« | Home | Categories | »

TSA clears Apple’s 11-inch MacBook Air to stay in carry-on at airports

Posted on October 28th, 2010 at 21:41 by John Sinteur in category: Apple, ¿ʞɔnɟ ǝɥʇ ʇɐɥʍ, Security

[Quote]:

Owners of Apple’s new 11-inch MacBook Air will not have to remove the thin-and-light notebook from their bag at security checkpoints in U.S. airports, the Transportation Security Administration has announced.

MacBook Air: fine, no problem.

Nike Air: Take them off!!!!


Write a comment

Firms Knew of Cement Flaws Before Spill, Panel Says

Posted on October 28th, 2010 at 21:40 by John Sinteur in category: News

[Quote]:

Halliburton knew weeks before the fatal explosion of the Macondo well in the Gulf of Mexico that the cement mixture they planned to use to seal the bottom of the well was unstable but still went ahead with the job, the presidential commission investigating the accident said on Thursday.

[..]

Jesse Gagliano, a Halliburton technical adviser, told federal investigators in Houston in August that the company was confident in the cement job. He said Halliburton initially recommended that BP use a well design with more devices called “centralizers.” But even after BP chose to use six centralizers instead of the recommended 21, Halliburton believed the cement would work properly, Mr. Gagliano said.

Imagine if these guys were cancer doctors. Gee Mr. Jones – you look great. No need to look for tumors!


Write a comment

iPad Magazine Stand

Posted on October 28th, 2010 at 21:15 by John Sinteur in category: Apple

[Quote]:

My opinion about iPad-based magazines is that they run counter to how people use tablets today and, unless something changes, will remain at odds with the way people will use tablets as the medium matures. They’re bloated, user-unfriendly and map to a tired pattern of mass media brands trying vainly to establish beachheads on new platforms without really understanding the platforms at all.

The fact of the matter is that the mode of reading that a magazine represents is a mode that people are decreasingly interested in, that is making less and less sense as we forge further into this century, and that makes almost no sense on a tablet. As usual, these publishers require users to dive into environments that only negligibly acknowledge the world outside of their brand, if at all — a problem that’s abetted and exacerbated by the full-screen, single-window posture of all iPad software. In a media world that looks increasingly like the busy downtown heart of a city — with innumerable activities, events and alternative sources of distraction around you — these apps demand that you confine yourself to a remote, suburban cul-de-sac.


Write a comment

Comments:

  1. So the device we don’t need doesn’t work well with the apps we didn’t ask for. Wow.

  2. Yes, why would you want to read only one thing at a time?

Companies fight to keep global warming data secret

Posted on October 28th, 2010 at 17:51 by John Sinteur in category: News

[Quote]:

Some of the country’s largest emitters of heat-trapping gases, including businesses that publicly support efforts to curb global warming, don’t want the public knowing exactly how much they pollute.

Oil producers and refiners, along with manufacturers of steel, aluminum and even home appliances, are fighting a proposal by the Environmental Protection Agency that would make the amount of greenhouse gas emissions that companies release — and the underlying data businesses use to calculate the amounts — available online.

While gross estimates exist for such emissions from transportation and electricity production and manufacturing as a whole, the EPA is requiring companies for the first time to submit information for each individual facility.

The companies say that disclosing details beyond a facility’s total emissions to the public would reveal company secrets by letting competitors know what happens inside their factories. More importantly, they argue, when it comes to understanding global warming, the public doesn’t need to know anything more than what goes into the air.


Write a comment

Comments:

  1. They sound a bit anxious about this, don’t they? Kind of like law-making and sausages – you REALLY don’t want to know what goes into them…

  2. What is this the war on *terror*? Secrets? Are they protecting national security?

Adobe Reader browse-and-get-pwned 0day under attack

Posted on October 28th, 2010 at 17:02 by John Sinteur in category: Security

[Quote]:

Adobe has confirmed reports that yet another unpatched vulnerability in the latest versions of its ubiquitous software is being actively exploited to infect end users with data-stealing malware.

The vulnerability exists in Adobe’s Reader document viewer and Flash Media Player for Windows, OS X and Unix operating systems, Adobe warned on Thursday. According to independent researchers, it is being exploited in the wild against Reader for Windows to install a nasty trojan known as Wisp, which according to Microsoft, steals sensitive user data and installs a backdoor on compromised systems.

The vulnerability itself resides in Adobe’s Flash Player, which is available as stand alone software and is also embedded into Reader. According to researcher Mila Parkour of the Contagio Malware Dump blog, poisoned PDF documents are circulating that drop two malicious binaries onto Windows machines that open the document files.


