Post on The Truth Imperative

Artificial definitions

Fri, 06 Mar 2026 09:52:19 -0800

Just saw a post talking about someone predicting when we’ll see “ASI” (artificial superintelligence). The grifters haven’t even managed a decent definition of “AGI”, let alone, “AI”. What is “ASI”? We’re told it’s “defined” by Nick Bostrom. I went to find that definition because the way it was paraphrased didn’t “define” anything in a meaningful way – certainly not in any measurable way.

Nick’s definition of Superintelligence (not Artificial superintelligence, BTW):

My Mentoring Journey with Community For Youth

Fri, 16 Jan 2026 11:40:44 -0800

Mentoring with Community For Youth changes lives – it changed mine! It made me more accountable, so I can be true to my word and bring my authentic self. It also taught me to get comfortable being uncomfortable and the power of vulnerability. CFY mentor training and experience also prepared me to be a better mentor as a leader throughout my career.

I was a youth mentor for the nonprofit Community For Youth (CFY) in Seattle for 10 years. What kept me going as a mentor for 10 years? Well, there are both “unselfish” and “selfish” reasons. My “unselfish” reasons were to give back to the community where I live and do something meaningful. However, I got so much in return from the amazing, powerful community of mentors and students! Some of my “selfish” reasons to stay with CFY were: the inspiring students, the personal growth I experienced, the supportive community (some of the most kind-hearted people I’ve ever met), and the fun you get to have!

Google Play Safe Browsing Safer Android Mobile Ecosystem

Tue, 07 Apr 2015 13:54:00 -0700

A recent incident at my work came to my attention involving a takedown request for an unauthorized app in Google Play using my company’s brand. This happens often in appstores all over the world, which is why having brand protection monitoring for these is really critical. It is all too easy for these to slip into even legitimate appstores like Google Play.

One thing I noticed when I was investigating this incident was that the Google Play application page has a section that allows a developer to specify a website link, with a name “Visit Website”.

Beating The Open Source Is More Secure Straw Man

Mon, 16 Mar 2015 20:52:00 -0700

Given all of the serious security flaws in open source software lately, such as OpenSSL, it has been frequent subject of posters to use the open source hack-du-jour as a counterexample to a purported claim that “open source software is more secure” than proprietary software. And I just saw it come up again the other day:

Thank you OpenSSL for the one word answer when people claim open source software is secure. — Ryan Lackey (@octal) March 15, 2015

Free Community For Youth Lunch That Will Feed Your Soul

Wed, 20 Aug 2014 21:38:00 -0700

Community For Youth Changes Lives. I Know – It’s Changed Mine!

Personal Integrity. The CFY curriculum and core values have challenged the students in the community as well as mentors like me to be our best selves. When I started, I didn’t challenge myself with clear life goals and share them with others. I was too afraid of opening myself up to the shame of failure. However, through CFY, I’ve come to learn that sharing goals with a powerful community that can support you is exactly what can actually increase your chances of success. You learn to be more accountable to yourself by being accountable to a supportive community. And this has bled over into my daily life so much that even for small commitments, I maintain personal integrity. “Darn, I did say that I was going to bike to work tomorrow. Guess I have to suck it up and do it.”

Ios Clients Not Vulnerable To Heartbleed What Does The Source Say

Thu, 17 Apr 2014 15:05:00 -0700

Apple’s language in their assertion that they are not vulnerable to heartbleed on iOS are troubling as they specifically say (via ReCode), “IOS and OS X never incorporated the vulnerable software…” However, not incorporating the vulnerable OpenSSL software is merely one way that their customers could have been made vulnerable. What about the Apple SSL/TLS implementation? Has anyone checked it? Did they incorporate RFC 6520 for heartbeat support? I couldn’t find anything Google so figured I would share what I found.

Using VNC to securely connect to OSX without exposing an unlocked console

Sun, 13 Apr 2014 22:27:00 -0700

I couldn’t believe how supremely difficult it is to securely use VNC to access an OSX mac remotely. Turns out that by default, using a standard VNC client (as opposed to an Apple Remote Desktop client) does not afford you an option to have the physical console lock when someone connects to the VNC server. Some third-party clients make this an option, but all that I could find were paid VNC clients that support it. It is somewhat ridiculous that this setting is left to the client rather than enforced on the server, but I digress…

I Get An Irs Scam Voice Mail

Sun, 13 Apr 2014 22:22:00 -0700

Had to share this hilarious voice-mail I received from an IRS scammer (happened to come in with Unknown caller ID – I read online that others had been spoofing US phone numbers for caller ID in the past). The transcript does not do it justice. I laughed out loud when I heard the phrase, “and you get arrested” as that is precisely what one would expect to hear from the IRS.

Humorous Page Not Found Error Page

Wed, 25 Sep 2013 21:13:00 -0700

This is great! (from https://www.computershare.com/Style%20Library/Images/404.png

Information Warfare Via Url Shorteners

Wed, 18 Sep 2013 23:21:00 -0700

As I’ve used Twitter more, I’ve noticed how many of the shared URLs are shortened. And to think that the Library of Congress is archiving all US tweets, how many will actually be usable at some point in the future? Hopefully their process logs the resolved actual URL instead of the shortened one. When I restored my blog, it was amazing how many broken links I found. I stopped fixing them. That’s just the regular web. Adding URL shortening is another level of indirection that is also another failure point.

Seattle Infosec calendar

Thu, 11 Jul 2013 00:34:00 -0700

I searched and didn’t find a Seattle-specific Information Security calendar showing not only conferences, but smaller security events. So I created a new public one. And I guess that means now I’m maintaining one ;-)

If you know of something I’ve missed, let me know and I’ll add it.

To subscribe: ICAL, XML

Full browser web view

What can we learn from the ZRTPCPP / Silent Circle debacle?

Tue, 02 Jul 2013 23:37:00 -0700

07:00

As a way of background, Phil Zimmerman’s company Silent Circle became wildly successful recently after Snowden’s disclosures of extensive NSA data collection of telephony “metadata” and “data — including e-mails, videos, pictures, and connection logs — from the main servers of Microsoft, Google, Apple, and other leading U.S. tech companies” (1). “Mike Janke, one of the founders, estimated that the number of new customers for its subscription-based service surged by 400 percent” (2)

Mountain Lion Easter Egg References Debut Of Original Apple Macintosh

Fri, 21 Jun 2013 13:31:00 -0700

How clever. I just noticed this today.

Mountain Lion easter egg references debut of original Apple Macintosh: Mountain Lion easter egg references debut of original Apple Macintosh

Incomplete downloads in OS X 10.8 Mountain Lion show a “Date Modified” of Jan. 24, 1984, a reference to the day when Apple’s very first Macintosh was unveiled by Steve Jobs.

Ross Anderson Response About Payments System Weakness

Thu, 20 Jun 2013 00:46:00 -0700

“You complain that our work may undermine public conﬁdence in the payments system. What will support public conﬁdence in the payments system is evidence that the banks are frank and honest in admitting its weaknesses when they are exposed, and diligent in effecting the necessary remedies. Your letter shows that, instead, your member banks do their lamentable best to deprecate the work of those outside their cosy club, and indeed to censor it.”

Devaluing Harassment

Thu, 28 Feb 2013 23:24:00 -0800

I’ve been taken aback lately by a variety of claims on blogs and twitter of someone “harassing” someone else or “stalking” them. People seem to throw these words out so cavalierly that they are in serious danger of being devalued; watered down so that they have no substantive meaning.

I wanted to do my own research to provide those who might be tempted to throw these words out in casual assertions with some clear definitions and some tools you could use to perhaps determine if certain behaviors rise to the level of actual “harassment” or “stalking” before using those terms.

Beautiful Life Diary To Cultivate Happiness

Sun, 25 Mar 2012 13:31:00 -0700

From the book 59 Seconds by Richard Wiseman, this is a list of writing topics that you can do over the course of a week – spending just 59 seconds each day – to cultivate happiness. And each activity is backed by actual scientific research.

I had intended to do this from early on this year but have not done so. But that’s not going to stop me from starting now.

Christmas Car Break In

Fri, 24 Dec 2010 04:31:00 -0800

Ugh. Came out this morning to my car in my driveway to go downtown and found both right-side windows rolled down. Hmmm… I didn’t do that. Go around to the driver’s side and both of _those_ are rolled down too. Grrr.

Fortunately, it did not rain very hard so there was little water that got in the car. And fortunately there is no visible damage and nothing was taken (there really wasn’t anything to take except some pennies)

Abc News Poll On Tsa Scanners Misleading

Wed, 24 Nov 2010 14:55:00 -0800

So, ABC news polled 514 people by telephone to try to find out if people support the new backscatter x-ray machines. They are reporting now that people support them “2 to 1” over those opposing them. However, if you look at their sampling methodology (available on a PDF on their site), you can see that they actually skewed the question. Their whole focus was on determining support _in lieu of the privacy issues_. They did not, however, include any questions about the support if there were _risks due to radiation_ They asked questions about how informed users were about possible risks, but only generically and treated it as if it was relegated to just opinion.

Google Voice Chat Qos

Fri, 01 Oct 2010 15:59:00 -0700

I’ve been looking for QoS pointers for Google Voice Chat. I’ve found that it works great on my DSL until I also am attending a web conference over Webex at the same time. Then I can still hear fine, but upstream I’m told my voice cuts in and out.

So, I figured it’s time for some QoS Settings on my router.

It appears that Google Voice Chat uses HTTPS for signaling but an XMPP extension called Jingle that uses RTP over UDP for the actual call data.

Favorite New Android Apps

Mon, 20 Sep 2010 16:37:00 -0700

Call Block Unlimited: https://www.appbrain.com/app/com.mrnumber.blocker Highly configurable app that lets you set policies for how to handle incoming calls. I used this when on vacation to send all calls not in my contacts list to voicemail. Shows an alert of which calls were blocked. Very nice and free!
App Brain App Market: https://www.appbrain.com/app/com.appspot.swisscodemonkeys.apps Install this and never open the lame Google Market app again. This does everything that the Google market should do but doesn’t.
OurGroceries: https://www.appbrain.com/app/com.headcode.ourgroceries This app has a lot of promise for sharing grocery list ideas between my wife and myself. Even can input recipes and then add ingredients to store lists from those. And allows you to check off items as you buy them so you won’t miss anything. Very sweet!
EStrongs Task Manager: https://www.appbrain.com/app/com.estrongs.android.taskmanager This is a very fast task manager that has the best UI of any that I’ve seen so far. I rarely use one these days but when you’ve got to kill a task, this is a slick one for doing the job.
Dropbox: https://www.appbrain.com/app/com.dropbox.android Dropbox is about the easiest way to synchronize files from your desktop to your phone wirelessly.
Wireless Tether For Root Users: https://www.appbrain.com/app/android.tether This was sooo cool. Lets you set up your phone as a wifi access point to allow Internet access to devices nearby. Used it this weekend and got better performance than the DSL (not saying much as this place must have been on the far end of the line from the central office)
JuiceDefender (free): https://www.appbrain.com/app/com.latedroid.juicedefender I have found after lots and lots of testing that the #1 killer of battery on the HTC Hero is constant use of the APN (mobile carrier data network). The more apps you install that synchronize data, the worse this gets. It’s not so bad if you stay in one place where you have good cell coverage. But if you are in an area of spotty coverage, your battery life will go down the toilet. It seems as if whenever you get even the weakest data link back, all your apps that need to synchronize data light up and overwhelm the terrible connection and pretty much do this all day long. When at work, my battery would not last long at all (22nd floor with poor coverage) but at home it would be great. That’s how I figured it out. I stopped using task killers since they can be worse for your battery life and use JuiceDefender. I used to have Wi-Sync plus to do the same thing, but that has apparently been abandoned.

Rooting And Optimizing The Sprint Htc Hero Cdma-

Mon, 20 Sep 2010 15:33:00 -0700

I have been meaning to write up instructions on how I updated my ROM and kernel on my CDMA HTC Hero to fix some annoying performance issues and overcome the internal memory limitation to be able to install more apps by installing them to the SD card. Since this phone will not officially get 2.2 Froyo, I needed to do something to keep the phone relevant. I had already ran into the max size of apps installed so was forced into taking some action.

At T Leaks Email Addresses Of 114 000 Ipad Users

Wed, 09 Jun 2010 13:50:00 -0700

I think it is disingenuous of this article to have “Apple” in the title. It was an AT&T server with a stupid application that used AJAX calls to obtain email addresses by ICC ID. And since the ICC IDs are apparently sequential, the group was able to iterate through thousands of them to obtain the information.

Then AT&T decides to claim as well that the researchers who discovered the flaw did not contact them. It sounds like AT&T is lying.

Alcohol Caffeine And Pregnancy

Fri, 04 Jun 2010 16:46:00 -0700

Sorting through the myriad information and misinformation on these topics is difficult. And remembering what the actual conclusion is can be even more difficult “Was coffee safe or not?”

So, I figured that I would blog about two very recent posts that summarize the data about these topics.

Summary:

Caffeine bad (“Pregnant women should avoid caffeine because of potential effects on fetal growth and spontaneous abortion.”), Alcohol seems okay in moderation (i.e. no known conclusive data exists that shows a problem with low intake during pregnancy)

Proof That Iframes Are Not Risk Free

Wed, 02 Jun 2010 16:44:00 -0700

This one loaded drive-by-malware, a popular tactic.

Malicious iFrame on US Treasury and other sites?

https://community.websense.com/blogs/securitylabs/archive/2010/05/04/treasury-websites-compromised.aspx

Aap Against Female Genital Mutilation After They Were For It

Wed, 02 Jun 2010 16:35:00 -0700

Ridiculous but glad they changed their policy.

A retraction from the American Academy of Pediatrics : Pharyngula

“We retracted the policy because it is important that the world health community understands the AAP is totally opposed to all forms of female genital cutting, both here in the U.S. and anywhere else in the world,” said AAP President Judith S. Palfrey.

Every Baby Knows Science

Wed, 02 Jun 2010 16:27:00 -0700

Then, if you’re a baby in Texas, Arkansas, Kansas, or related states you get reprogrammed to fear and doubt science and believe horsepucky. Glad me and my baby live in Seattle.

I may have to order this print. Lots of other goodies for geeky parents like me there too.

Deleting Lines And Non Matching Lines With Vim

Sat, 15 May 2010 03:53:00 -0700

I’m always forgetting how to do this but here’s how to delete matching lines:

:g/.*foo.*/d

And the more difficult thing to do that vim makes easy is deleting non-matching lines. All you do is negate the pattern:

:g!/.*foo.*/d

Daily Vim: Text Editor Tips, Tricks, Tutorials, and HOWTOs: Delete Lines Matching Keyword

Dispute With Seattle Public Utilities Over Alley Trash Collection

Mon, 10 May 2010 13:50:00 -0700

We were given a big “FU” by SPU (Seattle Public Utilities) last week and told that alley trash service would stop tomorrow and we would have to somehow haul our cans up to the street level every week. This is complete bullshit, of course, as I point out in a letter to SPU I just submitted. All of my neighbors affected are protesting by continuing to put the cans in the alley tomorrow. We’ll see what happens. We’ve all been calling to complain the past week but so far there seems to be no recourse at all. I plan to keep escalating this until we get a reasonable response.

Notable Quotable Skeptic Is Not A Bad Word

Fri, 07 May 2010 16:13:00 -0700

I find myself reticent to use the word ‘skeptic’ to describe myself because it is often incorrectly equated to ‘cynic’ or some other malcontent or negative connotation. I’ve used “rigorous doubt” in its stead on occasion since it takes a bit more thought to contemplate and avoids the knee-jerk emotional reaction that can accompany the term ‘skeptic’.

But, I came across this quote from Eugenie Scott on Skepchick that nicely summarizes what being a skeptic is and how it is really a neutral position:

Excellent Infographic On Health Care Reform Implementation Plan

Fri, 07 May 2010 16:09:00 -0700

If only the government or the media reporting on this could be this clear…

Health Care Reform Infographic – Changes Coming!

Passwordcard A Low Tech Wallet Password Manager

Sat, 01 May 2010 14:47:00 -0700

Visit this site and it will automatically generate a card with symbols for columns and colors for rows with randomly-generated digits on it. You can then use this card to generate very strong passwords that you don’t have to remember. And no bad guy can guess them and even if they get a copy of your card, they won’t know which subset of the random characters are your password so it provides protection against a physical attack on your wallet.

Infographic On Efficacy Of Popular Supplements

Tue, 27 Apr 2010 16:00:00 -0700

The really cool thing is that the whole graphic is backed by a google doc spreadsheet that is chock full with explicit references to back up the claims. My wife of course asked where they got the data – and you can actually check it out (you don’t have to take their word for it). This is a graphical representation of the “Alternative” medicine trash heap I blogged about previously.

Excellent Primer On Tree Pruning

Tue, 27 Apr 2010 15:56:00 -0700

Probably one of the most clear sites with pictures showing how to prune. Although if you’re like me and have older trees that were never properly pruned early on, you have to be more creative.

HGIC 1351 Pruning & Training Apple & Pear Trees : Extension : Clemson University : South Carolina

Facebook Broken In Firefox Brought To You By The Letter Quot S Quot-

Tue, 19 Jan 2010 16:27:00 -0800

Actually, the lack of a letter “s”.

I hadn’t noticed that Firefox had opened facebook up without SSL, but sure enough, the tip from this thread got everything working correctly (now have Older Posts back and the bottom toolbar). Sheesh.

Problems in Facebook page when using Firefox 3.5.1

Nutritiondata Know What You Eat

Sun, 03 Jan 2010 03:46:00 -0800

Excellent way to get data on just about anything and good graphs to visualize the balance of nutrients to fat.

Nutrition Facts and Analysis for Seeds, flaxseed

Reigning In Credit Card Companies Begins February 13 2010

Wed, 23 Dec 2009 15:25:00 -0800

Bank of America nicely summarized some of the major changes coming due tot he Credit Card Accountability and Disclosure (CARD) Act. In short, your credit card company can’t be so much of a money-grubbing bastard anymore. Although there are so many avenues not closed by this act, they actually still can be pretty evil. For example, there is no regulation preventing credit card companies from charging whatever they want for interest rates.

New Study Suggests Exposure To Microbes As Kids Is Healthy

Thu, 10 Dec 2009 14:47:00 -0800

Best to have a kid get a cold here or there to reduce the chance of higher inflammation as adults and protect them from cardiovascular diseases. We were just talking about this…

Everyday germs in childhood may prevent diseases in adulthood

Daily Nasal Irrigation May Encourage Sinus Infections

Sun, 29 Nov 2009 14:32:00 -0800

A brand new study out shows that using sinus rinsing as a prophylactic may actually have the opposite effect of increasing your rate of sinus infections. Significantly. As much as 50-60+ % more sinus infections.

They did not test efficacy of using sinus irrigation when you actually have a cold or sinus infection so until hard data is out there, it may still be okay.

Long-Term Neti Pot Use May Backfire

Iphone Worm Warning To Rooted Android Users

Sun, 22 Nov 2009 08:26:00 -0800

As I recently wrote about the security issues with rooting your android phone. Fortunately, this should spark some discussion about how to securely jailbreak or root your phone.

BBC NEWS | Technology | Worm attack bites at Apple iPhone

Gmail Suppresses Copies Of Mailman Posts To Yourself

Thu, 05 Nov 2009 03:13:00 -0800

FYI. Kind of annoying since I have to look in my mail logs to double-check if a critical message actually went out.

I use Gmail-Googlemail, but I can’t tell if any of my messages have been posted to the list - Documentation - Confluence

Colorpulse Carl Sagan Ft Stephen Hawking Quot A Glorious Dawn Quot-

Fri, 30 Oct 2009 16:41:00 -0700

This was played at the end of Reasonable Doubts podcast e55 and I loved it. Had to find the high-fidelity version. I think I might have my new ringtone…every call will be awe-inspiring.

Very cool trance mix with wonderful clips from Sagan and Hawking masterfully woven in.

Symphony of Science

Flash App To Find Flickr Photo Set Ids

Tue, 20 Oct 2009 16:03:00 -0700

Very cool and handy. I use it for drupal’s Flickr plugin.

idFindr - Find your Flickr userids, groupids, photosetids

My First Greasemonkey Script Now Available

Tue, 20 Oct 2009 16:00:00 -0700

I just posted a greasemonkey script I wrote months back that I use all the time to make managing my Chase accounts just a bit easier. I cleaned it up a bit and added some missing comments. I decided later to switch to jQuery by referring to a remotely-hosted copy on chase.com so eventually I’ll simplify things and rewrite what I can in jQuery instead but it works great!

Chase OFX downloader for Greasemonkey

Free West Seattle Wi Fi

Sat, 26 Sep 2009 11:55:00 -0700

Finally got a secondary wi-fi setup at home for guests, iPhone users, and neighbors who need to borrow it. Like Bruce Schneier, I just think it’s the neighborly thing to do. Until now, I couldn’t allow it because my main wi-fi needs encryption to keep interlopers off my LAN. But, the secondary wi-fi is in a DMZ so all that is accessible is the Internet.

SSID: hellohansenview

Enjoy!

* Hansen View is the official name of my neighborhood.

Obama Does Not Go Far Enough With Financial Regulation

Thu, 24 Sep 2009 15:55:00 -0700

I work for a company that is ’too big to fail’ and that is a scary prospect. Here’s another thing on the list that I don’t agree with Obama about. I like him a great deal, but don’t think he’s as progressive as he was billed…

Hopefully congress can see through this and will pass some decent legislation regarding overhauling the so-called PATRIOT act and other things that Obama has not taken a very strong stand on.

Eerie Similarities To Grisham Non Fiction Book With Georgia Case

Tue, 18 Aug 2009 16:03:00 -0700

Scalia’s Right, It’s All Perfectly Legal to Kill An Innocent Man | Crooks and Liars

So, the supreme court is not getting involved with a case where a man in Georgia is likely able to prove his innocence even though he will end up being wrongly put to death. This case sounds so eerily familiar to the true story The Innocent Man. At least there was some actual dissent among the justices on this one.

Glenn Beck Zaniness Continues

Thu, 13 Aug 2009 16:10:00 -0700

This is one of the most popular videos now on Youtube where Glenn Beck dons his tinfoil hat and claims a conspiracy theory about the government taking over your PC for participating in the ‘cash for clunkers’ program. Here’s my response:

Actually, I looked into this and it is known that Glenn Beck is not the most credible source on a lot of stuff, and it turns out this is no exception: https://www.snopes.com/computer/internet/clunkers.asp

One Car Show I'M Not Sad I Missed

Tue, 11 Aug 2009 15:36:00 -0700

Cruising for Jesus. California’s biggest Christian car show!

Of course, NO ALCOHOL.

Latest Entry In The Horrible Ui Category

Mon, 10 Aug 2009 13:35:00 -0700

There are some companies that just should not be allowed anywhere near a UI. Sun Microsystems, Oracle, and of course PeopleSoft (now part of Oracle) to name a few.

Case in point is PeopleSoft (Oracle) I happened to need to report some vacation time and noticed this gem that made me read the logic several times to make sure I chose correctly:

Okay, 99.9% of all other UIs would have the logic 180 degrees opposite of this (choose OK to continue, Cancel to go back). But why be conventional when you can be obtuse?

Palin Haiku Entries

Sun, 09 Aug 2009 07:03:00 -0700

I posted three, with a theme of trying to use her own words to answer the question.

Palin embodies “Politics as usual”: Cash in while you can

Governing is hard. It’s much easier to take “A quitter’s way out”

“Let me tell you…I’m” “A maverick…nuc-u-lar” “Hockey mom…you know”

Left Take:: $20.09 HAIKU contest: Why Sarah Palin is a jackass

Let’s try something new – a “haiku” contest.

$20.12 for the “best” haiku, spelling out why Sarah Palin is a jackass. Awarded at 5pm (eastern) Friday, August 14th.

Prediction 'Persecuted Christian' Propaganda Chain Email Fodder

Sat, 08 Aug 2009 16:51:00 -0700

There are so many lying, hypocritical fundamentalists, why, I can hardly keep track of them all. But let’s start today with former Navy Chaplain Gordon Klingenschmitt, since his fabricated tale of woe has made him such a favorite of fundies sunk deep in their persecution complex

10 Things Obama Did Wrong On Health Care

Sat, 08 Aug 2009 16:46:00 -0700

Pretty much sums up my impressions, although I’ve been out of the loop while on vacation.

Ten Things Obama Did Wrong on Health-Care Reform | Crooks and Liars

-->

Quot Uncle Sam Quot Billboard Spouts Birther Nonsense

Sat, 08 Aug 2009 16:43:00 -0700

I noticed on my way back from California today that the right-wing “Uncle Sam” billboard had a birther conspiracy theorist saying on it. I was driving and my wife was asleep, else I would have gotten a photo. The caption read:

“Where’s the birth certificate?”

Ugh. Idiots.

Map - Right-Wing Uncle Sam Billboard, Chehalis, WA

Evidence Based Government Succeeds In West Seattle-

Thu, 23 Jul 2009 15:56:00 -0700

Wow. I like actually seeing a decision based on hard data and seeing that there is some sanity (not just revenue lust) that goes into parking designations. We need more governing like this.

West Seattle Blog… » Bulletin: SDOT says no paid parking for The Junction

President Carter Courageously Quot Sever S Ties With The Southern Baptist Convention Quot Over Women'S Rights

Thu, 23 Jul 2009 15:54:00 -0700

President Carter is joining onto the new enlightenment that I hope continues. Gay rights awareness, a black president, women in high positions in government, increasing numbers of those unaffiliated with any religion, etc.

I ask again why any self-respecting woman would associate herself with such misogynistic organizations as these religions who have nothing but contempt for them? Even Catholicism which subjugates women to inferior roles within the clergy should have scorn heaped upon it. Although there are far worse religions that still even have the marriage vow where the woman pledges to obey her husband (but of course it’s not bidirectional…)

My New Concoction The Adele Claire

Sun, 19 Jul 2009 09:43:00 -0700

You loved her as a baby…Now, from the makers of the Adele Claire baby, comes a refreshing summer drink.

Our master mixologist (me) has been hard at work devising a drink worthy of the name Adele Claire and now it has arrived!

2 oz Gin (preferably an aromatic such as Tangueray 10 or Bombay Sapphire)
2 oz Pineapple juice
1/2 oz fresh lemon juice
1/2 oz simple syrup
3 fresh sage leaves

Combine all in a cocktail shaker with plenty of ice. Strain into a martini glass and be sure to grab the sage (floats to the top of the shaker) for garnish and extra flavor in each glass.

My Favorite Geek Gadgets Part 1

Sun, 07 Jun 2009 08:51:00 -0700

I often get asked about recommendations for various things and have been meaning to write up my absolute favorite devices for some time. I finally got this done so enjoy! If I think of other devices, I’ll write follow-up articles.

Cowon D2 with 16 Gb AData SDHC memory card

This is my media player. I think it blows away most all on the market, although things are always changing. There isn’t a perfect device out there but this came about as close as possible.

Organic Weed Prevention Not With Corn Gluten Meal

Wed, 27 May 2009 09:31:00 -0700

-meal

I’ve used this before and was considering it again as an alternative to Preen (a pesticide/herbicide) but found that there is no evidence that it does anything and actual evidence it makes weeds _worse_ because it contains 10% nitrogen.

Corn gluten meal did not prevent weeds from germinating in OSU study

Corn gluten meal is a natural substitute for a synthetic “pre-emergence” herbicide and has been advertised as a more environmentally friendly way to control weeds.

Human Readable Privacy Policies Are Good For Everyone

Tue, 19 May 2009 04:33:00 -0700

I can’t believe how many privacy policies are cut from the same tattered cloth and are written by corporate lawyers who are not concerned with people actually understanding them or in actually communicating the information that someone might be looking for in a privacy policy (CYA mode only). I came across one that gets to the meat of the matters that should be important to anyone using an online service:

Fire Caused By Sunlight

Mon, 18 May 2009 14:27:00 -0700

Wow. Was just recalling how a mirror on the passenger seat of my grandparents’ car burned a hole in the dashboard on a sunny day when I was a kid. Was a reminder to not leave mirrors attached inside the vehicle (even though having one to watch our little cutie would be handy)

Sunlight, Water, Bowl Likely Cause Of Bellevue Fire - Seattle News Story - KIRO Seattle

BELLEVUE, Wash. – Investigators suspect sunlight was the cause of a fire that destroyed a deck and kitchen in an east Bellevue home on Sunday, said Lt. Eric Keenan of the City of Bellevue.

Bang Exploitable-

Mon, 23 Mar 2009 15:33:00 -0700

Very cool news about a fuzzer + ms debugger extension to not only do fuzz testing of software, but help weed out false positives. Will be interested in trying this out and reading more about it. Wonder if it works with asp.net? Or at least the unit-testable portions of code?

Kaminsky: MS security assessment tool is a ‘game changer’ • The Register

-->

12 Key Policy Decisions Led To Cataclysm

Sun, 15 Mar 2009 15:49:00 -0700

A new 231 page report outlines 12 key policy decisions that led to the current economic crisis. Let’s hope that some facts start to do a couple of things:

1. Stop the stupid right-wing chain emails that claim that this all rests on the Democrats and Fannie/Freddie. There’s plenty of blame to go around (Fannie and Freddie are # 10 on the blame list) 2. Stop the pundits that decry the “finger pointing” and hope to instead “move forward”. Excuse me, but I think that a report looking critically at pointing fingers at what got us in this mess is _kind of important_ to know how we get out of it. Of course maybe those pundits just want us to “look busy” and “do some stuff” and hope it works. I prefer evidence-based governing myself and the place to start is with the evidence for how we got in this mess.

Open Letter Chain Email Rebuttal Quot Fw Why Are We Bankrupt Quot-

Sun, 15 Mar 2009 14:24:00 -0700

quot-

Oh, got another stupid retread of a retread of a chain email that I had to debunk. Posting to the inter-tubes for the benefit of others. It seems that when you google shit like this the results tend to be topped with people reposting and rarely with posts intelligently analyzing the statements.

This one was particularly hilarious because if you actually read the sources cited, they tend to contain plenty of information that debunks their own claims!

Do You Know Your Different Precipitations

Sat, 07 Mar 2009 02:45:00 -0800

I think that right now it is sleeting in Seattle.

Freezing Rain: supercooled raindrops that freeze instantly when they hit the ground or other objects
Hail: snow and rain in the upper atmosphere mix due to updrafts and accumulate into large pellets that fall to earth when the updraft can’t support their weight
Sleet: Partially-melted snow that freezes again on the way down and falls as visible pellets.

Precipitation: hail, rain, freezing rain, sleet and snow

Face Recognition Biometric Security Badly Broken

Sun, 15 Feb 2009 01:33:00 -0800

It was only a matter of time that this would be broken. If you have one of these laptops that uses this software, you should disable it.

My guess would be that just a simple webcam is not going to be able to get enough information to be able to tell the difference between a fake 2-d picture of an individual and an actual 3-d person. They probably need some sort of additional 3-d scanner that samples depths on a face as well or similar technique.

Facebook Privacy Settings To Minimize Ridicule And Embarrassment

Sun, 15 Feb 2009 01:25:00 -0800

This is an excellent guide to the kinds of things that you may or may not be familiar with as possible sources of embarrassment on Facebook, or even just if you want to have more control over people monitoring you. But you do have control over these things. I might suggest the relationship one for many people – so that you only post to your profile relationship status changes that you really want to broadcast.

Font Preview Application In Flash

Sun, 08 Feb 2009 13:41:00 -0800

This is a very very cool site that allows searching by font names and even allows you to see a specific unicode font rendered in a variety of fonts local to your computer.

https://www.fileformat.info/info/unicode/font/fontlist.htm?text=%E2%86%91+-+UPWARDS+ARROW+(U%2B2191)

Ms Office Wins A Battle Vs Openoffice Calc

Sun, 08 Feb 2009 13:38:00 -0800

This is completely counter-intuitive. The OpenOffice dialog for conditional formatting only lets you select from pre-defined “styles” by name (no autopreview) and no way to add a new style from the dialog. I had to google this to find out how to modify existing styles. Oy. Sometimes the MS way is the better way…

OpenOffice.org Training, Tips, and Ideas: Conditional Formatting in OpenOffice Calc Spreadsheets

Keep Up With Basic Auto Maintenance

Sat, 07 Feb 2009 07:04:00 -0800

This compiles a few sets of auto maintenance tips that everyone should know about, not only for fuel economy, but to prolong the life of your vehicle.

I actually look forward to when the car will be smart enough and have a nice enough LCD display where it could tell you when your maintenance was due since it knows your mileage and driving habits. Enough with the dumb blinky light patterns or general “service engine soon” lights. There is a computer in the car – it’s time to catch the display up with the technology so people can actually use it.

Finally An Explanation Of Why Catnet Craps Out

Wed, 04 Feb 2009 02:42:00 -0800

Ever since CAT.NET was released I have not been able to successfully use it for a typical solution/project. It actually causes Visual Studio to crash after running for a while and taking all of the available memory with it…

Even with the command-line tool, any large set of assemblies being analyzed seems to consume more than CAT.NET can get the .Net framework to allocate (not to mention the entire system grinds to a halt while it is running). The reason is due to how .Net needs to allocate contiguous pages of memory and the 32 bit per-process memory limitations. The solution for now is to run the command-line tool on 64 bit windows or vista or to split up the analysis into smaller sets of assemblies.

Intolerable Beauty

Tue, 03 Feb 2009 15:39:00 -0800

This artist’s work is MASSIVE in size and in message. I find this to be a simple yet powerful way to spread a message. I have often wondered what it would look like to see all of the thrown-away batteries, plastic silverware, plastic bags, etc. piled all together. Now you can in artistic ways.

You can even get a couple of prints 24x36 for the great price of $30 each

Mclaughlin Man Of Myths

Mon, 02 Feb 2009 11:41:00 -0800

I watch The McLaughlin Group religiously. I find the panel tends to lean right in general, but for the most part enjoy the varied opinions and the cross-section sampling of views from the right.

But, I have been increasingly annoyed with John McLaughlin continuing to trot out some seriously flawed and ridiculous myths that have been roundly debunked. And it’s been more annoying that the panelists don’t call him on them. Here is my list that have come up fairly frequently of late, and details (sourced) as to why they are bogus.

How Reliable Is Dna Identification

Sun, 25 Jan 2009 13:00:00 -0800

https://www.latimes.com/news/local/la-me-dna20-2008jul20,0,1506170,full.story

A discovery leads to questions about whether the odds of people sharing genetic profiles are sometimes higher than portrayed. Calling the finding meaningless, the FBI has sought to block such inquiry.

Lovely that our own FBI actively worked to try to block researchers and defense attorneys from investigating just how unique DNA is using the existing national DNA database (known to fellow CSI fans as CODIS). Don’t they care about the truth? Apparently not. There are 6 million DNA profiles in there so far. Staggering.

Do Market Analysts Really Know What The F They Are Talking About

Sun, 25 Jan 2009 12:41:00 -0800

After seeing these headlines in the news and RSS news feeds (many of the AP headlines _changed_ from one day to the next, but thanks to RSS readers every change was logged as a “new” entry so the full history of the headlines was preserved for your enjoyment below), I have to think the answer is “hell no”.

How could oil and gas prices both be categorized as rising and falling, rebounding and tumbling, and then the reasons for this ranging from “weak demand” to “supply from OPEC” to “storage crunch” to “Bernanke’s comments” to “US earnings”? And that was just within a span of _5 days_.

Bluesoleil Bluetooth Driver Annoyances Solved-

Sun, 25 Jan 2009 12:37:00 -0800

One annoyance is that, by default, the Bluesoleil driver does not work as a Limited user account. Since I run exclusively as a limited user on windows XP, that was annoying. Fortunately, there is a solution: run it at startup as a higher-priv user. There are negative security implications to this, especially in light of my blog posting about software/driver rot because OEMs don’t get to maintain the latest driver versions, but the risk may be worth the reward.

Citibank Atm Insecurity

Sun, 25 Jan 2009 12:35:00 -0800

Ahh, doesn’t it save so much money to outsource? Ever wonder why it is cheaper (there _are_ reasons)? Well, in this case it seems that the company running ATMs at 7-11s that Citibank allowed to put its brand on had a massive security breach. Does not look like they were very security savvy. Funny, there’s one of these ATMs at the 7-11 right near my house. And I thought I had to be scared of the tiny, off-brand ones in convenience stores!

Dead To Me Word 2007 Auto Save Recovery

Sun, 25 Jan 2009 12:28:00 -0800

You would think that there might be some compelling reason to upgrade from Office 2003 to 2007, or perhaps to consider paying for office instead of the wonderful Openoffice.org 3.0 that is totally free. You would have thought wrong as far as this instance goes.

My wife recently had a problem where the stupid windows auto-updates rebooted her computer in the middle of the night and she had (contrary to normal practice) not saved a new document to a filename. But fortunately, there were the office Auto Saves, right?

Anti Abortion Activists Think About Implications Much

Sun, 25 Jan 2009 08:44:00 -0800

This is a fascinating video. Abortion protesters are asked what should be done to the women who would have illegal abortions. None of them had an answer and none of them had ever thought about it. It was hilarious to see them come up with arguments as to why women should actually _not_ be punished if they were to have an illegal abortion. They are quick to make an analogy to abortion and killing a child, but they are very reticent to make the penalties the same. One even said something to the effect that “it would depend on the situation” and the woman’s mental state of mind. Wowzers.

Disappointment In Bits Public Comments On Contactless Payments Privacy And Security

Sun, 25 Jan 2009 05:57:00 -0800

The FTC had solicited public comments on contactless payment systems: The Federal Trade Commission and the Technology Law and Public Policy Clinic at the University of Washington Will Host a Town Hall Meeting on July 24, 2008, to Explore the Growth of Contactless Payment Systems and Their Implications for Consumer Protection If I had known this was happening in Seattle I would have definitely attended.

They have published various letters received on the website above.

Css Sprites Are Cool

Sun, 25 Jan 2009 04:05:00 -0800

I just learned about CSS sprites for reducing the amount of HTTP requests it takes to render a page. Very cool stuff.

Basically, you create a single image that contains all of the small images to use on your site and that is all you need to download. Then you use CSS and offsets within that image to select that part of the image to display in the page. There is padding around each image so that you don’t get weird renderings with different browser quirks.

Ev Certs Used Against Us

Sun, 25 Jan 2009 03:38:00 -0800

I happened to notice this in my Spam bucket. Funny to see the phishers adapting to the trend of increased use of EV certs and the fact that customers are rightly ignorant of what EV certs actually are and why they would be good for them. It’s never as simple as one might think to solve these kinds of problems with technology. There is that human factor…

Dear HSBC Member, Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV SSL Certification on this Internet Banking website.

Lou Dobbs Global Warming Denier

Tue, 13 Jan 2009 14:17:00 -0800

Hat tip to FAIR’s Counterspin for covering this last week. I hadn’t heard it discussed yet.

What hubris!! To think that you somehow know more than the consensus of scientific opinion? Argument from personal incredulity abounds.

And the great hypocritical final quote from Lou himself that he should re-read after reading his own transcript (at the site below)

CNN’s Lou Dobbs: Belief in Global Warming ‘Almost a Religion’ | NewsBusters.org

Browser Security Policies Documented And Compared

Tue, 13 Jan 2009 13:56:00 -0800

I have often wondered about this kind of thing. Browsers implement all kinds of “policies” that are largely implemented as undocumented logic in code – probably in response to a security bug. Never before that I’m aware of has such a great documentation of considerations for client-side security for browsers been documented.

I’ve read through the whole thing and it is fascinating reading. I hope the browser vendors look at this and start a war for who’s going to have a more secure browser!

Dangers Of Instant Runoff Voting

Tue, 13 Jan 2009 13:53:00 -0800

Several recent editions of RISKS discuss some evidence of the dangers of IRV (Instant Runoff Voting) systems. Which is a shame since I hoped that they would offer a better approach that could help break the stranglehold of the two-party system. When they discuss paradoxical results, one is the situation such as if three people vote and the votes are:

A preferred over B B preferred over C C preferred over A

Constitutional Challenge To Fisa Immunity Law Go Eff Go-

Tue, 13 Jan 2009 13:41:00 -0800

In Courtroom Showdown, Bush Demands Amnesty for Spying Telecoms | Threat Level from Wired.com

“Is there any precedent for this type of enactment that is analogous in all of these respects: retroactivity; immunity for constitutional violations; and delegation of broad discretion to the executive branch to determine whether to invoke the provision?,” the judge asked.

Carl Tobias, a professor at the University of Richmond School of Law, says the immunity legislation, if upheld, “makes it possible to extend immunity to other areas of the law.”

Iphone Being Closed Makes It Less Secure

Tue, 13 Jan 2009 13:22:00 -0800

I was thinking recently about developers wanting to be able to exploit future bugs in systems like the iPhone (and even in windows media player and the like) to gain access to locked content, features or. I was thinking about how this means they are not reporting security bugs but keep them secret. Which seems to be an overall negative _for the platform_ since they have created a market through their own actions that thrives on finding and keeping bugs secret. Not all those who use such vulnerabilities are good guys trying to get their fair use rights back for sure and that is where the danger lies.

Movie Plot Comes True

Tue, 13 Jan 2009 13:02:00 -0800

Funny, especially in light of watching the season premiere of “24” where Jack shoots out a video camera, which draws the people out to check on it, leaving them vulnerable to attack. Add social engineering to that and you have a nice attack.

The danger of false alarms…

Date: Fri, 6 Jun 2008 00:57:29 +0100 From: David Hollman Subject: Sometimes the computer is right…

Here’s a case where social engineering defeated an apparently correctly working automated security system and allowed a burglary:

Ripped From Informercials Spam

Fri, 09 Jan 2009 15:07:00 -0800

So, I’m listening to this story on NPR yesterday and the CEO of the company that brings you the Sham-Wow, Pedi-Paws, Ped Egg, and other cruft for $19.95 was on. I rarely watch commercials anymore because I don’t watch live TV and skip through them. So why is it that I know of so many TeleBrands products? – Spam.

That’s right. I have noticed a huge volume of spam for the stupid fscking Pedi-Paws (which sounds like it sucks, BTW). Now I find out that it’s an infomercial-peddled product. And, I recently started getting Sham-Wow spam. (aside: I hate that commercial. Makes me think I’m at the Puyallup Fair or something. Also, do they always have to be a horrid Orange color? Yeah, I’m going to use an ORANGE bath mat.)

Md5 Demonstrated Very Broken But Worse Some Cas Were Still Using It

Tue, 30 Dec 2008 16:15:00 -0800

Now, a proof-of-concept showing that the long-known MD5 vulnerabilities can be actually used to fake a CA certificate. This could be really bad if done by a bad guy. And it has long been known that to hedge your bets, your certs should use either both MD5 and SHA-1 or just SHA and drop MD5 altogether. But apparently some ridiculous CAs didn’t get that message and should not be in the business they are in IMO because of such a collossal error. Equifax Secure Global eBusiness CA-1 is one of the certificates shown to use md5rsa. From the slashdot discussion, here is a reposting of other CAs still using MD5:

Bpa Safety In Plastics For Your Baby

Tue, 30 Dec 2008 12:26:00 -0800

I’ve heard lots of information about BPA in plastics (aka Bisphenol-A), and a little misinformation. So I figured that it was time to crosscheck these concerns against the other chain-email-brand hysteria about plastics that I have debunked before.

Turns out that there is some right to be concerned about BPA in plastics. BPA was used as a synthetic hormone replacement and is combined with other ingredients to create many of the clear plastics used today. However, not all of the BPA is locked into chemical bonds and so some of it can leech out, especially when heated.

Quackery In Seattle

Tue, 25 Nov 2008 14:48:00 -0800

I often listen to AM 1090 Seattle (upstart progressive talk radio station and Air America / Nova M radio affiliate). What irks me are the many fringe/quack commercials and infomercials that air on the station. I don’t see many of the vendors listed on their sponsor pages so I’m not sure if they are just forwarding commercials from the networks, but I wish they would take a little more editorial control.

Deregulation Behind The Massive Financial Crisis

Sun, 23 Nov 2008 07:43:00 -0800

No, it wasn’t Fannie and Freddie. Alan Greenspan (who owns a lot of blame for the mess), the SEC chairman and John Snow agree it wasn’t them. Fannie and Freddie weren’t even securitizing those mortgages in large numbers until 2005.

Wonk Room » The Perino Challenge: ‘What Specific Regulation Did We Eliminate?’ Lists several key ones.

Think Progress » Cox, Greenspan, Snow Agree: Freddie Mac And Fannie Mae Did Not Cause The Financial Crisis

Gop Rebirth Focus On New Fundamentals Instead Of Fundamentalist Views-

Sun, 23 Nov 2008 07:42:00 -0800

We can only hope. You can’t keep campaigning on social issues but falling down when in office on the other issues that should be more important (the economy, the war, veterans benefits, etc.)

Think Progress » Ensign: GOP shouldn’t focus on abortion or gay rights.

Although Ensign was not ready to call for a break from socially conservative ideologies, he said issues such as abortion or gay rights should not be at the core of the party.

Cool Site With Newspaper Headlines Of Obama Win From Around The World

Sun, 23 Nov 2008 07:24:00 -0800

VERY cool. Especially for those who couldn’t get their hands on a paper copy the day-after.

Newspaper headlines of Obama election win, Nov. 5 2008 - Boing Boing

Healthy Skepticism Of Court Quot Tools Quot Of The Trade

Sun, 23 Nov 2008 07:14:00 -0800

A skeptic should be aware of the fallibility of eyewitness identification. This excellent 5-part series discusses 19 case studies and the specific techniques you may be familiar with from CSI and Law & Order that result in erroneous convictions if there isn’t adequate corroborating evidence. Hopefully some municipalities will read this and change procedures as a result to prevent more wrongful convictions. It would be nice if the writers of the popular shows would feature these issues prominently…

Boy Sent Home From School For Dressing As Jesus For Halloween

Sat, 08 Nov 2008 03:25:00 -0800

This is truly ridiculous. The constitutional prohibitions against schools endorsing religion do not extend to what the students choose to do. This is the wrong move from a first amendment standpoint. So before the religulous get in a huff about how the government is trying to get religion out of our schools, etc., I agree with you that they should not have done this. But, this was not an issue of state-sponsored-religion.

Funniest Nonprofit

Thu, 06 Nov 2008 02:12:00 -0800

They do sound like they are doing good work. But sounded like a joke at first mention. Don’t miss the 2008 World Toilet Summit.

World Toilet Organization|WTO|Global Voice for Toilets & Sanitation

World Toilet Organization (WTO) is a global non- profit organization committed to improving toilet and sanitation conditions worldwide.

And the funniest icon:

Be Careful Hanging Decorations In Space

Sun, 26 Oct 2008 14:19:00 -0700

This is amazing. X-rays from ordinary adhesive tape. The cool thing is they expect to be able to come up with a way to make an inexpensive, low-power x-ray machine for use in poor areas or areas without reliable power. This would be an interesting project for Seattle University’s Engineers Without Borders program

X-rays emitted from ordinary Scotch tape - Innovation- msnbc.com

It turns out that if you peel the popular adhesive tape off its roll in a vacuum chamber, it emits X-rays. The researchers even made an X-ray image of one of their fingers.

Experience Education And Judgment

Sat, 25 Oct 2008 17:05:00 -0700

This is a very stark comparison. I am sickened by the Dumbfuckistan residents of this country who wear lack of education and lack of reliance on sound data for decisions as a badge of honor.

We need smart people, who know smart people for their cabinet, who will have the smarts and creativity to get us out of these messes we are in. For all the talk of “experience” as the #1 factor for a president or VP, what about _not being a dumbass like Sarah Palin_? Doesn’t that count for something? And further, wouldn’t you say that pretty much any Harvard law grad would be a reasonable choice for President – especially one toward the top of his class??

My Newfound Links To Fame

Sat, 25 Oct 2008 16:41:00 -0700

So, I was on myspace inviting other members of my mentoring group to our myspace group when I noticed a posting by Death Cab For Cutie,

Death Cab for Cutie posted new blog entries: Chris Walla featured in Myspace.com’s “Front To Back” and Chris Walla campaigning for Obama

I thought, “Wait a minute. There can’t be more than one Chris Walla.” Well, there may be, but I know this one. I googled him to find a photo and more information – sure enough, he’s a friend of mine from Bothell High School that I used to play guitar with in a couple bands. And now, he is the producer and guitarist for Death Cab For Cutie. How did I not know this? His Wikipedia entry also mentions his stint with a band, The Wallflowers (no, not the famous one of the same name). I was in that band myself for a short time. It was in the days before I had truly discovered Indie rock though so was not a good fit at the time. He has also done lots of work with another favorite band of mine, The Decemberists, from Portland, OR. Insane!

Bank Implode O Meter Death Watch For Financial Institutions

Sat, 18 Oct 2008 11:38:00 -0700

If I only had known about this site in the days before the FDIC/OTS seizure… Great stuff.

The Bank Implode-O-Meter - Your play-by-play for the end game of modern banking.

