[funsec] Why BC holds the record for "World's Weirdest Politicians"
Whenever political pundits get together, they all start the competition for "our politicians are more corrupt/venal/just plain weird than yours." Whenever anyone from BC enters the fray, everyone else concedes. Herewith our latest saga: http://www.vancouversun.com/technology/Liberals+refuse+remove+YouTube+vide o+attacking+Adrian+with+video/8355209/story.html The ruling "Today's BC Liberal Party" is finding itself polling behind the NDP. (Do not let the word "liberal" in the party name fool you. Whereas pretty much every other liberal party would be centre-left, the BC Liberals are, politically, somewhat to the right of Attila the Hun.) The liberals are runing attack ads stating that, twelve years ago, the leader of the NDP backdated a memo. (No, I'm not making this up.) The Liberals have just released another version of the same attack ad, this time using a snippet of footage from the recent leaders debate. Trouble is, the media consortium that ran the debate has copyright on the video of the debate, and all parties agreed that none of the material would be used for political purposes. The Liberals, called on their use of the video, have refused to take it down. (How old do you have to be to understand the meaning of "copyright infringement?") (I am eagerly awaiting the next installment of this story. I assume the lawyers paid for by Today's BC Liberals [or possibly by public money: that's happened before] will argue the provisions of "fair use," [1] claim that the attack ads are commentary, or even educational ...) [1] - http://cyberlaw.stanford.edu/blog/2007/03/fairy-use-tale == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org All truth is one. In this light, may science and religion endeavor here for the steady evolution of mankind, from darkness to light, from narrowness to broad-mindedness, from prejudice to tolerance. It is the voice of life, which calls us to come and learn.- inscription on Hayes Hall tower bell at SUNY Buffalo victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Risk analysis
Oh, hey, what do you know? There's actually scientific data showing that having lots of guns around is a bad idea ... http://www.scientificamerican.com/article.cfm?id=gun-science-proves-arming- untrained-citizens-bad-idea or http://links.email.scientificamerican.com/ctt?kn=59&ms=NDE0ODIzNDQS1&r=N TY1MTYxMjE0MQS2&b=2&j=MTg3NjgxMjA4S0&mt=1&rt=0 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org A scholar is just a library's way of making another library. - Daniel Dennett victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Overdisclosure
http://www.gocomics.com/wizardofid/2013/05/13 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Better to remain silent and be thought a fool than to speak out and remove all doubt. - Abraham Lincoln victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] For tech dinosaurs ...
A bunch of old tech going up for auction: http://www.bbc.co.uk/news/technology-22510800 (Including an Enigma :-) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org You can observe a lot by just watching. - Yogi Berra victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Private drone spying ...
OK, get out your legal arguments: privately-owned "peeping tom" drones are now in use ... http://www.theatlantic.com/technology/archive/2013/05/so-this-is-how-it-begins- guy-refuses-to-stop-drone-spying-on-seattle-woman/275769/ or http://is.gd/CWnpGJ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Hardware has grown following Moore's Law, software seems to be stuck with Gresham's Law. - Jim Horning victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Skype with care â Microsoft is reading everything you write
> On Wed, May 15, 2013 at 10:20 PM, Jeffrey Walton wrote: >
> > Anyone who uses Skype has consented to the
> company reading everything they write.
As it happens, I'm currently reviewing an intriguing book ("Boilerplate") that
addresses all kinds of issues around "agreements" and consent. Particularly
for
those of us who joined Skype before MS bought it, and therefore "agreed" to a
very different set of rules ...
== (quote inserted randomly by Pegasus Mailer)
rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
If you can't make a mistake, you can't make anything.- Marva Collins
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
[funsec] REVIEW: "Cloud Crash", Phil Edwards
BKCLDCRS.RVW 20101009 "Cloud Crash", Phil Edwards, 2011, 978-1466408425, U$9.99 %A Phil Edwards PhilEdwardsInc.com philipjedwa...@gmail.com %C Seattle, WA %D 2011 %G 978-1466408425 1466408421 %I CreateSpace Independent Publishing Platform/Amazon %O U$9.99 %O http://www.amazon.com/exec/obidos/ASIN/1466408421/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1466408421/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1466408421/robsladesin03-20 %O Audience n Tech 2 Writing 1 (see revfaq.htm for explanation) %P 386 p. %T "Cloud Crash" To a background of the Internet crashing, and opposed by a conspiracy that has penetrated the highest levels of government, two (no, make that three ... err ... four ... better say five ...) groups of individuals race to save the world from ... a stock market fraud? hostile takeover? aliens? (No, I'm pretty sure the aliens were a red herring.) The story and inconsistent characterizations could use some work, and the plot twists don't make it very easy to follow what is going on. It's fairly easy to tell who the good and bad guys are: the politics and philosophy of the book are fairly simple, and one is reminded of the scifi and comics of the 30s and 40s, with heavily anti-fascist and (ironically) right-wing rhetoric. It would be tempting to dismiss the work as a simple "jump on the latest buzzword" potboiler, were it not for the fact that the technology is fairly realistic. Yes, right now everyone is jumping on the cloud bandwagon without much regard for real security. Yes, if you wanted to make a big (and public) splash on the Internet, without doing too much permanent damage, taking down power supplies would still leave the data intact. (Of course, an axe would do just as good a job as bombs ...) So, while the story isn't great, at least the technology is less annoying than is normally the case ... copyright, Robert M. Slade 2012 BKCLDCRS.RVW 20101009 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The last man on Earth sat alone in a room. There was a knock on the door. - Frederick Brown, world's shortest horror story victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Safe online banking
http://www.theonion.com/articles/after-checking-your-bank-account-remember-to- log-o,32260/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I refuse to believe corporations are people until Texas executes one. - http://twitter.com/#!/ararubyan/status/115479037849239553 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Kim Dotcom owns two-factor authentication
http://www.wired.com/threatlevel/2013/05/kim-dotcom-two-factor/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org cur f wd dis and p A sed iend rought eath ease ain blesfr b br and ag victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] All-time-really-stupid-ideas Dept.
http://www.theglobeandmail.com/life/the-hot-button/a-dolphin-doula-couple-plans- animal-assisted-childbirth/article12194288/ (For those cavellers among us, I can probably file this under physical security.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Great wits are sure to madness near allied. - John Dryden, 1681 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Carpenters and programmers
No, this isn't the one about the woodpecker. http://dawood.in/if-carpenters-were-hired-like-programmers/ (And it's *way* too true ...) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The earth is degenerating these days. Bribery and corruption abound. Children no longer mind parents. And it is evident that the end of the world is fast approaching. - Syrian tablet, 2800 BC victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Risks to the language ...
