Re: [funsec] Apple has a new toy
OK, since it's FUN sec: God is Dead: Friedrich Wilhelm Nietzsche, The Gay Science 1882 Friedrich Wilhelm Nietzsche is Dead, God, August 25 1900 -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Randal T. Rioux Sent: Thursday, January 28, 2010 8:13 PM To: funsec@linuxbox.org Subject: Re: [funsec] Apple has a new toy Apple is dead. Randy //had to do it, sorry Joel. On Thu, January 28, 2010 4:28 pm, Joel Esler wrote: Flash is dead. -- Joel Esler On Jan 28, 2010, at 4:10 PM, Tomas L. Byrnes t...@byrneit.net wrote: Since it doesn't have Flash support, it's not even useful for that. -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec- boun...@linuxbox.org] On Behalf Of David Lodge Sent: Thursday, January 28, 2010 6:05 AM To: Juha-Matti Laurio; chaim.rie...@gmail.com; funsec@linuxbox.org Subject: Re: [funsec] Apple has a new toy http://blog.flurry.com/bid/30019/Apple-Tablet-The-Second-Stage- Media- Booster-Rocket As suspected, it's just a big iPod touch. It should probably be renamed the iPr0n; as I bet that's all it'll be used for... ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] news: Confidential Shell database published on web
Thanks for sharing. This started during week 6: http://royaldutchshellplc.com/2010/02/04/potentially-disastrous-data-security-breach-at-shell/ Juha-Matti Shawn Merdinger [shawn...@gmail.com] kirjoitti: 1. http://business.timesonline.co.uk/tol/business/industry_sectors/natural_resources/article7024417.ece Royal Dutch Shell was at the centre of a major security breach last night after the names and telephone numbers of tens of thousands of the oil companys staff were circulating freely on the internet. The details of up to 170,000 workers and contractors linked to the company, including some workers addresses, were contained in a database of Shells global workforce. 2. http://royaldutchshellplc.com/2010/02/12/contact-details-for-17-shell-employees-a-prize-for-hackers/ ...the company subsequently told the press, including the FT, that the database leak was not a security risk. 3. http://royaldutchshellplc.com/2010/02/12/which-shell-official-lied-about-employee-data-breach-implications/ the leak is no more dangerous than handing out business cards cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Global Warming redux
Shows both sides of the argument. http://www.informationisbeautiful.net/visualizations/climate-change-deniers-vs-the-consensus/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Global Warming redux
It's actually already a bit out of date if you ask me. See Phil Jones's interview with the BBC the other day: http://news.bbc.co.uk/2/hi/science/nature/8511701.stm and http://news.bbc.co.uk/2/hi/science/nature/8511670.stm He's hedging, for example, on whether the Medieval Warming Period was warmer than today. I also have problems with the term consensus. It reminds me of Bolshevik (meaning majoritarian) From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Alex Eckelberry Sent: Monday, February 15, 2010 9:31 AM To: funsec@linuxbox.org Subject: [funsec] Global Warming redux Shows both sides of the argument. http://www.informationisbeautiful.net/visualizations/climate-change-deni ers-vs-the-consensus/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] i lost my buzz with Google Buzz...