Make A Difference Become A Mentor-

Fri, 17 Oct 2008 15:43:00 -0700

ntor-

I am now a third-year mentor with Community For Youth (CFY), a wonderful non-profit organization that works with youth in the three lowest-performing Seattle public high schools: Chief Sealth, Rainier Beach, and Cleveland. The program “transforms high school students who are struggling - with school, with family, with their direction in life - into young adults who have confidence, determination and self-awareness.”

It has been one of the most rewarding things that I have ever done. I love the energy of the kids; the creativity; the possibilities.

Acdc Pulls The Plug On Their New Album Being Sold On Itunes

Mon, 13 Oct 2008 10:58:00 -0700

Well, after talking with many kids who rarely buy albums, I can see their point. But eventually they will come to an end. AC/DC is delaying the inevitable.

AC/DC refuses to sell album through iTunes | NEWS.com.au

FOR those about to rock, AC/DC salutes you — unless, that is, you want to buy the heavy metal group’s newest album Black Ice on iTunes.

“Maybe I’m just being old-fashioned, but this iTunes, God bless ’em, it’s going to kill music if they’re not careful,” said lead singer Brian Johnson, 61.

Cq Exposes Ayers Allegations Quot Pants On Fire Quot Wrong

Mon, 13 Oct 2008 07:11:00 -0700

CQ Politics | Fact-Checking the Ayers Allegations: So Wrong, It’s “Pants on Fire” Wrong

Permitting Same Sex Marriage Is More Moral Than Prohibiting It

Mon, 13 Oct 2008 05:38:00 -0700

ng-it

I think it is immoral to deny people who love each other the rights and privileges that come with marriage (as a civil, contractual union – a license granted by the State, not in a religious context). Changing a state or federal constitution to ban same-sex marriage is, in fact, writing bigotry and hatred into those documents. Substitute “black” or “african american” or “mixed-race marriage” into any rationale for banning same-sex marriage and you will see how bigoted such claims really are.

Open Letter The Guilt By Association Game Okay Mccain Let'S Play

Mon, 13 Oct 2008 03:49:00 -0700

This is an edited response to the desperate hate-mongering and lies and guilt-by-association game that McCain/Palin are trying to gin-up. I wanted to have a nice list of McCain/Palin’s associations. Of course, Guilt by association isn’t. So I am not arguing that their associations make them guilty – just that there are lots of associations to go around if you want to play that game. But if you’re going to play, you’ve got to show your cards as well.

Mccain Fact Check From Last Debate Planetarium Projector Overhead Projector

Sun, 12 Oct 2008 15:51:00 -0700

Note to McCain: Overhead projector is not a planetarium projector - Boing Boing

My friends, during last night’s presidential debate, McCain took That One to task for approving funding for an “overhead projector.” Howard Covitz, who used to work at Chicago’s Adler Planetarium, prepared this helpful graphic for McCain to show the difference between an overhead projector and a planetarium projector.

Warning: This email has been known to cause stupidity by the State of California

Sun, 12 Oct 2008 13:36:00 -0700

I feel it is my moral duty to not let emails full of lies, mischaracterizations, and known misleading or untrue information go by without pointing this out.

When 61% of the country believes in the Noah’s Ark flood story _literally_, between 45% and 70% believe that Saddam Hussein was behind the 9-11 attacks, and 12% of Americans still think that Barack Obama is a muslim, it is clear that when things get written down and repeated over and over again, it has an effect of changing people’s minds so that they believe things that never happened or are clearly or demonstrably untrue.

More Evidence Against Data Mining As An Anti Terrorist Tool

Sun, 12 Oct 2008 11:19:00 -0700

There have been a number of studies saying the same thing (search Bruce Schneier’s blog for plenty of other examples)

It’s kind of like trying to determine if someone is going to rob a bank by looking at their phone calls, etc. How do you know _beforehand_ what kinds of “patterns” and “data” are indicative of a bank robbery? And even if you see one bank robbery, not all are created equally, so why would you be able to infer that you could predict the next one based on previous data?

Election Hi Jinx Begins 'Osama' On Ny Ballot

Sun, 12 Oct 2008 05:39:00 -0700

Yeah, “Oops”. “Honest mistake”

ELECTION MIX-UP: ‘OSAMA’ ON THE BALLOT - New York Post

TROY, N.Y. - Who is running for president? In an upstate New York county, hundreds of voters have been sent absentee ballots in which they could vote for “Barack Osama.”

The absentee ballots sent to voters in Rensselaer County identified the two presidential candidates as “Barack Osama” and “John McCain.” In the United States, the best-known person named Osama is Osama bin Laden, leader of the al-Qaida terrorist group.

Sam Harris On Palin

Sun, 05 Oct 2008 15:33:00 -0700

This is one of my favorite parts of this article for Newsweek. The scary thing is that you could see her answering a question just like this.

Sam Harris on Sarah Palin and Elitism | Newsweek Politics: Campaign 2008 | Newsweek.com

What is so unnerving about the candidacy of Sarah Palin is the degree to which she represents—and her supporters celebrate—the joyful marriage of confidence and ignorance. Watching her deny to Gibson that she had ever harbored the slightest doubt about her readiness to take command of the world’s only superpower, one got the feeling that Palin would gladly assume any responsibility on earth:

Link O Rama

Sun, 05 Oct 2008 05:20:00 -0700

A couple of cool sites that I’ve come across recently

- Science Facts, science trivia, science info

Science news and loads of interesting facts, like this one:

Each King in a deck of playing cards represents a great king from history. Spades - King David; Clubs - Alexander the Great; Hearts - Charlemagne; and Diamonds - Julius Caesar.

Wordle - Beautiful Word Clouds

Wordle is a toy for generating “word clouds” from text that you provide. The clouds give greater prominence to words that appear more frequently in the source text. You can tweak your clouds with different fonts, layouts, and color schemes. The images you create with Wordle are yours to use however you like. You can print them out, or save them to the Wordle gallery to share with your friends.

Annoyance Tv Football Graphics Without Persistent Down And Yardage

Sun, 05 Oct 2008 05:16:00 -0700

I can’t believe that I would be the only one to notice this, but I find it so annoying that it seems universal across College and NFL football coverage and universal on every network I’ve seen that the statistics that are persistent on the screen throughout the game only consist of:

Network, current score (plus possession), time remaining, period, (blank space for down and yards) and other scores.

I find the most interesting information at any given moment though is what the Down and Yards to go are. Why are they not always listed? They are only displayed _when they change_, and then they are hidden. Why, oh why? What reason could there be for not showing this during the play?

Police Don'T Have To Pay For Damage During Raidsin Washington

Sun, 05 Oct 2008 05:10:00 -0700

I often think of this when I watch CSI and see them busting down doors, cutting people’s carpet, etc. to obtain evidence or apprehend suspects.

This is a terrible ruling. I can’t believe that this couldn’t be considered negligence for a mistake that they would need to pay for.

WA: Police don’t have to pay for damage during raids » Rational Review

“In a split decision Thursday, the state Supreme Court rejected a plea by a Kent property owner seeking compensation for damage done during a drug raid. Affirming lower court decisions, five of the court’s nine justices found the city of Kent was not required to pay $5,000 for damage to buildings owned by Leo Brutsche during a failed 2004 anti-methamphetamine operation. During the raid, narcotics officers used battering rams to knock down doors in buildings owned by Brutsche while searching for a meth lab they believed Brutsche’s son to be operating on the property, according to court records. No drugs were found, and Brutsche contends he offered officers keys to the doors before they began knocking them down.” (10/02/08)

New Research Lack Of Control Increases Seeing Patterns Where None Exist

Sun, 05 Oct 2008 05:07:00 -0700

This is very interesting research. May explain why people turn to religion in those instances too.

See a Pattern on Wall Street? - TierneyLab Blog - NYTimes.com

These questions are not unrelated, according to a report in the new issue of Science by Jennifer Whitson and Adam Galinsky. The researchers found that when people were primed to feel out of control, they were more likely to see patterns where none exist. They would spot an object in each of the images above, even though only the image on the right contains one (the outline of Saturn and its rings). If you thought you saw something in the image on the left, don’t be too hard on yourself — your feeling may be perfectly understandable given the chaos on Wall Street.

Don'T Believe The Polls

Thu, 25 Sep 2008 07:58:00 -0700

Hot off the presses. The nonpartisan Pew Research Center finds that the previous assumptions that cell phone users thought similarly to landline phone users who are able to be polled are likely not valid. In fact, 62% of young cell phone-only users preferred democrats and Obama specifically.

Therefore, any polls that are head-to-head national and do not include cell phone users are very, very suspect.

The Associated Press: Study: Omitting cell phone users may affect polls

Bush Amp Paulson Just Making Sht Up

Wed, 24 Sep 2008 15:20:00 -0700

ht-up

Hat tip to Chuck Schumer who asked a real question of Paulson earlier this week about why $700 billion, and why all the money now? Why not $150 billion and come ask for more so we can see whether it is working?

Think Progress » Treasury explains how it came up with $700 billion: We just wanted ‘a really large number.’

In fact, some of the most basic details, including the $700 billion figure Treasury would use to buy up bad debt, are fuzzy.

Insiders Steal Data From Countrywide

Sat, 20 Sep 2008 07:19:00 -0700

I got my letter this week that my data appeared to be affected. They are taking serious measures though and offered 2 years of free credit monitoring services to those affected.

Although I can’t help but think about how phishy it looks when I was directed to go to not experian.com, but consumerinfo.com/countrywide. And I’m supposed to know that consumerinfo.com is Experian??

Insider arrested in relation to Countrywide data theft - security

Evidence That Democratic Adminnistrations Bring More Economic Prosperity To America

Tue, 09 Sep 2008 16:32:00 -0700

https://www.nytimes.com/2008/08/31/business/31view.html?_r=1&em&oref=slogin

“The stark contrast between the whiz-bang Clinton years and the dreary Bush years is familiar because it is so recent. But while it is extreme, it is not atypical. Data for the whole period from 1948 to 2007, during which Republicans occupied the White House for 34 years and Democrats for 26, show average annual growth of real gross national product of 1.64 percent per capita under Republican presidents versus 2.78 percent under Democrats.

Open Letter Response To Quot Dear Mr Obama Quot Video

Tue, 09 Sep 2008 16:23:00 -0700

I was surprised to find recently that these kinds of propaganda videos/emails seem to stay almost entirely within right-wing circles of discussion. I have googled and either nobody who is a progressive or skeptic is examining the claims or having a balanced discussion about these or they are so drowned out by the same kinds of passive-aggressive postings with little to no added value. Even the right-wing sites that are discussing this are not discussing any salient ideas. It seems like the ultimate “bumper sticker” mentality – i.e. bumper stickers aren’t going to change anyone’s mind and really only serve as membership cards in a particular mindset.

Excessive Sql Logging In Zogby Website

Tue, 09 Sep 2008 15:44:00 -0700

Zogby website backed by…MS Access…yuk.

Got this gem of an error message this evening trying to bring up a link from google. It’s not a good idea to expose this kind of information to the Internet as it makes it easier for someone to attack your application, perhaps with SQL injection.

Error Diagnostic Information

ODBC Error Code = S1001 (Memory allocation error)

[Microsoft][ODBC Microsoft Access Driver] Not enough space on temporary disk.

Nvidia Driver Breaks Remode Desktop On Windows Xp Solution

Sun, 07 Sep 2008 09:21:00 -0700

Gotta love Google.

I added this key, rebooted and now I’m back in business!

NVIDIA Forums -> WHQL 175.16 - remote desktop fails

This problem is not specific to any one graphics company. It can probably happen with printer drivers too.

The root of the problem is that the session image space is too small and it can’t load any more drivers into it. The session image space is shared for the display driver drivers and printer drivers. rdpdd = remote desktop protocol display driver.

Preaching To The Choir Fake News Viewers More Informed Than Mainstream News Viewers

Sun, 24 Aug 2008 06:22:00 -0700

A recent Pew research study shows that viewers of The Daily Show and The Colbert Report are more informed about current events than “average consumers of NBC, ABC, Fox News, CNN, C-SPAN and daily newspapers.” Pathetic.

e.g.

“Thirty percent of Daily Show and 34 percent of Colbert viewers correctly identified Secretary of State Condoleezza Rice, British Prime Minister Gordon Brown and the majority party in the U.S. House of Representatives”

Sad Cynical Reaction From Yglesias About Op Eds

Sun, 24 Aug 2008 06:15:00 -0700

Again, nothing annoys me more than unadulterated lies and distortions that go out unchallenged. More evidence that we cannot rely on the mainstream media for fair and accurate reporting. It’s a shame.

Matthew Yglesias (July 27, 2008) - Facts Are Hard (Media)

Of course if being accurate were a requirement for op-ed pieces, then more than one national newspaper columnist might be out of a job. So given the current economic downturn, I think it’s important to keep letting people make stuff up.

Mccain Cites Urban Legend As Evidence Of Al Qaeda Evil

Sun, 24 Aug 2008 06:12:00 -0700

Nothing annoys me more than someone using debunked, false, misleading, distorted information to support a position. And who decides to do this with a straight face, but John McCain. You know, we really should require our officials to not only be honest but to be well-informed on what they are talking about. McCain just falls down again with this gaffe showing how he is not only out of touch on the economy, but also on foreign policy – a supposed strong point of his.

Carbs Attack Appetite Suppressing Cells Over Time

Sun, 24 Aug 2008 06:07:00 -0700

Fascinating that we now know that the very mechanism of how our brain determines that we are full (satiety) relies on free radicals, but it is these same free radicals that actually negatively affect our very ability to detect satiety long-term! But carbs are soooo good.

Killer Carbs: Scientist Finds Key To Overeating As We Age

Dr Andrews found that appetite-suppressing cells are attacked by free radicals after eating and said the degeneration is more significant following meals rich in carbohydrates and sugars.

News From Seattle Former Police Chief Is Anti Drug Prohibition

Sun, 24 Aug 2008 06:04:00 -0700

Kudos to Norm Stamper for the courage to speak his mind and use his experiences to go against the grain. Sounds like an interesting book as well.

I can’t help but think of how much resources are wasted on the war on drugs as I watch episodes of “The Wire”. All that would go away. And the hypocrisy of alcohol being legal while marijuana is not is asinine.

Former Seattle Police Chief on the high costs of the drug war - Boing Boing

Flying Without Id

Sun, 24 Aug 2008 05:06:00 -0700

Legally, there is no requirement that you must have an ID to fly in the US. However, you may encounter lots of resistance. That’s why I, as a security professional, have not yet attempted to do so. My wife would probably not be as interested as I am in the answer…

Seems as if the TSA may even have different procedures for those who _forget_ their IDs than for those who _refuse to show_ ID. Funny. It is also noted that if they write SSSS on your boarding pass for “special screening”, if you were to have another copy of your boarding pass without the SSSS you may be able to bypass the extra screening.

Medeco Hacked At Defcon 2008

Sun, 24 Aug 2008 05:01:00 -0700

Ahh, the holy grail. Basically, if anyone gets to photograph your medeco keys, any hacker can whittle a blank from that photo and bypass these “high security” locks.

Add “Obtain photograph of building keys” as a node in your physical security threat models ;-)

Working Medeco high-security keys can be whittled out of plastic - Boing Boing

Researchers at DefCon in Vegas have demonstrated that they can make “high security” Medeco key-blanks out of the plastic used in credit-cards, and then whittle them into working keys by referring to low-resolution photos of original keys.

Diebold Admits Coding But That Causes Vote Loss

Fri, 22 Aug 2008 11:33:00 -0700

Diebold originally blamed a glitch that lost votes on anti-virus software but it turns out it was due to a flaw causing votes to not be recorded to memory when uploading votes from the external cards. It’s a wonder how something as simple as counting votes could have so many bugs in core functionality…

Note to US Bank customers: Diebold makes many of their ATMs! Let’s hope the accounting is better there.

Anonymous Company Ratings Reviews And Salaries Online

Sun, 17 Aug 2008 09:07:00 -0700

Wow, what a cool site. They even have ratings of CEOs but this can be an invaluable site when negotiating salary for a job, or deciding which field you want to get into.

Glassdoor.com - Company Ratings, Reviews, and Salaries.

Insider At Wamu Embezzles 16mm

Sun, 17 Aug 2008 08:55:00 -0700

And who thinks businesses don’t need to worry about insiders? Harden your soft-chewy center. The most puzzling thing is that she was let out on $100k bail, yet she is from Mexico and that’s where she wired the dinero…

SignOnSanDiego.com > News > Metro – Bank teller arrested in $1.6 million theft

SOUTH COUNTY: A 22-year-old bank teller was arrested Tuesday on suspicion of embezzling more than $1.6 million from Washington Mutual Bank and wiring the money to a bank in Mexico, a sheriff’s investigator said.

Panoramic Aerial Photography Using A Kite

Tue, 12 Aug 2008 14:56:00 -0700

-kite

Got this link courtesy of Credo Mobile. Very cool. I was intrigued by the San Francisco shots since I just got back from there, but they are photos from nearby, not of the city.

Kite Aerial Photography by Scott Haefner | 360° Panoramas

Fairy Amp Human Relations

Mon, 28 Jul 2008 15:26:00 -0700

I was sad that when I was near Winthrop, WA this past weekend I was not able to break away to check out the Fairy & Human Relations Congress 2008 that was going on. I’m glad I remembered the website address so I could read more about it.

The notion that Fairies are not Human, such that they need to find ways of relating to us humans was strange. “The humans are vastly outnumbered at the Congress by the fairies, devas and other Light beings who are in attendance.” I wasn’t sure from the advertisement I saw if they were for real or not but I think they are. Of course you need to bring your crystals and items for the fairy altar.

Questions For Democratic Wankers Who Support Fisa

Sat, 05 Jul 2008 10:32:00 -0700

It is infuriating me that the spineless Democrats are not taking a stand on FISA and are actually putting their own political spin on how it’s a “compromise” (read: “capitulation”, as noted elsewhere in the blogosphere) and a good thing. Here are several key questions I had been thinking myself, but not in such clear terms:

Daily Kos: Betting it all on criminal wiretapping prosecutions.

1. Why, if you believe there are or may be grounds for criminal prosecution, would you immunize against civil liability? What sense does that make, exactly? Why make life easier for people you’re telling us should be or could be subject to criminal liability?

Open Note To Obama On The Fisa Immunity Provisions

Thu, 03 Jul 2008 11:10:00 -0700

In response to a moveon.org phone campaign, this is the message that I communicated to Obama’s campaign staff.

“The FISA bill is something that I am very concerned about. I know that Barack has said that he is not fond of the immunity provisions in the FISA bill. I wanted to call to encourage Barack to take a stand unlike many of the other Democrats who have voted for this bill in the past and also take a stand for the rule of law. We know this is something that the current administration cannot be counted on to do and we are looking for Obama to change that.”

Electoral Projections Blog

Sun, 29 Jun 2008 16:04:00 -0700

Got this link via a colleague and it has some of the most detailed, up-to-date data and analysis on the polling data and cruft coming from the punditrocracy about who’s going to win what and how they can win it. One to keep an eye on this election season. These will be some long months ahead! Right now it shows that Obama has an 88.6% chance of winning the election if it were held today.

Ncis Can'T Hold A Candle To Csi

Sun, 29 Jun 2008 15:44:00 -0700

I had watched one episode of NCIS early on in its life and just thought that the writing was _horrible_. I knew then that I didn’t need to watch any more episodes.

Well, someone I know was recently raving about NCIS so I decided to give it another shot–maybe they had gotten new writers? It was still _horrible_ writing. The writers tended to make most every line “cutesy”, “syrupy”, not like real people would talk at all. And the cast of characters are all their own caricatures. They fill the show with loads of dialogue that just detracts from the show. It seemed strained, like the writers are trying _way_ too hard to be funny. It wasn’t.

Batch Transcoding Flv Audio To Oggvorbis Using Vlc

Sun, 15 Jun 2008 15:11:00 -0700

Here’s a handy bash script that I use to quickly batch transcode flash audio-only files into ogg/vorbis for playing on my Cowon D2:

for file in *.flv; do /cygdrive/c/Program\ Files/VideoLAN/VLC/vlc.exe -vvv $file –sout="#transcode{acodec=vorb,ab=192,channels=2}:standard{mux=ogg,dst=$file.ogg}" vlc:quit; done

Coolest Social Network Music Site

Sun, 15 Jun 2008 14:34:00 -0700

IMEEM - what’s on your playlist?

I stumbled across this site googling for samples of some songs on albums I was considering buying. They have postings of high-quality videos and clips of songs, with charts. Excellent for trying to find that song on the radio you never knew the name of but enjoyed.

Democratic Leaders Need A Spine Say No To Fisa Compromises

Sat, 14 Jun 2008 04:57:00 -0700

This points out how the Democrats aren’t capitalizing on this issue which is working against the Republicans. Show how the Democratic party is about freedom and the Republicans are about unitary executive and a police state.

Daily Kos: State of the Nation: McCain’s FISA Flip-Flops Still in the News

Now, take some action and tell your congresscritters to take a stand on our rights. Thanks to CREDO Mobile!

Say No to Senator Bond’s FISA Capitulation

From The So Dumb It'S Hilarious Department

Sun, 08 Jun 2008 15:52:00 -0700

A running family joke, but I laugh every time I hear this.

YouTube - Kitty Cat Dance

YouTube - cat i’m a kitty cat

Owasp Net Csrfguard

Thu, 05 Jun 2008 10:37:00 -0700

At the OWASP conference in San Jose last year, the Java OWASP CSRFGuard was presented and I met Eric Sheridan, its author. I noted that there was not an analogue for .Net so I started coding right then.

Well, it’s been a hobby project for some time. Eric and I have gone back and forth with design/feature ideas and are working toward feature-equivalent solutions for each language, albeit implemented within the appropriate language paradigms.

Catholic Church Again Being Heavy Handed About Pro Life Supporters

Wed, 04 Jun 2008 11:20:00 -0700

This is really stupid. To single out only certain members of the church? I agree with Steve,

“I think it’s a mistake to deny Communion to public officials who, in their official capacity as policy makers, stray from the church’s doctrines. But this is adding insult to injury — targeting Catholic congregants based on their votes, rather than their beliefs and conduct.

In other words, at least in the abstract, John Kerry should be blocked from receiving Communion and Catholic voters who supported him should receive the same treatment.”

Christian Group Whining About Starbucks Quot New Quot Logo

Sat, 31 May 2008 16:11:00 -0700

Starbucks is switching back to their original logo, which Howard Schultz described as “bare-breasted and Rubenesque; [it] was supposed to be as seductive as coffee itself”. So, of course, the crazies who equate sex with the devil are going…crazy…over it. Can’t we send them back to the 16th century? they said “The company might as well call themselves Slutbucks.”

But this makes for quite a fun thought: You could get a Starbucks coffee and take it with you while you ride the South Lake Union Trolley (aka S.L.U.T.) It could be more fun than the Duck tour for tourists. It could even have a stopover at the Lusty Lady.

O'Donnell Schools Buchanan

Sat, 31 May 2008 04:21:00 -0700

Oh, this is rich! Lawrence O’Donnell calls Pat Buchanan out for criticizing Scott McClellan for the very same thing he did under Nixon: not saying anything or opposing or resigning in the face of wrongdoing.

Crooks and Liars » Lawrence O’Donnell Humiliates Pat Buchanan

Ron Paul Grabs 24 Of Votes In Id Primary

Sat, 31 May 2008 04:10:00 -0700

Ouch. Even after winning the nomination McCain still can only get 70% of his own party’s votes–which is not unlike other state totals. And to have Ron Paul continue to get double-digits is very intriguing.

Paul has best showing yet, in Idaho - 2008 Presidential Campaign Blog - Political Intelligence - Boston.com

John McCain has the Republican nomination wrapped up, but Ron Paul isn’t going anywhere.

In fact, in Tuesday’s little-noticed Republican primary in Idaho, the iconoclastic Texas congressman had his best showing so far, grabbing 24 percent of the vote, nearly 30,000 votes in all.

Mainstream Media Defensiveness Indicates More Of Same Is Likely In Future

Fri, 30 May 2008 20:20:00 -0700

Media Matters - “Media Matters”; By Jamison Foser

Does anybody who isn’t employed by or related to George Bush still deny that the administration wasn’t truthful about Iraq? Or that the news media could have done a better job in the months preceding the war?

This was a rhetorical question in the article, but the answer is “yes”, unfortunately. Who are these who think the media did just a fine job of covering the run-up to the war? Well, the media themselves. I watched David Gregory defend himself with disgust on Hardball. Read this article Nieman Watchdog > Commentary > A refresher on how the press failed the people for more examples, but also some examples where the press rightly criticized itself. Given that even many journalists and media outlets have actually admitted some level of failing, it is even more baffling how many still claim that everything was as good as it could have been. This article is also notable in that it has larger excerpts from McClellan’s book criticizing the press than have been covered elsewhere.

California Marrying Same Sex Couplesjust Like Gassing The Jews-

Thu, 29 May 2008 12:15:00 -0700

jews-

Um, yeah. Godwin’s law in full effect. Disgraceful!

‘Gas the jews’ vs. ‘Marry the gays’: ‘SaveCalifornia’ get cold feet - Good As You:: Gay and Lesbian Activism With a Sense of Humor

But it is also good to see New York State move to recognize same-sex marriages as well.

How can people compartmentalize so that they don’t see how “Separate but Equal” is the same argument as “Civil unions but not “marriage””? “Separate but equal is a set phrase denoting the system of segregation that justifies giving different groups of people separate facilities or services with the declaration that the quality of each group’s public facilities remain equal.” Hello? If that is illegal and immoral, then why not these laws? It’s the same thing and I predict eventually they will either be repealed or ruled unconstitutional. In fact, it violates the Fourteenth Amendment (Equal Protection Clause)

Economic Stimulus Act Of 2008 Notice Divulges The Last Four Of Your Ssn

Tue, 20 May 2008 10:52:00 -0700

I just got my second notice about my pending economic stimulus act rebate and saw to my dismay that it divulges the last 4 of my SSN. They mask out all the least-secret parts but leave the last 4 digits. Lame! Look for this format on the right-hand-side of the letter inside the very conspicuous envelope: XXX-XX-1234

So, be sure to shred these notices!

Debugging Nunit Tests In Visual Studio Express

Mon, 19 May 2008 15:09:00 -0700

One of the annoying things about VS Express (other than it for some reason not saving my user preferences) is that there is not an easy way to debug nunit tests from within the UI. There is also no way to attach to a process to debug, which is going to limit asp.net development utility. Maybe VS 2008 Express is improved in this regard? I’ll download and see.

Here are two great ways to debug nunit tests. I opted for the simpler option of creating a .csproj.user file and adding the section to each of the <PropertyGroup> sets like so:

Michelle Malkin Video Draws Mysoginistic Feedback On Youtube

Sun, 18 May 2008 10:54:00 -0700

I am really getting tired of seeing the male response to crap like this stupid video that Michelle Malkin created involve sexual domination rhetoric against women. It debases the speaker and taints the debate and opponents of Malkin by proxy.

Unbelievable. I think the responses to the video are far, far, far worse than the video.

YouTube - VENT The Defeatocrats’ Cheer

Open Letter Flagrant Rantings Of An Anonymous Interneter

Mon, 05 May 2008 14:57:00 -0700

I had to turn this into an open letter response. I saw several of these messages being posted to blogs without any response. Most likely because it is so inflammatory and haphazard.

But, it was so tiring that I had to stop part way though. Maybe someone else can post other replies to finish this out…if you can make it that far.

-Jason

-—-Inline Message Follows—–

I did not write this…. But?????????????

Lieberman Website Was Not Hacked It Crashed

Tue, 29 Apr 2008 11:19:00 -0700

Lieberman is a wanker for many other reasons than this. But people do love to blame the faceless, nameless hacker before they exhaust their own likely culpability for an incident so whether it is purely political or the IT blame-game, it’s typical.

Media Matters - Media that reported Lieberman’s hacking charge against Lamont supporters have yet to report FBI found “no evidence of (an) attack”

Summary: Despite having reported the allegation by Sen. Joe Lieberman’s campaign that supporters of Ned Lamont had “hacked” Lieberman’s campaign website, ABC, CNN, and CBS have yet to report that an FBI investigation reportedly found “no evidence of (an) attack.” The Advocate of Stamford, Connecticut, reported on April 9 that an October 2006 FBI email indicated that the FBI had found Lieberman’s website “crashed because Lieberman officials continually exceeded a configured limit of 100 e-mails per hour the night before the primary.”

More Opportunity To Take Progressive Action

Fri, 18 Apr 2008 04:25:00 -0700

Moveon.org has a petition to media outlets to avoid a repeat of the recent ABC “news” “debate” which involved spending most of the time on inane “gotcha” kinds of topics and nothing on substantive issues. It was a horrid debate and was resoundly chided by most all critics.

“Debate moderators abuse the public trust every time they ask trivial questions about gaffes and ‘gotchas’ that only political insiders care about. Enough with the distractions–ABC and other networks must focus on issues that affect people’s daily lives.”

Progressive Democratic Outrage

Thu, 17 Apr 2008 10:33:00 -0700

I was incensed when the democratic senate passed the horrid FISA bill. It’s good that congress is actually standing up for what is good though and holding a tough line. I just wish the senate would get on board and at least do something, even if it will be vetoed.

And this frustration can be seen in what I wrote for the democratic petition to impeach Bush and Cheney for torture:

Climate Denier High School Textbook Clumsily Defended By Publisher Houghton Mifflin

Sun, 13 Apr 2008 12:10:00 -0700

Think Progress » Blog Archive » Houghton Mifflin offers misleading defense for climate-denier high school textbook.

Houghton Mifflin issued this statement in response to the growing controversy:

The authors do not provide a history of global warming; rather they use the issue to illustrate “entrepreneurial politics.” As part of this illustration, the book cites a wide range of sources, from the Intergovernmental Panel on Climate Change to Nobel Prize Winner Al Gore. Late last year, we released the 11th edition of “American Government,” which included some revisions to the “entrepreneurial politics” section. These revisions reflect current developments in environmental policy research.

Bill Kristol Consistently Wrong

Sun, 13 Apr 2008 11:45:00 -0700

This is a great quote that sums up Kristol:

William “The Bloody” Kristol who apparently thinks that enthusiastic consistency makes up for being 100% wrong on about everything he says.

And two other favorites are:

“Oh, Bill Kristol, are you ever right? – John Stewart

“the first to be wrong about WMD in Iraq in 1997” – John Stewart

Crooks and Liars » FOXNews Sunday: Bill Kristol Says Iraq is “Good” for McCain; Williams Says Kristol “Strains Credibility”

10 Home Security Tips

Tue, 08 Apr 2008 17:23:00 -0700

A pretty good list to keep in mind for securing your house.

I would also avoid keeping curtains open with a direct view into what kind of expensive stuff you have waiting inside. I’ve seen many a house these days with nice LCD or plasma TVs in the living room visible from the front door…

One of the best home security tips is to get to know your neighbors so you can watch out for each other.

2008 Issa Northwest Regional Security Conference April 23rd

Mon, 07 Apr 2008 03:52:00 -0700

Sign up for the cheap and excellent 2008 ISSA Northwest Regional Security Conference. It is going to be on April 23rd in the same location, the Olympia Red Lion hotel. You don’t have to be an ISSA member to attend – you just have to pay a tiny bit more. And did I mention there will be a hosted social hour afterward where you can get your mingle & drink on?

Dangers Of Publishing Too Much Information About You Online

Sun, 06 Apr 2008 06:10:00 -0700

I am often surprised at how much information bloggers put about their daily activities online. I myself prefer to publish information about what I’ve done _after_ I get back to avoid blabbing to the world when I will be gone. And, I don’t have my calendar publically-available either. Do you? How much do you leak out about yourself online?

Death by Google Calendar: How I Identified you to rob you

Copy Protection Sucks

Sat, 05 Apr 2008 17:49:00 -0700

Okay, I’ve got an Xbox Media Center setup and have found that some new DVDs, namely Rendition (2007), simply will not play in my XBMC. And, it causes VLC to crash. Windows media player hangs after the previews.

But, it will play just fine in Cowon’s excellent JetAudio software.

Turns out it’s because of some ill-conceived new copy protection that appears designed to thwart software-based DVD players (and presumably rippers).

Comparing Obama Vs Clinton

Sat, 05 Apr 2008 00:43:00 -0700

There are significant differences. Here are some key ones that made me a supporter (and precinct delegate) of Obama:

On civil liberties. I was incensed that Clinton not only missed the vote on the FISA reauthorization bill that passed the senate, but that she made no attempt to lead against it at all beforehand. Obama, OTOH, did not vote but spoke out against it.

LCV ranks Obama higher on the environment I do wish that he would be more aggressive in some positions, such as pushing for doubling fuel economy standards far sooner than within 18 years as he has pledged. But I know this has been a big issue for the big auto lobbyists, which is why fuel standards haven’t changed since the 90s so this is probably a starting point at least for negotiations.

Crazy Religious Person Of The Moment

Sun, 30 Mar 2008 15:23:00 -0700

Man found with woman’s body packed in dry ice in his hotel room

Airborne Settles Class Action Lawsuit

Tue, 25 Mar 2008 14:20:00 -0700

Airborne Agrees to Pay $23.3 Million to Settle Lawsuit Over False Advertising of its “Miracle Cold Buster” ~ Newsroom ~ News from CSPI

Lying scum.

If you are taking Airborne, try Obecalp instead. It works a lot better.

And if you take three per day, as suggested on the box, you are in danger of overdosing on Vitamin A.

Bush Is Overtly Pro Torture

Sat, 08 Mar 2008 15:18:00 -0800

What an ignorant, evil, imbecile bastard.

Crooks and Liars » Bush Vetos Anti-Torture Bill, Says Torture One Of “The Most Important Tools In The War On Terror”

1917 Bare Breasted Lady Liberty Coin Shunned By Puritanical Americans

Tue, 04 Mar 2008 01:06:00 -0800

Recently learned about this on History Detectives. More evidence of the kind of crap we have to deal with because of the mixing of religion and politics and our puritanical heritage…

The 1916 Lady Liberty coin featured a design of Lady Liberty exposing one breast. There was outrage of this being “obscene” and in 1917 the breast was covered in a coat of mail. I wonder if John Ashcroft’s relatives were involved with this controversy?

Crackpot Science Emf Crank Dr George Carlo

Mon, 03 Mar 2008 14:02:00 -0800

I couldn’t believe what I was hearing on the radio when I heard this. I took a voice note that I’m now transcribing for your blogreading pleasure. Here is a transcription of my notes:

5:44pm sat oct 20th 2007

On am1090 radio, some guy claiming that "information carrying" radio waves (which we have never seen or experienced before
(in nature) as humans) actually cause cells to treat the waves as a foreign invader (in blood or
elsewhere). He said that they actually close down the cell membrane so the cells don't get nutrients.

His name is Dr. George Carlo

He was in one of the cell phone safety studies from 1993.

As someone with an Electrical Engineering undergrad degree and a very skeptical mindset, I was floored to hear something as ridiculous as the claim that “information carrying” radio waves are somehow more dangerous than those naturally-occurring radio waves before humans. The information is encoded on the radio waves as a modulation of frequency, phase, amplitude or some already-existent property of the radio waves. It would not make a radio wave go from being benign to dangerous.

Email Factcheckorg With Dubious Political Claims

Mon, 03 Mar 2008 13:45:00 -0800

Very timely after my Obama open letter…

 Dear Subscriber:

We want your help.

 In the weeks to come, many of you may be receiving dubious political
mailers, chain e-mails, phone calls or other political communications
attacking or supporting a presidential candidate.

 Please consider forwarding these "under the radar" political messages
to us for evaluation.

 Please be alert for anything like the false e-mail attack on Obama
that we debunked Jan. 10, or the misleading postcard attacking Romney
that we took on Jan. 15.

 We would also be interested to get recordings of any dubious claims
made in phone calls or left on answering machines, whether they come
from live callers working from scripts, or are automated "robo-calls."
These might be in the form of phony public-opinion polls in which the
caller asks something like, "Would you change your vote if you learned
that Candidate X didn't pay her income taxes last year?"

 These kinds of messages are often aimed at voters in specific
geographic areas, or at specific demographic groups, and FactCheck.org
is seldom on the list. But with your help we will do our best to keep
distortions and falsehoods from spreading by these means.

 -Brooks Jackson

 If you can scan hard copies into your computer, or make digital audio
files, please e-mail to:
 [Editor@FactCheck.org](mailto:Editor@FactCheck.org)
Make the subject: Attn: Brooks Jackson

Otherwise, please send hard copies or physical recordings to:
Brooks Jackson
FactCheck.org
320 National Press Building
Washington DC 20045

Notable Quote On Change

Mon, 03 Mar 2008 13:42:00 -0800

"The chief cause of problems is solutions." Eric Sevareid, 1970

Global Warming Deniers Rebuttal

Mon, 03 Mar 2008 13:30:00 -0800

This is an excellent post to the SGU forum you can hand to any global warming denier.

The Skeptics’ Guide to the Universe Forum :: View topic - Global Warming & CO2 cause or effect?

Aclu Fisa Fact Check

Mon, 03 Mar 2008 13:27:00 -0800

Good to check out what kind of wool the Bush administration is trying to pull over your eyes on FISA. And the weanie democrats in the House seem to be following in the (lack of lead) of the Senate democrats and seem likely to give the telecoms retroactive immunity _even though nobody (not even the senators voting) knows what exactly they have done or for how long or under what circumstances_

More People Quot Unaffiliated Quot With Religion In The Us

Mon, 03 Mar 2008 13:25:00 -0800

A completely unscientific mashup of survey data from a couple different surveys for comparison.

1990

2001

2008

Percent Christian

86%

77%

78.4%

Follow no organized religion

14.1%

16.1%

4.7% believe in “other faiths”. That means that 20.8% of Americans (about 47 million Americans) have either no faith or a non-Christian faith.

In 2001, Washington State had 25% in the “unaffiliated” with religion category. Surprisingly, our state is much less religious. Funny how many freaking churches there are everywhere though.

Open Letter Response Racist Obama Email Circulating

Mon, 03 Mar 2008 13:05:00 -0800

I had to respond to this email.; It made me so angry that such lies and racist remarks get passed around so carelessly. People don’t think that forwarding a simple email could possibly be harmful. Well, these falsehoods are making their way to other people and they are changing people’s voting plans.

This is just _one example_ of where people have believed this Internet filth: https://www.huffingtonpost.com/2008/03/02/ohio-voter-on-60-minutes_n_89476.html

There is _real harm_ from forwarding falsehoods on the Internet. Stop them before they destroy anyone else’s life or reputation.

2008 Washington State Democratic Caucus

Sun, 10 Feb 2008 16:00:00 -0800

I participated in my first caucus this weekend. First, I have to say “Go Fightin’ 34th!”

My wife and I had to park several blocks away because there were so many people attending!

We were told that in 2004, there were _maybe_ 15 people attending for my precinct (one of 10 or more in my district). This time there were at least 60! Can’t wait to see the official tally.

Most of the people there were older (35+ I’d guess). Not that many young people. But I’m not surprised since my district and precinct don’t necessarily include a lot of affordable housing for young people. It’s an older area.

Palm Sized Linux Computers

Sun, 10 Feb 2008 15:50:00 -0800

Very cool, and reasonably-priced, tiny linux computers. Even with bluetooth!

gumstix - dream, design, deliver

Bobbear Information On Money Laundering Fraud

Tue, 01 Jan 2008 08:40:00 -0800

I’m going to be digging into this site. Hat tip to the F-Secure blog for this site.

Money Laundering Fraud

Pci Pa Dss Draft Does Away With Requirement For Persisting Credit Card Data

Tue, 01 Jan 2008 08:39:00 -0800

One of my biggest beefs with the security technology industry and even with auditors and legislators has been to mindlessly push encryption as the solution to data theft problems.

To quote Bruce Schneier again:

The ultimate solution. Well, the payment application vendors, supposedly prodded by the likes of Visa and Mastercard, have been recording varying levels of details about payment transactions for 18 months. Thus, the credit card companies have been part of the problem here and with this requirement change, they can become part of the solution for once. They have a great racket…

Caja Capability Model For Javascript

Tue, 01 Jan 2008 08:31:00 -0800

This could be one of the coolest things to come along in a while. I heard it mentioned at OWASP and then just found an article on Financial Cryptography about it as well.

FYI, wikipedia article on Capability-based security

Links » Caja: Capability Javascript

…rather than modify Javascript, we restrict it to a large subset. This means that a Caja program will run without modification on a standard Javascript interpreter - though it won’t be secure, of course! When it is compiled then, like CaPerl, the result is standard Javascript that enforces capability security. What does this mean? It means that Web apps can embed untrusted third party code without concern that it might compromise either the application’s or the user’s security.

Computer Failure Causes Closure Of Seattle Downtown Transit Tunnel

Tue, 01 Jan 2008 08:29:00 -0800

This one boggles the mind. I had to send it for publication in Risks.

The Risks Digest Volume 24: Issue 93

Computer Failure Causes Closure of Seattle Downtown Transit Tunnel

The tunnel was opened, and then closed again the next day due to continued problems:

Bus tunnel closure continues

Technicians from Sound Transit, Metro and General Electric Transportation, which was contracted to install the electrical and computer systems, were trying Wednesday evening to figure out what caused a connection between the tunnel and the control center to fail Monday, work Tuesday, and then fail again.

Avoiding Uri Comparison Security Bugs In Windows Apis

Tue, 01 Jan 2008 08:23:00 -0800

-apis

This post is directly related to some work I’m going to be doing so I was happy to stumble across it in my feed reader.

Bottom line: Use IUri::IsEqual.

Future extra credit: use Reflector to find out what .Net methods for URI comparison there are and if they marshal to the good or bad methods mentioned here…

IEBlog : URI Comparison Functions

Investigating URI parsing related issues in various products, I’ve run across many instances of code erroneously attempting to compare two URIs for equality. In some cases the author writes their own comparison and seems to be unaware of URI semantics and in other cases the author delegates to a Windows provided function that doesn’t quite work for the author’s scenario. In this blog post I’ll describe some of the unmanaged URI comparison functions available to Win32 developers, and a few common mistakes to avoid.

Beware Of 5 Star Software Ratings

Tue, 01 Jan 2008 08:06:00 -0800

There are so many sites that allow downloading and rating software; you have to find the few that you can trust and use those. And use multiple sources of information to validate the ratings.

Beware of Five-Star Vaporware - security Fix

U.K. computer programmer Andy Brice was proud of the awards and accolades his software had won from his peers online. That is, until he noticed that pretty much everyone else’s software received the same “5-star” rating and high praise from various software directories and download sites.

On The Horrible New Wiretapping Law

Tue, 01 Jan 2008 08:03:00 -0800

Susan Landau - A Gateway for Hackers - washingtonpost.com

Current administration policy is replete with examples of quickly enacted efforts whose consequences led to the opposite effect. (Beware of what you wish for . . . .) With Congress caving last week, the National Security Agency no longer needs a Foreign Intelligence Surveillance Act (FISA) warrant to wiretap if one party is believed to be outside the United States. This change looks reasonable at first, but it could create huge long-term security risks for the United States.

California Limits Use Of E Voting Systems But Does Not Go Far Enough

Tue, 01 Jan 2008 08:02:00 -0800

It was unclear from my cursory read of the materials whether machines will require voter verifiable paper audit trails. At least the Sequoia and Diebold machines must have their ballots hand-counted so it does sound like all-electronic voting is dead for those machines at least.

The full details are available here: https://www.sos.ca.gov/elections/elections_vsr.htm

Read Rebecca Mercuri’s comments in Risks on this announcment: California Voting System Hacking Report

My favorite gem:

…let’s just throw more money atadditional security mechanisms and training while we all pretend that we’reconducting legitimate elections. Good job, guys, thanks for letting the CASoS off the hook.

Dspam Cvs Binaries And Patches Available For Debianubuntu

Tue, 01 Jan 2008 07:47:00 -0800

I finally have my patches and binaries for the latest version of dspam cvs available at my oz.net page for download. There have been upwards of 30 patches applied to dspam 3.8.0 in the cvs version that fix all kinds of bugs so it is nice to be able to run the latest and greatest. It is likely to be more stable than the 3.8.0 binaries out there even for bleeding edge… Lots of memory leaks fixed as well in this version.

Open Letter Response To Chain Email Regarding Anti Muslim Sentiments And Opposition To Usps Eid Stamp

Thu, 27 Dec 2007 06:26:00 -0800

An earlier response.

Oh, brother. There is nothing wrong with this country except that we need a do-something congress and to way 468 days for a new president. We live in a pluralistic society. We do NOT live in a Christian nation, although there are those in the American Taliban who would love a theocracy as much as the Islamic extremists.

There are millions of MUSLIMS who are also AMERICANS. The two are not mutually-exclusive.

Open Letter Response To Theodore Roosevelt'S Opinions On Immigrants

Thu, 27 Dec 2007 06:18:00 -0800

Another installment. A light response; was getting warmed up. I’m interested in rational discourse instead of everyone assuming that everyone believes in what they do; maybe get people to think critically about their own opinions a bit more.

This makes me curious about a couple of questions of the recipients:

1. Which specific points that the president made below do you agree with? 2. Do you think that the fact that a former president said this makes it more compelling? If so, how do you reconcile this with the founding fathers who were slaveowners or believed that women shouldn’t be allowed to vote, etc.? 3. How do you reconcile the president’s statements below, “the person’s becoming in every facet an American, and nothing but an American” and “Any man who says he is an American, but something else also [i.e. Polish, Irish, etc.], isn’t an American at all. We have room for but one flag, the American flag” with pride of origin that we as Pollocks might want to celebrate? Or is there a disconnect where it’s okay for us but not for others? Where do you draw the line and why?

Open Letter Response To Chain Email Supposedly From Ben Stein About Christmas

Thu, 27 Dec 2007 06:13:00 -0800

Here is another open letter installment. I have had several in the hopper recently…

-Jason

I would be interested more in which of the specific points below people actually believe in. I can’t imagine you believe in all of them, but maybe you do. I’d be interested in the rationale.

I’ll offer my point-by-point commentary below.

BTW, Ben Stein is surprisingly kind of a nut-job. He’s got a new documentary coming out that is full of crackpot conspiracy theories about Intelligent Design (which is NOT science) is somehow being suppressed by the scientific establishment. Intelligent Design is the new name for Creationism. It is also the banner for those on the religious right who simply want to criticize evolution, one of the most well-tested and fundamental scientific theories of our time.

Open-letter-response-to-chain-email-about-senators-supposedly-voting-against-english-as-the-official-language

Thu, 27 Dec 2007 06:08:00 -0800

I have thought for a while about publically posting my responses to these kinds of emails that come my way and are often filled with lots of misinformation, vitriol, and seriously lacking in facts or any sense of a cogent argument or position.

Occasionally, one comes along that I just can’t sit by and let idly fly by. They are usually forwarded along without any additional comments and the presumption is I guess that the one forwarding believes the general sentiments. But I think it’s more interesting to know which parts people believe in or not, and why. Certainly they tend to pack in a lot of crap in one email that I find it hard to believe everyone believes everything about them.

Bush A Little Reading Can Be Dangerous

Thu, 27 Dec 2007 05:52:00 -0800

Oy vey. Bush should learn what a slippery slope argument is. That’s what he used to convince himself that allowing _any_ stem cell research could lead to eugenics ala Brave New World. And I thought Jesus told him it was evil… Well, now we know why he isn’t opposing In Vitro fertilzation since it apparently is not related to anti-abortion kind of sentiments (every embryo is sacred, every embryo is good).

How To Practice Safe Computing

Thu, 29 Nov 2007 16:21:00 -0800

For the home user out there without an IT department or computer science degree it is unfortunate that the software industry has put such a buggy, generally insecure, high-maintenance headache of a machine on the market they call a computer.

But, you can’t do much about that (except lobby for liabilty for software security). And it’s the holiday season when the spammers and scammers come out of the woodwork. I’ve already seen a huge spike in spam activity. Here’s what you should do to protect yourself.

SONY compromised?

Mon, 26 Nov 2007 14:50:00 -0800

I noticed that one of the throw-away email addresses I registered years ago for sony style product registration and accessories is now receiving spam. Was sony compromised or did they have an insider sell their addresses? Who knows… I know that I didn’t give it out to anyone…

Postfix Dspam 380 Ubuntu

Sun, 25 Nov 2007 13:13:00 -0800

I have been wrestling with my dspam configuration on Ubuntu for quite some time and think I finally got it set up the optimal way. It took building a custom modern dspam package myself, with the help of a kind soul who built a custom package for Debian etch.

I get tens of thousands of spam messages to my personal accounts each month. And there are many more going to other users at my domain. It has been getting worse recently. This primarily caused me to take more drastic action and implement realtime blackhole lists to block spam from even entering my mail system. It is absolutely stunning to see how much spam gets blocked vs. how much gets in now. I haven’t calculated the stats but on a cursory look at my logs, it is well over 70% that is being dropped on the floor now.

