|
|
|
||||
|
| ||||
|
||||
|
||||
|
|
Wednesday, November 30, 2005 via New York Times (registration required) Security Flaw Allows Wiretaps to Be Evaded, Study FindsBy JOHN SCHWARTZ and JOHN MARKOFFPublished: November 30, 2005 The technology used for decades by law enforcement agents to wiretap telephones has a security flaw that allows the person being wiretapped to stop the recorder remotely, according to research by computer security experts who studied the system. It is also possible to falsify the numbers dialed, they said. Someone being wiretapped can easily employ these 'devastating countermeasures' with off-the-shelf equipment, said the lead researcher, Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania. 'This has implications not only for the accuracy of the intelligence that can be obtained from these taps, but also for the acceptability and weight of legal evidence derived from it,' Mr. Blaze and his colleagues wrote in a paper that will be published today in Security & Privacy, a journal of the Institute of Electrical and Electronics Engineers. A spokeswoman for the F.B.I. said 'we're aware of the possibility' that older wiretap systems may be foiled through the techniques described in the paper. Catherine Milhoan, the spokeswoman, said after consulting with bureau wiretap experts that the vulnerability existed in only about 10 percent of state and federal wiretaps today. 'It is not considered an issue within the F.B.I.,' Ms. Milhoan said. According to the Justice Department's most recent wiretap report, state and federal courts authorized 1,710 'interceptions' of communications in 2004. To defeat wiretapping systems, the target need only send the same 'idle signal' that the tapping equipment sends to the recorder when the telephone is not in use. The target could continue to have a conversation while sending the forged signal. The tone, also known as a C-tone, sounds like a low buzzing and is 'slightly annoying but would not affect the voice quality' of the call, Mr. Blaze said, adding, 'It turns the recorder right off.' The paper can be found at http://www.crypto.com/papers/wiretapping. The flaw underscores how surveillance technologies are not necessarily invulnerable to abuse, a law enforcement expert said. 'If you are a determined bad guy, you will find relatively easy ways to avoid detection,' said Mark Rasch, a former federal prosecutor who is now chief security counsel at Solutionary Inc., a computer security firm in Bethesda, Md. 'The good news is that most bad guys are not clever and not determined. We used to call it criminal Darwinism.' [WEB SECURITY] Anti frame-busting code in Internet ExplorerI thought a few of the webappsec hackers on the list would find this interesting and I hadn't seen it mentioned before. During webappsec talks, I typically recommend liberal use of JavaScript frame-busting code: <script> if(top != self) top.location.href = location.href; </script> Many websites use this technique. The code prevents the framing or iframing in of your website for nefarious purposes. Or so I thought. After a talk at Stanford University, Collin Jackson (Ph.D Student) let me know that he had Anti frame-busting code working in IE: <iframe src="fool.html" security=restricted></iframe> * pay attention to the "security=restricted Sure enough, it works. According to Collin, "Internet Explorer will not allow the JavaScript frame-busting code inside the iframe to execute, because the frame is now in the "Restricted Zone." More information and a demo available here: http://crypto.stanford.edu/framebust/ I'm not sure how far the security ramifications go, but I thought it was cool none the less. Regards, Jeremiah- ----------------------------------------------------------- Jeremiah Grossman Founder and Chief Technology Officer WhiteHat Security, Inc. www.whitehatsec.com ----------------------------------------------------------- Tuesday, November 29, 2005 via Haggis Hunt 2004/05 - Haggisclopedia - Haggis Myths Haggis MythsIt is in the nature of the haggis that it should be a creature shrouded in mystery. Over the years many misconceptions have developed about these reclusive creatures. Here we are happy to debunk the most common myths and set the record straight. A haggis is just a sheep’s stomach stuffed with meat and oatmeal.The most common mistaken belief about the haggis is that it is some kind of pudding made from sheep innards. This somewhat macabre idea dates back many centuries. Its origins lie in a Pictish fertility ceremony which featured a parade of creatures known to produce large numbers of offspring. The haggis was one such animal. However, as hunting techniques were not as sophisticated as they were then and - for reasons explained in The Haggis in Scotland’s History - haggis numbers were low, the Pictish priests often had to make do with a model for these ceremonies. Said model haggis was made from an inflated sheep bladder, hence the myth. They have one leg shorter than another. This misconception originated with a respected English commentator. However, the haggis’s legs are all the same size. Any apparent difference in length could be due to the haggis’s habit of standing in a bog to confuse predators. Quite why this would confuse a predator is unclear as the haggis would be unable to run away, being as it is stuck in a