Re: [funsec] Apple deluged by police demands to decrypt iPhones

[Steve Pirk]

I like Google's approach, resetting the password and then supplying that
the LE. You definitely get notified. I am wondering what happens when you
have two factor author enabled? I imagine you would receive an SMS the
first time LE tries to log in. You could then reset the password and make
them go through the whole process again. :-)
On May 10, 2013 7:00 PM, "Jeffrey Walton"  wrote:

> Why break it when you can go around it
>
>
> http://news.cnet.com/8301-13578_3-57583843-38/apple-deluged-by-police-demands-to-decrypt-iphones/
>
> Apple receives so many police demands to decrypt seized iPhones that
> it has created a "waiting list" to handle the deluge of requests, CNET
> has learned.
>
> Court documents show that federal agents were so stymied by the
> encrypted iPhone 4S of a Kentucky man accused of distributing crack
> cocaine that they turned to Apple for decryption help last year.
>
> An agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms
> and Explosives, "contacted Apple to obtain assistance in unlocking the
> device," U.S. District Judge Karen Caldwell wrote in a recent opinion.
> But, she wrote, the ATF was "placed on a waiting list by the company."
>
> A search warrant affidavit prepared by ATF agent Rob Maynard says
> that, for nearly three months last summer, he "attempted to locate a
> local, state, or federal law enforcement agency with the forensic
> capabilities to unlock" an iPhone 4S. But after each police agency
> responded by saying they "did not have the forensic capability,"
> Maynard resorted to asking Cupertino.
>
> Because the waiting list had grown so long, there would be at least a
> 7-week delay, Maynard says he was told by Joann Chang, a legal
> specialist in Apple's litigation group. It's unclear how long the
> process took, but it appears to have been at least four months.
>
> [Image and excerpt from ATF affidavit, which says Apple "has the
> capabilities to bypass the security software" for law enforcement.]
>
> The documents shed new light on the increasingly popular law
> enforcement practice of performing a forensic analysis on encrypted
> mobile devices -- a practice that can, when done without a warrant,
> raise Fourth Amendment concerns.
>
> Last year, leaked training materials prepared by the Sacramento
> sheriff's office included a form that would require Apple to "assist
> law enforcement agents" with "bypassing the cell phone user's passcode
> so that the agents may search the iPhone." Google takes a more
> privacy-protective approach: it "resets the password and further
> provides the reset password to law enforcement," the materials say,
> which has the side effect of notifying the user that his or her cell
> phone has been compromised.
>
> Ginger Colbrun, ATF's public affairs chief, told CNET that "ATF cannot
> discuss specifics of ongoing investigations or litigation. ATF follows
> federal law and DOJ/department-wide policy on access to all
> communication devices."
>
> In a separate case in Nevada last year, federal agents acknowledged to
> a judge that they were having trouble examining a seized iPhone and
> iPad because of password and encryption issues. And the Drug
> Enforcement Administration has been stymied by encryption used in
> Apple's iMessage chat service, according to an internal document
> obtained by CNET last month.
> Bypassing Apple's security
>
> The ATF's Maynard said in an affidavit for the Kentucky case that
> Apple "has the capabilities to bypass the security software" and
> "download the contents of the phone to an external memory device."
> Chang, the Apple legal specialist, told him that "once the Apple
> analyst bypasses the passcode, the data will be downloaded onto a USB
> external drive" and delivered to the ATF.
>
> It's not clear whether that means Apple has created a backdoor for
> police -- which has been the topic of speculation in the past --
> whether the company has custom hardware that's faster at decryption,
> or whether it simply is more skilled at using the same procedures
> available to the government. Apple declined to discuss its law
> enforcement policies when contacted this week by CNET.
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Edward Snowden: the whistleblower behind the NSA surveillance revelations

[Steve Pirk]

The video interview is pretty telling. He says he knows what might be in
store for him, but he went ahead with leaking the info.

Guy's got cojones...
https://www.youtube.com/watch?v=nokiZeHNPp8&feature=youtube_gdata_player
 On Jun 10, 2013 8:51 AM, "Rich Kulawiec"  wrote:

> On Mon, Jun 10, 2013 at 11:07:50AM -0400, Jeffrey Walton wrote:
> > It looks like Edward Snowden gets to join the ranks of Jesselyn
> > Radack, Thomas Drake, William Binney, Bradley Manning.
>
> And Daniel Ellsberg:
>
>
> http://www.guardian.co.uk/commentisfree/2013/jun/10/edward-snowden-united-stasi-america
>
> ---rsk
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Google Accounts and 2-Step Verification

[Steve Pirk]

Jeff, give this a try...

1) log into account #1 (the gmail account I usually log into first). The
gmail account uses 2-step auth.

2) in the upper right of the gmail window should be your name and possibly
a profile pic. The will be a down arrow link, and you want to click that.

3) there should be options for account and privacy, a button to view
profile, with "add account" and sign out at the bottom.

4) when you click add account, a new window will open up called "accounts".
It should also list the other users you are signed in as. Log in with you
Apps account and you should land on a new gmail page as the new user.

5) your original session should still be logged in. Checking you account
settings again should now show which users you are logged in as, and let's
you "switch user" to another one.

If this does not help, let me know. I have logged in as three different
users at once. Also, I am pretty sure you cannot be two gmail (consumer
version) users at the same time. I have not tried this recently, YMMV.
 On Jun 13, 2013 10:37 AM, "Jeffrey Walton"  wrote:

> Hi All,
>
> Is anyone else experiencing trouble with Google's 2-Step Verification?
>
> I've got two Gmail based accounts. The first is personal throwaway and
> uses Google Authenticator, and the second is for OWASP, is a business
> account, and uses SMS messages. As soon as I log into one account, I
> am logged out of the other account. Previously, I was allowed to log
> into both concurrently.
>
> Google does not appear to allow me to use the same Google
> Authenticator for both accounts. I can't find information on how to do
> it in their help area, and no one answers questions posted to their
> help area (there are lots of 'me too', however).
>
> Does anyone know how to stay logged into both accounts? Does anyone
> know how to use Google Authenticator for both accounts? Does anyone
> know why its impossible to get help from Google on the business
> account that cost real money?
>
> Jeff
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Explosive breast implants

[Steve Pirk]

On Wed, Aug 21, 2013 at 12:54 AM, Stephanie Daugherty
wrote:

> I bet you could shut down a major airport for hours with two dozen well
> aimed nerf footballs,


Where is the plus one button for Gmail? :)

Let's go back to the original subject. Breast implants ended up replacing
the "body cavities" described in the original report. Gents and ladies, it
is all about the pat down inspections. If someone has body cavity impants,
they are not going to go through the whole body scanners at the airport.
The only other choice is the manual pat down search. If the TSA has been
instructed to look for breast implant bombs, don't you think more than a
few females might receive a closer inspection than they would have before
this report came out?

Call me nuts, but there was a reason they used breast implants as an
example here... :)

-- steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Explosive breast implants

[Steve Pirk]

A one sentence paragraph from the article...
*Since body scanners pick up objects outside the body, it's not clear
whether women are being frisked by hand.*
I rest my case.

-- steve


On Wed, Aug 21, 2013 at 1:45 AM, Steve Pirk  wrote:

>
> On Wed, Aug 21, 2013 at 12:54 AM, Stephanie Daugherty <
> sdaughe...@gmail.com> wrote:
>
>> I bet you could shut down a major airport for hours with two dozen well
>> aimed nerf footballs,
>
>
> Where is the plus one button for Gmail? :)
>
> Let's go back to the original subject. Breast implants ended up replacing
> the "body cavities" described in the original report. Gents and ladies, it
> is all about the pat down inspections. If someone has body cavity impants,
> they are not going to go through the whole body scanners at the airport.
> The only other choice is the manual pat down search. If the TSA has been
> instructed to look for breast implant bombs, don't you think more than a
> few females might receive a closer inspection than they would have before
> this report came out?
>
> Call me nuts, but there was a reason they used breast implants as an
> example here... :)
>
> -- steve
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Don't mess up your Web people ...

[Steve Pirk]

I have a high school student in Mississippi I have been "tutoring" since
2010 who did this to a customer who stiffed him.
He asked me if that was a reasonable response, and I thought (you stiffed a
high school student?) I replied hell yeah.
The guy paid up the next day. It was awesome to hear him tell me about it.

Life is good :)

-- steve


On Mon, Oct 7, 2013 at 9:31 AM, Paul Ferguson wrote:

> On 10/7/2013 10:19 AM, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
>
>  http://nycfreshmarket.com/
>>
>>
> Ha!
>
> - ferg
>
>
> --
> Paul Ferguson
> Vice President, Threat Intelligence
> Internet Identity, Tacoma, Washington  USA
> IID --> "Connect and Collaborate" --> www.internetidentity.com
>
> __**_
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/**mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Don't mess up your Web people ...

[Steve Pirk]

Damn, where is the plus one button for mailing list emails? hahahaha Those
two responses rocked.

-- steve


On Tue, Oct 8, 2013 at 1:27 AM, Conrad Constantine  wrote:

> On 10/8/2013 4:20 AM, Daniël W. Crompton wrote:
>
>>
>> This has been up for over a month, I saw it mentioned on HN YC. I don't
>> think the owner is going to pay up.
>>
>
> that just makes me wonder if they're just naive about The Horrors Of The
> Internet...
>
> A genteel sticky note? that's a pretty classy response - compared to some
> of the 'Nuclear Options' out there.
>
> "Come for the vegetables, stay for an education about the 'Power Five'"
>
>
> __**_
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/**mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Going beyond vulnerability rewards

[Steve Pirk]

This approach is similar to how they are developing Chromium/Chrome OS. The
code is out there fr manufacturers to test their hardware against, and when
people run into issues, the problem gets added to the database and everyone
contributes what they can to a solution.

An "add-on" project they are working on that many including me are
following is the integrated Tor client/code. It is getting close to doable,
but they are asking for external help on parts of it, mainly due to
resource limitations.

-- steve


On Fri, Oct 11, 2013 at 11:02 AM, Jeffrey Walton  wrote:

>
> http://googleonlinesecurity.blogspot.com/2013/10/going-beyond-vulnerability-rewards.html?m=1
>
> We all benefit from the amazing volunteer work done by the open source
> community. That’s why we keep asking ourselves how to take the model
> pioneered with our Vulnerability Reward Program - and employ it to
> improve the security of key third-party software critical to the
> health of the entire Internet.
>
> We thought about simply kicking off an OSS bug-hunting program, but
> this approach can easily backfire. In addition to valid reports, bug
> bounties invite a significant volume of spurious traffic - enough to
> completely overwhelm a small community of volunteers. On top of this,
> fixing a problem often requires more effort than finding it.
>
> So we decided to try something new: provide financial incentives for
> down-to-earth, proactive improvements that go beyond merely fixing a
> known security bug. Whether you want to switch to a more secure
> allocator, to add privilege separation, to clean up a bunch of sketchy
> calls to strcat(), or even just to enable ASLR - we want to help!
>
> We intend to roll out the program gradually, based on the quality of
> the received submissions and the feedback from the developer
> community. For the initial run, we decided to limit the scope to the
> following projects:
>
> Core infrastructure network services: OpenSSH, BIND, ISC DHCP
> Core infrastructure image parsers: libjpeg, libjpeg-turbo, libpng, giflib
> Open-source foundations of Google Chrome: Chromium, Blink
> Other high-impact libraries: OpenSSL, zlib
> Security-critical, commonly used components of the Linux kernel (including
> KVM)
>
> We intend to soon extend the program to:
>
> Widely used web servers: Apache httpd, lighttpd, nginx
> Popular SMTP services: Sendmail, Postfix, Exim
> Toolchain security improvements for GCC, binutils, and llvm
> Virtual private networking: OpenVPN
>
> How to participate?
>
> Please submit your patches directly to the maintainers of the
> individual projects. Once your patch is accepted and merged into the
> repository, please send all the relevant details to
> security-patc...@google.com. If we think that the submission has a
> demonstrable, positive impact on the security of the project, you will
> qualify for a reward ranging from $500 to $3,133.7.
>
> Before participating, please read the official rules posted on this
> page; the document provides additional information about eligibility,
> rewards, and other important stuff.
>
> Happy patching!
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Review of "cloud drives" - Younited - pt 3

[Steve Pirk]

Are you going to be doing a review of Google Drive? I would be interested
in how it works for you. It is a total no brainer on a Chromebook.  I have
never had any issues, but the Chromebook was designed for Drive. I have
never had the chance to try the Windows client.