Coolest New Find Wifimugorg

Mon, 19 Nov 2007 05:17:00 -0800

What a great find! “A Guide to Seattle’s Free Wireless Coffee Shops” They even have them categorized by neighborhood and even ones that are open late (it is annoying how much stuff in Seattle seems to close early…)

The beauty of wikis keeps popping up all over the place. I was just marvelling at how much data there is on the OWASP wiki and how easy it was to share new information. Now, if there was only a PC interface to your brain so you could actually consume all that data being generated…

Redaction Cat Is Out Of The Bag For Wells Fargo

Sat, 20 Oct 2007 09:18:00 -0700

From Risks Digest 24.82

This is just like when Starbucks used to redact all but the last 5 digits of your credit card number on receipts. So anyone with a Starbucks receipt + any other receipt could piece together the whole card number. D’oh!

From the juxtaposition wayback machine: https://juxtaposition.axley.net/archives/2006/06/visa_prohibits.html



> Date: Mon, 3 Sep 2007 14:12:06 -0700 (PDT) 
> From: Tom Watson 
> Subject: Redacted account numbers 
> 
> My bank (Wells Fargo) in its infinite wisdom has decided to change the way 
> it attempts to redact account numbers. In looking over the transactions for 
> an infrequently used account (I only have it because my ex-wife is a signer, 
> and who knows when I'll need to cash a check with her name on it!) I noticed 
> that the method had changed from the July to August automatic transfers I 
> have to keep the account active. In July, the account number is listed with 
> THE LAST 3 digits as 'X'. In August, the method is now all 'X' EXCEPT FOR 
> THE LAST 4 digits. I just looked and said to myself "what is wrong with 
> this picture?". The risk: when you change methods of redacting, change ALL 
> occurrences, not just the new ones. You may just totally unredact what you 
> were attempting to hide. 
> 
> Fortunately in my case, I know the account number anyway, so TO ME it is no 
> big deal (unless I print out something), but I'm aware, which is the the 
> thing to be. 
> 
> I sent the bank a note as well. I don't hold out much hope for anything 
> constructive in return, but we will see. 
> 
> \[It seems pretty stupid to make such a change that completely exposes the 
> account number to anyone with records before and after sanitization. PGN\]

Gartner Chides Pci Ssc

Sat, 20 Oct 2007 09:12:00 -0700

i-ssc

Governance is an important part. If the PCI SSC member companies want to ward off Government regulation, they need to be more transparent certainly. How is it that they could end up with such milquetoast controls as simply “encryption” or “web application firewalls” being equivalent to “source code security review” is a testimony to what happens in the smoke-filled rooms there.

Gartner analyst chides PCI Security Standards Council - IT Security News - SC Magazine US

Av Fightclub

Sat, 20 Oct 2007 09:09:00 -0700

You get to talk about this Fightclub. Kaspersky wins again.

I would be somewhat wary of ClamAV though since it seems to suffer from loads of security holes: https://secunia.com/product/2538/?task=statistics_2007 versus the Kaspersky results: https://secunia.com/product/10470/?task=statistics_2007

Also, refer back to the previous posting Juxtaposition: Antivirus bakeoff public results for another source of AV comparisons.

untangling the future… » Blog Archive » AntiVirus Fightclub Results!

Only three (Clam, Kaspersky, Norton) call all of these. Three others (F-Prot, Sophos, Mcafee) missed a few ranging from an 80-90% catch rate - not very good considering these are all really common viruses, but certainly better than others. GlobalHauri and the gateway appliances (Sonicwall, Fortinet, Watchguard) all performed poorly - catching about 60% and less of these common viruses. Watchguard would only catch one virus (the eicar test virus), which is odd because I thought they used the ClamAV engine.

Get Mitnick'S Quot Business Quot Card Complete With Lockpick Tools

Sat, 20 Oct 2007 09:01:00 -0700

This is really cool. I’ve got to send in for mine. Which password should I send…

On a related note, I was running a table for the ISSA Puget Sound and we had a raffle where we asked for business cards or alternatively, a piece of paper with your name and contact information. As a joke, we asked people for their email password and/or their Social Security Number. There were actually some people willing to give them up.

Physical Security Lacks Physical Security

Sat, 20 Oct 2007 08:57:00 -0700

I can’t believe that these systems have such a horrible design!

Basically, these guys showed how you can inject a tiny device that can record the data that the scanner reads in such that you can create devices to replay it later.

2 Screws, 1 Plastic Cover, How Many Airports Infiltrated?

besides a meat cleaver or, in the case of your eyeballs, a soup spoon, these systems are all laughably easy to bypass, thanks to a primitive protocol called Wiegand that just about all ACSes (access control systems) have inherited.

Run Linux From Flash Drive Under Windows Using Qemu

Sat, 20 Oct 2007 08:56:00 -0700

-qemu

Very cool. I need to try this on my flash drive.

Using Ubuntu Linux on a flash drive and run it under Windows

The following article is going to tell you everything you need to know in order to make a USB flash drive with Ubuntu Linux installed, similar to the ones we sell here at PenLinux.com

Commerce Bank Database Hacked

Thu, 18 Oct 2007 01:47:00 -0700

Another article said that they thwarted the attack by “shut[ting] it (the database) down”.

I wonder how they were able to have such poor security that someone could compromise their database yet they could respond in seconds to limit the unauthorized access to 20 out of 3000 records. Something doesn’t seem to add up to me, unless perhaps they detected a breach and were monitoring what the attackers were doing and only when they got into the database did they pull the plug on them.

Bank Of India'S Website Compromised

Tue, 16 Oct 2007 08:13:00 -0700

Courtesy the F-Secure blog they show a case where the Bank of India website was compromised to include malicious iframes, one of which

“…contains an obfuscated JavaScript that uses exploits to download and run a file called loader.exe. This file is a small downloader which downloads additional files that are different password stealing trojans, additional downloaders, et cetera.”

The stupid thing about this is that if the attackers had quietly compromised this site and done some intelligent money transfers, or web-based password capture, this may have gone unnoticed for some time. But they took their compromise and used it to hammer user’s PCs with known malware that I’m sure got Antivirus programs alarming. Not too subtle.

Best Science Images Of'07

Sun, 07 Oct 2007 16:06:00 -0700

Too bad they don’t have larger high-res versions. These would make very cool desktop backgrounds.

National Geographic News Photo Gallery: Best Science Images of 2007 Honored

Filtering Out Press Release Spam

Sun, 07 Oct 2007 15:55:00 -0700

This may become useful. I’ve actually gotten so annoyed at organizations that insist on sending at least one marketing email per day that I had to unsubscribe from all of their mailings to get some peace of mind. Restoration Hardware, America’s Test Kitchen, Costco are three of the big offenders that drive me crazy.

How to filter out press releases from your email - Boing Boing

If you get too many press releases emailed to you, try Merlin Mann’s trick of creating a filter that diverts or deletes emails containing the string “For Immediate Release.” I just found 11,000 messages in my mail with that string in it.

James Randi Is Taking On The Audiophiles

Sun, 07 Oct 2007 15:39:00 -0700

This is hilarious. I feel sorry for people who either really have such extraordinary hearing that they can’t use ordinary $19.99 cables in their home theater setup, or have deluded themselves into thinking that they can really tell the difference.

James Randi shows how ridiculous it is to spend $860 a foot for cables.

James Randi Calls Out Audiophile: I’m Sure the Crickets Will Sound Fantastic - Boing Boing Gadgets

Appendix Mystery Solved

Sat, 06 Oct 2007 09:50:00 -0700

Well, I had mine taken out two years ago so I hope I’m not at a disadvantage after the next GI bug.

Function of the appendix found? A good bacteria safehouse. - Boing Boing

“Immunologists from Duke University believe they’ve found the function of the supposedly useless and often dangerous appendix: It’s a reserve store of good germs to ‘reboot’ your digestive system in case another bug wipes out the germs necessary for human survival.”

Internet Discount Shopping Sites

Mon, 24 Sep 2007 13:56:00 -0700

I know people who use fatwallet.com and techbargains.com quite a bit. I wasn’t aware of the others, many of which have coupon codes. I always wondered where people got those codes, aside from direct email marketing.

Our Favorite Internet Discount Shopping Sites

One reason we use the internet is to buy merchandise at a discount to retail. Do you know how to find the lowest prices? Did you know that internet coupons, rebates, and codes are available that will make your purchases even less expensive?

Marijuana Arrests At All Time Quot High Quot-

Mon, 24 Sep 2007 12:02:00 -0700

“A pot-smoker is arrested every 38 seconds in America”.

God damn it’s time to decriminalize this. We have real police work that could be done instead of wasting police, jail, and court time on this crap. I can only imagine what it was like during alcohol prohibition. Sheesh.

Marijuana Arrests at All-Time High - TalkLeft: The Politics Of Crime

Lucky I'M Not A Kid These Days

Wed, 22 Aug 2007 16:54:00 -0700

…I would likely be arrested, expelled, or something. This is insane that drawings of what even “looked like a gun” are treated as “a threat”. We drew all kinds of war pictures and other lurid things in grade school and high school that would probably get us painted as even worse by today’s “standards”.

Zero tolerance policies are actually Zero thought policies. They allow schools to make one-size-does-not-fit-all decisions without any reprieve or mitigating circumstances. Imagine if the justice system worked that way.

Intuit Quicken Backdoor Encryption Key Cracked

Wed, 22 Aug 2007 16:47:00 -0700

Turns out there is a 512-bit master encryption key used in all versions of Quicken since 2003 that allows for Intuit to decrypt your data (or potentially allow the Government to do so, as the conspiracy theorists are theorizing)

Pforzheimer acknowledged that there is a way to access encrypted Quicken files without a password, but that the ability is hardly secret. “It’s for Quicken users who have forgotten their passwords - and only done when they call customer service or support.”

Iphone Insecurity Hype

Wed, 22 Aug 2007 16:38:00 -0700

Leave it to a new technology for chicken-little “analysts” to begin crying that the sky is falling.

What are the “problems” these analysts cite?

“no thought to enterprise security”
“may allow hackers to pilfer private data stored on or sent from iPhones”
“iPhones are unlikely to have a remote “lock and wipe” function that erases the device’s data in the event that it’s lost”
“iPhone’s “closed” operating system makes it impossible to install protection software” (like antivirus)

So, iPhone is not a Blackberry. And Blackberries, with the BES server, have some great enterprise class features. But does the lack of some of those features mean the iPhone is a “security nightmare”? That is just rhetorical hyperbole IMO.

Onsecurity Podcast Taking Issue With Pci Dss Web Application Firewall Requirements

Wed, 22 Aug 2007 16:00:00 -0700

I already have noted that equating a web app firewall to a security source-code-reviewed and threat-modeled application is ridiculous. Dinis Cruz will remind you that the most devastating web application flaws are business logic flaws that none of these devices will find. Even web application scanners are ineffective for most things beyond low hanging fruit.

Holes in the Firewall?

Holes in the Firewall? Are there shortcomings in the application layer firewall requirements set by the PCI Security Standards Council? Paul Henry, vice president of technology and evangelism at Secure Computing Corp., thinks so, and explains to Lisa Vaas in the OnSecurity podcast.

Linksys Unofficial Firmware Dd Wrt

Wed, 22 Aug 2007 15:52:00 -0700

I may want to check into this as a nicer alternative for my WAP54G instead of HyperWRT, which is no longer maintained. There is a compact version for devices with limited memory. Wonder if it still has the samba driver in it…

DD-WRT

DD-WRT is simply a project which was originally based on the official GPL Sources of Sveasoft Alchemy. but turned later to a OpenWRT Kernel vase firmware variant. Due the nature of GPL based projects, this firmware will be also release under this license. Initially i wrote this modification to make it possible, to use the Linksys WRT54G/GS inside our Wireless Lan network as cheap replacement for our professional Lancom and Orinocco access points. so what was missing? first, we are using radius authentication with a central account management inside our network for user authentication. There is already a radius application available for OpenWRT, but openwrt was no choice since it is not user friendly for a non computer professional without any linux knowledge. so i just integrated it with some small enhancements in the alchemy software. my wrt-radauth modifications:

Ext2 Driver For Windows

Wed, 22 Aug 2007 15:34:00 -0700

I had previously used ext2fsd, but that was quite a pain to set up. This has a nice installer and lets you map your Linux drive right to a drive letter in Windows because it is a full kernel-mode file system driver (Installable File System driver). It supports read/write too. Doesn’t support any security on the drive so caveat emptor.

It doesn’t support any partitions using volume management either (not a surprise).

Quot I Ain'T Afraid Quot-

Wed, 22 Aug 2007 15:19:00 -0700

Heard a snippet of this great song by Holly Near that I heard on a podcast. You can get the song on her website for free.

Some choice lyrics:

I ain’t afraid of your Yahweh I ain’t afraid of your Allah I ain’t afraid of your Jesus I’m afraid of what you do in the name of your God

Free MP3 Download

Free MP3 Download “I Ain’t Afraid” 5.4 MB This is one of the great songs from the CD Edge Copyright 2000 Hereford Music

Google Goes Quot Offline Quot With Gears

Sat, 11 Aug 2007 12:44:00 -0700

This is a great development. The main thing I used GreatNews for was its ability to sync and view postings offline (although many RSS feeds are lame and truncate the stories…) Of course, GreatNews doesn’t work on Linux so Google Reader can now be my main feed reader. It’s great for podcasts too if you want to listen on the PC.

Of course, Google’s delivery of the firefox extension is from a non-SSL link… See slight paranoia: A Remote Vulnerability in Firefox Extensions for why this can be hazardous to your computer’s health.

Linux Usb Bugs

Sat, 11 Aug 2007 12:41:00 -0700

Seems as if many devices don’t like Linux’s USB device autosuspend feature. Many will stop functioning and will need to be disconnected and reconnected to function again. I’ve got a multi-card reader that will hang and get these errors. It was a problem on my old computer and is still plaguing me on my new one. Glad to see that it’s going to be fixed. Newer kernels >= 2.6.22 have a feature that lets you turn autosuspend off without having to recompile the kernel:

Googling From Seattle

Sat, 11 Aug 2007 12:34:00 -0700

The rumours are true. Google is officially both on the Eastside and Westside now. Now they could make me an offer I couldn’t refuse… I wouldn’t prefer to work in Kirkland but even Fremont would be a jaunt more than Downtown.

Business & Technology | Google takes space in Fremont for expansion | Seattle Times Newspaper

Google, based in Mountain View, Calif., plans to sublease about 60,000 square feet from Getty Images at the Waterside Building on North 34th Street.

I 35w Bridge Collapse Photos

Sat, 11 Aug 2007 12:31:00 -0700

These are pretty amazing and tragic to look at. I hope Seattle gets going on replacing the Alaskan Way Viaduct that I travel on every day to work…

Collapse

By some estimates, it would only take about 9 billion dollars a year for 20 years to clear the backlog across the country of our crumbling infrastructure. It took lots of Federal monies to build it; it’s going to take Federal money to fix it. Instead, we’re spending close to a Trillion dollars on the Iraq war. Politicians: look around you. The enemy is you for not funding the proper priorities. It’s us for not demanding it and holding you accountable.

Micro Generator Turns Environmental Vibes Into Electricity

Sun, 22 Jul 2007 15:36:00 -0700

This is so cool.

Micro-generator feeds on good vibrations - tech - 04 July 2007 - New Scientist Tech

A sugar-cube-sized electric generator that feeds on environmental vibrations has been developed. It could power swarms of wireless sensors or even medical implants, researchers claim. The new micro-generator harvests power electromagnetically, exploiting the wobbling of several magnets attached to a millimetre-sized cantilever. It measures just 7.0 millimetres by 7.0 mm by 8.5 mm, and the team behind it say it is the most efficient micro-generator yet developed. The generator converts 30% of environmental kinetic energy into electrical power, and could keep all sorts of low-power devices running without batteries – particularly when alternatives like solar power are not an option.

Cool Biology News Building Life And A Brain

Sun, 22 Jul 2007 14:50:00 -0700

Very cool developments in biology.

Interesting that the first article involves changing cells from one species to another. Wonder what the Intelligent Design folks would say about that (they often argue that we have never observed one species becoming another)

Daily Kos: Science Friday: The Legos of Life

The team at the J. Craig Venter Institute took all of the genes from one species of bacteria, Mycoplasma mycoides, and transferred them into another, Mycoplasma capricolum. The result: The genes from the mycoides took over, changing the cells from one species to another simply by moving around DNA.

Happy Hour Guides

Sun, 22 Jul 2007 14:29:00 -0700

I just found out about Unthirsty, but even that site now has competition from MappyHour – a Google mashup site with links to happy hour reviews.

But this site is still a great staple: Seattle Travel’s Seattle Happy Hour Guide. It has happy hours listed by neighborhood.

Scooter Limbo

Fri, 06 Jul 2007 16:36:00 -0700

This is ridiculousness on top of unbelievable ridiculousness and makes me even more pissed about the Bush Administration.

They commute Scooter’s sentence before he serves any prison time, then assume he will instead get probation, except you have to serve some time to be eligible for a judge to do that. So, Scooter may not get anything other than the $250k fine. Wankers.

Crooks and Liars » John Dean: Bush’s Commutation Conflicts With His Own DoJ Guidelines

Local Call To Bring Troops Home

Fri, 06 Jul 2007 16:33:00 -0700

Olympia, WA – my state capitol – makes the “pages” of Daily Kos.

Daily Kos: Bring them home.

How many more Americans will forfeit their lives on the battlefield between now and then? How many more tax dollars will be spent to stall America’s inevitable departure?

It’s time to end the American bloodshed. It’s time to bring the troops home.

Appeals Court Affirmed Ruling Stored Communications Act Violates 4th Amendment

Fri, 22 Jun 2007 16:43:00 -0700

More good news in restoring constitutional governance to this country.

SANS Institute - SANS NewsBites

A US federal appeals court upheld a lower court ruling that said law enforcement agents need warrants to seize web-based email. The Sixth Circuit Court of Appeals said webmail users have a “reasonable expectation of privacy” regarding the content of messages stored on a remote host. The original 2006 ruling, unsuccessfully appealed by the US government, said the Stored Communications Act (SCA) violates the Fourth Amendment. The SCA had been used for 20 years to access stored email without a warrant.

Mr Wizard Rip

Tue, 12 Jun 2007 13:47:00 -0700

Wow. I loved his show when I was younger. Sorry to see him go. Hopefully Bill Nye the Science Guy is filling his shoes sufficiently.

Boing Boing: Mr. Wizard (1917-2007)

Let The Impeachment Begin

Mon, 11 Jun 2007 16:04:00 -0700

The “they” is the Democrats. We know we can’t count on the Republican wankers to do the right thing, only what’s right for their base. But can we count on the Democrats? So far, it doesn’t look good.

I’d be down for an independent ticket for 2008, so long as it doesn’t put another Republican in the white house like Nader helped with last time. However, it is looking like the Dems have a good set of candidates to choose from thus far. But who of them can _lead_? We’ll see.

Gop Throwing Off The Stupidity Curve

Mon, 11 Jun 2007 15:54:00 -0700

The majority of the 68% of Republicans who believe the genesis story (higher than the 53% of all Americans) literally must include that 36% of Americans who also still stand behind the president…

And these beliefs have a special protection under the law because???

Crooks and Liars » Evolution confusion a partisan problem

The problem isn’t just that Americans in general are confused, but rather that the GOP is throwing off the curve.

Proving You Are Humanto A Computer

Mon, 11 Jun 2007 15:47:00 -0700

There have been some sites where I’ve suffered the same fate. Do they want me to match case? What the heck does the captcha say?

From the NYTimes article a great quote:

“You can make a captcha absolutely undefeatable by computers, but at some point, you are turning this from a human reading test into an intelligence test and an acuity test,” said Michael Barrett, the chief information security officer at PayPal, a division of eBay. “We are clearly at the point where captchas have hit diminishing returns.”

7 Senators Vote Against Habeas Corpus

Sat, 09 Jun 2007 10:23:00 -0700

Senator Brownback (US Presidential Candidate) and 6 other Republican Senators voted against the Restoration of Habeas Corpus act. Un-freaking-believable.

Crooks and Liars » Jonathan Turley Slams Bush, Republicans On Habeas Corpus

Great Photo Of Paris Hilton

Sat, 09 Jun 2007 10:19:00 -0700

I hate to add to the excessive frenzy over Paris going to jail, but there are some choice photos of her hysterical. And the fact that she is heading back to jail is a good thing for equal justice in the eyes of the law.

The Sydney Morning Herald: national, world, business, entertainment, sport and technology news from Australia’s leading newspaper.

Hilton’s release for an undisclosed medical condition - and the decision to allow her to serve the time at her luxurious home - caused outrage among civil rights leaders and many Americans, who argued it could be interpreted as affording the socialite favours not available to other, less famous, inmates.

Scientists Store Data In Live Neurons

Sat, 09 Jun 2007 09:52:00 -0700

This is a remarkable development. We are learning more and more about the brain all the time… I can’t wait to get my Matrix-like Jiu-Jitsu and Kung Fu chips so that I can be an Ultimate Fighting champion.

Data stored in live neurons - tech - 08 June 2007 - New Scientist Tech

Information has been stored in live neurons for the first time, bringing closer the creation of “cyborg” computer chips that combine electronic circuits with human cells.

8 Trax Shows In July

Sat, 09 Jun 2007 09:48:00 -0700

Some good friends of mine have a for-fun cover band they call the 8 Trax. They are playing two shows July 13 and 14 at Jimmy Jack’s. They are big 60s/70s music fans so prepare for Freebird, lots of Zeppelin, AC/DC, and more. It’s always a fun time and looking at the location, there should be some fun people-watching as well.
https://www.jimmyjacks.com/schedule.html

Meebo Web 20 Im Client

Sat, 09 Jun 2007 09:42:00 -0700

Meebo is one of the most beautiful web applications I have ever seen. I can’t wait to see what other kinds of rich web interfaces come to everyday applications after seeing what they have been able to do with this IM client.

I have a colleague who has abandoned proprietary IM clients and uses meebo instead.

House Joins Senate In Approving Stem Cell Research Expansion

Sat, 09 Jun 2007 09:28:00 -0700

This is a good sign. Although Bush is likely to veto this even though a majority of the US public does not agree with his position.

Everything that I have heard about regarding Stem Cell Research says that it is a long shot, but has so much potential benefit that, like SETI, is worth investing resources in studying. Regardless of the benefits, the government should not be putting restrictions on what kind of basic research scientists can engage in.

New Book And Blog Rule The Web

Sat, 09 Jun 2007 09:20:00 -0700

Both sound pretty cool. I’ll add to my RSS reader and look out for any new and unique sites.

Rule the Web

Welcome! My name is Mark Frauenfelder, and this is my new blog about a book I wrote called Rule the Web: How To Do Anything and Everything on the Internet – Better, Faster, Easier. It’s be a guide to cool ways to use the Internet to make your life better. It’s not a comprehensive list of every website out there — instead, it shows you how to enhance different areas of your life — your creativity, work, education, travel, health, leisure, and so on.

Sam Harris On The Feasibility And Superiority Of Secular Morality

Sat, 09 Jun 2007 09:15:00 -0700

I think it is one of the weakest arguments that Religious people make when they claim that people need religion as a necessary condition to have a moral compass. Especially when you actually read the crap that passes off as “moral guidance” in the bible.

The worst outcome of the religious-based morality is that they do not follow a system that intends to minimize suffering and increase love. There are such divisive aspects of religious-based morality that result in the exact opposite (e.g. “God Hates Fags”, anti-birth-control policies that result in teen pregnancy that ruins lives, etc.). And then there are the passive fundamentalists who believe that all they need to do is believe in Jesus as their personal saviour and they will go to heaven without having to account for _anything_ moral in this life. These folks offer up some of the most vile, divisive policies such as the late Jerry Falwell did during his life.

Exploiting Security Procedures

Sun, 03 Jun 2007 16:54:00 -0700

I need to post a photo of the sign in my building that actually tells you that the locked stairwell doors will be unlocked if the fire alarm is tripped. Hmm, so to break in all I have to do is…

Schneier on Security: Attackers Exploiting Security Procedures

How To Use Google To Find Breach Disclosures

Sun, 03 Jun 2007 16:31:00 -0700

Adam Shostack provides some useful information on companies who have publicly disclosed data breaches and how to find more later on. Gotta love the Internet.

Emergent Chaos: Breaches in SEC Reports

this Google search against the edgar-online site works well:

(“disclosure of personal information”|“security breach”) (“10-K”|“10K”|“10-Q”|“10Q”) site:edgar-online.com

I Missed Toorcon Seattle

Sun, 03 Jun 2007 16:24:00 -0700

‘Twas May 11-13th. I need to keep up on my security blogs and news more… I’ll be looking for it next year though.

Speaking of Seattle security groups, I need to find out what’s up with SeaSec. Seems to have gone stagnant. I’ve emailed and not gotten responses. I organize a periodic get together of security folks from my company; perhaps I should expand it to outside entities? It serves much the same purpose, although more laser-focused for my employer.

Anecdotal List Of Phishing Impacted Institutions

Sun, 03 Jun 2007 16:18:00 -0700

I get at least 400 spam emails every day. Until I get my new filter setup better trained, I’ve had to manually review my spam folder more than I’ve had to with my older system. It is illuminating seeing many of the patterns that show up, but in the past month, these are the most frequently seen institutions:

BB&T (Branch Banking & Trust Company)
PayPal
National City bank
Regions Bank
Aegis Capital Group

I’m also getting tons of spam referring to the recipient as Rickie Peters. Who the hell is this and why would this be a good tactic for the spammers. That isn’t me, BTW.

Free The Spectrum Therefore Free The Network

Sun, 03 Jun 2007 15:50:00 -0700

This is a great point. The wireless carriers get rich by using the public airwaves; why should they be able to do what AT&T and other companies did and block access to their network? The Internet is a great success story in how much innovation in such a short period of time can come about from open access to myriad devices. I also see wireless LANs as a success story as well with innovation with unlicensed spectrum, that may reveal how in the digital age, keeping the public from using their spectrum is not necessarily even technically required any longer and may be harming development of newer applications. But the lawyers, such as those at AT&T Wireless where I used to work, who fought to control the spectrum and make it illegal for the public to use (since the mobile network lacked actual network security at the time), didn’t think of such repercussions.

Bad Religion Linkfest

Sun, 03 Jun 2007 15:41:00 -0700

A series of links that all came up about religion recently that evince the darker side of religion.

BBC NEWS | Programmes | Panorama | Row over Scientology video: BBC’s Panorama: Scientology and Me Scientology has tried, unsuccessfully, to block this documentary showing the innards of its religion/cult. I found out recently that this playbook for silencing critics was written by founder L. Ron Hubbard. Nice.

“Fair Game” was introduced by Hubbard, and incites Scientologists to use criminal behavior, deception and exploitation of the legal system to resist “Suppressive Persons”, i.e. people or groups that “actively seeks to suppress or damage Scientology or a Scientologist by Suppressive Acts”. He defined it “Fair Game” as: ENEMY — SP Order. Fair game. May be deprived of property or injured by any means by any Scientologist without any discipline of the Scientologist. May be tricked, sued or lied to or destroyed.

Dhs Hires More People With Head In Clouds

Sun, 03 Jun 2007 09:20:00 -0700

This is rich. Just what the DHS needs, more people not grounded in reality.

Schneier on Security: DHS Uses Actual Science-Fiction Writers to Help Develop Movie-Plot Threats

Which is all the more rich since DHS is not focused on terrorism. More and more I’m with Ron Paul when he said that the DHS should be abolished.

Google Street View You Have No Privacy

Sun, 03 Jun 2007 09:01:00 -0700

This new feature is a little eerie to me. You can clearly read license plate numbers on cars, see people dining at street cafes. The photo on this link even shows a woman showing a little too much on the thong-side.

Boing Boing: Google Street View: would it be more/less evil if it were CIA or NSA?

Would we feel differently about street-level image mapping if it were done by a government agency? The FBI? CIA? NSA? DHS? Not implying that it should be, and this isn’t “backlash.” Just asking aloud.

Democrats Giving In Emboldens Our Enemies And Endangers Our Troops

Sun, 03 Jun 2007 08:52:00 -0700

That’s right spineless Democrats. By giving Bush the extra funding supplemental for the Iraq war, you’ve sent a message to our enemies that we’re not leaving any time soon, which is likely to make us and the troops _less safe_. Why can’t you people get the message out that extending the war “emboldens our enemies” to counter the falsehood that it’s the timetables that do this? Sheesh. And you wonder why they can barely win even in an environment like this.

Matt Blaze Solves Randis Million Dollar Challenge For Remote Viewing

Tue, 29 May 2007 15:14:00 -0700

Well, he remote viewed the answer, but only used his superhuman crypto skills; nothing paranormal. Bit commitment schemes are pretty useful in cryptography. But, you have to do them correctly.

...one of James Randi's "million dollar
paranormal challenges" is protected by a surprisingly weak (dictionary-
based) commitment scheme that is easily reversed and that suffers from
collisions. For details, see my blog entry about it: [](https://www.crypto.com/blog/psychic_cryptanalysis/)[Matt Blaze: James Randi owes me a million dollars](https://www.crypto.com/blog/psychic_cryptanalysis/)

Matt made a great observation in his message about this that goes along with my recent post about Crypto Maxims I can say that many of the crypto APIs I have seen are either too complicated to get right unless you are an expert, or they allow easy access to crypto primitives such that programmers are often compelled to make mistakes by oversimplifying a complex solution and not knowing what they are missing. Getting more of this information out of academic papers and into the hands of practitioners and API / framework designers would be a big win for the security field.

Holograms Feel Good Security

Tue, 29 May 2007 14:42:00 -0700

I always wondered how something that obviously does not add much additional cost to low-cost items could offer any real protection. Turns out they don’t.

A great quote below too.

Fake Holograms a 3-D Crime Wave

It turns out, they’re aren’t as secure as they are sparkly.

Groupthink And The Inertia Of Ideas

Tue, 29 May 2007 14:36:00 -0700

This was posted to the cryptography mailing list as an example of how long it can take for experts to believe evidence. Ulcers for years were thought of to be caused by stress (and many people still think so to this day) but are now known to be caused by bacteria Helicobacter pylori. I just read about how if 40 years ago someone had even suggested that a condition such as ulcers was caused by an infection it would have been heresy. However, they are finding even now that HPV is linked to cervical cancer and there could be other links between viruses/bacteria and other conditions.

I Bet You Thought Wep Couldn'T Get Any Worse

Tue, 29 May 2007 14:24:00 -0700

WEP has been cracked _again_ and read the description–it is a devastating break. Crypto by committee, especially when not done by expert cryptographers with a well-defined threat model, is really, really bad. This page also summarizes some of the previous weaknesses of WEP.

I hope you have switched to WPA or an alternative by now if you care about wireless privacy and keeping people off of your network.

If this isn’t enough to run a VPN like OpenVPN or IPSec (although I don’t favor IPSec anymore for many reasons; that’s another crypto by committee with its own problems).

Aacs Crack Overview

Tue, 29 May 2007 14:14:00 -0700

Excellent high-level description of what went into the AACS crack. This arms race is even funnier now that the replacement key has been [cracked \_before\_ it has been released](https://arstechnica.com/news.ars/post/20070517-latest-aacs-revision-defeated-a-week-before-release.html). Media industry: you lost the battle against your customers before it was started. 
 
\-Jason

-—-Original Message—– From: owner-cryptography@metzdowd.com [mailto:owner-cryptography@metzdowd.com] On Behalf Of “Hal Finney” Sent: Saturday, May 05, 2007 11:25 AM To: cryptography@metzdowd.com; sidney@sidney.com Subject: Re: Yet a deeper crack in the AACS

\> Article "AACS cracks cannot be revoked, says hacker" 
\> 
\> [https://arstechnica.com/news.ars/post/20070415-aacs-cracks-cannot-be-revoked-says-hacker.html](https://arstechnica.com/news.ars/post/20070415-aacs-cracks-cannot-be-revoked-says-hacker.html) 
\> 
\> Excerpt: "The latest attack vector bypasses the encryption performed 
\> by the Device Keys -- the same keys that were revoked by the WinDVD 
\> update -- and the so-called 'Host Private Key,' which as yet has not 
\> been found. This was accomplished by de-soldering the HD DVD drive's 
\> firmware chip, reading its contents, and then patching it. Once that 
\> was done, the firmware was soldered back onto the drive."

This article was not too accurate, and further progress has been made. At this point it is possible to remotely patch the firmware of a particular kind of HD-DVD drive so that it will provide certain information without the usually required authentication. This makes it easy to retrieve the per-disk “Volume ID”, which must be combined with the widely-published Processing Key to generate the media keys that can decrypt content. If this Processing Key is invalidated on future releases, this hack will not be useful until new keys are discovered. It provides only part of the picture.

Cryptomaxims For Crypto Applications

Tue, 29 May 2007 14:08:00 -0700

This is a great idea. A member of the cryptography mailing list started a wiki to develop a list of Maxims for Cryptography. I often see security practitioners criticize others for not knowing about some obscure “don’t do this” from the scientific literature; but nobody ever maintains a running list of the state-of-the-art knowledge of “dos and don’ts” to help people avoid future mistakes.

Although there is something to be said for people who don’t keep up with the latest in a security field of study from practicing it – and for us to be wary of those who do so.

Dnssec Explained And Criticized

Tue, 29 May 2007 14:02:00 -0700

Ouch.

Matasano Chargen » A Case Against DNSSEC, Count 2: Too Complicated To Deploy

dnssec is the worst design-by-committee effort i’ve ever seen, both in terms of how late it is, how fuzzy the goals have been, how often the goals have changed, and how complicated and heavy it is now that it is trying to be all-things-to-all-people. (Paul Vixie)

Antivirus Bakeoff Public Results

Tue, 29 May 2007 13:52:00 -0700

This site does comparitive testing of a host of leading Antivirus software and publishes the results online. AVG did fairly poorly in the latest polymorphic tests from Feb 2007 compared to others and in DOS viruses.
https://www.av-comparatives.org/

7 Habits Of Highly Effective It People

Tue, 29 May 2007 13:49:00 -0700

His original intent was specifically to discuss program management skills (at Microsoft), but I think this general framework is a good one for any effective IT person. I employ several of these in my security work and of course any of them can always be improved.

J.D. Meier’s Blog: 7 Habits of Highly Effective Program Managers

* Habit 1, Frame problems and solutions. * Habit 2, Sell visions. * Habit 3, Deliver incremental value. * Habit 4, Manage communication. * Habit 5, Connect with customers. * Habit 6, Execute. * Habit 7, Leverage the system.

Notable Security Quote On The Advice Of Experts

Tue, 29 May 2007 13:43:00 -0700

If you’re sick and you go to a doctor, do you tell the doctor “you’d better come up with some very clear arguments if you want me to follow your advice”? Do you tell your doctor “you’d better build a strong case before I will listen to you”? I would hope not. That would be silly. Doctors are medical professionals with a great deal of training and expertise in the subject. They can speak with authority when it comes to your health. So why do people with no training in security think that they can freely ignore the advice of security professionals without any negative consequences?

More Notable Security Quotes

Tue, 29 May 2007 13:41:00 -0700

Great list of quotes on another security blog to add to the periodic quotes I come across.

Musings on Information Security :: Quotable security quotes

Right Wing Quot Judicial Activism Quot-

Tue, 29 May 2007 09:13:00 -0700

I’m sure the “liberal media” is not going to cry foul that the high court is engaging in “judicial activism”. Justice Ginsburg pretty much calls them on it though:

People For the American Way - Latest 5-4 Ruling Further Proof of the Alito Effect

“In her dissent, Justice Ruth Bader Ginsburg accused the majority of straying far ‘from interpretation of Title VII with fidelity to the Act’s core purpose.’

Cheney Proves He Can Be Even More Shortsighted And Evil

Tue, 29 May 2007 09:08:00 -0700

Crooks and Liars » Cheney Criticizes Geneva Convention in Commencement Address

I’d say that’s perfectly emblematic of this administration: In the context of moral and ethical circumstances, dismiss as irrelevant the standards held by the entire rest of the world.

I think that C & L misses the most disturbing aspects of Cheney’s remarks:

It’s not that the sentiments go against what the rest of the world believes; they go against what _our founding fathers_ believed. The rule of law; presumption of innocence. But, the administration sees nothing wrong with presuming that just because we captured “them”, “they” are “killers”. What about all of those FBI and CIA stings that netted…nothing…but violated civil liberties. What about those imprisioned and released months or years later without any charges? Were they “killers”? If not, why deny them legal protections?

Gonzales Grilled By Fellow Classmates In Wapo Open Letter

Thu, 17 May 2007 11:24:00 -0700

Ouch. Several of the signatories are from Seattle. Cheers for saying what needs to be said.

Alberto’s Harvard Class (’82) Places Ad in Washington Post.

As lawyers, and as a matter of principle, we can no longer be silent about this Administration’s consistent disdain for the liberties we hold dear. Your failure to stand for the rule of law, particularly when faced with a President who makes the aggrandized claim of being a unitary executive, takes this country down a dangerous path.

Falwell Controversy Timeline

Tue, 15 May 2007 11:12:00 -0700

Ahh. Wonder who will take his place to continue the divisive self-righteous condemnations? What will we all do…

There is a short timeline of many of the controversial public incidents with Falwell at The Carpetbagger Report.

The Carpetbagger Report » Blog Archive » Jerry Falwell dies at age 73

Seattle City Light Billing Scam Warning

Mon, 14 May 2007 15:04:00 -0700

This kind of thing was going on long before “phishing” was coined. It’s the same thing in a different technology medium.

FOR IMMEDIATE RELEASE CONTACT: Scott Thomsen April 25, 2007 phone: 206/615-0978 pager: 206/386-4233

BILL COLLECTION SCAM TARGETS WEST SEATTLE Customers Urged to Protect Credit Card Information from Con Artists

SEATTLE - Seattle City Light is urging its customers to be on guard against telephone con artists posing as utility bill collectors who appear to be targeting customers with Asian surnames in the West Seattle area.

Hitchens And Hannity On The Hot Seat

Mon, 14 May 2007 12:55:00 -0700

This is pretty funny, to Hannity: “You seem to have never read any of the arguments against your viewpoint”. Hannity’s immediate response was, “Yes I have. I’ve read them all.” Oh brother.

Crooks and Liars » Hitchens vs. Hannity on Religion and God

The ACLU defends YOUR rights too

Mon, 14 May 2007 12:48:00 -0700

This is also one that puzzles me. I think it is primarily that some people dislike some of the causes that the ACLU has taken up (e.g. against ridiculous religious wackos trying to instill their brand of religion or morality as the law of the land) and so they discard the whole organization out of pocket. But their slogan, “Freedom can’t defend itself” speaks to exactly what they are here for: to defend The Bill of Rights. You know, the Bill of Rights is what gives the religious people their freedom to practice religion. Too bad they don’t see that the ACLU is also fighting for their rights too.

Another Nail In Quot Abstinence Only Education Quot Coffin

Sat, 14 Apr 2007 02:40:00 -0700

Abstinence Education Does Not Impact Sexual Beahvior

A recent study of four abstinence education programs finds that the programs had no effect on the sexual abstinence of youth. But it also finds that youth in these programs were no more likely to have unprotected sex, a concern that has been raised by some critics of these programs. The study found that youth in the four evaluated programs were no more likely than youth not in the programs to have abstained from sex in the four to six years after they began participating in the study. Youth in both groups who reported having had sex also had similar numbers of sexual partners and had initiated sex at the same average age.

Craigslist Hoax Lures People To Destroy Woman'S House

Tue, 10 Apr 2007 12:17:00 -0700

Boing Boing: Craigslist hoax ad leads to destroyed home

This happened in Washington. I couldn’t believe it when I heard about it and now it’s made it to Boing Boing. Scary.

The Pagan Origins of Easter

Sat, 07 Apr 2007 17:36:00 -0700

The next time some religious person tries to say that there is some secular conspiracy around religious holidays and that the common secular symbols, such as the Easter bunny, Santa Claus, etc. are taking away from the significance of their holiday, remind them that their religion is primarily responsible. Easter is a perfect example. Most of the supposed “secular” symbols were actually Pagan symbols that were co-opted by early christians in an attempt to make their religion more palatable to the Pagans and make it easier to convert them.

Phrases Sayings And Idioms

Sun, 11 Mar 2007 15:16:00 -0700

1200 phrases and sayings and their origins! They also have fun categories, like fallacies (misattributed quotes, etc.)

Sayings and Phrases - meanings and origins

Of course, I have 3 books on the subject I haven’t read yet:

101 American English Proverbs Random House Dictionary Of America’s Popular Proverbs and Sayings Rawson’s Dictionary of Euphemisms and other Doubletalk

In Other Sysadmin News

Sun, 11 Mar 2007 14:58:00 -0700

-news

I also finally started using the excellent PromoteThis plugin to create the nice links to digg.

Also, I had to install the MTStripControlChars plugin, but an updated one from an entry at the VOIP and Gadgets Blog to keep Windows 1252 encoded characters (mostly quotes and double-quotes) from creeping into postings. It happens a lot with pasted in text from websites. Ugh.

You know, it’s kind of irritating that the MTAmazon and MTBlogroll plugins aren’t XHTML compliant yet. I may just contribute some fixes to do proper URL entity encoding. I had a ton of HTML cruft from migrating from various template versions and bad Sidebars I didn’t test. Fortunately, the browsers didn’t seem to mind. All of the HTML I could clean up should be cleaned up now, save for some possible issues from Performancing-edited posts. Can’t wait for the revival of Performancing…

New Wider Stylesheet For Juxtaposition

Sun, 11 Mar 2007 14:41:00 -0700

I just finally fixed my modified Vixburg style for Movable Type so that it makes use of wider browsers. Many times, quotes or pictures or preformatted text get chopped by the small center column. I tried for hours to get a decent 3 column layout where the center column will be fluid and take up as much available space as is there, to no avail. Best I could do was set 65% as the width and that does most of what I hoped for, at least for a 1280x1024. The true holy grail is at this site, but would require me building a whole new style to match kind of what I have using this as the base https://www.glish.com/css/7.asp The right column does not flitter away underneath the content as happens with mine when the page is sized smaller. *sigh*

New Life For Old Books With Bookmooch

Sat, 10 Mar 2007 15:44:00 -0800

BookMooch: a community for exchanging used books (book swap and book exchange and book trade)

I am loving Bookmooch. I’ve mailed out several books so far that were sitting in my basement and am going to hopefully get some good ones in return. This was a great idea that my friend Mike and I actually had in college after the annoyance of paying $60 for a book that the bookstore on campus would only buy back for a pittance; only to turn around and sell it for $60 again. I’m glad someone else coded it. Maybe I’ll actually get something for those books I chose to keep rather than get loose change for. Check out my mooch link on the left nav bar: my Bookmooch list

1 Billion Mazes Served

Sat, 10 Mar 2007 15:37:00 -0800

Exactly One Billion Mazes to Solve

This site contains one billion mazes in high-quality printable PDF format. You may view, print and solve these mazes… and yes, there are exactly one billion mazes!

Borrowing Against Your 401k Why You Should Think Twice

Sat, 10 Mar 2007 15:31:00 -0800

There are several reasons you may want to think twice before borrowing against your 401k:

If you leave your job that provides your 401k, you often are required to pay back any loans in full. If you can’t, it is treated as a withdrawl from the plan, requiring paying income tax on the amount and a 10% penalty if you are not of retirement age yet.
While you have the loan, you have less money in your retirement account. This means, you are not earning interest on the loan amount and you will therefore end up with less money at retirement.

Notable Security Quote Does Your Company Suffer From Employee Infallability Syndrome

Sat, 10 Mar 2007 15:15:00 -0800

I will say that any government (or other) program which assumes the honesty of employees and contractors is fundamentally flawed, and any associated risk analysis is either incompetent, or in failing to identify risk to travellers, seriously incomplete.

-- Ian Farquhar on the Cryptography mailing list 2/27/2007

Notable Security Quote Insane Probabilities

Sat, 10 Mar 2007 15:06:00 -0800

Yes, of course an infinite number of texts hash to the same value; that’s the way the function works. But the odds of it happening naturally are less than the odds of all the air molecules bunching up in the corner of the room and suffocating you, and you can’t force it to happen, either.

--Bruce Schneier

Clearwire Secure Clear As Mud In Their Own Words

Sun, 18 Feb 2007 08:36:00 -0800

I got an advertisement for Clearwire wireless broadband to my house that had a terrible Q & A about security:

Q: How secure is the connection? Is it more secure than Wi-Fi? A: Your Clearwire connection is very secure. That’s because Clearwire wireless technology uses OFDM transmission protocol, featuring a design standard that includes secure wireless data transmission.

Well, it starts off not too bad. Very high-level and milquetoast of a response. But unfortunately, they continue:

Washington Defense of Marriage Alliance

Mon, 12 Feb 2007 11:00:00 -0800

This is so rich. A group is trying an argument from absurdity tactic to show how ridiculous the claim that Washington State’s Andersen v. King County decision is that declared a “legitimate state interest” for the state to restrict same-sex couples from legal marriage.

Washington Defense of Marriage Alliance

If passed by Washington voters, the Defense of Marriage Initiative would:

* add the phrase, “who are capable of having children with one another” to the legal definition of marriage; * require that couples married in Washington file proof of procreation within three years of the date of marriage or have their marriage automatically annulled; * require that couples married out of state file proof of procreation within three years of the date of marriage or have their marriage classed as “unrecognized;” * establish a process for filing proof of procreation; and * make it a criminal act for people in an unrecognized marriage to receive marriage benefits.

Patents Now Open For Dispute

Tue, 16 Jan 2007 09:10:00 -0800

Patent litigation could explode in the wake of the Supreme Court’s ruling Tuesday in a closely watched dispute over patent validity between two biotechnology firms.

The Court, by an 8-1 vote, reinstated a lawsuit by MedImmune challenging a Genentech patent related to Synagis, a popular drug for treatment of respiratory disease in children. The opinion in MedImmune v. Genentech, written by Justice Antonin Scalia, says patent licensees no longer have to breach the license in order to have standing to challenge the patent that they dispute. Patent lawyers say the ruling could lead to a flurry of challenges to existing patents.

Seattle Public Library Catalog Toast

Fri, 15 Dec 2006 14:42:00 -0800

Ouch. Clever page title though: “There goes our five nines…”

Sexual Consent: Hilarious

Sun, 03 Dec 2006 14:37:00 -0800

07:00

This video is hilarious! Probably not suitable for work if the audio is on.

glumbert.com | Sexual Consent

Slashdot | Possible Serious Security

Sat, 02 Dec 2006 16:00:00 -0800

Slashdot | Possible Serious Security Flaw In ATMs

Nist Blasts Paperless Electronic Voting

Sat, 02 Dec 2006 15:58:00 -0800

The National Institute of Standards and Technology (NIST) recently published a paper condemning paperless electronic voting machines as insecurable. I’ll have to read the paper in-depth to see how they came to that strong of a conclusion, but I do know that there is no research showing that a purely electronic system can be completely trustworthy.

It’s amazing how far this subject has come in just a few years, yet how far it still needs to go as evidenced by the irregularities in the recent 2006 midterm election.

Dangerous Plastic Packaging

Sat, 02 Dec 2006 15:54:00 -0800

I’ve been wondering this and noting that more and more products are coming wrapped in this stuff. I use a tchochke that I got from Tripwire that has a tiny corner of a razor blade on it to open these packages, but even then, the cut plastic package is sharper than the razor. I’ve cut myself on several occasions. The unusual shapes of the packages doesn’t make it very easy to cleanly open either.

Of Course This Happened In Florida

Sat, 02 Dec 2006 15:51:00 -0800

This might get the award for best article title too.

The Seattle Times: Nation & World: He was naked, on crack and in alligator’s mouth

“A gator’s got me,” Apgar replied, his voice faint in the background.

Mayid’s call shortly after 4 a.m. sent four Polk County, Fla., deputies racing to the 2,150-acre lake just outside Lakeland, Fla., where they jumped into the water and wrenched Apgar’s arm from the gator’s mouth. The 45-year-old victim, who told authorities he’d passed out nude on the shore after smoking crack cocaine, was rushed to a hospital in critical condition.

