort 1253″ to your torrc. If you want to be able to resolve .onion domains, you also have to add “VirtualAddrNetwork 10.192.0.0/10″ to your torrc.
• Redirect the packets from the VM to the local daemons:

iptables -A OUTPUT -t nat -p tcp -m owner –uid-owner torbob -j REDIRECT –to-ports 31337
iptables -A OUTPUT -t nat -p udp –dport 53 -m owner –uid-owner torbob -j REDIRECT –to-ports 1253

• Make sure that packets to that daemons are accepted and all other packets from that user are dropped/logged:

iptables -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp –dport 31337 -m owner –uid-owner torbob -j ACCEPT
iptables -A OUTPUT -d 127.0.0.1/32 -p udp -m udp –dport 1253 -m owner –uid-owner torbob -j ACCEPT
iptables -A OUTPUT -m owner –uid-owner torbob -j LOG
iptables -A OUTPUT -m owner –uid-owner torbob -j DROP

• If you want to share files through SMB between the host and the VM you have to add a few more rules *before* the rules above:

iptables -A OUTPUT -t nat -d 127.0.0.1/32 -p tcp -m tcp –dport 445 -m owner –uid-owner torbob -j RETURN
iptables -A OUTPUT -t nat -d 127.0.0.1/32 -p tcp -m tcp –dport 139 -m owner –uid-owner torbob -j RETURN
iptables -A OUTPUT -d 127.0.0.1/32 -p udp -m udp –dport 137 -m owner –uid-owner torbob -j ACCEPT
iptables -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp –dport 445 -m owner –uid-owner torbob -j ACCEPT
iptables -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp –dport 139 -m owner –uid-owner torbob -j ACCEPT

• Thats it. Now starting a VM (or running any other program) as user “torbob” will either route its traffic through the TOR network (or drop the packets if they use an unsupported protocol).

So I decided to write a small script which is executed from the context menu of konqueror or dolphin (kde file browsers). It compresses a file or directory, sets a password and uploads it to filefactory.com .

project site on kde-apps.org

Macromedia/Adobe introduced something similar to cookies called “Local Shared Object” in Flash6. Unfortunately browsers (at least Firefox) currently do not handle Flash cookies easily. If you tell your browser to clear its cookies they simply persist.

I was very surprised by the vast amount of flash cookies located on my system. Take a look yourself “~/.macromedia/Flash_Player/#SharedObjects/” for Linux, “~/Library/Preferences/Macromedia/Flash Player/#SharedObjects/” for Mac OS X or “%APPDATA%\Macromedia\Flash Player\#SharedObjects\” for Windows XP/Vista.

Two Flash cookies on my system are related to a browser game all others were not needed and I deleted them. You can configure your flash preferences at Adobe. If you want to deny all Flash cookies you need to set the amount of disk space that can be used to “None” at the “Global Storage Settings”. You will then be asked everytime a Flash object wants to set a cookies unless you also enable “Never ask again”.

Some more information about Flash cookies.

Für mich bisher die beste Erklärung zu unserem Geldsystem in einem Video. Auch wenn es insgesamt recht lange dauert (2:18h), kann ich es jedem Interessiertem empfehlen.

URL für den Download.

• adblock plus: ad blocker
• cookiesafe: control cookie persmissions from within the statusbar.
• customizegoogle: enhance google search results by adding extra information and remove ads and spam.
• download statusbar: nice download manager
• tagsifter: tag your bookmarks. finally bookmarks become useable..
• update scanner: monitors webpages for updates which still don’t provide rss feeds
• mitm me: bypass the very annoying ssl errors introduced in firefox3 with a single click.
• gtranslate: translates the selected text via google translate
• keyconfig: nice key configuration. Personally I use it to configure the forward and back keys.
• noscript: allows JavaScript, Java, Flash and other plugins to be executed only by web sites of your choice.
• fasterfox: performance and network tweaks for firefox
• unplug: download flash movies easily (for firefox3 there is no “official” but a “modded” version which just alters the version check).
• add n edit cookies: cookie editor that allows you add and edit session and saved cookies
• bugmenot: bypass annoying web registrations with the context menu (input from ).
• refcontrol: control what gets sent as http referer on per-site basis.
• tab mix plus: has a very rich (not to say bloated) feature set. Currently I use the multi row tab feature and the closed tabs icon (which is way better than the default one).
• firebug: edit, debug, and monitor CSS, HTML, and JavaScript live
• safecache: defends against cache-based tracking techniques but is currently only available for firefox2.
• safehistory: defends against visited-link-based tracking techniques but is also only available for firefox2.
  

I think got used to that feature with the previous mail client I used: thunderbird and I am wondering if the mail client I used before thunderbird (mutt) has a similar feature.