bog. Its hurdies are like a distant hill. A haggis is rarely larger than a foot long. It has a gentle rounded shape and a soft consistency. How it is like a geological feature quite escapes us. Suilven is a distant hill. It is 2,399 feet high and made from unforgiving glacier-scarred rock. Pretty unhaggislike, you would agree. We suspect that this one is down to poetic licence. Haggii live with the monster in Loch Ness. This is nonsense. Haggises are not aquatic. They are also extremely wary of any creature larger than them and would not consort with a large carnivore, even one supposed to be mythical. There is also nothing to suggest that there is any truth behind the rumour that swimming with haggises strapped to your feet will prevent monster attacks. There have been no recorded attacks on anyone by the Loch Ness monster, haggis attachments notwithstanding. posted by Gary Williams at 10:43 PM | link | via SPACE.com A Decade of Discovery: Sun-Watching SOHO Turns Ten By SPACE.com Staffposted: 29 November 2005 01:55 pm ET The Sun-watching SOHO spacecraft turns 10 this Friday, Dec. 10, having survived a trio of near-death experiences and outlasted its original mission timeline by eight years. Oh, and it has provided unprecedented pictures of the Sun, allowed the discovery of more than 1,000 comets, and served as the foundation for a space-weather forecast system that did not exist a decade ago. The Solar and Heliospheric Observatory (SOHO) is a collaboration between NASA and the European Space Agency (ESA). Its data and images have helped scientists make significant advances in understanding how the Sun works. 'It's impossible to overstate the importance of SOHO to the worldwide solar science community,' Joe Gurman, U.S. project scientist for SOHO at NASA's Goddard Space Flight Center, said today. 'In the last ten years, SOHO has revolutionized our ideas about the solar interior and atmosphere and the acceleration of the solar wind.' It's also hard to fathom how the craft endured so long. In 1998 it lost control. Three months later its gyros went kaput. And in 2003 its high-gain antenna became stuck and the mission seemed doomed yet again. via Generation Y Podcast: Episode 24: Gamer’s Edition0 comments Published by cuberds November 27th, 2005 in Episode Release. Here is Episode 24 download, Chris, Jack Gallagher and Christopher Tyler talk the 10-Year Anniversary Contest - The 10 Best Games Ever. A hearty thank you to our audio editor, Alex! The great Darren Dewey composed our opening and thanks podcastthemes.com for our closing! Shownotes are available. via New York Times (registration required) Poisonings From a Popular Pain Reliever Are on the RiseBy DEBORAH FRANKLINPublished: November 29, 2005 Despite more than a decade's worth of research showing that taking too much of a popular pain reliever can ruin the liver, the number of severe, unintentional poisonings from the drug is on the rise, a new study reports. The drug, acetaminophen, is best known under the brand name Tylenol. But many consumers don't realize that it is also found in widely varying doses in several hundred common cold remedies and combination pain relievers. These compounds include Excedrin, Midol Teen Formula, Theraflu, Alka-Seltzer Plus Cold Medicine, and NyQuil Cold and Flu, as well as other over-the-counter drugs and many prescription narcotics, like Vicodin and Percocet. The authors of the study, which is appearing in the December issue of Hepatology, say the combination of acetaminophen's quiet ubiquity in over-the-counter remedies and its pairing with narcotics in potentially addictive drugs like Vicodin and Percocet can make it too easy for some patients to swallow much more than the maximum recommended dose inadvertently. Skip to next paragraph Pep Montserrat 'It's extremely frustrating to see people come into the hospital who felt fine several days ago, but now need a new liver,' said Dr. Tim Davern, one of the authors and a gastroenterologist with the liver transplant program of the University of California at San Francisco. 'Most had no idea that what they were taking could have that sort of effect.' The numbers of poisonings, however, are still tiny in comparison with the millions of people who use over-the-counter and prescription drugs with acetaminophen. Dr. Davern and a team of colleagues from other centers led by Dr. Anne Larson at the University of Washington Medical Center in Seattle, tracked the 662 consecutive patients who showed up with acute liver failure at 23 transplant centers across the United States from 1998 to 2003. Monday, November 28, 2005 via New York Times (registration required) Gimme an Rx! Cheerleaders Pep Up Drug SalesBy STEPHANIE SAULPublished: November 28, 2005 As an ambitious college student, Cassie Napier had all the right moves - flips, tumbles, an ever-flashing America's sweetheart smile - to prepare for her job after graduation. She became a drug saleswoman. Anyone who has seen the parade of sales representatives through a doctor's waiting room has probably noticed that they are frequently female and invariably good looking. Less recognized is the fact that a good many are recruited from the cheerleading ranks. Sunday, November 27, 2005  What's Eating George Bush?By Nora EphronI'm sorry to have to return to what continues to be, for me, the Rosebud