Re: [funsec] Apple has a new toy

[Tomas L. Byrnes]

OK, since it's FUN sec:

God is Dead: Friedrich Wilhelm Nietzsche, The Gay Science 1882

Friedrich Wilhelm Nietzsche is Dead, God, August 25 1900



 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
 On Behalf Of Randal T. Rioux
 Sent: Thursday, January 28, 2010 8:13 PM
 To: funsec@linuxbox.org
 Subject: Re: [funsec] Apple has a new toy
 
 Apple is dead.
 
 Randy
 
 //had to do it, sorry Joel.
 
 On Thu, January 28, 2010 4:28 pm, Joel Esler wrote:
  Flash is dead.
 
  -- Joel Esler
 
  On Jan 28, 2010, at 4:10 PM, Tomas L. Byrnes t...@byrneit.net
 wrote:
 
  Since it doesn't have Flash support, it's not even useful for that.
 
 
  -Original Message- From: funsec-boun...@linuxbox.org
  [mailto:funsec- boun...@linuxbox.org] On Behalf Of David Lodge
 Sent:
  Thursday, January 28, 2010 6:05 AM To: Juha-Matti Laurio;
  chaim.rie...@gmail.com; funsec@linuxbox.org Subject: Re: [funsec]
  Apple has a new toy
 
 
  http://blog.flurry.com/bid/30019/Apple-Tablet-The-Second-Stage-
 Media-
  Booster-Rocket
 
  As suspected, it's just a big iPod touch. It should probably be
  renamed the iPr0n; as I bet that's all it'll be used for...
 
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] news: Confidential Shell database published on web

[Juha-Matti Laurio]

Thanks for sharing.
This started during week 6:
http://royaldutchshellplc.com/2010/02/04/potentially-disastrous-data-security-breach-at-shell/

Juha-Matti

Shawn Merdinger [shawn...@gmail.com] kirjoitti: 
 1.  
 http://business.timesonline.co.uk/tol/business/industry_sectors/natural_resources/article7024417.ece
 
 Royal Dutch Shell was at the centre of a major security breach last
 night after the names and telephone numbers of tens of thousands of
 the oil companys staff were circulating freely on the internet.  The
 details of up to 170,000 workers and contractors linked to the
 company, including some workers addresses, were contained in a
 database of Shells global workforce.
 
 2.  
 http://royaldutchshellplc.com/2010/02/12/contact-details-for-17-shell-employees-a-prize-for-hackers/
 
 ...the company subsequently told the press, including the FT, that
 the database leak was not a security risk.
 
 3.  
 http://royaldutchshellplc.com/2010/02/12/which-shell-official-lied-about-employee-data-breach-implications/
 
 the leak is no more dangerous than handing out business cards
 
 
 cheers,
 --scm


___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] Global Warming redux

[Alex Eckelberry]

Shows both sides of the argument.

http://www.informationisbeautiful.net/visualizations/climate-change-deniers-vs-the-consensus/


___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Global Warming redux

[Larry Seltzer]

It's actually already a bit out of date if you ask me. 

 

See Phil Jones's interview with the BBC the other day:

http://news.bbc.co.uk/2/hi/science/nature/8511701.stm

and http://news.bbc.co.uk/2/hi/science/nature/8511670.stm

 

He's hedging, for example, on whether the Medieval Warming Period was
warmer than today.

 

I also have problems with the term consensus. It reminds me of
Bolshevik (meaning majoritarian)

 

From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
On Behalf Of Alex Eckelberry
Sent: Monday, February 15, 2010 9:31 AM
To: funsec@linuxbox.org
Subject: [funsec] Global Warming redux

 

Shows both sides of the argument. 

 

http://www.informationisbeautiful.net/visualizations/climate-change-deni
ers-vs-the-consensus/

 

 

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] i lost my buzz with Google Buzz...

