Wednesday, September 28, 2005

Family Guy DVD Video Clips

Family Guy - Clips from DVD-movie

Ohhhhh Riiiight.


Here are some fun clips from Stewie Griffin: The Untold Story which comes out today!


Monday, September 26, 2005

Preoccupied with firewalls

Firewalls a dangerous distraction says expert

I don't know who Abe Singer is but he makes a great point that I have been touting for years. Look at your infosec program and count how many people you have dealing directly with firewalls. Now, count how many people you have dealing with application security audits, standards, reviews, etc. More than likely, you only need one hand to count the latter. That is why there is such a problem with insecure applications on the Internet. It starts with misunderstanding your threat model and continues with inadequate staffing and misplaced priorities


A preoccupation with firewalls is diverting attention and resources away
from the more important issue of locking systems down, according to an
expert.

Computer security researcher at the San Diego Supercomputing Center
(SDSC), Abe Singer said companies can spend 90 percent of their security
efforts on firewalls and not much of anything else. "I'm not saying
firewalls are completely irrelevant, but how much effort do you spend on
security?" Singer asked. "Do security at the host, not just the
perimeter. You should be worried about what users are doing, because if
an attacker is going through the perimeter [without secure hosts] then
it's game over."


Blast from the past: DMV fraud

As the REAL ID act meets reality, recall a previous report on DMV fraud and lax security. If you think you have problems budgeting for security in your company, imagine being handed an unfunded mandate from the federal government. Do you think current problems will magically go away?


Date: Mon, 2 Feb 2004 09:50:52 -0500
From: Monty Solomon
Subject: Security Holes at DMVs Nationwide Lead to ID Theft and Safety
Concerns

CDT (http://www.cdt.org/) has issued a report entitled "Unlicensed
Fraud"
(http://www.cdt.org/privacy/20040200dmv.pdf) documenting rampant
internal fraud and lax security at state motor vehicle administration
offices across the country placing the reliability of all driver's
license at risk. While heavy public attention has been placed on new
national standards and new technologies for driver's licenses, studying
local news reports from throughout 2003 CDT finds that basic management
processes to stop bribery and theft are lacking. In the report, CDT
offers policy recommendations to address this dire issue. February 2,
2004


20 Questions

20 questions: AI style

This is pretty freaky that a computer can guess what you are thinking...


20Q.net is an experiment in artificial intelligence. The program is very simple but its behavior is complex. Everything that it knows and all questions that it asks were entered by people playing this game. 20Q.net is a learning system; the more it is played, the smarter it gets.


Star Wars Gangsta Rap video

Star Wars Gangsta Rap

The funniest part I think are the stormtroopers. What a bunch of nancies...

Idaho weatherman quits to pursue bizarre Katrina "theory"

You can't make up better sh*t than this. Unbelievable.

Unfortunately, a "theory" must be "either originating from observable facts or supported by them."


Idaho weatherman quits, says he wants to pursue hurricane theory

THE ASSOCIATED PRESS

IDAHO FALLS, Idaho -- A Pocatello weatherman who gained attention for an unusual theory that Hurricane Katrina was caused by the Japanese mafia using a Russian electromagnetic generator has quit the television station.


On the insecurity of passwords/passphrases these days

In a posting to the cryptography mailing list. Interesting statistics in the presentation. Update your threat models!


Folks might want to look at
http://www.huitema.net/talks/ietf63-security.ppt
the slides from a talk Christian Huitema gave at the Applications Area
at IETF63 this past week. Of particular interest is just how cheap it
is to brute-force a passphrase these days, especially if it's just used
as a cryptographic key with known plaintext (i.e., in challenge/
response protocols).

--Steven M. Bellovin, http://www.cs.columbia.edu/~smb


Creative Zen digital media players ship with a worm

Glad I'm sticking with the Neuros which doesn't run Windows now and
will run Linux in the next version. Not to mention the open source aspects and the ability to play OGG/Vorbis audio files...

http://rss.slashdot.org/Slashdot/slashdot?m=251

Are you blocking Flash Cookies?

Spammers and people without regard for your privacy or your privacy preferences (blocking cookies means I don't want them in any form) are insidious.

Unbeknownst to many people, Macromedia Flash player allows surreptitious cookies to be dropped on your computer that can be used to track you even if you block traditional browser cookies.