Write a comment

Comments:

  1. 1000 and 1 reasons why using Linux is a good idea…

  2. I read it as “1000 reasons to use the FlashBlock extension in FireFox, and to never install acrobat reader…”

Over 100,000 stops-and-searches: zero terrorists

Posted on October 28th, 2010 at 17:00 by John Sinteur in category: Privacy, Security

[Quote]:

When it comes to wasting police time, the biggest offenders appear to be…the police. That, at least, appears to be the conclusion of the Home Office. Its official statistics, published today, show that while police stopped over 100,000 individuals last year to “prevent acts of terrorism”, there was not a single arrest for a terror offence as a result of these stops.

This perhaps is the final nail in the coffin for the widely criticised section 44 of the Terrorism Act 2000, which gives police forces powers to stop and search individuals – in so-called “designated areas” – to prevent acts of terrorism without the need for reasonable grounds of suspicion. According to today’s report: “In 2009/10, 101,248 stops-and-searches were made under this power.

The report continues: “[This] represents a 60 per cent decrease since 2008/9. Compared with the same quarter of 2008/9, the number of searches carried out in Jan-March 2010 fell by 77 per cent, down to 14,214.”

One reason for the decline may be the fact that in July of this year – following a European Court ruling that finally established that the power granted under s44 was too wide and therefore unlawful – the Home Secretary herself required police forces to stop using it.


Write a comment

Proactive IT security

Posted on October 28th, 2010 at 14:15 by John Sinteur in category: Privacy, Security

[Quote]:

It is all over the news, the Dutch National High Tech Crime Unit took down the Bredolab botnet. Kudos for that, bringing down a botnet with 30 million bots is not an easy task. The C&C servers were taken down and taken over. To notify owners of infected machines a small executable will be send to infected machines that will show a popup that your computer is infected. You can view the page here…

Now, this gesture is nice, but it brings in a few problems…

First, the executable is very small, 8kb only, not encrypted, not compressed, beyond all, not signed. All it will do is actually open this page.

What will prevent people from modifying the URL to point to some malicious webpage and distribute the executable? A researcher at FireEye still found a C&C server active on the Bredolab Botnet. What if this server starts to serve this modified executable to systems that are still infected? You can imagine what would happen…

Second, in the future, the same technique may be used by rogue anti-virus to tell you that your system is infected and tells you to download this super-duper solution (which of course will only continue to make the problem worse).

A third problem here is a legal one… It may not be legal at all in all countries in the world to “plant” this executable that shows the warning on infected systems. Basically you are knowingly trespassing that system…

It’s like the police breaking in and entering to tell you a burglar has been in your house and that you should replace your crappy lock. Very questionable.


Write a comment

Comments:

  1. After all, what could POSSIBLY go worng! (sic) …

  2. When a burglar busts a window at my house and steals stuff, and a neighbor calls thd police, I expect the police will enter my house to investigate and leave a business card with contact info. Is this materially different? The security breach has already happened, police are not creating a new one.

  3. The security breach has already happened, police are not creating a new one.

    You missed the part where the police uploaded an executable. The police doesn’t just leave a business card, they added two cellar doors and an extra roof window in your house.

  4. I must be missing something. The police have control of the botnet C&C machines. The malware on the infected machines already allows anyone with C&C control to inject binaries to the infected machines, and the police are just using this open door. How are there new holes?

  5. How are there new holes?

    As I said – they uploaded an executable.

    Or do you think it is bug free?

  6. An 8k executable that basically does nothing but call ShellExecute(“open”, “http://www.youreinfected.com”)? Can you describe the plausible exploits?

    Maybe what they’re doing is replacing the botnet binary that contacts the C&C server and which enables the binary injection with this new innocuous binary.

  7. Oh dear. No, I can’t, but if that would be all it did, it would be smaller than 8K. So there’s probably be a bit more. But don’t overestimate the safety of simple program.

    Let’s take a sample program:

    #include <stdio.h>

    int main(int argc, char **argv)
    {
    printf (“Hello World…\n”);
    return 0;
    }

    Looks perfect, right?

    Not if it segfaults your machine. It’s not just the simple program, but its interaction with the rest of the world.

  8. You have to argue that the situation is getting noticably worse than having a malware executable already installed that enables injection of new binaries. Are they *really* likely to make it more vulnerable? You know more about security than I do by a large margin, so there’s probably something to your intuition, but you’re not convincing me at all here.