-- steve


On Sat, Dec 14, 2013 at 11:57 AM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah  wrote:

> Yesterday I received an update for the Younited client--on the Win7
> machine.
> The XP machine didn't update, nor was there any option to do so.
>
> This morning Younited won't accept the password on the Win7 machine: it
> won't
> log on.  Actually, it seems to be randomly forgetting parts of the
> password.  As
> with most programs, it doesn't show the password (nor is there any option
> to show
> it), the password is represented by dots for the characters.  But I'll
> have seven
> characters entered (with seven dots showing), and, all of a sudden, only
> three dots
> will be showing.  Or I'll have entered ten, and suddenly there are only
> two.
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> I know not with what weapons World War III will be fought, but
> World War IV will be fought with sticks and stones. -Albert Einstein
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] who was it?

[Steve Pirk]

Word has it that Twitter went nuts after this report aired. Not one
positive message all night. I watched a good portion, and Alexander flat
out lied if we are to believe what the Snowden leaks have revealed so far.

I bet you could replace the word "China" with "NSA" and the story would be
closer to the truth...

-- steve


On Mon, Dec 16, 2013 at 7:33 AM, RandallM  wrote:

> while we slept, NSA kept our bios safe
>
>
> http://www.theregister.co.uk/2013/12/16/nsa_alleges_bios_plot_to_destroy_pcs/
>
> --
> been great, thanks
> RandyM
> a.k.a System
>
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] The Sad Decline of '60 Minutes' Continues With This Week's NSA Whitewash

[Steve Pirk]

As strange as it sounds, I find RT a pretty good source of "unadulterated
news". They also have an excellent cast of independent journalists in the
RT America channel.


-- steve


On Sun, Dec 15, 2013 at 11:40 PM, Jeffrey Walton  wrote:

> Welcome to the world of centralized media,
> http://en.wikipedia.org/wiki/Central_media. You have to read non-US
> publications to balance the skewed views following the party lines.
> Reuters is a good choice.
>
> I still recall Reuters was one of the few mainstream publications that
> covered the Israel/Palestine conflict/war/{euphemism} with
> objectivity. Reuters would publish daily death counts like a score
> card. At the height, Israel was killing Palestinians at a rate of 3 to
> 1.
>
> On the other hand, US central media usually showed the suicide bus
> bombers that killed Israelis. They did not cover Israel razing entire
> portions of cities and killing hundreds at a time with airstrikes. I
> recall seeing the aerial photos of cities like Jenin and thinking,
> holy shit - that looks like post world war two Germany.
>
> Jeff
>
>
> On Sun, Dec 15, 2013 at 11:48 PM, Paul Ferguson
>  wrote:
> > Wow, where to begin...
> >
> > I love the subject line above, which I used from this 'The Nation'
> article:
> >
> >
> http://www.thenation.com/blog/177598/sad-decline-60-minutes-continues-weeks-nsa-whitewash
> >
> > I was unsurprisingly stunned tonight that CBS had sunk even lower than
> Fox
> > News in their reporting on the NSA tonight -- nothing less than pro-NSA
> > propaganda.
> >
> > Here are a few initial thoughts that came out tonight -- and they will
> > assuredly continue to roll in:
> >
> > 'How we know the 60 Minutes NSA interview was crap'
> >
> http://blog.erratasec.com/2013/12/how-we-know-60-minutes-nsa-interview.html
> >
> > '60 Minutes': NSA Good, Snowden Bad
> >
> http://www.thewire.com/national/2013/12/60-minutes-nsa-good-snowden-bad/356174/
> >
> > 'Shame On Feinstein' Coalition Warns Of Silicon Valley Economic Impact
> From
> > NSA Spying
> >
> http://www.siliconvalleywatcher.com/mt/archives/2013/12/shame_on_feinstein_co.php
> >
> > One can only scratch their heads & wonder what CBS is doing here. Are
> they
> > really this incompetent, or are they maneuvering somehow to support the
> > Obama administration's attempt to only make 'cosmetic changes' to the NSA
> > and FISA Court operations, and whitewash the NSA overreach?
> >
> > I've already seen several main stream U.S. news organizations 'interpret'
> > the leaked recommendations from the 'oversight board' as 'sweeping' when
> > they are nothing more than cosmetic & business as usual.
> >
> > See also:
> >
> >
> http://www.theguardian.com/world/2013/dec/13/nsa-review-to-leave-spying-programs-largely-unchanged-reports-say
> >
> >
> http://www.newyorker.com/reporting/2013/12/16/131216fa_fact_lizza?currentPage=all
> >
> >
> http://www.pogo.org/blog/2013/12/20131213-has-political-spending-defanged-intel-watchdogs-in-congress.html
> >
> >
> > No pun intended, but the NSA and the Obama Administration are pulling a
> > "Snow Job" on the American People.
> >
> > - ferg
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Nostalgia? Ethics in the Computer 'Virus' Era

[Steve Pirk]

Damn Paul... hella good. Sysadmins with root know they have access to all
the information, but they do not look unless it is necessary. Maybe that is
the big difference. I think it was  the section on Inherent Rights vs.
Acquired Privileges. The bad guys think "inherent rights", and hack into a
machine to get the acquired privileges they need.

Someone like Edward Snowden starts out with acquired privileges, and
invokes the greater good clause to liberate the data that the public should
have access to.

1992. Wow. This is pretty much what Ellsberg did in the 70s, but in hard
copy form.

This would be an interesting post to dump on g+. Imagine what might come
out of the woodwork :)



On Sun, Feb 2, 2014 at 9:36 AM, Richard Golodner  wrote:

> On Sun, 2014-02-02 at 08:40 -0800, Paul Ferguson wrote:
> > I just ran across something recently that I wrote back in 1992:
> >
> > http://www.textfiles.com/virus/virethic.txt
> >
> > I think I was one of the first (not "the" first, of course) people who
> > used the tagline:
> >
> > "I love my country, but I fear its government."
> >
> What is truly cool is that this is twenty-two years old.
>
> Sorry about your Seahawks Paul...
>
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Possible new form of money

[Steve Pirk]

I am kicking myself for nor buying a few back in 2012. I had a friend who
was very into mining and could have bought at $7. Oh well.

Check out Max Kaiser on RT. He talks digital currencies a lot.
On Feb 20, 2014 4:21 PM, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <
rmsl...@shaw.ca> wrote:

> Bitcoin has been banned in Russia (maybe the coins are too much "the
> same"?),
> and Dogecoin and other cryptocurrencies are being promoted.  Canada's
> recent
> federal budget mentions that "The New Harperite Government of Canada" (or
> whatever they are calling themselves this week, flush with a free case of
> beer) is
> going to be paying extra attention to digital currencies, trying to find
> out if
> criminals are using it.
>
> Meanwhile, another financial instrument is being largely ignored ...
> http://ht.ly/tKrSB
>
>
>
> (Hey, it's Friday, and, what with all currency being based on [largely
> unsubstantiated] trust, I thought it was cute  :-)
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> Once in our world, a stable had something in it that was bigger
> than our whole world.   - C. S. Lewis, `The Last Battle'
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] (Terrible) online security tips

[Steve Pirk]

Classic. The comments *are* great. The one about posting your passwords
rocked.


On Tue, Apr 22, 2014 at 4:59 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah  wrote:

> Internet security tips (how to avoid Heartbleed)
>
> https://www.youtube.com/watch?v=CydbnWzXCzg
>
> This is cute.  I imagine they had to chop it up into short pieces because
> he couldn't
> say more than two in a row without cracking up.  The comments are pretty
> funny,
> too.
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> If it's ALL Things Considered, does that mean it's NPR-Complete?
>  - Craig Swanson
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Trust the machines ...

[Steve Pirk]

I think it would rock if Vital came back with "Buy cannabis companies". Big
pharma would be like " wtf?" :)
On May 16, 2014 10:53 AM, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <
rmsl...@shaw.ca> wrote:

> http://www.bbc.com/news/technology-27426942
>
> Skynet using subversion, rather than simply killing us all?
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> Work out what you want to say before you decide how you want to
> say it. - Christopher Strachey's First Law of Logical Design
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Snowden Interview

[Steve Pirk]

This ought to be good, and it is about time msm paid decent attention to
the NSA leaks. I just hope it is not another "set up" interview.
On a related note, I just watched a really good interview on London Real
with Jesselyn Radack and Thomas Drake where they talked everything Snowden
and everything NSA.They were in London to present the Sam Adams award to
Chelsea Manning.

NSA Whistleblower - Jesselyn Radack & Thomas Drake | London Real
https://www.youtube.com/watch?v=mEq42BDBVWk


On Tue, May 27, 2014 at 4:10 PM, Jeffrey Walton  wrote:

> On Tue, May 27, 2014 at 6:31 PM, Jeffrey Walton 
> wrote:
> > The interview is airing tonight.
> >
> >
> http://www.nbcnews.com/storyline/nsa-snooping/exclusive-edward-snowden-gives-wide-ranging-interview-brian-williams-n110351
>
> Whoops, that's tomorrow night (Wednesday night). Sorry about that.
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] We Lost Soldiers in the Hunt for Bergdahl, a Guy Who Walked Off in the Dead of Night

[Steve Pirk]

If it is any consolation, Regan gave Iran 1,500 missiles in exchange for
the American hostages in 1980. It was what won him the presidency over
Carter. Regan set up a private deal to hold on to the hostages until after
the election. What a dick :)
On Jun 2, 2014 1:04 PM, "Andre DiMino"  wrote:

> Not only that, but the trade made to secure his release certainly
> seems.asymmetric??
>
> http://thehill.com/policy/defense/207930-graham-obama-released-taliban-dream-team?utm_source=dlvr.it&utm_medium=twitter
>
>
>
> On Mon, Jun 2, 2014 at 3:39 PM, Jeffrey Walton  wrote:
>
>> This is interesting reading I have not seen it reported like this
>> by US Central Media.
>>
>>
>> http://www.thedailybeast.com/articles/2014/06/02/we-lost-soldiers-in-the-hunt-for-bergdahl-a-guy-who-walked-off-in-the-dead-of-night.html
>>
>> It was June 30, 2009, and I was in the city of Sharana, the capitol of
>> Paktika province in Afghanistan. As I stepped out of a decrepit office
>> building into a perfect sunny day, a member of my team started talking
>> into his radio. "Say that again," he said. "There's an American
>> soldier missing?"
>>
>> There was. His name was Private First Class Bowe Bergdahl, the only
>> prisoner of war in the Afghan theater of operations. His release from
>> Taliban custody on May 31 marks the end of a nearly five-year-old
>> story for the soldiers of his unit, the 1st Battalion, 501st Parachute
>> Infantry Regiment. I served in the same battalion in Afghanistan and
>> participated in the attempts to retrieve him throughout the summer of
>> 2000. After we redeployed, every member of my brigade combat team
>> received an order that we were not allowed to discuss what happened to
>> Bergdahl for fear of endangering him. He is safe, and now it is time
>> to speak the truth.
>>
>> And that the truth is: Bergdahl was a deserter, and soldiers from his
>> own unit died trying to track him down.
>> ...
>>
>> ___
>> Fun and Misc security discussion for OT posts.
>> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
>> Note: funsec is a public and open mailing list.
>
>
>
>
> --
>
> Andre' M. DiMino
> DeepEnd Research
> http://deependresearch.org
> http://sempersecurus.org
>
> "Make sure that nobody pays back wrong for wrong, but always try to be
> kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
>
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] We Lost Soldiers in the Hunt for Bergdahl, a Guy Who Walked Off in the Dead of Night

[Steve Pirk]

On Mon, Jun 2, 2014 at 5:04 PM, Jeffrey Walton  wrote:

> Here's the best part: the folks we are fighting now in the middle east
> were Regan's "freedom fighters" in the 1980s. How the worm has
> turned
>

Oh yeah... Good old Osama bin Laden, CIA asset extraordinaire. We know how
well that turned out.
This reminds me that I need to watch Charlie Wilson's war again.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Global warming causes coal train derailments ...