Online tends to take priority, so I am only today reading (and discarding) old trade rags on the mail pile. One is "Security" magazine for January of this year. The back page editorial, by the editor (probably senior editor) of the magazine starts out with the words, "There are five basic tenants that can mitiage risk ..." (Lest you think it is just a slip, the second sentence starts out, "Those tenants are ...") No, she's not talking about renting space out to security companies. What she means is "tenets." Which the OED tells us is "noun: a principle or belief, especially one of the main principles of a religion or philosophy." (Posibly she's older than she looks, since, prior to the 16th century, it was "tenent," from the Latin "tenere," to hold. In which case she can't spell.) I suppose someone will blame it on autocorrect. But it's the first two sentences of the piece! Surely someone would have noticed! (No, they didn't. And stop calling me "Shirley.") OK, as someone who wrote a dictionary, I'm probably over-reacting. However, we already have enough trouble in our field with people making up words and hijacking the meaning of words and phrases we already have. We don't need mangled English, as well. == rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org "If you do buy a computer, don't turn it on." - Richards' 2nd Law "Robert Slade's Guide to Computer Viruses" 0-387-94663-2 "Viruses Revealed" 0-07-213090-3 "Software Forensics"0-07-142804-6 "Dictionary of Information Security" Syngress 1-59749-115-2 = for back issues: [Base URL] site http://victoria.tc.ca/techrev/ CISSP refs: [Base URL]mnbksccd.htm PC Security:[Base URL]mnvrrvsc.htm Security Dict.: [Base URL]secgloss.htm Security Educ.: [Base URL]comseced.htm Book reviews: [Base URL]mnbk.htm [Base URL]review.htm Partial/recent: http://groups.yahoo.com/group/techbooks/ http://en.wikipedia.org/wiki/Robert_Slade http://www.infosecbc.org/links http://twitter.com/rslade http://blogs.securiteam.com/index.php/archives/author/p1/ ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Comparative law enforcement
The US NSA has been collecting call message details on all telephone calls to, from, or between Americans. http://www.forbes.com/sites/anthonykosner/2013/06/07/nsas-verizon-spying-order- fourth-amendment-and-big-data-on-a-collision-course/ The Canadian RCMP is giving away puppies. http://alexiscreek.bc.rcmp- grc.gc.ca/ViewPage.action?languageId=1&siteNodeId=1017&contentId=30549 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Canada is a country that works in practice, but not in theory. - Stephane Dion victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Facebook would *NEVER* abuse someone's privacy ...
https://www.facebook.com/zuck/posts/10100828955847631 (Wait. I thought Facebook was a wholly-pwned subsidiary of Snoops-BackwardsR- Us.) (Doesn't that Facebook statement look an awful lot like the Google statement? http://googleblog.blogspot.ca/2013/06/what.html ) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org .^..^..^..^..^..^. _|\ /|_ _|\ /|_ _|\ /|_ _|\ /|_ _|\ /|_ _|\ /|_ > C < > a < > n < > a < > d < > a < >_/|\_<>_/|\_<>_/|\_<>_/|\_<>_/|\_<>_/|\_< Modified from JD Small victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Trust the machines ...
http://www.scribd.com/doc/95282643/Backdoors-Embedded-in-DoD-Microchips- From-China == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org You think things have to be *possible*? Things have to be *true*! - `The Subtle Knife', Philip Pullman victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] "1984" sales spike
In the wake of the news about PRISM, Amazon reports huge sales of George Orwell's novel "1984." http://www.npr.org/blogs/thetwo-way/2013/06/11/190615813/book-news-sales-of- orwell-s-1984-leap-after-nsa-revelations or http://is.gd/l7Qxfj In other news, the NSA now knows the names of everyone who bought "1984" in the past three months ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org There's no reason to be the richest man in the cemetery. You can't do any business from there. - `Colonel' Harlan Sanders victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] "1984" sales spike
Date sent: Fri, 14 Jun 2013 15:25:33 -0400 From: Jeffrey Walton > I'm starting to believe there's a concerted effort to keep us > fighting amongst ourselves so we don't focus on the issues that > matter. Oh, surely no politician would ever do such a thing ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org well, the last remaining computer in the house with Windows on it died this morning. - http://twitter.com/e_cowperthwaite/status/157499523676110848 Congrats, you've been defenestrated. - https://twitter.com/#!/SecurityHumor/status/157511635857195009 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] The ultimate illegible PowerPoint slide!
http://www.gartner.com/technology/research/digital-marketing/transit-map.jsp == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Chaos, panic, and disorder - my work here is done. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] NSA in mainstream cartooning
http://raesidecartoon.com/ed2.html (Probably today only, although it may show for a while at http://www.raesidecartoon.com/ed-gallery.html ) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Our claims for `human rights' insult those in the world truly deprived of basic human rights.- Rex Murphy, Laing Lectures 2012 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Testing and failure analysis
In which we learn that, no, it is *not* a good idea to test the soundess of a bridge in a flooded area by driving a fully loaded train over it ... http://www.cbc.ca/news/canada/calgary/story/2013/06/27/calgary-flood-train- derailment-bonnybrook-bridge.html == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The investigation of the meaning of words is the beginning of education. - Antisthenes victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] New definitions for BC/DR ...
According to Apple Corp., a train wreck is a "natural" disaster ... http://www.winnipegfreepress.com/canada/from-lost-homes-to-iphones-lac- megantic-seeks-help-rebuilding-215030821.html == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org God, grant me the serenity to accept the risk I cannot change, the courage to counter or mitigate the risk I can change, and executives at the decision level with the wisdom to know the difference - Mim Britt's Risk-aholic Anonymous Prayer victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Gun Control
OK, I'll accept that Americans are never going to be rational about restraints on gun ownership. But couldn't you at least ensure that the people who own them have at least double digit IQs? http://www.vancouversun.com/news/Oregon+using+rifle+crutch+when+fired+shot+t hrough+ceiling/8654811/story.html == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Those who can, do. Those who can't, schedule multiple hour-long planning and scheduling meetings... - http://twitter.com/#!/DaleInnis/status/132485284972609537 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] The NSA? Pikers, compared to Madison Avenue ...
http://adage.com/article/cmo-strategy/wait-till-exposes-spying-marketers/242999/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org People of the same trade seldom meet together, even for merriment and diversion, but the conversation ends in a conspiracy against the public, or in some contrivance to raise prices. - Adam Smith victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] So, if you say anything, to anyone in Kentucky, about their kids, you go to jail?
Kentucky officials say syndicated advice columnist John Rosemond violated state law by giving old-school, no-nonsense parenting advice without a proper license. Kentucky says the tough-love advice he dispensed to a reader about dealing with a spoiled child amounted to the unlawful practice of psychology in the state. http://blogs.wsj.com/law/2013/07/16/state-tells-parenting-columnist-to-stop- dispensing-advice/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org When a thing is funny, search it carefully for a hidden truth. - George Bernard Shaw victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] iKnife differentiates normal from cancerous tissue
http://www.sciencedaily.com/releases/2013/07/130717141752.htm Sounds great. But, my immediate reaction, upon finding he called it the iKnife, was: is he going to get sued by Apple? (This is, after all, the same company that kills people if they dare answer the phone while it's charging ...) (Yes, I know ...) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org As soon as men decide that all means are permitted to fight an evil, then their good becomes indistinguishable from the evil that they set out to destroy. - Christopher Dawson, The Judgment of Nations victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] One way to deal with drones ...
"Similar to the bounties governments once paid to hunters who killed animals that preyed on livestock, but only after they produced the ears, the town would pay $100 to anyone who can produce the fuselage and tail of a downed drone." http://www.theglobeandmail.com/news/world/colorado-town-considers-putting-a- bounty-on-drones/article13294513/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org If you aren't the person to whom this was intended, we beseech you not to hold the entire corporation liable for the dim bulb responsible. Please delete and pretend you never saw it. Thank you and have a nice day. Delete it now. NOW! If you don't something bad will happen to you involving a pigeon. - Mim Britt ... and if you bothered to read this disclaimer, the pigeon is you...- Donald P. Welker victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Drones and rescue?
http://www.telegraph.co.uk/science/10187839/Drone-with-mobile-phone-app-that- lets-you-take-part-to-be-used-in-mountain-rescue.html Using a smartphone app to let crowdsourcing help out in mountain searches and rescue. An intriguing idea, but it will be more interesting to see how it plays out. During the search for Steve Fossett, it was felt that the crowdsourcing was more of a hindrance than a help. (And we all know how useful crowdsourcing is when spreading reports of new computer viruses. Good Times for all!) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Yesterday, upon the stair/I met a man who was not there He was not there again today/I think he's from the NSA ... victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] We know where you are. And where you've been ...