    What’s the recommended alternate way of dealing with infected systems?

  9. And my intuition is probably tuned to playing it safe. And on top of that – you’re only looking at the effects of this particular one case, and not at the implications in other situations.

    What’s the recommended alternate way of dealing with infected systems?

    Exactly. That’s the big one. There’s no recommended way, let alone an alternate way. And any way you come up with is probably only going to work in a limited set of jurisdictions.

    Suppose you have software on your PC in Luxembourg that is considered ‘unclean’ under Sharia law in Iran. Suppose the police in Tehran has a way to upload a small, 8K binary to your system that opens to a web page with “You’re breaking Sharia law!”

    How is that legally different from what the cops did in this case? There’s probably plenty of jurisdictions where having a PC that’s part of a botnet is not against the local law.

    Would the owner of a botnet PC in such a country be annoyed with the botnet? Probably. Does that justify uploading binaries to his computer?

    And yes, being part of a botnet has secondary consequences – for other computers, in yet other countries, and software that breaks Sharia law probably doesn’t do that, which makes the situation different. But where to draw the line?

  10. I recognize that the situation is tricky in theoretical ways. I’m really surprised that you’re raising all those angles given that you’re generally a can-do kind of guy. If you were part of the team taking down the botnet and you had to make a recommendation, what would it be? Can you think of a less invasive way to proceed? Do you do nothing about the zombies, leaving them available to be picked back up by a next botnet?

  11. Excellent question. If I were in a technical advisory role I would lay out all the technical risks to senior management, tell them on technical grounds the risks are low enough to go ahead with the upload. I would then advice them to talk to the attorney general about the legal issues, and that as a layman I would expect the attorney general to veto it. I would also tell senior management that I would refuse to deploy the fix without written approval from the attorney general.

  12. And here‘s another reason not to attempt to upload a binary…

Mayor Mitch Landrieu wants to dump city’s crime cameras

Posted on October 28th, 2010 at 14:10 by John Sinteur in category: Privacy, Security

[Quote]:

In seven years, New Orleans’ crime camera program has yielded six indictments: three for crimes caught on video and three for bribes and kickbacks a vendor is accused of paying a former city official to sell the cameras to City Hall.

Given that ignominious track record and the millions the city has paid for a camera network that rarely worked, Mayor Mitch Landrieu unceremoniously pulled the plug on the project Thursday.


Write a comment

Democrats: ‘If We’re Gonna Lose, Let’s Go Down Running Away From Every Legislative Accomplishment We’ve Made’

Posted on October 28th, 2010 at 13:26 by John Sinteur in category: News

[Quote]:

Conceding almost certain Republican gains in next month’s crucial midterm elections, Democratic lawmakers vowed Tuesday not to give up without making one final push to ensure their party runs away from every major legislative victory of the past two years.

Party leaders told reporters that regardless of the ultimate outcome, they would do everything in their power from now until the polls closed to distance themselves from their hard-won passage of a historic health care overhaul, the toughest financial regulations since the 1930s, and a stimulus package most economists now credit with preventing a second Great Depression.

"There’s a great deal on the line, and we know it isn’t going to be easy for us," said Senate Majority Leader Harry Reid (D-NV), speaking from the steps of the Capitol. "But if we suffer defeat, we will do so knowing we cowered away from absolutely anything we produced that was even remotely progressive or valuable in any way."

"And we will keep cowering right up until Election Day," Reid continued. "From Maine to Hawaii, in big cities and small towns, we will collapse into a fetal position and refuse to take credit for our successes anywhere voters could conceivably be swayed by learning what we have achieved on their behalf."


Write a comment

O’Donnell threatened to sue radio station

Posted on October 28th, 2010 at 12:52 by John Sinteur in category: Foyer of Ennui (just short of the Hall of Shame)

[Quote]:

Christine O’Donnell, the surprise Tea Party-backed Senate candidate in Delaware, threatened to sue a local radio station if it did not turn over a videotape of an interview it conducted with her.

O’Donnell’s campaign later apologized to the station for the threat, WDEL reports.

O’Donnell appeared on WDEL’s "The Rick Jensen Show" Tuesday, during which she fielded several questions from listeners and the host. Upon the conclusion of the interview, an O’Donnell aide demanded video of the interview be turned over to the campaign and destroyed because such videotaping had not been previously approved.

It was then, according to WDEL, that O’Donnell herself threatened to sue the station if it did not comply with the request. WDEL also says it later fielded a phone call from O’Donnell campaign manager Matt Moran, who threatened to "crush" the station with a lawsuit if it did not agree to turn over the tape.