[Steve Pirk]

On Tue, Jun 3, 2014 at 3:24 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah  wrote:

> [1] - OK, if you *must* sing, at least make it
> https://www.youtube.com/watch?v=rsDkmVo2fg4
>

I thought for sure that you were going to post this as an example... /ducks
Blazing saddles - Work song
https://www.youtube.com/watch?v=L7QF32mxftE
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] "LinkedIn to face customer lawsuit over email addresses" -- itnews.com.au

[Steve Pirk]

On Jun 16, 2014 12:10 AM, "Jeffrey Walton"  wrote:
>
> Does anyone know if its a result of that app they created and the
> security community decried?
>

I keep putting off deleting my LinkedIn account. If they can blow off any
security concerns with this app, then they are quite clueless or evil, take
your pick.
Sheesh
___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] US capitol not in US, according to TSA

[Steve Pirk]

On Fri, Jul 18, 2014 at 12:06 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah  wrote:

> OK, so is *this* guy genuinely fake, or do they just not want to admit how
> often
> their agents are drunk?
>
http://www.sfgate.com/bayarea/matier-ross/article/Fake-screener-probes-passengers-at-SFO-5626732.php


omg, that was just 2 days ago. I think it will be "very" interesting to see
what happens to this "hushed up" incident. I smell a couple of juicy
lawsuits once these women get wind of the deception and seek help.

Gaston! Popcorn for the table! And make it quick :)
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Do not visit this 404 page if you are in a funk ...

[Steve Pirk]

*I think I'll crawl off into the trash can and decompose.*
Or, if you are in a funk, this might help to lift you out a bit... That and
chuckle a lot. Nothing like finding something that is much more depressed
than you are to cheer you up a bit...


On Thu, Jul 24, 2014 at 11:42 AM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah  wrote:

> http://www.acm.uiuc.edu/404
>
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> Knowledge is a process of piling up facts: wisdom lies in their
> simplification. - Martin Fischer
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] guess these guys never saw Team America! :-)

[Steve Pirk]

Well, there is historical precedence in reference to the CIA and movies...
Anyone see the farcical movie "Argo"? The CIA fantasy about getting some of
the Americans out of Iran in '79? The real people involved in that rescue
said the film was a joke. The CIA had very little with getting them out,
and they saw the film as propaganda to make the CIA look good. God only
knows what claptrap about the CIA will be in The Interview :)


On Wed, Dec 17, 2014 at 12:54 PM, Blanchard, Michael (InfoSec) <
michael.blanch...@emc.com> wrote:
>
> http://www.securityweek.com/hackers-invoke-911-new-chilling-sony-threat
>
>
>
> Michael P. Blanchard
> Principal Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
> Cyber Security Services
> EMC ² Corporation
> 32 Coslin Drive
> Southboro, MA 01772
>
>
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] FBI blames North Korea for Sony breach

[Steve Pirk]

On Fri, Dec 19, 2014 at 11:17 AM, Michal Zalewski 
wrote:
>
> > a) North Korea actually *is* behind the attack, or
> >
> > b) the FBI is embarrassed about being the in dark, and is theorizing in
> advance of
> > the facts?
>
> Let's theorize about that!
>
> Rule 1: If the government says it, it has to be true.
Rule 2: If the government is wrong, see rule 1.

The above applies to so many things going on right now it is scary.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Warning: this map may make you waste valuable time ...

[Steve Pirk]

Amazing how much the imagery resembles what passes for a the media's
visualization of a global nuclear war.

On Wed, Dec 31, 2014 at 11:35 AM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah  wrote:

> Possibly too busy to be informative, and definitely addictive to watch.
> Network
> attacks by origin, target, and type.  Live.
>
> http://map.ipviking.com/
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> The dictionary is the only place where success comes before work.
> - Mark Twain
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] Google is Skynet :) or How The CIA Made Google

[Steve Pirk]

Nafeez Ahmed has written an article titled: How The CIA Made Google
It is a deep dive into many of the players surrounding the creation of
Google, and how "The Highlands Forum" shapes the direction of technology
and information gathering. That there are a lot of ties between Google and
the intelligence community is kind of assumed these days, but rumors of
deep connections have been just that, rumors. Nafeez's research pulls
together a lot data to paint a pretty dismal future for freedom on the
internet.


> Thuraisingham goes on in her article to reiterate that this joint CIA-NSA
>> program partly funded Sergey Brin to develop the core of Google, through a
>> grant to Stanford managed by Brin's supervisor Prof. Jeffrey D. Ullman:
>
>
>> "In fact, the Google founder Mr. Sergey Brin was partly funded by this
>> program while he was a PhD student at Stanford. He together with his
>> advisor Prof. Jeffrey Ullman and my colleague at MITRE, Dr. Chris Clifton
>> [Mitre's chief scientist in IT], developed the Query Flocks System which
>> produced solutions for mining large amounts of data stored in databases. I
>> remember visiting Stanford with Dr. Rick Steinheiser from the Intelligence
>> Community and Mr. Brin would rush in on roller blades, give his
>> presentation and rush out. In fact the last time we met in September 1998,
>> Mr. Brin demonstrated to us his search engine which became Google soon
>> after."
>
>
>> Brin and Page officially incorporated Google as a company in September
>> 1998, the very month they last reported to Thuraisingham and Steinheiser.
>> 'Query Flocks' was also part of Google's patented 'PageRank' search system,
>> which Brin developed at Stanford under the CIA-NSA-MDDS programme, as well
>> as with funding from the NSF, IBM and Hitachi. That year, MITRE's Dr. Chris
>> Clifton, who worked under Thuraisingham to develop the 'Query Flocks'
>> system, co-authored a paper with Brin's superviser, Prof. Ullman, and the
>> CIA's Rick Steinheiser. Titled 'Knowledge Discovery in Text,' the paper was
>> presented at an academic conference.
>
>
http://www.mintpressnews.com/cia-made-google/201521/?desktop-version=on
Original article:
https://medium.com/@NafeezAhmed/how-the-cia-made-google-e836451a959e
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Net-connected Barbie?

[Steve Pirk]

Why did I immediately think of Chucky when I was reading this... and I am
sure that propaganda (state or corporate sponsored) is top on the list of
undocumented features...


On Tue, Feb 17, 2015 at 2:57 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah  wrote:

> http://www.bbc.com/news/technology-31502898
>
> Oh, I can't see any possible problems with that.
>
> Let's see.  Like Siri, et al, the computing power, and data storage, for
> parsing
> what the kid says is undoubtedly elsewhere.  (Mattel?  Apple?  Microsoft?
> the
> NSA?)  So, everything your kid says around the doll is going somewhere, and
> being stored.  (Forever?)  Everything you, or anybody else, says around
> the doll
> is being stored.
>
> Then what kind of algorithm is being used to "feed" jokes and games?  There
> wouldn't be *any* possibility that someone could tweak the agenda here, is
> there?  No possibility of propaganda aimed at the kids?
>
> And I'm *sure* that Mattel has thought long and hard about the security of
> all
> those transactions.  They'd all be protected by bullet-proof crypto,
> authentication and security so that no attacker could hijack the stream.
> You
> know, no crooks trying to find out if the kid is home alone with only an
> inexperienced babysitter, no child pornographers teaching kids how to use
> Webcams, no pedophiles setting up meets with the kids ...
>
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> We die only once, and for such a long time.- Moliere
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Waste four and a half minutes of your time

[Steve Pirk]

I'll never be able to watch a high speed chase again without thinking of
the Benny Hill show. Thanks Rob :)

On Fri, Feb 27, 2015 at 10:17 AM, Blanchard, Michael (InfoSec) <
michael.blanch...@emc.com> wrote:

> That one guy walking along the black llama should have tackled it instead
> of trying to give it a Vulcan nerve pinch LOL
>
> Michael P. Blanchard
> Principal Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
> Cyber Security Services
> EMC ² Corporation
> 32 Coslin Drive
> Southboro, MA 01772
>
> -Original Message-
> From: funsec [mailto:funsec-boun...@linuxbox.org] On Behalf Of Rob Slade,
> doting Grandpa of Ryan, Trevor, Devon, and Hannah
> Sent: Friday, February 27, 2015 1:00 PM
> To: funsec
> Cc: infose...@yahoogroups.com
> Subject: [funsec] Waste four and a half minutes of your time
>
> Hey, it's Friday, and it's got cops in it, so you can say it has to do
> with security.
>
> http://theconcourse.deadspin.com/llamas-on-llam-llose-llawmen-1688271989
>
> The full video of the Arizona "loose llamas" from yesterday, at high
> speed, and with "Yakety Sax" as the music.  (For those of you old enough to
> remember, that was the title music for the Benny Hill show.)
>
>
> ==
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> "If you do buy a computer, don't turn it on." - Richards' 2nd Law
> "Robert Slade's Guide to Computer Viruses"  0-387-94663-2
> "Viruses Revealed"  0-07-213090-3
> "Software Forensics"0-07-142804-6
> "Dictionary of Information Security" Syngress   1-59749-115-2
> = for back issues:
> CISSP refs: http://victoria.tc.ca/techrev/mnbksccd.htm
> PC Security:http://victoria.tc.ca/techrev/mnvrrvsc.htm
> Security Dict.: http://victoria.tc.ca/techrev/secgloss.htm
> Security Educ.: http://victoria.tc.ca/techrev/comseced.htm
> Book reviews:   http://victoria.tc.ca/techrev/mnbk.htm
> http://victoria.tc.ca/techrev/review.htm
> Partial/recent: http://groups.yahoo.com/group/techbooks/
> http://en.wikipedia.org/wiki/Robert_Slade
> http://www.infosecbc.org/links   http://twitter.com/rslade
> http://blogs.securiteam.com/index.php/archives/author/p1/
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] British Television

[Steve Pirk]

On Sun, 31 May 2009, Gadi Evron wrote:

> Mentioning Monty Python's Flying Circus seems too out of date even for
> this listing, but it has a place of honour on my DVD shelf.
>
> What are you fav Brit shows?
>
>   Gadi.

Number one would have to be Monty Python's flying circus. I do not how 
far off the season path we were, but it was a late Friday or Saturday 
night favorite back in '74 where we would just slump back in bean bag 
chairs, many times still buzzed from some south american tobacco, and 
be completely blown away by the unique and audacious humor presented 
by that team. Understand, this was Denver colorado, us of a. Not the EU.

How the heck we got Monty Python, I will never know. Don't even get me 
started on the Benny Hill show (#2 comedy). Scandalous! hahahaha

-steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] British Television

[Steve Pirk]

On Thu, 4 Jun 2009, Nick FitzGerald wrote:

> Drsolly wrote:
>
>> As a Brit, I'm constantly amazed that Americans like Benny Hill.
>
> As a human being, I'm constantly amazed that anyone liked (let alone
> may still like) Benny Hill...
>

Ok, I give up! I believe the phrase I used was "scandalous". Not sure 
I used "I liked it". More "I laughed at it. I will check the archives 
:-)

Understand, we are talking late '70's, early 80's for Benny Hill (I 
think, defintely mid '70's for Flying Circus...). I was younger and 
more easily influenced. Think of what we had for american tv comedy 
back in the late'70's etc.
--
-steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] [inquiry] Internet/cell in Teheran down?

[Steve Pirk]

Npr (All things considered) is reporting that cell phones and Internet
access in at least Teheran if not all of Iran is down. Reporters are
unable to connect out.

Anyone hear of anything?

-steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] [inquiry] Internet/cell in Teheran down?

[Steve Pirk]

On Sun, 14 Jun 2009, Rich Kulawiec wrote:
> I've been following political developments there over the last 24-36 hours.
> It appears that the election results weren't just stolen, they were entirely
> fabricated: that is, nobody even bothered to count ballots, they just made
> the numbers up.  The results of this completely-obvious fraud have been
> what you might expect: protests, arrests, riots, disinformation, violent
> clashes, cut-offs of telecommunications, etc.  I rather suspect we'll see
> either (a) a pervasive totalitarian crackdown and imposition of martial
> law combined with severe restrictions on telecom or (b) a revolution.
>
> Maybe both.
>
> ---Rsk

In 1979, I watched on tv in Denver as the American School of Teheran 
was overrun by protesters after the Shah fell. All I could think of 
was what a change from the way things were when I attended as a kid in 
'66. I see a lot of the same looks on the protester's faces as I saw 
back in '79.