"Automatic license plate readers have proliferated across the US due to a fall in the cost of underlying storage and interception technology, and some $50 million dollars in federal grant money distributed to under-funded law enforcement departments that otherwise couldn't afford it." http://www.theregister.co.uk/2013/07/18/aclu_license_plate_orwell/ (ObSciJoke: A quantum physicist is stopped by a traffic cop. Original version: Cop: You were doing 130 miles per hour. QP: Oh, great! Now I'm lost! New version: Cop: You know we can tell exactly where you are. QP: That's good. You'll never know whether I'm speeding.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Frequent advice to Internet newcomers: State your business, avoid eye contact, leave quietly, --and no one gets hurt. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Risk management, once again ...
Wait: the way to make sure the plane doesn't burn, is to not have a locator to find it if there is any problem? http://www.theglobeandmail.com/report-on-business/international- business/european-business/switch-off-honeywell-beacons-on-boeing-dreamliners- say-british-investigators/article13298624/ or http://is.gd/XIjtmz == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The graveyard is full of indispensable men. - Charles de Gaulle victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Good News
We are the professionally paranoiac. We are the doomsayers. By nature (driving us into the type of work we do) we continually look for all possible problems. It's occasionally time to stop and remember that things aren't quite that bad ... http://www.cbc.ca/news/world/story/2013/07/18/f-vp-schlesinger-wonderful- world.html == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org A fool's brain digests philosophy into folly, science into superstition, and art into pedantry. Hence University education. - George Bernard Shaw victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Way to make sure we can't do our jobs properly ...
We've always had problems getting management to pay attention. We've always had problems attracting (the right) people into our profession. Now we have to worry about getting sued. (Either ourselves, or the people who get us the info we need ...) http://www.scmagazine.com/fear-of-prosecution-hampers-security- research/article/303476/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org A European says, `I can't understand this, what's wrong with me?' An American says, `I can't understand this, what's wrong with him?' - Terry Pratchett (author) victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Huawei
"Huawei Is a Security Threat and There's Proof, Says Hayden" However, they are not going to tell you what the proof is. http://www.eweek.com/security/huawei-is-a-security-threat-and-theres-proof-says- hayden/ or http://is.gd/eaQZi7 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org In America, freedom of the press is largely reserved for those who own one. - A. J. Liebling victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] You are here
http://apod.nasa.gov/apod/ap130722.html Hope you were waving and smiling on Friday ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org So what we are generally trying to do is not really Risk Assessment, but Risk Justification. We don't want to reduce risk so much as justify why we are allowing our assets to be so exposed.- Bill Royds victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] A virus too big to fail?
Once upon a time, many years ago, a school refused to take my advice (mediated through my brother) as to what to do about a very simple computer virus infection. The infection in question was Stoned, which was a boot sector infector. BSIs generally do not affect data, and (and this is the important point) are not eliminated by deleting files on the computer, and often not even by reformatting the hard disk. (At the time there were at least a dozen simple utilities for removing Stoned, most of them free.) The school decided to cleanse it's entire computer network by boxing it up, shipping it back to the store, and having the store reformat everything. Which the store did. The school lost it's entire database of student records, and all databases for the library. Everything had to be re-entered. By hand. I've always thought this was the height of computer virus stupidity, and that the days when anyone would be so foolish were long gone. I was wrong. On both counts. http://gizmodo.com/government-destroys-170k-of-hardware-in-absurd-effort- 708412225 or http://is.gd/NHkmo3 "In December 2011 the Economic Development Administration (an agency under the US Department of Commerce) was notified by the Department of Homeland Security that it had a malware infection spreading around its network. "They isolated their department's hardware from other government networks, cut off employee email, hired an outside security contractor, and started systematically destroying $170,000 worth of computers, cameras, mice, etc." The only reason they *stopped* destroying computer equipment and devices was because they ran out of money. For the destruction process. Malware is my field, and so I often sound like a bit of a nut, pointing out issues that most people consider minor. However, malware, while now recognized as a threat, is a field that extremely few people, even in the information security field, study in any depth. Most general security texts (and, believe me, I know almost all of them) touch on it only tangentially, and often provide advice that is long out of date. With that sort of background, I can, unfortunately, see this sort of thing happening again. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Confidentially, your delusion that you are the only sane one and everyone else is mad is correct, but they *are* in charge ... - Len Norris (editorial cartoon) victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] How *NOT* to handle incorrect passwords ...
https://twitter.com/cjcheshire/status/360326695137468416/photo/1 Virgin Atlantic feels that it is a good idea to provide the failed password, in plain text, in the URL when you try for a reset ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Practice random humour and acts of senseless mirth victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Unintended consequences of anti-fraud algorithms
http://www.theverge.com/2013/7/24/4549124/how-google-uncovered-a-chinese- ring-of-car-thieves or http://is.gd/59l7XD Google's AdWords anti-fraud scanning finds theft of a different kind. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org It is the test of a good religion whether you can joke about it. - G. K. Chesterton victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Shhh, this information is secret ...
http://www.schneier.com/blog/archives/2013/07/secret_informat.html If people think you are telling them a secret, they'll believe you. (That's strictly between you and me, of course ...) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Every exit is an entry somewhere else.- Tom Stoppard victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] (Photo) Copyist's error?
Students of the classics and ancient documents are used to checking for copyist errors, but a photocopier? http://www.bbc.co.uk/news/technology-23588202 And, of course, you can't trust the machine to check the copy agasint the original, since it will probably make the same mistake every time. Actually, with absolutely everything in the world going digital, this type of problem is becoming inevitable, and endemic. Analogue systems have problems, but digital systems are subject to catastrophic collapse. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Experience without theory is blind, but theory without experience is mere intellectual play. - Immanuel Kant victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Chilling effect on email ...
Silent Circle shuts down email offering in wake of Lavabit termination: http://silentcircle.wordpress.com/2013/08/09/to-our-customers/ (I am amused by the statement, at the end of the post, that "14 bloggers like this." I am quite sure none of them are really thrilled by the posting, but this is one of the things current social media sites "force" you to say :-) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org If you do buy a computer, don't turn it on. - Richards' 2nd Law victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Spies among us
http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER OK, so this is about MI-5. Do you *really* think the CIA and NSA are that much better? == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org There's no place like 127.0.0.1 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Explosive breast implants
http://www.upi.com/Odd_News/Blog/2013/08/16/Explosive-breast-implants-are-
now-a-terror-threat/4521376677949
Not much detail here, but I'm calling bullshit. Or, at least, irrelevance.
Yes, I suppose you could put a few ounces of a liquid or gel explosive into a
breast
implant, but how would you set it off? Without wires coming out of the skin,
large radio receivers and batteries (which would leave less room for
explosives), or
huge radio transmitters that would look kind of suspicious. ("No, really, Mr.
TSA
agent, my cell phone has to have this car battery to operate.")
If you were going to go that route, it would be a lot easier to have abdominal
surgery, and go for the gut, where any person as obese as I am could carry
twenty
pounds of explosives with no problem at all. And the surgery could be passed
off
as gall bladder, appendix, hernia repair, stomach banding, or any number of
others.
You could probably liposuction fat and replace it with explosives. (Yeah, it
would
look terrible and probably get infected quickly, but what would a suicide
bomber
care?) With anyone over 50, you could even insert a detonation switch that
looked like a pacemaker.
== (quote inserted randomly by Pegasus Mailer)
rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
I walked until midnight in the storm, then I went home and took a
sauna for an hour and a half. It was all clear. I listened to my
heart and saw if there were any signs of my destiny in the sky,
and there were none - there were just snowflakes.