[Shawn Merdinger]

hi Michal,

thanks for the insight, and you're right in your assessment of the
value of my unsolicited rant.  in the future, i'll give my posts more
consideration and try to instill some value.

fwiw, i did write that 4 days ago (not sure what the delay was in
getting to the list) and since then, a number of people have
complained about Google Buzz.

afaik, revised the Buzz privacy settings twice in as many days.

also, according to the NYT, EPIC is considering a lawsuit:
http://www.nytimes.com/2010/02/13/technology/internet/13google.html

Mr. Rotenberg said that his organization planned to file a complaint
with the Federal Trade Commission claiming that the Google’s use of
e-mail conversations to build a social network was unfair and
deceptive.

and EFF has published a page on how to Protect Your Privacy on Google Buzz

http://www.eff.org/deeplinks/2010/02/protect-your-privacy-google-buzz

cheers,
--scm








On Mon, Feb 15, 2010 at 2:30 AM, Michal Zalewski lcam...@coredump.cx wrote:
 Too bad nobody came up with a communication tool where random, hastily
 written, unsolicited statements about your daily life would fit better
 than on this mailing list. Maybe one day?

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] NYT: Medical Radiation: A Plan Goes Wrong

[Bill Weiss]

Shawn Merdinger(shawn...@gmail.com)@Fri, Jan 29, 2010 at 04:15:59PM -0500:
 fyi,
 
 Via RISKS:  http://catless.ncl.ac.uk/Risks/25.93.html
 
 A New York City hospital treating him for tongue cancer had failed to
 detect a computer error that directed a linear accelerator to blast
 his brain stem and neck with errant beams of radiation. Not once, but
 on three consecutive days.  Mr. Jerome-Parks died several weeks later
 in 2007. He was 43.
 
 NYT Article:  http://www.nytimes.com/2010/01/24/health/24radiation.html
 NYT Slideshow:
 http://www.nytimes.com/slideshow/2010/01/24/us/20100124RADIATION1_index.html

At least we learn from our lessons... wait, maybe not:
http://en.wikipedia.org/wiki/Therac-25

-- 
Bill Weiss
 
How To Write Good
 35. Don't never use no double negatives.

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] 95% of User Generated Content is spam or malicious

[Rich Kulawiec]

On Sun, Feb 14, 2010 at 03:41:16PM -0800, Tomas L. Byrnes wrote:
 Threatstop users running the default TS blocklists on their firewalls
 before the anti-spam systems see, typically, 15% to 25% reduction in
 average SMTP traffic, and a reduction of peak SMTP traffic to 1/4 of
 what it is without ThreatSTOP. 

chuckle I'm wy past that.  I've cut down the number of incoming
connections by about 90% via judicious use of the DROP list, country
blocks (see ipdeny.com), spammer-allocated blocks, etc. at the firewall.

In one installation, I've gone the other way: all SMTP connections
are blocked except those originating in North America (less those on
the DROP list or in spammer-allocated blocks).

The default-permit model for SMTP is on its way out, and it makes
progressively less sense to spend ever-increasing resources to
sustain it.  But judicious study of inbound/outbound mail traffic
is very necessary before trying something like this.  (Then again:
how could any postmaster possibly know how well they're doing unless
they measure it?  Sadly, very, very few actually do.)

---Rsk
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] 95% of User Generated Content is spam or malicious

[Tomas L. Byrnes]

DROP and Country blocks are part, but only part, of the ThreatSTOP
feeds.

If you're not using Bogons, DShield, Shadowserver, and the SRI MTC,
you're missing the recon bots, new malware drive-by seeds, and the CCs.

We've got those, and more, including some of our own developed using
cross-correlation and user log submission.

ThreatSTOP is pretty much about aggregating the best practices blocks
such as you have listed, and constantly tracking which ones stay
current, and making them easy to use and dynamically updated across
multiple platforms.

Sounds like you're doing what I was doing when I came up with the
underlying idea, and was having to write a new script for each new type
of firewall or new list I wanted to use, and said There has to be a
better way, looked for one, didn't find it, and so decided to build it!

Stay safe!



 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
 On Behalf Of Rich Kulawiec
 Sent: Monday, February 15, 2010 8:46 AM
 To: funsec@linuxbox.org
 Subject: Re: [funsec] 95% of User Generated Content is spam or
 malicious
 
 On Sun, Feb 14, 2010 at 03:41:16PM -0800, Tomas L. Byrnes wrote:
  Threatstop users running the default TS blocklists on their
firewalls
  before the anti-spam systems see, typically, 15% to 25% reduction in
  average SMTP traffic, and a reduction of peak SMTP traffic to 1/4 of
  what it is without ThreatSTOP.
 
 chuckle I'm wy past that.  I've cut down the number of incoming
 connections by about 90% via judicious use of the DROP list, country
 blocks (see ipdeny.com), spammer-allocated blocks, etc. at the
 firewall.
 