I also see a lot in these kids today that was there back when Iran was 
developing before the revolution. The Iranian people will set things 
straight, you watch. They always do "what needs doing". An awesome 
people ^__^. My money is on b), probably peacefully behind the scenes 
via the religious councils.

-steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Remote support for Iranian protestors making it harder them to reach the outside world?

[Steve Pirk]

On Wed, 17 Jun 2009, ch...@blask.org wrote:
>
> A friend of mine live-blogging the incident asked this:
>
> "...there seems to be a raging debate as to whether the DDOS attacks on 
> government websites screws up bandwidth and make it harder for ordinary 
> Iranians to connect there." Would love some informed opinions on this topic."
>
> Anyone have an idea what connectivity to/from Iran consists of?  Think all 
> the page-reload DDOS stuff could disrupt outbound access from the protesters?
>
> -chris

The students I have listened to are fairly confident it is active 
outbound blocking. Heck, ground lines barely work. Everytime they find 
a new site/address to get to or proxy through is soon blocked 
(including one I set up :-)

I am sure inbound ddos is messing things up, but my gut feel is active 
blocking of sites... Twitter is about all they can use. Did these 
ddos attacks kill sms before the vote on Friday?

Just my opinion.

--
steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] How many nukes can reach your location?

[Steve Pirk]

On Thu, 2 Jul 2009, Paul Ferguson wrote:
> Yikes.
>
> http://nukeometer.com/
>
> - - ferg

Subtracting the USA missles that I hope they would not use on their 
own country, I have 4,881 hanging over my head. bummer.

Gee, thanks Ferg... ;-\ lol
--
steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] How many nukes can reach your location?

[Steve Pirk]

On Fri, 3 Jul 2009, valdis.kletni...@vt.edu wrote:
> On Fri, 03 Jul 2009 15:33:55 +1000, silky said:
>> It counts nukes from the country entered, which is a little weird.
>
> I'll posit that for many people living in a nuclear state (declared or not),
> the threat of being nuked by your own gone-batshit leadership trying to
> put down a rebellion/insurrection/invasion on their own territory is
> actually *higher* than being nuked by some other nuclear state.
>

curmudgeon came to the same conclusion but as the result of an 
external force re-targeting our own nukes (who says it has to be hostile
from within?). I can see the next Die Hard - going after cyberterrorists 
that are taking over our nuke control systems remotely somehow.

2347 from USA - That makes 7228 for Kitsap county WA. I _can_ say that 
we will go in the first 3 or 4 that are launched... Small things like 
the west coast nuke subase (Bangor), Widby Island NAS, and Puget Sound 
Naval shipyard within 5 miles... Can you say extra crispy? ;-\
--
steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Message Gray Hole?

[Steve Pirk]

On Mon, 6 Jul 2009, Gadi Evron wrote:
> Jon Kibler wrote:
>> Starting sometime over night last night, I started receiving messages from
>> FUNSEC that had been originally sent days or weeks ago. Looking at the email
>
> It's called "Gadi cleared up the moderation queue again".

As I was sitting here laughing at the explanation for some of the 
anomalies we have all seen recently, I was struck by the phrase "all 
of us" and went "wow, how many thousands of 'wtf' emails did Gadi and 
Jon avert by producing this 2 email exchange...?"

I just thought it was funny.. move along... nothing to see here...
--
steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Love in the time of audits

[Steve Pirk]

On Mon, 6 Jul 2009, Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:

billion.  On one occasion in 2004, the SEC investigator in the Office of
Compliance Inspections and Examinations warned supervisors that the
perpetrator’s paperwork and electronic data were full of irregularities. She 
took
her concerns to her supervisor, who was working under the assistant director of
the department. The assistant director, who is no longer with the SEC, later
married the perpetrator’s niece. The investigator’s claims turned out to be
consistent with the case the Justice Department eventually brought against the
perpetrator. When the investigator brought her concerns to her supervisor,
however, he directed her to concentrate on an investigation of mutual funds.

http://www.upi.com/Business_News/2009/07/02/Five-SEC-investigations-
missed-Madoff/UPI-51201246538744/



I am waiting for the other shoes to drop as this story unfolds. I hope 
it gets good coverage on npr or the bbc. This scheme involved a lot 
more people than we think I bet...

--
steve___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] can someone please try and explain to me....

[Steve Pirk]

On Thu, 9 Jul 2009, Gadi Evron wrote:

> Why people call this so-called Korea DDoS a cyber war? Don't people know
> how the Internet works yet?
>
>   Gadi.
>

I have been wondering the same thing. I am behind on this one. Links 
to good write-ups anyone have?
--
steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Former General of all American Intellig ...

[Steve Pirk]

On Sat, 11 Jul 2009, Peter Evans wrote:
>   Thats normal. Quick break down here, based on elementary mechanics.
>   Skycrappers are built for the static load "their own weight" and
>   the dynamic load "wind"
>
>   the plane did not knock it over, a couple of hundred tonnes hitting the
>   side is peanuts compared to wind loading. what it did was cause a fire.
>   the fire melted important stuff, this could no longer hold the static 
> mass
>   above it. it came down under the influence of gravity,
>   you now have "chunk of building mass M moving down = monstrous dynamic 
> load.
>   And from then on it's house of cards. Game over.
>   The reason it looks more like a professional demolition job is because
>   that is exactly what they do too. (search for "top gear toyota" on 
> youtube ^^)
>

Also, please remember, that the WTC towers were designed to survive 
exactly this type of "event", but at the time, the only plane of the 
correct size (747's were deemed too big to pull this off), was a 
Boeing 737. The WTC towers _would_ have survived if they had used 
737's instead of 757's. 757's had like 3 times as much fuel at impact 
time as a similar 737 flight, and did a lot more damage to the 
vertical supports than a 737 would have done due to mass*velocity.
--
steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] global warming is b/s? nice hatchet job

[Steve Pirk]

On Sun, 12 Jul 2009, Alex Eckelberry wrote:
> The problem is on both sides, however.  Many people who believe in
> global climate change also don't understand even the basics of the
> science, but take it up because it's in line with the political beliefs.
>
>
> Your point about ice breakups is a good one.  This is feedback in
> action, something which no model can predict -- and it's the scariest
> part of the problem.
>

Nasa studies said that the max co2 the environment and inhabitants of 
the earth we adapted to was something like 350 ppm(billion?) co2. 
Problem is, we are already at like 385. bummer.

Why do scenes from "The Day After Tomorrow" keep popping into my head?
--
steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Smartphone maker HTC settles with FTC over security flaws

[Steve Pirk]

This is why I always try and buy genuine Google devices, like the Nexus 1
(htc), the Nexus 7 (Asus?) and now the Nexus 4 (htc) to replace the N1.
Google does not let htc (or anyone else) mess with the OS on devices they
sell themselves (as far as I know... :) I also get updates as soon as
Google releases them.

-- steve 


On Fri, Feb 22, 2013 at 6:57 PM, Jeffrey Walton  wrote:

>
> http://www.washingtonpost.com/business/technology/smartphone-maker-htc-settles-with-ftc-over-security-flaws/2013/02/22/f438ed92-7d28-11e2-82e8-61a46c2cde3d_story.html
>
> The Federal Trade Commission announced Friday that it had settled
> charges that HTC America had inadequately secured its smartphones and
> tablets, leaving sensitive user information vulnerable to malicious
> programs.
>
> Regulators said that HTC had modified the operating systems on its
> mobile devices, adding features that left customers vulnerable to
> applications that can secretly collect information such as call logs
> and location data. The case highlights growing concerns that the
> fractured nature of popular smartphone platforms, in which
> manufacturers customize Google’s and Microsoft’s operating systems,
> can leave an opening for hackers.
>
> Many owners of HTC products received patches to plug security holes
> after the issues came to light in 2011. The company said in a
> statement Friday that it is working to update the rest of the phones.
>
> The FTC declined to comment on whether it is investigating other
> handset makers over similar concerns, but said the case is just one
> piece of the agency’s look at mobile security and privacy issues.
>
> Last month, the agency released guidelines for mobile app developers
> on the best ways to notify users about their data and privacy
> policies, and it has advised smartphone makers to think about ways to
> test, address and respond to security issues during the development
> process.
>
> “It’s important that they think about security by design,” said Nithan
> Sannappa, an attorney in the FTC’s Bureau of Consumer Protection.
>
> As part of the settlement, HTC America must establish a comprehensive
> security program. It is also prohibited from making false or
> misleading statements about its security.
>
> The settlement is another blow for HTC as it fights to regain lost
> smartphone market share.
>
> It was the first to offer an Android phone and once manufactured the
> most popular phones for the operating system. But the company’s market
> share has fallen steeply in the face of competition from Samsung and
> Apple.
>
> At the end of 2012, HTC had 32 percent of the world’s smartphone
> market, down from 46 percent in 2011.
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Keep Google Reader Running!

[Steve Pirk]

Hahahaha! Change.org... I love it. I bet they will notice it :)
Signed and shared.

-- steve 


On Wed, Mar 13, 2013 at 6:48 PM, Paul Ferguson wrote:

> As you may have heard, Google is planning on killing off it's stalwart
> Reader on July 1st.
>
> I am really kind of bummed about this, because I think Reader is the
> best damned RSS Reader out there, and regardless of what Google
> thinks, there are quite a lot of us using it daily.
>
> If you care:
>
> https://www.change.org/petitions/google-keep-google-reader-running
>
> Google may damned well ignore it, but sign it anyways. :-)
>
> - ferg
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  fergdawgster(at)gmail.com
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Open Recursive DNS Resolver Project

[Steve Pirk]

I think I got my DNS server locked down a few years ago, but will double
check this week. Definitely a project worth supporting.

-- steve 


On Tue, Mar 26, 2013 at 10:28 AM, Paul Ferguson wrote:

> This is an important project -- one in which I plan to spend a lot of
> time this year (and into the future) evangelizing these problems (at
> the APWG CeCOS in Buenos Aires [1] next month & the MAAWG meeting in
> Vienna in June 2], for starters):
>
> Open DNS Resolver Project
> http://openresolverproject.org/
>
> If you are hosting an Open DNS Recursive Resolver, or not doing some
> favor of BCP38 [3], please stop/start. :-)
>
> FYI,
>
> - ferg
>
>
> [1] http://apwg.org/apwg-events/cecos2013
> [2] https://www.maawg.org/events/upcoming_meetings
> [3] https://tools.ietf.org/html/bcp38
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  fergdawgster(at)gmail.com
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] NSLs, Other Privacy Issues

[Steve Pirk]

On Thu, Mar 28, 2013 at 9:06 PM, Jeffrey Walton  wrote:

> They are used by the FBI to bypass courts and conduct secret
> surveillance. But now, in what could prove to be a major blow to the
> Department of Justice, a federal court has found that National
> Security Letters are unconstitutional.
>

Nice find Jeffrey! I imagine Jacob Appelbaum will be happy to see this.
*The U.S. government has obtained a controversial type of secret court
order to force Google Inc. and small Internet provider Sonic.net Inc. to
turn over information from the email accounts of WikiLeaks volunteer Jacob
Appelbaum, according to documents reviewed by The Wall Street Journal.*
http://online.wsj.com/article/SB10001424052970203476804576613284007315072.html


-- steve 
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Spoofer Project

[Steve Pirk]

I have a Comcast business class connection, and the only addresses the
program could spoof were the local addresses in my subnet. It looks like
Comcast is filtering things nicely at my first router hop upstream.