hi Michal, thanks for the insight, and you're right in your assessment of the value of my unsolicited rant. in the future, i'll give my posts more consideration and try to instill some value. fwiw, i did write that 4 days ago (not sure what the delay was in getting to the list) and since then, a number of people have complained about Google Buzz. afaik, revised the Buzz privacy settings twice in as many days. also, according to the NYT, EPIC is considering a lawsuit: http://www.nytimes.com/2010/02/13/technology/internet/13google.html Mr. Rotenberg said that his organization planned to file a complaint with the Federal Trade Commission claiming that the Google’s use of e-mail conversations to build a social network was unfair and deceptive. and EFF has published a page on how to Protect Your Privacy on Google Buzz http://www.eff.org/deeplinks/2010/02/protect-your-privacy-google-buzz cheers, --scm On Mon, Feb 15, 2010 at 2:30 AM, Michal Zalewski lcam...@coredump.cx wrote: Too bad nobody came up with a communication tool where random, hastily written, unsolicited statements about your daily life would fit better than on this mailing list. Maybe one day? ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] NYT: Medical Radiation: A Plan Goes Wrong
Shawn Merdinger(shawn...@gmail.com)@Fri, Jan 29, 2010 at 04:15:59PM -0500: fyi, Via RISKS: http://catless.ncl.ac.uk/Risks/25.93.html A New York City hospital treating him for tongue cancer had failed to detect a computer error that directed a linear accelerator to blast his brain stem and neck with errant beams of radiation. Not once, but on three consecutive days. Mr. Jerome-Parks died several weeks later in 2007. He was 43. NYT Article: http://www.nytimes.com/2010/01/24/health/24radiation.html NYT Slideshow: http://www.nytimes.com/slideshow/2010/01/24/us/20100124RADIATION1_index.html At least we learn from our lessons... wait, maybe not: http://en.wikipedia.org/wiki/Therac-25 -- Bill Weiss How To Write Good 35. Don't never use no double negatives. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 95% of User Generated Content is spam or malicious
On Sun, Feb 14, 2010 at 03:41:16PM -0800, Tomas L. Byrnes wrote: Threatstop users running the default TS blocklists on their firewalls before the anti-spam systems see, typically, 15% to 25% reduction in average SMTP traffic, and a reduction of peak SMTP traffic to 1/4 of what it is without ThreatSTOP. chuckle I'm wy past that. I've cut down the number of incoming connections by about 90% via judicious use of the DROP list, country blocks (see ipdeny.com), spammer-allocated blocks, etc. at the firewall. In one installation, I've gone the other way: all SMTP connections are blocked except those originating in North America (less those on the DROP list or in spammer-allocated blocks). The default-permit model for SMTP is on its way out, and it makes progressively less sense to spend ever-increasing resources to sustain it. But judicious study of inbound/outbound mail traffic is very necessary before trying something like this. (Then again: how could any postmaster possibly know how well they're doing unless they measure it? Sadly, very, very few actually do.) ---Rsk ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 95% of User Generated Content is spam or malicious
DROP and Country blocks are part, but only part, of the ThreatSTOP feeds. If you're not using Bogons, DShield, Shadowserver, and the SRI MTC, you're missing the recon bots, new malware drive-by seeds, and the CCs. We've got those, and more, including some of our own developed using cross-correlation and user log submission. ThreatSTOP is pretty much about aggregating the best practices blocks such as you have listed, and constantly tracking which ones stay current, and making them easy to use and dynamically updated across multiple platforms. Sounds like you're doing what I was doing when I came up with the underlying idea, and was having to write a new script for each new type of firewall or new list I wanted to use, and said There has to be a better way, looked for one, didn't find it, and so decided to build it! Stay safe! -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rich Kulawiec Sent: Monday, February 15, 2010 8:46 AM To: funsec@linuxbox.org Subject: Re: [funsec] 95% of User Generated Content is spam or malicious On Sun, Feb 14, 2010 at 03:41:16PM -0800, Tomas L. Byrnes wrote: Threatstop users running the default TS blocklists on their firewalls before the anti-spam systems see, typically, 15% to 25% reduction in average SMTP traffic, and a reduction of peak SMTP traffic to 1/4 of what it is without ThreatSTOP. chuckle I'm wy past that. I've cut down the number of incoming connections by about 90% via judicious use of the DROP list, country blocks (see ipdeny.com), spammer-allocated blocks, etc. at the firewall. In one installation, I've gone the other way: all SMTP connections are blocked except those originating in North America (less those on the DROP list or in spammer-allocated blocks). The default-permit model for SMTP is on its way out, and it makes progressively less sense to spend ever-increasing resources to sustain it. But judicious study of inbound/outbound mail traffic is very necessary before trying something like this. (Then again: how could any postmaster possibly know how well they're doing unless they measure it? Sadly, very, very few actually do.) ---Rsk ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] i lost my buzz with Google Buzz...