 In one installation, I've gone the other way: all SMTP connections
 are blocked except those originating in North America (less those on
 the DROP list or in spammer-allocated blocks).
 
 The default-permit model for SMTP is on its way out, and it makes
 progressively less sense to spend ever-increasing resources to
 sustain it.  But judicious study of inbound/outbound mail traffic
 is very necessary before trying something like this.  (Then again:
 how could any postmaster possibly know how well they're doing unless
 they measure it?  Sadly, very, very few actually do.)
 
 ---Rsk
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] i lost my buzz with Google Buzz...

[Valdis . Kletnieks]

On Mon, 15 Feb 2010 08:49:33 EST, Joel Esler said:
 I've already started blocking people I don't trust.

I think the words you're looking for, and Google didn't find either, are
default deny.


pgpVodj3oGb4M.pgp
Description: PGP signature
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] i lost my buzz with Google Buzz...

[Joel Esler]

Correct.

--
Joel Esler
302-223-5974
Sent from my iPhone

On Feb 15, 2010, at 12:50 PM, valdis.kletni...@vt.edu wrote:

 On Mon, 15 Feb 2010 08:49:33 EST, Joel Esler said:
 I've already started blocking people I don't trust.

 I think the words you're looking for, and Google didn't find either,  
 are
 default deny.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Death porn, media, and socmedia

[Rob, grandpa of Ryan, Trevor, Devon Hannah]

Date sent:  Sat, 13 Feb 2010 23:06:03 -0500
From:   Dan Kaminsky d...@doxpara.com

 Interesting article, where the Own The Podium link is pretty much
 admitted, BUT (and this is rather important) it's claimed this is a
 problem in Luge,and winter sports,  *in general*.
 
 http://www.ctvolympics.ca/news-centre/newsid=8935.html

I'm not a big fan of Own the Podium in any case, but I don't think it can be 
a 
factor here:

http://www.vancouversun.com/sports/2010wintergames/Georgian+president+Thank
s+caring+Canada/2566138/story.html

In fact, it turns out Friday's fatal run was Kumaritashvili's 26th time down 
the 
track. His first nine, last November, were uneventful. They were all from the 
novice, junior or women's start location. In 16 of his next 17 runs, he took on 
the 
full men's run, and Friday's crash was his fourth -- three of them on the same 
Corner 16 that was the beginning of the end.

Lugers from overseas were training on the track a year ago.

Interestingly, the fact that all runs are now being done from the women's 
start, 
which reduces the speed by about 10km/h, is prompting complaints from some 
who are saying the slower track gives an advantage ... (etc)

==  (quote inserted randomly by Pegasus Mailer)
rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
First we thought the PC was a calculator.  Then we found how to
turn numbers into letters with ASCII -- and we thought it was a
typewriter.  Then we discovered graphics, and we thought it was
a television.  With the World Wide Web, we've realized it's a
brochure. --Douglas Adams
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored http://twitter.com/rslade
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Death porn, media, and socmedia

[Dan Kaminsky]

On Feb 15, 2010, at 3:33 PM, Rob, grandpa of Ryan, Trevor, Devon   
Hannah rmsl...@shaw.ca wrote:

 Date sent:  Sat, 13 Feb 2010 23:06:03 -0500
 From:   Dan Kaminsky d...@doxpara.com

 Interesting article, where the Own The Podium link is pretty much
 admitted, BUT (and this is rather important) it's claimed this is a
 problem in Luge,and winter sports,  *in general*.

 http://www.ctvolympics.ca/news-centre/newsid=8935.html

 I'm not a big fan of Own the Podium in any case, but I don't think  
 it can be a
 factor here:

 http://www.vancouversun.com/sports/2010wintergames/Georgian+president+Thank
 s+caring+Canada/2566138/story.html

 In fact, it turns out Friday's fatal run was Kumaritashvili's 26th  
 time down the
 track. His first nine, last November, were uneventful. They were all  
 from the
 novice, junior or women's start location. In 16 of his next 17 runs,  
 he took on the
 full men's run, and Friday's crash was his fourth -- three of them  
 on the same
 Corner 16 that was the beginning of the end.

 Lugers from overseas were training on the track a year ago.

Own the Podium is on the record saying they need to limit how many  
runs foreigners get, specifically to maximize Canadian chances to win.  
So they're definitely restricting access.

