Out with #2 Son, who is also one of a kind.
- Posted using BlogPress from my iPhone
A top secret National Security Agency program allows analysts to search with no prior authorization through vast databases containing emails, online chats and the browsing histories of millions of individuals, according to documents provided by whistleblower Edward Snowden.[emphasis mine] This looks to directly contradict his statement today (which I live blogged):
The NSA boasts in training materials that the program, called XKeyscore, is its "widest-reaching" system for developing intelligence from the internet.
XKeyscore, the documents boast, is the NSA's "widest reaching" system developing intelligence from computer networks – what the agency calls Digital Network Intelligence (DNI). One presentation claims the program covers "nearly everything a typical user does on the internet", including the content of emails, websites visited and searches, as well as their metadata.
Analysts can also use XKeyscore and other NSA systems to obtain ongoing "real-time" interception of an individual's internet activity.
0950 - Talking about technical controls, he points out that he can't intercept his daughter's email. People laugh, but it's the same auditability problem.Remember, these are the NSA training documents for the query system that contradict the Director of the NSA. It appears that Gen. Alexander is either unaware of what his Agency is doing or is willfully mus-representing what his Agency does to the American public. Color me unimpressed.
A team of university students have demonstrated that it is possible to subvert global positioning system navigation signals to pilot a superyacht without tripping alarms.Of course, you should always have charts and a compass (and know how to use them) when you're on a boat. But 3° isn't much, and might be hard to detect by eye until you were pretty far off course. Just for perspective, the original Longitude Prize called for accuracy not to within 3°, but to within 3 minutes of longitude. 3° is a lot.
The experiment was conducted in June this year, with the permission of the owners of a 65-metre (213ft) superyacht worth US$80 million (A$87 million), the White Rose that sailed from Monaco to the island of Rhodes in the Mediterranean.
A team of mechanics students from the Cockrell School of Engineering at the University of Texas in Austin were on board the White Rose, with the experiment taking place some 50 kilometres off the coast of Italy in international waters.
Faint GPS signals were broadcast by the students from a spoofing device the size of a briefcase, aimed at the positioning system aerials of the ship. The authentic GPS signals were slowly overpowered by those transmitted from the spoofing device, after which the students had gained control over the yacht's navigational system.
Once in control, the students were able to shift the ship onto a new course, three degrees off the original one. As the navigational system reported location discrepancies and the crew initiated corrections, the White Rose deviated further from its original course.
So what's the cause? Volkswagen seems to think that a lawyer can stop the Internet. The researchers point out that (a) their paper did not include the information that Bad Guys would need to do a hack, and (b) the information can be found on the Internet anyway, if you look. So what does this all mean? The auto manufacturers seem to be in the same level of awareness as the KTVU TV station that is trying (and trying, and trying) to get their video taken down from Youtube.A High Court judge has blocked three security researchers from publishing details of how to crack a car immobilisation system.German car maker Volkswagen and French defence group Thales obtained the interim ruling after arguing that the information could be used by criminals.The technology is used by several car manufacturers.The academics had planned to present the information at a conference in August.
He did it! No he did! Uh huh! Nuh uh!"The researchers informed the chipmaker nine months before the intended publication - November 2012 - so that measures could be taken. The Dutch government considers six months to be a reasonable notification period for responsible disclosure. The researchers have insisted from the start that the chipmaker inform its own clients."Neither VW nor Thales was able to provide comment.
Microsoft appears to have asked Google to remove some microsoft.com pages from Google's search engine.I'd mock them, but I think this came auto-mocked.
TorrentFreak reportsthat LeakID, an organisation that provides services such as “Monitoring illegal links and sources” and “Send automated takedown notices to ISPs hosting infringing links and websites”, has sent Google a notice to stop indexing some pages on Microsoft's site because they infringe Microsoft's copyright.
The leaked takedown request, visible here makes for chucklesome reading, as the pages Microsoft requests be removed are entirely innocuous affairs like this description of Office 2010 Service Pack 1.