- Pierre Elliott Trudeau recounting a `walk in the
snow' at a news conference announcing his resignation, Feb. 29, 1984
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
[funsec] Bear crossing
http://www.cbc.ca/news/canada/british-columbia/story/2013/08/22/bc-bear- motorcycle.html or http://is.gd/8XYr5O With video. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org CISSP study reference books http://is.gd/uAJdeI terminology http://is.gd/RkbJoX links/URLs http://is.gd/2dqWeD annotated/commented links http://is.gd/FMwem5 blog http://is.gd/h2Sa99 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Outsourcing, and rebranding, (national) security
I was thinking about the recent trend, in the US, for "outsourcing" and "privatization" of security functions, in order to reduce (government) costs. For example, we know, from the Snowden debacle, that material he, ummm, "obtained," was accessed while he was working for a contractor that was working for the NSA. The debacle also figured in my thinking, particularly the PR fall-out and disaster. Considering both these trends; outsourcing and PR, I see an opportunity here. The government needs to reduce costs (or increase revenue). At the same time, there needs to be a rebranding effort, in order to restore tarnished images. Sports teams looking for revenue (or cost offsets) have been allowing corporate sponsors to rename, or "rebrand," arenas. Why not allow corporations to sponsor national security programs, and rebrand them? For example: PRISM has become a catch-phrase for all that is wrong with surveillance of the general public. Why not allow someone like, say, DeBeers to step in. For a price (which would offset the millions being paid to various tech companies for "compliance") it could be rebranded as DIAMOND, possibly with a new slogan like "A database is forever!" I think the possibilities are endless, and should be explored. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Orwell feared that the truth would be concealed from us. Huxley feared the truth would be drowned in a sea of irrelevance. - Neil Postman victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] YASCCL (Yet Another Stupid Computer Crime Law)
Over the years I have seen numerous attempts at addressing the serious problems in computer crime with new laws. Well-intentioned, I know, but all too many of these attempts are flawed. The latest is from Nova Scotia: http://nslegislature.ca/legc/bills/61st_5th/1st_read/b061.htm - Bill 61 http://www2.macleans.ca/2013/08/08/nova-scotias-awful-cyber-abuse-law-makes- bullies-of-us-all/ or http://is.gd/JR0bjt Commentary "The definition of cyberbullying, in this particular bill, includes any electronic communication that ought reasonably be expected to humiliate another person, or harm their emotional well-being, self-esteem or reputation." Well, all I can say is that everyone in this forum better be really careful what they say about anybody else. (Oh, $#!+. Did I just impugn the reputation of the Nova Scotia legislature?) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Those who can, do. Those who can't, schedule multiple hour-long planning and scheduling meetings... - http://twitter.com/#!/DaleInnis/status/132485284972609537 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] It's ... SUPER-USER!
According to the NSA, "NOBODY could stop Snowden he was A SYSADMIN!" https://twitter.com/teamcymru/status/373479159357390848 http://www.theregister.co.uk/2013/08/30/snowden_sysadmin_access_to_nsa_docs/ a) This will be a great motto for the next Sysadmin day. b) So these are the new moles? In order to obtain all intelligence data from spy agencies, all you need to do is get a job as a SYSADMIN at a company with a government contract? == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org If there were no God, there would be no atheists - G. K. Chesterton victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Chain confidentiality
This morning I received a chain letter via email. It's actually been a while since I saw one of those old standards. This one contained one of the maudlin poems, somewhat more sentimental than most. But, down at the bottom, after the usual: "Please do not break this prayer; send it to a friend." came a slightly unusual ending: "NOTICE OF CONFIDENTIALITY: "This message may contain information that is considered confidential and which may be prohibited from disclosure under applicable law or by contractual agreement. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the information contained in or attached to this message is strictly prohibited. If you have received this email transmission in error, please notify the sender by replying to this email and then delete it from your system." == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org All reports are in. Life is now officially unfair. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Olivia gets wanded
A purported children's book is getting a lot of socmed attention: http://www.amazon.com/Olivia-Goes-Venice-Ian-Falconer/dp/1416996745 https://twitter.com/usayd/status/370237296215216129/photo/1 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org A truly English protest march would see us all chanting: `What do we want? GRADUAL CHANGE! When do we want it? IN DUE COURSE!' - Kate Fox, `Watching the English' victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] REVIEW: "Viral Times", Ron Seybold
BKVRLTMS.RVW 20130107 "Viral Times", Ron Seybold, 2011, 978-0-9850067-0-9, U$12.99 %A Ron Seybold r...@workshopwriter.com %C 11702 Buckingham Road, Austin, TX, USA 78759 %D 2011 %G 978-0-9850067-0-9 0-9850067-0-6 %I Workshop Writer Press %O U$12.99 workshopwriter.com 512-331-0075 r...@workshopwriter.com %O http://www.amazon.com/exec/obidos/ASIN/0985006706/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0985006706/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0985006706/robsladesin03-20 %O Audience n- Tech 1 Writing 2 (see revfaq.htm for explanation) %P 270 p. %T "Viral Times" This book is a novel. The basic plot is that AIDS Ultra (a new-and- improved form of AIDS) and HIVE-5 (a disease that sounds way too much like "High five!" for anyone to take seriously) have made unprotected sex just too dangerous. Instead of waiting for the inevitable to happen and the population to reduce to those few who *do* take their marriage vows seriously, someone invents SimSuits and SexNet. (Of course.) Jenny Nation (whose name sounds too much like temperance leader Carrie Nation for anyone to take seriously) invents a computer virus to infect the SexNet. But it's also supposed to infect (and kill) the people who use SexNet. So, one would assume, we have the standard canard of the computer virus that infects people (made so famous by the Weekly World News). However, this book gets into this (review) series by actually addressing this problem! The SimSuits are, of course, supposed to be full sensation virtual reality interfaces to the SexNet. Instead of assuming electrical or electro-mechanical interfaces, Seybold postulates a kind of yeast-based pseudo-organism as the interface. Therefore, the computer virus can force the organic interface to create disease agents. (The reviewer must pause, at this point, to wonder how many people would find wrapping themselves into a slime-lined suit a preferable alternative to abstinence and/or dying, and to speculate on the incidence of normal yeast infections that such a setup would cause. But I digress.) The book also postulates that a) drug companies sell nothing but useless nostrums, b) modern medicine is a fraud, and c) that homeopathic, naturopathic, and other alternative treatments are the only effective solutions. If you have sympathy with that perspective you might like the book, because otherwise it is rather confusing with an unsatisfying ending (unless you also assume that the author is planning a sequel). copyright, Robert M. Slade 2013 BKVRLTMS.RVW 20130107 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The one thing that is certain is that anyone who uses the phrase 'outside the box' is as deeply inside the box as a person can be. - Michael Lewis victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Unintended consequences from NSA ...
"The biggest shock, for me, was learning that AutoCorrect is, in fact, done live by NSA operatives infuriated by so much lousy spelling." https://twitter.com/juliangough/status/375887860131303424 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Fate has no happiness in store for you, unless your quiet home [times] in the old family residence [...] deserve to be called happiness. Why not? If not the thing itself, it is marvelously like it, and the more so for that ethereal and intangible quality, which causes it all to vanish, at too close an introspection. Take it, therefore, while you may. Murmur not --question not--but make the most of it! - The House of the Seven Gables victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Risk management and security theatre
Bruce Schneier is often outrageous, these days, but generally worth reading. In a piece for Forbes in late August, he made the point that, due to fear and the extra trouble casued by TSA regulations, more people were driving rather than flying, and, thus, more people were dying. https://www.schneier.com/blog/archives/2013/09/excess_automobi.html "The inconvenience of extra passenger screening and added costs at airports after 9/11 cause many short-haul passengers to drive to their destination instead, and, since airline travel is far safer than car travel, this has led to an increase of 500 U.S. traffic fatalities per year." So, by six years after the event, the TSA had killed more US citizens than had the terrorists. And continues to kill them. Given the recent NSA revelations, I suppose this will sound like more US-bashing, but I don't see it that way. It's another example of the importance of *real* risk management, taking all factors into account. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Book (n): a utensil used to pass time while waiting for TV repair. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] The new terror
Jellyfish: http://www.nybooks.com/articles/archives/2013/sep/26/jellyfish-theyre-taking- over/ I'm accepting bids for the rights to my new movie: "Jellyphoon!" == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Fantasy is not our crutch, it's arcane. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] iPhone fingerprint biometrics
http://dilbert.com/strips/comic/2002-12-31/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I'd be content if my children grew up to think decorating consists mostly of building enough bookshelves. - Anna Quindlen victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] "Undetectable" hardware trojans?