-- steve 


On Thu, Mar 28, 2013 at 9:49 PM, Jerry  wrote:

> FYI, spoofer compiles without issue (or even warnings) on Solaris.
>
> Will forward run results results off line.
>
>
>
>
> On 03/28/13 08:03 PM, Paul Ferguson wrote:
>
>> Hi, funsec people.  :-)
>>
>> This kind of goes hand-in-hand with a much larger community project,
>> but I'd like to encourage you to participate in the Spoofer Project,
>> and share the results:
>>
>> http://spoofer.csail.mit.edu/
>>
>> Please take a moment to download the software (it is safe, I promise!)
>> -- there are software packages available for Mac OSX, Windows, and
>> Linux. The source code is also available if you care to inspect it.
>>
>> I am simply curious to see if any of your home ISPs allow spoofed
>> packets to originate from within their downstream customer networks.
>>
>> As some of you may (or may not) know, I co-authored BCP38 [1], which
>> was published in May 2000, and yet there are an astounding number of
>> ISP networks on the planet that still allow traffic with spoofed
>> source addresses to originate from within their networks. This is the
>> primary culprit in generated DNS Amplification Attacks, an issue which
>> several of us are currently engaged in, and will be talking about for
>> the months (and years?) to come in our community outreach.
>>
>> So if you have a few free moment, please take a few moments when you
>> are at home and let me know the results.
>>
>> Thanks,
>>
>> - ferg
>>
>>
>> [1] https://tools.ietf.org/html/**bcp38
>>
>>  __**_
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/**mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Verizon Service, Actiontec Gateway, and SSL Certifcate

[Steve Pirk]

Yikes! If I understand you correctly, you are saying the private key you
looked up was in the wild.
I give up :)

-- steve 


On Mon, Apr 29, 2013 at 7:17 PM, Jeffrey Walton  wrote:

> Well, this is not a good sign. I downloaded littleblackbox
> (https://code.google.com/p/littleblackbox/), which is a database of
> shared private keys. The program connects to the device or servers,
> fetches the certificate, and tries to find the private key in its
> database:
>
> jeffrey@ubuntu-12-x64:~/littleblackbox-0.1.3/bin$ ./littleblackbox -r
> 192.168.1.1:443
>
> -BEGIN RSA PRIVATE KEY-
> MIICWwIBAAKBgQDOPa+w/2o5IuWs3eV2MVXEpyqLYfZScbyPpr2mY8zkbdKC6DFq
> zG6cBY7S06qobVjXmOgQMkoVoO8ihbD1NB6V/4xyDgMwJJ8uSfpaB/JyzefeoNz9
> Gcg+s+wpKoG84PTHyfVy6xMTCwZ+qC26JLGPquu/ucwEljHy0WVYPmb9VQIDAQAB
> AoGAYrG+W9M+f+0lP95IKpFdW+grQdw1RirLc2r1oqRrrnynmqGG1HbUD7HRMS69
> ojABrdqsYuPN9B+5kCmuDwlMANwIwV3ZwxE7A7Hy1tpi9PgckTjZW8rCl3ciEZkx
> Y+Xw9j9QGlSI6Hxthocb/4eCwwMenLrSZDj6oKuZ7DgJUJkCQQDl88c7RJsTS6HN
> ztAjFxpKobIgzy9u1AH15WDqqd2rawtJk2FTFcz0GrAy/gawKU42wFqZOKv28iMq
> 96fGcPN3AkEA5ZpSL+vQD1WAEd7Vv56zqmTOTpEOGoDD5zxfch4gvr8rCgU6hDmz
> 0Y3UQ7MRJrTNvVwYXpIUoazBBUZUfbpQkwJAagxTBXJOUke/BzspogU1itWnYJos
> NeBwRwbR+2b7Y+KqAfSGHdsf+jOUru+YBgYGnBl5rtAD/o8MyPQN2+abYQJABhbD
> mzW7vMxdqxunu38v8JLfzcGXCCjmCRnWxiX6ZFSZhZiB5sPI+wOx32G+ULJ2ylDI
> 7KkfFvKH4+Xrk7H/NQJAJWQusAs1tHhDDddvcvqe4J5q0qvNdOSTs0Cu2CimWPxe
> tfcz64o64XWgmCAaFq2pfaN4oC1kaGnIbUEdtIqNXw==
> -END RSA PRIVATE KEY-
>
> On Mon, Apr 29, 2013 at 2:23 AM, Jeffrey Walton 
> wrote:
> > Hi All,
> >
> > I have Verizon service which provides an Actiontec gateway. The
> > gateway is model MI424WR, running firmware 40.20.1. ("Firmware Update"
> > claims its up to date, even though there's been no updates for quite
> > some time, including patches to dhcp and libupnp).
> >
> > Can anyone verify the certificate (and key pair) included with the
> > gateway is unique (or better, static)? Below are the thumbprints and
> > certificate details from OpenSSL after exporting the certificate (from
> > Firefox).
> >
> > Bonus points: does anyone know how to generate a new certificate or
> > upload a new certificate? The Actiontec manual only mentions SSL
> > certificates when it says to ignore warnings and proceed because its
> > safe [1] (seriously!).
> >
> > Thanks
> > Jeff
> >
> > [1]
> http://support.actiontec.com/doc_files/MI424WR_Vz_User_Manual_4.0.16.1.45.160_v4.pdf
> >
> > $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -fingerprint
> > SHA1
> Fingerprint=43:88:33:C0:94:F6:AF:C8:64:C6:0E:4A:6F:57:E9:F4:D1:28:14:11
> >
> > $ openssl x509 -in ORname_Jungo\:OpenRGProductsGroup -noout -text
> > Certificate:
> > Data:
> > Version: 3 (0x2)
> > Serial Number: 0 (0x0)
> > Signature Algorithm: md5WithRSAEncryption
> > Issuer: C=US, CN=ORname_Jungo: OpenRG Products Group
> > Validity
> > Not Before: Jun  3 11:11:43 2004 GMT
> > Not After : May 29 11:11:43 2024 GMT
> > Subject: C=US, CN=ORname_Jungo: OpenRG Products Group
> > Subject Public Key Info:
> > Public Key Algorithm: rsaEncryption
> > Public-Key: (1024 bit)
> > Modulus:
> > 00:ce:3d:af:b0:ff:6a:39:22:e5:ac:dd:e5:76:31:
> > 55:c4:a7:2a:8b:61:f6:52:71:bc:8f:a6:bd:a6:63:
> > cc:e4:6d:d2:82:e8:31:6a:cc:6e:9c:05:8e:d2:d3:
> > aa:a8:6d:58:d7:98:e8:10:32:4a:15:a0:ef:22:85:
> > b0:f5:34:1e:95:ff:8c:72:0e:03:30:24:9f:2e:49:
> > fa:5a:07:f2:72:cd:e7:de:a0:dc:fd:19:c8:3e:b3:
> > ec:29:2a:81:bc:e0:f4:c7:c9:f5:72:eb:13:13:0b:
> > 06:7e:a8:2d:ba:24:b1:8f:aa:eb:bf:b9:cc:04:96:
> > 31:f2:d1:65:58:3e:66:fd:55
> > Exponent: 65537 (0x10001)
> > X509v3 extensions:
> > X509v3 Basic Constraints:
> > CA:TRUE, pathlen:5
> > X509v3 Key Usage:
> > Digital Signature, Non Repudiation, Key Encipherment,
> > Data Encipherment, Certificate Sign
> > X509v3 Extended Key Usage:
> > TLS Web Client Authentication, Code Signing, E-mail
> > Protection, TLS Web Server Authentication
> > Netscape Comment:
> > Jungo OpenRG Products Group standard certificate
> > Netscape Cert Type:
> > SSL Client, SSL Server, SSL CA
> > Signature Algorithm: md5WithRSAEncryption
> >  9e:d6:d6:cd:8f:e4:52:1a:ad:77:99:4d:f9:91:18:da:06:12:
> >  92:df:5f:5a:88:8b:66:87:7d:86:03:2c:d7:82:3e:24:64:56:
> >  b9:10:f5:ad:ef:77:c2:f9:45:d4:51:6f:c4:93:a4:cf:63:0b:
> >  73:47:64:47:4c:f4:fd:6d:fa:cf:b4:f0:ef:2a:49:53:ff:35:
> >  77:29:ed:6b:dc:88:58:b4:b2:c1:d9:f5:fd:8e:80:ed:5e:81:
> >  c3:24:05:46:e2:65:83:6f:e7:0c:ff:ad:52:5b:5c:e9:c5:db:
> >  51:ef:06:75:

Re: [funsec] Don't Get Scroogled!

[Steve Pirk]

Wow, Microsoft is running these ads on TV? Damn, they must be really
desperate... :-)

>From a Tech crunch article (many more articles  that say basically the same
thing...
http://techcrunch.com/2013/04/09/microsofts-latest-scroogle-ads-attack-sharing-of-information-that-google-developers-need-to-process-transactions/
(When I purchase with wallet on a PC browser, the merchant is handed a
garbled email, and I have to grant them access to my real email. Kind of
like Craigslist)
...
Google Wallet shares the information needed to process transactions and
maintain accounts, and this is clearly stated in the Google Wallet Privacy
Notice.

Why the mention of Google Wallet?

The main difference between Google Play and the Apple App Store is that
Google uses its “Wallet” service to process transactions. While it’s not a
third-party service in the sense that it’s a different company, it is a
function of the process that is not embedded into the Google Play
experience. It’s something that users are made aware of in the terms of
service and privacy policies when they sign up.

More importantly, when merchants and developers sign up to sell things in
Google Play, they must buy into not sharing any of the information that
they get, which is name, email address and general location — the things
that all companies selling things online need in order to process your
transaction and provide support. Better start your attack against Amazon,
Etsy and everyone else on the Internet, Microsoft.

I know, Google is the big bad guy... Well, if giants like Microsoft feel
they need to pull stuff like this to survive, maybe it is not so bad that
they get taken down a peg or two :-)

-- steve
I just saw this ad on television. It was funny as hell, and included
the wifi collector car.

http://www.scroogled.com
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Network Solutions steals domain ideas; Confirmed!

[Steve Pirk]

I tested this by doing just a whois query from my linux box yesterday.
Today, the domain is registered to Network Solutions. It may take a
bit longer, but even queries against whois.networksolutions.com seem
to get registered.

Unfortuunately, if the whois program cannot figure out which whois
server to query, it defaults to doing a lookup against
whois.networksolutions.com. Play it safe and force it to use another?

$ whois netsolisrippingpeopleoff.com

   Domain Name: NETSOLISRIPPINGPEOPLEOFF.COM
   Registrar: NETWORK SOLUTIONS, LLC.
   Whois Server: whois.networksolutions.com

--
Steve
Equal bytes for women.

On Thu, 10 Jan 2008, Dude VanWinkle wrote:


On Jan 9, 2008 9:15 AM, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote:

January 8th, 2008 by Jay Westerdal


"BEWARE: Don't Search For Names At NetworkSolutions.com

Network Solutions has instituted a 4 day lock on all domain names searched on their 
site. They are effectively using phishing techniques to hijack or steal domain names 
and forcing domain name registrants to register their names at Network 
Solutions."



Hmm, I am now working on a curl script to query every possible
combination of words in the dictionary. Maybe if we do enough of this
every 4 days, no one will be able to register any new domains ever.

Bwa ha ha haa!

-JP
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

[funsec] Various .cn domains for sale?

[Steve Pirk]

Not really security related, but fun anyway...

I just got an email from someone at [EMAIL PROTECTED] telling me
that pirk.com.cn is owned by them and they would be willing to
sell it to me so I can take advantage of the emerging China market.
A reply to that address and also to the MSN IM address [EMAIL PROTECTED]
have not bounced yet, so maybe someone is really there.

If they registered my domain in the .cn TLD, how many others have
they also done? Anyone have a good tool to query these things with?

[quote]
We have pirk.com.cn and found that the domain is pretty useful for
you to explore China market.

We can really consider selling it. If you are interested in it
,please reply to us and discuss the domain tranfer matters.

We could finish the transaction through www.sedo.com which is a
international Domain trade agency.You will be notified immediately if
your offer is accepted.