Or do you think it's a coincidence that this guy's first serious runs  
were mere days before the event opened up?

The real question is if a large number of nonfatal crashes might have  
been enough to cause alterations to the track to compensate. Hard to  
know the answer to that. I will say it's worth looking at the  
statistics for luge to see the difference this advantage profers.



 Interestingly, the fact that all runs are now being done from the  
 women's start,
 which reduces the speed by about 10km/h, is prompting complaints  
 from some
 who are saying the slower track gives an advantage ... (etc)


One more death and the event would be cancelled entirely. Don't think  
they didn't consider it.

 ==  (quote inserted randomly by Pegasus Mailer)
 rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
 First we thought the PC was a calculator.  Then we found how to
 turn numbers into letters with ASCII -- and we thought it was a
 typewriter.  Then we discovered graphics, and we thought it was
 a television.  With the World Wide Web, we've realized it's a
 brochure. --Douglas Adams
 victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/ 
 index.html
 http://blogs.securiteam.com/index.php/archives/author/p1/
 http://twitter.com/NoticeBored http://twitter.com/rslade
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] [psysec] Personal Story, Tactical Communication and Conversation Manipulation

[Gadi Evron]

On 2/16/10 12:04 AM, Vaughn, Randal L. wrote:

 On Feb 14, 2010, at 10:46 AM, Gadi Evron wrote:

 Going back home from meeting friends for a beer, I was excited. It's not
 often that I encounter something cool to do, which appeals to my youth's
 old tactical nature. When it does, I jump it! This is a story of how
 someone tried to manipulate me, and how I countered.

 The two friends with me discussed a fascinating topic I didn't even know
 existed, and simply because I saw that I could do so, I decided to bring
 this topic to a larger audience, creating a mini-conference on the subject.

 First on my list was to find a location, so I contacted a local academic

 http://courses.georgetown.edu/index.cfm?Action=ViewCourseID=PHIL-180AcademicYear=2007

Now, that is cool.



 perhaps?



-- 
Gadi Evron,
g...@linuxbox.org.

Blog: http://gevron.livejournal.com/
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Draft paper submission deadline is extended: ISP-10

[Gadi Evron]

On 2/15/10 6:01 PM, Rich Kulawiec wrote:
 On Thu, Feb 04, 2010 at 06:37:28PM -0500, James Heralds wrote:
 Draft paper submission deadline is extended: ISP-10

 This is a fake conference spammer.  I'll follow up with more later
 but for now I recommend (a) removing this spammer from the list
 and (b) blacklisting him/her/them permanently.  While you're at it,
 these addresses should be blacklisted as well -- they belong to
 the same gang:

   amgs...@yahoo.com
   devi...@gmail.com
   imecs_2...@iaeng.org
   imecs_2...@iaeng.org
   natty2...@gmail.com
   wce_2...@iaeng.org
   wcecs_2...@iaeng.org


It was held in moderation for a while until I went on my monthly 
approval hunt. I will remove.

Thanks Rich!

Gadi.


 ---Rsk
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.



-- 
Gadi Evron,
g...@linuxbox.org.

Blog: http://gevron.livejournal.com/
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Apple has a new toy

[Tomas L. Byrnes]

Let's face it, do you think it's a coincidence that Pr0n is delivered
via Flash?


Maybe we should just call Pr0n deliverers Flashers? :-p


 -Original Message-
 From: Joel Esler [mailto:esl...@gmail.com]
 Sent: Thursday, January 28, 2010 7:14 PM
 To: Tomas L. Byrnes
 Cc: Dragos Ruiu; funsec@linuxbox.org
 Subject: Re: [funsec] Apple has a new toy
 
 You seem to know a lot about that kind of thing Tom.  ;)
 
 --
 Joel Esler
 
 On Jan 28, 2010, at 9:53 PM, Tomas L. Byrnes t...@byrneit.net
 wrote:
 
  NO argument here, but that is in the future, for now, if you want
 pr0n
  on your iPad, you're SOL.
 
 
 
  -Original Message-
  From: Joel Esler [mailto:esl...@gmail.com]
  Sent: Thursday, January 28, 2010 5:27 PM
  To: Tomas L. Byrnes
  Cc: Dragos Ruiu; funsec@linuxbox.org
  Subject: Re: [funsec] Apple has a new toy
 
  Html5 will kill it.
 