Run for your lives! Researchers have developed trojan chips that nobody can find! Chipnado! http://threatpost.com/researchers-develop-undetectable-hardware-trojans/102329 (Upon reading the headline, my initial reaction is to wonder how the researchers found the chips again after they'd made them. But I digress.) As usual, the media has overblown it. The actual paper: http://people.umass.edu/gbecker/BeckerChes13.pdf demonstrates a way to modify the operation of an integrated circuit in a way that makes it harder to find by visual inspection. Finding the variant functionality is probably inefficient, but not impossible. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org As the length of the thread increases, the chances of someone making a pointless and completely off-the-wall comment (purely in the hope of having his/her/its name in the mailing list) approaches one. - rms, named Markwin's Law by MW, 20100615 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Snooping and spying is legal
The Foreign Intelligence Surveillance Court has now given its rationale for allowing collection of metadata from phone calls: http://www.uscourts.gov/uscourts/courts/fisc/br13-09-primary-order.pdf (If you want it in a more readable form: http://nakedsecurity.sophos.com/2013/09/19/us-secret-court-publishes-rationale- for-why-spying-on-everybody-is-ok/ ) Basically, it seems to boil down to the fact that if you tell anybody anything, it's fair game. If you make a phone call, you tell the phone company. If you send email, of course, you tell dozens of routers and MTAs. (If you write a lteer, you tell the piece of paper.) So, anything you tell anyone is open for surveillance. The only way to keep a secret safe is to keep it in your head. (Unless you have multiple personalities, in which case the government has the right to scan your brain.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org A great deal of Microsoft security is unfortunately just like the underwear of Brittany Spears. If it's even there at all it's needlessly complex and frilly, looks good without actually covering much and is far too easy to get around or remove completely. - dbIII on Slashdot victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Online banking insecurity
I've had an account with the Bank of Montreal for almost 50 years. I'm thinking that I may have to give it up. BMO's online banking is horrendously insecure. The password is restricted to six characters. It is tied to telephone banking, which means that the password is actually the telephone pad numeric equivalent of your password. You can use that numeric equivalent or any password you like that fits the same numeric equivalent. (Case is, of course, completely irrelevant.) My online access to the accounts has suddenly stopped working. At various times, over the years, I have had problems with the access and had to go to the bank to find out why. The reasons have always been weird, and the process of getting access again convoluted. At present I am using, for access, the number of a bank debit card that I never use as a debit card. (Or even an ATM card.) The card remains in the file with the printed account statements. Today when I called about the latest problem, I had to run through the usual series of inane questions. Yes, I knew how long my password had to be. Yes, I knew my password. Yes, it was working until recently. No, it didn't work on online banking. No, it didn't work on telephone banking. The agent (no, sorry, "service manager," these days) was careful to point out that he was *not* going to ask me for my password. Then he set up a conference call with the online banking system, and had me key in my password over the phone. (OK, it's unlikely that even a trained musician could catch all six digits from the DTMF tones on one try. But a machine could do it easily.) After all that, the apparent reason for the online banking not working is that the government has mandated that all bank cards now be chipped. So, without informing me, and without sending me a new card, the bank has cancelled my access. ( I suppose that is secure. If you are not counting on availability, or access to audit information.) (I also wonder, if that was the reason, why the "service manager" couldn't just look up the card number and determine that the access had been cancelled, rather than having me try to sign in.) I'll probably go and close my account this afternoon. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Any person can invent a security system so clever that she or he can't think of how to break it. - Schneier's Law victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Last word on iPhone fingerprint scanner and NSA
http://www.youtube.com/watch?v=fzG4BcaK064 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Commentators quote economic studies alleging that market downturns predicted four out of the last five recessions. That is an understatement. Wall Street indexes predicted nine out of the last five recessions! - economics Nobel laureate Paul Samuelson victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Canadian organized crime conspiracy
http://www.economist.com/blogs/americasview/2013/09/maple-syrup-canada (I'll be you didn't even *know* there was a Global Strategic Maple Syrup Reserve.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws.- Plato victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Squirrel!
Squirrels are no longer content with simply damaging human information infrastructure by shutting down electrical power, but have now turned to undermining the national security of the United States by tunnelling under Minuteman missle silos. [Smithsonian blog, 8-30-2013] [The Local (Stockholm), 9-1-2013] [New York Times, 8-31-2013] == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org '; DROP TABLE prism_data; victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] 'Surveillance-proof' font invented!
http://www.cnn.com/2013/09/30/tech/web/nsa-contractor-surveillance-proof- font/index.html Completely useless, of course, but a bit of a laugh. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org One has to belong to the intelligentsia to believe things like that: no ordinary man could be such a fool. - George Orwell victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Wireless: the ultimate promiscuous network
A clip from the latest episode of "Muroch Mysteries": http://www.youtube.com/watch?v=taYhA3IxBmA (I love "Murdoch": humour, steampunk, and generally good mysteries as well :-) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org What's most interesting about these ciphers is how robustly lousy they are. - Bruce Schneier (on the GSM cryptographic algorithms) victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Don't mess up your Web people ...
http://nycfreshmarket.com/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org If you're doing nothing wrong, you have nothing to hide from the giant surveillance apparatus the government's been hiding. - https://twitter.com/StephenAtHome/status/344297005616611328 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Your right to daydream during boring conference calls is in peril ....
http://www.businessweek.com/articles/2013-08-15/new-software-forces-you-to- pay-attention-during-company-training == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I stand by all the misstatements that I've made. - then Vice President Dan Quayle to Sam Donaldson, 8/17/89 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] "Identity Thief"
I really should know better. Last night, hoping that, in two hours, Hollywood might provide *some* information on an important topic, even if limited, I watched "Identity Thief," a movie put out by Universal in 20013, starring Jason Bateman and Melissa McCarthy. It is important to point out to people that, if someone phones you up and offers you a free service to protect you from identity theft, it is probably not a good idea to give them your name, date of birth, social security/insurance number, credit card and bank account numbers, and basically everything else about you. This tip is provided in the first thirty seconds of the film. After that (except for the point that the help law enforcement might be able to give you is limited) it's all downhill. The plot is ridiculous (even for a comedy), the characters somewhat uneven, the situations crude, the relationship unlikely, the language profane, and the legalities extremely questionable. (The best line in the entire movie is: Sandy - "Do you know what a sociopath is?" Diane - "Do they like ribs?" I know this may not seem funny, but trust me: it gives you a very good idea of how funny this movie really is.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Madness takes its toll. Please have exact change ready. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] "Identity Thief"
Date sent: Wed, 09 Oct 2013 12:43:20 -0500 From: Chester Wisniewski > Maybe it wasn't funny because it was so far in the future? 20013 humour > can be a touch strange. a) So, you figure we are devolving, and by 20013 it will be funny? b) Yeah, I know, I'm the dinosour of infosec ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org DO SOMETHING!) SMALL) USEFUL) NOW!) - Bob Bemer's motto victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Google's "Shared Endorsements"
A lot of people are concerned about Google's new "Shared Endorsements" scheme: http://nakedsecurity.sophos.com/2013/10/15/how-to-remove-your-face-from- googles-upcoming-shared-endorsement-ads/ However, one should give credit where credit is due. This is not one of Facebook's functions, where, regardless of what you've set or unset in the past, every time they add a new feature it defaults to "wide open." If you have been careful with your Google account in the past, you will probably find yourself still protected. I'm pretty paranoid, but when I checked the Shared Endorsements setting page ( http://nakedsecurity.sophos.com/2013/10/15/how-to-remove-your-face-from- googles-upcoming-shared-endorsement-ads/ ) on my accounts, and the "Based upon my activity, Google may show my name and profile photo in shared endorsements that appear in ads" box is unchecked on all of them. I can only assume that it is because I've been circumspect in my settings in the past. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws.- Plato victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Don't use LinkeDin's new "Intro"
Just don't, OK? http://www.bishopfox.com/blog/2013/10/linkedin-intro/ (Maybe I just should have stopped after "Don't use LinkeDin" ...) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I clicked without thinking. That's what using a Mac does to you, gives you a feeling of invincibility. - Martin Wehlou, 20061222 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Online voting
== (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Whenever you find yourself on the side of the majority, it's time to pause and reflect. - Mark Twain victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Online voting
OK, yeah, I suppose it works better if I actually include the URL ... http://www.pinterest.com/pin/44522311310976/ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The secret of the demagogue is to make himself as stupid as his audience so they believe they are clever as he. - Karl Kraus victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Pinterest autospam (or worse?)
