Sunday, August 24, 2008

Security and Politics: Spoofing Obama VP TXT messages

Reports are that people are getting fake TXT messages claiming to announce Obama's VP pick. I've certainly gotten lots of spam claiming that Hillary is the VP pick for example.

But to bring in the security angle, Verizon's website makes it easy to spoof the return address of text addresses to perpetrate these messages.

Wonkette: The D.C. Gossip » Blog Archive » Freak Out Your Friends With Fake Obama VP TXT

Preaching to the choir: Fake-news viewers more informed than mainstream news viewers

A recent Pew research study shows that viewers of The Daily Show and The Colbert Report are more informed about current events than "average consumers of NBC, ABC, Fox News, CNN, C-SPAN and daily newspapers." Pathetic.

Thirty percent of Daily Show and 34 percent of Colbert viewers correctly identified Secretary of State Condoleezza Rice, British Prime Minister Gordon Brown and the majority party in the U.S. House of Representatives
Think Progress » Colbert, Stewart viewers more well-informed than those watching O’Reilly, Dobbs.

Sad, Cynical reaction from Yglesias about op-eds

Again, nothing annoys me more than unadulterated lies and distortions that go out unchallenged. More evidence that we cannot rely on the mainstream media for fair and accurate reporting. It's a shame.

Matthew Yglesias (July 27, 2008) - Facts Are Hard (Media)
Of course if being accurate were a requirement for op-ed pieces, then more than one national newspaper columnist might be out of a job. So given the current economic downturn, I think it's important to keep letting people make stuff up.

McCain cites urban legend as evidence of Al Qaeda evil

Nothing annoys me more than someone using debunked, false, misleading, distorted information to support a position. And who decides to do this with a straight face, but John McCain. You know, we really should require our officials to not only be honest but to be well-informed on what they are talking about. McCain just falls down again with this gaffe showing how he is not only out of touch on the economy, but also on foreign policy -- a supposed strong point of his.

I was reminded of a great quote recently from Daniel Patrick Moynihan, "Everyone is entitled to their own opinion, but not their own facts."

Ben Smith's Blog: McCain cites questionable story on 'evil' -
"Not long ago in Baghdad, Al Qaeda took two young women who were mentally disabled and put suicide vests on them, sent them into a marketplace, and by remote control, detonated those suicide vests," McCain told Rick Warren. "If that isn't evil, you have to tell me what is."

The horrifying story that terrorists used two women with Down Syndrome to carry bombs was a sensation in February, but The New York Times later suggested it hadn't happened that way:

Carbs attack appetite-suppressing cells over time

Fascinating that we now know that the very mechanism of how our brain determines that we are full (satiety) relies on free radicals, but it is these same free radicals that actually negatively affect our very ability to detect satiety long-term! But carbs are soooo good.

Killer Carbs: Scientist Finds Key To Overeating As We Age
Dr Andrews found that appetite-suppressing cells are attacked by free radicals after eating and said the degeneration is more significant following meals rich in carbohydrates and sugars.

"The more carbs and sugars you eat, the more your appetite-control cells are damaged, and potentially you consume more," Dr Andrews said.

Dr Andrews said the attack on appetite suppressing cells creates a cellular imbalance between our need to eat and the message to the brain to stop eating.

"People in the age group of 25 to 50 are most at risk. The neurons that tell people in the crucial age range not to over-eat are being killed-off.

"When the stomach is empty, it triggers the ghrelin hormone that notifies the brain that we are hungry. When we are full, a set of neurons known as POMC's kick in.

"However, free radicals created naturally in the body attack the POMC neurons. This process causes the neurons to degenerate overtime, affecting our judgement as to when our hunger is satisfied," Dr Andrews said.

News from Seattle: Former police chief is anti-drug-prohibition

Kudos to Norm Stamper for the courage to speak his mind and use his experiences to go against the grain. Sounds like an interesting book as well.

I can't help but think of how much resources are wasted on the war on drugs as I watch episodes of "The Wire". All that would go away. And the hypocrisy of alcohol being legal while marijuana is not is asinine.

Former Seattle Police Chief on the high costs of the drug war - Boing Boing
Stamper is the author of the Breaking Rank: A Top Cop's Exposé of the Dark Side of American Policing (2005) and now works with Law Enforcement Against Prohibition (LEAP), a nonprofit created by former cops to "reduce the multitude of unintended harmful consequences resulting from fighting the war on drugs and to lessen the incidence of death, disease, crime, and addiction by ultimately ending drug prohibition."