  --
  Joel Esler
 
  On Jan 28, 2010, at 7:52 PM, Tomas L. Byrnes t...@byrneit.net
  wrote:
 
  Not for Pr0n.
 
 
 
  -Original Message-
  From: Dragos Ruiu [mailto:d...@kyx.net]
  Sent: Thursday, January 28, 2010 2:09 PM
  To: Joel Esler
  Cc: Tomas L. Byrnes; funsec@linuxbox.org
  Subject: Re: [funsec] Apple has a new toy
 
 
  On 28-Jan-10, at 1:28 PM, Joel Esler wrote:
 
  Flash is dead.
 
  mpython It's just a fleshwound... /mpython
 
 
  --
  World Security Pros. Cutting Edge Training, Tools, and Techniques
  Vancouver, Canada March 22-26  http://cansecwest.com
  Amsterdam, Netherlands June 16/17 http://eusecwest.com
  pgpkey http://dragos.com/ kyxpgp
 
 
 
 
 

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Draft paper submission deadline is extended: ISP-10

[Rich Kulawiec]

On Mon, Feb 15, 2010 at 11:01:58AM -0500, Rich Kulawiec wrote:
 This is a fake conference spammer.

There's an entire gang of scamming spammers behind these fake conferences.
They've been hammering Usenet for years and occasionally hit mailing lists
as well.  All the conferences are complete bullshit: any paper submitted
(including those comprised of gibberish) will be accepted *as long as the
fee is paid* and that's why they're running the scam.

This particular address has been sending out these recently:

Draft paper submission deadline is extended: AIPR-10, Orlando, USA
Draft paper submission deadline is extended: BCBGC-10, Orlando, USA
Draft paper submission deadline is extended: CCN-10, Orlando, USA
Draft paper submission deadline is extended: HPCS-10
Draft paper submission deadline is extended: ISP-10
Draft paper submission deadline is extended: IVPCV-10, Orlando, USA
Draft paper submission deadline is extended: MULTICONF-10, Orlando, 
Draft paper submission deadline is extended: SETP-10
Draft paper submission deadline is extended: TMFCS-10, Orlando, USA

And no, it's not an accident that they're all in Orlando: that's also
part of the scam.

A brief write-up on these:

http://copy-shake-paste.blogspot.com/2008/12/fake-conferences.html

A bunch of these scam conferences reference www.promoteresearch.org, which
should also be blacklisted permanently, as it's apparently the mothership
for a lot of this activity.  (Obfuscated registration, one of the hallmarks
of spammers, phishers, and other scumbags.)

If anybody's interested in about 800 samples of their spew, let me know
and I'll get it to you.

---Rsk
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Helsinki

[Tomas L. Byrnes]

Has Randy settled on Scandanavia versus Australia for ISOI?

I have ThreatSTOP users in Norway and Australia, and just need to know
who to visit.



 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
 On Behalf Of Drsolly
 Sent: Friday, January 29, 2010 4:02 PM
 To: funsec@linuxbox.org
 Subject: [funsec] Helsinki
 
 I will be in Helsinki on May 26 and 27.
 
 http://caro2010.org
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'

[Tomas L. Byrnes]

You mean, kind of like Youtube, which is a Cat-atrophy of the mind?

http://www.youtube.com/results?search_query=kittenssearch_type=aq=1oq
=kitte




 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
 On Behalf Of Larry Seltzer
 Sent: Monday, February 01, 2010 5:29 PM
 To: Paul Ferguson; funsec
 Subject: Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'
 
 A cyber war would be worse than a tsunami -- a catastrophe...
 
 Wow, and the 2004 Indian Ocean tsunami killed (re: Wikipedia) almost
 230,000 people. How many millions would die in a cyberwar?
 
 I see potential for sarcastic science fiction in this
 
 Larry Seltzer
 Contributing Editor, PC Magazine
 larry_selt...@ziffdavis.com
 http://blogs.pcmag.com/securitywatch/
 
 
 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
 On Behalf Of Paul Ferguson
 Sent: Monday, February 01, 2010 7:50 PM
 To: funsec
 Subject: [funsec] Here We Go Again: Internet 'Drivers Licenses'
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 The meme that seemingly will not die -- Craig Mundie, chief research
 and
 strategy officer for Microsoft, mentions it again:
 
 http://rawstory.com/2010/01/agency-calls-global-cyberwarfare-treaty-
 driv
 ers
 - -license-web-users/
 
 Enjoy!
 