http://www.pinterest.com/pin/44522311311870/ I took a screen cap (no, obviously I didn't slick the link) of something that seemed to suddenly show up all over Pinterest this morning. a) Anyone have further info? b) Warn those you know who are active on Pinterest to maybe be a bit careful ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Don't get me started on intuitive. You know what's intuitive? Fear of heights. Everything else we call intuitive took years of practice. - Donald A. Norman in RISKS 22.02 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Edith Head
Today's Google Doodle is in honour of Edith Head's 116th birthday. She was the inspiration for the "Edna Mode" character in "The Incredibles." And so, primarily because I love the access control scene: http://www.youtube.com/watch?v=ELM7rPiQyQY == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I feel like I am diagonally parked in a parallel universe. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Cloudy with a chance of egregious errors ...
OK, we are being asked to entrust our precious data to a compnay that makes *how* many errors talking about the history of technology? http://www.youtube.com/watch?v=J9LK6EtxzgM == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org A story is not like a road to follow . . . it's more like a house. You go inside and stay there for a while, wandering back and forth and settling where you like and discovering how the room and corridors relate to each other, how the world outside is altered by being viewed from these windows. And you, the visitor, the reader, are altered as well by being in this enclosed space, whether it is ample and easy or full of crooked turns, or sparsely or opulently furnished. You can go back again and again, and the house, the story, always contains more than you saw the last time. It also has a sturdy sense of itself of being built out of its own necessity, not just to shelter or beguile you. - Alice Munro victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] BadBIOS
In recent days there has been much interest in the "BadBIOS" infection being reported by Dragos Ruiu. (The best overview I've seen has been from Naked Security http://nakedsecurity.sophos.com/2013/11/01/the-badbios-virus-that- jumps-airgaps-and-takes-over-your-firmware-whats-the-story/ ) But to someone who has lived through several viral myths and legends, parts of it sound strange. It is said to infect the low-level system firmware of your computer, so it can't be removed or disabled simply by rebooting. These things, of course, have been around for a while, so that isn't necessarily wrong. However, BIOS infectors never became a major vector. It is said to include components that work at the operating system level, so it affects the high-level operation of your computer, too. It is said to be multi-platform, affecting at least Windows, OS X, and OpenBSD systems. This sounds bit odd, but we've had cross-platform stuff before. But they never became major problems either. It is said to prevent infected systems being booted from CD drives. Possible: we've seen similar effects over the years, both intentionally and un. It is said to spread itself to new victim computers using Software Defined Radio (SDR) program code, even with all wireless hardware removed. OK, it's dangerous to go out on a limb when you haven't seen details and say something can't happen, but I'm calling bullshit on this one. Not that I don't think someone couldn't create a communications channel without the hardware: anything the hardware guys can do the software guys can emulate, and vice versa. However, I can't see getting an infection channel this way, at least without some kind of minimal infection first. (It is, of course, possible that the person doing the analysis may have made a mistake in what they observed, or in the reporting of it.) It is said to spread itself to new victim computers using the speakers on an infected device to talk to the microphone on an uninfected one. As above. It is said to infect simply by plugging in a USB key, with no other action required. We've seen that before. It is said to infect the firmware on USB sticks. Well, a friend has built a device to blow off dangerous firmware on USB sticks, so I don't see that this would present any problem. It is said to render USB sticks unusable if they aren't ejected cleanly; these sticks work properly again if inserted into an infected computer. Reminds me somewhat of the old "fast infectors" of the early 90s. They had unintended effects that actually made the infections easy to remove. It is said to use TTF (font) files, apparently in large numbers, as a vector when spreading. Don't know details of the internals of TTF files, but they should certainly have enough space. It is said to block access to Russian websites that deal with reflashing software. Possible, and irrelevant unless we find out what is actually true. It is said to render any hardware used in researching the threat useless for further testing. Well, anything that gets reflashed is likely to become unreliable and untrustworthy ... It is said to have first been seen more than three years ago on a Macbook. And it's taken three years to get these details? Or get a sample to competent researchers? Or ask for help? This I find most unbelievable. In sum, then, I think this might be possible, but I strongly suspect that it is either a promotion for PacSec, or a promo for some presentation on social engineering. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Hardware has grown following Moore's Law, software seems to be stuck with Gresham's Law. - Jim Horning victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Happy 11-12-13!
(Yeah, OK, a bit late for the Antipodes ...) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Intellectuals solve problems. Geniuses prevent them. - A. Einstein victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Security awareness?
With security awareness month just past, I have been seeing a number of supposed attempts at security awareness, most by various security companies. They've been, as many as I've been able to get through, very disappointing. For example, Eugene Kaspersky (@e_kaspersky) tweeted about a free guide for small businesses: http://t.co/tjzFOMzGm4: (https://twitter.com/e_kaspersky/status/400705280477900800) For the cost of you name, company name, country, email address (and your phone number, if you were foolish enough to fill in that field) you could download a 76 page PDF "Simplifying IT Security For Dummies," apparenlty the Kaspersky Lab Limited Edition." (Actually, although you were promised a download, initially you got a slideshow on a Web page. You then had to find a very dim button on the bottom of the page, and select the right options, to actually get a PDF.) There's nothing really wrong with the book, other than the fact that it is banal, generic, and presents very little in the way of actual useful advice (and takes a strong stance against freely available AV software.). The sales pitch for Kaspersky is a rather modest five pages. The only real danger is that anyone would think that reading the booklet would prepare them to do any security planning. If it prompted them to do any actual study on the matter, that might be good. But it's disappointing, nonetheless, to see our field brought down to this. I came into it in the old days of virus research, when all of us were trying to help, and were eager to pass along anything we knew to anyone who would listen. Some of that enthusiasm wore off when we finally figured out that nobody wanted to listen. A lot more of it left when Certain Individuals, and then some large corps, figured out that "creating brands" was more profitable than actually trying to create useful security tools. (I'm actually thinking more of other people when I say that, since Eugene has never had any problem with self-esteem issues, but he has also created some useful tools.) Anyway, just another dull, depressing day in the security field, I guess ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Good judgment comes from experience. Experience comes from bad judgment. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] For the CISSPs amongst us ...
Yes, I know that not all of you are ertified by, or wish to be associated with, (ISC)^2. You can stop reading here, delete, and go on to the rest of your email. For those remaining: The (ISC)^2 board elections are upon us, and there is some confusion right now about whether the main forum (CISSPForum) is a valid place for board candidates to conduct or even respond to questions on how they would try to influence the direction of the org. Voting has already started, and ends with November. As a stopgap an alternate forum has been created with a charter of doing nothing BUT hosting these vital discussions. If you are a current CISSP in good standing, and eligible to vote, there are two things you should do now 1) Join the CISSP-Elections forum by sending your name (as certified) and CISSP number to cissp-elections-subscr...@yahoogroups.com 2) VOTE! Be sure you VOTE! Not voting is simply allowing the board-nominated default slate to have your vote. To be sure you are going to be able to vote, visit https://www.isc2.org/MemberHome.aspx and log in. (If you can think of any fora or mailing lists where this information should be distributed, feel free.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Good, fast, cheap: pick two victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Good grief, what *else* are they surveilling ...
http://www.thestar.com/news/gta/2013/11/28/disabled_woman_denied_entry_to_us _after_agent_cites_supposedly_private_medical_details.html == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org How to protect your privacy online. Step 1: STOP SHARING STUFF YOU DON'T WANT THE WORLD TO DISCOVER. Step 2: See Step 1. - http://twitter.com/ChrisPirillo/status/13881888168 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] For the CISSPs amongst us ...