Update:
New URL: git://github.com/ra–/ra-gentoo-overlay.git
Browse online: http://github.com/ra–/ra-gentoo-overlay/tree/master

The reason for writing it was that I gain an advantage (to other people using the library) when I renew every day (if there are reservations on the book one with the oldest renewing date has to bring it back – at least as far as I understand the behaviour of the Aleph software).

The help should be self explaining:

Usage: ./alephrenew.pl [-h] [-q] -b <baseurl> -u <username> -p <password> [-r <seconds>]

-h    : this help message
-q    : quiet (suppress success message)
-b    : baseurl without trailing slash (eg. http://aleph.ub.tuwien.ac.at)
-u    : username (eg. $E123456) – you will probably need to escape the “$”
-p    : password – your date of birth in the form of YYYYMMDD (eg. 19730425)
if you did not change it
-r    : wait random time between 1 and “seconds” seconds (before starting and
1 to 30 seconds between the requests – so it does not look like a script)

Examples:
./alephrenew.pl -q -b http://aleph.ub.tuwien.ac.at -u \$E123456 -p 19730425 -r 3600
./alephrenew.pl -b http://aleph.univie.ac.at -u \$E098765 -p 19851224

A crontab entry may look like this:
0 0 * * 2-6 /path/to/alephrenew.pl -q -b http://aleph.ub.tuwien.ac.at -u \$E3862419 -p 0wN4g3 -r 7200

It’s tested with the libraries of the Vienna University of Technology and the University of Vienna but should work with any other library using the Aleph software.

It is released under the terms of the GPLv2.

I do appreciate your feedback!

Here is my soup ra.soup.io and its RSS feed.

The new version in the 2.6.25 linux kernel works quite well for me (the one in 2.6.24 did not), but the wlan led is not working. This patch makes it work (I removed the support for the 4965 chip since I don’t need it. If you need it: this is the source to the patch).

Jetzt unterschreiben auf ueberwachungsstaat.at (ein wenig Hintergrundinformation ist dort ebenfalls vorhanden).

If you have no clue what this is all about here are two screenshots [1] [2] (actually these do not represent the patch exactly, but you should get the idea).

The kde split ebuild for ksmserver: ebuild (I will do the update to the kde-all-in-one ebuild on request).

To make use of the feature emerge with USE=”dbus hal”. If you don’t see any icons next to the suspend/hibernate buttons, make sure you use an icon set that provides the files “suspend.png” and “hibernate.png”.

• disk-protection patch for hdaps which is used for hard disk head parking on ibm/lenovo notebooks if acceleration is measured: disk-protect-2623-rc8.patch
  Source patch: 2.6.20
• aggressive link power management (ALPM is a technique where the SATA AHCI controller will put the SATA link to the disk into a very low power mode when there’s no IO going on for some time)
  aggressive_link_power_management-2622.patch
  aggressive_link_power_management-2623-rc8.patch
  Some more information on lesswatts.org
  Source patches on kernel.org
• e1000 fix on x60s which fixes the initialization of e1000 on ibm/lenovo thinkpad x60s if no cable is connected.

• Wikipedia (deutsch)
• Wikipedia (englisch, aber weit ausführlicher)
• Seitan.at

Mittlerweile ist Seitan auch in diversen Großmärkten erhältlich (Rewe und andere, für die man keine Werbung machen sollte). Empfehlenswert ist allerdings Reinberger Naturküche für Seitan in Österreich.

There are just two things I found in the software:
The kde submenu text in pdfnup.desktop “X-KDE-Submenu=Paginate” is not
very clear. “X-KDE-Submenu=Pages per sheet” would be better imho.

A small bug in pdfjoin.desktop makes it always display the italian kde
submenu: “X-KDE-Submenu=Unisci o aggiungi” should be replaced by
“X-KDE-Submenu[it]=Unisci o aggiungi”.

I just wrote the author Giuseppe Benigno an email, so these “bugs” probably get fixed soon.

Source: http://roachfiend.com/archives/2005/02/07/bugmenot/
Direct installation link: http://extensions.roachfiend.com/bugmenot.xpi

Source: http://kerneltrap.org/Linux/Power_Saving_Projects

Der Wikipedia-Artikel ist ebenso nicht uninteressant.

You can specifiy a trusted directory and a group as “trusted” or “untrusted”.
If the group is untrusted all users belonging to this group will only be able to execute files from the trusted directory. If the group is trusted all users will only be able to execute files from the trusted directory but users belonging to the group (and root of course).

Get it here: linux-2.6.18-tpe_restriction (patch, 5 KB)

The patch is based on grsecurity – so credits go to Brad Spengler.

The ideal solution is that logging out will not result in an improper shutdown of firefox, but I wrote a small patch that introduces the browser.sessionstore.resume_session_always setting which works for me.