Free Music Archive

Wed, 29 Nov 2006 15:50:00 -0800

Free Public Domain Music - Welcome to Musopen.com

Legal Standards For Expert Witnesses

Mon, 27 Nov 2006 06:11:00 -0800

Daubert Standard - Wikipedia, the free encyclopedia

Installing An Uncrippled Ffmpeg On Ubuntu

Sun, 26 Nov 2006 16:52:00 -0800

I’m trying this right now on Edgy Eft:

po-ru.com: Fixing ffmpeg on Ubuntu

It seems one can set DEB_BUILD_OPTIONS=risky to enable the missing codecs rather than editing debian/rules and building the package manually.

sudo apt-get build-dep ffmpeg

sudo apt-get install liblame-dev libfaad2-dev libfaac-dev libxvidcore4-dev checkinstall fakeroot

DEB_BUILD_OPTIONS=risky fakeroot apt-get source ffmpeg –compile

sudo dpkg -i ffmpeg-blah.dpkg

Cia Kryptos Sculpture Has A Typo

Fri, 24 Nov 2006 17:00:00 -0800

It's not really a typo but an intentionally left-out X separator for 
aesthetics on the sculpture that was intended to result in gibberish 
when decrypted that would clue in the decryptors to reinsert a separator 
and try again, except it ended up spelling something intelligible 
instead of garbage so they thought they had decrypted it properly!
```[A Break for Code Breakers on a C.I.A. Mystery - New York Times](https://www.nytimes.com/2006/04/22/us/22puzzle.html?ex=1164603600&en=52cd0484e7cbb98b&ei=5070) 

> For nearly 16 years, puzzle enthusiasts have labored to decipher an 865-character coded message stenciled into a sculpture on the grounds of the Central Intelligence Agency's headquarters in Langley, Va. This week, the sculptor gave them an unsettling but hopeful surprise: part of the message they thought they had deciphered years ago actually says something else.

Upgrade IE ASAP

Fri, 24 Nov 2006 16:53:00 -0800

A study from a year ago but just as valid today. Actually, over the past year, IE got much worse. There were many exploits and unpatched holes in the browser.

One of the best things you can do for your Windows security is to make sure you upgrade to IE 7.x which has been redesigned to avoid many classes of attacks. It is being pushed out by Windows Update (or Microsoft Update) You can also switch to Firefox or Opera to get better security but please don’t use IE 6.x or older anymore!

Department Of Homeland Pork

Fri, 24 Nov 2006 16:41:00 -0800

Get this: The list of top terrorist targets from the Department of Homeland Security is seriously braindead. It includes 1,305 casinos, 234 restaurants, an ice cream parlor, a tackle shop, a flea market, and an Amish popcorn factory 3,650 sites total. What’s going on? Pork-barrel politics is what’s going on. We’re never going to get security right if we continue to make it a parody of itself.

The worst part is that DHS didn’t even try to hide the pork-barreling by making the inclusions and omissions clear and blatant. Oy. I reluctantly file this in the security category…

How To Break A Common Master Combination Lock

Fri, 24 Nov 2006 16:38:00 -0800

Here’s a description of how to open a common Master brand lock in about 10 minutes. The design makes the 40^3 possible combinations collapse to 121. It’s a physical metaphor for bad cryptography and reliance on obscurity.

I happen to have a lock that I forgot the combo to that this will definitely come in handy for…if I can only find the lock…

Airport Security Oversights From The Onion

Fri, 24 Nov 2006 16:35:00 -0800

This was the most troubling one:

Airport Security Oversights | The Onion - America’s Finest News Source

Sept. 3, London to New York: A few Muslim people may have slipped through with their dignity

Encrypted Government Announcements

Fri, 24 Nov 2006 16:33:00 -0800

U.S. Cryptographers: ‘FrpX-K5jE-Oc4n-e5Dn’ | The Onion - America’s Finest News Source

WASHINGTON, DC—In a carefully phrased, 128-bit encoded announcement that has challenged U.S. security agency procedures, top officials of the National Cryptography and Information Security Council warned that “FrpX-K5jE-Oc4n-e5Dn” if “Ha4d-87gH-uiH3-gB5r-g8Bh” late Monday.

Fashion Advice For Geeks

Fri, 24 Nov 2006 16:30:00 -0800

So, there happen to be these unwritten rules of style that change all the time that nobody seems to tell you about and it’s hard to ask and for many, harder to know you should ask. And there are people in the work world that do judge you by your appearance, for better or worse, consciously and unconsciously. Here is some advice that I have culled from significant others, from experience and observation in the workplace, from the advice in Esquire, and even from What Not to Wear on TLC.

Rfidiots Mandating Insecure Rfid Passports

Fri, 24 Nov 2006 15:39:00 -0800

Nice proof of concept code that can read passport data posted to BUGTRAQ. The “key” is comprised of data on the passport itself so you can remotely decrypt someone’s data only if you know this information, or can brute-force it since it is a small keyspace:

The Passport number

The Date Of Birth of the holder

The Expiry Date of the Passport

The latest version of RFIDIOt, the open-source python library for RFID exploration/manipulation, contains code that implements the ICAO 9303 standard for Machine Readable Travel Documents in the form of a test program called ‘mrpkey.py’.

Patents Are Bad For Society

Fri, 24 Nov 2006 15:33:00 -0800

James A. Donald had a great rant to the Anti-Fraud mailing list about how patents just don’t work, at least for their intended purpose of furthering public knowledge.

The theoretical justification for patents has seldom worked in practice. Most patents are flagrantly bogus, always have been. Of the few legitimate patents, the vast majority merely obstruct the development and application of the technology, without in fact making money for the inventor. The normal outcome of patenting a genuine innovation is that people construct second rate workarounds, as Microsoft just did. The destructive effect of patents is merely most visible in those fields that are advancing most rapidly - cryptography being such a field.

Competitive Information For Picking An Antivirus Solution

Fri, 24 Nov 2006 15:21:00 -0800

This is an article from a year ago that showed how each vendor was able to respond to key virus outbreaks. They also show the data from the previous year.

I personally recommend F-Secure’s product. The base product gives you everything you need for anti-spyware and malware and is inexpensive. It is not a huge fat pig like some of the products out there (McAfee…) I’ve heard from others who enjoy Kapersky as well, so either of those would be good choices and happen to both top this list.

Four Challenges For Computer Security Research

Fri, 24 Nov 2006 14:47:00 -0800

I would add a 5th item:

5. Develop Reusable Security Architectures that cover common scenarios and include appropriate protection by design

Tools are sexy; secure design is hard. That’s why you see so many tools and vendors hawking tools but not as much work. I hear from people all the time who talk about this tool or pen testing or scanning some server or how you need to hack your wireless network to be secure. That is a bunch of crap in general because trying to audit your way to security is bottom-up grass-roots and can only get you so far. It’s an early maturity model to be spending so much time and energy on audits and pen tests instead of security design reviews and developing security architectures. It’s a lot easier and sexier to say you hacked a wireless network. We need to get to where it is just as cool to say you developed a wireless network security architecture such that you don’t care who is connected to the wireless network because your security is not so brittle as to lose sleep over it. Where are those reusable models made open source?

Dmca Still Stands But Now With Some Exemptions

Fri, 24 Nov 2006 14:19:00 -0800

It’s still a shitty law though. Something else I will happily ignore to avoid my fair use rights being infringed. Again, how could I watch DVDs (legally rented/owned) on my Linux box without doing so?

Boing Boing: Copyright Office creates 6 DMCA exemptions

the office refused to grant exemptions that would benefit the general public – space- and format-shifting, backing up your DVDs – and they took back an earlier exemption that let people reverse-engineer the blacklists maintained by censorware companies to bring some transparency to their process.

YouTube shutting down ability to download videos from YouTube

Fri, 24 Nov 2006 14:17:00 -0800

07:00

Hey, I’m on a Linux computer and because they insist on requiring Flash to play the videos, the only way I can view them is to download them and watch them with Xine. I plan on violating their terms of service…to continue to access their service…

Lawrence Lessig: When Web 2.0 meets Lawyers 1.0

Blog Popularity Inversely Proportional To Amount Of Quot Linking Quot-

Fri, 24 Nov 2006 11:03:00 -0800

quot-

Summary: people link to bloggers that provide more original content than who just provide links to other places that do so.

Funny because I was just thinking about this regarding this blog. I think it’s cool when people enjoy what I provide on this blog, but I really don’t care if people read it or not. This is where I keep track of stories and topics that interest me, instead of saved emails or bookmarks that I never look at again. I can always go back and find what I found interesting and what I wrote about it. Pretty cool in my book.

Richard Dawkins Mania In Silicon Valley

Fri, 24 Nov 2006 10:48:00 -0800

I was bummed that he didn’t come to Seattle on his tour, but I’ll enjoy listening to the mp3 of his appearance in Silicon Valley.

Who Has Time For This?: Silicon Valley Loves Richard Dawkins

Verizon settles class Action suit about deceptive practices regarding crippled phones

Fri, 24 Nov 2006 07:48:00 -0800

This is great news. They did the same with other phones, including the e815 that I have. Fortunately, there are ways around this to re-enable the crippled features, but they are out of reach to most consumers. I had to buy a data cable and software on eBay to uncripple my phone.

[infowarrior] - Verizon Slapped for Crippling Bluetooth

Verizon has been getting weasely with some of its customers in California who bought its Motorola v710 Bluetooth-³capable² phone on or before January 31, 2005. Preliminary approval of the settlement was granted in a California court for a class-action suit against the company because it didn¹t accurately tell prospective customers that its Bluetooth features weren¹t what they appeared to be. Verizon said the phone ³works with a PC² but left out that part about how you can¹t wirelessly sync photos or contacts or any other files using Bluetooth.

Ballot Design Not Dre Issues At Play In Fl Undervote Anomalies

Fri, 24 Nov 2006 06:52:00 -0800

It is hard to believe that such a blatant undervote error could be attributable solely to the DRE itself not properly recording them. But user interface designs can certainly be abused maliciously, or likely unintentionally, to create these situations. How ironic is it that the DREs that were touted to Help America Vote are actually helping them to undervote, due to poor design/implementation of the ballots?

Proper UI is just as important as sound underlying technology in ensuring proper understanding and usability of a system. Recall Why Can’t Johnny Encrypt? A Usability Evaluation of PGP 5.0 and the more recent Why Johnny Still Can’t Encrypt: Evaluating the Usability of Email Encryption Software for how even known secure software can result in insecure and unintended actions by the user. The infamous Butterfly ballots were not DRE-based but certainly were flawed UI that caused voting errors in previous elections so this is not a new issue to software or to voting by far.

Scans From 1962 Fallout Shelter Handbook

Wed, 22 Nov 2006 15:51:00 -0800

The Ward-O-Matic: Fallout Shelter Handbook 1962

I’ve been working on emergency preparedness for my neighborhood lately so this is very apropos.

BTW, I found a $79.99 Ready kit at Home Depot that is a pretty good deal for a 2-person 72 hour kit (what is recommended for personal preparedness at a minimum). Don’t forget supplies for your pets too!

Apostrophe Abuse Is Cruel

Wed, 22 Nov 2006 15:48:00 -0800

Boing Boing: Atrocious apostrophe’s and “quotation” “mark” “abuse” photo galleries

Two Flikr galleries dedicated to photo’s of apostrophe and quotation mark abuse. I can’t believe my previous post on Common writing mistakes didn’t touch on this pet peeve of mine.

2006 Gift Card Landscape

Wed, 22 Nov 2006 15:13:00 -0800

Good news about gift cards. I was just thinking the other day about these practices and it looks like, just in time for the holiday season, you can find out which ones have done away with those pesky expiration dates (are you listening Amazon?) and fees.

And a hint for the upcoming holiday: Gift cards make great gifts…

2006 Gift Card Study (Page 1 of 4)

If you want a gift card you can use anywhere, you’ll pay for the privilege, while gift cards from individual retailers are less costly and sprouting more options.

The Official God FAQ

Wed, 22 Nov 2006 14:43:00 -0800

07:00

There is only one question and the answer is not 42.

The Official God FAQ

On The Performance Of Ssl Vs Ws Security

Mon, 20 Nov 2006 15:11:00 -0800

I’ve been meaning to rant about this for a while.

I’m sick and tired of hearing about the false dichotomy of WS-Security versus SSL and why its performance is somehow going to be so much better than SSL transport encryption of SOAP-based web services. Pundits often point out that SSL has to encrypt the _whole payload_ while WS-Security can be used to digitally sign and/or encrypt only those attributes that absolutely need encrypting or signing.

Some Good News on the McCain Front: Attacking NOAA for delays in global warming report

Mon, 20 Nov 2006 14:43:00 -0800

Ugh.

TPMmuckraker November 17, 2006 01:35 PM

“You know,” McCain said a few moments later, “you are really one of the more astonishing witnesses that I have [faced] – in the 19 years I’ve been a member of this [Senate Commerce, Science and Transportation] Committee.”

Lautenberger explained that his staff was working on “pieces” of the report, and conceded the November 2004 deadline had been a “difficult requirement to meet.”

More Mccain Flip Floppery Now On Abortion

Mon, 20 Nov 2006 14:38:00 -0800

Think Progress: McCain Flip-Flops, Supports Immediate Reversal of Roe v. Wade

Great Moments In Sarcasm

Mon, 20 Nov 2006 14:36:00 -0800

Eschaton

In the early 1990s I built a workable time machine. All it lacked was the flux capacitor and 1.21 gigawatts of electricity.

Club Heaven

Mon, 20 Nov 2006 14:34:00 -0800

75% of Americans think they’ll get into Heaven? They must be Evangelicals whose sole criteria is “belief” and not “good deeds”… At least I’ll have lots of friends in hell.

ABC News: Poll: Elbow Room No Problem in Heaven

Who gets in is another matter. Among people who believe in heaven, one in four thinks access is limited to Christians. More than a third of Protestants feel that way, and this view peaks at 55 percent among Protestants who describe themselves as very religious.

Another Mccain Flip Flop

Sat, 18 Nov 2006 15:24:00 -0800

Crooks and Liars: St. McCain’s look of desperation

McCain once had words of praise for Senator Kerry, but he played the repugnican party line during the election and trashed him for his botched joke–acting as if he really believed Kerry, a decorated veteran, was actually disparaging the troops and not Bush. Politics is disgusting. McCain should take what Olbermann said about Rove and Bush to heart:

Bank Of America Jails A Customer Causes Backlash Gt 50 Million

Sat, 18 Nov 2006 15:07:00 -0800

The This is Broken blog is a pretty cool idea too. There are so many processes, instructions, websites, etc. that just don’t work quite right. They get posted to this blog!

This Is Broken - Bank of America jailing a customer

Matthew Shinnick dropped by a Bank of America branch in San Francisco to make sure a check he was about to deposit wasn’t fraudulent. The teller found that the check was fraudulent and told the manager, who then had Shinnick thrown in jail. Are you getting this right? The customer who wanted to make sure he wasn’t about to draw on a fraudulent check, got thrown in jail by Bank of America.

Searing Discount Of Liebermann Win

Wed, 08 Nov 2006 07:11:00 -0800

The Insignificance of Lieberman - TalkLeft: The Politics Of Crime

What Big Tent Democrat says.

Bad Monday

Mon, 06 Nov 2006 15:42:00 -0800

I had one of the worst mondays in a while.

I was not feeling well but went to work anyway (I thought of resting up one more day and probably should have stayed in bed).

It was the first day back to work after being sick with fever for 3 days.

On my way to the bus stop, after only a 1/2 block from my house, my pants were soaked and shoes soaked through. The rain and wind has been insufferable this fall! I reluctantly went back home frustrated and not knowing if there was a way to possibly get to work but not be soaking wet all day. I decided the strategy would be sacrificial clothing. I geared up in my Costa Rica Rain forest gear (all drip-dry) and packed a new dry outfit to change into at work, including new shoes.

Antennaweb Tv And Hdtv

Mon, 06 Nov 2006 10:43:00 -0800

-hdtv

AntennaWeb

Seattle HDTV antenna map mashup

Mon, 06 Nov 2006 10:32:00 -0800

HDTV Magazine - Broadcast HDTV Market : Seattle-Tacoma

Opml Sharing Site

Sun, 05 Nov 2006 08:01:00 -0800

-site

Share Your OPML: Top 100 Feeds

Bush Amp Reichert Get Issaquah Bus Driver Fired

Thu, 02 Nov 2006 05:03:00 -0800

The Royal Fingerer Can Dish it Out But Can’t Take it"

Bus driver allegedly flips off Bush so Bush and Reichert complain and the bus driver gets fired. Where is the compassion in that conservative again?

Good Info On Compact Fluorescent Lamps

Mon, 30 Oct 2006 13:17:00 -0800

Plus recommendations on where to, and where not to, use them, based on the best use of the technology for the money without excessive wear on the lamps.

What C.F. Lamps to Use Where

More Constitution Shredding By Bush Administration

Mon, 30 Oct 2006 11:52:00 -0800

Boing Boing: Bush legalizes martial law – what Constitution?

Foxtrot Comic On Electronic Voting Machines Quot Scary Quot-

Mon, 30 Oct 2006 11:48:00 -0800

Welcome to goComics Web Site featuring FoxTrot - Online Comics, Editorial Cartoons, Email Comics, Political Cartoons

10-29-2006 sunday comic in case the link breaks in the future.

Congressman Oops Results In Legal And Civil Liberties Violation Of Student

Mon, 30 Oct 2006 11:45:00 -0800

Something tells me that the government has too much power…

Boing Boing: Congressman on Boarding Pass Generator guy: Uh… oops?

Last Friday, Rep. Edward Markey (D-MA) called for the arrest of Christopher Soghoian, and the takedown of his “Boarding Pass Generator” website which illustrated an airline security hole documented on the web for several years. Hours after the congressman’s statement, Soghoian says FBI agents visited his home, then returned a second time after he’d left – in the middle of the night – with a search warrant signed at 2AM, and seized Soghoian’s computer(s) and other belongings.

Speed traps suck

Mon, 30 Oct 2006 11:40:00 -0800

Oh, you should boycott Newhalem, WA for the same reason. I’ll blog about that story someday.

saablog :: Stupid Utah. Stupid rental cars. - The rest of the story

Global Warming Report Pay Now Or Pay Lots More Later

Mon, 30 Oct 2006 11:33:00 -0800

Financial and ecological consequences by delaying the inevitable though.

Think Progress » GLOBAL WARMING REPORT: Right-Wing Fiction vs. Economic Reality

More Sad News In The War On Science And Reason

Mon, 30 Oct 2006 11:28:00 -0800

Think Progress » Senior Bush Appointee Rejected Scientists’ Recommendations In Favor Of Industry Positions

Julie MacDonald, Deputy Assistant Secretary for Fish and Wildlife and Parks, has consistently “rejected staff scientists’ recommendations to protect imperiled animals and plants under the Endangered Species Act.” A civil engineer with no training in biology, she has overruled and disparaged the findings of her staff, instead relying on the recommendations of political and industry groups.

39-lucy-39-tour-coincides-with-quot-creation-museum-quot-

Mon, 30 Oct 2006 11:01:00 -0800

39-lucy-39-tour-coincides-with-quot-creation-museum-quot-

Oh brother. “allegedly 3.2-million” years old.

Biblical creationist blasts tour of ‘Lucy’ at Pandagon

VirusTotal: Free site to check malware and AV solution efficacy

Thu, 12 Oct 2006 01:57:00 -0700

Aviv Raff On .NET - VML Exploit vs. AV/IPS/IDS signatures

Article showing how VirusTotal revealed how easy it can be to create “variants” that go undetected by most Anti Virus products. The VirustTotal website could be a valuable resource.

No Fly List

Tue, 10 Oct 2006 02:43:00 -0700

Schneier on Security: No-Fly List

What a piece of crap!

New Google Code Search

Tue, 10 Oct 2006 02:38:00 -0700

Google code search (kottke.org)

Find all sorts of interesting things in source code out there, or web sites running interesting code. There’s a great list to get you started “Google Code Hacking”.

Microsoft Bug Reporting Process Makes Me Cacl

Mon, 09 Oct 2006 13:28:00 -0700

The story of how Microsoft has ended up with so many unconnected and uncoordinated versions of command-line tools to manage setting and displaying ACL (Access Control List) entries is funny enough, but wait until you hear about my experience trying to report a bug in the tool. First, on the sordid history that has lead to three versions of the same tool, instead of one version that actually works correctly and handles all situations. There was first cacls.exe, which shipped with windows AFAIK. That was missing some key features so in all their wisdom, Microsoft released xcacls.exe in a resource kit that made up for the shortcomings in cacls.

Ing Direct'S Anti Phishing Measure Backfires

Mon, 09 Oct 2006 13:17:00 -0700

Another funny observation I had was about ING’s anti-phishing security mechanisms and usability. They make you use an annoying, long numeric ID as your login ID (you can’t change it to an easily-rememberable one) which you can’t likely remember so you have to write it down or use Password Safe to recall it. By making account IDs a secret, they are hoping to buy additional security from the obscurity.

However, they recently added a feature on the site (likely because of the usability problems with people not knowing or remembering their login ID) where you can enter some static identifying information (SSN, zip code, birthdate) and they will then pre-populate your customer login ID. I use this often because although you have to type in more information, the usability is better because it is faster to do this than to look up what my login ID is. But, they have now created a great target for phishers that can undo all the benefits of the hidden login ID and the additional measures on the site because this feature is not protected with their RSA/Cyota eStamp as their login dialog is.

YouTube: Hours of entertainment

Mon, 09 Oct 2006 13:16:00 -0700

YouTube - White & Nerdy

This is hilarious.

And for other Halo fans (and lovers of the original skit from Monty Python) is this mashup:

YouTube - Monty Python Halo

Net Neutrality Issue For Dummies

Mon, 09 Oct 2006 13:12:00 -0700

Network Neutrality Threatened In Norway

A very clear description of the Net Neutrality issue and how the claims made by those against it are baseless.

Repeat After Me Quot Gay Quot And Quot Pedophile Quot Are Not Remotely Related Quot-

Sat, 07 Oct 2006 17:50:00 -0700

quot-

MotherJones.com | MoJo Blog - Social Issues and Political Commentary: Repeat After Me: “Gay” and “Pedophile” Are Not Remotely Related

I just heard Limbaugh today repeating the crap talking point about the Foley issue being about the existence of a “gay” republican. That is bullshit. This is about exploitation and preying on innocent children. Wanker.

Olbermann'S Blistering Retort Of Bush Vile Attacks On Democrats

Sat, 07 Oct 2006 17:31:00 -0700

Crooks and Liars: Olbermann’s Special Comment: It is not the Democrats whose inaction in the face of the enemy you fear

Incompetence To Breed More Incompetence In Bush Administration

Fri, 06 Oct 2006 16:19:00 -0700

Think Progress: Bush Asserts Constitutional Right To Hire Incompetent People At FEMA

More News Media Lameness Abuse Of The Question Mark

Fri, 06 Oct 2006 11:16:00 -0700

-mark

Crooks and Liars: Jon Stewart’s Hilarious Look at the Use of the Question Mark

Note to news media: Report the FACTS on the NEWS and lose the question mark.

Security and Privacy "Certifications" often mean the opposite

Fri, 06 Oct 2006 06:56:00 -0700

Certifications and Site Trustworthiness

An excellent paper summarizing many of the problems with certifiers such as TRUSTe as well as showing that sites that get these certifications to prove their trustworthiness are actually more likely to NOT be trustworthy!

I know companies who are simply concerned about wanting customers to _think_ that their site was secure that they worked on getting a certification instead of investing in actually _making_ their site secure. No corrective action was taken to align technology or processes to the spirit or letter of the “certification”. The same crummy procedures and mindsets that existed before the certification were there after the certification.

Online File Format Conversion Website

Thu, 05 Oct 2006 10:40:00 -0700

Media Convert - free and on line - convert and split sound, ringtones, images, docs - MP3 WMV 3GP AMR FLV SWF AMV MOV WMA AVI MPG MP4 DivX MPEG4 iPOD OGG WMA AAC MP4 MPC MMF QCP KAR MIDI REALAUDIO FLAC JPG PSD DOC PDF RTF TXT ODG ODP ODS ODT SXW WK1 MDB X

Right Wing Pundit Wankers More Good Use Of Free Speech

Tue, 03 Oct 2006 16:08:00 -0700

scootmandubious: GOP’s Revealing Response To Foley Scandal

Step right up! Join your fellow Right-wingers and go on record as a child predator apologist! Downplay the crime of statutory rape! Justify the coverup as necessary for political reasons!

White house withholding report linking Global Warming to Increase in Hurricanes

Wed, 27 Sep 2006 11:36:00 -0700

Crooks and Liars: White House Bars Hurricane Report

More in the front on the War on Science. Ugh.

43 Things Interesting User Driven Site

Wed, 27 Sep 2006 11:13:00 -0700

43 Things

“Discover what’s important, make it happen, share your progress. Find your 43 things.”

I just came across this site. Seems like a fun idea. You can add your own thing that “you want to do with your life” or see what other people said and use those ideas. You can track your progress. Larger fonts indicate more popular topics in the list. There are thousands of people from around the world on there. It also shows “People doing this are also doing these things”, which is interesting as well.

TSA Insecurity. An economists perspective

Mon, 25 Sep 2006 16:44:00 -0700

Freakonomics Blog: An airplane announcement I’ve been waiting for

if I were a terrorist, don’t you think that I could figure out how to take the top off a bottle of contact lens solution and put my explosive liquids in there? It is totally pointless to enforce rules which impose costs on innocent people, but are easily circumvented by terrorists. Can anyone think this is accomplishing anything productive?

Faux News Wishes No News Of Clinton Smackdown Of Wallace

Mon, 25 Sep 2006 16:30:00 -0700

Fox and the Clinton Interview: Hanlon’s Razor

This was a long-overdue smackdown by Clinton after being sandbagged on Fox. They forced YouTube to take down the video clip–trying to rewrite history. Stephanie Miller played the audio this morning–are they going to go after her too? Oh no, people will know that Fox is slanted to the right and giving people on the right a pass!

O'Reilly Peddling Lies Again

Sat, 23 Sep 2006 10:23:00 -0700

Media Matters - Bill O’Reilly’s enemies list, available in hardback for $26

Media Matters got an advance copy of O’Reilly’s new book and dissects the “errors, unsubstantiated claims, and baseless attacks that run through Culture Warrior”.

Upcoming debate on The Problem of Evil

Sat, 23 Sep 2006 09:53:00 -0700

Debunking Christianity: My Debate With David Wood on the Problem of Evil

October 7th but in Virginia. Transcript and video will be available afterward. I’ll be watching it…

Educate Yourself And Help Defend The Constitution

Mon, 18 Sep 2006 11:36:00 -0700

Atheist Ethicist: Defending the Constitution

take some time, come up with a couple of sharp arguments, and spread those arguments among the people. We can complain about how well or how poorly legislators defend the Constitution. However, ultimately, it is our job to defend the Constitution, and this is one of the greatest assaults the Constitution has ever been subjected to.

Do you care enough to help defend it?

Quot God Doesn'T Do Well In The Free Market Quot-

Mon, 18 Sep 2006 11:20:00 -0700

The struggle to find the downside ended in failure at Pandagon

There are laws that prevent some businesses from being open on Sundays??? I thought it was “christian” pandering by businesses. It is really annoying that so many businesses are closed Sundays and if the government is the reason why, then that is appalling.

I like the quote about “God doesn’t do well in the free market.”

Iran Iraq Part 2

Mon, 18 Sep 2006 11:16:00 -0700

Crooks and Liars: IAEA calls US Report on Iran—a lie

Cooking the books to lead us into war with Iran now? Where have we seen this before…

Statistics show more stupidity of "terror alert levels"

Sun, 17 Sep 2006 14:35:00 -0700

Boing Boing: Flu, hernia, or police more to kill you than Al Qaeda

This is great. People tend to make decisions using the emotional, fear-driven parts of their brain. Even in the face of raw data about risks it is very hard for people to feel comfortable turning away from those hard-wired instincts for self-preservation and making decisions that conflict with those feelings. A look at this chart shows how irrational spending and decisions are in this country. And how trading security for a little perceived freedom is a bad tradeoff–especially when you are far more at risk from plenty of other factors. The incidence of government taking advantage of its citizenry is likely to be higher than terrorist attacks against America.

Diebold Voting Systems Hacked Again

Thu, 14 Sep 2006 15:31:00 -0700

The BRAD BLOG : HACKED: VIRUS IMPLANTED, SPREAD ON DIEBOLD TOUCH-SCREEN VOTING MACHINE!

Researchers at Princeton, including Ed Felton, have been able to implant malicious code on Diebold touch screen voting machines that was demonstrated to be able to flip election results. They have a video of them doing this as well.

The company response is typically clueless (as is their security). I wonder if the nice Diebold ATMs in use at banks such as USBank are anywhere near as vulnerable?

Bush Sets Record Straight Iraq Had 'Nothing' To Do With 911

Thu, 14 Sep 2006 10:51:00 -0700

Think Progress: Bush Now Says What He Wouldn’t Say Before War: Iraq Had ‘Nothing’ To Do With 9/11

I saw this first on The Daily Show. I can’t believe this hasn’t gotten more press despite the large percentage of the country who have been made to accept the opposite as true because of the lapdog press and liars in this administration.

The new 9/11

Thu, 14 Sep 2006 10:41:00 -0700

Legal Fiction: THE TWO 9/11s

the second 9/11 is the political prop — a mangled, grotesque doppelganger of the first one that has been whored out on the political street for over four years now. The second 9/11 is the source of policies that have made the world far worse, and have killed many times the number of people who died in the Towers. And so, what’s truly tragic about the second 9/11 is that it threatens to forever stain the legacy of the first 9/11

Abc'S Of Abc'S Hypocrisy

Sat, 09 Sep 2006 16:46:00 -0700

Media Matters - “Media Matters”; by Jamison Foser

ABC and Disney, for starters, still plan to broadcast an account of the events leading up to the September 11, 2001, terrorist attacks that they know to be false.

This despite Disney’s 2004 refusal to distribute Fahrenheit 9/11, which was highly critical of President Bush, even though it was produced by a Disney subsidiary, Miramax Films. Then-Disney CEO Michael Eisner explained that the company “did not want a film in the middle of the political process where we’re such a nonpartisan company and our guests, that participate in all of our attractions, do not look for us to take sides.”

Church And State Just Snuggled Closer

Sat, 09 Sep 2006 03:24:00 -0700

Americans United for the Separation of Church and State

Americans United Condemns House Committee Passage Of Bill Cutting Off Attorneys’ Fees In Church-State Cases Measure Is More Pandering To The Religious Right, Says AU’s Lynn

Democrats have to take the house back in November.

Exploding Heads At Tsa

Sat, 02 Sep 2006 13:49:00 -0700

t-tsa

Boing Boing: What would the TSA do about exploding ID?

More Geek Project Goodness

Sat, 02 Sep 2006 13:49:00 -0700

Boing Boing: HOWTO make a twin-engine solar rolling robot

Airline Insecurity Anew

Sun, 13 Aug 2006 13:24:00 -0700

Crooks and Liars � Aviation Critic Michael Boyd on our Airport Security

Opposition To Nominated Us Chief Privacy Officer

Thu, 10 Aug 2006 21:07:00 -0700

I’m so tired of seeing privacy officers and council members who are lawyers first. They may understand the law, but they often don’t understand privacy. And lawyers tend to not consider risks outside of the legal/liability context. I’ve experienced privacy lawyers say that it was okay to not encrypt data anywhere internally because we only said “via our website” in our privacy policy. That may be true in a strict legal sense, but from an overall customer privacy and privacy threat model perspective, it doesn’t adequately ensure either adequate protection for customer privacy (the intent of the policy and assurances to customers) nor does it ensure an adequate privacy environment or mindset in a company (which itself often leads to more lax treatment of sensitive information and therefore breaches).

Latest Airline Quot Security Quot Hysteria

Thu, 10 Aug 2006 20:08:00 -0700

Educated Guesswork: Threat modelling airplane explosive detection

A good analysis of why the threat model of materials in checked luggage may be sufficiently different than carry-on that would need to hold for the new security measures to make sense.

I’m not sure I agree with Bruce Schneier’s assessment that, “Given how little we know of the extent of the plot, these don’t seem like rediculous [sic] short-term measures.” I don’t agree with this because if it is too risky to bring these kinds of materials onboard today, then why would it ever be okay to allow them tomorrow? It’s kind of like the precautionary disconnect from the Internet, “Why, why, why do they let employees use the Internet at all if they occasionally stop trusting its safety? Threats don’t magically shrink just because you updated the antivirus package.” It doesn’t make much sense occassionally stop trusting liquids/gels on airplanes, They are either a threat (someone can always masquerade a bomb as benign liquid at anytime and can always disguise a detonator as anything–imagine if terrorists use cellphones instead of keyfobs for a detonaor–the public reaction to banning cellphones in carry-on would be huge) or they aren’t. I agree that there is a heightened threat right now, but that threat has been and will be nonzero, so when will it be “safe” to allow them back on board and what criteria would determine this?

Illogicacy

Tue, 08 Aug 2006 00:45:00 -0700

Atheist Ethicist: Well Founded Beliefs

Great treatise on how the inability for people to properly reason (I called it Illogicacy here after Innumeracy) leads them to make terrible mistakes that result in harm to others, often worse than those that society often feels harm society most.

This blog is really, really excellent, BTW. Really makes you think. Sometimes just think that you would have never come up with that or could never have expressed that so logically and eloquently.

Diy Raid 5 Nas

Tue, 01 Aug 2006 16:41:00 -0700

Build a Cheap and Fast RAID 5 NAS | Tom’s Networking

I’m going to need to get one of those cards and a bunch of drives to augment my data server with a terabyte of RAID-5 goodness. *yum*

Desalinate Water While Ascending Your Space Elevator

Tue, 01 Aug 2006 11:36:00 -0700

Technology Review: Cheap Drinking Water from the Ocean

A water desalination system using carbon nanotube-based membranes could significantly reduce the cost of purifying water from the ocean. The technology could potentially provide a solution to water shortages both in the United States, where populations are expected to soar in areas with few freshwater sources, and worldwide, where a lack of clean water is a major cause of disease.

Diebold A Danger To America

Mon, 31 Jul 2006 15:19:00 -0700

The Open Voting Foundation

“This may be the worst security flaw we have seen in touch screen voting machines,” says Open Voting Foundation president, Alan Dechert. Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the United States, it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version.

Rfid No Good For Vehicle Security

Mon, 31 Jul 2006 15:16:00 -0700

Wired 14.08: Pinch My Ride

Alternate attack vectors mean that RFID is often not the part of the security system that gets broken (not unlike strong crypto). All of the supporting systems around it are easily broken.

Mccain List Of Reversals

Sat, 29 Jul 2006 18:50:00 -0700

The Carpetbagger Report : Blog Archive : Moving forward with McCain-Feingold — without McCain

You know, there was a time when I thought McCain was a straight-shooter. Now, he’s no different than any other politician it seems. Will someone in politics ever be able to maintain rational, principled stands on something?? They are few and far between.

Bypass Compulsory Registration

Sat, 29 Jul 2006 13:32:00 -0700

Bugmenot.com - login with these free web passwords to bypass compulsory registration

What a great idea.

Some of the best eCommerce sites

Sat, 29 Jul 2006 12:56:00 -0700

Wired News: The 10 Wackiest E-Commerce Sites

Myspace Infects Yourpc

Wed, 26 Jul 2006 10:45:00 -0700

Schneier on Security: Hacked MySpace Server Infects a Million Computers with Malware

Malicious banner ad exploits unpatched IE hole (there are many and more all the time). You have switched to Firefox, Opera, Konqueror or anything other than IE, right?

SeaSec security forum

Wed, 26 Jul 2006 10:42:00 -0700

07:00

SeaSec security forum

Just found out about an informal security group that meets in Seattle. I’ve often seen a need for interaction with security professionals between Agora and ISSA monthly meetings (and I’m on the ISSA Puget Sound board). Where organizations don’t meet needs, they often spring up on their own. Once my dance lessons are over at Century Ballroom, I’ll be able to attend these on Wednesdays.

Anti Science Inhofe Quot Gore Is Full Of Crap Quot-

Sun, 23 Jul 2006 16:07:00 -0700

Think Progress: Sen. Inhofe: ‘Gore Is Full of Crap,’ ‘All Recent Science…Confirms This Thing Is A Hoax’

Wanker.

Excellent Posts On The Stem Cell Veto

Sun, 23 Jul 2006 16:00:00 -0700

Legal Fiction: THE STEM CELL SILVER LINING

Atheist Ethicist: The Stem Cell Veto

Independent Online Edition: Stephen Hawking to EU on Stem Cell Research

“Europe should not follow the reactionary lead of President Bush, who recently vetoed a bill passed by Congress and supported by a majority of the American people that would have allowed federal funding for stem cell research,” he said in a statement to The Independent. “Stem cell research is the key to developing cures for degenerative conditions like Parkinson’s and motor neurone disease from which I and many others suffer,” he said.

Bushit Stem Cell Veto

Thu, 20 Jul 2006 10:44:00 -0700

Scott Rosenberg’s Links & Comment

Here is why Bush’s position is a joke: Thousands and thousands of embryos are destroyed every year in fertility clinics. They are created in petri dishes as part of fertility treatments like IVF; then they are discarded.

Exactly. It’s half-assed ridiculous pandering to anti-science, life-regardless-of-the-quality-of-life religious zealots.

Yet another way evangelical schools are destroying America

Thu, 20 Jul 2006 10:41:00 -0700

" href=“https://tbogg.blogspot.com/2006/07/2-2-jesus-rode-dinosaur-new-from-apple.html">2 + 2 = Jesus rode a dinosaur

This made me wonder if the bible mentions anything about dinosaurs. If it doesn’t, does that mean they never existed (for those inclined to believe that everything about the world can be derived from the bible)?

Ingdirect Deploying Rsa Cyota Estamp

Tue, 18 Jul 2006 04:38:00 -0700

Information about the change.

Keycode Coupons And Discount Codes From All Kinds Of Companies

Sun, 09 Jul 2006 15:27:00 -0700

KeyCode Coupons, Coupon Codes, Online Coupons, Discounts, Online Deals

US Election System Still Frought with Systemic Problems

Sun, 09 Jul 2006 10:46:00 -0700

USNews.com: The road to reform in election corrections has been slow going

That messy 2000 election was supposed to be the jolt America needed. After chronic flaws in the country’s voting process became painfully public, an ambitious reform effort was supposed to make hanging chads and butterfly ballots relics of election nightmares gone by.

But nearly six years later, it hasn’t turned out that way. In the state of Washington, the 2004 governor’s election took more than six months to resolve–again before a court. And some liberal activists still believe that vote tampering and dirty tricks handed Ohio to the GOP, enabling President Bush to win re-election. Now, heading into the midterm congressional elections, despite the expenditure of billions of dollars, a litany of problems remains.

Genographic Project

Sun, 09 Jul 2006 07:53:00 -0700

https://www3.nationalgeographic.com/genographic/index.html

and to participate go here – they send you a DNA swab kit that you mail back to them.

https://www3.nationalgeographic.com/genographic/participate.html

Link Mania

Sun, 09 Jul 2006 07:53:00 -0700

Gas prices in your area

This Site Rocks - FUNNY Videos & Pictures

Seed Magazine: on policy and social implications of science

FARK.com: (1837095) Pick the best photoshop image of 2005 used in a previous contest

Gone in 20 Minutes: using laptops to steal cars | Leftlane News - Car News For Enthusiasts Backdoors for locksmiths in electronic lock systems being used by car thieves. Who would have guessed that could happen?

Why SSL alone will not solve the phishing problem

Sun, 09 Jul 2006 07:44:00 -0700

SSL-authenticated login pages certainly doesn’t _solve_ the phishing problem since phishing is partly psychological/sociological and makes use of technology as a means of improving the odds of the hacking the human psyche. So, a purely technological fix is unlikely to, prima facia, address the root issues.

But, the SSL change can help in a couple of key ways:

Rather than give customers 0 tools to protect themselves, we can give them at least the best tool out there so far for authenticating our site and therefore make an informed decision.

Cartoon The Revised Revised Story About Nsa Wiretapping

Sun, 09 Jul 2006 07:42:00 -0700

WorkingForChange-This Modern World: The revised revised story

God Is Angry But Not At Pat Robertson

Sun, 09 Jul 2006 07:40:00 -0700

The Seattle Times: Nation & World: God is warning of big storms, Robertson says

This must be true because Robertson obviously is Higher-powered (as reported by my colleauge Pete):

I don’t know about you, but I almost missed this. Pat Robertson’s amazing age-defying protein shakes have helped him to leg press 2,000 pounds! https://www.cbn.com/communitypublic/shake.asp

If that doesn’t sound impressive to you, note that it tops the all-time Florida State University leg press record by 665 lbs, set by a guy whose eye capillaries burst during the effort. https://www.sportsline.com/spin/story/9454343

Nsa'S Math Problem

Sun, 09 Jul 2006 07:36:00 -0700

https://www.liveammo.com Security News Blog

legal or not, this sort of spying program probably isn’t worth infringing our civil liberties for — because it’s very unlikely that the type of information one can glean from it will help us win the war on terrorism.

Interesting mathematical analysis of how effective the NSA domestic call-tracking spy program could possibly be.

In Accu Weather Forecast

Sun, 09 Jul 2006 07:34:00 -0700

Hat tip to my friend Kris who discovered this. I captured it for posterity:

In-Accu-Weather

Ajax Security Basics

Sun, 09 Jul 2006 07:30:00 -0700

AJAX security is no different than normal web application security, except that it can add lots of complexity to a site and make black-box auditing much more difficult.

-—-Original Message—– From: Andrew van der Stock [mailto:vanderaj@greebo.net] Sent: Tuesday, June 20, 2006 4:43 AM To: Webappsec ((((E-mail)))) Subject: Fwd: SF new article announcement: Ajax security basics

This was posted to SecurityFocus.com yesterday.

Their article is eerily similar to my Ajax presentation from February (particularly if you’ve seen me give the presentation), and even more similar to the draft Ajax chapter I wrote shortly after for the OWASP Guide (now posted to our Wiki - https://www.owasp.org/index.php/ Ajax_and_Other_%22Rich%22_Interface_Technologies). Hmmmm. As the saying goes, this is the best form of flattery. I suppose.

Php Security Top 5 From Owasp

Sun, 09 Jul 2006 07:29:00 -0700

OWASP is pleased to announce the immediate availability of the OWASP PHP Top 5. The OWASP Top 5 is an education piece which provides up to date advice to PHP developers, hosters, and other PHP users. The PHP Top 5 is produced by the OWASP PHP Project.

The PHP Top 5 is based upon attack frequency in 2005 as reported to Bugtraq. This information is a valuable insight into the most devastating attacks against the world’s most popular web application framework.

Another Article On Musicians Being Screwed Out Of Profits Even With Digital Distribution Schemes

Sun, 09 Jul 2006 07:27:00 -0700

Business 2.0 - Magazine Article - The MP3 Economy

“The going rate for downloading songs from online music services like Apple’s (AAPL) iTunes Music Store, MusicNet, Pressplay, and Rhapsody is about $1 a pop. Yet the economics of recorded music sales haven’t changed much since the vinyl era – despite the fact that digital files cost very little to produce and distribute. So how much of your buck makes its way back to the artists? Not much, though it’s clearly a better deal than they get from piracy. "

Getting God Out Of Government

Sun, 09 Jul 2006 07:26:00 -0700

Several articles on the topic of the government pushing religion.

Drum-beating about the 9th circuit decision about “Under God” in the pledge:

AMERICAN ATHEISTS LEGAL UPDATE

Public prayer fanatics borrow page from enemy’s script

The Bush administration has been dealt a setback in its campaign to allow prayer in our public schools. The full 9th Circuit U.S. Court of Appeals has voted 15-9 to back the 2-1 vote by its earlier panel finding the Pledge of Allegiance unconstitutional because of the words ‘‘under God.’’

Washington Supreme Court will decide if police need warrant for GPS 'tracking

Sun, 09 Jul 2006 07:12:00 -0700

Court will decide if police need warrant for GPS ’tracking’

But what if the same secret technology, called global positioning satellite tracking, could track anyone at any time?

The Washington Supreme Court will decide soon whether police agencies throughout the state may use the device freely – without a warrant. The Jackson case is the first in the state dealing with the issue.

Airline Lt Strike Gt Security Lt Strike Gt-

Sun, 09 Jul 2006 07:09:00 -0700

A Dangerous Loophole in Airport Security - If Slate could discover it, the terrorists will too. By Andy Bowers

More security window-dressing… More reason that ID checks and the watch list are BS security.

The Phantom "Cyber" terrorism?

Sun, 09 Jul 2006 07:08:00 -0700

[IP] Govt Comp.News - Assessing “cyberterror” - couldn’t find any!

>I’ve been working on the issue of how to build secure public networks >for about 7 years. I started out as a military analyst and I wanted to >put the cyber terror/cyber war issue in a larger strategic context. >About a year ago, I started looking for examples of cyber-terrorism, >where hackers had shut down critical infrastuctures. I was surprised to >discover that I couldn’t find any, so I began to look more closely at >the hypothetical scenarios involving cyber war. Most of them turned out >to be implausible from a military or national security perspective. >Hence the report.

Michael Dell Calls Bs On Companies Using Threat Of War As A Scapegoat

Sun, 09 Jul 2006 07:05:00 -0700

Marketplace 4-Mar-2003, interview with Michael Dell

It’s the current fashion for companies to blame the threat of war in Iraq for business being bad. But one company that’s not using the war to explain its performance is Dell Computer. Marketplace host David Brancaccio talks with founder Michael Dell about how a company can succeed even in times of economic insecurity.

Michael talks about companies who are blaming poor results on the Iraq situation, etc. He says “Sadaam ate my homework” is not a good excuse. There will always be uncertainty in world events. Companies need to learn to succeed when times are good, but also when times are bad. Very sage advice indeed.

Faked Research Results On The Rise

Sun, 09 Jul 2006 06:58:00 -0700

Wired News: Faked Research Results on Rise?

Chris Pascal, director of the federal Office of Research Integrity, said its 28 staffers and $7 million annual budget haven’t kept pace with the allegations. The result: Only 23 cases were closed last year. Of those, eight individuals were found guilty of research misconduct. In the past 15 years, the office has confirmed about 185 cases of scientific misconduct.

The Security of Checks and balances

Sun, 09 Jul 2006 06:55:00 -0700

Schneier on Security: The Security of Checks and Balances

Very apropos read a couple of years later.

Same Sex Marriage Is An Issue Of Civil Rights And Discrimination

Sun, 09 Jul 2006 06:51:00 -0700

Marriage Rights

Summary of benefits of marriage that same sex couples are being denied.

The typical talking point of the gay bigots is that “marriage” is a “sacred institution”. But those assholes are guilty of equivocating (i.e. a logical fallacy, not to mention dishonesty). There are two completely separate concepts involved: Religious definition of marriage (which is not at all within the domain of government and is in no way changed by what the state decides to allow or not) and the Legal/Stata/Contractual definition of marriage, which is entirely secular and pragmatic.

Security Career Guide at ISC^2: sponsored by Microsoft

Sun, 09 Jul 2006 06:43:00 -0700

[infowarrior] - Microsoft sponsors security career guide Richard Forno Fri, 08 Jul 2005 22:39:04 -0700

Microsoft sponsors security career guide https://news.com.com/2060-10789_3-0.html?tag=nefd.bl

A nonprofit organization with help from Microsoft has created a “career guide” to spark interest for the information security profession among high school and college students.

The guide was distributed last month to more than 3,500 school counselors, administrators and educators at education conferences and has been made available online, the International Information Systems Security Certification Consortium, or (ISC)2, said this week.

Judge Prevents Divorce Due To Pregnancy

Sun, 09 Jul 2006 06:41:00 -0700

Seattle Post-Intelligencer: Judge won’t let woman divorce while she’s pregnant

In comments submitted to Bastine, Hughes said: “If this court vacates my divorce and requires me to stay married to a man I have no desire ever to have a relationship with and who has brought significant physical harm to me over the years, I would be emotionally devastated. If the court vacates my divorce and stays it until the birth of my child, it will prevent me from marrying the father of my child prior to her birth.”

80211n Wireless Not Living Up To Promises Yet

Sun, 09 Jul 2006 06:31:00 -0700

EETimes.com - 802.11n wireless gear falls short in testing

Early adopters are likely to suffer the same problems that plagued 802.11g when it first emerged.

Pki Considered Harmful

Sun, 09 Jul 2006 06:30:00 -0700

PKI considered harmful

Next time someone at your company says “we can’t do encryption until we get a PKI”, refer to this essay and collection of references.

I’ll need to put together a related one to address the “we can’t do ecnryption until we get a “key management” solution”.

SSH Filesystem

Sun, 09 Jul 2006 06:26:00 -0700

07:00

SSH Filesystem

This is a filesystem client based on the SSH File Transfer Protocol. Since most SSH servers already support this protocol it is very easy to set up: i.e. on the server side there’s nothing to do. On the client side mounting the filesystem is as easy as logging into the server with ssh.

Something to investigate…

More Firefox Plugin Goodness

Sun, 09 Jul 2006 06:25:00 -0700

foXpose/Tabnail plugins Two thumbnail-related plugins. One creates a single index page with thumbnails of all of your open tabs that you can use to navigate with. The other creates tiny thumbnails of the open pages in the tabs themselves. Both require firefox 1.5 or higher. It may be time to try the release candidate…

Also, since my previous post, I found several other useful and promising plugins:

Wizz RSS Newsreader DictionarySearch Dictionary Tooltip Fasterfox IE Tab Buggy, but can be convenient to change rendering engine on Windows. BetterSearch

Darwin Award Club Accidentally Burned Down By Brazen Owner

Sun, 09 Jul 2006 06:06:00 -0700

Ananova - Safety test burns club to ground

A strip club owner burned his club to the ground while trying to prove it was fire-proof to health and safety inspectors.

Worst Tech Moments of 2005; Predictions for 2006

Sun, 09 Jul 2006 06:04:00 -0700

07:00

Wired News: Worst Tech Moments 2005