How does this sort of thing factor into newspaper staffs being slashed? Well, let’s put it like this: if some newspaper hack wanted to see you imprisoned or executed for political advocacy he didn’t agree with, would you take that, let alone pay for the privilege? I sure as hell wouldn’t. If I were a small business owner in a town in whose newspaper this column ran, I would have been on the phone to cancel my advertising so fast it’d make the heads of everyone in the building spin, not just the ad reps.It's a vicious circle - a lefty slant drives away non-lefties, which drives away advertisers interested in reaching non-lefties, which leads to staff cuts and a sense of being under siege, which leads to more lefty "reporting" out of a bruised sense of what justice should be (according to the leftie reporters, that is).
Yesterday I received the NSA award for the Best Scientific Cybersecurity Paper of 2012 for my IEEE Oakland paper “The science of guessing.”J'accuse, security bitches. Gen. Clapper (head NSA honcho) will be keynoting the Black Hat conference. I plan to sit in on this and report to all y'all on what he says. I'm prepared to be unimpressed, but we shall see.
On a personal note, I’d be remiss not to mention my conflicted feelings about winning the award given what we know about the NSA’s widespread collection of private communications and what remains unknown about oversight over the agency’s operations. Like many in the community of cryptographers and security engineers, I’m sad that we haven’t better informed the public about the inherent dangers and questionable utility of mass surveillance. And like many American citizens I’m ashamed we’ve let our politicians sneak the country down this path.
One thumbnail sized piece of ginger root, peeledProcedure:
Decent, inexpensive Bourbon Whiskey. I think that W. L. Weller is a great price/performance leader for inexpensive-n-good bourbon, It's around $12/fifth in these parts.
Roughly chop the ginger root, and then crush in a mortar and pestle. If you don't have one of these, you can take a (clean) brick from your yard and whale on it until it's, well, crushedSwirl to combine. Let sit 5 minutes to steep, and serve to a skeptical but soon-to-be-adoring public.
Fill an Old Fashioned glass (half height cocktail glass) with ice
Toss in the ginger root mush and shards
Fill with an ounce and a half of your bourbon
Well I drove the truck from New York all the way to San Antone
And it's a mighty long haul when you're all alone
But I like drivin' trucks and I make my livin' this way
Well I'm a truck drivin' fool and that's how I'm a gonna stay
I like to hear that diesel as it keeps on a hummin' along
I'm a shiftin' these gears and I'm singin' myself a song
Well I see a lotta country as I go on my way
Yeah I'm a truck drivin' fool and that's how I'm gonna stay
Yeah I'm a truck drivin' fool and trucks have got the best of me
I guess I'll never settle down cause I couldn't stay you see
Cause when I'm drivin' that truck I'm like a schoolboy out to play
Yeah I'm a truck drivin' fool and that's how I'm gonna stay
Once I started to marry a gal in a little country town
But she didn't like my truck so way went around and around
She tried to affect me and that's where she went astray
Cause I'm a truck drivin' fool and that's how I'm gonna stay
I'm a truck drivin' fool and that's how I'm gonna stay
Earlier this month, The New Republic posted an article by Stanford law professor Richard Thompson Ford on the Zimmerman trial. As noted by my co-blogger David Bernstein and Michelle Meyer at The Faculty Lounge, this article included some factual inaccuracies. Most notably, the article (as originally published) contained the following sentence:The New Republic has finally (on the second try, presumably because of high profile public shaming) corrected the story.
. . . Zimmerman was an edgy basket case with a gun who had called 911 46 times in 15 months, once to report the suspicious activities of a seven year old black boy. (emphasis in original)As written, this sentence contained three errors: 1) the 46 calls were not all to 911, some were to a non-emergency police number, 2) the calls were made over several years, not 15 months, and 3) Zimmerman called the police to report that a young boy was unattended by an adult and was concerned for the boy’s safety, not to report that the child was engaged in “suspicious activities.”
The New Republic has corrected Richard Thompson Ford’s Zimmerman piece:So just like with 911 - when seconds count, the Police are minutes away - the "if you see something suspicious, report it" will only be used against you. It sure looks like there's very little upside, and a whole lot of downside there.