 - - ferg
 
 -BEGIN PGP SIGNATURE-
 Version: PGP Desktop 9.5.3 (Build 5003)
 
 wj8DBQFLZ3aaq1pz9mNUZTMRAppsAKC6d+Us+wOtJTM3Zpad1clnH/WUFQCg/F+S
 iJ8ip5B1EHN6NFiGn7kN9zs=
 =XmFQ
 -END PGP SIGNATURE-
 
 
 
 --
 Fergie, a.k.a. Paul Ferguson
  Engineering Architecture for the Internet
  fergdawgster(at)gmail.com
  ferg's tech blog: http://fergdawg.blogspot.com/
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'

[Tomas L. Byrnes]

Fire Sale! Everything MUST go!!!

 

 

From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
On Behalf Of Benjamin Brown
Sent: Monday, February 01, 2010 6:11 PM
To: Larry Seltzer
Cc: funsec
Subject: Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'

 

/me thinks of ghost in the shell

On Mon, Feb 1, 2010 at 8:29 PM, Larry Seltzer la...@larryseltzer.com
wrote:

A cyber war would be worse than a tsunami -- a catastrophe...

Wow, and the 2004 Indian Ocean tsunami killed (re: Wikipedia) almost
230,000 people. How many millions would die in a cyberwar?

I see potential for sarcastic science fiction in this

Larry Seltzer
Contributing Editor, PC Magazine
larry_selt...@ziffdavis.com
http://blogs.pcmag.com/securitywatch/

 

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'

[Tomas L. Byrnes]

Well, the alternative would be for Craig and his company to pay some
attention to the quality of their software, but that would cost some
serious money.

So, much more useful for them to divert attention from the genesis of
the whole problem: their OS; and let governments clean it up, all while,
naturally, making the barrier to entry for competitors to his company
much higher.

As long as you understand that the senior execs of US Publicly traded
companies parse Milton Friedman's famous dictum to suit their personal
(lack of) morality:

The full dictum is (their referring to the shareholders): That
responsi-bility is to conduct the business in accordance with their
desires, which generally will be to make as much money as possible while
con-forming to the basic rules of the society, both those embodied in
law and those embodied in ethical custom. Milton Friedman, New York
Times Magazine, September 13, 1970

http://www.colorado.edu/studentgroups/libertarians/issues/friedman-soc-r
esp-business.html

Generally, they paraphrase that to be maximize shareholder value,
sometimes within the limits of the Law, by which they tend to mean
whatever you can get away with for a cost of lawsuit that is less than
the cost of doing the right thing.

You will note that Friedman had a much broader view: that they conform
to the basic rules of society  both those embodied in law and those
embodied in ethical custom.

However, you will find precious few captains of industry of the last 30
years operate on a principle more elevated than: You'll be gone, I'll
be gone, I got mine.

Craig Mundie is just an apologist for his Uncle Fester lookalike boss:

http://www.theregister.co.uk/2001/07/13/ballmer_is_fester_and_we/




 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
 On Behalf Of Paul Ferguson
 Sent: Monday, February 01, 2010 4:50 PM
 To: funsec
 Subject: [funsec] Here We Go Again: Internet 'Drivers Licenses'
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 The meme that seemingly will not die -- Craig Mundie, chief research
 and
 strategy officer for Microsoft, mentions it again:
 
 http://rawstory.com/2010/01/agency-calls-global-cyberwarfare-treaty-
 drivers
 - -license-web-users/
 
 Enjoy!
 
 - - ferg
 
 -BEGIN PGP SIGNATURE-
 Version: PGP Desktop 9.5.3 (Build 5003)
 
 wj8DBQFLZ3aaq1pz9mNUZTMRAppsAKC6d+Us+wOtJTM3Zpad1clnH/WUFQCg/F+S
 iJ8ip5B1EHN6NFiGn7kN9zs=
 =XmFQ
 -END PGP SIGNATURE-
 
 
 
 --
 Fergie, a.k.a. Paul Ferguson
  Engineering Architecture for the Internet
  fergdawgster(at)gmail.com
  ferg's tech blog: http://fergdawg.blogspot.com/
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Helsinki

[Vaughn, Randal L.]

Norway is out for this year.  We are in negotiations with
AusCert about having ISOI either this year or next year.
Travel budgets - at least, mine - seem to be rather slim
this year.  In any case, I am adding you as a probable 
attendee (and presenter?)