On Mon, 15 Feb 2010 08:49:33 EST, Joel Esler said: I've already started blocking people I don't trust. I think the words you're looking for, and Google didn't find either, are default deny. pgpVodj3oGb4M.pgp Description: PGP signature ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] i lost my buzz with Google Buzz...
Correct. -- Joel Esler 302-223-5974 Sent from my iPhone On Feb 15, 2010, at 12:50 PM, valdis.kletni...@vt.edu wrote: On Mon, 15 Feb 2010 08:49:33 EST, Joel Esler said: I've already started blocking people I don't trust. I think the words you're looking for, and Google didn't find either, are default deny. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Death porn, media, and socmedia
Date sent: Sat, 13 Feb 2010 23:06:03 -0500 From: Dan Kaminsky d...@doxpara.com Interesting article, where the Own The Podium link is pretty much admitted, BUT (and this is rather important) it's claimed this is a problem in Luge,and winter sports, *in general*. http://www.ctvolympics.ca/news-centre/newsid=8935.html I'm not a big fan of Own the Podium in any case, but I don't think it can be a factor here: http://www.vancouversun.com/sports/2010wintergames/Georgian+president+Thank s+caring+Canada/2566138/story.html In fact, it turns out Friday's fatal run was Kumaritashvili's 26th time down the track. His first nine, last November, were uneventful. They were all from the novice, junior or women's start location. In 16 of his next 17 runs, he took on the full men's run, and Friday's crash was his fourth -- three of them on the same Corner 16 that was the beginning of the end. Lugers from overseas were training on the track a year ago. Interestingly, the fact that all runs are now being done from the women's start, which reduces the speed by about 10km/h, is prompting complaints from some who are saying the slower track gives an advantage ... (etc) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org First we thought the PC was a calculator. Then we found how to turn numbers into letters with ASCII -- and we thought it was a typewriter. Then we discovered graphics, and we thought it was a television. With the World Wide Web, we've realized it's a brochure. --Douglas Adams victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/NoticeBored http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Death porn, media, and socmedia
On Feb 15, 2010, at 3:33 PM, Rob, grandpa of Ryan, Trevor, Devon Hannah rmsl...@shaw.ca wrote: Date sent: Sat, 13 Feb 2010 23:06:03 -0500 From: Dan Kaminsky d...@doxpara.com Interesting article, where the Own The Podium link is pretty much admitted, BUT (and this is rather important) it's claimed this is a problem in Luge,and winter sports, *in general*. http://www.ctvolympics.ca/news-centre/newsid=8935.html I'm not a big fan of Own the Podium in any case, but I don't think it can be a factor here: http://www.vancouversun.com/sports/2010wintergames/Georgian+president+Thank s+caring+Canada/2566138/story.html In fact, it turns out Friday's fatal run was Kumaritashvili's 26th time down the track. His first nine, last November, were uneventful. They were all from the novice, junior or women's start location. In 16 of his next 17 runs, he took on the full men's run, and Friday's crash was his fourth -- three of them on the same Corner 16 that was the beginning of the end. Lugers from overseas were training on the track a year ago. Own the Podium is on the record saying they need to limit how many runs foreigners get, specifically to maximize Canadian chances to win. So they're definitely restricting access. Or do you think it's a coincidence that this guy's first serious runs were mere days before the event opened up? The real question is if a large number of nonfatal crashes might have been enough to cause alterations to the track to compensate. Hard to know the answer to that. I will say it's worth looking at the statistics for luge to see the difference this advantage profers. Interestingly, the fact that all runs are now being done from the women's start, which reduces the speed by about 10km/h, is prompting complaints from some who are saying the slower track gives an advantage ... (etc) One more death and the event would be cancelled entirely. Don't think they didn't consider it. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org First we thought the PC was a calculator. Then we found how to turn numbers into letters with ASCII -- and we thought it was a typewriter. Then we discovered graphics, and we thought it was a television. With the World Wide Web, we've realized it's a brochure. --Douglas Adams victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/ index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/NoticeBored http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] [psysec] Personal Story, Tactical Communication and Conversation Manipulation