This article has been corrected. Zimmerman called various law enforcement officials 46 times, not just 911, as originally stated. He made the calls over an eight-year period, not over the course of 15 months, as originally stated. The original sentence also cited a call Zimmerman made about a seven-year-old boy; the clause has been removed as it implied that Zimmerman was reporting suspicious activity. It appears that Zimmerman made the call out of concern. We regret the errors.You can see the list of Zimmerman’s calls here, and it hardly suggests he was an “edgy basket case with a gun,” as the piece still asserts. And of course, there’s the glaring error of treating Zimmerman – who would count as a “diversity hire” at any law school in America — as an honorary “white” for purposes of raising the race issue
Not only is Mrs. Doubletrouble bringing the Climate Change blogging, but she's bringing a pointer to The Register, one of my daily reads (when I'm not too busy, like I am now). El Reg should be a stop for you, as they blog frequently and excellently on the whole hockey stick schtick.Three academics have written an opinion piece in hefty boffinry mag Nature, saying that humanity must reduce carbon emissions hugely or methane belching from the Arctic seabed will do $60 trillion of economic damage. But the latest research suggests that Arctic methane emissions are nothing to do with rising temperatures.Gail Whiteman (professor of "sustainability, management and climate change"), Chris Hope (an economist) and Peter Wadhams (an oceanologist) present their arguments in the Comment section of Nature, here (pdf). They start off by suggesting that disappearing ice and warmer seas in the Arctic (caused by human carbon emissions, they say) are already causing methane emissions, and that further warming - with associated ice loss - will see these emissions increase hugely.
“National security is of paramount importance, yet the NSA’s dragnet collection of Americans’ phone records violates innocent Americans’ privacy rights and should not continue as its exists today,” Sen. Mark Udall (D-Colo.) said after the vote.And so to the NSA's "victory". The Tea Party saw it's legions joined by Democratic allies, and almost succeeded in defunding the surveillance beast. So riddle me this, Secret Agent Man, what is to stop them from pushing this front and center as John Boehner plays chicken with the debt ceiling. You want our votes, you give us this vote. We'll get Democrats to pass the defunding.
There is nothing in the PATRIOT Act that limits this sweeping bulk collection to phone records. The government can use the PATRIOT Act's business records authority to collect, collate and retain all sorts of sensitive information, including medical records, financial records, or credit card purchases.They could use this authority to develop a database of gun owners or readers of books and magazines deemed subversive. This means that the government's authority to collect information on law-abiding American citizens is essentially limitless. If it is a record held by a business, membership organization, doctor, or school, or any other third party, it could be subject to bulk collection under the PATRIOT Act.[emphasis mine]
RTWT.In our filing with the Supreme Court, the Electronic Privacy Information Center asked a simple question that we hope the Court will answer: Is it legal for the government to collect so much information about so many people suspected of no threat to national security?According to the law -- section 215 of the Patriot Act -- the government is only allowed to obtain such information if it is "relevant" to an "authorized investigation" and if its use is for very narrow purposes. How could it possibly be that all of the customers of Verizon could be subject to an authorized investigation of the U.S. government?
It's the moment malware writers worldwide have been waiting ages for: millions of royal-watchers at home and at work will be in front of their computers, hunting for the first pictures of the soon-to-be-born third heir to the throne.No comment on whether people waiting breathlessly for news of the heir to the house of Windsor are more gullible:
The Duchess of Cambridge's labour has started, it was confirmed this morning. Any baby (whatever its sex) will be third in line to become the Britain's king or queen following recent changes in UK law.
And as with many a popular story - be it a natural disaster or celebrity death - malware-flingers have long been gestating plenty of scams and malware which they are more than ready to deliver.
"Malware authors worldwide have been waiting ages for this," according to anti-malware veteran turned independent security blogger Graham Cluley.
Let's all be careful out there.
Washington, D.C. (SatireWire.com) — With yet another email virus spreading across the globe, 41 U.S. states and six European countries today announced that the act of creating an attachment-based computer virus will now be considered a hate crime because it intentionally targets stupid people.