 


On Feb 15, 2010, at 9:05 PM, Tomas L. Byrnes wrote:

 Has Randy settled on Scandanavia versus Australia for ISOI?
 
 I have ThreatSTOP users in Norway and Australia, and just need to know
 who to visit.
 
 
 
 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
 On Behalf Of Drsolly
 Sent: Friday, January 29, 2010 4:02 PM
 To: funsec@linuxbox.org
 Subject: [funsec] Helsinki
 
 I will be in Helsinki on May 26 and 27.
 
 http://caro2010.org
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.


___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'

[rick wesson]

If you want to subvert the internet drivers license meme, insist that
it is applications and hardware that should have the drivers license.

Inform that its not a people problem, but and identity problems around
applications and hardware.

Use the drivers license meme as it has momentum, just divert it from
people to software.

-rick


Tomas L. Byrnes wrote:
 Well, the alternative would be for Craig and his company to pay some
 attention to the quality of their software, but that would cost some
 serious money.
 
 So, much more useful for them to divert attention from the genesis of
 the whole problem: their OS; and let governments clean it up, all while,
 naturally, making the barrier to entry for competitors to his company
 much higher.
 
 As long as you understand that the senior execs of US Publicly traded
 companies parse Milton Friedman's famous dictum to suit their personal
 (lack of) morality:
 
 The full dictum is (their referring to the shareholders): That
 responsi-bility is to conduct the business in accordance with their
 desires, which generally will be to make as much money as possible while
 con-forming to the basic rules of the society, both those embodied in
 law and those embodied in ethical custom. Milton Friedman, New York
 Times Magazine, September 13, 1970
 
 http://www.colorado.edu/studentgroups/libertarians/issues/friedman-soc-r
 esp-business.html
 
 Generally, they paraphrase that to be maximize shareholder value,
 sometimes within the limits of the Law, by which they tend to mean
 whatever you can get away with for a cost of lawsuit that is less than
 the cost of doing the right thing.
 
 You will note that Friedman had a much broader view: that they conform
 to the basic rules of society  both those embodied in law and those
 embodied in ethical custom.
 
 However, you will find precious few captains of industry of the last 30
 years operate on a principle more elevated than: You'll be gone, I'll
 be gone, I got mine.
 
 Craig Mundie is just an apologist for his Uncle Fester lookalike boss:
 
 http://www.theregister.co.uk/2001/07/13/ballmer_is_fester_and_we/
 
 
 
 
 -Original Message-
 From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org]
 On Behalf Of Paul Ferguson
 Sent: Monday, February 01, 2010 4:50 PM
 To: funsec
 Subject: [funsec] Here We Go Again: Internet 'Drivers Licenses'

 The meme that seemingly will not die -- Craig Mundie, chief research
 and
 strategy officer for Microsoft, mentions it again:
 
 http://rawstory.com/2010/01/agency-calls-global-cyberwarfare-treaty-
 drivers
 -license-web-users/
 
 Enjoy!
 
 - ferg
 



--
Fergie, a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Helsinki

[Vaughn, Randal L.]

I have toyed with the idea of suggesting an ISOI following the eCRS which will 
be
held at SMU in October.  The eCRS CFP is pending a review and approval from the 
technical sponsor.  We have done an ISOI-BigD recently so other suggestions for
locations are, of course, welcome.  Being mostly reptilian, I prefer someplace 
warm
if we get into the winter months.

On Feb 15, 2010, at 10:57 PM, Paul Ferguson wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 On Mon, Feb 15, 2010 at 7:52 PM, Vaughn, Randal L. rl_vau...@baylor.edu
 wrote:
 
 Norway is out for this year.  We are in negotiations with
 AusCert about having ISOI either this year or next year.
 Travel budgets - at least, mine - seem to be rather slim
 this year.  In any case, I am adding you as a probable
 attendee (and presenter?)
 
 
 So, what *is* on the table for ISOI this year (2010) -- maybe in
 conjunction with AusCERT?
 
 Still can't make that one, but was just wondering if another one anywhere
 is planned for 2H2010...
 