On 2/16/10 12:04 AM, Vaughn, Randal L. wrote: On Feb 14, 2010, at 10:46 AM, Gadi Evron wrote: Going back home from meeting friends for a beer, I was excited. It's not often that I encounter something cool to do, which appeals to my youth's old tactical nature. When it does, I jump it! This is a story of how someone tried to manipulate me, and how I countered. The two friends with me discussed a fascinating topic I didn't even know existed, and simply because I saw that I could do so, I decided to bring this topic to a larger audience, creating a mini-conference on the subject. First on my list was to find a location, so I contacted a local academic http://courses.georgetown.edu/index.cfm?Action=ViewCourseID=PHIL-180AcademicYear=2007 Now, that is cool. perhaps? -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Draft paper submission deadline is extended: ISP-10
On 2/15/10 6:01 PM, Rich Kulawiec wrote: On Thu, Feb 04, 2010 at 06:37:28PM -0500, James Heralds wrote: Draft paper submission deadline is extended: ISP-10 This is a fake conference spammer. I'll follow up with more later but for now I recommend (a) removing this spammer from the list and (b) blacklisting him/her/them permanently. While you're at it, these addresses should be blacklisted as well -- they belong to the same gang: amgs...@yahoo.com devi...@gmail.com imecs_2...@iaeng.org imecs_2...@iaeng.org natty2...@gmail.com wce_2...@iaeng.org wcecs_2...@iaeng.org It was held in moderation for a while until I went on my monthly approval hunt. I will remove. Thanks Rich! Gadi. ---Rsk ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Apple has a new toy
Let's face it, do you think it's a coincidence that Pr0n is delivered via Flash? Maybe we should just call Pr0n deliverers Flashers? :-p -Original Message- From: Joel Esler [mailto:esl...@gmail.com] Sent: Thursday, January 28, 2010 7:14 PM To: Tomas L. Byrnes Cc: Dragos Ruiu; funsec@linuxbox.org Subject: Re: [funsec] Apple has a new toy You seem to know a lot about that kind of thing Tom. ;) -- Joel Esler On Jan 28, 2010, at 9:53 PM, Tomas L. Byrnes t...@byrneit.net wrote: NO argument here, but that is in the future, for now, if you want pr0n on your iPad, you're SOL. -Original Message- From: Joel Esler [mailto:esl...@gmail.com] Sent: Thursday, January 28, 2010 5:27 PM To: Tomas L. Byrnes Cc: Dragos Ruiu; funsec@linuxbox.org Subject: Re: [funsec] Apple has a new toy Html5 will kill it. -- Joel Esler On Jan 28, 2010, at 7:52 PM, Tomas L. Byrnes t...@byrneit.net wrote: Not for Pr0n. -Original Message- From: Dragos Ruiu [mailto:d...@kyx.net] Sent: Thursday, January 28, 2010 2:09 PM To: Joel Esler Cc: Tomas L. Byrnes; funsec@linuxbox.org Subject: Re: [funsec] Apple has a new toy On 28-Jan-10, at 1:28 PM, Joel Esler wrote: Flash is dead. mpython It's just a fleshwound... /mpython -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada March 22-26 http://cansecwest.com Amsterdam, Netherlands June 16/17 http://eusecwest.com pgpkey http://dragos.com/ kyxpgp ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Draft paper submission deadline is extended: ISP-10
On Mon, Feb 15, 2010 at 11:01:58AM -0500, Rich Kulawiec wrote: This is a fake conference spammer. There's an entire gang of scamming spammers behind these fake conferences. They've been hammering Usenet for years and occasionally hit mailing lists as well. All the conferences are complete bullshit: any paper submitted (including those comprised of gibberish) will be accepted *as long as the fee is paid* and that's why they're running the scam. This particular address has been sending out these recently: Draft paper submission deadline is extended: AIPR-10, Orlando, USA Draft paper submission deadline is extended: BCBGC-10, Orlando, USA Draft paper submission deadline is extended: CCN-10, Orlando, USA Draft paper submission deadline is extended: HPCS-10 Draft paper submission deadline is extended: ISP-10 Draft paper submission deadline is extended: IVPCV-10, Orlando, USA Draft paper submission deadline is extended: MULTICONF-10, Orlando, Draft paper submission deadline is extended: SETP-10 Draft paper submission deadline is extended: TMFCS-10, Orlando, USA And no, it's not an accident that they're all in Orlando: that's also part of the scam. A brief write-up on these: http://copy-shake-paste.blogspot.com/2008/12/fake-conferences.html A bunch of these scam conferences reference www.promoteresearch.org, which should also be blacklisted permanently, as it's apparently the mothership for a lot of this activity. (Obfuscated registration, one of the hallmarks of spammers, phishers, and other scumbags.) If anybody's interested in about 800 samples of their spew, let me know and I'll get it to you. ---Rsk ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Helsinki