Not sure I entirely agree with all of these. Looks like Bush will make the 2006 list several more times given the additional illegal spying uncovered so far. A summary of the list:

TiVo boxes betray their owners
Commerce Department blocks .xxx domain
PayPal blocks Katrina aid
Space shuttle Discovery
Bush corrupts the NSA

Here are some items that I predict for the 2006 list:

Bush'S Economic Policy Failure

Sun, 09 Jul 2006 04:21:00 -0700

Think Progress: President Bush’s Job Record Since August 2003: Nothing To Brag About

What Judd says. Even on the economy Bush can’t claim any victory.

I believe it was Randi Rhodes who suggested that Bush should have been asked on Larry King something about how he was the first president to push for tax cuts during a “time of war”. How’s that working for ya?

Adam Corolla Hangs Up On Coultergeist

Sun, 09 Jul 2006 04:15:00 -0700

Jesus’ General: Insulting Mr. Coulter

This is hilarious. Adam Corolla is a god.

And I particularly love the graphic of the Psycho Sally stabbing doll to represent Coultergeist.

Asinine Terrorist Detection At Western Union

Sun, 09 Jul 2006 04:09:00 -0700

Western Union blocks Arab cash deliveries - Yahoo! News

DUBAI, United Arab Emirates - Money transfer agencies have delayed or blocked thousands of cash deliveries on suspicion of terrorist connections simply because senders or recipients have names like Mohammed or Ahmed, company officials said. ADVERTISEMENT

In one example, an Indian driver here said Western Union prevented him from sending $120 to a friend at home last month because the recipient’s name was Mohammed.

Birth Canal Drive

Sun, 09 Jul 2006 04:05:00 -0700

the cool hunter - DRIVE THROUGH LUBRICATION AD

We need more creativity like this in the world.

Stephen Hawking News

Sun, 09 Jul 2006 03:59:00 -0700

07:00

Stephen Hawking asked a great question: Yahoo! Answers - How can the human race survive the next hundred years?

He also made the news recently after a speech in China where he mentioned that he liked Chinese women The Daily Show had lots of fun with that, especially the longing look he appears to be giving the woman standing next to him.

Work to Live; Don't Live to Work

Sun, 09 Jul 2006 03:58:00 -0700

Joe Robinson: “Vacation Advocate”

The title is my mantra. Coincidentally, I just saw The Devil Wears Prada which is about this very topic. The lesson there is to be true to yourself and do not forsake the things in life (career goals, family goals, relationships, etc.) that you really believe are important to you without making that the result of a conscious choice to do so. A corollary would be Habit 3: Put First Things First - Principles of Personal Management (i.e. “Schedule your priorities”) from the 7 Habits of HIghly Effective People.

Sprint Wireless security SNAFU

Sun, 09 Jul 2006 03:48:00 -0700

cryocone: Identity leak with Sprint wireless

Someone in their infinite wisdom at Sprint set up an IVR that you can call (intended for internal care reps for identity verification) and get anyone’s CPNI/PII by simply keying in their sprint wireless phone number.

Really convenient for Sprint employees and the public – and really stupid on all counts.

At Amp T Usurps Customer Records

Sun, 09 Jul 2006 03:28:00 -0700

Time to switch your phone company. AT&T rewrote its privacy policy to basically say that your data is theirs and they will do what they please. Some legal manoevering to allow them to continue to sell those records to the NSA to spy on you. All Cingular customers should now be wary since AT&T will own them once the acquisition is complete.

But I guess, what do you expect when we live in a country that doesn’t explicitly grant privacy protections like the EU and where privacy is routinely tromped on by companies and the government for their own ends? And when the US public has been trained that this is okay?

Mccain Sells Out To The Religious Right

Sat, 08 Jul 2006 15:20:00 -0700

Daily Kos: McCain Embraces Falwell In All His Wingnut Glory

I thought that McCain was one of the good guys but when he can’t even be true to his own assertion that Falwell is one of the “agents of intolerance”, what kind of integrity does he really have? Disappointing. I’m glad that John Stewart pushed him about this on The Daily Show. The “real” news media certainly did not point this out.

Hitler V Coulter

Fri, 07 Jul 2006 15:04:00 -0700

Give Up Blog: The Hitler vs. Coulter Quiz

She is such a despicable human being.

Coulter The Plagiarist

Tue, 04 Jul 2006 05:47:00 -0700

‘NY Post’ Cites Evidence That Ann Coulter Plagiarized Parts of Book, Columns

Well, she has god on her side though so she must have gotten an okay.

It’s not news that she offers misleading references in her books either. I believe that Al Franken called her out on several items from her previous books in Lies and the Lying Liars Who Tell Them

New Study Shows American Dislike Of Atheists

Tue, 04 Jul 2006 05:17:00 -0700

The Carpetbagger Report: Blog Archive: The last taboo

I do not equate “not professing a particular affirmative belief” with “professing a non-affirmative belief” in god nor do I care enough to claim myself an “atheist” but I don’t think that the religious segment of this country makes any distinction between the various kinds of non-theists so it does not matter. They don’t care what you believe unless it isn’t what they believe. [I consider myself part of the general “non-theist” category and most aligned with Humanism]

The Tyranny of the Executive

Tue, 27 Jun 2006 14:19:00 -0700

Atheist Ethicist

My concern is that the Bush Administration may be spying only on suspected terrorists the way that it invades only countries supporting those who attacked the United States on 9/11. My concern is with the possibility that Bush Administration officials might have an agenda, with an ulterior motive, that would involve invading a country so they rationalize a way of thinking about this country that makes it seem to them to be worthy of attack.

Warren Buffett & Bill Gates: Serious Philanthropers

Sun, 25 Jun 2006 16:55:00 -0700

FORTUNE Magazine: Warren Buffett gives away his fortune - Jun. 25, 2006

I heard this on the radio this afternoon. It is really, really cool. I wonder how the world will look decades from now after these billions have done their good around the world? Hopefully, there won’t simply be more campus buildings and computer labs!

What's the catch?

Sun, 25 Jun 2006 16:52:00 -0700

Executive Order: Protecting the Property Rights of the American People

I think this is a very cool move. Too bad Congress couldn’t do something like this and too bad the courts had to side too much with corporations. This may restore some balance for the little guy against the Wal-Marts of the world…while it lasts.

But, what is the catch? Bush has been so pro-business I’m not seeing where this fits in…

Identity Theft Still The Victim'S Problem

Sun, 25 Jun 2006 16:32:00 -0700

NPR 12-5-2002, All things considered 4pm.

“businesses are so interested in extending credit…” they just write off the losses. ID theft has not hit businesses economically yet, since that cost is borne by the victims, so they don’t have incentive to do anything to fix these problems. And yet, the disclosure laws have given incentive to fix these problems but they seem to instead be incenting companies to water down the proposed federal legislation to neuter the positive effects they are having at creating a market economic incentive to fix the problems (though from the myriad reports still coming out every week about more data lost, you wonder what the heck some CISOs are doing).

The Iraq hoax that just won't die

Sun, 25 Jun 2006 16:22:00 -0700

SecurityFocus HOME Columnists: Iraqi Cyberwar: an Ageless Joke

This is an OLD story so I hope that it is dead by now. But perfect example of the lack of fact-checking that goes on so much in the media.

Quot If You Are Not Doing Anything Wrong Why Should You Worry About Big Brother Quot-

Sun, 25 Jun 2006 16:07:00 -0700

quot-

Schneier on Security: Police Cameras in Your Home

Great rationale for how the “fully trust the government” crowd does not understand the legitimate purpose of limits on governmental intrusion and power. I’ve seen several pundits cry that the end (catching terrorists) justifies the means even still.

Artists And Consumers Get Screwed By The Music Industry

Sun, 25 Jun 2006 16:06:00 -0700

Passionate condemnation of the music industry:

[IP] MUST READ Courtney Love does the math The controversial singertak

[IP] last on this topic – Does File Trading Fund Terrorism? Successful artists not seeing any profit.

[https://www.marketplace.org/play/audio.php?media=/2003/03/12_mpp&start=00:00: 20:00.0&end=00:00:27:30.0](https://www.marketplace.org/play/audio.php?media=/2003/03/12_mpp&start=00:00: 20:00.0&end=00:00:27:30.0)

[IP] 2 more on Does File Trading Fund Terrorism?

Man Stuck On Sticking To Toilet Seat

Sun, 25 Jun 2006 16:06:00 -0700

CNN.com - Man glued to toilet may have history - Nov 8, 2005

Juxtaposition Einstein Approved

Sun, 25 Jun 2006 16:02:00 -0700

This is so cool.

Einstein’s task list generator

Visa prohibits display of card numbers on receipts

Sun, 25 Jun 2006 15:57:00 -0700

[IP] I will start using my Visa card more

Wow this blog entry is old. But remember when every receipt had the full card number on it? And remember when Starbucks would mask out everything _except_ the last four digits so that you could get the full card number with just two receipts?

I still find that the business’ copy of the receipts often has the full card number on it, with only my copy being masked out. But, I don’t much care, except when it comes to my Debit card receipts since the US laws do not cover Debit cards as fully as credit cards.

National Missile Defense System Lame

Sun, 25 Jun 2006 15:52:00 -0700

National Missile Defense System Test Fails Again This story is over a year old but there hasn’t been much better news about this boondoggle since then.

Oh, we can only hope that we are attacked by drones and not real missles… Those have been the only things that have even partially been stopped by this technology (after much rigging). Very apropos since just on the McLaughlin group today there were those that actually thought we could possibly rely on this to knock a North Korean ICBM out of the sky before it hits the US west coast.

Real Life Gremlin Dies

Sun, 25 Jun 2006 15:41:00 -0700

CNN.com - ‘Ugly dog’ Sam dies at 14 - Nov 22, 2005

Was Ugly Dog a real-life Gremlin?

Tales from the RFID Hacking Underground

Sun, 25 Jun 2006 15:32:00 -0700

Wired 14.05: The RFID Hacking Underground

Follow-along to the article on building your own RFID skimmer

Man Swallowed By House Dies

Sun, 25 Jun 2006 15:31:00 -0700

CANOE – CNEWS - Weird News: Man dies after plummeting into large hole that opened beneath his home

This is bizarre!

Airborne Airheads The Sellers Or The Buyers

Sun, 25 Jun 2006 15:22:00 -0700

Who Has Time For This?: CREATED BY A SCHOOL TEACHER!!!!!

Perfect real-life case of a company using deceit and faulty arguments to convince the public. Too bad the FDA doesn’t take a more active role in investigating these kinds of products and claims. The placebo effect also makes people more apt to believe these products work.

[

](https://whohastimeforthis.blogspot.com/2006/04/created-by-school-teacher.html “Who Has Time For This?: CREATED BY A SCHOOL TEACHER!!!!!”)

More Black Marks For Dhs

Sun, 25 Jun 2006 15:18:00 -0700

Think Progress: Homeland Insecurity.

Verizon's hostile attitude toward its customers

Sun, 25 Jun 2006 15:18:00 -0700

07:00

Nuclear Elephant: The Motorola v710: Verizon’s New Crippled Phone

I have to say that I was really annoyed to find that my Motorola E815 couldn’t even share vCards between phones using Bluetooth, let alone that they disabled the advertised ability to use mp3s for ringtones, to get photos you snap onto your PC, to play mp3s, to play videos, etc.

Have You Taken Your Security Pills

Sun, 25 Jun 2006 15:02:00 -0700

The other day, I made what I think is a very apt analogy comparing the security product industry to the diet and herbal supplement industry.

Both operate with little to no oversight or regulation (though security at least has bloggers and scientists willing to call out some of the more egregious offenders)
Products often have little to no academic, scientific or factual basis for their designs or claims
Products tend toward the panacea/“silver bullet” realm and claim to solve all your ills

Incompetent Design Theory

Sun, 25 Jun 2006 14:54:00 -0700

Daily Kos: “Incompetent Design” theory

Take that and this Creationists and foes of science:

Evolution of ‘irreducible complexity’ explained

Iraq Withdrawl Timetable Is What America Wants

Sun, 25 Jun 2006 14:35:00 -0700

David Brooks: Completely out of touch

Look at the statistics from three separate polls on how many Americans want a timetable and a withdrawl/draw down soon from Iraq. It’s at least half if not a majority of Americans. Yet pundits like Brooks are misrepresenting them.

I also just heard on Air America this weekend in passing that 72% of US military wants a drawdown/timetable defined. So the Democrats have been on the right side of the issue as viewed by the American people. Oh, and even “Iraq’s national security advisor, Mowaffak Rubaie, has publicly embraced a similar timetable.” See https://www.latimes.com/news/printedition/asection/la-fg-withdrawal25jun25,1,4367170.story?coll=la-news-a_section

Quot Values Quot Votes In The 2004 Election

Sun, 25 Jun 2006 14:23:00 -0700

Editor’s Cut: Stand and Fight

Catching up on ancient blog entries. This article was talking about the 2004 election upset and brought up the issues of why Republicans and the so-called religious right think that their divisive issues are the only “moral” issues at stake.

What about fighting poverty and affordable health care? What about the issues of quality of life instead of “life at any cost” (well, at least after overlooking the pro death penalty thing)? What about enjoying sexuality instead of repressing it as sinful? Why shouldn’t the FCC be regulating Violence on the airwaves instead of nipples? More nipples should be a core value! Spin the anti-nipple crowd as pro-violence on TV! What about honesty over deceit and lies? What about the character to admit you are wrong? What about a fair working wage for every American? What about not breaking the law to uphold the law? What about love and tolerance instead of hatred and intolerance?

Bush Considered Bombing Al Jazeera Hq

Sun, 25 Jun 2006 12:49:00 -0700

NPR : Report: Bush Considered Bombing Al Jazeera

I never would have thought I would say, “Thank heavens for Tony Blair”.

Making Port Forwarded Connections Accessible From The Intranet Lan

Sun, 25 Jun 2006 11:13:00 -0700

# Enabling many:one IP masquerading from the LAN to the Internet (i.e. out the $WAN interface) iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# port forwarding $WAN_IP:25 to $SMTP_SVR_IP:25 iptables -t nat -A POSTROUTING -d $WAN_IP -p tcp –dport 25 -j DNAT –to $SMTP_SVR_IP iptables -A FORWARD -i $WAN -p tcp –dport 25 -d $SMTP_SVR_IP -j ACCEPT

# Making this cruft work from the intranet # i.e. DESK_IP -> WAN_IP:25

Cracking Java Byte Code Encryption

Sun, 25 Jun 2006 10:59:00 -0700

Cracking Java byte-code encryption

Why Java obfuscation schemes based on byte-code encryption won’t work.

Tech Tip Roundup

Sun, 25 Jun 2006 10:58:00 -0700

DIY external portable USB Hard drive: Just bought the Bytecc HD-201u2 enclosure. It is completely USB powered. Stick any laptop harddrive you want in there and go. Comes with a cable and a nice carry case (although the zipper is crap).

Preloading images on a page using only CSS

Grab a PDF copy of the Scriptaculous Cheat Sheet #1: Javascript effects Side note: someone really has the last name Fuchs? How cool is that?!

Presentation Zen

Sun, 25 Jun 2006 10:56:00 -0700

Presentation Zen: What is good PowerPoint design?

A nice article showing several different ways of communicating the same message without overcomplicating your slides.

The blog also offers excellent insight into visual design appropriate for powerpoints or any visual marketing.

Knife Maintenance And Sharpening

Sun, 25 Jun 2006 10:53:00 -0700

eG Forums -> Knife Maintenance and Sharpening

A very helpful guide on how to properly sharpen knives. I seem to dull the crap out of them unless I use the method of holding the steel sharpener vertical. The hardest part is maintaining the 15 degree angle while following the curve of the blade. The article also lists some gadgets that actually do help with this process and some devices to avoid.

Help For Your Penis Anxiety

Sun, 25 Jun 2006 10:38:00 -0700

Entrez PubMed: Treatment of men complaining of short penis.

Men complaining of short penis could be treated using basic principles of sex education with objective methods of penile size evaluation. This combination can correct any previous sexual misconceptions…

I say they save their money and just call Loveline for some ridicule-therapy.

Nsa Surveillance Only The Tip Of The Iceberg

Sun, 25 Jun 2006 10:18:00 -0700

A gaggle of links about the illegal NSA domestic spying program. More apropos in light of even more spying by the Bush Administration – this time on international wire transfers

Think Progress: NSA Whistleblower To Expose More Unlawful Activity: ‘People…Are Going To Be Shocked’

Media Matters - Myths and falsehoods on the NSA domestic call-tracking program

Fewest Number Of Coins To Make Any Exact Change

Sun, 25 Jun 2006 10:17:00 -0700

Boing Boing: Exact change wallet card

The answer is very cool (only 10 coins):

3 Quarters
1 dime
2 nickels
4 pennies

Good End User Information On Phishing From Paypal

Sat, 24 Jun 2006 15:28:00 -0700

PayPal - Identity Protection Resources

It was a very good touch that PayPal even uses HTTPS (SSL) for their pages providing this security information so that end users can authenticate the pages originate from PayPal and get used to ensuring that their interactions with PayPal are SSL-secured.

Fake Journalism Trumps Quot Real Quot Journalists Again

Sat, 24 Jun 2006 15:17:00 -0700

Boing Boing: Colbert White House video on DVD at CSPAN

This was the most scathing satirical commentary on the lapdog media and the president himself – and right in front of both subjects!

If you have not seen this, it is worth it. It’s about an hour into the correspondent’s dinner. I downloaded the whole show via bittorrent. I would be willing to reseed the 300+ meg show, or follow the links and you can get the segment with just Colbert’s piece from many sources.

Rumoured Huge Amd Price Drop July 24

Fri, 23 Jun 2006 15:14:00 -0700

DailyTech - Update: AMD Plans Major CPU Price Drops Day After “Conroe”

Guess I’ll have to wait to buy my new system! I’m thinking an AMD AM2 motherboard will have the best socket longevity and that is the socket platform that AMD is putting its lower power consumption options on. Comparable CPUs run 89W or less in the AM2 version versus the Socket 939 equivalents. And even lower power consumption models are on the way.

Move Over Chroot Apparmor Is Here

Thu, 22 Jun 2006 03:55:00 -0700

-here

Plugging my own product, but what the hell, it is open source :)

AppArmor https://opensuse.org/Apparmor is an application security container technology for Linux. It lets you create application profiles (policies) that define the files that the application can read, write, and execute. It lets you do this per-application, so you actually could allow users to upload arbitrary C/binary programs and expect them to behave as you specified. It provides an inheritance model so that you can’t escape from this jail by exec’ing something fun: the child is controlled by policy too.

Big Quot No Crap Quot Garage Sale This Weekend

Wed, 21 Jun 2006 16:51:00 -0700

I’m going to be selling lots of good stuff this weekend at a Big alley sale. Come by and check out the goods!

https://seattle.craigslist.org/see/gms/174151604.html

Build Your Own Rfid Skimmer

Tue, 20 Jun 2006 16:32:00 -0700

How to Build a Low-Cost, Extended-Range RFID Skimmer

Oh, I’m definitely going to have to build one of these!!

Open Debate On Drm

Tue, 20 Jun 2006 13:47:00 -0700

WSJ.com - ‘DRM’ Protects Downloads, But Does It Stifle Innovation?

Remember, DRM = Digital Restriction Management.

This is an awesome debate getting to the heart of the matter. Courtesy of BoingBoing

More Proof For Danger Of Allowing Arbitrary Redirect

Tue, 20 Jun 2006 06:29:00 -0700

ZDNetAsia : Printer Friendly - Paypal fixes phishing hole

Ing Data Loss

Tue, 20 Jun 2006 06:27:00 -0700

(19 June 2006) Letters are being sent to 13,000 individuals whose personal data are held in a laptop computer stolen from the home of an ING US Financial Services agent. ING is instating a new security policy for laptop computers that includes encryption and password protection; the stolen computer had neither. The people affected by the data security breach are all District workers and retirees. (please note: this site requires free registration) https://www.washingtonpost.com/wp-dyn/content/article/2006/06/18/AR2006061800716_pf.html [Editor’s Note ( Northcutt): ING’s slogan is Your Future. Made Easier. Try telling that to the 13,000 impacted individuals. This wave of data losses is starting to remind me of counties that don’t put traffic lights up until there is a motorist fatality. (Grefer): Invest around 30-40 dollars into a cable lock for your laptop computers and spare yourselves this embarrassment as well as lots of headaches for your customers. Further, even if you don’t want to spend the money for encryption software, at least use the EFS (Encrypted File System) functionality provided within Windows XP Professional to add a bit more security to the mix.]

Creating A 3 Column Layout In Movable Type

Mon, 19 Jun 2006 18:19:00 -0700

Learning Movable Type: Creating a 3-Column Layout in MT3.2

I used the information in this tutorial as a guide for creating my 3-column stylesheet that I recently implemented across all pages on juxtaposition. Also, the Web Developer firefox plugin was invaluable for tweaking the CSS with live-preview of the results.

Cleaning Deb Package House

Mon, 19 Jun 2006 18:17:00 -0700

Ubuntu Blog: Better Management of Packages while Uninstalling

HOWTO: Using debfoster in practice

The Unbalanced Mainsteam Media

Mon, 19 Jun 2006 18:07:00 -0700

Poynter Online - Forums: Coulter and Moore aren’t the same

Coulter is simply a brash, bigoted, bullheaded, insane, insensitive liar wack-job. There is no comparison to Moore.

Converting Text From Unicode To Ascii

Mon, 19 Jun 2006 09:11:00 -0700

Just had to convert some text files from Unicode to ASCII and used Vim to do it:

Open each file and notice that vim says [converted] at the bottom, indicating that it has transparently opened the unicode file to let you edit that file.

On each file, change the file encoding setting to latin1 (basic ASCII):

Then save the file and it will be converted:

FYI, The vim docs note that changing the “encoding” setting does not affect existing text so that won’t work.

A Fallacy By Any Other Name

Sat, 17 Jun 2006 17:24:00 -0700

But this here herring is so obviously red at Pandagon

I love the way they cut through the bullshit in this argument and reveal the naked fallacy underpinning it. It is a shame when proponents use the fact that society (wrongly) denigrates some activity (prostitution, homosexuality, gay marriage, being single, being a nontheist, etc.) that in itself has nothing to do with them and on its face is not “immoral” and has nothing to do with those who denigrate it and then writes off the fact that those engaging in the activity get victimized (wrongly) by saying that they knew the consequences ahead of time, so what’s the big deal? Really irritating tactics.

Bizarre Notepad Bug

Sat, 17 Jun 2006 17:09:00 -0700

27B Stroke 6

Bizarre notepad bug that really exists. If you type a phrase consisting of a 4 letter word, then two three letter words, then a 5 letter word, save it, then reopen it, the text will be corrupted and unreadable. There is a claim that not all words cause this to occur. See the linked story for examples of what does work.

There was a great quote:

US Senate Bigot Roll Call

Thu, 08 Jun 2006 13:16:00 -0700

U.S. Senate: Legislation & Records Home > Votes > Roll Call Vote

From the results of the Gay Marriage Ban cloture vote (read: write discrimination into the constitution), we get a nice list of the bigots in the US Senate that should be defeated, especially the two Democrats who joined the 47 Republicans.

Alexander (R-TN) Allard (R-CO) Allen (R-VA) Bennett (R-UT) Bond (R-MO) Brownback (R-KS) Bunning (R-KY) Burns (R-MT) Burr (R-NC) Byrd (D-WV) Chambliss (R-GA) Coburn (R-OK) Cochran (R-MS) Coleman (R-MN) Cornyn (R-TX) Craig (R-ID) Crapo (R-ID) DeMint (R-SC) DeWine (R-OH) Dole (R-NC) Domenici (R-NM) Ensign (R-NV) Enzi (R-WY) Frist (R-TN) Graham (R-SC) Grassley (R-IA) Hatch (R-UT) Hutchison (R-TX) Inhofe (R-OK) Isakson (R-GA) Kyl (R-AZ) Lott (R-MS) Lugar (R-IN) Martinez (R-FL) McConnell (R-KY) Murkowski (R-AK) Nelson (D-NE) Roberts (R-KS) Santorum (R-PA) Sessions (R-AL) Shelby (R-AL) Smith (R-OR) Stevens (R-AK) Talent (R-MO) Thomas (R-WY) Thune (R-SD) Vitter (R-LA) Voinovich (R-OH) Warner (R-VA)

Death Tax Dead

Thu, 08 Jun 2006 13:05:00 -0700

U.S. Senate blocks permanent estate tax repeal|Reuters.com

This was a stunning setback: 57-41 against. Awesome. I’m not happy about the additional tax cuts but at least our federal coffers won’t be further depleted and the super-super rich won’t get another out, causing the lower classes to pick up the tax burden.

Olbermann Rips Coulter A New One

Thu, 08 Jun 2006 13:01:00 -0700

Olbermann slams Coulter: Shameless

Coulter’s hate and hypocrisy are f*ing sickening. Olbermann uses her own words and positions to destroy her and adds some choice ones of his own.

Ceos Have All The Luck

Sat, 20 May 2006 09:11:00 -0700

The Big Picture: CEO Options: Luck – or something else?

Great summary of a WSJ article showing surprising “coincidences” in CEO stock options being set at a very low point in the company’s stock price so that they end up maximizing their returns. I’m still pissed about my AT&T Wireless stock options being worthless when I left that place because they gave us options at a high point that it never recovered to. Yet all the execs continued to gather options that they exercised to make millions.

Worst President EVER -- more proof

Fri, 12 May 2006 09:53:00 -0700

Daily Kos: 29 Percent

A new low for Bush, and this country.

Call Your Phone Company

Fri, 12 May 2006 09:52:00 -0700

Daily Kos: ACTION ALERT: Tell ATT, Verizon, Cingular, SBC NO NSA SPYING!

I called Verizon Wireless and they said that it was not them, but the parent Verizon, which is the subject and that VZW does not divulge this information (known in the biz as CPNI).

I urge you also to call your phone company if they, like Qwest, did _not_ provide your information and thank them. I also did that for Qwest.

Telco liability could be staggering

Fri, 12 May 2006 09:39:00 -0700

Think Progress: Telcos Could Be Liable For Tens of Billions of Dollars For Illegally Turning Over Phone Records

Court Calls Fcc Calea Ruling Quot Gobbledygook Utter Nonsense Quot-

Sun, 07 May 2006 05:23:00 -0700

EFF: DeepLinks

I love it when the justice system works.

Security time capsule opens up: SANS researcher emerges.

Tue, 25 Apr 2006 09:17:00 -0700

************************************************************************* SANS NewsBites April 25, 2006 Vol. 8, Num. 33 ************************************************************************* -- snip – --Researcher Warns Some Online Banking Sites Don’t Provide Adequate Authentication (20 April 2006) SANS Institute chief research officer Johannes Ullrich says many widely used online banking sites do not use authentication technology to assure that they are who they claim to be. Banks would be well advised to send users to an HTTP Secure (HTTPS) web page which uses the Secure Sockets layer (SSL) security protocol instead of merely encrypting login forms. Web pages that do not use HTTPS make themselves vulnerable to DNS spoofing in which attackers try to trick users into visiting phony web sites in an attempt to gather their account information. https://www.computerworld.com/printthis/2006/0,4814,110738,00.html Internet Storm Center: https://isc.sans.org/diary.php?storyid=1278 -- snip –

Gas Price Quot Temperature Map Quot-

Mon, 24 Apr 2006 17:58:00 -0700

USA National Gas Temperature Map

This is freaking cool. But high gas prices SUCK!

Microsoft To End Support For Quot Outdated Quot Operating Systems

Fri, 21 Apr 2006 03:36:00 -0700

--Microsoft to End Support for “Outdated” Operating Systems (18 April 2006) Microsoft plans to retire support for Windows 98, Windows 98 SE and Windows ME on July 11, 2006; after that date, there will be no more security updates for these versions of the company’s operating systems. Microsoft calls these systems “outdated” and recommends that users upgrade to a more secure operating system, such as Windows XP. https://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1182527,00.html

Printing Human Organs In 3d

Fri, 14 Apr 2006 11:42:00 -0700

New Scientist News - Print me a heart and a set of arteries

This is so cool. Maybe we’re not too far from the Star Trek

Does Blockbuster Suck Worse Than Business Method Patents

Wed, 05 Apr 2006 11:25:00 -0700

Netflix sues Blockbuster to shut online service - U.S. Business - MSNBC.com

Yet another great busienss-method patent fight. Ugh.

Well, I can’t stand blockbuster, who, among other transgressions, got busted in a lawsuit for claiming in marketing, “No More Late Fees” but had a fee listed in the fine print for keeping videos longer than a week. But I can’t stand business method patents wielded as swords no matter who does it.

Washington: Home of World's Largest Egg

Mon, 03 Apr 2006 15:24:00 -0700

World’s Largest Egg, Winlock, Washington

I didn’t even know there was a “Winlock” in Washington, let alone that they were world-renowned!

I feel deceived though because it’s not even a real egg.

Quot Put Any Object Or Thing That Produces Data Into The Network Quot-

Mon, 03 Apr 2006 14:52:00 -0700

Boing Boing: Julian Bleecker’s blobjects manifesto: “Why Things Matter”

This Xport device looks pretty cool. I wonder if I could meld it with my weather station to make a data logger…

Religion Meet Science Prayer Doesn'T Work

Mon, 03 Apr 2006 14:45:00 -0700

Boing Boing: Prayer won’t heal ya

A new scientific study shows that prayer didn’t seem to help patients who underwent bypass surgery. In fact, some of the people who were prayed for did worse. The results of the study of more than 1,800 patients were published in the American Heart Journal.

So all the sports teams should think twice about relying on prayer to get to the championship. And think twice about god miraculously saving you. Evidence that things may just “happen” without divine intervention.

In A Word Unbelievable

Wed, 29 Mar 2006 09:37:00 -0800

BBC NEWS | Entertainment | Panda painted onto single hair

Unbelievable.

Update on the right to fly without ID

Wed, 29 Mar 2006 09:36:00 -0800

Boing Boing: Gilmore responds to “TSA ID-checking security lax” story

This would have been my guess, that people will refer to a nebulous rule/law to justify the practice or simply say, well even though it’s not legally required, it is company policy. I’m interested in trying this myself.

One Word Says It All Teledildonics

Wed, 29 Mar 2006 09:34:00 -0800

curious_jp: Release: TranceFinger

Makes all those double-entendres about fingerd have new meaning. Too bad “Virtual Sex” was just trademarked.

Bathroom Mania

Fri, 24 Mar 2006 14:53:00 -0800

I don’t know about you, but I’d have a difficult time going #1 into one of these. Too reminiscient of Rolling Stones / Mick Jagger…

BTW, I had to rewrite to avoid at least four thematic unintentional puns. I guess Freud’s theories may still be alive and well after all.

Congress Trying To Soften Data Breach Notification Laws

Fri, 24 Mar 2006 14:43:00 -0800

https://thomas.loc.gov/cgi-bin/query/z?c109:H.R.3997:

Call your representatives now to get them to oppose this legislation. This is the bill that passed out of committee and would seriously weaken the gains that have been made over the past few years in data breach notification, as well as preventing people from preemptively “freezing” their credit file from being used to open new accounts–something that itself could curb much of the ID theft problems (and perhaps some consumer credit problems…)

Wacky World Records

Wed, 22 Mar 2006 14:04:00 -0800

UniqueDaily.com - The Wackiest World Records You Will Ever See

Oh, and just to throw this in since it’s somewhat related: George W. Bush gets my vote for Worst President…Ever. He’s wacky.

Safedisc Drm Update For Windows Xp Reduces Online Gaming Risk

Sun, 19 Mar 2006 12:42:00 -0800

-risk

https://www.microsoft.com/downloads/details.aspx?familyid=eae20f0f-c41c-44fe-84ce-1df707d7a2e9&displaylang=en

This update starts the driver secdrv for SafeDisc from Macrovision at boot time to allow you to run games as a non-admin, lower-privilege user. Games that use SafeDisc otherwise require you to play the game as Administrator in order to have the rights to start the Manual service. Now, if only PunkBuster were to do the same…

Have I mentioned that DRM and copy protection sucks?

Zphone: Encrypt your VOIP

Sun, 19 Mar 2006 12:40:00 -0800

Boing Boing: Encrypted VOIP from PGP creator Zimmermann: Zfone

Encrypted VOIP from PGP creator Zimmermann: Zfone

Good reason to switch to VOIP instead of traditional phones to protect yourself from Big Brother Bush.

Jerry Falwell Issues Correction Jews Are All Going To Hell

Sun, 19 Mar 2006 12:35:00 -0800

-hell

Jerry Falwell issues correction, Jews ARE all going to hell

It must be nice to be in a religion where you can be a callous, holier-than-thou prick and still get into heaven. It also must be nice that all you have to do to get into heaven and avoid eternal damnation is to believe in some shit. The world is such an amazing place where you have free will, but if you process information about that world incorrectly and decide to not believe in Jesus as your saviour, you can suffer for all eternity. Nice. And they get out of having to be Jesus-like in this life in order to get into heaven. Do-gooders need not apply to heaven! Sounds more like the lazy, judgemental person’s religion.

Riaa Says Future Drm Might Quot Threaten Critical Infrastructure And Potentially Endanger Lives Quot-

Sun, 19 Mar 2006 12:26:00 -0800

Freedom to Tinker � Blog Archive � RIAA Says Future DRM Might “Threaten Critical Infrastructure and Potentially Endanger Lives”

Yet another reason DRM sucks. But unbelievably, the “BSA, RIAA, MPAA, and friends” actually are objecting to DRM exemptions for critical systems!

I was also reading recently about how much extra processor and battery life is sucked up when playing DRM files that have to constantly be checking for a valid license and other cruft.

Boggle On Web Weboggle

Sun, 19 Mar 2006 12:21:00 -0800

WEBoggle

This is a great use of AJAX and is also VERY addicting. You have been warned… I’m core24 if I’m playing. But I suck compared to the others. I think they are just monkeys typing random letters and waiting for the squares to light up.

Microsoft Is The Reason The Quot Little Guys Quot Cannot Play Drm Encumbered Files

Fri, 17 Mar 2006 12:29:00 -0800

Boing Boing: MSFT: Our DRM licensing is there to eliminate hobbyists and little guys

It has been freaking annoying that I can’t play DRM encumbered WMA files on my Neuros or even on Linux. Now we know why: Microsoft’s business practices.

Compiling A List Of All Of The Stupid Stuff Bush Has Done

Fri, 17 Mar 2006 10:41:00 -0800

-done

AMERICAblog: Because a great nation deserves the truth

“Let’s create a list of every idiotic thing George Bush has done in the past five years”

This is a great idea. I’ve wanted to at least put together a list of the biggest scandals.

Great timing for this kind of fun. On the heels of a new set of (dis)approval rating results that show that Bush’s popularity has fallen AGAIN, to its lowest level. So, I’ll add his claim that he was given a “mandate” to the list of stupid shit he has said or done.

Dhs Adds Another Quot F Quot To Chertoff'S Record

Fri, 17 Mar 2006 01:25:00 -0800

DHS Gets Another F in Computer Security

Is anyone surprised? They can’t even manage a disaster in the physical world (Katrina), what makes you think they can manage the disaster that DHS is? Another black mark for Chertoff and the Bush administration.

Why does the public still think that the Bush administration is strong on defending America?

Most federal agencies that play key roles in the war on terror are doing a dismal job of protecting their computers and information networks from hackers and viruses, according to portions of a report to be released by a key congressional oversight committee Thursday.

Effective Electronic Communication Requires A Human Touch

Sat, 11 Mar 2006 09:43:00 -0800

https://www.asktog.com/columns/047HowToWriteAReport.html

The finest set of recommendations will be rejected if the form in which they are received is seen as hostile or belligerent. I recently received a copy of an unsolicited report sent to a firm that seemed unimpressed with the writer’s efforts. The reasons why are instructive to us all.

Good reminder to not forget the human element in human communications. Pick up the phone every once in a while instead of just IM or email and you’ll be surprised by the results. Also, if you build human trust in non-electronic means first, it makes understanding nuances in electronic communications easier.

Another Bush Administration Inconsistency Dubai But No Israel

Sat, 11 Mar 2006 09:39:00 -0800

Well, at least they’re committed to national security consistent conservative… I give up.

“The same Bush administration review panel that approved a ports deal involving the United Arab Emirates has notified a leading Israeli software company that it faces a rare, full-blown investigation over its plans to buy a smaller rival.

The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as “Snort,” which guards some classified U.S. military and intelligence computers.”

Sciam On Quot The Rise Of Crimeware Quot-

Sat, 11 Mar 2006 09:36:00 -0800

quot-

Crimeware coverage by Scientific American

Crimeware coverage by Scientific American. Several good stats and comments from attendees of the RSA Conference. Why the increase in crime on the Internet? Well, it’s where the money is and there is very little risk of getting caught. Job security for a security guy like me though.

3d Panoramas From Around The World

Sat, 11 Mar 2006 09:31:00 -0800

Arounder - Travel and Lifestyle in 360-degree Quicktime VR - Virtual Reality Full Screen panoramas: lugano, milan, milano, barcelona, monte carlo, roma, rome, zermatt, parma, koeln, cologne, zyprus, firenze, florence, pisa:

Wow. Tour cities before you go there. Might come in handy for planning the upcoming honeymoon…

Luckiest Tree

Sat, 11 Mar 2006 09:30:00 -0800

cinthia-moura-gm_l1.jpg (JPEG Image, 400x500 pixels)

Can You Actually Fly Without Providing Id

Sat, 11 Mar 2006 09:25:00 -0800

ng-id

IDP : Investigation

Help us help you determine whether the TSA told the 9th Circuit the truth. Can you fly without ID? According to what the government told the 9th Circuit Court of Appeals in the Gilmore case, you can – you need only submit to secondary screening in order to fly anonymously.

I am just reading a Lee Child book from 1999 (pre 9/11) where the main character flew under president’s names. Would be fun if you could get away with this. Might try it on my next flight…

Defeating Censorware

Sat, 11 Mar 2006 09:17:00 -0800

If your employer or corrupt, undemocratic, dictator-based government uses a filtering service such as Secure Computing’s SmartFilter to block access to BoingBoing.net, you can try the following workarounds…

Boing Boing’s Guide to Defeating Censorware

Of course, good network admins take evasive action for these evasive actions, but the reality is that there are always ways to get around proxies. Especially when they do stupid shit like “Smart” filter does. Smartfilter will often block an entire domain in a category for one single page that may fit in that category. They blocked attrition.org under “criminal skills” and several other security sites. I recall them blocking geocities.com or something like it when only some of the pages met the criteria. Why don’t they block specific URLs or URL patterns instead of an entire domain?

Drm Annoying Mistake

Sat, 11 Mar 2006 09:11:00 -0800

The big DRM mistake

Digital Rights Managements hurts paying customers, destroys Fair Use rights, renders customers’ investments worthless, and can always be defeated. Why are consumers and publishers being forced to use DRM?

I have to say that DRM is really on my s*it list these days. I was excited to find out that the Seattle Public Library had three separate e-book and digital audio book relationships so you can access content without even leaving the house. However, I quickly found that one uses WMA files with DRM (which won’t play on my Neuros) and the other uses a proprietary software player that somehow integrates with Windows media player. I can’t even play these files on Linux, let alone on a portable media player. And I can’t burn most of them to CDs to play in the car. What do they expect you to do–play hours of audio books while sitting at your PC??? Retarded.

When translators go bad

Sat, 11 Mar 2006 08:56:00 -0800

07:00

I laughed so hard at these mistranslations found on menus in China.

One of my favorites:

“Benumbed hot vegetables fries fuck silk”

Read the comments for a good explanation of how this malicious literal translation gives rise to such humorous groupings of words. I guess you may be able to place an order even with these being so muddled, but I’d stay away from the “sour and sweet bone” and “cowboy meat”. But I hear the “Assorted Fuck” is a real delicacy!

theist v. atheist on studying religion

Sat, 11 Mar 2006 08:47:00 -0800

Web exclusive: ‘How should we study religion?’ by Daniel Dennett | Prospect Magazine March 2006 issue 120

Daniel Dennett was just in Seattle, but I missed him. But my colleague saw him and filled me in. His fundamental point is that we need to remove the stigma attached to scientifically studying religion, which I agree with. He also has a different take on the role and origin of religion as a “natural phenomena” rather than what I have typically seen as more of a “tribal tendency” theory in terms of evolutionary advantage of religion. An interesting claim that is often made by religious people is that without religion, there an be no morality. So, Dan suggests that we should empirically study questions like these–put them to the test. I hardly believe that in the overall scheme of life that religion generally makes people more “moral” than nontheists. There are a lot of atrocities done in the name of religion that will deduct from that tally.

Another Reason To Buy A Cross Cut Shredder

Sat, 11 Mar 2006 08:26:00 -0800

The Torn-Up Credit Card Application

They tore up their own credit card application, then changed the address and phone number and still got the card!

I always shred the applications I get in the mail.

And the good thing is that in Seattle, you can either recycle your shreddings or put them in your yard waste container.

Welcome to Bizarro World - Oracle has 'the security problem solved!'

Wed, 08 Mar 2006 01:05:00 -0800

Australian IT - Oracle on track of secure search (, MARCH 07, 2006)

“We have the security problem solved. That’s what we’re good at, and that’s the hard part of the problem.” -- Larry Ellison

Hell has not frozen over so I don’t believe him.

Bush Worst President Ever

Wed, 01 Mar 2006 14:08:00 -0800

-ever

Fucking…incompetent…liar…

Bush-Katrina Early warning Video

New video shows Bush was warned levees could breach BEFORE Katrina hit - Bush lied when he said no one could imagine levees breaching

Search Engine Search By Sketch-

Fri, 24 Feb 2006 09:39:00 -0800

retrievr - search by sketch

This is a lot of fun to see what search results you get. Maybe Google will pick up similar technology for Google images and video?

Book On Building Geeky Stuff

Fri, 24 Feb 2006 09:36:00 -0800

Adventures from the Technology Underground : Catapults, Pulsejets, Rail Guns, Flamethrowers, Tesla Coils, Air Cannons, and the Garage Warriors Who Love Them: Explore similar items](https://www.amazon.com/exec/obidos/ASIN/1400050820/juxtaposition-20?dev-t=DW7KZDVJYZAIL%26camp=2025%26link_code=xm2 “Amazon.com: Adventures from the Technology Underground : Catapults, Pulsejets, Rail Guns, Flamethrowers, Tesla Coils, Air Cannons, and the Garage Warriors Who Love Them: Explore similar items”)

Mythbusters, except encouraging “do try this at home”. Will have to get this book.

Very cool color pallette tool

Fri, 24 Feb 2006 09:33:00 -0800

Allows selecting colors for web designs from a variety of schemes, such as complementary colors. Very quick to get a list of colors that go well together.

HTML Color Code Tool Or from the source: https://www.siteprocentral.com/html_color_code.html

I would post it here, but they force you to use their HTML code and include it as an iframe.

Fuel Cell Motorbike

Fri, 24 Feb 2006 09:22:00 -0800

Riding Sun ENV bike at Tokyo Fuel Cell Expo

Move over Vespa. There’s a new show in town and I want one of these…

British Video Association Admission Debunks Claims Of Quot Piracy Quot-

Fri, 24 Feb 2006 09:21:00 -0800

BBC NEWS | Entertainment | Digital film: Industry answers

Oops?

Notable Web Site Designs

Fri, 24 Feb 2006 09:19:00 -0800

Current style in web design

Discussion of notable web site designs and properties of good web design.

My Tips For Diy Electrical Wiring

Fri, 24 Feb 2006 09:18:00 -0800

I recently finished wiring my second kitchen and wanted to document and share the tips that I’ve learned. I’m not an electrician so when in doubt, check your local regulations and refer to the National Fire Prevention Association’s National Electrical Code (NFPA 70) But, doing your wiring yourself can save you A LOT of money. It is really not that difficult if you read up on the requirements and practice with someone who has done it before. The inspectors are generally patient with you as a DIY homeowner and will help guide you along if you ask them questions.

Just How Insecure Is Electronic Voting

Fri, 24 Feb 2006 09:07:00 -0800

Black Box Voting : 2-23-06: Someone accessed 40 Palm Beach County voting machines Nov 2004

This is good work. NOW do the naysayers see why we need voter verifiable paper ballots?

Discovered Site For Bittorrent Downloads Of All Kinds

Thu, 23 Feb 2006 09:04:00 -0800

mininova : the ultimate bittorrent source!

Hours and hours of entertainment, not all of it legal.

Racial Profiling For Terrorists

Mon, 20 Feb 2006 02:28:00 -0800

On The McLaughlin Group yesterday, there was a lot of ridiculous sophistry regarding racial profiling as a valuable and necessary tradeoff between liberty and security.

Bruce Schneier has written many times on this subject. In this piece, there is a perfect quote about what is misguided about the position that racial profiling is not only necessary, but is actually effective, “Whenever you design a security system with two ways through – an easy way and a hard way – you invite the attacker to take the easy way. Profile for young Arab males, and you’ll get terrorists that are old non-Arab females.”

Data Shows Overuse Of The Word 'Pandemic' Becoming 'Global Pandemic'

Wed, 07 Dec 2005 06:33:00 -0800

One example: https://bankinfosecurity.com/node/2696

Isn’t “Global pandemic” a bit redundant? Also, is the term “pandemic” even appropriate, or the most appropriate, to describe an Internet-based malady? Pandemic implies distribution over a large geographic area.

Plenty more https://news.google.com/news?q=pandemic&hl=en&lr=&sa=N&tab=nn&oi=newsr

And thankfully I found this article criticizing this trend: The ‘Pandemic’ Epidemic

Doj Staffers Trumped By Political Arm

Sun, 04 Dec 2005 15:04:00 -0800

l-arm

Daily Kos: Justice Determined DeLay Redistricting Illegal, Overruled By Political Hacks

More ugliness from the repugnicans made public.

Justice Department lawyers concluded that the landmark Texas congressional redistricting plan spearheaded by Rep. Tom DeLay (R) violated the Voting Rights Act, according to a previously undisclosed memo obtained by The Washington Post. But senior officials overruled them and approved the plan.

Calling Bs On The Quot War On Christmas Quot-

Sun, 04 Dec 2005 14:55:00 -0800

Salon.com News | How the secular humanist grinch didn’t steal Christmas

A great article in Salon with actual _facts_ instead of anecdotes. Remember kids, anecdotes is not the plural form of the word data.

one can in fact offer Christmas greetings without legal counsel. Christmas trees are permitted in public schools. (They’re considered secular symbols.) Nativity scenes are allowed on public property, although if the government erects one, it has to be part of a larger display that also includes other, secular signs of the holiday season, or displays referring to other religions. (The operative Supreme Court precedent is 1984’s Lynch v. Donnelly, where the Supreme Court ruled 5-4 that a city-sponsored Christmas display including a cr�che, reindeer, a Christmas tree, candy-striped poles and a banner that read “Seasons Greetings” was permissible. “The display is sponsored by the city to celebrate the Holiday and to depict the origins of that Holiday,” the majority wrote. “These are legitimate secular purposes.”) Students are allowed to distribute religious holiday cards and literature in school. If the administration tries to stop them, the ACLU will step in to defend the students’ free-speech rights, as they did in 2003 when teenagers in Massachusetts were suspended for passing out candy canes with Christian messages.

Possible Investigation Of Oil Ceo Lying

Sun, 04 Dec 2005 14:45:00 -0800

Lautenberg wants criminal investigation of Oil CEOs

Unbelievable to watch the CEOs lie on CSPAN and unfortunate that it took The Daily Show to point out that the prick who runs the committee prevented the Oil execs from being sworn in. Else they would be guilty of perjury.

I’m glad that my senator from the great state of Washington, Maria Cantwell, was the one who tried to get Ted Stevens (the aforementioned prick) to swear them in.

How Not To Demolish A Building

Sun, 04 Dec 2005 14:31:00 -0800

Funny video of a real life demolition in Sioux Falls, SD that intended to cause the building to fall over but instead just shortened it by about a third.

https://www.argusleader.com/assets/mov/DF13214123.MOV

Geeky Xmas Gifts For Under 100

Sun, 04 Dec 2005 14:22:00 -0800

MAKE: Blog: MAKE’s Mostly Under $100 Gift Guide 2005!

What a cool list. I’m sure I’d enjoy anything on this list–even the PVC pipe (I do have a kitchen remodel coming up…)

Science Toys You Can Make At Home

Sun, 04 Dec 2005 14:08:00 -0800

-home

Science Toys

Make toys at home with common household materials, often in only a few minutes, that demonstrate fascinating scientific principles.

Hours and hours of fun just _reading_ about what you can build.

I’ve built a couple of the things on the site before. Will have to dig up some of my electronics stuff from the basement!

Nature Is Beautiful

Sun, 04 Dec 2005 14:07:00 -0800

Atmospheric Optics

Very beautiful photographs and explanations of optical effects in nature.

I never knew there was a “fogbow”

Lt Strike Gt Security In Airlines Lt Strike Gt Airline Insecurity

Wed, 30 Nov 2005 14:37:00 -0800

When people tried to evacuate during Hurricane Katrina, airline security prevented many from being able to leave before the airport had to be shut down. This is where a threat model would have helped make the right decision in the face of competing risks. And where “zero tolerance” policies really show how they are “zero thought” policies.

Hurricane Security and Airline Security Collide

And recently, if you thought that airline security was too strict, it is working. You should know it is only designed to make you _think_ that so that you will keep flying. If they really based it on a real threat model, you would have a very different traveling experience and stupid things like taking fingernail clippers and metal knives away, but allowing you to have full glass bottles of alcohol on planes would not happen. My cousin, who was in the army, recently said, “I’d like a terrorist to try to attack me with fingernail clippers.” The implication was that he would kick their ass to a bloody pulp before they got anywhere because that is stupidity masquerading as a threat to airline security.

Stem cell research breakthrough -- in Korea

Wed, 30 Nov 2005 14:31:00 -0800

WorldNetDaily: Paraplegic breakthrough using adult stem cells

This is truly great news and will be even better if it holds up to peer review and brings about additional breakthroughs. It is proof positive of a couple of things:

The critical importance of stem cell research of all kinds for treating serious afflictions and diseases. The research here was done using adult stem cells, but embryonic stem cell research may hold even more promise for finding cures in general.

No City Official Left Behind

Wed, 30 Nov 2005 14:24:00 -0800

Local officials nearly fall for H2O hoax - Science - MSNBC.com

They should also make sure that their hand isn’t larger than their face or they might have cancer.

ALISO VIEJO, Calif. - City officials were so concerned about the potentially dangerous properties of dihydrogen monoxide that they considered banning foam cups after they learned the chemical was used in their production.

Hollywood Misleads The Press On Piracy Statistics

Wed, 30 Nov 2005 14:17:00 -0800