Taxpayers making up for corporations shirking responsibilities

This is enough to make you vomit in your mouth. Yes, we are all having to pay more _individual_ taxes to make up for US corporations that use kickbacks and loopholes to avoid paying federal taxes. This should make the anti-tax people irate, especially since we live in a world where corporations are equivalent to individuals from a legal standpoint. How anyone can claim that they pay their fair share is beyond me.

Crooks and Liars » GAO Study: Most US corporations avoid income tax
The Government Accountability Office said 72 percent of all foreign corporations and about 57 percent of U.S. companies doing business in the United States paid no federal income taxes for at least one year between 1998 and 2005.

Tips for buying a new car video

This is an entertaining 6 minute video (out of Seattle no less) I documented many of the salient points here.

  1. Plan. Give at least 2 weekends
  2. Get financing _before_ you go to your dealership so you know how much you can afford in advance.
  3. Don't sell your car to the dealership. Sell it on craigslist
  4. Get down to top 3 cars you are interested in.
  5. Test drive them. Don't buy it then. Choose all of your options
  6. Don't use the invoice as a guide for price. You want the competitive bid. Call 8-10 dealerships.
  7. Get the "drive it off the lot" price
  8. Come back a second time. Stick to your guns. Walk out when the deal changes.
  9. Don't sign until you are done with everything and all is in writing.
  10. Don't buy any of the add-on stuff (high-margin stuff). Akin to stocking up on candy "at the movie theater" to bring home.
How to buy a new car and not get screwed - Boing Boing

Flying without ID

Legally, there is no requirement that you must have an ID to fly in the US. However, you may encounter lots of resistance. That's why I, as a security professional, have not yet attempted to do so. My wife would probably not be as interested as I am in the answer...

Seems as if the TSA may even have different procedures for those who _forget_ their IDs than for those who _refuse to show_ ID. Funny. It is also noted that if they write SSSS on your boarding pass for "special screening", if you were to have another copy of your boarding pass without the SSSS you may be able to bypass the extra screening.

philosecurity » Blog Archive » Flying Without a Wallet
I was curious to learn more about the TSA’s new practices for ID-less travelers. As a security professional, I decided to research TSA’s latest security screening procedures.

Medeco hacked at DefCon 2008

Ahh, the holy grail. Basically, if anyone gets to photograph your medeco keys, any hacker can whittle a blank from that photo and bypass these "high security" locks.

Add "Obtain photograph of building keys" as a node in your physical security threat models ;-)

Working Medeco high-security keys can be whittled out of plastic - Boing Boing
Researchers at DefCon in Vegas have demonstrated that they can make "high security" Medeco key-blanks out of the plastic used in credit-cards, and then whittle them into working keys by referring to low-resolution photos of original keys.

Saturday, August 23, 2008

Terrorist watch list false positives have real consequences to real people

Really? An honorably-discharged American soldier is on the Terrorist watch list? Seems like there is definitely some cruft in the list of 400,000 - 1MM names. Here is a personal story of how this kind of system has consequences somewhat as bad as what the terrorists could hope to accomplish themselves--loss of freedom and unjust treatment.

Name on government watch list threatens pilot's career -
In April, Colgan informed Scherfen that he was on a government list and would be suspended from his job. He was told he faced termination on September 1 unless he was able to clear his name.

But Scherfen, of Schuylkill Haven, Pennsylvania, has been unable to do so and said he fears that it could mean he has no future as a pilot.

"My entire career depends on me getting off this list," he said. "I probably won't be able to get a job anywhere else in the world having this mark that I'm on this list."

Witold Walczak, an American Civil Liberties Union attorney representing Scherfen and his wife in a lawsuit, calls the government actions "unfair" and "unjust."
Bruce Schneier recently pointed out how absurd this list is, especially when it is publically known how many times the _actual_ people on the list were encountered -- but nothing happened to them. If they are so dangerous, why were they not detained?

Schneier on Security: Congratulations to our Millionth Terrorist!
Screening and law enforcement agencies encountered the actual people on the watch list (not false matches) more than 53,000 times from December 2003 to May 2007, according to a Government Accountability Office report last fall.

Okay, so I have a question. How many of those 53,000 were arrested? Of those who were not, why not? How many have we taken off the list after we've investigated them?

Weekly spam files

I got some seriously choice spam messages this week. Here are some of the outstanding ones. The first one was hilarious -- but even more hilarious that it decided to include the TV show "The View" in the list of the "earth's ills" for a double punch line.

Former Astronaut Dr. Edgar Mitchell - a veteran of the Apollo 14 mission - claims aliens are gay and that they are responsible for many of the earth's ills including global warming, war, disease and The View.