Has Randy settled on Scandanavia versus Australia for ISOI? I have ThreatSTOP users in Norway and Australia, and just need to know who to visit. -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Drsolly Sent: Friday, January 29, 2010 4:02 PM To: funsec@linuxbox.org Subject: [funsec] Helsinki I will be in Helsinki on May 26 and 27. http://caro2010.org ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'
You mean, kind of like Youtube, which is a Cat-atrophy of the mind? http://www.youtube.com/results?search_query=kittenssearch_type=aq=1oq =kitte -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Larry Seltzer Sent: Monday, February 01, 2010 5:29 PM To: Paul Ferguson; funsec Subject: Re: [funsec] Here We Go Again: Internet 'Drivers Licenses' A cyber war would be worse than a tsunami -- a catastrophe... Wow, and the 2004 Indian Ocean tsunami killed (re: Wikipedia) almost 230,000 people. How many millions would die in a cyberwar? I see potential for sarcastic science fiction in this Larry Seltzer Contributing Editor, PC Magazine larry_selt...@ziffdavis.com http://blogs.pcmag.com/securitywatch/ -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Paul Ferguson Sent: Monday, February 01, 2010 7:50 PM To: funsec Subject: [funsec] Here We Go Again: Internet 'Drivers Licenses' -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The meme that seemingly will not die -- Craig Mundie, chief research and strategy officer for Microsoft, mentions it again: http://rawstory.com/2010/01/agency-calls-global-cyberwarfare-treaty- driv ers - -license-web-users/ Enjoy! - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLZ3aaq1pz9mNUZTMRAppsAKC6d+Us+wOtJTM3Zpad1clnH/WUFQCg/F+S iJ8ip5B1EHN6NFiGn7kN9zs= =XmFQ -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'
Fire Sale! Everything MUST go!!! From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Benjamin Brown Sent: Monday, February 01, 2010 6:11 PM To: Larry Seltzer Cc: funsec Subject: Re: [funsec] Here We Go Again: Internet 'Drivers Licenses' /me thinks of ghost in the shell On Mon, Feb 1, 2010 at 8:29 PM, Larry Seltzer la...@larryseltzer.com wrote: A cyber war would be worse than a tsunami -- a catastrophe... Wow, and the 2004 Indian Ocean tsunami killed (re: Wikipedia) almost 230,000 people. How many millions would die in a cyberwar? I see potential for sarcastic science fiction in this Larry Seltzer Contributing Editor, PC Magazine larry_selt...@ziffdavis.com http://blogs.pcmag.com/securitywatch/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'
Well, the alternative would be for Craig and his company to pay some attention to the quality of their software, but that would cost some serious money. So, much more useful for them to divert attention from the genesis of the whole problem: their OS; and let governments clean it up, all while, naturally, making the barrier to entry for competitors to his company much higher. As long as you understand that the senior execs of US Publicly traded companies parse Milton Friedman's famous dictum to suit their personal (lack of) morality: The full dictum is (their referring to the shareholders): That responsi-bility is to conduct the business in accordance with their desires, which generally will be to make as much money as possible while con-forming to the basic rules of the society, both those embodied in law and those embodied in ethical custom. Milton Friedman, New York Times Magazine, September 13, 1970 http://www.colorado.edu/studentgroups/libertarians/issues/friedman-soc-r esp-business.html Generally, they paraphrase that to be maximize shareholder value, sometimes within the limits of the Law, by which they tend to mean whatever you can get away with for a cost of lawsuit that is less than the cost of doing the right thing. You will note that Friedman had a much broader view: that they conform to the basic rules of society both those