From: Joel Esler Date sent: Wed, 27 Nov 2013 14:51:34 -0500 > wait > > ISC2 does elections via > > Yahoogroups? No, that's just the mailing list "we the people" have set up for discussion because there isn't any other option. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Su cuenta bancaria es mi cuenta bancaria. - phisher's maxim victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Security Questions
http://www.youtube.com/watch?v=tMEjpXJZgIA Besides the stupidity of some of them, there's another problem :-) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org To educate a man in mind and not in morals is to educate a menace to society. - Theodore Roosevelt victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Well, at least it wasn't 1-2-3-4-5 ...
For 20 Years the Nuclear Launch Code at US Minuteman Silos Was http://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si- 1473483587 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org This is an age of euphemisms, which means it's an age of lies. - Rex Murphy, Laing Lectures 2012 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Access vulnerability on Android tablet
I made my first ever "Black Friday" purchase last week. Staples (for those outside North America, this is a "big box" office supplies store with a large computer and tech section) had a door-crasher special of a Digital2 brand 7" tablet, running Android 4.1, marked down from $250 to $70. We had to go past a Staples on an errand, so I stopped in and got it. I don't quite regret getting it: particular at that price it is probably worth it. I may do a review of its shortcomings at some point. (Low memory, poor storage management, slow performance, limited battery, incompatible with some apps, poor file management options, many functions irregular.) However, I came across something this morning that indicates a weakness. One of the oddities is that there is no indication of charging or battery unless the tablet is on. So, while charging, I had the tablet on to check the battery level. The indicator icons are on the lower right of the screen on this model, and, in order to get more details on the charge, I touched that area. But I had forgotten to unlock the device. https://twitter.com/rslade/status/407966375596929024/photo/1/large Lo and behold, it brought up the quick indicator list anyway, and, along with it, the notifications. Prodding at this, I found that I couldn't get into the settings menu proper, but I could access any of the notification messages. And, once into any of those apps I had full access. (This sounds similar to a number of lock-screen vulnerabilities that I've heard of on various Android and iOS versions and devices, but it seemed to be simpler and more direct than most.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org My son is not brilliant; he's not genius. Anyone that has any computer knowledge could have done what Jeff did. It doesn't take a level of genius to do this. - mother of teen charged with modifying a virus - got *that* right victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] We have met the privacy enemy, and he is us
http://www.independent.co.uk/news/uk/home-news/the-war-on-twitter-social- media-sites-threaten-justice-system-warns-attorney-general-8981287.html or http://is.gd/qzoC57 (In other news, a US appellate court will start streaming its decisions.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Open source software - no walls, fences, Windows, or Gates victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] CyberSec Tips: Follow the rules - and advice
A followup to 1-2-3-4-5 (or ): A recent story (actually based on one from several years ago) has pointed out that, for years, the launch codes for nuclear missiles were all set to . (Not quite true: a safety lock was set that way.) http://gizmodo.com/for-20-years-the-nuclear-launch-code-at-us-minuteman-si- 1473483587 Besides the thrill value of the headline, there is an important point buried in the story. Security policies, rules, and procedures are usually developed for a reason. In this case, given the importance of nuclear weapons, there is a very real risk from a disgruntled insider, or even simple error. The safety lock was added to the system in order to reduce that risk. And immediately circumvented by people who didn't think it necessary. I used to get asked, a lot, for help with malware infestations, by friends and family. I don't get asked much anymore. I've given them simple advice on how to reduce the risk. Some have taken that advice, and don;t get hit. A large number of others don't ask because they know I will ask if they've followed the advice, and they haven't. Security rules are usually developed for a reason, after a fair amount of thought. This means you don't have to know about security, you just have to follow the rules. You may not know the reason, but the rules are actually there to keep you safe. It's a good idea to follow them. (There is a second point to make here, addressed not to the general public but to the professional security crowd. Put the thought in when you make the rules. Don't make stupid rules just for the sake of rules. That encourages people to break the stupid rules. And the necessity of breaking the stupid rules encourages people to break all the rules ...) Posted at http://blogs.securiteam.com/index.php/archives/2304 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org It doesn't matter if the cup is half full or half empty. Whatever's inside it is evaporating either way. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Opinions/facts on haveibeenpwned.com?
Someone in our local SIG raised a question about http://www.haveibeenpwned.com. It had been promoted for some time, after every major security breach of account credentials, as a place to check your accounts. I haven't seen any reports of problems related to it, nor does a quick Google search turn up any. There are some kudos from people I would generally trust to know what is going on. But I haven't heard any first hand experiences, either. The site is registered to: Troy Hunt, New South Wales, Australia troyh...@hotmail.com Anybody know him? From some stuff on his blog, he seems reasonable, but he could be a fake with an attachment to the Russian mob and a good command of written English, for all I know. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Chaos, panic, and disorder - my work here is done. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Review of "cloud drives" - Younited - pt 2
My major test of the Younited drive took a few days, but it finally seems to have completed. In a less than satisfactory manner. I "synched" a directory on my machine with the Younited drive. As noted, the synching ran for at least two days. (My mail and Web access was noticeably slow during that time.) The original directory, with subdirectories, contained slightly under 7 Gigs of material (the quota for basic Younited drives is said to be 10 G) in slightly under 2,800 files. The transfer progress now shows 5,899 files transferred, and I'm out of space. A quick check shows that not all files are on the Younited drive. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org True patriotism hates injustice in its own land more than anywhere else. - Clarence Darrow victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Review of "cloud drives" - Younited - pt 3
Yesterday I received an update for the Younited client--on the Win7 machine. The XP machine didn't update, nor was there any option to do so. This morning Younited won't accept the password on the Win7 machine: it won't log on. Actually, it seems to be randomly forgetting parts of the password. As with most programs, it doesn't show the password (nor is there any option to show it), the password is represented by dots for the characters. But I'll have seven characters entered (with seven dots showing), and, all of a sudden, only three dots will be showing. Or I'll have entered ten, and suddenly there are only two. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. -Albert Einstein victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] Review of "cloud drives" - Younited - pt 3
From: Steve Pirk Date sent: Sat, 14 Dec 2013 18:03:23 -0800 > Are you going to be doing a review of Google Drive? Yup, Google Drive, Dropbox, iCloud, SkyDrive, and Younited, so far. I've got some others on the back burner after those. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org To educate a man in mind and not in morals is to educate a menace to society. - Theodore Roosevelt victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] who was it?
Date sent: Mon, 16 Dec 2013 09:33:19 -0600 From: RandallM > while we slept, NSA kept our bios safe > > http://www.theregister.co.uk/2013/12/16/nsa_alleges_bios_plot_to_destroy_pcs/ And next they'll say that it can infect computers by transmitting ultrasonically over speakers and microphones! Wait for it ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Q: What do you think is the best solution to overpopulation? Support your argument with examples. A: The `Hunger Games.' - www.happyplace.com/3907/unintentionally-inappropriate- test-responses-from-children victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Friday social engineering
http://online.wsj.com/news/articles/SB10001424052702304403804579264272004 583860 "When women are present or when men are prompted to think about women, they act differently, research shows." "Sex-related cues like these have been found to make men more prone to take risks while playing blackjack, to discount the future when making economic decisions and to spend on conspicuous luxury items (but not on mundane expenses). Typically, the effects are strongest in single men. By contrast, these studies uniformly report that cues about males have no such effects on women." Male infosec professionals: don't think about woman when planning. Female infosec professionals: you can think about anything you want. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org What's most interesting about these ciphers is how robustly lousy they are. - Bruce Schneier (on the GSM cryptographic algorithms) victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] My Choice? No, thanks.