The House of Representatives ethics committee has passed a new set of Republican backed rules which reduce the Ten Commandments down to nine "suggestions".
Paris Hilton Gives Birth To Twins...Aliens
Paris Hilton Becomes Mormon -- Marries Paparazzi

Friday, August 22, 2008

Diebold admits coding but that causes vote loss

Diebold originally blamed a glitch that lost votes on anti-virus software but it turns out it was due to a flaw causing votes to not be recorded to memory when uploading votes from the external cards. It's a wonder how something as simple as counting votes could have so many bugs in core functionality...

Note to US Bank customers: Diebold makes many of their ATMs! Let's hope the accounting is better there.

Premier (f/k/a Diebold) Confesses Error - TalkLeft: The Politics Of Crime
Slashdot | Diebold Admits Ohio Machines May Lose Votes

Sunday, August 17, 2008

Anonymous Company ratings, reviews and salaries online

Wow, what a cool site. They even have ratings of CEOs but this can be an invaluable site when negotiating salary for a job, or deciding which field you want to get into. - Company Ratings, Reviews, and Salaries.

Insider at WaMu embezzles $1.6MM

And who thinks businesses don't need to worry about insiders? Harden your soft-chewy center. The most puzzling thing is that she was let out on $100k bail, yet she is from Mexico and that's where she wired the dinero... > News > Metro -- Bank teller arrested in $1.6 million theft
SOUTH COUNTY: A 22-year-old bank teller was arrested Tuesday on suspicion of embezzling more than $1.6 million from Washington Mutual Bank and wiring the money to a bank in Mexico, a sheriff's investigator said.

Some assistance for your 2008 WA primary voting

A couple of great resources to help out with your last-minute voting.

Show My Elections | 2008 Primary
Fuse Primary Voter's Guide (great summaries of endorsements for judges, which can be difficult at times to know who's better)

And, the voter's guides are online:

Security holes can get you into trouble

Oops. Remember kids, disable directory indexing on your porn server! Or better yet, don't mix shared data with stuff you wouldn't want people to find on accident.

Judge Alex Kozinski's porn stash - Boing Boing
Kozinski had sent a link to a file (unrelated to the stuff being reported about) that was stored on a file server maintained by Kozinski's son, Yale. From that link (and a mistake in how the server was configured), it was possible to determine the directory structure for the server. From that directory structure, it was possible to see likely interesting places to peer. The disgruntled sort did that, and shopped some of what he found to the news sources that are now spreading it...

His son set up a server to make it easy for friends and family to share stuff -- family pictures, documents he wanted to share, videos, etc.

Washington's Top 2 primary system: death knell for the major parties?

This is a great article, with some choice quotes from some of the folks on the ballot for this country's first top-2 primary system. I have long hated the 2-party system, especially as gerrymandering has allowed the parties to artificially remain entrenched in government. And especially as the issues are more and more complex yet the parties try to divide the country evenly into two camps. I think the rise of independent and "swing" voters has shown that our views can't be so easily divided along party lines. Although there are many of the "swing" voters who just seem to be lazy or noncommittal (as I saw during the caucuses when many had not even researched the candidates. No wonder they couldn't decide! They wanted others to do the deciding/persuading for them).

I pride myself on being a truly independent voter. Although I often prefer candidates of a progressive democratic nature since many of my values match theirs in general, I can't stand party-line votes just for the sake of voting party line. I would prefer to have a parliamentary system as that would allow for more shifting coalitions rather than just two giant parties trying to please everyone but pleasing no-one (is it any wonder the congressional ratings are worse than GW Bush?).

I just cast my ballot for the top-2 primary and am excited to think that Oregon and other states could follow our lead.

Lights out for parties? Tuesday’s top two primary could signal a new political era for Washington state-, Clark County, Washington, Vancouver, Breaking News, U.S., World, Entertainment, Video, Weather, Sports

I did laugh when I read Clarence Thomas' quote from this article but I at least agree with him on principle; not sure where that sentiment falls in relation to the constitution though.

Tuesday, August 12, 2008

Panoramic Aerial photography using a kite

Got this link courtesy of Credo Mobile. Very cool. I was intrigued by the San Francisco shots since I just got back from there, but they are photos from nearby, not of the city.

Kite Aerial Photography by Scott Haefner | 360° Panoramas

Monday, August 4, 2008

Skinny dipper "sting" in Germany

This is especially funny in light of the revelations that it is becoming popular, especially in the UK, to use Google Maps to locate swimming pools to crash like this. I guess they better survey the area to make sure there aren't any nettles first.

Germany:Skinny dippers fall for sting » Rational Review