Hollywood: Thousands Dead From File Sharing

Statements and statistics from the music, movie and software cartels are about as accurate as their claims that they’re honest, hard-working companies with consumers’ and performers’ best interests at heart.

A couple of years back, the Big Four Organized Music family’s RIAA said a raid against a New York counterfeit operation resulted in the equivalent of 421 CD burners being seized.

Judges Order Publishing Of Breathalyser Source Code

Wed, 30 Nov 2005 14:14:00 -0800

-code

LiveAmmo Security Blog: Drunk drivers granted access to breathalyser source code

If only I was able to be granted the source code for the laser detector that incorrectly clocked me over the speed limit…

I like when judges don’t treat technology as infallible. In my case, there was not any argument that could detract from the “evidence” , even the likely EMI!

Cardinal Rebuffs Quot Intelligent Design Quot-

Wed, 30 Nov 2005 14:10:00 -0800

Evolution in the bible, says Vatican - The Other Side - Breaking News 24/7 - NEWS.com.au

The vatican taking a modern position? Wow. This doesn’t make up for their handling of the sex abuse scandals but it’s a positive sign.

THE Vatican has issued a stout defence of Charles Darwin, voicing strong criticism of Christian fundamentalists who reject his theory of evolution and interpret the biblical account of creation literally. Cardinal Paul Poupard, head of the Pontifical Council for Culture, said the Genesis description of how God created the universe and Darwin’s theory of evolution were “perfectly compatible” if the Bible were read correctly.

Penn Jillette Quot There Is No God Quot-

Wed, 30 Nov 2005 14:06:00 -0800

NPR : There Is No God

Just in time for the holidays, a piece on what people believe that is not necessarily in the mainstream. A good reminder that not everyone believes the same as you do, especially among the “christian” religions.

Penn Jillette wrote an excellent piece for NPR’s “This I Believe” series on why he is “beyond Atheism”. Many religious people don’t understand or simply don’t believe that you can have morals without god but I think that Penn has a very simple model that explains how there are even possible advantages to the atheist moral world view:

High Tech Safecracking

Wed, 30 Nov 2005 13:52:00 -0800

This link wasn’t working at the time of posting, but it is interesting to see how you can use infrared to determine a combination from a recently-used keypad. There must be some equipment that would cost less than $5000 that could do this? I’ll have to check the local spy shop.

https://lcamtuf.coredump.cx/tsafe/

Richard Stallman Quot Foils Quot Rfid Quot Security Quot-

Wed, 30 Nov 2005 13:51:00 -0800

quot-

GNU project founder foils UN security

Glad my passport does not expire for many years to come. Perhaps by then passports won’t have RFID tags in them any longer. But if they do, I guess this is an easy way to keep myself from being a target for a shoulder-fired missile overseas.

FOUNDER of the GNU project, Richard Stallman, got in trouble at the UN World Summit on the information society in Tunis for putting tin foil around his RF ID.

Serious flaws in wiretapping equipment

Wed, 30 Nov 2005 13:47:00 -0800

Signaling Vulnerabilities in Wiretapping Systems

Ahh, too bad I don’t work for a telecom compnay anymore (actually, it is good). This might be fun to test out…

In a research paper appearing in the November/December 2005 issue of IEEE Security and Privacy, we analyzed publicly available information and materials to evaluate the reliability of the telephone wiretapping technologies used by US law enforcement agencies. The analysis found vulnerabilities in widely fielded interception technologies that are used for both “pen register” and “full audio” (Title III / FISA) taps. The vulnerabilities allow a party to a wiretapped call to disable content recording and call monitoring and to manipulate the logs of dialed digits and call activity. These countermeasures do not require cooperation with the called party, elaborate equipment, or special skill.

Isakmp The Standard For Incompatibility

Wed, 30 Nov 2005 13:40:00 -0800

Peter Gutman wrote a great summary of the lengths that many have to go to in order to get ISAKMP implementations to interoperate.

I had a hell of a time trying to get Windows 2000/XP IPSec to work with FreeS/WAN in the past. It was very difficult to debug what was going on and I resorted to using tools that translated FreeS/WAN configuration into Windows IPSec configuration so that I was sure that the settings were correct.

Quot Cybercrime Quot Treaty Is Criminal

Wed, 30 Nov 2005 13:39:00 -0800

Fuzzy logic behind Bush’s cybercrime treaty | Perspectives | CNET News.com

the Convention on Cybercrime will endanger Americans’ privacy and civil liberties–and place the FBI’s massive surveillance apparatus at the disposal of nations with much less respect for individual liberties.

Well, it has “cyber” in its name so it must be good… This legislation sounds like a really bad idea without the fix to ensure that requests are only allowed under “dual criminality” situations.

Xmas nostalgia

Wed, 23 Nov 2005 11:57:00 -0800

07:00

Someone is scanning in the entire Sears 1979 wishbook.

Two geeky takes on the Kama Sutra

Wed, 23 Nov 2005 11:54:00 -0800

The “Comma Sutra”

via Scrutiny Hooligans

Which reminds me of a related amusing and geeky version:

Linux Sex Positions - The Open Source Kama Sutra

They even have a security-related one: “Position 12 - Piercing the Firewall”

Lawyers Gone Wild

Wed, 23 Nov 2005 11:44:00 -0800

When Legal Strikes—Chaos Theory Meets DRM

Sadly, as management gets more cautious about legal repercussions, lawyers get a voice in decisions in which they not only have no expertise (such as IT), but in customer-facing initiatives, as well.

Sony’s aggressive spyware approach to DRM smells to high hell of the kind of good-intentions-turned-cognitive-dirty-bomb so many Legal-inspired projects descend into.

This is an interesting opinion that I think is only potentially applicable to situations where the lawyer in question is representing the company’s explicit interest. I haven’t seen this happen in general though–particularly where the corporate lawyers are addressing issues that are _not_ in regards to the company interest (e.g. privacy law).

Common Writing Mistakes

Wed, 23 Nov 2005 10:54:00 -0800

This post about Grammar Nerds reminded me that I’ve long wanted to write about some common mistakes I see over and over on the Internet and in emails.

The most common thing that I notice is confusing words that sound somewhat alike but have very different meanings and spellings:

conscious/conscience

If your conscience is bothering you, you are conscious.

effect/affect

Will poor grammer affect your chances of getting that next job?

Internet Security Tips

Sun, 20 Nov 2005 03:27:00 -0800

https://www.eweek.com/article2/0,1759,1883072,00.asp?kc=EWRSS03129TX1K0000614

Md4 And Md5 Collision Generators

Sun, 20 Nov 2005 03:21:00 -0800

There are still not known attacks against encryption schemes that make use of these, but certainly anything relying on these hashes for integrity protection should switch to alternate mechanisms.

Sent: Monday, November 14, 2005 10:48 AM To: cryptography@metzdowd.com Subject: MD4 and MD5 collision generators

I am releasing my collision generators for MD4 and MD5. They have significant time improvements over the ones described in the papers by Wang, et al.

MD4 collisions can be generated almost instantly, MD5 can be generated in approximately 45 minutes on my p4 1.6ghz (on average).

Scientists Re Invent Nature

Sun, 20 Nov 2005 02:25:00 -0800

BBC NEWS | Science/Nature | Butterfly wings work like LEDs

When scientists developed an efficient device for emitting light, they hadn’t realised butterflies have been using the same method for 30 million years.

Oh The Irony

Sun, 20 Nov 2005 02:23:00 -0800

Wired News: Tainted Sony CDs Used Open Source

In short: Sony’s ill-conceived, ill-executed, and ill-handled copy protected CDs that inserted a rootkit on your Windows computer that were designed to supposedly protect artist’s rights by preventing unauthorized copying of music ironically appear to have violated the copyrights of several open source software tools.

Quot Deep Thoughts Quot On Topics Of The Day

Fri, 11 Nov 2005 04:08:00 -0800

Daily Kos: Cheers and Jeers: Rum and Coke FRIDAY!

Last weekend we picked up three of Jack Handy’s Deep Thoughts books. While he avoids the political (after all, the thoughts are deep), we found some striking parallels to certain people and issues of the day…

More 'Christians' Persecuting Others Who Are Supposedly Persecuting Christians

Fri, 11 Nov 2005 02:01:00 -0800

Pandagon: ‘Tis the season to ‘persecute’ Christians

A couple more years of this hysteria and the use of “Merry Christmas” as shorthand for, “I hate you and everything you stand for because you didn’t pass my Christian sniff test, hellbound motherfucker,”

Now that sounds consistent with the loving Christian attitude fostered by Pat Robertson.

CNN.com - Robertson warns Pennsylvania�voters of God’s wrath - Nov 10, 2005

Alito Response To Vanguard Conflict Of Interest Shows True Character

Fri, 11 Nov 2005 01:11:00 -0800

Eschaton

Alito: “he’s an I’m gonna do what I want and fuck you if you think otherwise kind of guy” Nice.

O'Reilly Unpacks Dead Horse From His Holiday Nick Nacks Begins 2005 Flogging

Fri, 11 Nov 2005 01:08:00 -0800

O’Reilly opens new front in “war” on Christmas … [Media Matters]

O’Reilly is ridiculous and a hypocrite. He is trying to create a controversy where one does not exist and then beat that dead horse senseless. And his issue? “Season’s Greetings” and “Happy Holidays” used by businesses around this time of year “absolutely does [offend Christians]. And I know that for a fact.”

Here’s how he is a hypocrite (one of many ways). It’s okay for him to be offended when the Christian aspect is _not_ specifically mentioned, but non-Christians do not get this same right. But this is okay because O’Reilly says, “I don’t believe most people who aren’t Christian are offended by the words “Merry Christmas.” Nevermind this is a baseless position to take. And the possibility that non-Christians could be just as incensed as he is is not only discounted, but he resorts to ad-hominim attacks against those non-Christians, “I think those people are nuts. I think you’re crazy if you’re offended by the words “Merry Christmas.”

Password Hash Dash

Wed, 09 Nov 2005 23:26:00 -0800

-dash

Rainbow Crack is a time/memory tradeoff tool that can break passwords knowing just the password hash. So, those people who still think that disclosing password hashes is not a big deal…

SANS documented and proved, using a modified version of Rainbow Crack, something that I have suspected for a while. That Oracle’s proprietary password hashes are weak There are plenty of good ways to do this that it’s a wonder these days that people still roll-their-own crypto. The SANS team is releasing an update to Rainbow Crack that can crack Oracle passwords.

New Photos Of Wonders Of The Universe

Wed, 09 Nov 2005 15:12:00 -0800

Hubble & Spitzer Space Telescopes on Yahoo! News Photos

Beautiful, wonderous, cool stuff.

This undated infrared image captured by NASA’s Spitzer Space Telescope, released by NASA on Wednesday, Nov. 9, 2005, shows colossal pillars of cool gas and dust that provide scientists with an intimate look at the star-forming process. The image reflects a region in space known as W5, in the constellation Cassiopeia 7,000 light years away, which is dominated by a single massive star. (AP Photo/NASA, JPL, CalTech)

Congress May Curtail Some Patriot Act Powers

Wed, 09 Nov 2005 15:01:00 -0800

Congress May Curb Some Patriot Act Powers - Yahoo! News

Now that congress has apparently taken the time to read the PATRIOT Act, they are more likely to do the right thing before voting for it a second time:

WASHINGTON - Congress is moving to curb some of the police powers it gave the Bush administration after the Sept. 11 terrorist attacks, including imposing new restrictions on the FBI’s access to private phone and financial records. ADVERTISEMENT

Quot Religious Right Quot Confirms They Are Hypocrites

Wed, 09 Nov 2005 14:58:00 -0800

AMERICAblog: Religious right bigots upset that a US Senator called them on their religious bigotry

Yet another reason to love Vermont Senator Pat Leahy.

Primer On Root Causes Of The Violence In France

Wed, 09 Nov 2005 14:51:00 -0800

TomPaine.com - Why Paris Is Burning

Attend Or Host A Walmart Movie Screening

Wed, 09 Nov 2005 14:48:00 -0800

WAL-MART Movie Screenings

Attend or host a movie screening of the new film Wal*Mart: The High Cost of Low Price. I’ll be attending one in Seattle next Wednesday. Hope to see you there!

Another Fema And Bush Administration Snafu

Wed, 09 Nov 2005 14:46:00 -0800

Think Progress � Another Titanic Mistake

The Federal Emergency Management Agency has given the defense contracting agency Titan more than a half million dollars in brand-new contracts for Hurricane Katrina. Here are the top five reasons this was a very bad idea

Read the article for the sickening details about Titan. If Republicans want to do something about the moral climate of America, forget the annoying shit that the FCC is doing and clean house in your own party. Ahh, the ones who throw stones should not live in glass houses…

Democrats Now Press Find Their Cajones

Wed, 09 Nov 2005 14:30:00 -0800

Pandagon: Another painful Scott McClellan ass-whooping

White House press briefings are fun again!

Especially when the White House attempts to revise history again.

The press is starting to do its job for once, but it is often discounting and ignoring their role in marketing misinformation about the Iraq war

The complete toll of the Iraq War

Wed, 09 Nov 2005 14:11:00 -0800

It really miffs me to hear media focus entirely on the number of death-specific casualties of the Iraq war but completely ignore the other horrible casualties. From the McLaughlin Group, 11/4/05:

MR. MCLAUGHLIN: Okay, the human toll: The U.S. military dead in Iraq, including suicides, 2,035; U.S. military amputeed, wounded, injured, mentally ill, 48,100; Iraqi civilians dead, 117,700.

Note to the media: Why don’t you ask yourselves why it is only the number of _dead_ servicemen who you choose to highlight? Isn’t 48,100 WOUNDED US CITIZENS an even more horrific number? Yes, 2035 dead US Citizens is tragic, but death is not the only tragic consequence for the soldiers.

Na Na Na Na Na Na Na Na Hey Hey Hey

Wed, 09 Nov 2005 09:05:00 -0800

BBC NEWS | Americas | CIA leak probe reporter resigns

Judith Miller resigns. Good riddance.

Proof Against Intelligent Design The Kansas School Board

Tue, 08 Nov 2005 23:06:00 -0800

In a 6-4 vote, the Kansas school board voted in favor of teaching Intelligent Design in Schools.

Two words: F*cking idiots.

There is some good news in the realm of the New New Creationism though:

Intelligent Design Candidates Voted Out in Penn. Hooray! To show how huge htis was, 8 out of the 9 members who voted in favor of ID as an “alternative” to evolution were up for election; all 8 were voted out.

Eff Breaks Secret Tracking Quot Dot Code Quot-

Sun, 30 Oct 2005 14:33:00 -0800

EFF: DocuColor Tracking Dot Decoding Guide

This is a breakthrough. It has been rumoured for years that printers and copy machines include secret codes on documents to track them back to the source machine but the EFF now has real evidence and even tools that you can use to perhaps decode your printer’s secret tracking information.

This guide is part of the Machine Identification Code Technology project. It explains how to read the date, time, and printer serial number from forensic tracking codes in a Xerox DocuColor color laser printout. This information is the result of research by Robert Lee, Seth Schoen, Patrick Murphy, Joel Alwen, and Andrew “bunnie” Huang. We acknowledge the assistance of EFF supporters who have contributed sample printouts to give us material to study. We are still looking for help in this research; we are asking the public to submit test sheets or join the printers mailing list to participate in our reverse engineering efforts.

New Favorite Word Hoffing

Sun, 30 Oct 2005 14:30:00 -0800

Hackers no hassle: Hoff - People - Entertainment - theage.com.au

More From Oracle'S Cso

Sun, 30 Oct 2005 14:17:00 -0800

Wow. Note how she says that she researches “hacking techniques” as well as the network-security-centric language throughout. A CSO should not typically be operating at this level but rather at the “big picture” strategic level.

No wonder Oracle continues having application security and patch quality problems. Their CSO seems too busy hacking the network and writing articles about it and how bad vulnerability researchers are and not enough time executing on a strategy to improve the security posture of their software and processes. Some on security mailing lists are calling for her to resign.

More Php Web Application Security Tips

Sun, 30 Oct 2005 14:09:00 -0800

Hacks From Pax: PHP Web Application Security - The Community’s Center for Security

Today on Hacks From Pax we’ll be discussing PHP web application security. PHP is a great language for rapidly developing web applications, and is very friendly to beginning programmers, but some of its design can make it difficult to write web apps that are properly secure. We’ll discuss some of the main security “gotchas” when developing PHP web applications, from proper user input sanitization to avoiding SQL injection vulnerabilities.

Preventing Future Threats Not With A Quot Lack Of Protective Imagination Quot-

Sun, 30 Oct 2005 13:53:00 -0800

And, after hurricane Katrina, I would add that on top of a “lack of protective imagination”, government continues to suffer as well from “pork barrel security projects” and “visible-but-ineffective security projects” that divert precious resources away from the real or more likely threats.

An unfortunate example of this is how “The federal government will pay the overtime of cops and emergency medical workers if the drill involves an act of terrorism, but it won’t if locals rehearse for a natural disaster.” So, the government is still making it difficult for localities, such as Seattle, to prepare for _likely threats_ and instead they have to fake it by running drills for the more unlikely terrorism-related scenarios instead. See Is Seattle Really Ready?

Even More Evidence Of Php Becoming The New C

Sun, 30 Oct 2005 13:46:00 -0800

Another example of how PHP can be dangerous. Having to know the internal workings of variable acceptance to implement secure data checking seems to negate the value of having a higher-order programming language.

And, it is common in other languages to work with variables in a REQUEST structure of some sort.

PHP should provide a built-in set of semantics for data input filtering that work across all of the possible input types so that each application doesn’t have to build their own. I even remember when you used to have to build your own PHP session management or use additional PHP modules (PHPlib was a great implementation) before it got rolled into PHP 4.

Roll Your Own High Entropy Hardware Randomness Generator

Sun, 30 Oct 2005 13:44:00 -0800

High-Entropy Randomness Generator

In this paper, we explain how to construct a High-Entropy Randomness Generator, suitable for a wide range of applications, including extremely demanding ones. We will explain and then use some key theoretical ideas:

* We start with a raw input, typically from a good-quality sound card. * We obtain a reliable lower bound on the raw input’s entropy density (as defined in appendix A). This is calculated based on physics principles plus a few easily-measured macroscopic properties of the sound card. (This stands in stark contrast to other approaches, which obtain a loose upper bound based on statistical tests on the data.) * We make use of the hash saturation principle, as discussed in section 3.2. The resulting output has essentially 100% entropy density. This is provably correct under mild assumptions. * We use no secret internal state and therefore require no seed. * We do not depend on assumptions about “one-way functions”.

Flashback More On Php Security

Sun, 30 Oct 2005 13:40:00 -0800

I dug this out for additional evidence of how PHP gives programmers too much rope to hang themselves, not unlike C.

-J

-—-Original Message—– From: David Wheeler [mailto:dwheeler@ida.org] Sent: Wednesday, August 08, 2001 2:06 PM To: me Subject: PHP

Ben Ford said:

>>Don’t call it a weakness of the language, call it by its true name: >> Lazy Programming.

If this was a common problem in other languages, I might agree with you. But it’s not. Essentially all other computer languages do _NOT_ let attackers set the state of arbitrary program variables to arbitrary values, and then require programmers to constantly reset values if they’d like to prevent attackers from controlling them.

Study: Correlation between more sex and more happiness

Sun, 30 Oct 2005 13:36:00 -0800

Planned Parenthood Federation of America, Inc. - Sex And Happiness: What’s The Connection?

If I had to choose, I’d choose more sex over wealth even before reading about this study :-)

In a recent preliminary and unpublished study, “Money, Sex, and Happiness,” researchers from Dartmouth College and Warwick University (UK) found that people who consider themselves happiest are those who are having the most sex. The study does not claim that having sex causes happiness or vice versa. But of the 16,000 people in the research sample, happiness was associated with sex for both women and men and people under and over the age of 40. And despite the notion that money can buy happiness, researchers found little — if any — connection between increased wealth and long-term happiness.

Federal Judge Rules Pledge Unconstitutional

Sun, 30 Oct 2005 13:12:00 -0800

https://www.npr.org/templates/story/story.php?storyId=4847626&ft=1&f=1001

U.S. District Judge Lawrence Karlton ruled that the pledge’s reference to one nation “under God” violates school children’s right to be “free from a coercive requirement to affirm God.”

Just take the freaking words “under God” out of the pledge that weren’t there to begin with and the problem goes away!

Is Php The New C

Sun, 30 Oct 2005 12:34:00 -0800

I’ve been wondering lately if PHP is much like C from a security perspective in that the chances that if you are using PHP for an application that your application is secure depends on tribal knowledge about “what not to do” with the basic language. Another way to say this is that like C, PHP gives you plenty of rope to hang yourself if you don’t know what you are doing. Which is unfortunate for a language that should be safer by default for use by UI programmers.

Does Voting Machine Technology Affect The Outcome Of Elections

Sun, 30 Oct 2005 12:30:00 -0800

Some interesting results found in a study of 2000-2004 election data.

We first show that there is a positive correlation between use of touch-screen voting and the level of electoral support for George Bush. This is true in models that compare the 2000-2004 changes in vote shares between adopting and nonadopting counties within a state, after controlling for income, demographic composition, and other factors. Although small, the effect could have been large enough to influence the final results in some closely contested states.

Fixes To The Patriot Act Seen As Sufficient To Address Concerns

Sun, 30 Oct 2005 12:23:00 -0800

Appropriate rational commentary on the specifics that need to be changed about the PATRIOT act to address privacy and governmental power and oversight issues.

The Wall Street Journal

November 12, 2004

COMMENTARY

Patriot Fixes

By BOB BARR November 12, 2004; Page A12

The most common charge levied against critics of the Patriot Act – one that Alberto Gonzales, the new face of Justice, is likely to repeat in his days ahead – is that they’re “misinformed.” Well, as a former U.S. attorney appointed by President Reagan, a former CIA lawyer and analyst, and a former Congressman who sat on the Judiciary Committee, I can go mano a mano with any law-enforcement or intelligence official on the facts. And the facts say that the Patriot Act needs to be reviewed and refined by Congress.

Study: Motivations for global terrorism over the past 25 years

Sun, 30 Oct 2005 08:57:00 -0800

This is not so much about Islam vs. Christianity (although I think a lot of wacky Christians are making this case still) Courtesy of Bruce Schneier.

An absolutely fascinating interview with Robert Pape, a University of Chicago professor who has studied every suicide terrorist attack since 1980. “The central fact is that overwhelmingly suicide-terrorist attacks are not driven by religion as much as they are by a clear strategic objective: to compel modern democracies to withdraw military forces from the territory that the terrorists view as their homeland.”

Another Reason To Cancel Your Time Magazine Subscription

Sun, 30 Oct 2005 08:51:00 -0800

First Ann Coulter on the cover of Time, now a so-called-news story on religion vs. science (which is a false dichotomy IMHO)

“Welcome to Jesusland” Part Deux…

The United States of Almighty-God

Ugh.

Another State To Avoid Kansas

Sun, 30 Oct 2005 08:50:00 -0800

Close to adopting “intelligent design” in Kansas. They’re joining Pennsylvania. FYI, there was an update on NPR from Oct 21 about the Pennsylvania case. It may be good that this is not a jury trial. The defense is now bringing on their witnesses about the merits of the “theory” of intelligent design. At least the science teachers at the schools in question had refused to read the ridiculous statement about intelligent design being another “theory” that is out there.

Acceptable Risk As A Euphamism For Shifting Fraud Liability To The Consumer

Sun, 30 Oct 2005 02:51:00 -0800

Financial Cryptography: “Acceptable Risk” - a Euphemism for Selling Fraud?

This is a post from a while back but is still relevant to recent discussions about how the financial industry is still shifting the burden of identity theft and fraud to the customers. Bruce Schneier just wrote about this in regards to phishing in the most recent edition of Crypto-Gram as well.

The “acceptable risk” concept [writes guest financial cryptographer Ed Gerck] that appears in recent threads has been for a long time a euphemism for that business model that shifts the burden of fraud to the customer.

Everything You Wanted To Know And More On Teleportation

Sun, 30 Oct 2005 02:38:00 -0800

Teleportation – Facts, Info, and Encyclopedia article

Teleportation, or teletransportation, is the process of moving objects (or more likely with present techniques, (A particle that is less complex than an atom; regarded as constituents of all matter) elementary particles) from one place to another by encoding information about the object, transmitting the information to another place, such as on a (A communication system based on broadcasting electromagnetic waves) radio signal, and creating a copy of the original object in the new location. The notion of teleportation was first conceived in the course of the Golden Age of (Click link for more info and facts about 20th century) 20th century (Literary fantasy involving the imagined impact of science on society) science fiction (Creative writing of recognized artistic value) literature by authors who considered necessary a form of on-the-spot intangible conveyance tools to hold up the narratives of their tales.

Top 5 Spam Categories

Sun, 30 Oct 2005 02:14:00 -0800

Security Scoop - NSI Watercooler Stories - BankInfoSecurity.com

This seems consistent with what I’ve seen in spam that comes into axley.net. Spammers and scammers are the scourge.

Top 5 Spam Categories Named Drum roll please … it’s time to reveal the top five categories of junk e-mail, as tracked by security firm Sophos. The big winner for 2005 so far is medication/pills, which accounts for 41.4% of all spam reports. Next are mortgage offers, which clocked in with 11.1%. That old favorite pornography took the third spot, with 9.5%. Stock scams are growing fast, Sophos says, accounting for 8.5% of all spam thus far this year. In fifth were product-related spam messages, with 8.3%. The remaining 21.2% fall into the “other” category.

Restrictions Placed On Fbi Cellular Tracking

Sun, 30 Oct 2005 01:18:00 -0800

FBI Dealt Setback on Cellular Surveillance

Finally some restraint on use of the PATRIOT act powers. Especially in light of recent FOIA documents that EPIC found that show abuses by law enforcement.

The FBI may not track the locations of cell phone users without showing evidence that a crime occurred or is in progress, two federal judges ruled, saying that to do so would violate long-established privacy protections.

Biometrics In Atms

Sun, 30 Oct 2005 01:48:00 -0700

-atms

InformationWeek > Biometric Security > Privacy Concerns, Expense Keep Biometrics Out Of U.S. ATMs > October 12, 2005

This article is chock full of fun things to comment on.

Ricardo Prieto, who was vice president for system operations at BanCafe when the system was installed, said that at first ATMs failed to recognize fingerprints on the well-worn hands of some elderly customers and laborers such as construction workers.

This Old Porn

Sat, 29 Oct 2005 14:20:00 -0700

Wired News: This Old Porn Is New Again

RetroRaunch maintains a collection of more than 40,000 images of vintage erotica. Keepin’ it retro.

Keeping Eyes On The Prize

Fri, 28 Oct 2005 09:48:00 -0700

Daily Kos: Rove’s Lawyer Confirms Rove Remains Under Investigation

Hunter is right on. The investigation is still ongoing and ultimately, this country needs to get to the bottom of the core issue of the Valerie Plame leak, which compromised her safety and national security apparently for political purposes.

And a big “FU” in advance to any in the punditocracy who are preparing to write these charges off as something insignificant. It wan’t insignificant during Watergate.

Must Have Firefox Extensions

Fri, 21 Oct 2005 13:34:00 -0700

I thought it would be good to document the Firefox extensions that I find invaluable:

All-In-One Sidebar A much nicer integration of common configuration options with the FF GUI at the ready. Also, lets you load up two different pages side-by-side or the source code to a page right next to the site, etc.

Download Statusbar I find the firefox download manager separate dialog box kind of annoying. This extension shows all download progress right in the statusbar so you don’t have to watch multiple windows to track download progress.

Rant On Oracle Just Not Quot Getting It Quot-

Tue, 11 Oct 2005 17:03:00 -0700

Funny and entertaining and sad rant about Oracle’s inability to do security in stark contrast to public claims by their CSO, marketing, etc.

This has inspired others to note how there are some Oracle vulnerabilities that have been open for 768 days!! among other comments. Oracle even tried to put the cat back in the bag on some other disclosed vulnerabilities recently. They just don’t get it. I’m wondering if Larry Ellison were in Bill Gate’s place just how much worse off the Internet and world would be from a security perspective.

Riaa The New Mafia

Tue, 11 Oct 2005 17:01:00 -0700

[infowarrior] - RIAA Takes Shotgun to Traders

Hundreds of people are being wrongly sued by the Recording Industry Association of America for illegally trading music online, legal experts say.

Attorneys representing some of the 14,000 people targeted for illegal music trading say their clients are being bullied into settling as the cheapest way to get out of trouble. Collection agencies posing as “settlement centers” are harassing their clients to pay thousands of dollars for claims about which they know nothing, they say.

Clickfest

Tue, 11 Oct 2005 16:40:00 -0700

Google Maps + Craigslist = Housing Maps https://www.housingmaps.com/

New Washington State Quarter designs. I think that we should use the state quarter designs to vote states out of the union. I’d say that if you put your best on a quarter and all you can come up with is lame crap like “Birthplace of Aviation Pioneers” (as if one resident’s coincidental occupancy in your state somehow is noteworthy) then perhaps we don’t need you in the union. That said, Washington’s proposals are pretty tame. I do like Salmon, the mountains, and apples. Although we are one of the up-and-coming wine regions so perhaps they should pick that instead? https://www.cnn.com/2005/POLITICS/09/30/bennett.comments/index.html?section=cnn_topstories

The New New Creationism: Intelligent Design

Tue, 11 Oct 2005 16:34:00 -0700

Several notes on this Intelligent Design crap driving us toward another Scopes trial.

Evolution Lawsuit Opens in Pennsylvania

US President Jimmy Carter, and an evangelical Christian:

“As a Christian, a trained engineer and scientist, and a professor at Emory University, I am embarrassed by Superintendent Kathy Cox’s [Georgia Public Schools] attempt to censor and distort the education of Georgia’s students. The existing and long-standing use of the word ’evolution’ in our state’s textbooks has not adversely affected Georgians’ belief in the omnipotence of God as creator of the universe.”

Quot Open Sesame Quot Opens Quot High Tech Quot Cockpit Doors

Tue, 11 Oct 2005 02:32:00 -0700

The Seattle Times: Business & Technology: Glitch forces fix to cockpit doors

Well, “Open Sesame” works if you say it through a nearby walkie-talkie:

For more than two years, U.S. airplane passengers have flown more securely because high-tech cockpit doors created a barrier to prevent a repeat of 9/11, when terrorists entered the cockpit and commandeered four planes.

But, the doors were not foolproof.

Sharing an HP Printer via CUPS w/o a network printer driver

Mon, 10 Oct 2005 03:25:00 -0700

HP has several printers where they provide huge driver downloads of 75-350 megabytes but none of them come with a network INF installer (you can look in autorun.inf and see references to Drivers/Network but those directories aren’t there)

Two printers that I know have this problem are the:

HP PSC 750xi HP PSC 1210xi

I run a linux print server so I want to connect the printers to the linux box and share them out via IPP provided by CUPS. This requires some software gymnastics on Windows because the typical HP drivers expect the printer to be plugged directly into the local USB cable, not served out over IPP. I saw similar problems of other HP users when they tried to use Windows printer sharing to remote computers on a network.

Is O'Reilly Really This Much Of A Dumbass

Fri, 07 Oct 2005 09:49:00 -0700

O’Reilly compared Irish immigration to enslavement of African-Americans

O’Reilly actually says this. He started talking about his family’s plight when the Irish famine was going on, “everybody was starving in Ireland. They had to leave the country, just as Africans had to leave – African-Americans had to leave Africa and come over on a boat and try to make in the New World with nothing. Nothing.”

Can We Pleeeze Get Some Real Journalists Out There

Fri, 07 Oct 2005 09:35:00 -0700

The Stakeholder: Cute, But No Cigar

The Washington Times takes cruft out of Tom DeLay’s mouth and prints it without investigating whether what he was claiming was true or not. Of course it was an outright dissembling on DeLay’s part. But what do you expect (both from WaPo and DeLay)?

New Book Security And Usability

Fri, 07 Oct 2005 08:06:00 -0700

Usable Security Blog Archive O’Reilly Book: Security and Usability

One of the research areas that I am very interested in:

O’Reilly has released Security and Usability: Designing Secure Systems That People Can Use, a collection of 34 essays on security and usability edited by Lorrie Cranor and Simson Garfinkel.

Wanker of the day: William Bennett

Tue, 04 Oct 2005 05:35:00 -0700

CNN.com - Bennett under fire for remarks on blacks, crime - Sep 30, 2005

Bennett, who held prominent posts in the administrations of former presidents Ronald Reagan and George Bush, told a caller to his syndicated radio talk show Wednesday: “If you wanted to reduce crime, you could – if that were your sole purpose – you could abort every black baby in this country and your crime rate would go down.

Family Guy Dvd Video Clips

Wed, 28 Sep 2005 15:16:00 -0700

Family Guy - Clips from DVD-movie

Ohhhhh Riiiight.

Here are some fun clips from Stewie Griffin: The Untold Story which comes out today!

Preoccupied With Firewalls

Mon, 26 Sep 2005 15:03:00 -0700

Firewalls a dangerous distraction says expert

I don’t know who Abe Singer is but he makes a great point that I have been touting for years. Look at your infosec program and count how many people you have dealing directly with firewalls. Now, count how many people you have dealing with application security audits, standards, reviews, etc. More than likely, you only need one hand to count the latter. That is why there is such a problem with insecure applications on the Internet. It starts with misunderstanding your threat model and continues with inadequate staffing and misplaced priorities

Blast From The Past Dmv Fraud

Mon, 26 Sep 2005 14:56:00 -0700

As the REAL ID act meets reality, recall a previous report on DMV fraud and lax security. If you think you have problems budgeting for security in your company, imagine being handed an unfunded mandate from the federal government. Do you think current problems will magically go away?

Date: Mon, 2 Feb 2004 09:50:52 -0500 From: Monty Solomon Subject: Security Holes at DMVs Nationwide Lead to ID Theft and Safety Concerns

20 Questions

Mon, 26 Sep 2005 14:42:00 -0700

20 questions: AI style

This is pretty freaky that a computer can guess what you are thinking…

20Q.net is an experiment in artificial intelligence. The program is very simple but its behavior is complex. Everything that it knows and all questions that it asks were entered by people playing this game. 20Q.net is a learning system; the more it is played, the smarter it gets.

Star Wars Gangsta Rap video

Mon, 26 Sep 2005 14:34:00 -0700

Star Wars Gangsta Rap

The funniest part I think are the stormtroopers. What a bunch of nancies…

Idaho Weatherman Quits To Pursue Bizarre Katrina Quot Theory Quot-

Mon, 26 Sep 2005 13:51:00 -0700

You can’t make up better sh*t than this. Unbelievable.

Unfortunately, a “theory” must be “either originating from observable facts or supported by them.”

Idaho weatherman quits, says he wants to pursue hurricane theory

THE ASSOCIATED PRESS

IDAHO FALLS, Idaho – A Pocatello weatherman who gained attention for an unusual theory that Hurricane Katrina was caused by the Japanese mafia using a Russian electromagnetic generator has quit the television station.

On The Insecurity Of Passwordspassphrases These Days

Mon, 26 Sep 2005 13:46:00 -0700

In a posting to the cryptography mailing list. Interesting statistics in the presentation. Update your threat models!

Folks might want to look at https://www.huitema.net/talks/ietf63-security.ppt the slides from a talk Christian Huitema gave at the Applications Area at IETF63 this past week. Of particular interest is just how cheap it is to brute-force a passphrase these days, especially if it’s just used as a cryptographic key with known plaintext (i.e., in challenge/ response protocols).

Creative Zen Digital Media Players Ship With A Worm

Mon, 26 Sep 2005 13:43:00 -0700

Glad I’m sticking with the Neuros which doesn’t run Windows now and will run Linux in the next version. Not to mention the open source aspects and the ability to play OGG/Vorbis audio files…

https://rss.slashdot.org/Slashdot/slashdot?m=251

Are You Blocking Flash Cookies

Mon, 26 Sep 2005 13:36:00 -0700

Spammers and people without regard for your privacy or your privacy preferences (blocking cookies means I don’t want them in any form) are insidious.

Unbeknownst to many people, Macromedia Flash player allows surreptitious cookies to be dropped on your computer that can be used to track you even if you block traditional browser cookies.

Some information on eradicating them:

Firefox extension for blocking flash cookies: [https://www.yardley.ca/objection/]

Macromedia info (opens up the hidden flash config tool in your browser that lets you view and expunge flash cookies): [https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html]

Great Site On Bayesian Statistics

Mon, 26 Sep 2005 13:26:00 -0700

This site has a great overview of Bayesian statistics (the basis for bogofilter , why my email is still useful). Also look for information on common misinterpretations of statistics and statistical error rationale for why lie detector tests are less than useful.

cause, chance and Bayesian statistics: a briefing document

Most Apropos Juxtaposition

Mon, 26 Sep 2005 13:24:00 -0700

Movable Type 32 Upgrade Woe New Templates

Mon, 26 Sep 2005 13:19:00 -0700

I was having the same problem as in this posting to the MT forum after upgrading to the new 3.2 templates by copying them in from the default_templates directory or from the movable type templates website:

The footer on my main index seems to be incorrectly displayed: %%time"> | | (0)

1- %% shouldn’t be displaying 2- It should say Posted by xyz on August 19, 2005 02:00 PM | Permalink | (0) 3- ‘>’ shouldn’t be displaying 4- the permalink should be displaying

Federal Court Quot Smacks Down Quot Specious Dmca Claim

Mon, 26 Sep 2005 13:17:00 -0700

Fed. Circuit Smacks Down Bad DMCA Decision Re: Independent Repair Techs

Great news for the public’s rights over “copy” rights.

the DMCA must be read in the context of the Copyright Act, which balances the rights of the copyright owner against the public’s interest in having appropriate access to the work.

The browser wars are back: on security turf

Mon, 26 Sep 2005 13:06:00 -0700

In this article, OSS means slower patches, David Sykes from Symantec makes some absurd claims about open source being slower to patch than closed source.

“It is relying on the goodwill and best efforts of many people, and that doesn’t have the same commercial imperative,” he said. “I’m sure that is part of what is causing the blow-out in the patch window.”

So… “commercial imperative” is a requirement to be quick with patches? Where has this guy been for the past 10+ years when commercial vendors have done everything to thwart publication of vulnerabilities and have been the slowest to patch (and still are, such as Oracle and Cisco).

Ld50 Of H20

Mon, 26 Sep 2005 13:01:00 -0700

This calculator for the lethal dose (toxicity) for caffeine reminded me that even water has an LD50 https://en.wikipedia.org/wiki/LD50
Intraperitoneal Mouse LD50 (for water): 190 g/kg Intravenous Mouse LD50 (for water): 25g/kg

The alt.drugs FAQ has info too on LD50

Doj Puts Porn Over Terrorism

Mon, 26 Sep 2005 12:59:00 -0700

[infowarrior] - Top DoJ Priority Isn’t Terrorism, it’s Adult Entertainment

This is disgusting. I’m glad it is getting such a negative public reaction.

My Pick For Cost Reducing Noise Reducing Headphones

Mon, 26 Sep 2005 12:47:00 -0700

Aiwa HP-CN6 Noise-cancelling headphones. Get them at amazon.com for super cheap. I compared these to the $299 Bose and it was a very easy decision. There is not $270 more noise cancelling in the Bose headphones.

When trying them on and comparing them, be aware that the over-the-ear designs block more noise just without having them turned on. So, account for that difference in your testing.

I often use mine at work to cancel out the subconsciously irritating ambient noise and they are indispensable on airplanes.

Bush Then Vs Now

Mon, 19 Sep 2005 11:29:00 -0700

Then:

A large majority of voters express confidence that Bush will protect the country from a terrorist attack if he is re-elected in November

Now:

the public now shows diminished confidence in his abilities to handle a crisis or provide leadership, as well as in the government’s ability to protect the country.

Quality Time Wasting Sites

Tue, 13 Sep 2005 14:19:00 -0700

Just in case you’re looking for hours and hours of quality entertainment, here are several sites with similar kinds of videos and pictures that always deliver.

[https://www.ebaumsworld.com]

[https://www.killsometime.com]

[https://www.collegehumor.com]

[https://www.ugoto.com]

[https://www.gorillamask.net]

[https://www.hamncheez.com]

A Message From The Church Of The Flying Spaghetti Monster

Mon, 29 Aug 2005 11:41:00 -0700

OPEN LETTER TO KANSAS SCHOOL BOARD

My new greeting will have to be: “May you be forever touched by His Noodly Appendage”

Since a judge in washington today just ruled that it is okay to post the 10 commandments on government property in some cases without posing a “threat to the religious freedoms of the citizens”, this would be a great time to get some of the Flying Spaghetti Monster commandments on public land. Fair is fair, right?

Security reading list

Fri, 19 Aug 2005 15:17:00 -0700

A book that I am reading right now:

Between Silk and Cyanide A true story of cryptography in the field during WWII.

A free 900 page eBook from Microsoft Press: Improving Web Application Security: Threats and Countermeasures

You may want to just buy a paper copy since it weighs in at 3-4 inches of paper (I have a copy of the “real” book and it’s big).

Another book that sounds interesting:

Secrets of Computer Espionage: Tactics and Countermeasures “Covers electronic and wireless eavesdropping, computer surveillance, intelligence gathering, password cracking, keylogging, data duplication, black bag computer spy jobs, reconnaissance, risk assessment, legal issues, and advanced spying techniques used by the government.

Security books to check out

Fri, 19 Aug 2005 15:14:00 -0700

https://www.wiley.com/legacy/compbooks/mcnamara/

Secrets of Computer Espionage: Tactics and Countermeasures

by Joel McNamara

Covers electronic and wireless eavesdropping, computer surveillance, intelligence gathering, password cracking, keylogging, data duplication, black bag computer spy jobs, reconnaissance, risk assessment, legal issues, and advanced spying techniques used by the government.

Author shares easily-implemented countermeasures against spying to detect and defeat eavesdroppers and other hostile individuals.

Addresses legal issues, including the U.S. Patriot Act, legal spying in the workplace, and computer fraud crimes.

Rss Feed For Traffic Conditions Data And Maps

Fri, 19 Aug 2005 15:03:00 -0700

The technical details of how to find your local traffic feed are at https://ejohn.org/blog/traffic-conditions-data/

It’s pretty easy to set up your own URL. Here’s one for Seattle that I’ll have to put on my blog somewhere…

New Research Cats Can'T Taste Sweets

Fri, 19 Aug 2005 15:02:00 -0700

Very interesting.

Genetic flaw leaves felines without sweet tooth

Now, there’s a scientific theory explaining, at least in part, why cats have such snobby eating habits: genetics.

Researchers at the Monell Chemical Senses Center in Philadelphia and their collaborators said Sunday they found a dysfunctional feline gene that probably prevents cats from tasting sweets, a sensation nearly every other mammal on the planet experiences to varying degrees.

Geocentrist Challenge

Fri, 19 Aug 2005 14:58:00 -0700

Catholic Apologetics International is challenging people to provide proof that the earth revolves around the sun.

CAI will write a check for $1,000 to the first person who can prove that the earth revolves around the sun. (If you lose, then we ask that you make a donation to the apostolate of CAI). Obviously, we at CAI don’t think anyone CAN prove it, and thus we can offer such a generous reward. In fact, we may up the ante in the near future.

Evidence Of The Expanding Us Totalitarian State

Fri, 19 Aug 2005 14:52:00 -0700

From John Gilmore to the cryptography list:

> one that is all too relevant today. The pertinent question is no longer > whether Americans spied, but rather how highly educated, intelligent men > and women failed to comprehend the true nature of Stalinist communism, and > why they were willing to risk their lives and imperil the security of their > families, neighbors and friends to commit crimes on behalf of a foreign > power opposed to the basic tenets of modern society.

Who's fault is ID theft and financial fraud? Ask your bank.

Fri, 19 Aug 2005 14:21:00 -0700

Repeat after me: Identifiers are not Authenticators.

SSN: Identifies you, does not prove your identity. This is a claimed identity on its own.
Credit/debit Card Number: Identifies your credit card account, does not prove your identity. Possession or presentment does not prove that the presenter of this information is authorized to make use of it. But that doesn’t stop the financial industry from using it as the payment authenticator…
ACH/Bank account and routing numbers: Identifies your bank account (along with the type, checking or savings). Again, possession or presentment does not prove that the presenter of this information is authorized to make use of it. Realize that you give this out to everyone and anyone if you send out checks since all the information to transfer money in or out of your account is right there on the check.

Several stories that prove the world is going crazy

Fri, 19 Aug 2005 13:52:00 -0700

First out of the gate:

Fedex sued a loyal customer for posting photos of furniture he made for himself out of Fedex boxes on the web. Get this, they used many…er…novel…legal arguments to try to scare him. Welcome to the doghouse FedEx. You’ve got great company, such as Cisco and Oracle.

Some highlights:

They tried to use the DMCA in their claims. But were complaining about trademark issues. Copyright law does not cover trademarks. Next!

Using threat modeling featured in new OWASP WAPT

Fri, 19 Aug 2005 13:48:00 -0700

This will be something to look forward to. I have not seen much of the theory of threat modeling end-to-end put into practice effectively or completely. And much of what I have seen of threat modeling really should be baked into the SDLC process and something that project teams do as part of normal development efforts (why are security people doing separate data flow diagrams, for example?).

From Threatsandcountermeasures:

The next release of the OWASP Web Application Penetration Test (WAPT) guide will include a section on using threat modelling effectively

ZDNet's "apology" to Google

Fri, 19 Aug 2005 12:40:00 -0700

Gotta love brit humor! This is great tongue-in-cheek commentary at its best.

The background: News.com UK published details about Google’s CEO using public information found on…Google (aka Google hacking). Google wasn’t happy about this, so they banned Google employees from speaking to News.com reporters for a year. Absurd!

But, fortunately, ZDNet UK has apologized for the whole matter, although it is covered with loads o’ sweet syrupy sarcasm.

ZDNET.UK’s “apology” to Google

25 And A Bit More Green For An X509 Certificate

Fri, 19 Aug 2005 12:36:00 -0700

That sounds like quite a deal actually. Verisign still charges an exhorbitant amount of money for bits that do the same thing.

-Jason

From Peter Gutman to the Cryptography Mailing list Subject: How much for a DoD X.509 certificate?

$25 and a bit of marijuana, apparently. See:

https://www.wjla.com/news/stories/0305/210558.html https://www.wjla.com/news/stories/0105/200474.html

Although the story doesn’t mention this, the “ID” in question was the DoD Common Access Card, a smart card containing a DoD-issued certificate. To get a CAC, you normally have to provide two forms of verification… in this case I guess the two were photo ID of dead presidents and empirical proof that you know how to buy weed.

Homeland Security Getting Smarter Or Staying Stupid

Fri, 19 Aug 2005 09:53:00 -0700

Getting smarter:

Chertoff is a good guy. When I heard this NPR interview I remember thinking, holy crap, someone who gets it. Security is about tradeoffs and with limited resources, making the most cost effective and rational decisions based on risk and threat analysis.

TSA may move to reallow knives, etc. back on aircraft. Threats Reassessed To Make Travel Easier for Public

The stay-seated the first and last 30-minutes of a flight rule is also going away, due to reasoned analysis: https://www.mail-archive.com/infowarrior@g2-forward.org/msg01084.html

Favorite Words That Probably Arent Words

Fri, 19 Aug 2005 09:48:00 -0700

Sheeple

Irritainment

Adminisphere

To go along with other new entries in the Oxford English Dictionary

You can have lots of fun at Unwords

Drooling Over My 7mbps 892 Kbps Dsl Upgrade

Tue, 19 Jul 2005 11:36:00 -0700

broadband Speed Interpretation

Just upgraded from 1.5mbps / 768kbps to 7mbps / 892kbps. Yum.

2005-07-19 21:32:27 EST: 4427 / 719 Your download speed : 4533441 bps, or 4427 kbps. A 553.3 KB/sec transfer rate. Your upload speed : 737104 bps, or 719 kbps.

Rick Santorum Blame The Victims Of Clergy Sex Abuse

Tue, 19 Jul 2005 10:58:00 -0700

SANTORUM ALSO BLAMES THE VICTIMS OF CLERGY SEXUAL ABUSE - Santorum Exposed: The Blog

This is an utterly disgusting rationalization.

Non English Internet Domain Names Likely Delayed Due To Phishing Concerns

Fri, 15 Jul 2005 05:45:00 -0700

Non-English Domain Names Likely Delayed - Yahoo! News

Social engineering attacks using similar characters to trick users are called homograph, or semantic attacks Also see this article on IDN Homograph Attacks.

Concerns about “phishing” e-mail scams will likely delay the expansion of domain names beyond non-English characters, the chairman of the Internet’s key oversight agency said Friday.

Vint Cerf, head of the Internet Corporation for Assigned Names and Numbers, would not speculate on when such characters might appear but said Internet engineers must now spend time “trying to winnow down, frankly, the number of character (sets) that are allowed to be registered.”

Bush Administration May Be Responsible For Botching Effort To Thwart London Bombing

Fri, 15 Jul 2005 05:33:00 -0700