event of the second Bush term, but since I live in New York and am free from the kind of facts and 'inside information' that burden most people who write about politics, I keep thinking about the day the plane flew into the airspace while the President rode his bicycle. As you may recall, on May 11, 2005, a small plane made an unauthorized detour into the air space over the nation's Capitol, setting off a red alert. The Secret Service evacuated Dick Cheney and rushed Laura Bush to a bunker in the White House. The President was not there. He was off riding his bicycle in Beltsville, Maryland, and the Secret Service didn't notify him about the incident until it was over. At the time they claimed they didn't want to disturb his bicycle ride. It's my theory that this incident was one of the reasons for the rift between Bush and Cheney -- a rift, I'm proud to say, that I was one of the first to point out (on the Huffington Post), on the basis of no information whatsoever, and which now turns out (according to this week's Newsweek) to be absolutely true. Emboldened by the success of this deduction, I would like to ask another question that I've been wondering about for some time: What's wrong with the president? Is he fighting depression? Is he being medicated in some way that isn't quite working? What's up? I even bought a copy of one of the supermarket tabloids that alleged he'd started drinking again, but the article (like all articles in supermarket tabloids) was extremely disappointing; even the over-exciting picture of the President on the front page, holding a glass of wine, turned out to be an old irrelevant photograph of him making a toast at some banquet; there was no real evidence in the article that he was back on the sauce. But I've been wondering about what's going on with W ever since he emerged from his bizarre groundhog-like vacation and responded to Hurricane Katrina as if he were under water. He had no affect at all. He was almost robotic. His meager vocabulary seemed to have shrunk even further. He conveyed no feeling for the victims -- and this was early on, way before anyone realized how many poor people were involved. It was strange. What's so hard about cranking yourself up for hurricane victims, especially when you think they're mostly white people who have lost their second homes on the Gulf Coast? At the time I wondered if Bush was on Paxil or Lexapro, drugs that several of my friends are taking and that seem to have turned them into strangely muted versions of themselves. I asked my friend Rita, who's a shrink, but Rita is very careful about committing on subjects of this sort. She did point out, though, that sometimes, when the President talks, his mouth has a strange sideways twitch, which is apparently common in people who are on antidepressants. Actually it might have been my husband who said this, I can't remember. But I started thinking about all this again on Sunday. On the Chris Matthews Show, there was some old footage of the president from last year's presidential campaign. He was outdoors, talking to a group of people in hard hats; he was energetic, focused, confident, on top of the world. Now you could easily counter: of course he was, it was a lovely day, he was surrounded by supporters, things were going well. But the President we're seeing these days is a completely different man. He has, of course, a lot of reasons to be depressed -- no point in enumerating them, you know what they are. But most of all, I think he's depressed because the job has turned out to be so much more onerous than he expected -- he said as much to a friend of mine in September. 'You have no idea,' he said, 'how hard these five years have been.' This is a fairly breathtaking remark given the number of people who, thanks to this president, are now dead as a result of his five years in the Oval Office, but never mind. via Pharyngula::Open Thread Scott Adams ID Idiocy#49262: John Emerson — 11/17 at 08:00 AM  The thing that made up my mind for me was Adams' ridicule (in his comments section) of the idea that he should read some books by Gould or Dawkins. He essentially said that he wouldn't trust them because, as biologists, they had a conflict of interest. His silly little squibs have helped me to crystallize my abhorrence of the cheap cynicism of a whole sector of American society. These are people who believe that everyone is a scam artist, and that no one's reasoning is honest, so that what you need to do is just to figure out the angles and decide which of the players you feel best about, rather than deciding which one is right. (This kind of know-nothingism was a major factor both in Bush-Gore and Bush-Kerry. The media gaggle is full of Scott Adams closes.) Adams was basically asking for an authority to trust -- someone whom he liked, and who talked his language. He wasn't asking for reasons at all. In this he's oddly like my very nice, anti-intellectual right-wing cousins who get their political opinions ready-made from Pat Robertson and James Dobson, who they think are very nice people and who talk their language. Adams' credibility wasn't helped when someone pointed out that he was already writing cheesy little anti-evolution squibs more than five years ago. posted by Gary Williams at 9:29 AM | link | |
|
|
|
|
|
|
 |
||||
|
|||||
Quantum Tea