I also updated Gentoo’s ebuild for firefox 2.0.0.6 to use this patch (just extract it to your /usr/local/portage directory).

Update: The above bug is fixed in firefox3. As a work around, you can create a new string preference “browser.sessionstore.restore_prompt_uri” and set it to “javascript:window.close();” (without the quotes).
Unfortunately I could not find a way to make this work with NoScript (yet).

Update #2:
Good news (:
Giorgio Maone kindly updated the NoScript plugin to allow the trick above. You currently have to use the development version (1.1.6.18).

RAW@Wikipedia: http://en.wikipedia.org/wiki/Robert_Anton_Wilson

• linux-2.6.18-proc_restrictions.patch (patch, 12 KB) which basically restricts non-root users from viewing all processes (plus an option for some additional /proc restrictions). It is possible to define a GID which is not affected by the restrictions.
• linux-2.6.18-dmesg_restriction.patch (patch, 1 KB) which restricts non-root users from viewing kernel log buffer messages.

Both patches are based on grsecurity – so credits go to Brad Spengler.

http://www.schrankmonster.de/PermaLink,guid,9c689944-a7ee-4952-9b1f-300017922b71.aspx

The Metalab crew organizes flight & shuttle from vienna to the camp and back: http://campflug.at/

Auch wenn einige Eingaben ein wenig seltsam anmuten, scheint mir das Projekt sehr sinnvoll. (:

c-base Homepage: http://www.c-base.org/
c-base @ Wikipedia: http://de.wikipedia.org/wiki/C-base

Quelle: http://netzpolitik.org/2007/c-base-spendenaktion

Source: http://kerneltrap.org/node/8476

Da wären Erfahrungsberichte sehr interessant. (:

Quelle: http://netzpolitik.org/2007/arte-themenabend-ueberwachungsstaat/

Update:
Mittlerweile auch schon im Netz gelandet:
http://netzpolitik.org/2007/aufzeichung-des-arte-themenabend-zum-ueberwachungsstaat/
http://www2.htl-donaustadt.at/~ange/bigbrother.avi
http://thepiratebay.org/tor/3719239

Source: http://www.jasonblogs.com/2007/06/05/think-before-you-post/

1. Weniger Überwachung
Wir fordern
* keine Totalprotokollierung von Telefon, Handy und Internet (Vorratsdatenspeicherung),
* Stopp der Videoüberwachung des öffentlichen Raums, keine automatische Gesichtskontrolle,
* Stopp von Biometrie und RFID-Chips in Ausweisen und Pässen,
* keine Aufzeichnung des Flugreiseverkehrs,
* kein automatischer Kfz-Kennzeichenabgleich auf öffentlichen Straßen.

2. Bestehende Überwachungsgesetze auf den Prüfstand stellen
Wir fordern eine unabhängige Überprüfung aller beschlossenen Überwachungsgesetze auf ihre Wirksamkeit und schädlichen Nebenwirkungen.

3. Stopp für neue Überwachungsgesetze
Nach der inneren Aufrüstung der letzten Jahre fordern wir einen sofortigen Stopp neuer Gesetzesvorhaben auf dem Gebiet der inneren Sicherheit,
wenn sie mit weiteren Grundrechtseingriffen verbunden sind.

Quelle: http://ppoe.or.at/freiheitstattangst

See you there! (:

Festival: http://www.seedcamp.at/festival/
Programm: http://www.seedcamp.at/festival/programm/
Webseite: http://www.seedcamp.at/

Source: http://kerneltrap.org/node/8207

Einige Links:
http://www2.argedaten.at/php/cms_monitor.php?q=PUB-TEXT-ARGEDATEN&s=28764tot
http://www2.argedaten.at/php/cms_monitor.php?question=DATA-RETENTION
http://www.vorratsdatenspeicherung.de/index.php?option=com_content&task=view&id=78&Itemid=86#Kritik
http://www.vorratsdatenspeicherung.de/index.php?option=com_content&task=view&id=83&Itemid=87#Verbindungsdaten_sind_zur_Bek.C3.A4mpfung_von_Terrorismus_und_organisierter_Kriminalit.C3.A4t_unverzichtbar
http://www.vorratsdatenspeicherung.de/index.php?option=com_content&task=view&id=77&Itemid=85#Stellungnahmen
http://de.wikipedia.org/wiki/Richtlinie_%C3%BCber_die_Vorratsdatenspeicherung
http://www.freenet.at/

“Man bekämpft die Feinde des Rechtsstaats nicht mit dessen Abbau, und man verteidigt die Freiheit nicht mit deren Einschränkung.”
- Otto Schily und andere Mitglieder der Humanistischen Union, 1978