Hate crime victim Bob Fnork (center) is stunned to discover he has just opened another infected attachment.
"In a hate crime, the offender is motivated by the victim's personal characteristics, and in the case of email viruses, the maker is clearly singling out those who open email attachments when they've been told a thousand times not to," said California Attorney General Bill Lockyer. "Like any other segment of the population, people of stupidity need protection from bias."
France, meanwhile, said it would not prosecute anyone willing to write a virus in French.
But in London, the British Civil Idiots Union applauded the move, arguing that virus-based hate crimes cause victims to suffer psychological harm. "Every time we pass on one of these emails, our self-esteem is shattered when we are forced to publicize our condition," said CIU President Michael Overly. "It's always a shock to my system every time I have to write, "Hey everybody, if you get an email attachment from me, don't open it! I just found out my computer got infected by a virus! Sorry!"
The surprise (when I plotted the source data myself rather than use NCDC’s tool) was how flat it was in the dust bowl heat of the 1930s. I know that on the NWS NYC web site, they have archived raw monthly means back well into the 1800s. So I downloaded that and compared.I don't know of any scientific field where it is not just considered acceptable, but considered normal to change the data after it has been recorded. This is perhaps the strongest argument against paying any attention to what climate scientists say.
It was dramatically cooler in the NCDC v2.5 than the original data. This plot shows the differences between the original recorded temperature data at Central Park and the final adjusted data that NCDC presents to the public:
As is clearly evident, adjustments made the dust bowl period cooler, while post 1995 had no adjustments applied. This results in a temperature trend that is steeper because the past is cooler than the present. The only problem is that it isn’t what the data actually recorded then.
I was grocery shopping at WalMart yesterday and I couldn't find any Velveeta* "Pasteurized Prepared Cheese Product" (Made with real milk protein concentrate!)Heh. And I'd like him to post his queso recipe, but that's just me.
I'm not shitting you. Go read that sentence again.
There I was, in a WalMart, in Alabama, and I couldn't find Velveeta...
WTF is the world coming to?
* Don't judge me, bitches. It makes a great Queso dip.
|You don't need office buildings when all the businesses head to friendlier locales.|
|I think this used to be a theater.|
|Here's the Church, here's the steeple. Open the doors, where're all the people?|
|A tree grows in |
books are still there on the shelves. I expect ancient Rome looked like this once.
|Was this once a school?|
|Someone went to some effort to upend that piano.|
|In this decayed hole among the mountains|
|In the faint moonlight, the grass is singing|
|Over the tumbled graves, about the chapel|
|There is the empty chapel, only the wind’s home.|
|It has no windows, and the door swings,|
|Dry bones can harm no one.|
|Image via Wikipedia|
|Image via Wikipedia|
I was born in Saginaw, Michigan.
I grew up in a house on Saginaw Bay.
My dad was a poor hard working Saginaw fisherman:
Too many times he came home with too little pay.
I loved a girl in Saginaw, Michigan.
The daughter of a wealthy, wealthy man.
But he called me: "That son of a Saginaw fisherman."
And not good enough to claim his daughter's hand.
Now I'm up here in Alaska looking around for gold.
Like a crazy fool I'm a digging in this frozen ground, so cold.
But with each new day I pray I'll strike it rich and then,
I'll go back home and claim my love in Saginaw, Michigan.
I wrote my love in Saginaw, Michigan.
I said: "Honey, I'm a coming home, please wait for me.
"And you can tell your dad, I'm coming back a richer man
"I've hit the biggest strike in Klondyke history."
Her dad met me in Saginaw, Michigan.
He gave me a great big party with champagne.
Then he said: "Son, you're wise, young ambitious man.
"Will you sell your father-in-law your Klondyke claim?"
Now he's up there in Alaska digging in the cold, cold ground.
The greedy fool is a looking for the gold I never found.
It serves him right and no-one here is missing him.
Least of all the newly-weds of Saginaw, Michigan.
We're the happiest man and wife in Saginaw, Michigan.
He's ashamed to show his face in Saginaw, Michigan.