WDEL’s attorney was soon involved and told the campaign there was nothing illegal about videotaping the interview for later use on the station’s website and added that such action is protected by the First Amendment.

Upon further investigation, WDEL says O’Donnell’s attorney called the station to apologize for the uproar and threat of litigation.


Write a comment

Kentucky Stomper Wants An Apology From Woman He Assaulted

Posted on October 28th, 2010 at 12:46 by John Sinteur in category: ¿ʞɔnɟ ǝɥʇ ʇɐɥʍ, Foyer of Ennui (just short of the Hall of Shame)

[Quote]:

Tim Profitt — the former Rand Paul volunteer who stomped on the head of a MoveOn activist — told told local CBS station WKYT that he wants an apology from the woman he stomped and that she started the whole thing.

"I don’t think it’s that big of a deal," Profitt said. "I would like for her to apologize to me to be honest with you."


Write a comment

Comments:

  1. Man, what a dick, that’s all I can say

  2. Nah, not a dick, just a typical right wing brown shirt thug well schooled in the art of blame the victim. Stomping a woman’s head is indicative of no dick IMO.

Every cop in town quits after Mexico attack

Posted on October 28th, 2010 at 12:16 by John Sinteur in category: News

[Quote]:

The entire police force of a small northern Mexican town quit after gunmen attacked their recently inaugurated headquarters, according to local reports on Wednesday.

Los Ramones Mayor Santos Salinas said nobody was injured in Monday night’s attack, during which gunmen fired more than 1,000 bullets at the building’s facade, according to Noroeste newspaper’s website. Six grenades, of which three detonated, were also flung at the building, the newspaper reported.


Write a comment

Drug company whistleblower wins big

Posted on October 28th, 2010 at 12:15 by John Sinteur in category: News

[Quote]:

Cheryl Eckard, the former global quality assurance manager of GlaxoSmithKline, will receive $96m of a settlement to be paid by the pharmaceutical company to settle allegations that it knowingly manufactured and sold adulterated drugs, federal prosecutors in Massachusetts say.

Carmen Ortiz, the US lawyer involved in the case, announced on Tuesday that the London-based company will pay $150m in criminal fines and $600m in civil penalties related to faulty manufacturing processes at its plant in Cidra, Puerto Rico.

As a whistle-blower under the federal False Claims Act, Eckard will receive $96m of the settlement paid by the company.

Getnick & Getnick, the New York-based law firm that represented Eckard, believes her award is the biggest US whistleblower award in history.

"This is not something I ever wanted to do, but because of patient safety issues, it was necessary,” Eckard said following news of the settlement.


Write a comment

Aussie Kids Foil Finger Scanner With Gummi Bears

Posted on October 28th, 2010 at 10:59 by John Sinteur in category: Security

[Quote]:

An Australian high school has installed “secure” fingerprint scanners for roll call for senior students, which savvy kids may be able to circumvent with sweets from their lunch box. The system replaces the school’s traditional sign-in system with biometric readers that require senior students to have their fingerprints read to verify attendance.
The school principal says the system is better than swipe cards because it stops truant kids getting their mates to sign-in for them. But using the Gummi Bear attack, students can make replicas of their own fingerprints from gelatine, the ingredient in Gummi Bears, to forge a replica finger. The attack worked against a bunch of scanners that detect electrical charges within the human body, since gelatine has virtually the same capacitance as a finger’s skin


Write a comment

MoveOn.org: RepubliCorp

Posted on October 28th, 2010 at 7:15 by John Sinteur in category: News

[Quote]:

See our members posing as RepubliCorp—a fictitious merger between giant corporations and the Republican Party—to highlight that right-wing groups funded by Big Oil and Wall Street are spending $400 million to take over Congress for the Republicans.


Write a comment

BP dispersants ‘causing sickness’

Posted on October 28th, 2010 at 7:12 by John Sinteur in category: News

[Quote]:

Two-year-old Gavin Tillman of Pass Christian, Mississippi, has been diagnosed with severe upper respiratory, sinus, and viral infections. His temperature has reached more than 39 degrees since September 15, yet his sicknesses continue to worsen.

His parents, some doctors, and environmental consultants believe the child’s ailments are linked to exposure to chemicals spilt by BP during its Gulf of Mexico oil disaster.

Gavin’s father, mother, and cousin, Shayleigh, are also facing serious health problems. Their symptoms are being experienced by many others living along the coast of the Gulf of Mexico.


Write a comment