AMERICAblog: Bush admin may be responsible for botching effort to thwart London bombing

Seems as if the Bush Administration has a habit of leaking confidential information.

ABC News just reported that the British authorities say they have evidence that the London attacks last week were an operation planned by Al Qaeda for the last two years. This was an operation the Brits thought they caught and stopped in time, but they were wrong. The piece of the puzzle ABC missed is that this is an operation the Bush administration helped botch last year.

UN inspector "god told him" where the weapons in iraq were

Tue, 12 Jul 2005 10:45:00 -0700

Eschaton:
Sybil the Soothsayer

Good Grief.

So, where’s your God now? Perhaps where the WMDs are?

I wonder if he still believes that his God is omniscient?

Another Study Showing Real Danger Of Cell Phone Use While Driving

Tue, 12 Jul 2005 07:48:00 -0700

I no longer work for a large US cellular company, so I am free to write about this topic. Even better, I can write about how the lobbying by the cellular phone industry has been what keeps laws from being enacted to protect the public. Now, I do agree with the position that there are a lot of things drivers do that are just as bad, if not worse (reading the newspaper on your steering wheel, reading email on a blackberry…) so why pick on cellphones, but the fact is that from a public threat perspective, there are way more people doing stupid shit while on their cellphone than all other distracted driving combined, I guarantee.

Cell Phone Service Temporarily Disabled In Nyc For Quot Security Quot-

Tue, 12 Jul 2005 07:42:00 -0700

CNN.com - Cell phone service disabled in New York tunnels - Jul 12, 2005

Cell phone service was disabled inside the four tunnels leading into Manhattan after the terrorist bombings in London, but Mayor Michael Bloomberg questioned Monday whether the move “makes the most sense.”

I’m with Mayor Bloomberg. I don’t think it makes sense at all for at least four major reasons:

Eff Legal Guide For Bloggers

Tue, 12 Jul 2005 07:39:00 -0700

Now that I may actually be somewhat consistent in posting, and will be posting more if I can help it, reading up on the EFF: Legal Guide for Bloggers would be prudent.

Reduce Fear Increase Security

Tue, 12 Jul 2005 06:21:00 -0700

This appeared in the October 2004 crypto-gram and is a very good description of how the current “security” measures at airports, etc. serve only to “reduce fear” and don’t actually “increase security”. The latter is the hard problem….

From: Anonymous Subject: Fear and Security

This is in response to the letter you published last month by Wayne Schroeder: Fear and security are closely coupled in simple situations, like riding a motorcycle. The way to reduce the fear is to increase your safety, such as by driving more slowly. Millions of years of evolution have evolved fear as a mechanism for keeping us alive, but millions of years of evolution never had to deal with a 767. It evolved for simpler things, like bad weather, high speeds, and scary animals.

Homeland Security Terror Alerts

Tue, 12 Jul 2005 06:11:00 -0700

Good to look back on in light of the raising of the alert (and only for public transportation…) Is the best our intelligence can do is to assume that the next attack will be the same MO and style as recent ones?

Schneier on Security: Do Terror Alerts Work?

When Attorney General John Ashcroft came to Minnesota recently, he said the fact that there had been no terrorist attacks in America in the three years since September 11th was proof that the Bush administration’s anti-terrorist policies were working. I thought: There were no terrorist attacks in America in the three years before September 11th, and we didn’t have any terror alerts. What does that prove?

VIM as an XML Editor

Tue, 12 Jul 2005 02:39:00 -0700

07:00

A great HOWTO: Vim as XML Editor

I’m not sure I’ll give up a GUI for XML editing, but you can do quite a lot with VIM that many GUI XML editors can’t.

Avoid Losing Web Form Text

Mon, 11 Jul 2005 04:04:00 -0700

Scribe, Mozilla Firefox Extension looks like a handy extension to add to Firefox. How many times have you lost a long textarea posting? No more typing in VIM or Notepad and then pasting into the web. No need to constantly save to the server to avoid losing text.

Example given uses movable type… I’ll definitely be checking this out.

UPDATE: I just lost a great posting due to accidental hitting the back button… Aargh.

SecureUML, with Visio templates

Mon, 11 Jul 2005 04:02:00 -0700

Mark Curphey’s Blog

I am very methodical when it comes to security design and security reviews so I am sure that these templates will come in very handy to ensure uniform coverage of requirements and mechanisms.

My only quibble so far is that they call this “SecureUML”. The UML isn’t Secure, nor is having a well-defined Authorization model imply security (look no further than the Sarbanes-Oxley efforts that define wonderful processes and models, but the auditor testing never covers the effectiveness of the underlying mechanisms implementing these controls…)

Free Open Source Tool Released For Web Services Security Scanning

Mon, 11 Jul 2005 02:08:00 -0700

Foundstone, Inc.� Strategic Security

Have not checked it out yet. Sounds promising. Although it would be nice to have a scanning tool that can do application security checks regardless of the protocol being HTML over HTTP, XML over HTTP, SOAP, etc. Many of the attacks and scanning signatures will be the same. Only the formatting and perhaps the detection of success/fail of a test. I’d be interested in knowing more about what they encountered as to whether the differences are significant enough to warrant a separate tool.

Unintended consequences of improved SSL UI in browsers

Thu, 07 Jul 2005 05:45:00 -0700

SSL Organization Vulnerabilities

The following example web site spoofs demonstrate the vulnerabilities that exist if First-Generation vetting practices for digital certificates are used in combination with new browser enhancements which bring the certificate Organizational information forward and displayed next to the SSL Lock symbol.

Spoofers these days are adapting very fast to new technology to counter their tactics. This is one in which adversaries are generating certificates with Organization information that matches a target site to spoof, and dumb “Trusted” third party CAs happily sign these certificates. Some browsers, such as Opera, are now providing the organization information directly to users to help them make better trust decisions. Unfortunately, this is rearranging deck chairs on the Titanic since the SSL TTP model is totally broken–it does not allow for adequate authentication of sites to end users, hence the rampant phishing attacks and soon to be man-in-the-middle attacks (my prediction).

Study: Users becoming more security Conscious

Thu, 07 Jul 2005 05:14:00 -0700

Fear of Spyware Changing Online Habits - Yahoo! News

Internet users worried about spyware and adware are shunning specific Web sites, avoiding file-sharing networks, even switching browsers. ADVERTISEMENT

Many have also stopped opening e-mail attachments without first making sure they are safe, the Pew Internet and American Life Project said in a study issued Wednesday.

Some good indications that end users are gaining levels of awareness of the security problems in today’s Internet environment. Go read the full report It has a lot more meat than the wire stories.

Musings On The Horrible Bombings In The Uk

Thu, 07 Jul 2005 05:12:00 -0700

I hope we have better reason to suspect Al-Qaida than this. And can’t the press do better than push a ridiculous assertion such as this below with a weak justification by an anonymous source? Why the need for an anonymouse source anyhow? It almost seems as if the reporter was trying to squeeze in a link to Al-Qaida no matter the questionable “logic” being used to make that assertion. But, perhaps it came off this way due to too much pruning by the editor.

The Rise of the American Taliban

Mon, 04 Jul 2005 17:03:00 -0700

Daily Kos: State of the Nation

I was just talking last week about the rise of the American Taliban and how hypocritical some brands of “christian” are about who gets to have freedom of religion in this country. This article is very apropos.

Funny how the wingers try to claim American liberals are in league with crazy fundamentalist Muslims.

Reality is, we hate everything Islamic fundamentalism stands for. On the other hand, the Dobson’s of the Republican Party – you know, the people running the show – have far more in common with the enemy than they’d ever like to admit.

More Tsa Idiocy

Sun, 03 Jul 2005 15:04:00 -0700

Following up on my earlier posting on TSA idiocy… Supposedly this was also at SeaTac.

Just met with some friends tonight and the subject of airline/airport “security” came up. A true story about a recent run-in with TSA:

85-year-old resident of Washington state arrives home after an international flight where he had successfully taken about six different flight legs without incident carrying on a small watch/clock repair toolkit with him in his carry-on luggage. On the final leg, he is accosted by TSA because he is carrying a 2 inch hammer in this kit with a metal head and wooden handle!! The TSA tells him that tools are prohibited and that they are going to confiscate this tiny hammer.

Cryptography Must Overcome Ui Problems To Be Both Useful And Effective

Wed, 29 Jun 2005 13:05:00 -0700

A great paper to read up on, especially given that Phishing is showing us that the “Trusted Third Party” model as implemented in today’s web browsers is horribly broken.

Don Davis’ Cryptography Articles. Specifically, read “Compliance Defects in Public-Key Cryptography”.

Abstract: Public-key cryptography has low infrastructural overhead because public-key users bear a substantial but hidden administrative burden. A public-key security system trusts its users to validate each others’ public keys rigorously and to manage their own private keys securely. Both tasks are hard to do well, but public-key security systems lack a centralized infrastructure for enforcing users’ discipline. A “compliance defect” in a cryptosystem is such a rule of operation that is both difficult to follow and unenforceable. This paper presents five compliance defects that are inherent in public-key cryptography; these defects make public-key cryptography more suitable for server-to-server security than for desktop applications.

Best Quote

Wed, 29 Jun 2005 12:42:00 -0700

Best quote:

“Whenever someone thinks that they can replace SSL/SSH with something much better that they designed this morning over coffee, their computer speakers should generate some sort of penis-shaped sound wave and plunge it repeatedly into their skulls until they achieve enlightenment.”

-- Peter Gutman, https://mail-archive.com/cryptography@metzdowd.com/msg00891.html

The rest of the post is great as well, with a “sound” warning about the CIPE VPN.

Wireless security can be funny

Wed, 29 Jun 2005 12:37:00 -0700

This is a true story!

The link to the story below is stale now, but this one still works:

Hackers tell man he’s “too fat” to eat at Burger King - silicon.com

https://www.ananova.com/news/story/sm_853744.html?menu=news.latestheadlines

Burger King customers told: ‘You are too fat to have a Whopper’

Police believe teenage pranksters are hacking into the wireless frequency of a US Burger King drive-through speaker to tell potential customers they are too fat for fast food.

Pigeons Follow Roads To Navigate

Wed, 29 Jun 2005 12:35:00 -0700

Telegraph | News

How do homing pigeons navigate? They follow roads By Caroline Davies (Filed: 05/02/2004)

Researchers have cracked the puzzle of how pigeons find their way home: they just follow the main roads.

Zoologists now believe the phrase “as the crow flies” no longer means the shortest most direct route between two points. They say it is likely that crows and other diurnal birds also choose AA-suggested routes, even though it makes their journeys longer.

TSA abuse of power comes to a city near me

Wed, 29 Jun 2005 12:23:00 -0700

This story from my hometown of Seattle is further proof that the current airport security procedures are nothing more than window dressing and are leading to the loss of civil rights for innocent people.

When was the last time you heard about these security procedures actually catching a terrorist?

komo news | ‘This Is Not Right’

DES MOINES - Cecilia Beaman is a 57-year-old grandmother, a principal at Pacific Middle School in Des Moines, and as of Sunday is also a suspected terrorist.

At Amp T Plans Security News Channel

Wed, 29 Jun 2005 12:22:00 -0700

AT&T plans CNN-style security channel

Security experts at AT&T are about to take a page from CNN’s playbook. Within the next year they plan to begin delivering a video streaming service that will carry Internet security news 24/7, according to the executive in charge of AT&T Labs.

The service, which currently goes by the codename Internet Security News Network, (ISN) is under development at AT&T Labs, but it will be offered as an additional service to the company’s customers within the next nine to 12 months, according to Hossein Eslambolchi, president of AT&T�s Global Networking Technology Services and AT&T Labs

Suspected Steganography lead to raising the terror alert in 2003

Wed, 29 Jun 2005 11:45:00 -0700

07:00

Bogus analysis led to terror alert in Dec. 2003 - Lisa Myers & the NBC Investigative Unit - MSNBC.com

WASHINGTON - Christmas 2003 became a season of terror after the federal government raised the terror alert level from yellow to orange, grimly citing credible intelligence of another assault on the United States.

Debunking Biometric Assumptions

Wed, 29 Jun 2005 03:48:00 -0700

Chris Hill’s biometrics thesis:

This is a very interesting development. It challenges a key assumption that people have made about biometrics:

“that stored biometrics pose no threat to their owner (if they are stolen by another party), because it is not possible to recreate the original biometric from the stored data.”

So, attackers can potentially bypass biometric systems in a couple of ways if they can compromise digital representations of biometric data (from storage or by sniffing, e.g. USB sniffer or keyboard sniffer): They can recreate new physical biometrics that will have properties indistinguishable from the original.

Washington State Governor's Election Upheld!

Wed, 08 Jun 2005 11:39:00 -0700

The Seattle Times: Local News: Election trial dispatches

Some highlights:

Bridges: Overturning election would have meant “judicial egotism” Judge Bridges said Republicans did not meet the burden of showing “clear and convincing” proof.
“There is no evidence in this record that Ms. Gregoire received any illegal votes,” he said.
There is no evidence that the problems in King County had anything to do with “intentional misconduct or someone’s desire to manipulate the election” or “partisan bias,” the phrase Republicans used to allege wrongdoing.

A Pledge For Stem Cell Research Foes

Thu, 02 Jun 2005 03:21:00 -0700

Pandagon: A compromise I can really stand behind

This is a great idea. A lot of adult stem cell treatments may now or in the future benefit from embryonic stem cell research so these foes better hope they or their family members never get Leukemia…

In-vitro fertilization generates hundreds of thousands of embryos that are simply stored or destroyed for no gain. It is ridiculous to not allow the use of these to further cures for diseases such as cancer and diabetes.

Anecdotal Study Of Data Aggregator Quality

Fri, 20 May 2005 07:41:00 -0700

PrivacyActivism.org - Data Aggregators: A Study of Data Quality and Responsiveness

Results of a study conducted by PrivacyActivism show that data aggregators have significant problems with accuracy and responsiveness, potentially serious issues for an industry already under fire for massive security breaches.

100% of the eleven participants in the study discovered errors in background check reports provided by ChoicePoint. The majority of participants found errors in even the most basic biographical information: name, social security number, address and phone number (in 67% of Acxiom reports, 73% of ChoicePoint reports). Moreover, over 40% of participants did not receive their reports from Acxiom – and the ones who did had to wait an average of three months from the time they requested their information until they received it.

Washington State Getting Tough on Rampant Spyware Problem

Tue, 17 May 2005 11:54:00 -0700

Slashdot | Washington State Outlaws Spyware

the Governor of Washington signs a a bill outlawing spyware (bill history) which imposes penalties of $100,000 per violation.

This is a step in the right direction. I am not sure if it will be effective due to jurisdictional and technological issues with tracking, identifying, and prosecuting purveyors of spyware. The anti-spam legislation in the state and federal laws has not exactly dramatically curbed spam. But this clarification of the computer crime statutes is helpful to avoid ambiguity.

Identity Theft Is Okayif Done By The State

Mon, 16 May 2005 02:46:00 -0700

Ohio Agents Use Woman’s Identity in Strip-Bar Sting: Internal Affairs at Officer.com

This is absolutely unbelievable! Imagine if the state was to damage your reputation or financial status (e.g. FICO score or credit worthiness) due to the unauthorized use of your identity!

Nasal said the ploy was legal because a change in Ohio’s law the previous year aimed at curbing identity theft. The law allows police to use a person’s identity within the context of an investigation, he said.

A Message To Choicepoint Customers Just How Helpful Is The Data You Are Buying

Mon, 16 May 2005 02:24:00 -0700

The Five Most Shocking Things About the ChoicePoint Debacle - CSO Magazine - May 2005

Maybe it was the fact that this wasn’t a hack. Personal information of nearly 145,000 people wasn’t stolen from ChoicePoint. In fact, the company sold the information to inadequately vetted bogus businesses–this when the company itself helps other businesses verify cred[entials of employees or others using the data in their databank].

Rfid Passport Security Proposal Defeating The Purpose

Mon, 16 May 2005 02:07:00 -0700

Schneier on Security: RFID Passport Security

“The solution would require an RFID reader to provide a key or password before it could read data embedded on an RFID passport’s chip. It would also encrypt data as it’s transmitted from the chip to a reader so that no one could read the data if they intercepted it in transit.”

The devil is in the details, but this is a great idea.

Penguins Not On Terrorist Watch List

Mon, 16 May 2005 01:57:00 -0700

TheDenverChannel.com - Slideshow

The American public can rest easy now that these penguins have been rigorously vetted by the TSA. Someone managing the Terrorist Watch List must have recently seen one of the Batman movies. That was _just a movie_.

Ipsec Esp Protocol Flaw Discovered

Fri, 13 May 2005 08:41:00 -0700

NISCC Vulnerability Advisory IPSEC - 004033

From what I have read on this, the flaw in ESP only will affect you if you are using ESP for confidentiality protection only (no integrity check in ESP) and are relying on other layers for integrity protection (e.g. AH or the application layer). I would never recommend you configure IPSec in this manner. Confidentiality protection without integrity protection in the same layer is not very useful IMHO. And it can be dangerous, as this flaw indicates.

Intel Hypterthreading Leads To Security Bug

Fri, 13 May 2005 00:37:00 -0700

y-bug

Hyper-Threading considered harmful

This is an interesting case where a hardware flaw can be used to subvert software security.

I find it fun to ask vendors who create their own OS and processors for appliances how they ensure things such as memory page protection. I get a lot of blank stares. They often focus entirely on the macro-level security in their software and have spent little to no time addressing the basic hardware and OS-level security issues that are taken for granted by software authors.

Spam blocking update

Tue, 03 May 2005 13:52:00 -0700

So, like everyone, I get a LOT of spam. Over the past year (May 15 2004 - May 3 2005), I have received and processed a total of 120878 emails.

Here is how the mail I received breaks down:

notspam (ham): 14092 (11.7%) probably-spam: 76925 (63.6%) suspected-spam: 29154 (24.1%)

The statistics are somewhat misleading. I switched in August of 2004 to calling all mail marked over a particular spam threshold “probably spam” and suspicious mail as “suspected spam”, when before everything was “suspected spam”. So, until I do further analysis, the suspected spam pot is a bit fuller than it should be.

Another Governmental Pdf Quot Redaction Quot Blunder

Tue, 03 May 2005 12:09:00 -0700

The Washington Monthly

here’s a question: do you think the Italian computer whizzes will be any more competent than their American counterparts when they release their report? The U.S. report is full of redactions, as you can see in the picture above, but once again an American agency has used the searchable PDF format to distribute a report, and all you have to do is save the report as a text file in order to recover all the redacted parts.

The curious Will of God

Tue, 03 May 2005 11:56:00 -0700

Pat Robertson’s contradictory theology: God won … [Media Matters for America]

So, God doesn’t control the natural world around us–that just works on its own volition, according to Pat Robertson. But, “in terms of human affairs, I do think he answers prayer”. Specifically, Pat was saying that those evangelicals who are praying for bigoted, religious zealots to be placed in the supreme court could have their prayers answered and a Godly intervention, but in cases, such as the Tsunami, where God could have protected tens of thousands of human lives, God won’t get involved. Apparently human life is not a “human affair”?

Car Crunch History

Sun, 01 May 2005 07:47:00 -0700

So, within the past week, my brand new car got crunched in a parking lot while I was attending a security conference. Here are some photos:

I really did park straight…

In the distance, you can see the semi that did the damage

After the car was moved back into the spot. You can see the skid marks showing that the car was moved at least two feet.

Funniest Error Message

Sun, 01 May 2005 07:37:00 -0700

rtfm.6o4.ca - Read The F***ing Manual Reference Library

If you go directly to this link, you will be presented with a hilarious error message, complete with apropos image. I got a kick out of this.

Since the page is a 404 now, here’s the content from archive.org:

Sorry, I couldn’t find the fucking topic you were looking for.

Reason: Why not try a topic that actually exists? Perhaps you meant one of these:

Appropriate Yet Unfortunate Commentary On The Times We Live In

Wed, 20 Apr 2005 12:28:00 -0700

Daily Howler: Coulter makes ‘’errors’’ like other scribes breathe. But store-bought John Cloud couldn’t find them

ERNSTEIN WATCHES THINGS FALL APART: Congratulations to Carl Bernstein, perhaps our frankest press bigfoot. On last evening’s Special Report, Jim Angle cited a recent speech by the Watergate worthy:

ANGLE (4/19/05): Former Washington Post reporter Carl Bernstein, who helped break the Watergate story, says journalism nowadays is squandering the public’s trust, insisting the, quote, “triumph of the idiot culture in news, particularly TV news, has weakened journalist drive for the truth.”

Reverse Surveillance

Thu, 14 Apr 2005 04:52:00 -0700

Wired News: Surveillance Works Both Ways

At this year’s Computers, Freedom and Privacy conference in Seattle, Steve Mann enlisted volunteers to film those who were filming them in local Seattle businesses. They got varied responses. I think this would be really useful in airports to monitor what the TSA does. But, I bet they would not be so happy about that.

“The totalitarian regime is the regime that would like to know everything about everyone but reveal nothing about itself”

Getting To The Root Of Id Theft Problems

Mon, 11 Apr 2005 01:50:00 -0700

There is an article on ID theft causes that has a great summary of the fundamental factors in ID theft from entities entrusted with your private data They can’t steal data you don’t have

We have observed that some of the sensitive data that gets stolen fits into one of several categories:

Data that was never needed

Data that was needed but should never have been stored

Data that was originally needed but was kept far beyond its useful life

Loose Lips When Reporting Privacy Breaches

Fri, 08 Apr 2005 08:34:00 -0700

Computer theft may expose data on 180,000 patients - Computerworld

APRIL 08, 2005 (COMPUTERWORLD) - A San Jose-based medical practice has notified about 180,000 current and former patients about the theft of their personal information contained on two computers stolen from its offices during a burglary March 28.

And recall the other recent privacy breach due to a lost laptop:

Stolen UC Berkeley laptop exposes personal data of nearly 100,000

Defeating Fingerprint Readersby Force

Thu, 07 Apr 2005 04:12:00 -0700

Carjackers swipe biometric Merc, plus owner’s finger | The Register

Carjackers swipe biometric Merc, plus owner’s finger By John Lettice Published Monday 4th April 2005 13:52 GMT

A Malaysian businessman has lost a finger to car thieves impatient to get around his Mercedes’ fingerprint security system. Accountant K Kumaran, the BBC reports, had at first been forced to start the S-class Merc, but when the carjackers wanted to start it again without having him along, they chopped off the end of his index finger with a machete.

Big Brother May Be Watching Your Wlan

Tue, 05 Apr 2005 05:04:00 -0700

The Feds can own your WLAN too : TomsNetworking :

Also a [slashdot discussion](https://hardware.slashdot.org/hardware/05/04/05/1428250.shtml?tid=193&tid=172
) of this technique, which essentially cracks WEP implementations that are vulnerable to weak keys and uses some nice “features” of some APs to get the AP to send out additional encrypted packets to improve the speed of the attack. They can crack WEP in minutes. Pretty interesting…

Quot Terri'S Law Quot Unconstitutional

Fri, 01 Apr 2005 08:53:00 -0800

At least there is some good and rationality left in the world. This is great.

Daily Kos :: Political Analysis and other daily rants on the state of the nation.

the legislative and executive branches of our government have acted in a manner demonstrably at odds with our Founding Fathers’ blueprint for the governance of a free people - our Constitution. Since I have sworn, as have they, to uphold and defend that Covenant, I must respectfully concur in the denial of the request for rehearing en banc.

Making Fun Of Schiavo Quot Protestors Quot-

Fri, 01 Apr 2005 08:45:00 -0800

quot-

This is priceless. Click on the link and look at the pictures where someone mingled with the crowd, holding a sign saying “We are idiots” for the media to see.

kill_terri: Fun at the expense of nutbag Christians

Blockbuster Busted

Tue, 29 Mar 2005 07:16:00 -0800

BLOCKBUSTER SETTLES INVESTIGATION INTO ADVERTISING FOR “NO LATE FEE” PROGRAM

For the most part, this is a good thing. It was addressed fairly quickly for one. I’m not sure that, aside from the negative publicity, that this is going to dissuade them from continuing with other deceptive practices because, according to the agreement, they do not have to do anything other than:

“Blockbuster also agreed to provide a full refund or credit to any customer who failed to return the item within the thirty day period, but who now returns it in good condition by April 28, 2005.

Id Theft Targets Are Everywhere

Mon, 28 Mar 2005 08:19:00 -0800

Security no match for theater lovers

This article shows that for the promise of a $7-$10 movie ticket, you can trivially gather enough information about almost anyone to steal their identity. And this was at a security conference. I’ve seen a couple of other studies such as this with other low-value enticements work just as effectively.

Owasp Opens Seattle Chapter

Thu, 24 Mar 2005 13:35:00 -0800

Web Security Group Launches Northwest Chapter

Web Security Group Launches Northwest Chapter

The leading web application security organization, Open Web Application Security Project (OWASP), has opened a local chapter in Seattle.

I may be spending some time with this group. Glad to see more volunteer security orgs in the Seattle area! And glad to see some emphasis on application security, of course.

Their website is https://www.owasp.org/local/seattle.html

This website can read your mind

Thu, 24 Mar 2005 13:25:00 -0800

20Q.net

Select the “Think in english” link to proceed in english. This is an automated 20 questions that is very good at guessing what you are thinking of. Haven’t seen this in some time but got sent the link recently.

-J

New Bookmark 15 Megs Of Fame

Thu, 24 Mar 2005 13:16:00 -0800

I haven’t poked around too much at what is on here, but it’s supposed to carry on the torch of mp3.com for small, independent artists. Seems like a pretty cool site.

15 Megs of Fame | Artists and Fans unite!

Mobile Phone Industry Blocking Itunes Phone

Thu, 24 Mar 2005 12:45:00 -0800

Courtesy www.fiercewireless.com

If this is true, this is really sad. I know the mobile phone industry would just love to keep charging exhorbitant rates for worse-than-midi ringtones to counteract the trend of them becoming commodity carriers for wireless voice, but to go this far – hindering technology growth and restricting use of their mobile data networks – is the wrong move. It took the public Internet to launch the explosion of new technology, services, etc. The variety and growth in technology that exists on and over the Internet today would not have occurred if the only game in town was still the AOL or Compuserve network – just to offer a historical analogy.

Mimo Standards At War

Thu, 24 Mar 2005 12:42:00 -0800

Courtesy www.fiercewireless.com

Trend: New WiFi products may ignite MIMO definition war MIMO technology is very much in the news these days, and not only because of the intense fight between the two warring camps, each relying on MIMO, over the specifications of 802.11n. A soon-to-be-released MIMO-based RangeMax WLAN kit from Netgear has again caused many to ask what exactly was the meaning of MIMO. Most MIMO chips on the market now come from Airgo, but Netgear chose chips from Video54 instead, leading Airgo to charge that Netgear’s solution is not truly a MIMO product. This is not mere semantics: As the battle over MIMO-reliant 802.11n specifications intensifies, the last thing we need is to have that battle complicated further by skirmishes on the flanks over the precise definition of MIMO.

Rip Spencer Garrett

Thu, 24 Mar 2005 12:37:00 -0800

komo news | Libertarian Congressional Candidate Dies In Skydiving Accident

This was shocking news in a year that is shaping up to be at least as bizarre as last year for me.

Spencer was one of the smartest people I have ever met, one of the best UNIX/network/tech/IT administrator gurus anywhere and a great friend to all. You will be missed.

Instructions For Life In The New Millennium From The Dalai Lama

Thu, 24 Mar 2005 12:14:00 -0800

-lama

Earlier this year, I got a chain email containing a powerpoint (!!) that I’m not going to pass on via email, but I liked the majority of the advice so here is a transcription.

Take into account that great love and great achievements involve great risk.
When you lose, don’t lose the lesson.
Follow the three R’s: Respect for self, Respect for others, Responsibility for all your actions .
Remember that not getting what you want is sometimes a wonderful stroke of luck.

Verisign conflict of interest opposition

Thu, 24 Mar 2005 12:08:00 -0800

07:00

ICANN Email Archives: [net-rfp-verisign]

…Verisign also operates a ‘Lawful Intercept’ service called NetDiscovery [2]. This service is provided to “… [assist] government agencies with lawful interception and subpoena requests for subscriber records [3].”

We believe that under such a service, VeriSign could be required to issue false certificates, ones _unauthorised_ by the nominal owner. Such certificates could be employed in an attack on the user’s traffic via the DNS services now under question. Further, the design of the SSL browser system includes a ‘root list’ of trusted issuers, and a breach of _any_ of these means that the protection afforded by SSL can now be bypassed.

Not Issuing Driver'S Licenses To Illegal Aliens Reduces Security

Mon, 17 Jan 2005 04:21:00 -0800

U.S. Newswire : Releases : “Not Issuing Driver’s Licenses to Illegal Aliens…”

Great Site Watching Out For Stupid Religion Tricks

Wed, 12 Jan 2005 09:45:00 -0800

Retard of the Month

No disrespect meant to the disabled, but the content is priceless. Going to keep an eye on this site. Perhaps it will show up in the links section soon.

Irrational Incompetence

Wed, 12 Jan 2005 09:27:00 -0800

White House has bigger credibility problem than CBS

“What happens when you base a big project on questionable information?

Well, if you work for CBS News, you get a pink slip. If you work for George W. Bush, you get a promotion or a medal.”

Makes me sick.

-J

Welcome to Jesusland

Sun, 07 Nov 2004 05:51:00 -0800

Interesting talk on The McLaughlin Group this week about the division between the “Jesusland” parts of the country (who mostly receive more Federal $$ than they pay in, BTW) and the other “non-Jesusland” states that could give rise to a revolt over the next four years, especially if fundamentalist judge appointments appear during this second term.

The Blogging of the President: 2004: Jesusland

Strange blog spam?

Wed, 03 Nov 2004 23:23:00 -0800

07:00

I have gotten two spam blog posts (aside: so, should blog spam be called spog or splog?) recently that I can’t figure out what the person’s motivation is. They were very similar in style:

They were both posts consisting of one line of text
They both had a first name as the user name
They both included a URL that was not registered or accessible that was related to their name

Cspan Presidential Election Returns Map

Tue, 02 Nov 2004 09:36:00 -0800

Very cool map shows progress at-a-glance.

C-SPAN: 2004 GENERAL ELECTION RESULTS

One Thing I Agree With The President On

Mon, 01 Nov 2004 13:10:00 -0800

nt-on

The Daily Show pointed out that in a recent speech on the campaign trail, the president laid out this gem about the recent missing 380 tons of explosives in Iraq:

“The investigation is important and it’s ongoing. And a political candidate who jumps to conclusions without knowing the facts, is not a person you want as your Commander-in-Chief.”

Indeed. At least I can agree with the president on this statement. It does not apply in this context, but there is this debacle going on in Iraq…

WE NEED VOTER VERIFIABLE PAPER TRAILS!!!

Mon, 01 Nov 2004 13:09:00 -0800

To all of you who are claiming to this day that with current security knowledge and technology we can have all-electronic voting equipment and still have a meaningful recount, read this story. Un-be-freaking-leivable.

local6.com - News - 13,000 Ballots Rushed From Voting Site, Must Be Recounted

Be Prepared On Election Day Find Your Polling Place

Mon, 01 Nov 2004 11:49:00 -0800

A great site that will tell you where you should go vote and other information about your polling place. You can even get text message reminders on voting day.

MyPollingPlace.com

Be Prepared And Know Your Rights For Election Day 2004

Mon, 01 Nov 2004 01:45:00 -0800

The Rittenhouse Review: LET NO KERRY VOTER LEAVE LINE

some interesting thoughts about Election Day that are worth keeping in mind heading toward – and on – Tuesday.

Also, check out the similar information in the Voter bill of rights

Pathetic Gop Deception Tactics In Florida

Mon, 01 Nov 2004 00:34:00 -0800

Just pathetic. Amazing how the GOP will stoop to any level to try to re-elect W. From deception to outright lies on the campaign trail, to continued distortion. But I guess their end justifies the means? What kind of an America is it that you stand for again, Mr. President?

Joshuah Bearman: How They Do, Part III

The ruse, apparently, was supposed to target this church-going Democratic crowd by misrepresenting Kerry�s politics. It was a little surprising at first; but then again, that�s the only way Republicans can win: by misleading people.

Know Your Rights State Voter Leave Law Summary

Sat, 30 Oct 2004 07:37:00 -0700

Many states allow voters to take time off of work to vote. In Washington state, this allows up to 2 hours off in certain cases.

Time To Vote | Voter Leave Laws

My Award For Quot Best Adaptation Quot Goes To

Thu, 28 Oct 2004 12:59:00 -0700

Of course

is hilarious and knowing that this was the original makes the image all the more humorous.

Mosh The Vote

Wed, 27 Oct 2004 12:11:00 -0700

the politics of Mosh is a great, in-depth review of Eminem’s new video for the song “Mosh” that is now the top video at MTV. Whatever you may think of Eminem, his music is always forceful and powerful and this is no exception. The video is exquisite. You can watch it online at https://www.gnn.tv/content/eminem_mosh.html

If it rains let it rain, yea the wetter the better They ain’t gonna stop us, they can’t, we’re stronger now more then ever, They tell us no we say yea, they tell us stop we say go, Rebel with a rebel yell, raise hell we gonna let em know Stomp, push up, mush, fuck Bush, until they bring our troops home

Motherly Reasons For Opposing Bush

Wed, 27 Oct 2004 11:26:00 -0700

-bush

Yes, it makes me want to swear too.

“Seriously” 30-second ad

Missing Wmds An Impeachable Offense

Wed, 27 Oct 2004 05:08:00 -0700

Another one intended to be posted long ago, and even more interesting with the election a week away.

FindLaw’s Writ - Dean: Missing Weapons Of Mass Destruction

President George W. Bush has got a very serious problem. Before asking Congress for a Joint Resolution authorizing the use of American military forces in Iraq, he made a number of unequivocal statements about the reason the United States needed to pursue the most radical actions any nation can undertake - acts of war against another nation.

The high price of bad diplomacy

Tue, 26 Oct 2004 20:51:00 -0700

Written almost 2 years ago, very poignant today.

But what about Poland? Ugh.

BW Online | March 24, 2003 | Commentary: The High Price of Bad Diplomacy

The U.S. has already lost the prewar battle over Iraq, whatever the outcome of a further U.N. vote. Even if it wins a fig-leaf majority vote in the Security Council, America will be entering its first preemptive war faced with opposition from nearly all of its allies and much of the rest of the planet. A world that rallied to America’s side in unprecedented demonstrations of support after September 11 increasingly perceives the U.S. itself as a great danger to peace. How did things come to this? The failure of the Bush Administration to manage its diplomacy is staggering, and the price paid, even if the war ends quickly, could be higher than anyone now anticipates.

Sign the Petition: Stop the Florida Tion of the 2004 election

Tue, 26 Oct 2004 20:36:00 -0700

ActForChange Petition: Stop the Florida-tion of the 2004 election

“Today, there is a new and real threat to voters, this time coming from touchscreen voting machines with no paper trails and the computerized purges of voter rolls.

Urge your friends to join SCLC President Martin Luther King III and investigative reporter Greg Palast in opposing the “Florida-tion of the 2004 Presidential election” by signing this petition.”

Memory Errors Trick Virtual Machines

Tue, 26 Oct 2004 20:33:00 -0700

Interesting paper on how to use memory errors to attack a virtual computer. The attack exploits the fact that a “time of compilation” check is not necessarily valid at “time of use.”

This happens to be the theory behind the Java ByteCode verifier. I just heard Whit Diffie talk yesterday at SecureWorld Expo about how the run-time check of the bytecode is intended to validate that proper array bounds checking is going to be done, for example.

SecuritySpace monthly reports

Tue, 26 Oct 2004 20:31:00 -0700

Monthly reports on security and non security-related items, such as analyzing SSL webserver usage, apache module usage. Very interesting. I like to see Apache having almost 80% of the market share now :-)

SecuritySpace

SSL unsafe for users?

Tue, 26 Oct 2004 20:28:00 -0700

“99% of SSL users have no idea how SSL works and consequently make informed decisions”

Browser manufacturers try to make things easy for users but end up diluting the security properties of the hierarchical trust model.

A lot of talk in recent years on the cryptography mailing list indicates that this model is too broken and perhaps should be replaced with an ad-hoc mechanism, such as the SSH model, with all web servers installing _some_ sort of certificate by default–even self-signed. The thoughts are that some confidentiality protection with reasonable MITM detection is better than so few sites supporting encryption since they don’t want to pay Verisign blood money for a “real” certificate.

History Of Buffer Overflow Protection

Tue, 26 Oct 2004 20:24:00 -0700

A great (old) post to Risks 22.74 about the past issues with designing solutions to buffer overflows in hardware. Also, a link to a paper describing the history of these efforts that I’ll be looking to check out.

Crispan was just spotted at SecureWorld Expo in Seattle today…

-Jason

-————— Date: Sat, 10 May 2003 19:19:12 -0700 From: Crispin Cowan Subject: Re: OpenBSD … protects against buffer-overflow … (Ardley, R 22.72)

Pki'Not Working 39-

Tue, 26 Oct 2004 20:22:00 -0700

I still run into people who believe that PKI is a viable end-user authentication solution for the masses. My favorite were the systems that tried to solve the certificate portability problem by allowing download of certs from a website – with only a password! The vendor couldn’t see that it was no more secure than the password itself. Another case of “But this one goes to 11”.

-J

PKI ’not working’

Crying'Security 39-

Tue, 26 Oct 2004 20:14:00 -0700

And now candidates are crying “security” to win elections… It works on both sides apparently.

-J

WSJ.com - Companies Cry ‘Security’ to Get A Break From the Government

In Kansas, utilities want to raise rates without having to tell their customers why. Elsewhere, grocers and mall owners seek tax breaks for equipment purchases. And at sports arenas, teams want to keep banner-trailing planes away from their stadiums.

Maher Arar Releases Details On How The Us Sent Him To Syria To Be Tortured

Tue, 26 Oct 2004 20:07:00 -0700

An update to this story: As of Sept 2004, a heavily-redacted report was released that reportedly found fault with some of the RCMP’s handling of the case, but, according to the CBC timeline, claims that the RCMP did not know that the US was planning to arrest and deport him to Syria.

“Prime Minister Jean Chr�en tells the House of Commons that the U.S. government’s deportation of a Canadian to Syria was “unacceptable,” but he is adamant that he will not allow an independent inquiry into the case of Maher Arar. He says his government has asked U.S. Secretary of State Colin Powell for an explanation and that the government also wants to find out whether Canadian intelligence officials played a role in the deportation of Arar.”

Homeland Security Measures Ignore Fiscal Responsibility

Tue, 26 Oct 2004 19:58:00 -0700

Catching up on draft postings, this is one that is very timely today, although it was originally penned over a year ago.

-J

Message: 6 Date: Sat, 20 Sep 2003 14:26:14 -0800 From: “Rob, grandpa of Ryan, Trevor, Devon & Hannah” Subject: Cost/benefit

In commenting on yet another pointless “homeland security” proposal, the INFOCON mailing list passed along this quote:

“The number one threat to American national security during this long war is neither anthrax nor truck bombs . it is uncontrolled spending. We cannot afford to put guards on every bridge and at every critical node of our infrastructure. We cannot afford a sophisticated chemical and biodetector in every government building. America cannot afford a risk-free society in a world of global terrorism. The enemy’s strategy is to destroy our economy. We must not facilitate their efforts. America will need to spend considerable sums of money to ensure our security . but we must do it wisely . there will be no money to waste on irrational fear and unconscionable pork. We must develop a strategic plan to guide our efforts. This must include federal, state and local governments, plus the private sector. Since 9-11, more than 130 bills regarding homeland security have been introduced in the House of Representatives. This is not the example of spending based on a strategic plan.

Find Your Elected Officials By Zip

Tue, 26 Oct 2004 19:42:00 -0700

This is a great site that will show you who your legislators are by submitting your 9 digit zip + 4.

Project Vote Smart

Quot Votergate Quot Film Premiers Today Online

Tue, 26 Oct 2004 19:07:00 -0700

If you have fond memories of recounts from the 2000 election–I know I do!–then you need to see this film. The 2004 election is going to be _worse_ because of the explosion of electronic voting machines that do not produce a Voter Verifiable Paper Ballot. Without a non-electronic storage mechanism for recording official vote tallies, there will be NO WAY TO HAVE A MEANINGFUL VOTE RECOUNT.

Votergate is the investigative documentary feature film uncovering the truth about new computer voting systems, which allow a few powerful corporations to record our votes in secret. But Votergate is not just a warning. The film strongly concludes that elections are harder to defraud when voters turn out in big numbers.

Back In The Saddle

Tue, 26 Oct 2004 13:00:00 -0700

Well, this site has gone stagnant for almost a year now for reasons that I’d rather not go into.

But that’s not the important thing–it’s back online, on superfast hardware now, and should get more regular updates.

Hope you enjoy!

Reducing Your Exposure Running Dvarchive On Linux

Tue, 18 Nov 2003 10:19:00 -0800

I recently got a ReplayTV 5040 for a steal on closeout at buy.com and just love it. One of the most attractive features is how it is network-aware by default and that the community has created some great free software for integrating with it. I have been using DVArchive to expand the capacity for recording without having to violate my ReplayTV warranty by hacking the hardware. DVArchive enables your PC to act as a software-based ReplayTV unit for replay, archival, vending photos, as well as playing recorded mpegs remotely on your PC.

Sony Style Warning needs a Warning?

Sat, 30 Aug 2003 16:18:00 -0700

Within the past month or so, I received a warning from Sony about fraudulent e-mails claiming to be from Sony but that actually were not. The deceptive e-mails were designed to lure Sony customers into divulging personal information at a fake Sony site. It “falsely indicates that it is from SonyStyle.com” and “includes a link to a bogus SonyStyle.com registration site”

So, I was shocked to notice that the e-mail from Sony that was supposedly warning about deceptive e-mails and URLs was itself guilty of using apparently deceptive or “fraudulent” URLs!

Fox Not Quot Fair Amp Balanced Quot In First Amendment Treatment

Fri, 29 Aug 2003 06:36:00 -0700

This is such a great line.

In Courtroom, Laughter at Fox and a Victory for Al Franken

Judge Chin said the case was an easy one, and chided Fox for bringing its complaint to court. The judge said, “Of course, it is ironic that a media company that should be fighting for the First Amendment is trying to undermine it.”

SPAM filter comparisons

Sat, 23 Aug 2003 06:05:00 -0700

SPAM is a truly egregious problem. This article does some analysis of popular spam filtering software. It is no surprise to me that signature-based programs tend to have slightly higher false positive rates and that Bayesian filters work best when trained properly, and have low or zero false positive rates.

I use bogofilter and have a corpus of thousands of spam messages that I have received, going back 6 or more years. It works great. I don’t have to keep checking my spam bucket for false positives all the time and occasionally have to retrain if I get a false negative but online life is much better than before bogofilter. I was constantly having to scan through the spam bucket to pick out false positives.

Openldapopenssl Stupidity

Mon, 18 Aug 2003 15:51:00 -0700

Sorry for not keeping up. Been enjoying the summer too much!

Anyhow, I thought that my experience in trying to get openLDAP 2.0.x working with TLS would be of interest to someone because the solution was so orthogonal it is unbelievable.

I have working OpenLDAP servers with TLS on two other machines so was baffled when I tried /etc/rc.d/init.d/ldap start and got [FAILED] with a very similar configuration to the others. Permissions on the TLS files are very finicky so I tried tweaking those–but nothing was working. I tried strace on the slapd binary but that did not offer any clues. I was able to get it to work by running slapd in debug mode on the command line, but in that mode it was ignoring the -u ldap so was running as root. So that told me there was some sort of permissions problem. But where?

Best Buy Hoax Notification

Fri, 20 Jun 2003 04:52:00 -0700

Here is an excerpt from an e-mail I got today. If you ever get e-mail purportedly from a company that asks for you to divulge personal information, there is a high likelihood that it is one of the many social engineering attacks running around. Popular ones try to snag AOL and eBay/Pay Pal users. Be wary of what e-mails and Internet sites you trust your personal information to!!

IMPORTANT: E-MAIL HOAX NOTIFICATION

Wal Mart poised to dominate online DVD rental space

Wed, 18 Jun 2003 03:10:00 -0700

This does not look good for Netflix, which is too bad. They have been a great service.

Excite News

After a seven-month trial, Wal-Mart Stores Inc. has begun full-scale operations in its online DVD rental business, hoping to catch up with market leader Netflix Inc. (NFLX)

Customers order the movies online. Wal-Mart sends them from six distribution points, reaching 90 percent of the nation within two days, the company says.

Copyright Conundrum Q Amp A On Quot Digital Copyright Quot Issues

Thu, 12 Jun 2003 03:29:00 -0700

Good stuff to refer to from Lawrence Lessig.

Online NewsHour: Forum – Copyright Conundrum

Doj Inspector General Criticizes Doj For Treatment Of Immigrant Detainees

Sat, 07 Jun 2003 04:54:00 -0700

Courtesy of EPIC Alert 10.10. https://www.epic.org

====================================================================== [3] Inspector General Criticizes DOJ on September 11 Detainees ======================================================================

The Inspector General of the Department of Justice has released a 198-page report examining the treatment of people who were held on immigration charges in connection with the investigation of the September 11, 2001 terrorist attacks. The report details how the Justice Department used federal immigration laws to detain 762 persons, mostly of Arab or South Asian origin, who were suspected of having ties to the attacks or connections to terrorism, or who were simply encountered during the course of the FBI’s inquiry into the attacks. The report highlights serious problems with the round-up and treatment of the 762 detainees, including arbitrary detentions, prolonged detentions, restrictive detention conditions, and in some instances physical and verbal abuse. The Office of Inspector General is an independent internal investigation unit within the Justice Department.

Anonymity Bibliography

Tue, 03 Jun 2003 01:38:00 -0700

If you are interested in research into the field of anonymity, check this site out.

The “goal is to set up something we can point at for people new to the field [anonymity] (and most of us are still new to the field, it seems), so they know which papers to look at to get up to speed. The ones I particularly recommend have boxes around them.”

Anonymity Bibliography

Out For Dinner Mathematics

Mon, 02 Jun 2003 16:07:00 -0700

This is very interesting. Supposedly only works in 2003. Anyone have the mathematical basis for this? I have a whole book with cool calculator games somewhere…

-Jason

#######################################

DON’T CHEAT BY SCROLLING DOWN FIRST

It takes less than a minute…….

Work this out as you read.

Be sure you don’t read the bottom until you’ve worked it out!

This is not one of those waste of time things, it’s fun.

Cert Needs To Plug Leak

Mon, 02 Jun 2003 16:01:00 -0700

Confidential bug report gets sent to CERT.
CERT sends it out to their advanced ISA (Internet Security Alliance: pay for early warning) group (Jericho calls “a vulnerability cartel)
The bug report is leaked out to the public, perhaps by an ISA member who was either compromised (if so, they would need more than CERT to help them…) or purposefully leaked it out

Jericho’s comments on the ISN list were classic, especially:

Danger And Absurdity Of The Tsa No Fly List

Mon, 02 Jun 2003 15:53:00 -0700

John Gilmore points out how to have fun with bomb scanners by using hand lotion with Glycerine, or at least points out how easily such expensive equipment can be rendered useless. If equipment has any significant number of false-positives, be sure that it, or procedures, will tune out any hope of finding a real needle in the haystack.

Also, if you notice an “S” on your boarding pass, prepare for extra scrutiny at the airport. The TSA believes, based on often erroneous matching, that you are a member of its “Selectee” list of people who need additional security measures.

Is The Price Right For Your Freedom

Mon, 02 Jun 2003 15:41:00 -0700