embodied in law and those embodied in ethical custom. However, you will find precious few captains of industry of the last 30 years operate on a principle more elevated than: You'll be gone, I'll be gone, I got mine. Craig Mundie is just an apologist for his Uncle Fester lookalike boss: http://www.theregister.co.uk/2001/07/13/ballmer_is_fester_and_we/ -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Paul Ferguson Sent: Monday, February 01, 2010 4:50 PM To: funsec Subject: [funsec] Here We Go Again: Internet 'Drivers Licenses' -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The meme that seemingly will not die -- Craig Mundie, chief research and strategy officer for Microsoft, mentions it again: http://rawstory.com/2010/01/agency-calls-global-cyberwarfare-treaty- drivers - -license-web-users/ Enjoy! - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLZ3aaq1pz9mNUZTMRAppsAKC6d+Us+wOtJTM3Zpad1clnH/WUFQCg/F+S iJ8ip5B1EHN6NFiGn7kN9zs= =XmFQ -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Helsinki
Norway is out for this year. We are in negotiations with AusCert about having ISOI either this year or next year. Travel budgets - at least, mine - seem to be rather slim this year. In any case, I am adding you as a probable attendee (and presenter?) On Feb 15, 2010, at 9:05 PM, Tomas L. Byrnes wrote: Has Randy settled on Scandanavia versus Australia for ISOI? I have ThreatSTOP users in Norway and Australia, and just need to know who to visit. -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Drsolly Sent: Friday, January 29, 2010 4:02 PM To: funsec@linuxbox.org Subject: [funsec] Helsinki I will be in Helsinki on May 26 and 27. http://caro2010.org ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'
If you want to subvert the internet drivers license meme, insist that it is applications and hardware that should have the drivers license. Inform that its not a people problem, but and identity problems around applications and hardware. Use the drivers license meme as it has momentum, just divert it from people to software. -rick Tomas L. Byrnes wrote: Well, the alternative would be for Craig and his company to pay some attention to the quality of their software, but that would cost some serious money. So, much more useful for them to divert attention from the genesis of the whole problem: their OS; and let governments clean it up, all while, naturally, making the barrier to entry for competitors to his company much higher. As long as you understand that the senior execs of US Publicly traded companies parse Milton Friedman's famous dictum to suit their personal (lack of) morality: The full dictum is (their referring to the shareholders): That responsi-bility is to conduct the business in accordance with their desires, which generally will be to make as much money as possible while con-forming to the basic rules of the society, both those embodied in law and those embodied in ethical custom. Milton Friedman, New York Times Magazine, September 13, 1970 http://www.colorado.edu/studentgroups/libertarians/issues/friedman-soc-r esp-business.html Generally, they paraphrase that to be maximize shareholder value, sometimes within the limits of the Law, by which they tend to mean whatever you can get away with for a cost of lawsuit that is less than the cost of doing the right thing. You will note that Friedman had a much broader view: that they conform to the basic rules of society both those embodied in law and those embodied in ethical custom. However, you will find precious few captains of industry of the last 30 years operate on a principle more elevated than: You'll be gone, I'll be gone, I got mine. Craig Mundie is just an apologist for his Uncle Fester lookalike boss: http://www.theregister.co.uk/2001/07/13/ballmer_is_fester_and_we/ -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On Behalf Of Paul Ferguson Sent: Monday, February 01, 2010 4:50 PM To: funsec Subject: [funsec] Here We Go Again: Internet 'Drivers Licenses' The meme that seemingly will not die -- Craig Mundie, chief research and strategy officer for Microsoft, mentions it again: http://rawstory.com/2010/01/agency-calls-global-cyberwarfare-treaty- drivers -license-web-users/ Enjoy! - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Helsinki