 Thanks,
 
 - - ferg
 
 -BEGIN PGP SIGNATURE-
 Version: PGP Desktop 9.5.3 (Build 5003)
 
 wj8DBQFLeiWXq1pz9mNUZTMRAkenAJ9dTE/XW+SmEbWZyh1SX/jf0uKGhgCfaRWq
 5aO3M9Ab5iG0ZvTM/yiJ+y0=
 =tK9X
 -END PGP SIGNATURE-
 
 
 
 -- 
 Fergie, a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/


___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Helsinki

[Rob, grandpa of Ryan, Trevor, Devon Hannah]

Date sent:  Mon, 15 Feb 2010 23:21:14 -0600
From:   Vaughn, Randal L. rl_vau...@baylor.edu

 Being mostly reptilian, I prefer
 someplace warm if we get into the winter months.

Well, you could come to Vancouver.  It's nice and warm here  :-)

==  (quote inserted randomly by Pegasus Mailer)
rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
Nam tua res agitur, paries cum proximus ardet.
- For it is your business, when the wall next door catches fire.
  - Horace, Epistles
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored http://twitter.com/rslade
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'

[Tomas L. Byrnes]

Isn't that what the TPM was about? Didn't we all recognize that as a way
to make sure OSS couldn't run on hardware without paying MS or someone
in the ecosystem for signing the binary?



 -Original Message-
 From: rick wesson [mailto:r...@support-intelligence.com]
 Sent: Monday, February 15, 2010 8:37 PM
 To: Tomas L. Byrnes
 Cc: Paul Ferguson; funsec
 Subject: Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'
 
 If you want to subvert the internet drivers license meme, insist
that
 it is applications and hardware that should have the drivers license.
 
 Inform that its not a people problem, but and identity problems around
 applications and hardware.
 
 Use the drivers license meme as it has momentum, just divert it from
 people to software.
 
 -rick
 
 
 Tomas L. Byrnes wrote:
  Well, the alternative would be for Craig and his company to pay some
  attention to the quality of their software, but that would cost some
  serious money.
 
  So, much more useful for them to divert attention from the genesis
of
  the whole problem: their OS; and let governments clean it up, all
 while,
  naturally, making the barrier to entry for competitors to his
company
  much higher.
 
  As long as you understand that the senior execs of US Publicly
traded
  companies parse Milton Friedman's famous dictum to suit their
 personal
  (lack of) morality:
 
  The full dictum is (their referring to the shareholders): That
  responsi-bility is to conduct the business in accordance with their
  desires, which generally will be to make as much money as possible
 while
  con-forming to the basic rules of the society, both those embodied
in
  law and those embodied in ethical custom. Milton Friedman, New York
  Times Magazine, September 13, 1970
 
  http://www.colorado.edu/studentgroups/libertarians/issues/friedman-
 soc-r
  esp-business.html
 
  Generally, they paraphrase that to be maximize shareholder value,
  sometimes within the limits of the Law, by which they tend to mean
  whatever you can get away with for a cost of lawsuit that is less
 than
  the cost of doing the right thing.
 
  You will note that Friedman had a much broader view: that they
 conform
  to the basic rules of society  both those embodied in law and those
  embodied in ethical custom.
 
  However, you will find precious few captains of industry of the last
 30
  years operate on a principle more elevated than: You'll be gone,
 I'll
  be gone, I got mine.
 
  Craig Mundie is just an apologist for his Uncle Fester lookalike
 boss:
 
  http://www.theregister.co.uk/2001/07/13/ballmer_is_fester_and_we/
 
 
 
 
  -Original Message-
  From: funsec-boun...@linuxbox.org [mailto:funsec-
 boun...@linuxbox.org]
  On Behalf Of Paul Ferguson
  Sent: Monday, February 01, 2010 4:50 PM
  To: funsec
  Subject: [funsec] Here We Go Again: Internet 'Drivers Licenses'
 
  The meme that seemingly will not die -- Craig Mundie, chief research
  and
  strategy officer for Microsoft, mentions it again:
 
  http://rawstory.com/2010/01/agency-calls-global-cyberwarfare-treaty-
  drivers
  -license-web-users/
 
  Enjoy!
 
  - ferg
 
 
 
 
 --
 Fergie, a.k.a. Paul Ferguson
  Engineering Architecture for the Internet
  fergdawgster(at)gmail.com
  ferg's tech blog: http://fergdawg.blogspot.com/
 ___
 Fun and Misc security discussion for OT posts.
 https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
 Note: funsec is a public and open mailing list.
 
  ___
  Fun and Misc security discussion for OT posts.
  https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
  Note: funsec is a public and open mailing list.

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.