China is the biggest market in the world Dot.cn domains is mostly
used in China 10,000,000 .cn domains are been registered

At last,Sorry for the disturb if any.
Wish you a happy new year 2008, and welcome to our China to visit
Olympic Games.
[/quote]

The whois info is as follows:
Domain Name: pirk.com.cn
ROID: 20080115s10011s32719764-cn
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Registrant Organization: Asia Technologies, Inc.
Registrant Name: Asia Technologies, Inc.
Administrative Email: [EMAIL PROTECTED]
Name Server:ns2.sedoparking.com
Name Server:ns1.sedoparking.com
Registration Date: 2008-01-15 09:53
Expiration Date: 2009-01-15 09:53

The IP for the web site is:
82.98.86.163 - basically a ad hit generation site - no pr0n yet.
get 82.98.86.163 reveals

inetnum:82.98.86.0 - 82.98.86.255
netname:SEDO-1-NET
descr:  Sedo Domain Parking
address:Mainzer Landstr. 199
address:D-60326 Frankfurt
address:Germany
phone:  +49 69 758915 0
fax-no: +49 69 758915 33
e-mail: [EMAIL PROTECTED]

person: Ulrich Priesner
address:Sedo GmbH
phone:  +49 221 34030-0
e-mail: [EMAIL PROTECTED]

So is it China that registered it, or some outfit in Germany? The
fact that is it beyond the 4 day "tasting period" and is still
registered means that someone paid money for what I would consider
a basically useless domain. I mean hey, it is my "fun" domain site.
--
Steve
Equal bytes for women.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Palin's Email hacked and placed on wikileaks.org

[Steve Pirk]

As of 20:50 pm PDT the IP is not even pingable. Dies at:
20  vlan401.ge0.cr0.sth3.prqinet.net (193.23.57.146)  205.583 ms  214.754 
ms  214.899 ms
21  vlan401.ge0.cr0.sth3.prqinet.net (193.23.57.146)  210.595 ms 
ge0.tr0.sth3.prqinet.net (88.80.5.3)  216.255 ms  212.661 ms
22  ge0.tr0.sth3.prqinet.net (88.80.5.3)  212.741 ms  202.908 ms  204.641 
ms

--
Steve
Equal bytes for women.

On Wed, 17 Sep 2008, security curmudgeon wrote:

>
> http://wikileaks.org/wiki/Sarah_Palin_Yahoo_email_hack_2008
>
> for the source (site not responding this second)
>
> On Wed, 17 Sep 2008, Gadi Evron wrote:
>
> : Oh, if you know this is real, please let me know.
> :
> :
> : On Wed, 17 Sep 2008, Gadi Evron wrote:
> :
> : > Hat tip to @bkdelong
> : > ___
> : > Fun and Misc security discussion for OT posts.
> : > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> : > Note: funsec is a public and open mailing list.
> : >
> : ___
> : Fun and Misc security discussion for OT posts.
> : https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> : Note: funsec is a public and open mailing list.
> :
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] thoughts

[Steve Pirk]

On Tue, 31 Mar 2009, der Mouse wrote:

>> We are accustomed to see malware bent on financial gain, but what is
>> the motivation for Conficker?  The investment was made, the ammassed
>> "firepower" is large, and no gain has yet been obtained.  Could the
>> owners of Conficker be outside of the usual criminal circles?  Could
>> it be a military project, waiting for a political event, to activate?
>
> Could?  Certainly.
>
> My own suspicion?  It's a relatively ordinary botnet-in-prepraration,
> just run by someone who's willing to let it lie fallow for a few months
> in order to get better penetration before spinning it up.
>

I heard something this am on npr that got me thinking. A radical Taliban 
group claimed credit for the Pakistan Police training facility attack 
yesterday, and then said Washinton was next and it would be "amazing".

What better terroist attack than to use a giant botnet to paralize US govt 
networks or banking networks?

Just thinking out loud... :-)
--
Steve
Equal bytes for women.

> (My own opinion of the "Conficker pwns Parliament" thing is rather well
> summed up by xkcd #463.  But then, that's how I feel about most malware
> incidents.)
>
> /~\ The ASCII   Mouse
> \ / Ribbon Campaign
> X  Against HTML   mo...@rodents-montreal.org
> / \ Email! 7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Off Topic: Great NPR foo..

[Steve Pirk]

We get "this american life" at 7 pm PT on Fridays and also Sat morning. 
Stream at kuow.org. I really enjoyed the ones they did on the financial 
meltdown.

Another show that rocks is the CBC's "Wire tap".
--
Steve
Equal bytes for women.

On Wed, 15 Apr 2009, Paul Ferguson wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Gadi and I were chatting earlier about great NPR shows, etc.
>
> One of my favorites is "This American Life", and I also dig "Radio Lab" --
> bot of which run during the weekend, when most people are not listening to
> NPR.
>
> "The American Life" is perhaps one of the best damned radio shows in
> existence, and "Radio Lab" is not too shabby.
>
> Just an FYI -- both are freely available on the Web:
>
> http://www.thisamericanlife.org/
> http://www.wnyc.org/shows/radiolab/
>
> Explore.
>
> - - ferg

We get "this american life" at 7 pm PT on Fridays and also Sat morning.
Stream at kuow.org. I really enjoyed the ones they did on the financial
meltdown.

Another show that rocks is the CBC's "Wire tap".
--
Steve
Equal bytes for women.

___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Google's unofficial torrent search

[Steve Pirk]

On Mon, 20 Apr 2009, Juha-Matti Laurio wrote:

> An interesting situation after Pirate Bay case...
>
> http://mashable.com/2009/04/20/google-torrent-search/
>
> Juha-Matti

To me, the win for the RIAA means that anyone can sue anyone who offers 
any type of search results that may link to coyrighted material. e.g. if I 
create a copyrighted article, post it on my site telling people not to 
read it, I could sue google, yahoo or even the RIAA if they happen to 
display a link to my page in _any_ search results.

Am I reading the verdict wrong?

--
Steve
Equal bytes for women.
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] This sounds like a security disaster just waiting to happen...

[Steve Pirk]

On Wed, 29 Apr 2009, Larry Seltzer wrote:

>>> http://www.microsoft.com/windows/enterprise/products/branchcache.aspx
>>> This link redirects to Windows homepage now.
>
> Not for me. I'll violate some copyrights by reproducing the main text of
> the page here:
>
> Improve application responsiveness with BranchCache
> Increase branch office user productivity
...
> When IT enables BranchCache, a copy of
> data accessed from an intranet web site or a file server is cached
> locally within the branch office. When another user on the same network
> requests the file, the user gets access to the content almost
> immediately as it is downloaded from the local cache rather than over a
> limited bandwidth connection back to headquarters.
> Flexible Architecture
...

So, Microsoft has implemented a squid like server as part of their gateway 
solution for office connections to the net. If done correctly, sould be 
safe enough, no?

-steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] This sounds like a security disaster just waiting to happen...

[Steve Pirk]

On Wed, 29 Apr 2009, Jeff Kell wrote:

> Steve Pirk wrote:
>> So, Microsoft has implemented a squid like server as part of their gateway
>> solution for office connections to the net. If done correctly, sould be
>> safe enough, no?
>
> You didn't catch the bit about using all the local user's caches in the
> common pool?
>
> One nice big fat file share with r/w/x access across the network, yeah,
> that's the ticket...
>
> Jeff

oops. Yeah, ok, I will keep my mouth shut. Completely missed that. 
(where are my glasses?)

-steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] This sounds like a security disaster just waiting to happen...

[Steve Pirk]

On Wed, 29 Apr 2009, Rich Kulawiec wrote:

> On Wed, Apr 29, 2009 at 12:27:41PM -0700, Steve Pirk wrote:
... embarassing comments deleted ...
>> safe enough, no?
>
> Well...I'm not so sure.  I mean, if we grant the "done correctly" part
> for the sake of argument, it sounds to me like a file F requested by
> user A on system X may be cached on system Y used by user B, even if
> user B does not have the appropriate permissions for file F.  If that's
> the case, and it may not be, then a security issue with system Y or
> user B could expose file F.
>
> Is this how others are reading it?
>

After I got up off the floor laughing at the who's on first beauty of the 
above logic chart, it hit me that this probably would not be limited to 
"internet" cached data, but possibly all internal web data as Rich says. 
Right away I thought of ACL content (auth/auth) that is web based within a 
company tagged "your eyes only" that could be cached.

Quick, how many apps do _not_ use windows domain based auth/auth to 
determine who is allowed to see content. Ick. This would be bad where I 
work.

"read the entire blurb steve..."

-steve
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Spyware Still Cheating Merchants and Legitimate Affiliates

[Steve Pirk]

Very nice writeup. Has anyone considered forwarding the URL
to Blockbuster? Anyone have a contact? I doubt that an email
to customer service or abuse would get anyone's attention...

Just a thought... (thanks Ferg!)
--
Steve
panic: can't find /

On Mon, 21 May 2007, Fergie wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Ben Edelman:
>
> [snip]
>
> Spyware vendors are trying to clean up their images. For example, Zango
> settled a FTC investigation, then last week sued PC Tools for detecting and
> removing Zango software. Meanwhile, Integrated Search Technologies (makers
> of a variety of software previously widely installed without consent)
> introduced a new "Vomba" client that even received "provisional" TRUSTe
> Trusted Download certification.
>
> But these programs' core designs are unchanged: They still track user
> behavior, still send browsing to their central servers, and still show
> pop-up ads -- behaviors users rightly disfavor due to serious effects on
> privacy and productivity.
>
> Putting aside users' well-known dislike for pop-ups, these programs also
> continue to interfere with standard online advertising systems. In
> particular, these programs show ads that overcharge affiliate merchants --
> especially by claiming commission on organic traffic merchants would have
> received anyway. This article presents six specific examples, followed by
> analysis and strategies for enforcement.
>
> [snip]
>
> More:
> http://www.benedelman.org/news/052107-1.html
>
> - - ferg
>
> -BEGIN PGP SIGNATURE-
> Version: PGP Desktop 9.6.1 (Build 1012)
>
> wj8DBQFGUetFq1pz9mNUZTMRAhOVAKDIGPZRJ5pdgv+g7vfiUWHcTyzXSACdHV4f
> 69kRTpqe2DOwmpQJMzduSNI=
> =lvS8
> -END PGP SIGNATURE-
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg(at)netzero.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>
>
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Oops. Sorry, wrong boat. Could we have a do-over?

[steve pirk [egrep]]

On Sat, Oct 17, 2009 at 08:29, Paul M Moriarty  wrote:

> Hmm... or a eunuch systems administrator?
>
>
O! Kind of like my mother was a daemon and my father was a unix? [not
sure I got the mom part right, might have been a Vax ;-]

--steve

> On Oct 17, 2009, at 8:11 AM, Remo Cornali wrote:
>
> >
> >
> > chaim.rie...@gmail.com ha scritto:
> >
> >> Gadi is awol, prolly hangin out in a harem in the desert.
> >>
> >
> > Doh, I didn't know he is an Arab Sheikh.  ;-)
> >
> > Ciao!
> >   Remo
>

-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Wondering

[steve pirk [egrep]]

On Wed, Oct 21, 2009 at 17:42, Buhrmaster, Gary wrote:

> ...
> > Am trying to figure out the logistics.
> ...
> > In addition since when can a civilian company do something without a
> warant ?
> ...
>
> I believe that the claim of OnStar is that the the owner
> of the vehicle has to initiate the request to enable the
> SVS feature (passphrase/code?), and only then will the
> operator direct Law Enforcement to the vehicle via the
> GPS location, and only when Law Enforcement has the
> vehicle on sight will they initiate the disablement.
>
> So, OnStar was performing an act on behalf/request of
> their customer (the owner of the stolen vehicle).
> Sounds like a basic civil contract to me (although I
> have never had OnStar, nor read their contracts with
> their customers).
>
> Whether OnStar would disable vehicles on the request
> of LE without the owner's request, and what authorization
> they would require, is left as a different exercise.
>
>
Sounds like the same thing as a trusted system administrator who might call
up the data center where he owns servers etc, and say "our entire cage has
been compromised, please cut the data cables leading from the cage. Here is
your authorization code."

Sounds pretty much like the same thing as the contract between
On-Star/vehicle owner. The techs in the data center have instructions on
what to do in what event - given the proper authorization. We had this in
our second data center back in 1996.
A physical cutter in place that would cut the wires. A bit extreme maybe, I
did not design it ;-]

Even odds that this is part of the boilerplate "must authorize" part of
their contract. Think of the liabilities the owner might face if he decides
not to allow them to shut the vehicle down in a case like this, and the
thief plows into a school yard... I would sign in a heartbeat...