Normally, Daniel Bangert's Facebook posts tend to be of the serious variety. The 28-year-old includes news items and other bits of interest he encounters throughout the day. "I rarely post funny pictures," he says.
Recently, though, he decided to liven up his page with something a bit more amusing -- and decided to focus on the scandal surrounding the vast Internet surveillance perpetrated by the US intelligence service NSA. He invited his friends on an excursion to the top secret US facility known as the Dagger Complex in Griesheim, where Bangert is from.
Bangert's doorbell rang at almost the exact same time. The police on the telephone told him to talk with the officers outside of his door. Bangert quickly put on a T-shirt -- which had a picture of NSA whistleblower Edward Snowden on it along with the words "Team Edward" -- and answered the door. His neighbor was outside too so as not to miss the fun.
The police wanted to know more about what exactly Bangert had in mind. "I couldn't believe it. I thought: What? They are coming for such nonsense?"
The officers, says Bangert, were unimpressed and called him a "smart aleck," before hinting strongly that he should obtain a demonstration permit before he embarked on his outing. They then told Bangert not to post anything about their visit on the web.Good idea there, Fritz. Seems foolproof. Oh, wait ...
The police spokeswoman sought to play down the incident.Because playing it up would be bad, mkay? No wonder they lost The War.
|Image via Wikipedia|
This is one of my bucket list items.Tank Town USA is the ultimate heavy equipment playground and the #1 thing to do in Blue Ridge, GA...and possibly the world! Whether you want to drive a military tank, military trucks or construction equipment, Tank Town USA has it all.Our team of professional instructors will put you in the drivers seat as you navigate our 5 acre course designed to let you test what these vehicles can do! It's a fun, fast paced, and exciting adventure for all ages.
A four-year-old Android bug could be used to plant malware on 99 per cent of Android devices on the market, according to security researchers.You see what's coming next, don't you?
Bluebox Security CTO Jeff Forristal said the vulnerability in Android’s security model creates a means for hackers to modify an Android app's APK code without breaking its cryptographic signature.
This means that any legitimate application - even those afforded elevated privileges by the device manufacturer - could be turned into a malicious Trojan before being offered for download. The difference between the two would not be readily detectable by either the smartphone or the app store - much less an end user.
Google Play alert: An information security researcher has spotted two apps that use the master key vulnerability that's present in an estimated 99% of all Android devices. But rather than being distributed by sketchy third-party app stores, which are known for harboring malicious apps that have been disguised as free versions of the real thing, these two apps are available directly from the official Google Play app store.Doesn't take long for something this big to get out in the wild. And now there's a second vulnerability that the Bad Guys can play with:
Fortunately, the apps don't appear to be malicious. But the presence of the free apps -- Rose Wedding Cake Game and Pirates Island Mahjong Free, which have been downloaded by between 15,000 and 60,000 people -- on the Google Play site calls into question whether Google is now scanning for apps that abuse the so-called master key vulnerability that was discovered by Bluebox Labs in February and detailed by Android hackers earlier this month
Hot on the heels of the so-called "master key" hole in Android comes what Chinese Android researchers are calling "a similar vulnerability."Pretty heavy duty geekery there.
They've definitely found a bug, and an another embarrassing one for Google's coders, too.
Jon Oberheide, CTO of Duo Security, told El Reg that ReKey provided notification of attempted attacks featuring dodgy APKs as well as blocking the Bluebox master key and similar malware padding attacks.Quite frankly, the whole situation shows that the Android security model is a train wreck. I can't in good conscience recommend that anyone use Android until the patch distribution process gets under control.
"Since ReKey only patches in-memory (and then re-patches upon boot of the device), it is non-destructive and makes no permanent changes to the user's device. When the official patch is delivered to the device, it can interoperate peacefully."
The ReKey app was released on Tuesday and is available to download at rekey.io as well as through the Google Play Store.
A blog post by Duo Security with more context and technical information about ReKey can be found here.
"The security of Android devices worldwide is paralysed by the slow patching practices of mobile carriers and other parties in the Android ecosystem," Oberheide concluded.