Meine Empfehlung: Unipiraten

Quelle: http://netzpolitik.org/2007/atze-schroeder-vs-wikipedia/
Quelle: http://www.heise.de/newsticker/meldung/89650/
Quelle: http://german.imdb.com/name/nm0775641/bio
Link: http://de.wikipedia.org/wiki/Atze_Schr%C3%B6der

Quelle: http://netzpolitik.org/2007/landkarte-des-internets/

Quellen: http://netzpolitik.org/2007/die-verbotene-zahl/ http://09f911029d74e35bd84156c5635688c0.colourfuldeception.com/

Fazit: Effektiver Nutzen ist gering, da die Videoaufnahmen nur 48 Stunden gespeichert werden dürfen und eine Auswertung nur gemacht wird wenn eine vorsätzliche Straftat begangen wurde, bei der mehr als ein Jahr Freiheitsstrafe droht – also nichts mit Handtaschendiebstahl, Drogendealern, ..

Weiters kostete der Ausbau der Videoüberwachung im Jahr 2006 alleine für einige U1 Waggons 3.7 Mio € !
In Absurdität wird das ganze gesteigert dadurch, daß die Vandalismusschäden nicht mehr als 200.000 € pro Jahr betragen.
-> Die Kosten würden sich nach knapp 20 Jahren ammortisieren (unter der Annahme, daß die Vandalismuskosten auf 0,- fallen). “Würde”, weil die Technik spätestens nach 8 Jahren ausgetauscht werden muß..

Autoren: Henry Porter, Neil Ferguson
Video: http://chaosradio.ccc.de/media/video/suspect-nation.mp4

Quellen: http://chaosradio.ccc.de/ctv086.html http://www.channel4.com/more4/documentaries/doc-feature.jsp?id=107

Edit: Gleich noch ein nettes Video passend zum Thema: http://chaosradio.ccc.de/media/video/big-brother-state.mp4

“NEO” – ergonomisches Layout auf einer Standard-Tastatur

First phone designed to run OpenMoko.

Keyboard mit LCD Display auf jeder Taste

Die Möglichkeiten von Multi-Touch (Jeff Han)

http://www.neuverhandeln.at/

http://derstandard.at/?url=/?id=2755861

Update:
They are officially online @ ftp://ftp.ccc.de/congress/23c3/video

Robert Anton Wilson´s blog: http://robertantonwilson.blogspot.com/index.html

All Hail Eris!

Get the video!
The text is released under a Creative Commons License.

See you there! (:

und ein witziges Comic zu einem ernsten Thema:
http://chaosradio.ccc.de/media/pdf/der-wahlschrank.pdf

Source: http://www.sun.com/software/opensource/java/

Quelle #1
Quelle #2

Sehr gute Auswahl, sehr freundlich, gute Lage (altes AKH). (:

“Man musste Zivilisten angreifen, Männer, Frauen, Kinder, unschuldige Menschen, unbekannte Menschen, die weit weg vom politischen Spiel waren. Der Grund dafür war einfach. Die Anschläge sollten das italienische Volk dazu bringen, den Staat um größere Sicherheit zu bitten. Diese politische Logik liegt all den Massakern und Terroranschlägen zu Grunde, welche ohne richterliches Urteil bleiben, weil der Staat sich ja nicht selber verurteilen kann.”

Vincenzo Vinciguerra

Detailierter Artikel auf Wikipedia:
http://de.wikipedia.org/wiki/Gladio
Im englischen Artikel steht auch etwas über Österreich:
http://en.wikipedia.org/wiki/Gladio

For the guys not knowing Talvin Singh (shame on you =P ):
Talvin Singh’s Homepage
Talvin Singh @ Wikipedia
Talvin Singh @ myspace

Enjoy his great sound! (:

Update:
See a crappy snapshot:

http://www.google.com/codesearch

See: http://www.openssl.org/news/secadv_20060905.txt

Update: Now there is even an public exploit available http://www.cdc.informatik.tu-darmstadt.de/securebrowser/

As you can see, I do prefer a kernel without modules. (:

More in depth original version

ftp://ftp.ccc.de/congress/22c3/lectures/video/mp4/720×576/22C3-408-en-private_investigations_in_searching.mp4 (this one’s really great!)
ftp://ftp.ccc.de/congress/22c3/lectures/video/mp4/720×576/22C3-426-de-entschwoerungstheorie.mp4

Lockpickers site:
http://www.toool.nl/index-eng.php

Lock tests:
http://www.toool.nl/consumer-reports-nl.pdf

Bump proof locks:
http://wiki.whatthehack.org/images/0/00/BumpkeyPresentatie.pdf

Video from the whatthehack (~667Mb):
http://rehash.whatthehack.org/wth/rawtapes/wth-bumping-revisted-lockpicking/wth-bumping-revisted-lockpicking-74.mp4