How do you measure a cost-benefit for the new security measures or of your liberty? It is hard to even come up with a causal link from the “increased” security measures (ask me about the absurd experience I had in LAX…) to increased safety, let alone quantifying such a benefit.

There is also a discussion at https://www.plastic.com/article.html;sid=03/03/12/06265215;cmt=42

NYTimes.com Abstract

In an unusual twist on cost-benefit analysis, an economic tool that conservatives have often used to attack environmental regulation, top advisers to President Bush want to weigh the benefits of tighter domestic security against the ‘‘costs’’ of lost privacy and freedom.

Secure programming in UNIX HOWTO

Mon, 02 Jun 2003 15:30:00 -0700

David Wheeler has put together a set of design and implementation guidelines for programming securely in several languages. The document is actually in a ton of different formats, even ones suitable for Wireless devices. So, take yours with you and learn it well!

Secure Programming for Linux and Unix HOWTO

There is also a set of overview slides that are definitely worth a look.

Aclu Dmca Case Against N2h2 Is A Loss For Freedom

Mon, 02 Jun 2003 15:23:00 -0700

This is a very disturbing development and more reason why the DMCA has a chilling effect on speech and freedom to do legitimate research.

“*RESEARCHER, ACLU LOSE DMCA CASE

N2H2 Inc. can use the Digital Millennium Copyright Act (DMCA) to stop a researcher from attempting to reverse engineer its Web filtering product, a judge ruled last week.

Harvard Law student Benjamin Edelman says he wants to crack the filtering tools to test them. Edelman planned to hack into N2H2�s cryptography-protected list of filter parameters, but, fearing prosecution, sought court protection. Edelman and the ACLU believe filters, used at libraries and schools, limit free speech.

Quot Us Gov'T Blindly Trusts The Antivirus Industry Quot-

Mon, 02 Jun 2003 15:15:00 -0700

I love the quote below and the 15 claims about how shady the Antivirus industry is are great, especially #7, “expect applause when you release hundreds of security patches for your product each year;”

Vmyths.com- Truth About Computer Virus Myths & Hoaxes

“The Pentagon should not protect a weapon system with software written by people they’d never trust. Yet they do.”

Low Bandwidth Application Dos Attacks

Mon, 02 Jun 2003 11:25:00 -0700

Interesting work and something that I can’t seem to get many people to pay attention to. Not all DoS attacks are bandwidth exhaustion attacks. DoS attacks can be thought of generically as resource exhaustion or suppression attacks. This does not necessarily require using a large amount of bandwidth.

The traditional thoughts on DoS attacks cause people to believe that normal modes of monitoring systems will catch DoS attacks early just because it would be hard to not notice such brazen resource consumption. However, low-flying attacks could possibly cause DoS attacks that are more difficult to detect without finer-grained application-level monitoring than is often employed.

Hussein Can Hide Wmd But Not His Money

Mon, 02 Jun 2003 11:15:00 -0700

William Raspberry from the Washington post asks a great question:

“Why would Hussein, facing annihilation, take the bother to hide his chemical and biological weapons so carefully that we still haven’t found them, while leaving his millions of American dollars right where we could find them?”

If WMD are there for defense purposes, they have to be readily-available to provide a benefit to the holder. Accounts indicate thousands of tons of WMD and production capabilities should be all over the place but – nothing. However, we find his stash of cash fairly easily.

Mci To Build New Gsm Network In Iraq

Mon, 02 Jun 2003 11:08:00 -0700

MCI gets $500 million to build a new GSM network in Iraq. There are a couple of interesting aspects to this:

a. The sensible GSM network was chosen amid staunch lobbying by Qualcomm junkies to build an “American” CDMA network. Hooray!

b. MCI is not a wireless telephone company. Why are they getting to build a wireless network from scratch instead of other wireless carriers? They were actually a reseller of AT&T Wireless before their accounting scandals.

Quot Politicians Lie New Study Shows Quot-

Mon, 02 Jun 2003 11:02:00 -0700

quot-

Well, we definitely agree on the point, �Politicians need to be more honest about lying� Perhaps they should go for more of the honest and less on the lying at the same time.

Politicians lie, new study shows

IN A STUDY described in Britain�s Observer newspaper, Glen Newey, a political scientist at Britain�s University of Strathclyde, concluded that lying is an important part of politics in the modern democracy.

Juxtaposition Rockets To Top Of Google Results

Fri, 30 May 2003 10:44:00 -0700

Juxtaposition has rocketed to the top of the Google search results for the word ‘juxtaposition’! Strange, given that Juxtaposition is nary a few months old.

Sadly, a link search (for link:juxtaposition.axley.net) returns no hits though.

https://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=juxtaposition&btnG=Google+Search

Interpreting 'Access' And 'Authorization' In Computer Misuse Statutes

Fri, 30 May 2003 02:49:00 -0700

The paper is 81 pages long but based on the abstract, it appears like important work. I hope that this will be taken to heart by policy shapers.

Cybercrime’s Scope: Interpreting ‘Access’ and ‘Authorization’ in Computer Misuse Statutes

This Article presents a comprehensive inquiry into the meaning of unauthorized access statutes. It begins by explaining why legislatures enacted unauthorized access statutes, and why early beliefs that such statutes solved the problem of computer misuse have proved remarkably na�. Next, the Article explains how the courts have construed these statutes in an overly broad way that threatens to criminalize a surprising range of innocuous conduct involving computers. In the final section, the Article offers a normative proposal for interpreting “access” and “authorization.” This section argues that courts should reject a contract theory of authorization, and should narrow the scope of unauthorized access statutes to circumvention of code-based restrictions on computer privileges.

Reflections On Drm

Thu, 29 May 2003 15:43:00 -0700

Article on the restrictions imposed by the DRM inherent in Apple’s AAC file format.

From my perspective, $1 per song is way too expensive, especially when the product you get is inferior to a track of a physical CD. A short list of the problems:

It is in a lossy format. For most people this is not an issue from a quality perspective, but converting to another format is very likely to be necessary in the future and would either not be possible or would be suboptimal without the original. That is supposed to be the beauty of digital music–you can keep migrating it to the latest technology without having to pay for the “license” to listen again.

E Voting Interview Reveals Serious Risks To Election Integrity

Thu, 29 May 2003 15:22:00 -0700

This scares me as a security professional. This especially scares me as a resident of Washington State.

Some gems from this interview with representatives from Sequoia systems:

Miller: “On the touch screen – we do have the hand recounts of close races too.”

Harris: “On a machine with no voter-verified paper trail?”

Miller: “Well, there’s no way to do a hand recount on a DRE.”

-————

Harris: “But the positive, which can be proved, is that every election system that’s ever been used in the USA has, at one time or another, been tampered with. And what we do know is that $800 million has gone toward contributions to candidates. So certainly we can predict that someone will try to tamper with a programmer. And therefore, what I’m asking, is what safeguards do we have in place to make sure that, if someone tampers with a program or a CD update –”

Another Ill Conceived Set Of Tax Refunds

Thu, 29 May 2003 14:51:00 -0700

1. Companies fraudulently overstate earnings 2. Companies pay tax on those fake earnings 3. Companies get caught, restate earnings 4. Companies want refunds of taxes paid on those earnings 5. Unbelievably, they get the refunds!

Firms Want Refunds Of Tax on Fake Profit (TechNews.com)

Bmw 7 Series Windowsce Crash Traps Driver Inside

Sun, 25 May 2003 04:46:00 -0700

A post to the IP and Risks lists is a harbinger of things to come as more and more complexity and computer-controlled systems get added to everyday devices without ensuring the same kind of quality and safety engineering. We can only hope that Ford and other car companies will not be successful in overturning laws requiring mechanical connections for safety-critical systems like steering, braking, etc.

-core24

Date: Tue, 13 May 2003 17:31:11 -0700 From: “Robert J. Berger” Subject: MS Windows crash traps Thai politician in car (From Dave Farber’s IP)

Making Telemarketers Cry

Sun, 25 May 2003 04:39:00 -0700

A great Telemarketer Suing HOWTO by attorney Mark Eckenwiler from Washington D.C.

How To Make A Telemarketer Cry (or, Suing Bozos for Fun & Profit)

“In November 2002, a telemarketer called my home in D.C. at 5:24 a.m. This is the story of how that call cost him $500.”

Quot If You Want To Win An Election Just Control The Voting Machines Quot-

Fri, 23 May 2003 11:06:00 -0700

quot-

A couple more sites working against all-electronic voting machines:

https://www.blackboxvoting.com/ https://www.ecotalk.org/VotingSecurity.htm

Also, an article discussing a situation that, if true, is truly egregious:

The senator who won the election in Nebraska allegedly “was the head of, and continues to own part interest in, the company that owns the company that installed, programmed, and largely ran the voting machines that were used by most of the citizens of Nebraska.”

The bigger issue, in my opinion, is not whether the senator had rigged his election but the fact that we are entirely unable to verify whether this occurred or not. With a voter verifiable and recountable audit trail, we could.

Can Microsoft Be Secure

Fri, 23 May 2003 10:57:00 -0700

I sure hope so. I have high expectations for Windows 2003. We’ll see how things progress.

I want to know who the companies are that were surveyed… I assure you mine wasn’t one of them.

Commentary: Can Microsoft be secure? | CNET News.com

Customers worry about Microsoft’s security: Seventy-seven percent of respondents to a Forrester survey cited security as their top concern about deploying Windows. Despite those concerns, 89 percent of users are still deploying sensitive applications like financial transaction systems and medical records databases on Windows.

Horrible Precedent Guantanamo Detainees Have No Us Legal Recourse

Fri, 23 May 2003 10:53:00 -0700

[IP] Stuart Taylor’s column today –“Falsely Accused ‘Enemies’ Deserve Due Process

Couldn’t say it better myself. And regarding those lists of “known or suspected terrorists”, Bruce Schneier said it best, “there is an incentive for law enforcement to put people on this list, but no incentive for them to take people off. So the harrassment continues.”

“It ought to be unnecessary to say this, but even *correctly* accused enemies of the state deserve due process – not least because due process is the best way of determining whether they were, in fact, correctly accused.”

Facial Recognition Systems Quot Improve Quot-

Fri, 23 May 2003 10:47:00 -0700

quot-

[IP] NIST rates facial recognition systems

“The three top-rated systems verified identities correctly 87 percent to 90 percent of the time with a false-alarm rate of 1 percent. When NIST specified a false-alarm rate of 0.1 percent, the success rate dropped to between 79 percent and 82 percent.”

From the report itself:

“Typically, the watch list task is more difficult than the identification or verification tasks alone. Figure 8 shows detection and identification rates for varying watch list sizes at a false alarm rate of 1%. For the best system using a watch list of 25 people, the detection and identification rate is 77%. Increasing the size watch list to 3,000 people, decreases the detection and identification rate to 56%.”

Handset Security Flaws On The Horizon

Fri, 23 May 2003 10:35:00 -0700

Software quality, especially data input filtering, is critical for mobile devices; especially devices that do not typically have user-updateable software.

News: Mobile phone hacking expected to spread

United States-based security company @stake has released a security advisory detailing a Denial of Service (DoS) vulnerability in the Nokia 6210 GSM mobile phone, and although the flaw isn’t serious it could be a sign of worse things to come.

Drm Threat Analysis Shows Futility In Drm Mechanisms

Fri, 23 May 2003 10:23:00 -0700

This analysis shows how DRM solutions are ineffective because they [attempt to] address the wrong threat model.

“Many DRM advocates make the classic mistake of refusing to choose a threat model. When they complain about the problem, they seem to be using the Napsterization model – they talk about one infringing copy propagating across the world. But when they propose solutions they seem to be solving the casual-copying problem, asking only that the technology keep the majority of customers from ripping content. So naturally the systems they are building don�t solve the problem they complain about.”

Catching Up

Fri, 23 May 2003 10:15:00 -0700

I’ve been so busy with work and other things that I have amassed a large queue of articles and little nuggets over the past few months. You’ll probably see some old news come through that I still wanted to share or comment on.

Cheers,

-core24

Insider Attack Nails Shut Janteknology'S Coffin

Fri, 23 May 2003 10:07:00 -0700

Evidence of the damage that insider attacks can wreak. Ironically, this was a security software distributor.

It’s unbelievable how often I hear things like:

“Well you have to trust your employees/administrator/etc!” “But we’re behind the firewall!”

I even noticed Microsoft’s STRIDE threat model does not include the threat:

Misuse of granted privileges.

Whoops. People all too often don’t look inside their own organizations at the threats all around you. Insider attackers are a difficult, and perhaps not entirely solveable problem. It is much easier for someone to attack your network when they are already on it than through your firewall over the Internet. Your firewall rejects access, but then your HR department allows it. They will even give a potential adversary a computer, cubicle, network access, badge, etc.!

Museum Of Unworkable Devices

Fri, 23 May 2003 09:37:00 -0700

" This museum is a celebration of fascinating devices that don’t work. It houses diverse examples of the perverse genius of inventors who refused to let their thinking be intimidated by the laws of nature, remaining optimistic in the face of repeated failures."

A truly fascinating site.

The Museum of Unworkable Devices

weblogs.com RPC error fix

Fri, 23 May 2003 09:34:00 -0700

07:00

You may have seen this error crop up in your movabletype blog:

Ping ‘https://rpc.weblogs.com/RPC2' failed: HTTP error: 500 read timeout

I found plenty of sites through google where people were asking about this but nobody offered a solution that I saw. Well, I found a solution that was posted on the MT support forum just an hour or so ago:

movabletype.org : Support Forum

below is a unified diff so that you can patch your site. The patch seems to work most of the time, although I have had at least one of the same errors crop up. That could have been due to something else though.

Creationist Debunking At Your Fingertips

Fri, 23 May 2003 08:26:00 -0700

An Index to Creationist Claims

An online Index to Creationist Claims that debunks many of them, with references.

Acm Testimony To Congress Against Dmca'S Chilling Effect

Fri, 23 May 2003 01:19:00 -0700

USACM co-chair Barbara Simons spoke out against sections of the DMCA during recent Congressional review of the DMCA’s anti-circumvention provisions.

ACM MemberNet

You can also read the transcript of Simons’ testimony

“During a time when our nation is devoting unprecedented resources to homeland security, we should be eliminating laws such as the DMCA that encourage insecurity,”

Voter Confidence and Increased Accessibility Act

Fri, 23 May 2003 00:48:00 -0700

Voter Verification Newsletter – Vol 1, Number 3

“Federal Legislation Introduced!

Rep. Rush Holt of New Jersey has introduced a bill requiring a voter-verifiable paper trail.

https://holt.house.gov/issues2.cfm?id=5996

The Voter Confidence and Increased Accessibility Act of 2003.

“We cannot afford nor can we permit another major assault on the integrity of the American electoral process,” said Rep. Rush Holt. “Imagine it’s Election Day 2004. You enter your local polling place and go to cast your vote on a brand new ’touch screen’ voting machine. The screen says your vote has been counted. As you exit the voting booth, however, you begin to wonder. How do I know if the machine actually recorded my vote? The fact is, you don’t.”

'E Mail Wrap' License

Thu, 22 May 2003 15:34:00 -0700

Like ‘click-through’ or ‘clickwrap’ licenses before, Lawrence Lessig publishes what may be described as an ’e-mail through’ or ’e-mail wrap’ license:

welcome spammers

Illogical Rantings On Quot Under God Quot Issue

Thu, 22 May 2003 15:28:00 -0700

I couldn’t pass this one up.

Miami News-Record - Gerald Stone Column

" At a time when we need God and religion in our lives more than ever, the U.S. Supreme Court is poised to strike down the words �under God� from the Pledge of Allegiance."

I’ll add some clarification to this statement:

“we” = you and those who believe as you do “our lives” = the lives of you and those who believe as you do.

Logic Error In Texas Dps Record Destruction Quot Rationale Quot-

Thu, 22 May 2003 15:11:00 -0700

quot-

Talking Points Memo: by Joshua Micah Marshall

“The DPS [Department of Public Safety] appears to have violated Texas state law by destroying the records. To justify this, they point to a federal regulation which a legal expert says is plainly inapplicable. And the very regulation they’re trying to hang their hat on seems to bar the original conduct itself.”

This whole story is unbelievable. I’m still waiting for what assistance they requested and perhaps received from the department of Homeland Security… There is a possible criminal investigation ensuing.

Taxed logic...

Thu, 22 May 2003 15:06:00 -0700

Warren Buffet writes:

Dividend Voodoo (washingtonpost.com)

Putting $1,000 in the pockets of 310,000 families with urgent needs is going to provide far more stimulus to the economy than putting the same $310 million in my pockets.

When you listen to tax-cut rhetoric, remember that giving one class of taxpayer a “break” requires – now or down the line – that an equivalent burden be imposed on other parties. In other words, if I get a break, someone else pays. Government can’t deliver a free lunch to the country as a whole. It can, however, determine who pays for lunch. And last week the Senate handed the bill to the wrong party.

Questions Of Mass Distruction

Thu, 22 May 2003 14:41:00 -0700

“Look, if there are no WMDs in Iraq, it means either our government lied us to us in order to get us into an unnecessary war, or the government itself was disastrously misinformed by an incompetent intelligence apparatus. In either case, it’s a terribly serious situation.”

TOMPAINE.com - Questions Of Mass Destruction

Rhp Livejournal Web Board

Mon, 19 May 2003 14:15:00 -0700

Check out a new place to discuss the Red House Painters and get news.

a red house painters & mark kozelek community’s Journal

Anti Polygraph

Mon, 19 May 2003 13:08:00 -0700

Here is a 176-page PDF paper on the fallacy of polygraph exams (a.k.a. “lie” detectors). I have not read up on this subject in some time but this looks to be a good read.

Lie Behind the Lie Detector

Stupid Security

Mon, 19 May 2003 12:59:00 -0700

Found out about this great site through this month’s Crypto-Gram newsletter. It posts articles on – you guessed it – all the stupid security measures people come across.

Stupid Security: Exposing Fake Security Since 2003

E Voting Systems Assailed

Tue, 06 May 2003 15:43:00 -0700

A great article with some perfect quotes from leading advocates and experts for voter verifiable audit trails. Also, there are some documented cases of voting machine errors in the article.

New Voting Systems Assailed

New Voting Systems Assailed Computer Experts Cite Fraud Potential

By Dan Keating Washington Post Staff Writer Friday, March 28, 2003; Page A12

As election officials rush to spend billions to update the country’s voting machines with electronic systems, computer scientists are mounting a challenge to the new devices, saying they are less reliable and less secure from fraud than the equipment they are replacing.

Seattle Area volleyball site

Tue, 06 May 2003 15:37:00 -0700

Scott Marlow maintains a very cool site on Seattle-area Volleyball programs, gyms, groups. https://www.seanet.com/~swmarlow/volleyball.html

Juxtaposition Mobile Edition-

Sat, 22 Mar 2003 01:36:00 -0800

I just found out some very simple instructions and a sample template to make a parallel WML version of this site for viewing on my mobile phone (I do work for a wireless phone company, after all). Check out the result: Juxtaposition mobile edition

I started by finding this WAP & WML thread at movabletype.org

This discussion pointed me to two solutions for two different problems:

Nicely Toasted Mobile, which generates wml versions on-the-fly for WAP-based mobile devices

Users tricked into believing a Nokia upgrade hoax

Fri, 21 Mar 2003 12:19:00 -0800

“Nokia 7650 upgrade - hoax

An internet hoax is traveling round the internet that purports to be a press release from Nokia offering an upgrade for owners of the Nokia 7650 handset to support a series of new features.

The press release says that “Nokia today announced after months of speculation and rumours that it will be re-releasing it’s flagship Symbian OS phone, the 7650, with the long awaited increased memory capabilities.

Black Box Testing Your Brain

Fri, 21 Mar 2003 11:58:00 -0800

New Scientist

“The world’s first brain prosthesis - an artificial hippocampus - is about to be tested in California.”

This is the result of black-box testing the hippocampus–the part of your brain that encodes “experiences so they can be stored as long-term memories”. It has proven to be elusive to its exact workings, but by treating it as a black-box and mimicking its response to inputs, scientists were able to devise a mathematical model that they could program onto a chip which could replace a malfunctioning hippocampus.

Space Elevators: fact or fiction?

Fri, 21 Mar 2003 11:48:00 -0800

A slashdot article about a book (see below) researching whether the sci-fi Space Elevator could be practically manufactured is out:

This is some of the fruits of ongoing NASA-sponsored research.

What is a Space Elevator, you ask? A superstrong elevator “shaft” stretching from earth and anchored to a geosynchronous satellite in outer space that an elevator would ride upon to carry payloads outside of our atmosphere.

“carbon nanotube fibers are both strong and light enough that a 100,000 km elevator, constructed of a 2m wide carbon nanotube “ribbon,” could be constructed in 10 years for a cost of US $6 billion, and be capable of lifting a 13-ton payload to geosynchronous orbit once every few days. If feasible, it would present a stunning breakthrough in space accessibility, and likely usher in a new age of space development and exploration.”

Fuel Cells Coming To A Laptop Near You

Fri, 21 Mar 2003 11:40:00 -0800

Cool!

InfoWorld:�Toshiba prototypes methanol fuel cell for laptops:�March 05, 2003:�By�Gillian Law:�End-user Hardware

SSL Patent suit update: victory for SSL!

Fri, 21 Mar 2003 11:23:00 -0800

07:00

A press release on RSA’s website announces that a unanimous verdict was reached on all infringement claims in favor of the defendants, RSA Security Inc. and Verisign Inc.

RSA Security | RSA Security Wins SSL Patent Infringement Trial

Analysis Of The Educational Initiatives Outlined In The National Cybersecurity Strategy

Fri, 21 Mar 2003 10:52:00 -0800

Rob Slade takes an in-depth look at what the National Cybersecurity Strategy is for security education and doesn’t really find much. To summarize:

“we [the U.S. Gov’t] can’t do it alone, so we’re not going to do anything”

“How will it happen?”

“Focus or force?”

“Security awareness cannot be promoted by establishing contests where nobody will compete.”

“Again, this proposal sounds good, but, without details to back it up, I doubt that there will be any impact any time soon”

Duk Koo Kim

Thu, 20 Mar 2003 23:38:00 -0800

I recently purchased the one and only vinyl album that I own. I had to do so, even though I do not own a turntable, because it is a 1000 copy limited release single. It contains two versions of the same beautiful song, called Duk Koo Kim, by Mark Kozelek of the Red House Painters. This is one of my favorite RHP songs. Reading the history about Duk Koo Kim makes the song that much more poignant and sad.

E Voting Banter Between Scientists

Thu, 20 Mar 2003 10:20:00 -0800

There was voluminous and heated discussion on the cryptography mailing list about the dangers of the paper audit trail for e-voting that is being pushed by the e-voting academic experts. The instigator and perpetuator of the discussion was Ed Gerck.

His main criticism was that the paper audit trail does not address the problems of massive external vote tampering by extortion (vote this way and prove you voted this way or I’ll kill you) or vote selling (vote republican, prove it to me, and I’ll pay you $$). He is afraid that the paper audit trail will be just the thing that can be photographed as proof of your vote to enable these system.

In Happier Times

Thu, 20 Mar 2003 09:43:00 -0800

This is hilarious. It must be making its rounds on the Internet today. Thought it would bring a bit of levity to the current world situation.

[

Propaganda Against Anti War Position Ancient Practice

Tue, 18 Mar 2003 14:46:00 -0800

I may have to get this book:

Details from 480BC about painting anti-war sentiment as “disloyalty”.

[IP] anti-war == disloyalty

TSA inspector rebukes passenger in a note

Tue, 18 Mar 2003 14:40:00 -0800

07:00

I hope that somebody is guarding the constitution. People seem to be lining up to shred it with war on the horizon.

The Seattle Times: Local News: Suitcase surprise: Rebuke written on inspection notice

Ugly: politicians calling for excessive sentences for filesharing

Tue, 18 Mar 2003 14:30:00 -0800

07:00

[IP] Does File Trading Fund Terrorism?

Bizarro World Nyc Talking Fish Speaks In Tongues

Tue, 18 Mar 2003 14:01:00 -0800

Um. Yeah.

Contra Costa Times | 03/15/2003 | Skeptics can carp, but a New York fish is the talk of the town

Risks Of Background Checks

Fri, 14 Mar 2003 01:46:00 -0800

There is a trend after 9/11 to perform more background checks on individuals as a requirement for all kinds of things–employment being a major. Data integrity issues are probably the biggest risk with these kinds of checks. Who has your data? Where did they get it from? How do you know it is accurate? How can you correct mistakes?

I reviewed a background check service that is used for credit checks mainly and was surprised to see that they offered the ability to check against the _____________________

undefined

Thu, 13 Mar 2003 23:08:00 -0800

07:00

PrivacyChoices

New Ieee Security And Privacy Magazine

Thu, 13 Mar 2003 14:53:00 -0800

I will have to check this out. Although, I have several piles of other publications to whittle down first.

“The IEEE Computer Society has created a new magazine called “Security and Privacy” specifically for the security community The magazine intends to present a balanced mix of scientific research and practical security discussion. "

Risks Of Public Internet Access Terminals

Thu, 13 Mar 2003 14:49:00 -0800

This story about 16M Yen (~$136,000) stolen from someone’s CityBank online banking service after the user’s password was compromised at an Internet cafe highlights the tremendous risk of insecure client computers. It does not make a darned bit of difference what crypto strength you were to use, it is so trivial to install a keystroke capture device that nobody would ever notice that will catch everything before it is encrypted.

Krispy Kreme Grossly Overcharges 28 Customers

Thu, 13 Mar 2003 14:20:00 -0800

From RISKS 22.61.

“A Krispy Kreme doughnut shop in Albuquerque seemingly greased its coffers while figuratively deep-frying over two dozen customers. Irrespective of what they ordered, each of 28 customers using a credit card were charged EXACTLY $84,213.60 for the purchase. "

The PGN comments simply made the posting though:

[These charges were actually APPROVED, and of course also blew the customers’ credit ratings for a few days. Amazing! ``The $84,000 charge, were it legitimate, would have purchased over 170,000 … doughnuts, enough to stretch over 9 miles if placed end-to-end.’’ …

VoteHere whistleblower lawsuit and other e Voting madness

Thu, 13 Mar 2003 14:13:00 -0800

BlackBox Voting is reporting on a whistleblower lawsuit filed here in Washington state by a software engineer against his former employer VoteHere. He alleges that he was wrongfully terminated to silence his complaints while third party “certification” of the VoteHere system was being conducted. The lawsuit enumerates many of the system’s flaws that he documented in defect reports. It is a must-read.

In other unbelievable news, Santa Clara County, CA and Collins County, TX both voted for electronic voting machines without paper audit trails against all sound advice from experts around the world. Santa Clara County reportedly cited the same kinds of “certifications” as evidence that the system is okay without the voter verifiable audit trail.

Music Wish List

Wed, 12 Mar 2003 13:02:00 -0800

I’ve been compiling a text file with my queue of music to get next and thought that I should share. It would also be much nicer to manage through MovableType with the MTAmazon plugin and the MTMacro plugin.

How Mobile Phones And An 18m Bribe Trapped 911 Mastermind

Tue, 11 Mar 2003 05:04:00 -0800

Guardian Unlimited | Special reports | How mobile phones and an �18m bribe trapped 9/11 mastermind

Top Inspectors Criticize CIA Data on Iraqi Sites

Sun, 09 Mar 2003 15:13:00 -0800

[IP] Top Inspectors Criticize CIA Data on Iraqi Sites

Iraq Nuclear Program Evidence To The Un Faked

Sun, 09 Mar 2003 15:05:00 -0800

[IP] Some Evidence on Iraq Called Fake U.N. Nuclear Inspector SaysDocum

Big Brother Is All Around You

Fri, 07 Mar 2003 08:59:00 -0800

ABCNews is reporting that several police agencies are under fire for domestic spying. Those of you who think that the government can have all the power it thinks it wants without checks and balances should take heed that this certainly breeds abuses. Read this article. See the trend toward more domestic spying. Be afraid.

I hope that Seattle maintains their current ban on this practice.

ABCNEWS.com : Is Police Spying Back in Fashion?

Dumb Criminal Award Candidate

Fri, 07 Mar 2003 08:43:00 -0800

Just hilarious if this suspect was truly the robber.

“A California man who got away after allegedly sticking up an Aurora Avenue North video store a couple of weeks ago apparently couldn’t leave well enough alone.”

The Seattle Times: Local News: Robbery suspect nabbed during return visit to store

Copa Ruled Unconstitutional-

Fri, 07 Mar 2003 08:11:00 -0800

The Washington Post has a story about the victory for free speech handed down by the 3rd U.S. Circuit Court of Appeals on Thursday. They upheld a lower court injunction blocking the law (COPA) as being too squishy to withstand constitutional muster.

“Previously, the 3rd Circuit had ruled the law unconstitutional on grounds that it allowed the legality of Internet content to be judged by “contemporary community standards.”

Also see discussion at Slashdot | Appeals Court Rejects Child Online Protection Act, Again

Aol Customers Buyer Beware

Tue, 04 Mar 2003 15:08:00 -0800

Many of the attacks described are social engineering attacks and not computer security holes. I can’t believe the mumbling attacks–hilarious! Social engineering attacks are very hard to defend against, especially with huge callcenters like AOL must have.

AOL customers beware your privacy. AOL not only makes it easy to get on the Internet, they make it easy for others to get on the Internet as you too!

“Using a combination of trade tricks and clever programming, hackers have thoroughly compromised security at America Online, potentially exposing the personal information of AOL’s 35 million users. "

SSL under patent dispute

Tue, 04 Mar 2003 15:05:00 -0800

The March 3 Security Wire Digest and Reuters are reporting that:

“Leon Stambler, who has won financial settlements from companies such as National Cash Register, First Data and Openwave Systems, seeks up to $20 million in the federal suit, being heard in Delaware. "

“Certicom and Openwave each paid $400,000 plus ongoing royalty fees for their licenses and First Data paid $4 million, he testified. "

He is suing RSA Security and Verisign now, trying to extract money. Ugh.

Wireless hackers invade!

Tue, 04 Mar 2003 14:57:00 -0800

“Two Alberta men with a passion for locating and mapping wireless computer networks have come under the scrutiny of Canada’s spy agency.”

“The press release, which also included Mr. Kaczor’s name and contact information, featured the tongue-in-cheek headline “Wireless hackers invade Red Deer!””

High-tech hobby falls under CSIS suspicion

Debate On Copyright Vs Innovation At Stanford

Mon, 03 Mar 2003 05:13:00 -0800

[IP] Pondering Value of Copyright vs. Innovation

“Technology scholars, business leaders and policy makers gathered at California conferences this weekend to argue whether a mismatch between two different technologies and the legal policies that govern them could inhibit free expression and innovation. "

““We have ceded too much power to copyright owners,” said Ms. Lofgren, who plans on Tuesday to reintroduce a bill that would amend the 1998 law. “People are afraid to proceed on innovative measures.””

Outlawing Encryption Under Patriot Ii

Mon, 03 Mar 2003 05:10:00 -0800

ot-ii

Among other nasty things, the US government is trying to make the use of encryption while committing a crime over a computer a new crime that would add 5 years onto your sentence, if convicted.

“If you order a book from Amazon.com and fail to pay state tax, the SSL session with Amazon supports a five year felony. [RFF - I’d also include using GSM cell phones with the built-in encryption….]”

Ari Gets Laughed Out Of Wh Briefing Room

Mon, 03 Mar 2003 00:55:00 -0800

[IP] Must Read and See: Ari Gets Laughed Out of WH Briefing Room]

Join in laughing Ari Fleischer out of the briefing room. Start at about 30 minutes into the tape when Ari is being repeatedly questioned about US diplomat quotes that some aid packages are being offered to Mexico and Columbia relating to their upcoming UN Security Council votes.

Google Removes Quot Illegal Quot Site From Its Index On Request

Mon, 03 Mar 2003 00:53:00 -0800

Seth Finkelstein has details on a troubling case about someone in Chester county in the UK complaining to google about a site run by someone calling themselves “Chester the Molester” as an illegal paedophile site that they found by searching for “Chester Guide” on google. The site, in fact, was not illegal at all but a list of “sick humor” that included a link to a humor article entitled, “Chester’s guide to: picking up little girls”.

Truth in music on its way?

Mon, 03 Mar 2003 00:51:00 -0800

Senator Ron Wyden (D) from Oregon is pitching a simple idea to lead to a market-driven solution to the DRM problems being imposed on consumers: to require music companies to disclose to consumers the restrictions they will impose on the consumer’s use of the product.

“When customers know, for example, that the compact disc they’re buying is technologically rigged so they can’t rip MP3 files from it for use on a portable player, they won’t buy it. Eventually, these informed customers will demand change in the copyright laws.”

Dell Cost Cutting With Sun To Linux Switch

Sun, 02 Mar 2003 14:31:00 -0800

Wow. This may help spur other cost-conscious companies (perhaps my employer too) into making the switch.

“Currently, our order management, customer transaction information, manufacturing flow, and software downloads (as a part of our build-to-order manufacturing process) all involve Sun-based Unix systems. But that’s all being moved to Dell-based systems running Red Hat Linux and Oracle 9iRAC. So far, 14 Sun systems are gone and the plans are to complete the ‘Sun setting’ exercise this year.”

Vespa Madness

Sun, 02 Mar 2003 13:55:00 -0800

A must have: Vespa Screensaver. Windows-only, of course.

Interested in buying one for me? I could handle the platinum, dragon red, or cobalt blue one. The local dealer location

Or, I can at least hope to win one from Starbucks. This is the perfect excuse to buy more coffee :-)

Worm press release template

Sun, 02 Mar 2003 13:50:00 -0800

Keep this handy for the next MS Worm. Posted to RISKS 22.53: . [From Pete Lindstrom, Spire Security, petelind@spiresecurity.com]

* Computer Worm Internet*

In the wee hours of , a computer worm spread throughout the Internet. Dubbed because <ridiculous reason that doesn’t explain anything about how it works>, and also known as and , the worm has infected an estimated systems within . Experts are calling this worm the most since .

Bsa Joins Ranks With Riaa In Threatening Without Cause

Fri, 28 Feb 2003 02:19:00 -0800

The BSA (Business Software Alliance) is now taken to sending out threatening letters based on the results of a web/ftp spider search for the word “Office”. The RIAA has done similar things in searching for “pirated” music by keyword and then automatically mailing.

From the BSA letter:

“What was located as infringing content: -—————————– Filename: /mandrake_current/SRPMS/OpenOffice.org-1.0.1-9mdk.src.rpm (199,643kb) Filename: /mandrake_current/i586/Mandrake/RPMS/OpenOffice.org-libs-1.0.1-9mdk.i586.rpm (35,444kb)”

OpenOffice.org thread

Anyone have a clue stick handy?

Microsoft Spyware

Wed, 26 Feb 2003 14:38:00 -0800

tecChannel reverse-engineered Windows Update to find that it can spy on other installed applications. It is unclear whether it actually does spy though. Although an article at The Inquirer claims as much.

They are offering a utility that you can run yourself to spy on the spyware. You have to pay 1.99 Euro for the full article and get the software included. A summary can be found for free though at The Inquirer.

More On Santa Clara E Voting

Wed, 26 Feb 2003 09:53:00 -0800

Just heard an NPR story on the Santa Clara e-voting saga. A vote today did not decide on whether they would only go with a system with a paper ballot. Only to test such a system.

The Sequoia company representative (the chosen product) admitted that they only agreed to add the paper ballot because they listen to customer demands. He didn’t think it was necessary though.

“Officials in California’s Santa Clara County learn that those who know computers best have the biggest concerns about them. That county, home to Silicon Valley, is deciding on an electronic voting system. But a computer scientist fights to keep old-fashioned paper in the voting process. NPR’s Andy Bowers reports.”

Homeland Quot Security Quot Measures Coming Under Fire

Wed, 26 Feb 2003 09:17:00 -0800

I heard someone talk about how in the 50’s and 60’s everyone was building bomb shelters for protection against nuclear attack and fallout but now people are being told that some tarp and duct tape are all that is needed.

The question was asked, “Who is going to protect us from Tom Ridge, and his bumblers in the Dept of Homeland Security…”

[IP] More bad advice from Tom Ridge…

Now It'S 8 Million Credit Cards Stolen

Wed, 26 Feb 2003 00:22:00 -0800

“In what is believed to be the biggest credit card hacking incident so far, Omaha-based Data Processors International, which processes transactions involving Visa, MasterCard, American Express and Discover Financial Services for merchants, said in a statement that it had “recently experienced a system intrusion by an unauthorized outside party.”

Yahoo! News - FBI Probing Theft of 8 Million Credit Card Numbers

Acm Joins Opposition To Tia

Tue, 25 Feb 2003 15:15:00 -0800

o-tia

There is a story in this month’s ACM MemberNet publication on the ACM’s opposition to Total Information Awareness (TIA).

This isn’t exactly news, because the ADM letter was drafted on Jan 23. The latest status on the EPIC TIA page was Jan 24 when Amendment 59 was included in a bill to impose limits on TIA. However, the requirement that the government simply provide a report in order to continue funding seems weak. There isn’t anything defining what content within the report would be satisfactory. It sounds too much like corporate privacy policies. It doesn’t matter what is in them, so long as the company abides by it. The report could say exactly what privacy advocates fear most and TIA will still be funded. However, the catch-all requiring congress to approve use of TIA is a step in the right direction.

Santa Clara County More Clueless Electronic Ballot Junkies

Tue, 25 Feb 2003 15:13:00 -0800

Santa Clara County faces key decision on electronic ballots

“The future of electronic voting may be rewritten this week in Santa Clara County, where county leaders are weighing warnings that the touch-screen voting machines they want to buy are more prone to error and fraud than the systems they would replace.”

“Sequoia’s systems don’t produce paper ballots that voters can verify, and supervisors didn’t ask for such a device in their bid proposal. Vendors and election officials say paper ballots aren’t needed because the machines have internal safeguards, are certified by federal and state governments and tested repeatedly before and after elections.”

Study shows Linux defect rate much better than commercial Unix

Tue, 25 Feb 2003 15:04:00 -0800

A study of TCP/IP code of various commercial and open source operating systems found that the defect rate in the Linux implementation was much better than others studied.

“The Linux defect rate was 0.1 defects per 1,000 lines of code, Reasoning found. The rate for the general-purpose operating systems–two of them versions of Unix–was between 0.6 and 0.7 per 1,000 lines of code. The rates for the two embedded operating systems were 0.1 and 0.3 per 1,000 lines of code. "

Scuba Diving Computer Recall

Tue, 25 Feb 2003 14:57:00 -0800

From RISKS 25.57.

I have friends who dive and hope to get certified myself soon so this is of particular concern.

Date: 17 Feb 2003 05:35:20 -0800 From: tom.race@skipton.co.uk (Tom Race) Subject: Scuba diving computer recall

[See also Risks in scuba equipment, Carl Page, RISKS-21.41]

In simple terms, a dive computer monitors the amount of nitrogen dissolved in the diver’s blood. Typically worn like a wrist watch, it tracks the diver’s depth and calculates the absorbed nitrogen according to a mathematical model of the human body’s various tissues.

Someone compromised 1% of all visa and mastercard account numbers

Tue, 25 Feb 2003 14:55:00 -0800

A 2-17-2003 very short Reuters story reports that Over 5 million Visa/MasterCard accounts hacked into

“More than five million Visa and MasterCard accounts throughout the nation were accessed after the computer system at a third party processor was hacked into, according to representatives for the card association”

This story by the BBC has more details

Great. Why were the account numbers on Internet-accessible systems. And why were the accounts not stored encrypted at the third party?

Orange Alert Status Terror For Students

Tue, 25 Feb 2003 14:48:00 -0800

From RISKS 22.56

“Date: Thu, 13 Feb 2003 05:46:37 -0500 From: “Rebecca Mercuri” Subject: Risks of Doing Homework

At the faculty meeting at Bryn Mawr College on 12 Feb 2003, we were informed that a student at Haverford (our affiliated College) was arrested over the weekend when he was trying to do his homework assignment in Philadelphia. As part of the Cities project, he was taking photographs of SEPTA (our regional transit authority) facilities when he was arrested, detained for a few hours, and eventually released. Haverford administration is working to try to ensure that this event not be a part of the student’s permanent police record. Apparently taking photographs at transit facilities is cause for arrest during “Code Orange” alert, the authorities explained. Faculty were advised to be careful about assigning “field trip” projects during such alerts.

Not Only N Korea Can Have Nukes

Tue, 25 Feb 2003 14:23:00 -0800

A Wired article describes an unbelievable story of reporter Noah Shachtman trivially breaching the physical security at none-other-than Los Alamos National Laboratory described as “the world’s most important nuclear research facility”.

“On Saturday morning, I slipped into and out of a top-secret area of the lab while guards sat, unaware, less than a hundred yards away.”

Mobile Mp3 Quandary

Tue, 25 Feb 2003 10:14:00 -0800

What to buy…

For my birthday, I’m looking to buy myself a digital music jukebox player/recorder. There are plenty of options, but none of which meet all of my requirements.

I’m going to play the wait-and-see game for a while. There are some new Minidisc players coming out that are candidates as well, although the tradeoff is smaller capacity to get a smaller form factor and jog-proof mechanism.

The most promising product is the Neuros, although some poor design decisions, including only providing USB 1.x support, may kill this one before it gets started. The promise for me is the ability to have both a memory-based player and a hard-drive based player in one. I could take it to the gym without the hard disk pack, but still be able to add the disk for roadtrips or just the daily commute. The built-in FM transmitter is another great feature.

New Ssl Active Mitm Attack

Fri, 21 Feb 2003 15:11:00 -0800

" In a paper researchers at the Security and Cryptography Laboratory of Swiss University (Lasec) EPFL demonstrate a timing-based attack on CBC cipher suites in SSL and TLS.

The attack assumes that multiple SSL or TLS connections involve a common fixed plaintext block, such as a password. Since credit cards numbers are normally sent to a secure server only once this particular attack has little or no chance of success.

Citibank Trying To Silence Atm Pin Security Research

Fri, 21 Feb 2003 07:17:00 -0800

Citibank is trying to prevent the disclosure of new scientific research that has apparently broken ATM PIN confidentiality protection wide-open. This is even in the face of “phantom” charges appearing on people’s accounts that banks refuse to reverse, claiming that their system is so secure that users cannot repudiate such charges.

“The card’s issuer says that’s not possible, because their ATM network is secure, and is suing the couple to recover the nearly $80,000 that was charged against the card. "

Slag your drives to thwart data recovery

Fri, 21 Feb 2003 06:58:00 -0800

A recent MIT study of 129 used hard drives indicated that people leave a treasure trove of data behind on their discarded computers.

This begs the question of how can you securely dispose of old hard drives? Well, the typical answers are to use a secure wiping program or degaussing, but these are not 100% effective.

Some people have come up with a foolproof method called Drive Slagging which involves melting down the platters and essentially creating aluminum ingots.

Ebay Rolls Clock Back To 1984

Thu, 20 Feb 2003 02:32:00 -0800

-1984

“Big Brother is watching you - and documenting eBay, ever anxious to up profits, bends over backward to provide data to law enforcement officials”

Buyer (and seller) beware…

Ha’aretz - Article

TurboTax copy protection mucks with sectors on your hard disk

Wed, 19 Feb 2003 14:30:00 -0800

DRM is getting even more annoying, dangerous, and insidious. Intuit thought that it would be necessary to utilize a product called SafeCast to prevent unauthorized copying of its popular TurboTax product. Extremetech did some testing and found that SafeCast copy (not copyright) protection relied on modifying sector 33 on your hard drive outside of your operating system. This is not necessarily a Good Thing ™

TurboTax Test Results Part II

To Thwart the Identity Thieves

Mon, 17 Feb 2003 11:39:00 -0800

There is an excellent article in BusinessWeek on what is supposed to be the fastest growing crime in the U.S.: Identity Theft. I agree that only radical reform will solve the problem. However, I always think that the solutions focus on symptoms of the problem disclosure of customer identifying information) and not on the root cause of the problem (insufficient authentication (i.e. PROOF of identity) requirements by credit issuers). Your identifying information should not have to be secret. That is the mark of an insecure system.

Richard Forno Let Go Rants About Symantec

Mon, 17 Feb 2003 09:53:00 -0800

Richard Forno was let go by Symantec, coincidentally right after he had politely complained in a letter about the extremely inefficient payment procedures they brought with them to SecurityFocus.

I really enjoyed his commentary so I hope to see him show up somewhere else soon!

symantec-bitch

Computer Security And Intelligence Web Links

Mon, 17 Feb 2003 08:58:00 -0800

The C4I.org - Computer Security and Intelligence website has, according to the author, “little nuggets” of information he finds “interesting enough to post online”.

The most interesting thing that I found there (so far) is Tradesports.com where people are betting on current events, such as whether or not Saddam will still be in power as of March 31.

-Jason

The Myth of Security at Canada�s Airports

Mon, 17 Feb 2003 01:01:00 -0800

07:00

Senate Committee on National Security and Defense in Canada recently released a report on the new airport security measures.

Entitled, “The Myth of Security at Canada�s Airports”

“…measures have reassured many travellers that security has been tightened at Canadian airports since the tragic events of September 11, 2001. The problem is that there has been little or no improvement to huge security gaps that persist behind the scenes in the Canadian travel industry. "

Viacom won't run anti War ads

Sat, 15 Feb 2003 14:49:00 -0800

With all of the millions of protesters out there this weekend, you would think that Viacom would not be opposed to a fairly popular viewpoint being broadcast. However, they have refused to run an anti-war ad by MoveOn.org and have given an alleged lame rationale.

The organization was going to pay for the ads just like any other entity would. Interestingly, “According to Boyd, the donations came rolling in�after just two hours the group had met its goal.” They raised $75,000 through an e-mail campaign in 2 hours!

Reckless Administration May Reap Disastrous Consequences

Fri, 14 Feb 2003 08:33:00 -0800

Senator Robert Byrd made this excellent speech on the negative consequences of the Bush Administrations actions and policies.

Some gems:

“To contemplate war is to think about the most horrible of human experiences. On this February day, as this nation stands at the brink of battle, every American on some level must be contemplating the horrors of war.

Yet, this Chamber is, for the most part, silent – ominously, dreadfully silent. There is no debate, no discussion, no attempt to lay out for the nation the pros and cons of this particular war. There is nothing. "

Aba Taking A Stand Against Bush Administration

Thu, 13 Feb 2003 15:32:00 -0800

A Feb 10 American Bar Association resolution “urges Congress to ensure, through appropriate legislation, regular and timely oversight, and expanded reporting requirements, that the FISA is used only when the government has a significant foreign intelligence purpose – as required by the USA PATRIOT Act – and not to circumvent the stricter Fourth Amendment warrant requirements applicable to ordinary searches and surveillances. "

The ABA also lambasted the Bush Administration for denying so-called “enemy combatants” the right to meet with counsel. The vote was overwhelming, but not unanimous. About 70 or so ABA members voted against this measure.

Patriot 2 Encryption An Aggravating Circumstance

Thu, 13 Feb 2003 15:23:00 -0800

Declan McCullagh asks a good question on the cryptography list:

When encryption is omnipresent in everything from wireless networks to hard drives to SSH clients, might the basic effect of such a law [Patriot 2] be to boost potential maximum prison terms by five years?

It is a terrible idea to presume that using encryption is an aggravating circumstance. “Why are you using encryption? You must have something to hide…”

World's Most Stupid Security Measures

Thu, 13 Feb 2003 15:16:00 -0800

“Human rights watchdog Privacy International has launched a quest to find the World’s Most Stupid Security Measure. "

https://www.theregister.co.uk/content/55/29279.html

There were some preliminary examples in discussion on the cryptography mailing list.

E Voting In Washington Say Goodbye To Election Integrity

Thu, 13 Feb 2003 14:07:00 -0800

“The most important question to ask is this:

With respect to this year’s all-electronic voting machines, is there any meaningful evidence that the vote you cast was correctly recorded – that is, evidence that there were no misconfigured systems, accidents, internal fraud, etc.? For almost all of the existing systems (with the exception of one that actually incorporates the Mercuri Mechanism, namely, Avante), the answer is an UNEQUIVOCAL NO. This is an untenable situation if you believe in election integrity, IRRESPECTIVE of your party affiliations.”