I have toyed with the idea of suggesting an ISOI following the eCRS which will be held at SMU in October. The eCRS CFP is pending a review and approval from the technical sponsor. We have done an ISOI-BigD recently so other suggestions for locations are, of course, welcome. Being mostly reptilian, I prefer someplace warm if we get into the winter months. On Feb 15, 2010, at 10:57 PM, Paul Ferguson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, Feb 15, 2010 at 7:52 PM, Vaughn, Randal L. rl_vau...@baylor.edu wrote: Norway is out for this year. We are in negotiations with AusCert about having ISOI either this year or next year. Travel budgets - at least, mine - seem to be rather slim this year. In any case, I am adding you as a probable attendee (and presenter?) So, what *is* on the table for ISOI this year (2010) -- maybe in conjunction with AusCERT? Still can't make that one, but was just wondering if another one anywhere is planned for 2H2010... Thanks, - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLeiWXq1pz9mNUZTMRAkenAJ9dTE/XW+SmEbWZyh1SX/jf0uKGhgCfaRWq 5aO3M9Ab5iG0ZvTM/yiJ+y0= =tK9X -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Helsinki
Date sent: Mon, 15 Feb 2010 23:21:14 -0600 From: Vaughn, Randal L. rl_vau...@baylor.edu Being mostly reptilian, I prefer someplace warm if we get into the winter months. Well, you could come to Vancouver. It's nice and warm here :-) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Nam tua res agitur, paries cum proximus ardet. - For it is your business, when the wall next door catches fire. - Horace, Epistles victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/NoticeBored http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Here We Go Again: Internet 'Drivers Licenses'
Isn't that what the TPM was about? Didn't we all recognize that as a way to make sure OSS couldn't run on hardware without paying MS or someone in the ecosystem for signing the binary? -Original Message- From: rick wesson [mailto:r...@support-intelligence.com] Sent: Monday, February 15, 2010 8:37 PM To: Tomas L. Byrnes Cc: Paul Ferguson; funsec Subject: Re: [funsec] Here We Go Again: Internet 'Drivers Licenses' If you want to subvert the internet drivers license meme, insist that it is applications and hardware that should have the drivers license. Inform that its not a people problem, but and identity problems around applications and hardware. Use the drivers license meme as it has momentum, just divert it from people to software. -rick Tomas L. Byrnes wrote: Well, the alternative would be for Craig and his company to pay some attention to the quality of their software, but that would cost some serious money. So, much more useful for them to divert attention from the genesis of the whole problem: their OS; and let governments clean it up, all while, naturally, making the barrier to entry for competitors to his company much higher. As long as you understand that the senior execs of US Publicly traded companies parse Milton Friedman's famous dictum to suit their personal (lack of) morality: The full dictum is (their referring to the shareholders): That responsi-bility is to conduct the business in accordance with their desires, which generally will be to make as much money as possible while con-forming to the basic rules of the society, both those embodied in law and those embodied in ethical custom. Milton Friedman, New York Times Magazine, September 13, 1970 http://www.colorado.edu/studentgroups/libertarians/issues/friedman- soc-r esp-business.html Generally, they paraphrase that to be maximize shareholder value, sometimes within the limits of the Law, by which they tend to mean whatever you can get away with for a cost of lawsuit that is less than the cost of doing the right thing. You will note that Friedman had a much broader view: that they conform to the basic rules of society both those embodied in law and those embodied in ethical custom. However, you will find precious few captains of industry of the last 30 years operate on a principle more elevated than: You'll be gone, I'll be gone, I got mine. Craig Mundie is just an apologist for his Uncle Fester lookalike boss: http://www.theregister.co.uk/2001/07/13/ballmer_is_fester_and_we/ -Original Message- From: funsec-boun...@linuxbox.org [mailto:funsec- boun...@linuxbox.org] On Behalf Of Paul Ferguson Sent: Monday, February 01, 2010 4:50 PM To: funsec Subject: [funsec] Here We Go Again: Internet 'Drivers Licenses' The meme that seemingly will not die -- Craig Mundie, chief research and strategy officer for Microsoft, mentions it again: http://rawstory.com/2010/01/agency-calls-global-cyberwarfare-treaty- drivers -license-web-users/ Enjoy! - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.