UPS is out to steal your data. They want you to give it to them. http://articles.latimes.com/2013/oct/28/business/la-fi-lazarus-20131029 In the beginning (and you can go back and check the RISKS-Forum Digest archives), UPS deployed those clipboards with the digitizing pads for signatures. And we hollered and said that next they'd be selling databases of signatures (with associated names and addresses). And they said they'd never do that. Then they did that. If any of you receive packages via UPS that cross borders, you also know that they charge exhorbitant "brokerage fees" for doing so, and will turn those over to collection agencies at the drop of a hat. (I just had that happen to me again yesterday.) So I heartily second the recommendation to avoid "My Choice" like the plague: once they get their hooks in, they aren't going to let go. (We like the guys at the local UPS Store franchise for photocopying and other small office services, but I try to avoid dealing with the central company for anything. Including shipping.) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org A man is not old until regrets take the place of dreams. - John Barrymore victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Texting via vodka
In an important breakthrough in communications technology, researchers have managed to transmit data without using wires. light, or radio waves. http://www.ecanadanow.com/science/2013/12/20/researchers-successfully-send- text-using-vodka/ http://timesofindia.indiatimes.com/home/science/In-a-first-text-message-using- vodka-sent/articleshow/27669583.cms (Please note that this research does not appear to advocate texting while drunk.) (Given that Canadian researchers were involved, one wonders why they did not use beer, eh?[1]) [1] - Linguistic research [2] is apparently indicating that youngers Canadians are no longer using "eh," but ending sentences with "right." Since there is no way anyone can call me young, I can continue to use "eh." [2] - http://www.vancouversun.com/quintessential+Canadianism+dying/9304088/story.ht ml == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I agree [that if Mitnick paid dues to society he is entitled to a fresh start]. And I think the fresh start should be as a used car salesman or whatever, not a trusted information security consultant - Donn Parker, 20090414 #121472 victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] It'll work! Trust us!
The "Northern Gateway Pipeline" (nee "Enbridge Pipeline," and rebranded because of violent opposition to the initial inept PR campaign) has passed it's initial review. So we are told, because the Website where the decision was posted immediately folded under the load of requests for the details. It's hard to have confidence in the people building a pipeline, and telling you that the immense dangers will all be dealt with [1], when they can't even keep a Website running. http://www.vancouversun.com/entertainment/Enbridge+Theatre+Absurd/9309248/s tory.html or http://is.gd/0Q6z8z [1] - There are 209 "conditions" on the approval, most of which boil down to "you have no idea what will happen if ..." == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org A great many people think they are thinking when they are merely rearranging their prejudices.- William James victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] OK, who's still interested in going to the RSA conf this year?
"NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products. Reuters later reported that RSA became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products. "Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show." http://www.reuters.com/article/2013/12/20/us-usa-security-rsa- idUSBRE9BJ1C220131220 or http://is.gd/WgspdJ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Freedom is not worth having if it does not connote freedom to err. It passes my comprehension how human beings, be they ever so experienced and able, can delight in depriving other human beings of that precious right.- Mahatma Gandhi, (1869-1948) victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] TSA's 12 Banned Items of Christmas
http://www.youtube.com/watch?v=luNfghUnvFg OK, maybe a bit late, but you can use it as a self-check coming home from visiting for Christmas ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I'm fairly sure Linux exists principally because writing an operating system probably seems like a good way to pass the months of darkness in Finland- Rodger Donaldson victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] NSA hardware intercepting gear
http://www.scribd.com/collections/4411280/Applebaum-NSA-Files I really should apply for a job with the NSA. I've got all these old files from a quarter century ago, where we discussed all these things they are doing now. If they are trying to resurrect the AF/91 virus myth (aka the "Desert Storm" virus, which the Pentagon press office once mistakenly confirmed existed), I'm sure there are some great ideas in all of our old idle speculations and jokes. (And, for whoever from the NSA is surveilling my postings, they're mostly on floppies, so you'll have to wait ...) == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org All war is deception. - Sun Tzu victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] My New Year's Resolution
1920 x 1080 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org I'm all in favor of keeping dangerous weapons out of the hands of fools. Let's start with typewriters. - Frank Lloyd Wright victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Saving the world from bamboo ...
"U.S. customs officials last week destroyed 11 rare flutes by a respected Canadian musician who was returning home via New York's John F. Kennedy International Airport. But the agency isn't apologizing for the incident -- it says the flutes were an ecological threat." http://thecable.foreignpolicy.com/posts/2014/1/2/is_2014_the_year_scotland_fina lly_gains_independence#sthash.4UeLPJv3.6vLAZAHx.dpuf == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Kill all: God will know his own. - originally spoken by Papal Legate Bishop Arnald-Amalric of Citeaux, siege of Beziers, 1209 AD victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Accuracy of Internet polls and reviews ...
http://www.cbc.ca/newsblogs/yourcommunity/2014/01/sea-world-accused-of-fishy- pr-practices-rigging-blackfish-poll.html or http://is.gd/7QYKhL "It would appear curious then, with so much public outcry, that in a Dec. 31 Orlando Business Journal poll asking readers whether or not CNNs Blackfish documentary [had] changed [their] perception of SeaWorld 99 per cent of respondents claimed "No." "Sensing something fishy, the newspaper investigated and discovered that a single Internat Protocal Address (IP Address) was responsible for 54% of the votes. "That IP, verified by several third-party IP tracking websites according to the publication, belonged to SeaWorld Parks & Entertainment." == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org If your protocol is successful, it will eventually be used for purposes for which it was never intended, and its users will criticize you for being shortsighted. - Charlie Kaufman victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] OK, don't let this go any further, but ...
Just between you and me ... http://gawker.com/navy-accidentally-emails-reporter-its-plans-to-deny-his- 149645 or http://is.gd/TTZdtJ == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Prince Edward: You're not singing. Giselle: Oh. Oh, no I'm not. Well, I was just thinking. Prince Edward: [perplexed] Think-ing...? - Enchanted victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Mavericks is safer
No, that isn't grammatically incorrect. It may be factually incorrect, or the correct statement may be that Mac OS 10.9 Mavericks may be less unsafe than prior versions. I updated to Mavericks about a month ago. It's annoying, on a number of fronts. However, according to a quick check by Naked Security, Apple seems to have stopped patching prior versions: http://nakedsecurity.sophos.com/2014/01/09/82-of-enterprise-mac-users-not- getting-security-updates or http://is.gd/z6IbM7 == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org The network is the last ditch attempt to turn powerful stand-alone computers into dumb terminals. victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] CyberSec Tips - "Computer Maintenance Department"
I got a call today from "James," of the "computer maintenance department." I suppose this may work better against those who actually *have* a computer maintenance department. Since I'm self-employed, it's pretty obvious that this is phony. Sometimes, though, "James" or his friends call from Microsoft or other such possibilities. Just in case anyone doesn't know, these are false, attempts to get you to damage your own computer, or install something nasty. They can then charge you for spurious repairs, add you to a botnet, or mine your computer for account information. Oh, and also, as chance would have it, today I got my first completely automated spam/fraud/telemarketing call: a computer generated voice and voice response system, asking how I was, and then, when I didn't respond, was I there. Probably would have been fun to try and push the limits of it's capability, but I didn't have time ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org If you bungle raising your children, I don't think whatever else you do well matters very much. - Jacqueline Kennedy Onassis victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