--steve
-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Wondering

[steve pirk [egrep]]

On Thu, Oct 22, 2009 at 05:50, Rich Kulawiec  wrote:

> On Wed, Oct 21, 2009 at 09:20:08PM -0700, Paul Ferguson wrote:
> > It doesn't have to be a "trusted admin" -- putting my "evil" cap on, it
> > could certainly be someone who impersonates a "trusted admin" or
> > "interested party".
>
> Right.  So now we have an existence proof that OnStar has this capability,
> and the problem reduces to figuring out how to exploit it.
>
> I wonder if anyone there has considered the consequences that would
> ensue should someone penetrate their security and send out the signal
> to shut them *all* down.
>
> ---Rsk
>
> Well, there is exploiting it, and there is mitigating it. I remember when a
group was implementing a cert authority, and was fairly impressed by the
checks. Master password in a safe, locked in a 5 sided cage welded to the
floor. Only 2 people and one facilities director had access, and there was a
"2 physical key" factor to gain access to the cage. _no_ network access out
of the cage, and all servers associated with the installation were inside
the cage.

Could the cage be exploited? Sure, but the last piece is the safe. That
takes a gun to a head methinks, and by then you probably have other issues.

I am just saying that those of us that can, do what we can to protect
things. I hate the phrase "disaster recovery". I much prefer disaster
mitigation, which when I think about it is pretty much what a lot of us here
also do. Cool.

Thanks for getting me thinking about this. hmmm How to make it so it
does not matter if an installation has been compromised...?

--steve
-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
Sent from Bremerton, WA, United States
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] tips for safe surfing and computer security

[steve pirk [egrep]]

On Fri, Oct 23, 2009 at 16:07, RandallM  wrote:

> On Fri, Oct 23, 2009 at 4:47 PM, Paul M. Moriarty  wrote:
> > What's a mouse pad?
> >
> >On Fri, Oct 23, 2009 at 4:22 PM, Rick Wesson
>  wrote:
> >turn your computer off and go outside; look up at the sunshine and down at
> the
> dirt -- if its raining, look up and open your mouth ;-)
>
> >there, in two lines...
>
> >-rick
>
> Oh you guys are FUN! oh..this is funsec huh! Come on!
> This you big chance to show with me that "users are our best defense!"
> I have preached to our company which has 8 other small companies under it
> about computer performance issues, and being safe. It has worked so well
> that they want to put such info on products to remind others to do the
> simple daily
> and monthly tasks like, check virus updates, scan for malware, run
> defrag, clean temp
> and such.
>
> I was HOPING for some FuN guys to put forth a quick nice list to print
> on products!!
>
> Come on...you can do it!!
>
> --
> been great, thanks
> a.k.a System
>


"To click or not to click... That is the question..."


There's one maybe...

--steve
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] tips for safe surfing and computer security

[steve pirk [egrep]]

On Sat, Oct 24, 2009 at 14:59, Drsolly  wrote:

> Don't believe everything you read.
> On Fri, 23 Oct 2009, RandallM wrote:
>
> > On Fri, Oct 23, 2009 at 4:47 PM, Paul M. Moriarty  wrote:
> > > What's a mouse pad?
> > >
> > >On Fri, Oct 23, 2009 at 4:22 PM, Rick Wesson
> >  wrote:
> > >turn your computer off and go outside; look up at the sunshine and down
> at the
> > dirt -- if its raining, look up and open your mouth ;-)
> >
> > >there, in two lines...
> >
> > >-rick
> >
> > Oh you guys are FUN! oh..this is funsec huh! Come on!
> >
> > I was HOPING for some FuN guys to put forth a quick nice list to print
> > on products!!
> >
> > Come on...you can do it!!
> >
> >
>
>
"To click or not to click... That is the question..."


There's one maybe...

--steve
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Goodbye GeoCities

[steve pirk [egrep]]

On Mon, Oct 26, 2009 at 07:03, Hubbard, Dan  wrote:

> I wonder if they are also serving /cartao.scr
>
> -Original Message-
> From: funsec-boun...@linuxbox.org [mailto:funsec-boun...@linuxbox.org] On
> Behalf Of Larry Seltzer
> Sent: Monday, October 26, 2009 6:14 AM
> To: Juha-Matti Laurio; funsec@linuxbox.org
> Subject: Re: [funsec] Goodbye GeoCities
>
> Check out the tribute on www.xkcd.com
>
> Larry Seltzer
> Contributing Editor, PC Magazine
> larry_selt...@ziffdavis.com
> http://blogs.pcmag.com/securitywatch/
>
>
I hit xkcd about 4 times in seamonkey [linux] and chrome [winxp] and kept
thinking that he has his browser detect messed up and it was showing a http
0.9 beta version of an html page.

hahahaha - that is the tribute - really tacky html...

ok, more coffee or more something else is seriously indicated here... way
too slow this am...
;-]

--steve

-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] NASA on 2012 crap - excellent

[steve pirk [egrep]]

Not sure if this is the same person, but on npr weekend edition, a NASA
scientist was interviewed about his frustration in reading and replying to
the hundreds of emails they get [apparently, they try and answer them]. I
was impressed...

--steve
On Tue, Nov 17, 2009 at 12:25, Rich Kulawiec  wrote:

>
> The sad thing is that this actually needed to be written.  But it
> reinforces
> something I've come to realize over the past decade: most of the political
> labels tossed around simply aren't accurate any more.  The schism (at least
> in the US) is between the reality-based community and those who buy into
> mythology, racism, bigotry, fears, and hype.
>
> ---Rsk
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>



-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Best Linux distribution for home use (was: Family tech support)

[steve pirk [egrep]]

On Sun, Nov 29, 2009 at 22:57, David Lodge  wrote:

> On Sun, 29 Nov 2009 18:53:54 -,  wrote:
> > So, the question is:  what is the best linux distribution for home use?
>
> My personal choice is Fedora. The other alternative is Ubuntu (which I
> have nothing against, I just can't get used to the packaging interface on
> it; which is just my bias, not that there's anything wrong with the
> packaging interface).
>
[snip]

> Then again, as I only run Linux on my server box, I'm going to be
> scrapping it and moving to a sheevaplug running Ubuntu (to keep the better
> half happy: 5W of regular power, as opposed to ~35W), but having it
> headless.
>
> dave
>

Sheevaplug rocks, but if you like control and fine tune-ablility, consider
loading "ArmedSlack" a port of Slackware to the Marvell sheeva processor
[and most ARM processors]. At least you have 2 flavors of linux for the
device then... [love the sheeva]

http://armedslack.com/

To Chris: I settled on Ubuntu, mainly because Evolution works out of the box
and I can use it to talk to the work exchange server via the outlook web
access. Also like the fact that you really never know the root password, you
can only use sudo.

chrome.google.com - select the learn more link, and select the developers
channel. You can download/install a debian [.deb] build of chrome for Debian
Linux [Ubuntu]. It screams! [other reason I went w/Ubuntu].


--steve
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Family tech support

[steve pirk [egrep]]

On Mon, Nov 30, 2009 at 05:21,  wrote:

> On Mon, 30 Nov 2009 23:42:48 +1300, Nick FitzGerald said:
>
> > Yeah, but if she has to actually _exchange_ documents with with others
> > who don't run the same similarly broken version of OOO as she does (and
> > let's just ignore the embarrasing proportion of OOO documents that
> > won't correctly re-open after you save and close them), or worse, with
> > lecturers/tutors/etc who will almost surely be using the "real" MS
> > version and may be rather intolerant of marking her assignments if they
> > don't open properly...
>
> Hmm... you've never worked in an enterprise where half the people have
> upgraded to the new release of Word, and the other half haven't installed
> the plugin that lets their old Word not vomit when they get documents from
> the new Word.
>
>
My simple solution to people who need wp/sheet/draw etc no matter what
platform they are on is to use google docs instead of an office package you
need to purchase from uSoft.. I believe they just upgraded the docs part to
be able to import .docx office 2007 files. If you need to share with someone
who does not have a gmail account, download the file as a msword .doc file
and mail it.

You can edit your files no matter what pc you happen to be on. OO is great,
but can take forever converting spreadsheets. Filesize on uploads is an
issue with some work files I get, but hey, it makes all my friends and
Family happy to have things so easy and free [ok, nothing is _really_ free
on gmail ;-]...

--steve
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] FBI: More Guns == Less Crime

[steve pirk [egrep]]

On Sun, Dec 27, 2009 at 12:50, Steven Allison wrote:

> Living in Arizona and being a concealed carrier myself, I have my views but
> there certainly is a tradeoff when you add guns to the equation of self
> protection in society. In AZ, it is quite easy to get a concealed weapons
> permit as long as you don't have a felony, violent misdemeanor, or
> psychiatric issues on your record.
>
> Even with these easy to get permits, only about 10% of the AZ population
> has
> permits. However, with a 1 in 10 chance of confronting an armed citizen,
> most criminals in AZ have taken safer routes to their criminal activity. So
> has "crime" actually dropped in AZ? Not necessarily. Violent crime (against
> the general law abiding public) certainly has, but it has been replaced by
> car theft, identity theft, burglary and other non-violent crimes.
>

Here in in Washington state, we have the same requirements, and maybe just a
wee bit more of us carry. There are most certainly very defined places you
cannot carry e,g the most important being schools and any establishment that
is 21 or over [read: bars, alcohol present etc].

Me? I am for open carry. That way, the public sees that you are:
a) maybe someone who is tired of seeing nothing but victims everywhere they
go.
b) someone who has been very checked out by the local and state authorities
and also the FBI. You are who you say you are.

Face it, if you want the freedom to take care of yourself or others if need
be, then having every centimeter of your hands digitally scanned into the
federal databases just might be worth it. They have just about as much now,
why not take the extra step and get a hell of a good background check in the
process for free?


> The vast majority of violent crimes involving guns are usually gang or drug
> related. Which to me, if they are cleaning their own gene pool, that is OK
> with me. Clean away. Just stop breeding.
>
>
I just moved up here 2 years ago from 20 years in the LA area. As soon as I
had been here required 90 days [and a resident], I started the process.
There is a pretty good reason open gang warfare seems less up here. If
people can legally shoot back, then that changes things a bit.

As for the all of the countries mentioned in this thread, we all know
> freedom is something you cannot take lightly. You can either be an unarmed
> "subject," or an armed "citizen" and take control of your own self
> protection.
>
> Steve Allison
>
>
>
'nuff said ;-]

--steve
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] mystery redirect

[steve pirk [egrep]]

On Fri, Jan 22, 2010 at 10:35, Larry Seltzer  wrote:

>  Nope. I’m on my own private wifi connected to Verzon FiOS
>
> That URL is a Juniper Netowrks VPN web client login page. Google ncui. I
use a similar setup to vpn into the office. Looks like someone turned on
gating on a server you were either connected to or got shifted to. You did
not have the credentials to pass the gate anymore [or ever probably] and
were redirected to to the login page.

I thought you might have taken over a session floating out in the ether, but
that was too way out there.

My gut feel is that you landed on a server that was gated, or had gating
enabled mid-session with you.