Some information on eradicating them:

Firefox extension for blocking flash cookies:
[http://www.yardley.ca/objection/]

Macromedia info (opens up the hidden flash config tool in your browser that lets you view and expunge flash cookies):
[http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html]

EPIC Flash Cookie page:
[http://www.epic.org/privacy/cookies/flash.html]

Great site on bayesian statistics

This site has a great overview of Bayesian statistics (the basis for bogofilter , why my email is still useful). Also look for information on common misinterpretations of statistics and statistical error rationale for why lie detector tests are less than useful.

cause, chance and Bayesian statistics: a briefing document


Most apropos juxtaposition

bushdisaster.jpg

Movable type 3.2 upgrade woe: new templates

I was having the same problem as in this posting to the MT forum after upgrading to the new 3.2 templates by copying them in from the default_templates directory or from the movable type templates website:


The footer on my main index seems to be incorrectly displayed:
%%time"> | | (0)

1- %% shouldn't be displaying
2- It should say Posted by xyz on August 19, 2005 02:00 PM | Permalink | (0)
3- '>' shouldn't be displaying
4- the permalink should be displaying


It turns out that the problem is due to the fact that the new templates in MT 3.2 are really templates for templates in that they contain special tags for internationalization that need to be parsed and replaced with the real template content before you use the templates. So, the default_templates cannot be just pasted in directly.

The simple solution: Create a new blog. This will have the default templates by default (funny how that works). You now have available any of the default templates that have been fully localized to your blog's language and can now be copy and pasted right into your existing blog.

Federal court "smacks down" specious DMCA claim

Fed. Circuit Smacks Down Bad DMCA Decision Re: Independent Repair Techs

Great news for the public's rights over "copy" rights.


the DMCA must be read in the context of the Copyright Act, which balances the rights of the copyright owner against the public’s interest in having appropriate access to the work.


The browser wars are back: on security turf

In this article, OSS means slower patches, David Sykes from Symantec makes some absurd claims about open source being slower to patch than closed source.


"It is relying on the goodwill and best efforts of many people, and that doesn't have the same commercial imperative," he said. "I'm sure that is part of what is causing the blow-out in the patch window."


So... "commercial imperative" is a requirement to be quick with patches? Where has this guy been for the past 10+ years when commercial vendors have done everything to thwart publication of vulnerabilities and have been the slowest to patch (and still are, such as Oracle and Cisco).

Also, "I'm sure [relying on the goodwill and best efforts of many people] is part of what is causing the blow-out in the patch window" is entirely an opinion statement. But there are actual people with actual data working on the mozilla project who the reporter or even Mr Sykes could have asked. But no, they go with the unsubstantiated opinion of a purported expert on the matter instead.

Of course, Mr Sykes has a vested interest in maintaining a level of fear in users to keep buying Symantec products to protect them.

Fortunately, the Mozilla organization has hit back with the facts: Mozilla hits back at browser security claim


He also argued that, according to security company Secunia's statistics, the Microsoft vulnerabilities were more critical, and had been so over a longer timescale. In the period 2003 to 2005 Secunia have issued 22 security advisories regarding Firefox 1.x, and rate it as "less critical". In the same period Microsoft Internet Explorer 6.x had 85 Secunia advisories, and is rated as "highly critical".

"Basically their vulnerabilities are more critical. With Firefox — yeah, you have holes, but they're much less serious." Nitot likened the differences between Firefox and IE vulnerabilities as being like injuries: "Which would you prefer, to have a broken finger, or your head ripped off?"


LD50 of H20

This calculator for the lethal dose (toxicity) for caffeine reminded me that even water has an LD50 http://en.wikipedia.org/wiki/LD50

Intraperitoneal Mouse LD50 (for water): 190 g/kg
Intravenous Mouse LD50 (for water): 25g/kg

The alt.drugs FAQ has info too on LD50

DoJ puts porn over terrorism

[infowarrior] - Top DoJ Priority Isn't Terrorism, it's Adult Entertainment

This is disgusting. I'm glad it is getting such a negative public reaction.

My Pick for Cost-Reducing Noise-Reducing headphones

Aiwa HP-CN6 Noise-cancelling headphones. Get them at amazon.com for super cheap. I compared these to the $299 Bose and it was a very easy decision. There is not $270 more noise cancelling in the Bose headphones.

When trying them on and comparing them, be aware that the over-the-ear designs block more noise just without having them turned on. So, account for that difference in your testing.

I often use mine at work to cancel out the subconsciously irritating ambient noise and they are indispensable on airplanes.

Inspired by "Cost Reduction" Headphones

Monday, September 19, 2005

Bush: Then vs. Now

Then:


A large majority of voters express confidence that Bush will protect the country from a terrorist attack if he is re-elected in November


Now:


the public now shows diminished confidence in his abilities to handle a crisis or provide leadership, as well as in the government's ability to protect the country.




Tuesday, September 13, 2005

Quality time-wasting sites

Just in case you're looking for hours and hours of quality entertainment, here are several sites with similar kinds of videos and pictures that always deliver.

[http://www.ebaumsworld.com]

[http://www.killsometime.com]

[http://www.collegehumor.com]

[http://www.ugoto.com]

[http://www.gorillamask.net]

[http://www.hamncheez.com]