>
>
> Larry Seltzer
> Contributing Editor, PC Magazine
>
> larry_selt...@ziffdavis.com
>
> http://blogs.pcmag.com/securitywatch/
>
>
>
-- steve
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] fog of cyberwar

[steve pirk [egrep]]

On Fri, Jan 22, 2010 at 10:56, Rob, grandpa of Ryan, Trevor, Devon & Hannah
 wrote:

> Date sent:  Fri, 22 Jan 2010 16:45:03 +0100
> From:   Dan Kaminsky 
>
> > So which browser exactly is the secure one?
>
> Lynx
>
> telnet servername 80
GET / HTTP/1.1
Host: servername


Copy/paste the results into a text file and use text tool of you choice [the
more primitive the better ;-]

--steve
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] fog of cyberwar

[steve pirk [egrep]]

On Fri, Jan 22, 2010 at 15:36, Dan Kaminsky  wrote:

> On Fri, Jan 22, 2010 at 10:10 PM, steve pirk [egrep] 
> wrote:
> > On Fri, Jan 22, 2010 at 10:56, Rob, grandpa of Ryan, Trevor, Devon &
> Hannah
> >  wrote:
> >>
> >> Date sent:  Fri, 22 Jan 2010 16:45:03 +0100
> >> From:   Dan Kaminsky 
> >>
> >> > So which browser exactly is the secure one?
> >>
> >> Lynx
> >>
> > telnet servername 80
> > GET / HTTP/1.1
> > Host: servername
> > 
> > Copy/paste the results into a text file and use text tool of you choice
> [the
> > more primitive the better ;-]
>
> Yes, and this is vulnerable to command injection into your terminal.
>
> Anyway, I rest my case.
>

Ok, I was leaning towards more primitive than safe. Left the sec out of fun.
I will go back under the rock again... ;-]

--steve

-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] fog of cyberwar

[steve pirk [egrep]]

On Sun, Jan 24, 2010 at 18:26, phester  wrote:
>
>
> On Sun, 24 Jan 2010, Jason Lewis wrote:
>
> > Has anyone considered thatt they knew about the vuln and the govt
> > asked them to not fix it until it was public?
>
>
> When you are talking about multinational corporations, the question may
> be; Which government?
>
> http://news.bbc.co.uk/2/hi/business/2659857.stm


[quote]"The basic business decision that we decided to make here is that
Microsoft is willing to trust governments and willing to partner closely
with them," said Salah Dandan, the initiative's worldwide manager.[/quote]

This is "in response to competition with companies who offer "open source"
software..." The difference is that open source lets *everyone* see it.
Microsoft only trusts governments to see the source... and god forbid they
allow someone to  modify [fix] and redistribute it.

just my 2 cents worth... ;-]
-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Apple has a new toy

[steve pirk [egrep]]

On Fri, Jan 29, 2010 at 19:18, Rob, grandpa of Ryan, Trevor, Devon & Hannah
 wrote:

> Date sent:  Thu, 28 Jan 2010 16:28:11 -0500
> From:   Joel Esler 
>
> > Flash is dead.
>
> If only ...
>
> I had a discussion at work today with a bunch of developers, and the same
idea was presented "if on html5". Well, I ran across a twitter link that
caused me to really enjoy streaming movies again...

http://www.youtube.com/html5

So far, I am seeing pretty darn cool movies. I tested on an Acer 10"
netbook, 1.6GHz atom proc, 1GB ram, running chrome on Ubuntu. Just about the
worst case I can think of, 'cause flash kicks my cpu to %50 in just that one
chrome child. This little netbook does not even notice when streaming an
html5 movie on YouTube.

Give it a try, especially in chrome...

Maybe an alternative to flash is closer than we think?

-- steve
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Privacy Police Go Paranoid Against Google

[steve pirk [egrep]]

I buzzed the article. Excellent job Larry! Not that anyone will promote it
to the nightly news... ;-]

--steve
On Sun, Jun 13, 2010 at 11:26, Larry Seltzer  wrote:

>
> http://blogs.pcmag.com/securitywatch/2010/06/privacy_police_go_paranoid_aga.php
>
>
>
> (Yes, this is a little about driving traffic to my blog, but it’s also
> on-point for funsec.
>
>
>
> Why do people get so irrational about privacy issues?
>
> I've spoken to several people who have been involved with real software
> development (as I have) and we all find Google's explanation of the Street
> View Wifi data collection 
> incident<http://www.pcmag.com/article2/0,2817,2364904,00.asp?kc=PCRSS05079TX1K992>
>  perfectly plausible. I'll go further: The idea that they intended to
> collect Wifi payload data for this operation is highly implausible.
>
> ….
>

-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Viruses

[steve pirk [egrep]]

I search mail for "ted stuxnet" and came up blank, so maybe people have not
seen this one yet:

Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon
http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html

Oh, and if anyone wants a Google+ invite, ping me here or on gmail -
pirkster at gmail.
It is only available to gmail addresses at this time, Apps users and
business listing will come soon...

--steve

On Tue, Jul 19, 2011 at 13:47, Mouse  wrote:

> > [...]  This speaks to the idea that [cr]ackers/intruders/virus
> > writers are good at telling you how to protect your systems.
>
> > They aren't.
>
> One anecdote does not a statistical proclamation make.  I suspect that,
> statistically speaking, they _are_ better, though probably not by as
> much as many people assume.
>
> However, the high end of the non-cracker curve is definitely well above
> the low end of the cracker curve. :-)
>
> /~\ The ASCII Mouse
> \ / Ribbon Campaign
>  X  Against HTMLmo...@rodents-montreal.org
> / \ Email!   7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>



-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Now, nobody panic ...

[steve pirk [egrep]]

I searched every app I could find in the Android market for something like
this. In the Pacific Northwest, we were downwind of the initial explosion
;-]

I really thought the Nexus 1 would have the capability, but a little
research proved me wrong.

I need to post this on Google+. I am sure it will start a good debate...
(bad breath and body fat... lol)

Thanks Rob!
--steve

On Thu, Sep 22, 2011 at 10:52, Rob, grandpa of Ryan, Trevor, Devon & Hannah
 wrote:

> They are making a cell phone that measures radiation:
> http://www.bbc.co.uk/news/technology-15023061
>
> OK, panic if you want to.
>
> (Don't get the "nuclear fallout" alert mixed up with the "there are fat
> people
> nearby" sensor.)
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> It doesn't matter if the cup is half full or half empty.
> Whatever's inside it is evaporating either way.
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>



-- 
steve pirk
refiamerica.org
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Automated document clearance

[steve pirk [egrep]]

The article mentioned it would be available to anyone.

"Now it's available not just to government, but to anyone anywhere Adobe is
used."

You know people are going to tear into it.
On Oct 22, 2011 1:55 PM, "Rob, grandpa of Ryan, Trevor, Devon & Hannah"
 wrote:

> http://www.nextgov.com/nextgov/ng_20111021_6752.php
>
> Nothing could possibly go wrong with "an enhancement of Adobe's redaction
> toolbar,"now, could it?
>
> "Today, the intelligence community is using the tool on classified
> information."
>
> Well, on the bright side, nobody will have to bother with FOIA requests.
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
>Gordon, remember Emily Martin, 20020514
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] SOPA is only the first step ...

[steve pirk [egrep]]

That story makes me want to puke.
On Jan 19, 2012 7:30 PM, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <
rmsl...@shaw.ca> wrote:

> http://thenextweb.com/me/2012/01/19/death-sentence-for-iranian-programmer-
> accused-of-developing-software-used-by-porn-sites/
>
> ==  (quote inserted randomly by Pegasus Mailer)
> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> We have met the enemy and he is us.   - Walt Kelly 1913-1973
> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://twitter.com/rslade
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] [Full-disclosure] Key Internet operator VeriSign hit by hackers [DNS]

[steve pirk [egrep]]

On Thu, Feb 2, 2012 at 20:15, Jeffrey Walton  wrote:

> On Thu, Feb 2, 2012 at 11:10 PM, Kyle Creyts 
> wrote:
> > "Management was informed of the incident in September 2011" pg 33, sect 2
> As I said: Alarming.
>

> Further, there is no mention of risk potential for the SSL business
> whatsoever, despite numerous mentions of risk factors for the Registry
> Services business, not related to this attack.
I was born at night, but not last night.

Well, Verisign did offload the SSL business to Symantec in August 2010, so
that makes me think something happened.
That was also around the time the Chinese (theoretically) hacked all those
gmail accounts. I think it was later discovered that some sites had not
processed CRLs correctly and still had old revoked certs for companies like
Google.

I am not saying any of the above is/was probable, but it sure is
coincidental.

If I find any incorrect statements above, I will fix them. I need to do
some searching.
-- 
steve pirk
yensid
"father... the sleeper has awakened..." paul atreides - dune
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Words to spy by ...

[steve pirk [egrep]]

I see a meme developing... people flooding public streams like Twitter and
Google+ with random paragraphs like Rob's above...  system crashes a day or
two later...
This could be fun!
;D

On Tue, May 29, 2012 at 1:10 PM, Kyle Creyts  wrote:

> Somebody really obviously has their knickers in a bunch over some FUD
> again. This seems like a terribly overblown article making wild
> accusations about what is really obviously a situational awareness
> tool, not a system to track specific individuals. You don't put words
> like "tornado" on a list of words to seek for spying on individuals.
>
> On Tue, May 29, 2012 at 3:04 PM, Rob, grandpa of Ryan, Trevor, Devon &
> Hannah  wrote:
> >>
> http://www.dailymail.co.uk/news/article-2150281/REVEALED-Hundreds-words-avoid-
> >> us ing-online-dont-want-government-spying-you.html
> >
> > This wasn't "smart."  Obviously some "pork" barrel project dreamed up by
> the DHS
> > "authorities" "team" ("Hail" to them!) who are now "sick"ly sorry they
> looked
> > into "cloud" computing "response."  They are going to learn more than
> they ever
> > wanted to know about "exercise" fanatics going through the "drill."
> >
> > Hopefully this message won't "spillover" and "crash" their "collapse"d
> parsing
> > app, possibly "strain"ing a data "leak."  You can probably "plot" the
> failures
> > at the NSA as the terms "flood" in.  They should have asked us for
> "help," or at
> > least "aid."
> >
> > Excuse, me, according to the time on my "watch," I have to leave off
> working on
> > this message, "wave" bye-bye, and get some "gas" in the car, and then
> get a
> > "Subway" for the "nuclear" family's dinner.  Afterwards, we're playing
> > "Twister"!
> >
> > ("Dedicated denial of service"?  Really?)
> >
> >
> > ==  (quote inserted randomly by Pegasus Mailer)
> > rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> > Every act of communication is an act of translation - G. Rabassa
> > victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> > http://blogs.securiteam.com/index.php/archives/author/p1/
> > http://twitter.com/rslade
> > ___
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
>
>
>
> --
> Kyle Creyts
>
> Information Assurance Professional
> BSidesDetroit Organizer
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>



-- 
steve pirk
yensid
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09 - Google+ pirk.com
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Re: [funsec] Words to spy by ...

[steve pirk [egrep]]

I really do not consider the NSA's Utah Data Center FUD, and I doubt that
this list is limited to Homeland Security. I figure if they are going to
try and read everything, then give them tons of junk to read.

I'll see Rob's comments and raise him one. I think I will add a paragraph
similar to one of his to my G+ profile. That gets indexed by Google every
day at least. Pretty soon they might need another one of these data
centers. hahahaha
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1

Oh, I switched over to using my gmail account for funsec, so I am going to
remove this apps account from the list. Same me, different profile pic.

--steve
On Tue, May 29, 2012 at 1:10 PM, Kyle Creyts  wrote:

> Somebody really obviously has their knickers in a bunch over some FUD
> again. This seems like a terribly overblown article making wild
> accusations about what is really obviously a situational awareness
> tool, not a system to track specific individuals. You don't put words
> like "tornado" on a list of words to seek for spying on individuals.
>
> On Tue, May 29, 2012 at 3:04 PM, Rob, grandpa of Ryan, Trevor, Devon &
> Hannah  wrote:
> >>
> http://www.dailymail.co.uk/news/article-2150281/REVEALED-Hundreds-words-avoid-
> >> us ing-online-dont-want-government-spying-you.html
> >
> > This wasn't "smart."  Obviously some "pork" barrel project dreamed up by
> the DHS
> > "authorities" "team" ("Hail" to them!) who are now "sick"ly sorry they
> looked
> > into "cloud" computing "response."  They are going to learn more than
> they ever
> > wanted to know about "exercise" fanatics going through the "drill."
> >
> > Hopefully this message won't "spillover" and "crash" their "collapse"d
> parsing
> > app, possibly "strain"ing a data "leak."  You can probably "plot" the
> failures
> > at the NSA as the terms "flood" in.  They should have asked us for
> "help," or at
> > least "aid."
> >
> > Excuse, me, according to the time on my "watch," I have to leave off
> working on
> > this message, "wave" bye-bye, and get some "gas" in the car, and then
> get a
> > "Subway" for the "nuclear" family's dinner.  Afterwards, we're playing
> > "Twister"!
> >
> > ("Dedicated denial of service"?  Really?)
> >
> >
> > ==  (quote inserted randomly by Pegasus Mailer)
> > rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org
> > Every act of communication is an act of translation - G. Rabassa
> > victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
> > http://blogs.securiteam.com/index.php/archives/author/p1/
> > http://twitter.com/rslade
> > ___
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
>
>
>
> --
> Kyle Creyts
>
> Information Assurance Professional
> BSidesDetroit Organizer
> ___
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>



-- 
steve pirk
yensid
"father... the sleeper has awakened..." paul atreides - dune
kexp.org member august '09 - Google+ pirk.com
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.